News and Updates

GDPR and What Comes Next: The Parade of Horribles

Domain industry news - Fri, 2018-02-23 22:31

The compliance deadline for the European Union's General Data Protection Regulation (GDPR) is nearly upon us, the unveiling of a proposed model to bring WHOIS into compliance is said to come from ICANN next week, and everyone is scrambling to understand all that's involved. Implementation of a revised WHOIS model is clearly on the horizon, but what comes after may be the real story! Specifically, if WHOIS information becomes more than nominally restricted, what's the consequence to the data controllers (ICANN and the contracted parties) who implement this revised model?

WHOIS and Critical Tasks

WHOIS is critical for:

  • Informing buyers/sellers/brokers of domain names about the soundness of ownership and transparency into the parties to a transaction;
  • Helping law enforcement and other authorities investigate and resolve criminal activity, and predict the growth or migration of that activity across the DNS;
  • Enabling brand owners and other IP rights holders to protect and defend their marks and assets; and
  • Helping security experts quickly and effectively deal with and identify patterns for the spread of malware, botnets, spam and other abusive behavior in the DNS.

These are but a few examples and, while WHOIS may seem like an "aside" to the critical role domain names play on the Internet, this underlying ownership data is crucial to many functions that keep the domain name system secure and stable.

Curtailing WHOIS - Where will the Data Come From?

I understand that some registrars and registries have embraced — and even started engineering for — a compliance model very similar to ICANN's Model 3, a system the European Commission itself says is probably too restrictive. If a system that obstructive is embraced, data may go away, but the need for that data to perform critical tasks does not. As one industry observer put it:

What the European Data Protection authorities have not yet put together is that the protection of people's mental integrity on the Internet is not solely due to the action of law enforcement, but a cast of others (anti-spam/abuse initiates, DDoS mitigation, etc.) who are not law enforcement but do rely upon visibility into the DNS Whois to perform their services.

Significantly, respected security researcher Brian Krebs also made note of weakening security:

For my part, I can say without hesitation that few resources are as critical to what I do here...than the data available in the public WHOIS records. WHOIS records are incredibly useful signposts for tracking cybercrime, and they frequently allow KrebsOnSecurity to break important stories about the connections between and identities behind various cybercriminal operations and the individuals/networks actively supporting or enabling those activities.

So what happens next? Contracted parties have more than a small stake in the answer to that. Why? Because they're the caretakers of WHOIS data, and in a world of curtailed WHOIS, the data necessary to critical tasks has to come from somewhere, and be brought to light somehow.

Let's take IP rights enforcement. Say, conservatively, there are 1,000 queries a day (via port 43) to a registrar's WHOIS. Now say, again conservatively, that 1% of those queries yields actionable information. The registrar, today, is off the hook, for the most part. The infringed-upon party usually pursues the matter and goes after ten "bad guys."

In a restricted scenario, perhaps the registrar is now looking at 10 subpoenas for the previously publicly available data. But now assume a larger registrar gets one million queries a day. That 1% becomes 10,000 potential court actions to sort out. And that's BEFORE the community arrives at a layered/gated model, with access offered to accredited third parties (potential mitigations that appear to be months away). I can't imagine a registrar as large as GoDaddy or the Web.com family wants to deal with 10 court-sourced actions, never mind 10,000 or more — on a weekly or daily basis. Contracted parties need to very carefully consider these operational impacts when contemplating which models to implement or push for with ICANN ... as should ICANN.

Other Operational Impacts

A flood of legal service might not capture the whole picture.

  • A restrictive WHOIS means the bad guys can hide more easily, and for longer. Registry zone files could clutter up with bad actors, and registrars may have customers in the house they don't want.
  • Query rates directly to the registrar community will squeeze upstream — especially under some of the layered/gated models being considered.
  • There will be damage to brands, financial institutions, secure sites, and others that rely on the security community to quickly mobilize against bad actors or even anticipate their moves.
  • External entities will be forced to use "blunter" instruments to protect users and consumers, and to pursue bad actors. Perhaps even by black-listing specific registrars or top-level domains.

Accuracy - the Other Liability Not being Considered

After GDPR models are implemented, now hiding behind a "gate" will be a database full of inaccurate or false information. We know this because today it is reported that even in Europe, less than half of WHOIS records contain data that meet operability standards. The European Commission's recently released technical input on ICANN's proposed GDPR-compliant WHOIS models underscored the GDPR's "Accuracy" principle — making clear that reasonable steps should be taken to ensure the accuracy of any personal data obtained for WHOIS databases and that ICANN should be sure to incorporate this requirement in whatever model it adopts.

Many registry and registrar operators may be tempted to say, "So what? It's what the registrant gave us and that's where our obligation ends." But the European Commission official who spoke during the February 22, 2018 discussion hosted by the BC and IPC indicated that controllers are responsible for the data quality under GDPR, and that inaccurate WHOIS data can be the basis of GDPR-based claims by data subjects and other recipients of inaccurate data. This certainly increases the risk to GDPR compliance and begs the question why ICANN wouldn't ensure that contracted parties implement processes to validate and verify the contact information they allow into the WHOIS database.

Getting it Right

After months of discussion, review of countless documents and proposals, and many meetings, I'm still left feeling that we're heading down a path that could result in a system with fewer benefits for all stakeholders and that we're missing an opportunity to properly resolve a decades-old debate.

ICANN should move quickly to consult with all stakeholders to address critical elements of the resulting model, including e-mail address inclusion, verification for accuracy, bulk WHOIS access, and proper scoping. That model must include access to data for security and end-user protection--the latter cannot be imposed retroactively.

This is a critical move, before unintended consequences start to arrive.

Written by Fabricio Vayra, Partner at Perkins Coie LLP

Follow CircleID on Twitter

More under: Domain Management, Domain Names, ICANN, Internet Governance, Policy & Regulation, Whois

Categories: News and Updates

Analyzing startup domain names

Domain Name Wire - Fri, 2018-02-23 17:35

What MassChallenge’s first Texas class reveals about domain name usage.

Startup accelerator MassChallenge has announced the inaugural class of 84 startups for its Texas accelerator. The companies are in a number of industries, so I thought it would be interesting to see what types of domains the companies are using.

67 of the companies in the announcement are linked to websites. Here’s the breakdown of domains they use:

.COM 56
.ORG 2
.CO 2
.NET 2
.US 1
.ME 1
.AI 1
.MEDIA 1
.CA 1

84% of the companies use .com domain names.

Let’s look at some of the companies that don’t use a .com:

FastVisa.us – the .us domain makes sense because the company helps people with U.S. immigration.

NextPlay.ai – an enterprise Artificial Intelligence startup.

Open.media – the company’s name is Open Media. OpenMedia.com has been registered since 1995.


© DomainNameWire.com 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Yep, it’s 21st Century Fox
  2. Google nixing domain names in mobile search
  3. Company bringing multi-level marketing to domain names
Categories: News and Updates

Some domain name thoughts for your weekend

Domain Name Wire - Fri, 2018-02-23 15:07

Here are a few domain-related notes as you head into your weekend…

I sold my second new top level domain this week. I didn’t get rich. Just $1,150. I stayed away from domains with heavy premiums and focused a lot on the generic top level domain endings. I think the most generic TLDs are the toughest to sell because there’s so much competition. Is there anything that really sets apart .online, .click, and .xyz? How can I hold out for more money for a decent .click domain when someone can just choose the same second-level domain in another generic extension?

The domain I sold was a .cloud, and that means that both of my sales to date have been .cloud domains. That’s not bad considering I purchased about 10 .cloud domains. What made .cloud appealing was low annual costs, decent domains that didn’t have premiums, and a valuable subject matter.

…I went to Vegas last week for the third time this year. This one was for pleasure, and it’s the first time I’ve been to Las Vegas for something that wasn’t work-related. My family wanted to see the decorations for Chinese New Year and catch a cirque du soleil show. The highlight of the trip was hiking in Red Rock Canyon. Those are the mountains you see to the West of the city. It’s incredibly scenic. If you’re looking for something active to do next year before or after NamesCon, I recommend spending a day there. It’s only a 30-minute drive from The Strip.

Also, I saw one .Vegas domain while I was in the city. It was on the screen of a taxi meter.

…A marketplace owner told me January and February are the best months in terms of sales. Perhaps people have goals for the year that include starting a business. I’ve had a bunch more inquiries these first two months than normal and a handful of sales. I usually find December to also be a good month, but December 2017 was slower than usual for me.

…I’ve recorded a few great podcast interviews this week that will be published in coming weeks. Stay tuned!


© DomainNameWire.com 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Amazon.com foreshadows AWS re:Invent news with domain name registrations
  2. .Cloud hits general availability on Tuesday
  3. .Cloud finishes a strong debut week
Categories: News and Updates

2018 Global NGO Technology Report Reveals How Non-Profits Use Modern Tech to Reach Their Goals

DN Journal - Thu, 2018-02-22 23:23
PIR, the operator of the .org, .ngo and .ong top level domains, and Nonprofit Tech for Good have released their 2018 Global NGO Technology Report.
Categories: News and Updates

U.S. Government Officials Raise Concerns Over Intel's Long Delay Informing Government on Chip Flaws

Domain industry news - Thu, 2018-02-22 21:23

Latest reports suggest Intel Corporation did not inform U.S. cyber security officials about the so-called Meltdown and Spectre chip security flaws until they were leaked to the public six months after Intel was notified about the problem. Stephen Nellis reporting in Reuters: "Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications. Intel said it did not think the flaws needed to be shared with U.S. authorities as hackers had not exploited the vulnerabilities." Details of when the chip flaws were disclosed were detailed in letters sent by Intel, Alphabet and Apple Inc on Thursday in response to questions from Oregon Republican Representative.

Follow CircleID on Twitter

More under: Cybersecurity

Categories: News and Updates

SEC Reinforces and Expands Its Cybersecurity Guidance for Public Companies

Domain industry news - Thu, 2018-02-22 20:02

The Securities and Exchange Commission has issued an updated guidance for public companies in preparing disclosures about cybersecurity risks and incidents. SEC Chairman Jay Clayton said: "The guidance highlights the disclosure requirements under the federal securities laws that public operating companies must pay particular attention to when considering their disclosure obligations with respect to cybersecurity risks and incidents. It also addresses the importance of policies and procedures related to disclosure controls and procedures, insider trading, and selective disclosures. ... I believe that providing the Commission’s views on these matters will promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting in more complete information being available to investors." SEC voted unanimously to approve the guidance on Tuesday according to the released statement.

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, Policy & Regulation

Categories: News and Updates

23 end user domain name sales up to $50,000

Domain Name Wire - Thu, 2018-02-22 17:52

A video production company, concierge service and real estate firm bought domain names over the past week.

As usual, many of the end users that bought domain names at Sedo over the past week were companies that already own a matching second level domain in a different extension. That’s the case for the top sale of VideoDesign.com for $50,000 as well as many others.

Perhaps the most notable thing about this week’s list is a lack of cryptocurrency companies making purchases.

Here are the end user domain name sales I uncovered:

(You can view previous lists like this here.)

VideoDesign.com $50,000 – Videodesign is a video production company that uses the domain name Videodesign.ch.

BreakBread.com $22,000 – Andrew Rosener sold the domain but I’m not willing to watch the 47-minute video to figure out who he sold it to. Anyone?

Robotics.ai $12,000 – Food Technologies Limited, which owns a food tech patent (pdf). I’m not sure what its interest is in this domain.

HausMAN.com $11,250 – MAN Holding s.a.l. is a construction company in Lebanon.

Proshop.ch, Proshop.fr, Proshop.it (€7,500, €6,000, €10,000) – Proshop ApS, an online technology seller that owns the Proshop domain in many ccTLDs.

Medterra.com $10,000 – Medterra is a hemp product brand.

APMA.com $10,000 – Amore Pacific is a skincare company.

Conciergerie.fr €7,500 – Bien-Etre Assistance is a French firm that provides corporate concierge services. Conciergerie is French for concierge. The company paid €9,990 for the .com version of this domain name.

Fitshop.no €6,000 – T-Fitness Norge in Norway.

Metraj.com $6,000 – The buyer is a real estate company in Iran.

Fellow.co $5,999 – Fellow is a peer feedback system that uses the domain name FellowInsights.com.

ReedsCrossing.com $5,000 – American Newland Communities LP is developing a master planned community in a suburb of Portland called Reeds Crossing.

Soundry.com €4,950 – The site isn’t up yet but the buyer is building a website using AWS for hosting.

Deftli.com £4,700 – The domain is still in escrow but the buyer has a coming soon page.

BeTheMaster.com $3,995 – A man bought this domain name for his book of the same name.

Zone.fi €2,500 – Zone Media in Estonia. They appear to offer website building service on the domain Zone.ee.

IglooEnergy.com €2,500 – Igloo Energy in the UK uses the domain name Igloo.energy, but it just bought the matching .com.

ZZmoney.com $2,430 – ZZ Inc is some sort of product development company.

ESF.co.uk £2,160 – ESF Events Ltd is a sports company that uses the domain name esfevents.co.uk.

Wox.in $2,000 – WOX Systems is a data technology company that uses the domain name WoxSystems.com.

MomentumSocial.com $2,000 – The domain forwards to MomentumSocial.co.uk, an influencer and social media marketing company.


© DomainNameWire.com 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. 15 end user domain name sales from Sedo
  2. See 21 companies that bought domain names last week
  3. What domain names Goldman Sachs and others bought this week
Categories: News and Updates

Domaining Europe Returning Home to Valencia, Spain for 10th Anniversary Show Next Spring

Domain industry news - Thu, 2018-02-22 17:27

The Domaining Europe conference began in Valencia, Spain almost a decade ago and the first seven shows in the annual series were staged at the Hotel Sorolla Palace there. In 2016 conference founder Dietmar Stefitz decided to take the show on the road, staging that year's event in The Hague, Netherlands, followed by the 2017 show in Berlin, Germany this past May. With the 2018 conference marking the 10th anniversary of the popular event, Stefitz decided it was only fitting that the event go back to where it all began in Valencia. So, he has booked the Sorolla Palace and set the dates for June 7-9, 2018.

Stefitz is determined to make the 10th anniversary show a special one so he has already started putting the agenda and speaker's line up together. Braden Pollock is again coming over to Valencia from the United States to moderate the event. Also, they are planning an opening day Keynote address at 10am June 7 featuring pioneering domain investor and DomainMarket.com Founder Michael Mann with a talk titled Get a .com! Mann is also scheduled to participate on a panel discussion devoted to domain valuation.

Stefitz has also identified several other topics that will be explored in depth through presentations and panel discussions at the 2018 event including Inventory Carrying Costs, Brokerage, Domain Portfolio Monetization, Buy Now Pricing vs. Negotiation and Drop Catching. Of course, the latest trends in new gTLDs will also be covered with Stefitz expecting to have .CLUB CMO Jeff Sass, .GLOBAL CEO Rolf Larsen and a representative from Neustar on hand to give attendees an update on that sector. He also has an International Investor Roundtable in the works with participants from Asia, Latin America, Russia, the USA and Europe.

Registration is already open, so it is not to soon to block June 7-9 out on your 2018 calendar to join domain investors, executives and service providers from around the world for this landmark edition of Domaining Europe.

This year Verisign will again be the main sponsor of the event, along with Law.es, dotGlobal, eco, Godaddy, Nidoma, Blacknight, LBM, Bodis and many others. Sponsorship options are still open at vivanco@domainingeurope.com.

Written by Sara Vivanco, Marketing Manager

Follow CircleID on Twitter

More under: Domain Management, Domain Names, New TLDs

Categories: News and Updates

Bespoke.com domain owner successfully defends another attack

Domain Name Wire - Thu, 2018-02-22 13:57

Judge tosses latest attempt to get Bespoke.com domain name.

You have to feel bad for Garth Piesse.

The New Zealand resident bought Bespoke.com in a competitive expired domain auction on DropCatch.com in 2014 for $18,805. It was a pretty good deal. But now his legal costs have surely dwarfed his purchase price.

First, Bespoke Services Group S.A. of Switzerland filed a UDRP against the domain name. It lost.

Then, a New Orleans company called Bespoke, LLC filed a lawsuit under the Anticybersquatting Consumer Protection Act.

It was going to be hard to convince a U.S. court of jurisdiction over the New Zealand resident, but the Lousiana company tried its hardest with some far-fetched claims. Piesse, represented by attorney David Weslow, filed a motion to dismiss the Louisiana case in July 2017. A judge dismissed (pdf) the lawsuit this week due to lack of jurisdiction.

In some ways, Piesse has a ready defense the next time a company tries to file a cybersquatting claim against the domain: if three companies think that Bespoke.com infinges their trademark, it will be hard to convince anyone that Piesse was targeting them with his domain registration.


© DomainNameWire.com 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Hospitality Company Claims Leisure.com Infringes Its Trademarks
  2. Jeweler sues Oversee.net for cybersquatting
  3. Libya loses anticybersquatting lawsuit
Categories: News and Updates

Buckley Media Group & BQDN Broker 6-Figure Sales in Impressive Week for Domain Aftermarket

DN Journal - Thu, 2018-02-22 03:01
The new weekly domain sales report is out at DNJournal.com. Our latest Top 20 sales chart in headed by the 2nd biggest sale reported so far in 2018.
Categories: News and Updates

Google creates set-it-and-forget it Adsense option

Domain Name Wire - Wed, 2018-02-21 22:01

New option is a brainless way to optimize Adsense revenue.

It’s been well over a decade since the golden days of Google Adsense (for me, at least). There was a short period of time I was making more than a thousand dollars a day from Adsense on websites and a much longer time I was bringing in over a hundred dollars a day.

A lot has changed since then, not the least of which is that the made-for-Adsense sites I created barely receive any traffic anymore and I’ve let many of them expire.

Still, Google Adsense can be a great income source for sites that cannot sell advertising directly due to their size. I still have two sites that I haven’t touched in a decade that generate over $100 a month. Not bad considering I don’t have to work for it.

Today, Google announced Adsense Auto ads, a truly set-it-and-forget-it monetization option for websites. I think this will be an ideal ad monetization solution for creators of small sites. That includes domainers who create small sites on their domains.

Rather than picking ad locations and sizes and inserting Adsense code in each spot, website owners only have to insert one code snippet in the head of their pages. Adsense will determine the locations and sizes of ads to display.

While many people think they are experts at picking the right spots to maximize ad revenue, I’d put more faith in Google engineers to optimize Adsense income on a smaller site. It’s also nice to not have to optimize separately for mobile and desktop browsing.

Site owners still get to pick the ad types that will display. Other than that, everything is in Google’s hands.

A couple of years ago I started a financial site on which I (very) rarely publish. It doesn’t have any ads on it, so I decided to try out Auto ads on the site. You can take a look at UpMoney.com and see the image below.

The ad behavior isn’t optimal yet, probably due to the low site traffic. It appears that Google is making room for ads but not always delivering them. In the image below you will see two blank spots without ads and one with a correctly inserted ad. About a half hour after taking the screenshot, ads started showing in some of the white spaces but other white space was added.

I think the location selection is pretty good, but making blank space instead of ads is an issue.


© DomainNameWire.com 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Google Enables Better Traffic Arbitrage
  2. Google Now Targeting Ads to Users, Not Just Content
  3. Adsense as a Platform and What it Means for Publishers
Categories: News and Updates

Asia Inspection acquires Inspection.com domain name for $335,000

Domain Name Wire - Wed, 2018-02-21 21:37

Company in Hong Kong buys Inspection.com.

A Hong Kong supply chain technology company has upgraded its domain name with the purchase of Inspection.com for $335,000.

Asia Inspection uses the domain name AsiaInspection.com. It is forwarding its new, simpler domain name to the longer domain name.

Kate Buckley (podcast) brokered the sale of the domain name:

Thrilled to announce I've just closed the sale of https://t.co/rFOIuIVSBH for $335,000. Congratulations to both buyer and seller! #domains #brands #marketing #scaleup #BuckleyMediaGroup

— Kate Buckley (@katebuckley1) February 21, 2018

The domain’s Whois record has been private since 2008.

I suspect the new domain name will help the company grow beyond Asia while also giving it more credibility.


© DomainNameWire.com 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

No related posts.

Categories: News and Updates

Report Estimates Cybercrime Taking $600 Billion Toll on Global Economy

Domain industry news - Wed, 2018-02-21 21:30

Cybercrime is costing businesses close to $600 billion, or 0.8 percent of global GDP, according to a report released today by McAfee, in partnership with the Center for Strategic and International Studies (CSIS). The estimated number is up from a similar 2014 study that put global losses at about $445 billion. The report attributes this growth to cybercriminals quickly adopting new technologies, the ease of engaging in cybercrime — including an expanding number of cybercrime centers — and the growing financial sophistication of top-tier cybercriminals.

Estimated daily cybercrime activity
Source: McAfee / CSIS 2018 reportFrom the report: "Cybercrime operates at scale. The amount of malicious activity on the internet is staggering. One major internet service provider (ISP) reports that it sees 80 billion malicious scans a day, the result of automated efforts by cybercriminals to identify vulnerable targets. Many researchers track the quantity of new malware released, with estimates ranging from 300,000 to a million viruses and other malicious software products created every day. Most of these are automated scripts that search the web for vulnerable devices and networks. Phishing remains the most popular and easiest way to commit cybercrime, with the Anti-Phishing Working Group (APWG) recording more than 1.2 million attacks in 2016, many linked to ransomware. This number may be low since the FBI estimated there were 4,000 ransomware attacks every day in 2016. The Privacy Rights Clearing House estimates there were 4.8 billion records lost as a result of data breaches in 2016, with hacking responsible for about 60% of these."

Data on cybercrime remains poor: The authors suggest data on cybercrime remains poor because of governments around the world underreporting and being negligent in their efforts to collect data on cybercrime.

Recommendations: Although the report is mainly focused on cybercrime estimations, and not recommendations, it has offered the following as a matter of obvious steps based on their cost analysis:

  • Uniform implementation of basic security measures such as regular updating, patching, open security architectures and investment in defensive technologies.
  • Increased cooperation among international law enforcement agencies both with other nations' law enforcement agencies and with the private sector.
  • Improved collection of data by national authorities
  • Greater standardization and coordination of cybersecurity requirements particularly in key sectors like finance.
  • Development of the Budapest Convention, a formal treaty on cybercrime which has made slow progress in the face of opposition from Russia and other countries.
  • International pressure on state sanctuaries for cybercrime; imposing some kind of penalty or consequence on governments that fail to take action against cybercrime.

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, DDoS, Internet Governance, Malware, Policy & Regulation

Categories: News and Updates

ICANN Spearheading Launch of Virtual DNS Entrepreneurship Center of the Caribbean

Domain industry news - Wed, 2018-02-21 19:44

The Internet Corporation for Assigned Names and Numbers (ICANN) is spearheading an initiative to launch Virtual DNS Entrepreneurship Center of the Caribbean (VDECC). Gerard Best reporting in the Caribbean Journal: "VDECC aims to open up new money-making opportunities in the DNS industry for Internet businesses and entrepreneurs across the region, including Internet service providers, web hosting companies, top-level domain operators, domain name registrars and resellers, web developers, digital marketers, e-commerce startups and Internet legal experts." The initiative was launched in Port of Spain on Feb. 19.

Follow CircleID on Twitter

More under: DNS, ICANN

Categories: News and Updates

Vermont Governor 5th to Take a Stand Against Rollback of Net Neutrality Rules

Domain industry news - Wed, 2018-02-21 19:14

Vermont Gov. Phil Scott is the latest state governor to take a stand against the FCC's rollback of net neutrality rules. Ryan Johnston reporting in StateScoop: "Scott last week took executive action mandating that any internet service provider (ISP) holding or seeking a state contract must include net neutrality protections in its services for all subscribers. He becomes the fifth governor to use the tactic, which is intended to pressure ISPs to operate as if the FCC did not repeal the Obama-era rules."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality

Categories: News and Updates

How domain name registrars can win over domain investors

Domain Name Wire - Wed, 2018-02-21 14:33

Here’s what domain name registrars need to do if they want to get domain investors as customers.

I get lots of pitches from domain registrars that have added nifty new features or are offering rock-bottom prices. It takes more than this to win domain investors as customers. It takes a complete package. Here’s what domain name registrars can do if they want to win over domain investors.

You can’t win on price, but you can lose on price. I often get pitches from domain name registrars about how they’re great for domain investors because of their low prices. But when it comes to .com domains, you simply can’t win on price. There are many registrars out there that offer essentially break-even pricing on .com domain names. The only way you can beat your competition is by losing money. Even when it comes to short-term discounts below the wholesale cost, I think most domain investors are smart enough to realize that registrars aren’t willing to lose money in the long run. So you’re not going to win on price (at least for .com), but you can lose on it. If you’re charging more than $9.00 or so, it’s going to be hard to win domain investors.

Security is a must. There are many things at play when it comes to security. These days it’s necessary to offer two-factor authentication, ideally through an app instead of SMS. U2F is even better, and Fabulous offers this.  One of the better security offerings I’ve seen is from GoDaddy, which lets larger domainers enable call-based security before a domain is transferred out. A GoDaddy representative will call the account owner and ask for a pin number before authorizing an outbound transfer.

Then there is the security that you don’t notice as much. It’s hard for me to evaluate if a registrar has good backend security but if they don’t follow visible best practices, I get worried. An example is sending emails to customers that require action and these emails don’t identify the customer by name or another identifier. That makes it more likely someone will fall for a phishing scam in the future.

Make it simple to manage domains. Domainers want lots of account admin features but they also want a good user interface. If a registrar creates something that looks like a programmer designed the front end, then it’s in trouble. Think about the types of actions domain investors need to perform and make it as easy as possible. Bulk actions are a must. Oh, and if you don’t offer bulk auth code downloads for transferring out, then domainers should be wary about transferring in.

Your business is important to us, but please hold. There are two essential elements of support: a good online knowledgebase and great support. Answer the phone quickly with knowledgeable reps. Promptly respond to email. Make chat support available.

Show me the money! OK, so you can’t win on price. Security is a must but it’s more of a disqualifier than a qualifier. And you need a good baseline domain manager plus good support. So far, there’s nothing that can really separate a registrar from the pack. There’s one key thing that can make a registrar truly stand out: help domainers make more money.

It used to be you could do this with a good domain parking program, but that has basically disappeared. Now you need to help them sell domains. That means integrating with AfternicDLS or SedoMLS (preferably both). Help domainers analyze their portfolios. Provide tools that enable them to make renew/drop decisions.

Helping a domainer make more money will far outweight discounted domain prices in terms of value. It might actually help you turn domainers into profitable customers, too.


© DomainNameWire.com 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.

Latest domain news at DNW.com: Domain Name Wire.

No related posts.

Categories: News and Updates

Latest GGRG Report on Liquid Domain Sales Breaks Down How Short .COMS Fared in 4Q-2017

DN Journal - Tue, 2018-02-20 23:12
Domain brokerage & consultancy GGRG.com has released a new quarterly report breaking down short .COM domain sales in the 4th quarter of 2017.
Categories: News and Updates

WHOIS Access and Interim GDPR Compliance Model: Latest Developments and Next Steps

Domain industry news - Tue, 2018-02-20 20:17

WHOIS access and development of an interim GDPR compliance model remains THE hot topic within the ICANN community. Developments are occurring at a break-neck pace, as ICANN and contracted parties push for an implementable solution ahead of the May 25, 2018 effective date of the GDPR.

To quickly recap:

  • Between November 11, 2017 and January 11, 2018, various ICANN community participants submitted different proposed interim GDPR compliance models to ICANN;
  • On January 12, 2018, ICANN published a set of three proposed interim GDPR compliance models of its own design for community input;
  • On January 24, 2018, the ICANN Intellectual Property and Business Constituencies (IPC and BC, respectively) held a community-wide webinar, with in-person attendees in Washington, DC and Brussels, to discuss the ICANN and community models, and key issues and concerns in developing an interim compliance model while preserving access to WHOIS data for specific legitimate purposes, including law enforcement, cybersecurity, consumer protection, and intellectual property enforcement, among other business and individual user needs;
  • On January 29, 2018, ICANN formally closed its community input period on the compliance models;
  • On February 1, 2018, the IPC and BC sent a joint letter to the Article 29 Working Party, with a copy to ICANN, providing an overview of WHOIS uses and needs for law enforcement, cybersecurity, consumer protection and intellectual property enforcement, and how these legitimate purposes fit within the framework of the GDPR;
  • On February 2, 2018, ICANN published a matrix of all the proposed interim compliance models, and a draft summary of discussion and comments regarding the models;
  • On February 7, 2018, the European Commission provided additional input to ICANN regarding the various proposed compliance models; and
  • Between February 10 and February 16, 2018, ICANN provided updates to various community leaders regarding a compliance model that ICANN had begun to coalesce around, based on the prior models, community input, and community discussions (the "convergence model").

ICANN is now poised to formally publish the convergence model, although the community continues to discuss and seek a solution that is acceptable for all stakeholders. As part of those continued discussions, the IPC and BC will be hosting another cross-community discussion, following up on their co-hosted event on January 24. This second event will take place on Thursday February 22, 2018 from 9 am to 12 pm Eastern (US) (1400 – 1700 UTC), with in-person participation in the Winterfeldt IP Group Offices in Washington, DC and the ICANN office in Brussels, Belgium. There will also be remote participation available through Adobe Connect.

We invite all readers to participate in this important ongoing conversation. Please RSVP to denise@winterfeldt.law if you or your colleagues would like to join in person in Washington, DC or Brussels, or via remote participation.

Written by Brian Winterfeldt, Founder and Principal at Winterfeldt IP Group

Follow CircleID on Twitter

More under: Domain Names, ICANN, Law, Privacy, Whois

Categories: News and Updates

SpaceX Starlink and Cuba - A Match Made in Low-Earth Orbit?

Domain industry news - Tue, 2018-02-20 19:05

I've suggested that Cuba could use geostationary-orbit (GSO) satellite Internet service as a stopgap measure until they could afford to leapfrog over today's technology to next-generation infrastructure. They did not pick up on that stopgap suggestion, but how about low-Earth orbit (LEO) satellite Internet service as a next-generation solution?

SpaceX, OneWeb, Boeing and others are working on LEO satellite Internet projects. There is no guarantee that any of them will succeed — these projects require new technology and face logistical, financial and regulatory obstacles — but, if successful, they could provide Cuba with affordable, ubiquitous, next-generation Internet service.

Cuba should follow and consider each potential system, but let's focus on SpaceX since their plan is ambitious and they might have the best marketing/political fit with Cuba.

LEO satellite service will hopefully reach a milestone this week when SpaceX launches two test satellites. If the tests go well, SpaceX plans to begin launching operational satellites in 2019 and begin offering commercial service in the 2020-21 time frame. They will complete their first constellation of 4,425 satellites by 2024. (To put that in context, there are fewer than 2,000 operational satellites in orbit today).

SpaceX has named their future service "Starlink," and, if Starlink succeeds, they could offer Cuba service as early as 2020 and no later than 2024 depending upon which areas they plan to service first.

What has stopped the Cuban Internet and why might LEO satellites look good to Cuba?

Cuba blames their lack of connectivity on the US embargo, but President Obama cleared the way for the export of telecommunication equipment and services to Cuba and Trump has not reversed that decision.

I suspect that fear of losing political control — the inability to filter and surveil traffic — stopped Cuba from allowing GSO satellite service. Raúl Castro and others feared loss of control of information when Cuba first connected to the Internet in 1996, but Castro is about to step down and perhaps the next government will be more aware of the benefits of Internet connectivity and more confident in their ability to use it to their advantage.

A lack of funds has also constrained the Cuban Internet — they cannot afford a large terrestrial infrastructure buildout and are reluctant (for good and bad reasons) to accept foreign investment. SpaceX is building global infrastructure so the marginal cost of serving Cuba would be near zero.

They say that the capital equipment for providing high-speed, low-latency service to a Cuban home, school, clinic, etc. would be a low-cost, user-installed ground-station. I've not seen ground-station price estimates from SpaceX, but their rival OneWeb says their $250 ground-station will handle a 50 Mbps, 30 ms latency Internet link and serve as a hot-spot for WiFi, LTE, 3G or 2G connectivity.

Since the marginal cost of serving a nation would be small and they hope to provide affordable global connectivity, I expect their service price will vary among nations. Prices would be relatively high in wealthy and low in poor nations — there would be no point in having idle satellites flying over Cuba or any other place.

Expansion of the Cuban Internet is also constrained by bureaucracy and vested financial interest in ETECSA and established vendors. While I do not endorse Cuba's current monopoly service and infrastructure ownership policy, it could remain unchanged if ETECSA were to become a reseller of SpaceX Internet connectivity.

In summary, if Starlink succeeds, they could offer affordable, ubiquitous high-speed Internet, saving Cuba the cost of investing in expensive terrestrial infrastructure and allowing ETECSA to maintain its monopoly. The only intangible roadblock would be a loss of control of traffic. (But Cuban propagandists and trolls would be able to reach a wider audience :-).

That is the rosy picture from the Cuban point of view, what about SpaceX?

OneWeb plans to offer LEO satellite Internet service in Alaska in 2019 and hopes to cover all of Alaska by the end of 2020.

How about SpaceX starting by serving Cuba?

I don't know the SpaceX constellation rollout plan, but satellites that serve Cuba would also be capable of serving the eastern US and FCC licenses are conditional upon providing US service in a timely manner.

Since Cuba is an island nation, portions of the footprint of satellites serving Cuba would fall on the uninhabited ocean. That would reduce population destiny in the satellite footprint area, freeing capacity for use by customers in relatively urban areas.

Selecting Cuba as their initial service market would be an audacious move, but Elon Musk is not a conventional, conservative businessman. SpaceX would get a lot of publicity from a Cuba opening and, like the roadster they just launched into orbit, first offering Starlink service in Cuba would have symbolic value — marking an opening to Cuba.

There is pent-up demand for Internet access in Cuba since they have very poor Internet access given their level of education and development.

Cuba is 166th among the 176 nations the International Telecommunication Union (ITU) ranks on access to telecommunications. Haiti, ranked 167th, is the only nation in Latin America and the Caribbean (LA&C) that ranks below Cuba, yet Cuba ranks 9th in the region on the ITU telecommunication-skills index. Cuba ranks tenth in LA&C on the United Nations Development Programme's human-development index and their mean years of schooling is the highest in the region.

Cuba's relatively high human-development and IT-skill indices reflect their emphasis on free public education at all levels. This is exemplified by the curriculum at Cuba's Information Science University, where students pay no tuition but are required to work on useful applications in education, health, sport, and online government.

But, perhaps the biggest contributor to pent-up demand is El Paquete Semanal, a weekly distribution of current, pirated Internet content that is distributed throughout the nation. I've heard the claim that 95% of Cubans see El Paquete content each week. That sounds high, but it is very popular and has been alleged to be Cuba's largest private employer.

The political situation is the elephant in the room. The US has formed a Cuba Internet Task Force and Trump is following President Obama's lead in seeking to strengthen the Cuban Internet, so it unlikely that the US government would object to SpaceX offering Starlink service to Cubans.

That being said, such a move would be unpopular among some members of Trump's Cuban "base." While there might be some domestic political cost to SpaceX, an opening to Cuba would be seen as extremely positive in Latin America and the rest of the world and SpaceX and Tesla are global companies.

Written by Larry Press, Professor of Information Systems at California State University

Follow CircleID on Twitter

More under: Access Providers, Broadband, Policy & Regulation, Wireless

Categories: News and Updates

Hackers Use Tesla's Amazon Cloud Account to Mine Cryptocurrency

Domain industry news - Tue, 2018-02-20 18:37

Tesla's cloud environment has been infiltrated by hackers and used to mine cryptocurrencies, researchers have discovered. Other victims include Aviva and Gemalto. According to reports, the incident was first discovered by security company RedLock a few months ago when its research team found hundreds of Kubernetes administration consoles accessible over the internet without any password protection.

Initially RedLock discovered instances belonging to Aviva, a British multinational insurance company, and Gemalto, the world's largest manufacturer of SIM cards. From the report: "Within these consoles, access credentials to these organizations' Amazon Web Services (AWS) and Microsoft Azure environments were exposed. Upon further investigation, the team determined that hackers had secretly infiltrated these organizations' public cloud environments and were using the compute instances to mine cryptocurrencies (refer to Cloud Security Trends - October 2017 report). Since then, a number of other cryptojacking incidents have been uncovered and there are notable differences in the attacks. ... latest victim of cryptojacking is Tesla. While the attack was similar to the ones at Aviva and Gemalto, there were some notable differences. The hackers had infiltrated Tesla's Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry."

Follow CircleID on Twitter

More under: Blockchain, Cloud Computing, Cyberattack, Cybersecurity

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer