News and Updates

Cybersecurity, an Essential Weapon in the Cyberwarfare to Protect Our Democracy

Domain industry news - Fri, 2021-04-16 18:25

We see the problems that we are facing within an increasingly digital society and economy. We cannot go backward; the only way forward is to ensure that this new digital environment is made as safe as possible from a personal, social, political and economic perspective. We are currently struggling on these fronts.

Unfortunately, we have now clearly entered a situation of cyber warfare. States now use digital technologies to impose and undermine ideologies. We see totalitarian regimes using it to interfere with elections as well as using it to control and suppress their own population.

This is buttressed within countries by digital control and manipulation of news and information. Internationally, they also use other tactics to force countries to succumb to their totalitarian ideology through trade wars and other economic means.

With cyberattacks on the increase, utility providers and consumers are turning to private wireless networks to mitigate risks.

Cyberwarfare is more of a threat to democratic nations than to the countries under totalitarian regimes. While totalitarian regimes ultimately often fail, they need to be transformed from within, and that could take a long time.

Such regimes, especially when they are powerful, can create a lot of international damage and indeed seriously undermine democratic nations.

Global and political problems linked to cyberwarfare are more important than the personal cyber problems we face, including the commercial surveillance systems from digital companies such as Facebook and Google. That is not to say that we should not do anything about this.

But if we need to set priorities on cybersecurity, international cyberwarfare is the most serious issue.

We can manage personal cybersecurity issues, to a large extent, through regulations. Clearly, there is now a global focus on reigning in the excessive powers of the digital giants.

Obviously, it is far more difficult to regulate international cyberwarfare. It is not totally impossible, as nations on both sides of the ideological divide in the past have been able to do this in relation to nuclear warfare.

We will need to be prepared to strengthen our democratic principles to withstand the onslaught of cyber warfare. However, this will mean that some personal freedoms might be affected. This is not unlike situations in real warfare.

Peter Coroneos, the International Vice President of CyAN, the Cybersecurity Advisors Network and Australia's top cyber legal and regulatory expert, Professor Patrick Fair, recently conducted lectures on these pressing issues.

Is the Government's cybersecurity advice following Russian trolling activity sufficient or are deeper protections required?

Professor Fair listed a range of initiatives taken by the Australian Government over recent years. They include:

  • Changes to foreign investment rules;
  • New online safety legislation;
  • Surveillance Legislation Amendment (Identify and Disrupt) Bill;
  • New framework for Security of Critical Infrastructure;
  • Review of the Privacy Act.
  • Digital identity framework;

Inquiry into extremist movements and radicalism in Australia; and

Telecommunications security sector reform review.

On top of this, there are other regulations in the financial sector but especially also in the telecommunications sector. The key elements of the initiatives are broadly supported by the experts in the industry, but they do encounter problems.

A key issue is and has been, time and time again, the rushing through of legislation without proper industry consultation.

This is more important than ever when the Government is wanting to gain access to the latest communications and data storage platforms for law enforcement and security purposes, including where it will disrupt, take over, modify functionality or install its own software. These aggressive new powers need to be used carefully, with appropriate transparency and supervision provisions that are often absent from the first drafts of the law.

The second area of concern is that we have a hopscotch of rules, legislation, and regulations rather than taking a holistic approach. This creates confusion, leads to mistakes, and waters down the overall robustness of cybersecurity.

An extension of this issue is that it is unclear where it overlaps, replaces, or supersedes similar sorts of regulation in this industry.

While there is no doubt that cybersecurity is one of the most important issues that democratic nations need to address, it is equally important that this is done in a comprehensive and sensible way to ensure that we do get the best possible outcomes of this legislation.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity, Internet Governance, Policy & Regulation

Categories: News and Updates

What Are the Connections to Identified Hafnium Malicious IP Addresses?

Domain industry news - Fri, 2021-04-16 18:11

Cyber attackers are very skilled at infiltration. They'd find ways into a house through cracks and holes that the homeowner doesn't know about. Analogically speaking, that's what the new cyber attack group dubbed "Hafnium" did when they identified several zero-day Microsoft Exchange vulnerabilities to get into target networks.

With thousands of users for every Microsoft Exchange server, the attack has far-reaching implications. First, it establishes the presence of a new threat actor group in town. What else could they be up to?

Second, the zero-day attack calls for immediate patches for affected organizations. Finally, it brought to light another essential question: What other zero-day vulnerabilities are there?

A Deep Look into the Hafnium IP Addresses

Several cybersecurity experts and organizations, including Malwarebytes and Info Tech, released the attack's technical details. VirusTotal also mapped out several nodes related to the Hafnium threat actor group.

From all these sources, we extracted 92 malicious IP addresses, then used domain and IP intelligence sources to glean insights into the following:

  • IP netblock ownership
  • IP geolocation
  • Domain associations
IP Netblock Ownership

Tracing which IP netblock a malicious IP address belongs to can help identify the entities administering it. Such knowledge could make the takedown process easier.

The Autonomous System (AS) names and NETNAMEs of the Hafnium IP addresses indicate most of them are owned by cloud service providers and telecommunications companies.

In fact, eight of the top 10 entities associated with the 92 IP addresses are part of the telecommunications industry. One is a cloud computing company, Digital Ocean, which also manages 26% of the blacklisted IP addresses in this study. Another owner is a tech solutions company.

IP Geolocation

The Hafnium group is believed to be from China, although they lease servers in the U.S. as well. IP geolocation details support this, as 21 of the IP addresses are geolocated in China, and several of the top 10 geolocations are neighboring countries. Still, attributing the attack to threat actors from a particular country is not straightforward.

Domain Associations

Passive Domain Name System (DNS) data suggests that at least 25% of the IP addresses are dedicated, having only 1-11 associated domains each.

One noteworthy IP address is 211[.]56[.]98[.]146, which has been identified as an indicator of compromise (IoC) related to the Microsoft Exchange Server zero-day attack. Only one subdomain resolves to the IP address — c3kr[.]simonxu[.]cc.

While this subdomain and its root domain have been tagged "malicious" on VirusTotal, some simonxu[.]cc subdomains are still deemed clean. The following are a few of the subdomains, along with the IP addresses returned by DNS lookups:

SubdomainIP Address from DNS LookupIP Netblockdzhsh[.]simonxu[.]cc114[.]80[.]157[.]59114[.]80[.]0[.]0 – 114[.]80[.]255[.]255hongkong[.]simonxu[.]cc119[.]8[.]100[.]78119[.]8[.]96[.]0 – 119[.]8[.]127[.]255japan[.]simonxu[.]cc180[.]149[.]230[.]45180[.]149[.]230[.]0 – 180[.]149[.]230[.]255ocservjp[.]simonxu[.]cc180[.]149[.]230[.]45180[.]149[.]230[.]0 – 180[.]149[.]230[.]255proxy[.]simonxu[.]cc180[.]149[.]230[.]45180[.]149[.]230[.]0 – 180[.]149[.]230[.]255proxy[.]east2south[.]simonxu[.]cc122[.]112[.]205[.]150122[.]112[.]200[.]0 – 122[.]112[.]207[.]255

These IP addresses and their netblocks are not among the initial Hafnium-related addresses under study, but they seem to share similar characteristics, such as being dedicated and assigned to telecommunications companies.

Aside from applying vulnerability patches as they are made available, security teams could, if applicable, limit or altogether prevent network communications with unknown and suspicious IP addresses. Such an action may be prudent, especially since the Hafnium cyber attack group could have more IP addresses and domains in their arsenal, besides those already published.

Written by Jonathan Zhang, Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.com

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, DNS, Domain Names, IP Addressing, Threat Intelligence

Categories: News and Updates

Squarespace files to go public

Domain Name Wire - Fri, 2021-04-16 18:03

Site builder files S-1.

Squarespace is a site builder that makes it easy to create and launch websites.

One month after raising $300 million from investors, website building software company Squarespace has filed its S-1 with the SEC to allow investors to sell their shares on the market.

Here’s a look at Squarespace’s business by the numbers.

  • 3.7 million unique subscriptions at the end of 2020, up from 3.0 million at end of 2019. This includes standalone sites, standalone scheduling subscriptions, and social service subscriptions.
  • $621 million annual revenue in 2020, up from $485 million in 2019. 28% revenue growth.
  • $150 million cashflow from operations in 2020, up from $102 million. Net income $58 million, up from $31 million.
  • $142 million commerce revenue, up 78% YoY.
  • 12 month ARPU of $187.

Squarespace is an easier-to-use alternative to WordPress. It competes with Wix, Weebly, and GoDaddy’s site builder.

Post link: Squarespace files to go public

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Squarespace starts offering domain name registration
  2. Testing out the website builders: Wix, Weebly and Squarespace
  3. The problem with WordPress
Categories: News and Updates

Facebook sues Web.com’s NVSC for cybersquatting

Domain Name Wire - Fri, 2021-04-16 14:23

Social media company alleges that Web.com subsidiary owns 74 infringing domain names.

Facebook has filed a lawsuit (pdf) against New Ventures Services Corp (NVSC) for alleged cybersquatting of its brands, including Facebook, Instagram and WhatsApp.

NVSC is a Web.com subsidiary that holds domain names for traffic revenue and resale. It gets many of its domain names by cherry-picking expiring domain names from Web.com registrars, including Register.com and Network Solutions. (Web.com was acquired by a new entity called Newfold Digital earlier this year.)

Facebook alleges that NVCS holds at least 74 domain names that infringe its marks, including FacebookBusinessLeads .com, Instagram-Online .com and InstallWhatsApp .com.

Many of these domains are parked with links to a Network Solutions page where the domains can be purchased for as little as $300.

Last year, Facebook sued domain name registrar Namecheap and its proxy service in a cybersquatting suit. In that case, Facebook alleges that Namecheap customers registered infringing domain names.

Post link: Facebook sues Web.com’s NVSC for cybersquatting

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Facebook sues domain name registrar OnlineNic
  2. Facebook wins GameRoom.com dispute
  3. Addicting.com domain lawsuit settled
Categories: News and Updates

Telling the Truth About 5G

Domain industry news - Thu, 2021-04-15 19:22

I still run across articles that extol the supposed wonders of 5G. The most recent, published in Gizmodo asks "How 5G Could Replace Your Home Broadband Connection”. I was surprised to see an article like this in a tech-oriented site because the article gets most of the facts wrong about 5G — facts that are not hard to verify.

This article talks about 5G having "faster download speeds, faster upload speeds, more bandwidth, and lower latency" than landline broadband. The author talks about having gigabit speeds on 5G. The article is clearly talking about 5G cellular technology. The author talks about sticking a SIM card in a router and using this fast 5G instead of wired broadband. The article hints that 5G may be the savior for poor rural broadband. This all sounds like it came directly from the sales pitch that the big cellular carriers have been making to politicians for the last five years — 5G will transform the world.

The article talks about an AT&T cellular hotspot product that can handle data speeds up to 1 gigabit. The article mentions the T-Mobile Home Internet product and also mentions speeds up to 1 gigabit. Those two carriers mention the word gigabit in their advertising, but the author fails to understand that in urban areas, these products might deliver speeds at something under 100 Mbps, and in rural America, where the products are aimed to serve, speeds are likely going to be south of 20 Mbps.

Finally, the article swallows the industry rhetoric and gives the label of 5G to the Verizon Home product — which is fiber-to-the-curb. The keyword in that technology description is fiber — Verizon builds a fiber just outside of the home for this to work. This product is not even a distant cousin of cellular data.

And that's where this author and a large number of other articles miss the boat about 5G. 5G is a cellular technology. Its sole purpose of 5G is to make cell sites perform better. Today there is no 5G anywhere on the planet because the 5G features that will make cell sites perform better have not yet been incorporated into cell sites or into phones. We can expect to start seeing these features over the next 3-4 years at cell sites, and a few years longer as future generations of cellphones can use the new features.

The author has fallen for the carrier hype that 5G will be blazingly fast. It will not be fast in the vast majority of circumstances. The 5G specifications call for cell towers to reliably deliver 100 Mbps cellular data to big numbers of cellphones or devices. The industry vendors might find a way to outperform that goal — but there is no wireless engineer anywhere thinking we'll be delivering gigabit speeds to cellphones using 5G.

The biggest trap the author fell into is buying into the carrier rhetoric about gigabit speeds. The carriers have wireless products with fast broadband using millimeter-wave spectrum. The first was mentioned above, which is Verizon's Home product. The second comes from the deployment of millimeter-wave hot spots in downtown areas. These hotspots are the equivalent of putting a faster hotspot like the ones used at a Starbucks on a pole and beaming broadband to anybody within 500 feet.

Both of these applications are fast. Both use millimeter-wave spectrum. But both require a customer to be within close proximity to a fiber. Most importantly, these technologies are not 5G. They don't currently use and will never use any of the 5G technology improvements that will make cellular phones perform better. I'm sometimes tempted to post an entire blog that, reminiscent of Jack Torrence in The Shining, types over and over, "Millimeter-wave spectrum is not 5G. Millimeter-wave spectrum is not 5G".

I occasionally reply to one of these articles, and this one is particularly egregious because such articles magnify the false stories that the carriers have been trying to sell to the public, which is that 5G is an amazing technology that will transform the world — any day now, but not quite today. Such articles keep telling people to hold out for a technology that isn't coming. Yes, there will be rural 5G hotspot products for households. But let's please tell the truth — I'll be surprised if the average rural home ever reaches 50 Mbps on the technology.

Written by Doug Dawson, President at CCG Consulting

Follow CircleID on Twitter

More under: Access Providers, Broadband, Telecom, Wireless

Categories: News and Updates

Angel.com domain name sells for $2 million

Domain Name Wire - Thu, 2021-04-15 18:36

Sedo broker Dave Evanson brokers megadeal.

Sedo domain name broker Dave Evanson announced today that he brokered the sale of Angel.com for $2 million:

Just sold Angel .com for $2,000,000.00!! Congrats to buyer and seller!! Look for the domain to be put to use very soon!

— dave evanson (@SedoDaveEvanson) April 15, 2021

Based on historical Whois records from DomainTools, the seller is Genesys Telecommunications Laboratories, Inc. Genesys acquired teleco company Angel.com in 2013 and rebranded the product as Genesys Premier Edition.

The domain is currently pending transfer at the domain name registrar CSC.

The buyer is not yet known, but one prospective buyer is AngelList. It uses the domain Angel.co. [Update: the domain name forwards to Angel Studios, a group with crowdfunding platform for movies and other entertainment.]

This is the second public seven-figure sale of the year. Last year there was one public seven figure sale (Bullish.com for $1.08 million).

Post link: Angel.com domain name sells for $2 million

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Shop.app domain name sells for $200,000
  2. Revolution.org Sells for $120,000
  3. Moviles.net Domain Name Sells for $35,000
Categories: News and Updates

Security company Proofpoint files for reverse Whois patent

Domain Name Wire - Thu, 2021-04-15 17:23

Proofpoint wants a patent for its domain discovery system.

A figure from Proofpoint’s patent application showing reverse Whois data.

Cybersecurity company Proofpoint (NASDAQ: PFPT) has filed a patent application (pdf) for a reverse Whois system.

Reverse Whois refers to finding all of the domain names associated with a given owner. A typical reverse Whois lookup involves using an email address or Registrant Name in Whois and discovering the domain names associated with it.

Proofpoint’s system is designed to start with a seed domain name owned by a company. It then runs reverse Whois checks on the Whois data and infrastructure around the domain name. It uses what data is available to try to determine all of the domains owned by the same entity.

If the domain uses Whois privacy, it will look at the domain’s infrastructure (name servers, IP addresses, MX records, etc.). The system can use a combination of data to try to ascertain which domains belong to the entity.

One goal of a system like this is to determine when a bad actor registers a brand domain.

The system sounds a lot like some of the tools that DomainTools offers.

Proofpoint filed the original patent application (Ser. No. 16/244,955) in January 2019 and filed a continuation patent application (Ser. No. 17/129804) in December 2020. The U.S. Patent and Trademark Office published the continuation application today.

 

Post link: Security company Proofpoint files for reverse Whois patent

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. DomainTools is about to get more expensive for some users
  2. The Poor Man’s Registrant Lookup
  3. Every Domain Owner Should Subscribe to DomainTools’ Registrant Alert
Categories: News and Updates

The Domain Industry Keeps on Growing and Changing

Domain industry news - Thu, 2021-04-15 14:28

It has become very clear once again: the domain industry won't stop. The scenario we know today is constantly changing, and our industry adapts to the changes taking place in society and the economy.

Thanks to its versatility, the domain industry continues to amaze with some big changes year after year. This sector has its own peculiarities, rules, and opportunities for all stakeholders involved. While there are strong foundations, the ecosystem is constantly evolving, with the large numbers of new gTLDs introduced being just one example of this.

InterNetX and Sedo, two leading companies in their respective fields, took a closer look at the state of the domain industry in 2021 and published their results in the latest edition of the Global Domain Report 2021. In about 70+ pages, you get a clear depiction with analyzes, data, developments, and statements from the leading voices /experts in the industry. In this article, we took a closer look at the main data with particular reference to the European market.

2020 was a year of change for everyone. The pandemic has led to restrictions, lockdowns, and major inconveniences with serious implications from private life to business. COVID-19 changed everyday life by presenting new challenges for the domain industry, which has reacted accordingly. ICANN for example has launched various initiatives, e.g. to keep DNS secure and to support registrants in the COVID-19 crisis.

As stated by InterNetX CEO Thomas Mörz: "The domain sector survived 2020 largely unscathed. All trends show growing numbers, despite contrasting feelings around the pandemic. We are seeing a worldwide acceleration of digitization. It has become clear once again that domains are the starting point for every successful online business."

Ron Jackson, the editor of DNJournal, describes 2020 as a roller coaster ride: "When the pandemic hit us in the first quarter, sales slowed down. People were worried that the situation could worsen. The turning point was understanding that a strong web presence is a must to do business in a pandemic situation."

The Global Domain Report 2021 by InterNetX and Sedo

The number of domain name registrations continues to grow. Several reasons have led to positive numbers in the domain sector this year as well:

  1. The push towards digitalization.
  2. The specialization of certain niche industries and services.
  3. The emergence of new markets around the world.

Still, creating statistics on the most registered TLDs is not a simple task. This is mainly due to the sources, which often present very different data. Furthermore, while there are registrars that make their data publicly available, others do not. All in all, we can say without any doubt, the demand is and remains high. At the same time, the introduction of new extensions continues to offer society new TLDs that better represent it. Let's take a closer look at some domain industry highlights from the Global Domain Report by InterNetX and Sedo.

The 10 most popular TLDs

It is certainly not a surprise: .com remains the most registered domain. The TLD .tk and .cn follow on an equal footing. Among the ccTLD, the German domain extension .de has a lead that has become too big for those behind to be easily overcome, namely .uk, .nl, .ru, and .br. The two "historical" TLDs .net and .org are among the most registered domains, as well.

The 10 most popular TLDs

In general, .cn and .nl show a strong growth compared to .net, .tk, and .uk with negative figures.

The most registered ccTLDs in 2020

Top 5 + 1 ccTLDs in M

Looking at the data in the report, these are significant differences visible at first glance. For example, the ccTLDs .tk, .ga, .cf, .ml, and .gq managed by freenom are generally free to register with fees only to ensure the full ownership of the domain.

This can only benefit registrations. Thus it is explained now, for example, why .tk the ccTLD for the Tokelau territory, with a population of approximately 1,500 people, has come out on top of the rankings.

Europeans love ccTLDs

In terms of global market share, 34% of the total is represented by ccTLDs, while the remaining 56% is in the hands of gTLDs.

Top 10 Domains in Europe

If we consider only the European continent, however, the situation is slightly different. According to the Global Domain Report taking CENTR as a source, the market share of ccTLDs among European countries amounts to 61%. A long-standing trend based on historical-cultural reasons, which leads the European market to prefer national TLDs to locate their presence on the internet.

Domain-population ratio

The Global Domain Report by InterNetX and Sedo presents an interesting comparison by relating the domains registered in a given country with the respective number of inhabitants. This data allows us to draw further conclusions on the global domain market.

While it is not surprising that the most populated countries like China or the United States also have a large number of registered domains, very small countries like Panama or the Cayman Islands benefit from their status as a popular offshore destination. The case of .tk reaching the Top10 is one clear example.

Domain-inhabitant ratio

There are gTLDs with strong potential besides .com

The TLD .com leads all rankings with a very wide gap from other domains. A success story that has been going on since 1985. Of course, there are many other gTLDs with strong potential. There are currently 1,590 TLDs in the IANA root zone database and 1,244 are the so-called gTLDs.

Even though new domain extensions represent only a small fraction of registered gTLDs so far, the number of registrations is constantly growing, as are the opportunities associated with them. Some TLDs experienced higher growth with peaks over 300%, such as .site, .icu, or .xyz.

Growth >100%

More than 1,000 new gTLDs offer a more diversified internet

Top 5 new gTLDs

New top-level domains have been introduced in recent years mainly because it has become increasingly difficult to find short, concise domains that are still available. The new gTLDs are, therefore, a "remedy" to make the internet grow. It could also be said that they have "democratized" the industry with over 1,000 additional extensions, thus widening the choice by bringing diversity within the internet community. Also, registrations of new gTLDs continue to grow in 2020.

Some of the main ones include: .xyz, .icu but also .online, .top, .site and .club — the latter now in the limelight and steadily growing. When it comes to the new top-level domains, Donuts Inc. today manages the largest and most relevant portfolio in the world, offering new extensions to enhance and manage your online identity.

The most successful geoTLDs

Let's not forget these gTLDs, which represent a region, a community, or even a continent such as .asia, the most registered geoTLD, followed by .cat, for the autonomous region of Catalonia and .pyc for the ethnic community of Russian-speaking people in Kiev Rús.

Registered geoTLDs

Considering the vast market potential of .asia and .africa, thanks to the large population in the respective regions, they have not yet reached their full potential.

2021 forecast for the domain industry

The year 2020 was an unpredictable one with constant changes. The hope is that we can slowly return to a certain degree of normality. The domain industry certainly reflects the changes taking place in society and the economy, but it can benefit from some stability. The fast-growing digitization with an increased focus on e-commerce and digital security can only have a positive effect on the domain industry.

Get your copy of the Global Domain Report 2021 by InterNetX and Sedo.

Written by Simone Catania, Global Content & Communications Manager at InterNetX

Follow CircleID on Twitter

More under: Domain Names, New TLDs

Categories: News and Updates

A Quartet of 6-Figure Sales Led by a ccTLD Took Center Stage on This Week's Sales Chart

DN Journal - Thu, 2021-04-15 01:48
The domain aftermarket continues to run at full throttle with impressive sales being posted in all categories.
Categories: News and Updates

Sizing the domain name aftermarket

Domain Name Wire - Wed, 2021-04-14 19:02

Please provide me with data to estimate the size of the domain name aftermarket.

How big is the domain name aftermarket? How much dollar volume of domain names sell on the aftermarket each year?

It’s a challenging question to answer, which is why estimates vary widely. It’s hard to come up with accurate numbers when the inputs are hard to come by. Most large domain investors are privately held. Those that are publicly held offer many services and don’t break out aftermarket sales.

A recent Boston Consulting Group study estimates that 1.25 million domains changed hands in the aftermarket last year and that domain investors own 27.7 million .com domains. That implies a 4.5% sell-through rate (assuming we’re just looking at .com), which is well above what domain investors achieve. Based on the methodology, it’s possible that the study also considers expired domain sales, which might account for the high sale rate, but then the average sales price in the study is too high.

With this in mind, I’m going to explore piecing together how big the domain aftermarket is. It will be challenging and I’d like your help. Please send me any data you think might be helpful. This includes data you have captured about the largest domain investors, or your own data if you have a large portfolio or operate a service that captures domain data. I will keep data sources confidential and will only present information in aggregate.

Post link: Sizing the domain name aftermarket

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

No related posts.

Categories: News and Updates

Bloomberg writes about Nick Lim and Epik

Domain Name Wire - Wed, 2021-04-14 14:49

Bloomberg publishes a story about Nick Lim, who sold BitMitigate to Epik. 

Bloomberg Businessweek cover

Bloomberg has published a profile of Nick Lim, who sold his company BitMitigate to Epik in 2019.

Lim has since left Epik but remains a shareholder. He now spends his time helping sites favored by White supremacists and QAnon followers stay online.

It’s a fascinating story about the 23-year-old who says he is motivated by free speech. Authors William Turton and Joshua Brustein dig into Lim’s background, finding some contradictions in his story.

The story also discusses Epik and Rob Monster. Bloomberg discusses how the company provides services to extremist sites and provides this nugget:

In October, Bloomberg Businessweek emailed Monster, requesting an interview to discuss Epik’s political philosophy and its relationship with Lim. [Rob] Davis, the Epik executive, sent a nine-page response arguing that Epik had been demonized unfairly and had done a great job of combating extremism. Davis accused the news media of trying to destroy the lives of Epik employees and said the interview request itself was part of an attempt to manipulate the 2020 presidential election. “The long and short of it,” he wrote, “is that we don’t give interviews to traitors of our country that participate in attempted coups sponsored by offshore money.” He cc’d close to 100 other recipients, including the Republican chair of the Federal Communications Commission, the antitrust division of the Federal Trade Commission, and Fox News host Sean Hannity.

This will sound familiar to anyone who has received an email from Davis. When PayPal dropped Epik, Davis wrote an open letter mentioning Hollywood pedophiles and Hunter Biden. When GoDaddy terminated its Afternic partnership with Epik, Epik questioned receiving GoDaddy’s letter “two hours after the election was called for Joe Biden.”

And when some domain name investors reacted to an ostensibly racist comment by an Epik representative, Davis sent an email cc’d to the FTC telling people to stop, threatening that he could email 300 million people within 15 seconds.

Post link: Bloomberg writes about Nick Lim and Epik

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. A strong month for .com; here are the winners & losers
  2. Pennsylvania Attorney General subpoenas Epik over Gab.com domain name
  3. Epik continues to bash GoDaddy. GoDaddy says this is why it dropped Epik
Categories: News and Updates

End user domain name sales up to €135,000

Domain Name Wire - Wed, 2021-04-14 13:46

An NFT analytics platform, a vacation rental home agency, and a laser hair removal business bought domain names.

Sedo’s top public sale this past week was Link.co for €135,000. That’s the second-highest .co sale ever report, according to NameBio! The domain hasn’t been put to use yet, but the buyer uses Com Laude, a brand management registrar.

Here’s a list of end user domain name sales that were just completed at Sedo. You can view previous lists like this here.

Link.co €135,000 – A Com Laude client bought this domain name.

Neo4j.cn $12,000 – Software technology company Neo4j Sweden AB bought this domain. It uses the domain neo4j.com.

LuckyTrader.com $7,700 – Lucky Trader will be an analytics platform for NFTs.

HighStrike.com $4,950 – HighStrike is a trading school for stock traders.

SmartMarket.net $4,888 – OOO S-Marketing, a Russian marketing and advertising agency, acquired this domain.

Ferienhausurlaub.com €4,165 – This is a vacation rental home company in Europe. The term appears to be German for “vacation home”.

GulfCove.com $4,000 – Stratford Management is an apartment community management company. This is presumably for one of the properties it manages.

NeverShaveAgain.com $4,000 – The domain forwards to MilanLaser.com, a company offering laser hair removal.

BD.law $3,995 – BD is short for Business Development. BD.law helps lawyers win more business.

VillaAntica.com €3,500 – Villa Antica is a Prosecco brand.

DogPsychology.com $3,500 – Pack Leader Dogs, a certified dog behavior expert and trainer, bought this domain name.

BookingHotel.com €2,500 – This site will be a hotel booking site. It has a coming soon page.

DiverBelow.com $2,500 – Diver Below is a resource site for scuba divers.

SmithfieldCareers.com $2,065 – Smithfield Foods, a seller of meats including bacon and hot dogs, bought this domain.

Post link: End user domain name sales up to €135,000

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. 17 end user domain name sales up to $30,000
  2. 13 more end user domain name sales
  3. 15 end user domain sales up to $100K
Categories: News and Updates

New Reports from Guta and GGRG Show Domain Aftermarket Boom Still Going Strong

DN Journal - Tue, 2021-04-13 21:58
Two of the industry's top brokerages have released their latest quarterly reports on sales activity in the premium domain aftermarket and the news is good.
Categories: News and Updates

The Insult and Injury of the U.S. Government's Failure to Enforce ICANN's Contractual Obligation

Domain industry news - Tue, 2021-04-13 21:34

Someone recently observed that many stakeholders have fallen victim to a "chilling effect" resulting from fear of retaliation by the rich and powerful bullies currently infecting the multistakeholder community, ICANN, and Internet governance. I related to what I was hearing because I've been personally targeted and libelously attacked and it is deeply dismaying enough having to worry about threats to revenue and reputation along with other harmful effects of such thuggery. I can't imagine also having employees and being forced into the "Sophie's Choice" dilemma of deciding between calling out the multitude of abuses and rampant misbehavior by ICANN and legacy registry operators or remaining silent in order to stay in business and make payroll.

But this is the choice that is foisted regularly upon many registrars, many of whom are small businesses and privately express deep concern about the consequences of calling out the anti-competitive and predatory misdeeds of the monopolist bullies plundering the public interest DNS.

The 20th-century moral philosopher Hannah Arendt observed that, "(g)enerally speaking, violence always arises out of impotence. It is the hope of those who have no power." Thus, the plain, simple truth is this: the legacy registry operators inflicting their peculiar form of corporate violence — onto small-business owners, entrepreneurs, job creators, creatives, makers, idealists, technologists, investors, and any manner of other stakeholder seeking to make their own contribution for benefit of the public interest Internet — or even just to make a living — are doing so because they know better than anyone else that their illegitimate self-interested stranglehold on our public interest Internet is living on borrowed time.

Readers can be certain of this because of the simple reality that legacy registry operators are merely contracted parties for operating Internet infrastructure which they did not create and which they do not own. Therefore, their ability to continue plundering depends entirely on a coercive strategy of predatory tactics that are designed to control governance, contracting, and policy-making while also deflecting attention away from the extant legal agreements that are being violated. Their entire aim is to create an impression that they possess rights when only concession privileges have been conferred.

What gets overlooked in all of this is that ICANN is arbitrarily and capriciously violating agreements with the U.S. government. The InterNIC licensing agreement between the Commerce Department and ICANN — which merges the Memorandum of Understanding by direct reference — prohibits ICANN from being a registrar. Yet, by its own admission, ICANN is doing precisely that by warehousing and cybersquatting on single-character labels in the legacy Internet registries. What makes this bad-faith behavior all the more absurd is that this prohibition has been incorporated verbatim into ICANN's Bylaws and ICANN has cited it previously to support arguments that an antitrust complaint should be dismissed. In that judicial filing, ICANN stated that, "ICANN's Bylaws prohibit it from operating as an Internet registry or registrar. ICANN does not sell anything or make anything; its functions are noncommercial and in support of the public interest."

If this were true, then ICANN's iana.org website wouldn't state that, "(w)e act as both the registrant and registrar for a select number of domains which have been reserved under policy grounds." Nor would ICANN be engaged in warehousing and cybersquatting on single-character .com labels and further collaborating with Verisign to auction off these labels to the highest bidder in violation of user-based fee restrictions set forth in the NTIA-Verisign Cooperative Agreement, to which both Verisign and ICANN — by virtue of the InterNIC license agreement and merged MOU — are bound.

The cybersquatting and warehousing of single-character labels in legacy registries is just one glaring example of ICANN's arbitrary and capricious misbehavior, but there are others. While these contractual obligations may have motivated ICANN's rejection of the failed billion-dollar .org registry sale by the Internet Society (ISOC) to Ethos Capital, a close reading of the extant agreements raises questions about whether ICANN improperly acted by removing the consumer pricing safeguards from the .org registry agreement shortly before the .org sale was publicly announced.

These extant agreements also call into question the entire WHOIS debacle of the last several years — particularly since the InterNIC licensing agreement grants the U.S. government the right to inspect ICANN's use of its service mark to ensure "proper quality." Considering the license agreement's explicit assertions that "the term "InterNIC is a concept for an integrated network information center that was developed in cooperation with the U.S. Government and provides public information on technical management of the Internet valuable to users worldwide...." The Commerce Department might want to check in on ICANN's use of its service mark because the late 1990's are calling and wants the current internic.org website back. Regardless, ICANN's self-deprivation with respect to accurate, complete, and timely WHOIS information should be seen as unacceptably damaging the U.S. government's InterNIC service mark and not in any way keeping with "proper quality" of information that the U.S. government expected to be provided under the guise of InterNIC.

But an unavoidable part of the problem is that the U.S. Department of Commerce is improperly waiving specific performance of ICANN's contractual obligations. There is ample and extensive precedent going all the way to the U.S. Supreme Court which unambiguously affirms that the U.S. government may not forego receiving what it is owed from contractual counter-parties. According to the U.S. Government Accountability Office (GAO), "...Article IV (of the U.S. Constitution) requires agencies to have statutory authority before they may 'dispose of' their contractual rights to full performance." In that same 2016 report, GAO listed a plethora of case law precedent which supports this principle while also citing an earlier report from 1965:

The courts have held that once a contractual right has become vested in the United States...to demand performance of a valid and otherwise legal contract,...there exists no authority...gratuitously to waive or surrender such right.... It is a well-established principle of law that valid contracts are to be enforced and performed as written....

While it has been presented — incorrectly and dangerously — that the U.S. government's laissez-faire approach to oversight of public interest Internet registries somehow serves larger purposes, it cannot be argued that it was "always envisioned" that coercive and predatory anti-competitive corporate bullies would be allowed to shirk their contractual obligations and injure the public interest by their single-minded and self-interested plundering of the DNS. If ICANN, legacy registry operators, and most especially the malefactors of great wealth which control them both are satisfied with benefitting from such coercive and predatory anti-competitive bullying then they will reap the inevitable consequences of such behavior; if they aren't then it shouldn't — and wouldn't — be happening.

Governance is a bit like child-rearing in that it's most effective when non-arbitrary. This is especially true since accountability deficits in one part of a system have derivative downstream effects. Thusly, if the Commerce Department doesn't enforce its InterNIC licensing agreement and merged prior agreements with ICANN, then ICANN has no real impetus for enforcing its contracts with registries and registrars, and registries aren't motivated to enforce their agreements with registrars, and so on. The entire WHOIS fiasco is prima facie evidence of this phenomenon and which occurs when an entire governance model has become conditioned to believe that contractual obligations are merely suggestions and consequences for non-compliance are just a phantasmagorical bedtime story that profiteering monopolist bullies tell to give everyone nightmares.

Regardless, I'm not spooked by their ghost tales nor should anyone else be. This isn't their Internet — this is our Internet — and enough is enough.

Written by Greg Thomas, Founder of DNSDecrypt

Follow CircleID on Twitter

More under: DNS, Domain Names, ICANN, Internet Governance, Law, Policy & Regulation, Whois

Categories: News and Updates

Law firm files in rem cybersquatting lawsuit against Oved .com

Domain Name Wire - Tue, 2021-04-13 17:13

Firm claims Oved.com is cybersquatting on its brand.

A New York law firm has filed an in rem lawsuit (pdf) against the domain name Oved .com in an effort to acquire the domain name without paying for it.

Oved & Oved LLP filed the in rem lawsuit yesterday in U.S. District Court for the District of Delaware.

It’s an odd choice of venue. The lawsuit states:

Plaintiff files this in rem Complaint against the Domain Name in this district because the Domain Name’s registrar and authoritative domain registry are located in this district…

The Registry is physically located in Virginia, and the registrar, GoDaddy, is in Arizona. Typically, law firms file in rem lawsuits against .com domains in Virginia.

The current owner of the domain acquired it upon expiration in 2012. Whois lists an owner in Ukraine. The registrant monetizes the domain name through Above.com. When I visited it today, my antivirus software blocked an exploit that is likely through a parking company’s zero-click service.

In 2007, Oved & Oved filed a trademark application for “Oved & Oved LLP Attorneys & Counselors at Law”. It claims common law rights in the Oved mark.

The lawsuit alleges that the domain name owner has posted it for sale at the “extortionate price” of $30,000.

It will be interesting to see if the domain name owner responds to the dispute. It’s also interesting to think about why the firm chose to file an in rem lawsuit rather than a UDRP.

Post link: Law firm files in rem cybersquatting lawsuit against Oved .com

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Facebook sues domain name registrar OnlineNic
  2. Reflex Marketing files lawsuit after losing UDRP
  3. California restaurant chain fights over domain name
Categories: News and Updates

Verisign gets patent for GDPR-compliant Whois privacy

Domain Name Wire - Tue, 2021-04-13 15:36

Patented methods help Thick Whois registries handle privacy law compliance.

A figure from Verisign’s patent that describes a way to offer GDPR-complaint Whois privacy in Thick Whois systems.

The U.S. Patent and Trademark Office has granted patent number 10,979,384 (pdf) to Verisign (NASDAQ: VRSN) for Systems and methods for preserving privacy of a registrant in a Domain Name System.

I wrote about the patent application in 2017 after it was published.

The patent describes methods for domain registries with Thick Whois models (in which the registry is required to store personal data) to comply with data laws. It’s Whois privacy with some twists, including using privacy providers in jurisdictions that are allowed to handle the data:

Provided herein is a solution to addresses the problem described above by defining a method by which personal information collection is delegated to privacy providers residing in a locality where it is legal to store the personal information. This addresses the problem of adhering to privacy laws by automating the production of a ‘cloaked identity’ that only the privacy provider knows is associated with the person. This cloaked identity can then be given to the person who’s identity is being cloaked and to various entities that need to associate some form of identity with data or a service the cloaked person is registering. The cloaked identity is not associated with the personal information of the person except within the data storage of the privacy provider, and the privacy provider will not disclose that information unless a legal mechanism applicable to the locality of the privacy provider is used. The person’s private or personal information is therefore shielded except in cases where it is legally retrieved from the privacy provider.

The system could also create DNS records, such as for emailing the domain owner:

In some examples, the cloaked identity can include a cloaked email address. If the cloaked identity is a unique cloaked email address, several other benefits are possible. The cloaked email address can be used to communicate with the person without having personal information being accessible by a party that knows the cloaked email address unless they go through a legally accepted process to get it from the privacy provider. If the cloaked email address and the public key for a person is recorded in an secure/multipurpose internet mail extensions (“S/MIME”) A-type record (also called a S/MIMEA) in a DNS server under a domain owned by the person, then proof of origin of data and email from the person can be enabled using digital signature. Proof of origin for an email is achieved if the person has used their private key to sign an email sent using the cloaked email account and a recipient uses the person’s public key received from the S/MIMEA record for the cloaked email account to verify the person’s digital signature.

Verisign’s .com namespace was scheduled to switch from a Thin Whois system to a Thick Whois System in 2018, but that has been delayed as ICANN wrestles with GDPR.

Andrew Fregly, Principal Engineer at Verisign, is listed as the inventor. Verisign applied for the patent in March 2016 and it was granted today.

 

Post link: Verisign gets patent for GDPR-compliant Whois privacy

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Thick Whois is on its way to .com
  2. VeriSign Gets Patent Related to Internationalized Domain Names
  3. Why getting patents is smart for domain name companies
Categories: News and Updates

Two podcasts to listen to this week

Domain Name Wire - Tue, 2021-04-13 13:33

Hear from two people in the domain industry on The Side Hustle Show.

Once you’re done listening to this week’s Domain Name Wire Podcast, I recommend downloading two recent The Side Hustle Show episodes.

In episode #437, Nick Loper interviews domain investor Mark Levine. Mark discusses his results from last year and his philosophy about pricing domains. He also explains how there are opportunities in non-.com domains.

In episode #424, Nick interviews domain investor/developer Peter Askew. You’ve probably heard Peter’s story about VidaliaOnions.com before (like on the DNW Podcast), but Nick has a great interview style and publishes to a broader audience.

If you like Nick’s podcast, you can listen to my interview with him in DNW Podcast #311.

Post link: Two podcasts to listen to this week

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

No related posts.

Categories: News and Updates

NameJet and SnapNames combine for $495k in sales

Domain Name Wire - Mon, 2021-04-12 19:26

ManagedCareMag.com and Mutation.com top the charts.

Newfold Digital’s domain name aftermarkets NameJet and SnapNames combined for $495,000 in sales over $2,000 last month. This does not include the many sub-$2,000 sales the platforms made.

The top sale was managedcaremag.com for $28,000, which was obviously bid high because of the domain’s previous use.

Mutation.com came in second at $26,555.

.IO domains did well: Thread.io ended at $9,149, Collection.io pulled in $8,652, and Prosperity.io tallied $6,319.

All told, the platforms combined for 117 domains over $2,000.

In other positive news, I finally managed to get access to all of the domains SnapNames put in random accounts with the wrong email address. More on that later.

Here’s a complete list:

DOMAINNAMEBRANDTYPESALES AMOUNT managedcaremag.comSnapNamesExpiring28000 mutation.comNamejetExpiring26555 97aiai.comSnapNamesDeleting17500 neway.comNamejetExpiring14500 huaguo.comSnapNamesDeleting12833 eview.comSnapNamesExpiring10749 enak.comNamejetExpiring10500 iwager.comSnapNamesDeleting9995 thread.ioNamejetDeleting9149 collection.ioSnapNamesDeleting8652 curren.comSnapNamesExpiring7349 justme.comNamejetExpiring6830 boldcapital.comNamejetExpiring6700 35188.comSnapNamesDeleting6700 prosperity.ioNamejetDeleting6319 custodylawyer.comSnapNamesExpiring5805 severine.comNamejetDeleting5438 sevenoaks.comNamejetDeleting5305 pixal.comSnapNamesExpiring5250 yn209.comSnapNamesDeleting5250 ku9999.comSnapNamesBrokerage5195 m9.netNamejetExpiring5000 humanjourney.comSnapNamesBrokerage5000 codechain.comSnapNamesDeleting4802 coder.ioNamejetDeleting4709 01222.comSnapNamesDeleting4531 bacalar.comNamejetExpiring4338 engineeryourlife.orgNamejetExpiring4300 novamov.comSnapNamesDeleting4300 yoshizuka.comSnapNamesExpiring4288 connectone.comNamejetExpiring4110 partyballoons.comSnapNamesExpiring4102 berkshirehomes.comSnapNamesExpiring4090 clubpass.comSnapNamesExpiring4077 sociallive.comSnapNamesExpiring3944 theplaymania.comSnapNamesExpiring3887 coinschool.comNamejetExpiring3709 finr.comNamejetExpiring3709 dardar.comSnapNamesExpiring3650 sealofapproval.comSnapNamesExpiring3639 txqxw.comSnapNamesDeleting3500 alisos.comSnapNamesExpiring3488 nbya.comSnapNamesDeleting3488 restaura.comNamejetDeleting3445 studiocycle.comNamejetExpiry3425 chenai.comSnapNamesExpiring3413 tokyo.ioNamejetDeleting3400 artit.comNamejetExpiring3211 batr.orgNamejetExpiring3200 thocp.comSnapNamesBrokerage3195 planetajoy.comSnapNamesExpiring3110 indizze.comSnapNamesDeleting3100 bs.tvSnapNamesExpiring3027 andalusian.comNamejetExpiring3010 ennovate.comNamejetExpiring3006 azull.comSnapNamesExpiring3002 liatairline.comNamejetExpiring3000 brinca.comSnapNamesExpiring3000 digitalconsumer.orgNamejetExpiring2987 autotraining.comSnapNamesExpiring2902 diverter.comNamejetExpiring2900 agileteam.comSnapNamesExpiring2900 multiculturalmarketing.comSnapNamesBrokerage2888 bondsonline.comNamejetExpiring2855 timetobuy.comSnapNamesExpiring2822 creema.comNamejetDeleting2814 leadelectric.comSnapNamesExpiring2795 playloteo.comSnapNamesDeleting2787 spurl.netNamejetExpiring2701 komed.comNamejetDeleting2700 nysfair.orgNamejetExpiring2700 intellitools.comSnapNamesExpiring2700 definitiveconstruction.comSnapNamesExpiring2695 rokkus.comSnapNamesExpiring2695 unassigned.comNamejetBrokerage2655 shoemarket.comNamejetDeleting2652 spielo.comSnapNamesExpiring2622 inwords.comSnapNamesExpiring2601 kunna.comNamejetDeleting2600 peero.comNamejetDeleting2600 wildolive.comNamejetExpiring2600 spheere.comSnapNamesExpiring2595 txtd.comNamejetDirect Lister2501 storysellers.comSnapNamesBrokerage2500 stylewebsites.comSnapNamesBrokerage2500 lemonaidcars.comNamejetExpiring2455 njcb.comSnapNamesExpiring2416 pantor.comNamejetDeleting2395 obin.comSnapNamesExpiring2383 thebeesknees.comNamejetExpiring2373 gw99.comSnapNamesDeleting2315 sonarcrm.comSnapNamesExpiring2270 executiverentals.comSnapNamesExpiring2257 m01.comSnapNamesExpiring2255 englishworld.comNamejetBrokerage2250 sabank.comSnapNamesExpiring2250 glenco.comNamejetDeleting2201 slv.orgNamejetExpiring2183 abilitygroup.comSnapNamesExpiring2158 calvarybaptist.comNamejetExpiring2156 thisone.comNamejetBrokerage2151 coinect.comNamejetDeleting2150 staycold.comSnapNamesDeleting2125 masterfit.comNamejetBrokerage2100 drscott.comNamejetExpiring2100 pathnet.orgNamejetExpiring2100 legionfoods.comSnapNamesExpiring2095 dougsmith.comSnapNamesExpiring2069 economicos.comSnapNamesExpiring2055 jlux.comSnapNamesExpiring2051 patentbox.comSnapNamesDeleting2050 pattersonlaw.comSnapNamesExpiring2049 casinosolutions.comSnapNamesExpiring2005 yesfit.comSnapNamesExpiring2001 afroammuseum.orgNamejetExpiring2000 goodmaster.comNamejetDirect Lister2000 lionrealty.comNamejetExpiring2000

Post link: NameJet and SnapNames combine for $495k in sales

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Expired Domain Report: Total Number Domination!
  2. Expired Domain Name Report (It’s a big one)
  3. Comparing expired domain name platforms
Categories: News and Updates

Loose Lips

Domain industry news - Mon, 2021-04-12 18:48

When I was in the military, we were constantly drilled about the problem of Essential Elements of Friendly Information, or EEFIs. What are EEFis? If an adversary can cast a wide net of surveillance, they can often find multiple clues about what you are planning to do or who is making which decisions. For instance, if several people married to military members all make plans to be without their spouses for a long period of time, the adversary can be certain that a unit is about to be deployed. If the unit of each member can be determined, then the strength, positioning, and other facts about what action you are taking can be guessed.

Given enough broad information, an adversary can often guess at details that you really do not want them to know.

What brings all of this to mind is a recent article in Dark Reading about how attackers take advantage of publicly available information to form Spear Phishing attacks —

Most security leaders are acutely aware of the threat phishing scams pose to enterprise security. What garners less attention is the vast amount of publicly available information about organizations and their employees that enables these attacks.

Going back further in time, during World War II, we have —

What does all of this mean for the average network engineer concerned about security? Probably nothing different than being just slightly paranoid about your personal security in the first place (way too much modern security is driven by an anti-paranoid mindset, a topic for a future post). Things like —

Loose Lips Might Sink Ships Vintage World War II USA Military Poster

  • Don't let people know, either through your job description or anything else, that you hold the master passwords for your company or that your account holds administrator rights.
  • Don't always go to the same watering holes, and don't talk about work while there to people you've just met, or even people you see there all the time.
  • Don't talk about when and where you're going on vacation. You can talk about it and share pictures once you're back.

If an attacker knows you are going to be on vacation, it's a lot easier to create a fake "emergency," tempting you to give out information about accounts, people, and passwords you shouldn't. Phishing is primarily a matter of social engineering rather than technical acumen. Countering social engineering is also a social skill rather than a technical one. You can start by learning to just say less about what you are doing when doing it and who holds the keys to the kingdom.

Written by Russ White, Infrastructure Architect at Juniper Networks

Follow CircleID on Twitter

More under: Cybersecurity

Categories: News and Updates

More domain investing competition with Braden Pollock – DNW Podcast #333

Domain Name Wire - Mon, 2021-04-12 15:30

How increasing competition is changing domain investing dynamics.

Domain auction prices are going through the roof. What does this mean for domain investors? Is there a fallout coming? On today’s show, I discuss this with long-time domain investor Braden Pollock. Braden makes some good observations about today’s market that are worth considering as you invest in domain names.

Tool of the week: OneWord.Domains

Also: GoDaddy’s buying spree, UDRP cases, and more

Sponsor: DAN.com

Subscribe via Apple Podcasts to listen to the Domain Name Wire podcast on your iPhone or iPad, or click play above or download to begin listening. (Listen to previous podcasts here.)

Post link: More domain investing competition with Braden Pollock – DNW Podcast #333

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Domain investing with Logan Flatt- DNW Podcast #235
  2. Adrian Kinderis – DNW Podcast #286
  3. The domain sales stack – DNW Podcast #309
Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer