News and Updates

Rick Schwartz is Returning to the Conference Game With an Intimate August Event in Asheville

DN Journal - Fri, 2019-02-22 21:38
15 years after launching the 1st major domain conference and 5 years after his last one, TRAFFIC Co-Founder Rick Schwartz in climbing back in the ring.
Categories: News and Updates

ICANN names Cyrus Namazi VP of GDD

Domain Name Wire - Fri, 2019-02-22 14:48

Namazi to take over Akram Atallah’s role.

Cyrus Namazi. Photo from LinkedIn profile.

ICANN has appointed Cyrus Namazi as the Senior Vice President of the Global Domains Division (GDD). It’s a new title that replaces the President role that Akram Atallah held at ICANN before he left to be CEO of Donuts.

Namazi has been filling in as ICANN searched for a replacement, so now he’s officially the replacement (just with a different title). He will report to ICANN President and CEO Göran Marby.

The GDD was created in 2013 as ICANN geared up for new top level domain names.

Namazi joined ICANN in 2013. He has served as the Vice President of the group’s Domain Name Services & Industry Engagement activities.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. ICANN hires new COO, moves Atallah
  2. GoDaddy Allows Transfers After Whois Changes
  3. What the new RAA means for YOU, the domain registrant
Categories: News and Updates

What Is the Most Secure VPN Protocol?

Domain industry news - Fri, 2019-02-22 14:28

VPN products vary greatly in convenience, efficiency, and security. If security is a serious concern, an organization needs to pay close attention to the protocols a service supports. Some widely used protocols have significant weaknesses, while others offer state-of-the-art security. The best of the lot today include OpenVPN and IKEv2.

Understanding VPN protocols

What's called a VPN protocol is actually a collection of protocols. There are several functions which every VPN has to manage:

  • Tunneling. A VPN's basic function is to deliver packets from one point to another without exposing them to anyone on the path in between. To do this, it encapsulates all data in a format which the client and server understand. The side sending the data puts it into the tunneling format, and the receiving side extracts it.
  • Encryption. By itself, tunneling provides no protection. Anyone can extract the data. It also has to be encrypted over the transmission path. The receiving side knows how to decrypt data from a given sender.
  • Authentication. To be secure, a VPN has to confirm the identity of any client that tries to communicate with it. The client needs to confirm that it has reached the intended server. Here's a guide if you want to learn more about what is a vpn protocol.
  • Session management. Once a user is authenticated, the VPN needs to maintain the session so that a client can continue communicating with it over a period of time.

Generally VPN protocols treat tunneling, authentication, and session management as a package. Encryption is a specialized art, so they incorporate trusted protocols rather than devising new ones. Weaknesses in any of the functions are potential security flaws in the protocol.

Weaker protocols

The oldest protocol which is still in use is PPTP, or Point-to-Point Tunneling Protocol. It first came into use in 1995, and it shows its age. It doesn't specify an encryption protocol but can use several, including the strong MPPE-128. The lack of standardization on a strong protocol is a risk, since it can only use the strongest one which both ends support. The connection may use weaker encryption than the user expects.

The real problem with PPTP, though, is the authentication process. It uses a protocol called MS-CHAP, which is subject to cracking given today's levels of computing power. A determined attacker could log in and impersonate an authorized user.

The L2TP protocol usually works with the IPSec encryption algorithm. It's considerably stronger than PPTP but still raises concerns. The main area of vulnerability in L2TP/IPSec is the method of exchanging public keys. The Diffie-Hellman public key exchange is a way for two parties to agree on a key for subsequent encryption, which no one else knows about. A method of cracking this exists. It requires a one-time huge amount of computing power, but then it allows access to all communication on a given VPN. Edward Snowden and others believe that the NSA has accomplished this. If it can, so can other state actors.

Protocols with better security

IKEv2 (Internet Key Exchange) ranks high in security among the current protocols. It uses IPSec tunneling and a broad choice of encryption protocols. Used with AES-256 encryption, it is extremely hard to crack, even with serious computing resources. It uses strong certificate-based authentication and can use the HMAC algorithm to verify the integrity of transmitted data. It supports fast communication and is especially strong at maintaining a session, even if the Internet connection is interrupted. Windows, MacOS, iOS, and Android support it. Several open-source implementations are available.

Version 1 of the protocol was introduced in 1998, and version 2 in 2005. It's not one of the newest protocols, but it has held up well.

SSTP (Secure Socket Tunneling Protocol) is a Microsoft product, supported mostly on Windows. When used with AES encryption and SSL, it provides good security in theory. However, it uses a proprietary implementation, so it isn't subject to independent verification. While there are no known vulnerabilities, undetected ones or backdoors could exist.

A practical issue with SSTP is the limited support on non-Windows systems. This makes it questionable for a general-purpose VPN.

OpenVPN is an open suite of protocols which offers strong security and has become very popular. It was first released in 2001 under the GPL license. Being open source, it's available to many eyes for vulnerability checking. Encryption normally uses the OpenSSL library. OpenSSL supports many cryptographic algorithms, including AES.

There isn't any support for OpenVPN at the operating system level, but many packages include their own OpenVPN clients.

To get the most security with a protocol, administrators have to handle it correctly. The OpenVPN community provides recommendations for hardening OpenVPN.

SoftEther (Software Ethernet) is a more recent entry, having first become available in 2014. Like OpenVPN, it is an open-source specification and implementation. It supports the strongest encryption protocols, including AES-256 and RSA 4096-bit. It provides greater communication speed for a given data rate than most protocols, including OpenVPN. It doesn't have native OS support but can be installed on many operating systems, including Windows, Mac, Android, iOS, Linux, and Unix.

As a newer protocol, it doesn't have as much support as some of the alternatives. It hasn't been around as long as OpenVPN, so people haven't had as much time to check it for possible weaknesses. Still, it's a strong candidate for anyone who needs top-quality security.

Choosing the winner

Which protocol is the most secure? That's a difficult call.

IKEv2, OpenVPN, and SoftEther are all strong contenders. OpenVPN and SoftEther have the advantage of being open source. IKEv2 has open-source implementations but also proprietary ones. The main security advantage of IKEv2 is that it's easy to set up, reducing the chance of configuration errors. SoftEther offers very good security, but users don't have as many years of experience with it as with the other two. That could mean a higher chance of an undetected problem.

OpenVPN gets the nod by a hair. Its code has been around for many years for security experts to inspect, it's widely used, and it supports the strongest encryption protocols. However, these three rank so close together that you might consider other factors, such as convenience and speed, without having significant security fears.

Written by Christopher Nichols, Tech Writer

Follow CircleID on Twitter

More under: Cybersecurity, Internet Protocol

Categories: News and Updates

ICANN Appoints Cyrus Namazi as VP of Global Domains Division

Domain industry news - Thu, 2019-02-21 23:43

ICANN has appointed Cyrus Namazi for its newly created position of Senior Vice President of the Global Domains Division (GDD). As a member of the Executive Team, Namazi will report to ICANN President and CEO, Göran Marby. From the annoucement: "The Global Domains Division was initially established in 2013 to handle the increase in scale resulting from the New gTLD Program and to ensure ICANN's operational excellence. Since joining ICANN in 2013, Namazi has served as Vice President of the group's Domain Name Services & Industry Engagement activities, responsible for managing ICANN's relationships with contracted parties; implementing and supporting the lifecycle of policies, services and contracts; and providing subject matter expertise across the ICANN organization and community. He has served as second in command of GDD since 2016, and most recently as interim head of GDD."

Follow CircleID on Twitter

More under: Domain Names, ICANN, New TLDs

Categories: News and Updates

Google Launches .dev Top-Level Domain

Domain industry news - Thu, 2019-02-21 23:27

Google today launched another new top-level domain, .dev, to the public aimed as a secure domain for developers and tech community. As with Google's previously launched domain extensions .app and .page, the .dev domain is initially available for registration through an early access program for an additional fee until February 28. The domain has already attracted some big names with live sites under .dev including GitHub, Mozilla, Slack, CloudFlare and Salesforce. Google itself has also started using the domain for projects such as web.dev and opensource.dev. "Google has actually been sitting on the .dev top-level domain since 2015, reports Kieren McCarthy in The Register. "[Google] did a deal with Amazon to swap ownership of .book and .talk in return for .dev and .drive."

Follow CircleID on Twitter

More under: Domain Names, New TLDs

Categories: News and Updates

Uniregistry makes Whois opt-in

Domain Name Wire - Thu, 2019-02-21 23:07

New Cayman Islands law forces Uniregistry to change Whois policy.

Domain name registrar Uniregistry is making the publication of Whois data opt-in for registrants.

The move is in response to a new Cayman Islands Data Protection Law. Think of it as the Cayman Islands’ version of the EU’s General Data Protection Regulation.

Many of Uniregistry’s clients are domain name investors who want their information disclosed in Whois and they will be able to opt-in to doing this.

Technically, ICANN requires all registrars to provide a way for their customers to opt-in to have their information published in Whois but few have enabled this capability.

For domains with masked Whois records, Uniregistry will provide a form for people to contact the domain owner.

Most (but not all) other big domain name registrars began masking Whois data carte blanche after GDPR went into effect in May even though the law doesn’t cover non-EU citizen/resident data.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. .Com domain name winners and losers
  2. GoDaddy vs. Uniregistry – the Great Debate
  3. Frank Schilling unveils marketplace during keynote
Categories: News and Updates

Canada Considering Right to Repair Legislation Tackling Repair Monopoly Over Brand-Name Devices

Domain industry news - Thu, 2019-02-21 21:44

Ontario Liberal Member of Provincial Parliament (MPP) Michael Coteau has introduced a bill to enable consumers and independent professionals to repair brand-name computers and phones easily and economically. Jordan Pearson reporting in Motherboard: "Manufacturers make it incredibly difficult to repair our broken devices ourselves. Instead of taking a smashed phone to a local repair professional for an affordable fix, a complex matrix of trade secrets and government intervention often means consumers have to make a pricey trip to the Genius Bar or buy a new device entirely. This is bad for your wallet, but also bad for the planet. ... On Thursday, Coteau introduced a private member's bill in provincial parliament that, if passed, would be the first 'right to repair' law for electronic devices in North America. More than a dozen US states are currently considering similar bills, but nothing is on the books yet in the US or in Canada."

The Repair Association, non-profit group advocating the right to repair movement in the U.S. emphasizes the need for such laws stating: "The presence of technology parts in modern equipment has enabled manufacturers to reduce access to repair by proclaiming that repair might violate their 'Proprietary' rights. This is a marketing ruse and not grounded in law. Manufacturers do not have any rights to control property beyond the sale. Limitations on repair have become a serious problem for all modern equipment that also limits how equipment can be traded on the used market."

It is argued that the template for Right to Repair is similar to laws applied to the U.S. auto repairs agreed by the auto industry in 2012 (and later adopted by Commercial Trucks industry in 2015) in support of independent repair.

Follow CircleID on Twitter

More under: Law, Mobile Internet

Categories: News and Updates

Nelson Mandela Foundation wants Mandela.org domain name

Domain Name Wire - Thu, 2019-02-21 19:37

Organization files cybersquatting complaint under UDRP with World Intellectual Property Organization.

Nelson Mandela Foundation Trust has filed a cybersquatting complaint against the domain name Mandela.org.

The organization was established in 1999 when Nelson Mandela stepped down as President of South Africa. It was created for Mandela to do charitable work such as building schools, HIV/AIDS work and research. It now also handles the legacy of Mandela.

It uses the domain name NelsonMandela.org.

A Brazilian man owns Mandela.org. Prior to that, the domain name was owned by domain name investment company Internet REIT.

For a long time Mandela.org has resolved to a scarcely populated website that says it is under construction.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. “Domainer” and “Domain Parking” hit CNN.com home page
  2. Cybersquatting complaint filed against MicroStrategy’s Glory.com domain
  3. The CloudInsure.com UDRP has a lot of open questions
Categories: News and Updates

Microsoft is Abandoning SHA-1 Hashes for Updates - But Why?

Domain industry news - Thu, 2019-02-21 18:46

Microsoft is shipping a patch to eliminate SHA-1 hashes from its update process. There's nothing wrong with eliminating SHA-1 — but their reasoning may be very interesting.

SHA-1 is a "cryptographic hash function". That is, it takes an input file of any size and outputs 20 bytes. An essential property of cryptographic hash functions is that in practice (though obviously not in theory), no two files should have the same hash value unless the files are identical.

SHA-1 no longer has that property; we've known that for about 15 years. But definitions matter. SHA-1 is susceptible to a "collision attack": an attacker can simultaneously create two files that have the same SHA-1 hash. However, given an existing file and hence its hash, it is not possible, as far as anyone knows, to generate a second file with that same hash. This attack, called a "pre-image attack", is far more serious. (There's a third type of attack, a "second pre-image attack", which I won't go into.)

In the ordinary sequence of events, someone at Microsoft prepares an update file. Its hash — its SHA-1 hash, in many cases — is calculated; this value is then digitally signed. Someone who wished to create a fake update would have to crack either the signature algorithm or, somehow, produce a fake update that had the same hash value as the legitimate update. But that's a pre-image attack, and SHA-1 is still believed to be secure against those. So: is this update useless? Not quite — there's still a risk.

Recall that SHA-1 is vulnerable to a collision attack. This means that if two updates are prepared simultaneously, one good and one evil, there can be a signed, malicious update. In other words, the threat model here is a corrupt insider. By eliminating use of SHA-1 for updates, Microsoft is protecting users against misbehavior by one of its own employees.

Now, perhaps this is just housekeeping. Microsoft can get SHA-1 out of its code base, and thus discourage its use. And it's past time to do that; the algorithm is about 25 years old and does have serious weaknesses. But it's also recognition that an insider who turns to the Dark Side can be very dangerous.

Written by Steven Bellovin, Professor of Computer Science at Columbia University

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity

Categories: News and Updates

End user domain name sales up to £30,000

Domain Name Wire - Thu, 2019-02-21 16:44

A German telecom company, tire distributor, and a Mexican paint brand bought domains last week.

This week’s top end user sale has an unknown buyer, but we will surely find out their identity soon. In addition to .com many ccTLDs made their way to the list: .de, .co, .ch and .it

Here are some end user sales from Sedo last week. You can view previous lists like this here.

DuoBank.com £30,000 – The Whois changed from someone in Korea to Scalar IT, a CDW company. I assume that’s outsourced IT for the buyer. When I search ‘duo bank’ I get a result for an investment firm that uses DuoBank.com.br.

Berel.com $8,200 – A Mexican paint brand and manufacturer.

Heuro.com €4,800 – Forwards to Heuro.ca, a Canadian resource and treatment program provider for those suffering from a brain injury.

Toniton.com $4,300 – Brand protection company Brimondo bought this domain name, ostensibly for a client.

CashOnly.com $4,000 – The domain name forwards to StaffOnly.com, which says “We help startups turn ideas into compelling products.”

Cannaflower.com $3,888 – Forwards to BerkshireCBD.com, a wholesale distributor of hemp flower plants.

MyBoardingHouse.de €3,750 – Forwards to MyBoardinghouse.net, a German apartment rental listing site.

Hiring.co $3,553 – Great keyword domain in development as a job listing site for the New York City area. Currently, they’re only showcasing security jobs but it’s hard to tell if that will be their sole focus.

3imedia.com $3,500 – Forwards to 3imedia.de/de/ – a German Telecom Firm that now owns the .Com of their domain.

Doc-Doc.com $3,300 – A Spanish language online portal and app of professional doctors available by chat, video consultations and home visits.

Kirchenaustritt.ch €2,990 – Forwards to mgqrmryww.cyon.link, which appears to be a template in development. It translates to roughly “leaving the church” in German.

Fritzreifen.com $2,500- Forwards to Fritzreifen.de, which has a literal translation of “Fritz tires” and is a German distributor of motorcycle and various types of commercial vehicle tires.

CorsoTrading.it €2,100 – MoSEO SrlS is an Italian web developer and SEO company. Its address is Corso Roselli, so this might be a domain for one of its clients or a project it is building.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Forward U.S. bought domain for $1,500
  2. These end users just bought domain names
  3. End user domain name sales up to $90,000
Categories: News and Updates

Two thoughts from GoDaddy’s conference call yesterday

Domain Name Wire - Thu, 2019-02-21 15:09

GoDaddy execs comment on WordPress and the domain aftermarket.

GoDaddy (NYSE: GDDY) released Q4 2018 and full-year earnings yesterday and held its investor conference call.

Two things in the call stood out to me.

First, the company discussed continued progress on GoCentral and its growth in managed WordPress.

GoCentral is GoDaddy’s homegrown website builder. It’s designed to be extremely easy for any type of business to start a website. I’ve tested the product and it’s definitely an easy way for a restaurant, mechanic, or any of hundreds of other types of businesses to create a web presence quickly and without the help of a developer.

On the call, GoDaddy CEO Scott Wagner noted, “Our Managed WordPress offering automates the entire process of starting and maintaining a secure WordPress website, which saves our customers literally hours of work, frustration and distraction.”

Later, in response to an analyst’s question, he said (quoted from SeekingAlpha transcript):

The biggest issues with WordPress, if you are working and using on it, are plug-in maintenance and overall security and just the level of time and attention that it takes to actually run that. Look, our managed platform, managed WordPress platform, totally automates and simplifies that process and we are making it easier and easier and easier. And so the feature improvement is both security layer, but more importantly, on app plug-in and theme updates to just make it super easy for performance and reliability. So I think you are seeing it not just for pros, but also for pros handing sites like that off to individuals or small businesses that are managing it for themselves.

I think that starting a WordPress website is something in which GoDaddy really shines. It uses onboarding wizards similar to GoCentral to get you started quickly. I’ve used WordPress since 2005 and, despite all the improvements in the platform, still find it hard to spin up a site with a good design. It’s much, much easier with GoDaddy.

Wagner noted that GoDaddy is now the largest host of paid WordPress instances.

One future opportunity for GoDaddy is to help companies make the leap from GoCentral to managed WordPress. GoCentral is a good product and will meet many companies’ needs. Over time, though, they might want to get the flexibility of WordPress. It would be very powerful to have a one-click migration from CoCentral to managed WordPress.

Dreamhost is doing this to a degree with its Remixer product. Remixer is a much simpler website builder, though.

The other thing on the call that caught my attention was CFO Ray Winborne’s comment on the domain aftermarket:

For the first quarter, we expect revenue of $705 million to $715 million, representing 11% to 13% growth versus the first quarter of 2018, as we began to lap the gains from changes in merchandising of aftermarket domain sales in early 2018.

This reconfirms that GoDaddy saw a marked improvement to aftermarket domain sales when it changed how it presented premium domains in domain search results. At NamesCon this year, GoDaddy GM Paul Nicks said conversions increased 30% with this change. It apparently had a material impact on GoDaddy’s revenue. I think there’s other low-hanging fruit here that GoDaddy can tap in 2019.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Blake Irving to retire from GoDaddy
  2. Thousands download fake GoDaddy app in Google Play store
  3. GoDaddy adds tool to refine domain searches with more information
Categories: News and Updates

Chaos Reigns on This Week's Domain Sales Chart - Top Two Sales Total Nearly 500K

DN Journal - Wed, 2019-02-20 22:35
The 2019 sales season continues to show strength. Our latest weekly Top 20 Sales Chart is led by a pair of heavyweights that total nearly $500,000.
Categories: News and Updates

GoDaddy tops $3 billion bookings in 2018

Domain Name Wire - Wed, 2019-02-20 21:21

Company crosses milestone as growth continues.

GoDaddy (NYSE: GDDY) released Q4 2018 and full-year earnings today after the market closed.

The company crossed $3 billion in bookings in 2018, coming in at $3.01 billion, up 15.0% from 2017.

Revenue was $2.23 billion, up 19.2%. GoDaddy expects slower revenue growth in 2019, targeting 12-13%.

Domain name revenue in Q4 was $314.3 million, up 11.6% from $281.6 million in the same quarter of 2018. For the year, domain revenue was $1.22 billion.

The company ended 2018 with 18.5 million customers.

Subscriptions to web presence products, including GoCentral and managed WordPress, were up 40%.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Domain name revenue barely budges at GoDaddy
  2. New domains and ccTLDs also benefiting from Pokemon Go craze
  3. Quantifying GoDaddy’s aftermarket
Categories: News and Updates

Wix hits 4 million paid subscribers

Domain Name Wire - Wed, 2019-02-20 19:00

Company adds 147k net paying subscribers during Q4.

Website building system Wix (NASDAQ: WIX) (Wix review) reported earnings and subscriber numbers today.

The company added a net 147,000 premiums subscriptions in Q4, reaching 4.0 million overall (rounded). That’s 24% growth in subscriptions compared to the end of 2017.

Wix also added 5.9 million registered users in the fourth quarter, bringing the total to 142 million. In other words, about 3% of registered users are paying subscribers.

Q4 revenue was $164.2 million, up 39% year-over-year. Collections (e.g. cash receipts) hit $176.1 million, up 33%.

For the year, revenue was $603.7 million, up 42%. Collections were $658,385, up 36%.

The company forecasts $755 million – $761 million in revenue during 2019 and collections of $817 million – $827 million.

Shares were down over 10% following the earnings release.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Wix adds 231K paid subscribers, 5.9M registered users in Q1
  2. Here are the domain and website biz’s 2 Super Bowl commercials
  3. Wix posts $146.1 million revenue, 205k net new paying customers in Q2
Categories: News and Updates

ISP files lawsuit to recover Inch.com domain name

Domain Name Wire - Wed, 2019-02-20 16:59

Company alleges that Inch.com and Siteline.com are stolen.

A New York internet service provider has filed a lawsuit (pdf) to recover Inch.com and Siteline.com, which it says are stolen domain names that the company registered in 1995.

Internet Channel Corp. filed the in rem lawsuit in Virginia last week. It notes that Inch.com still resolves to a website about its business.

The domains have an interesting history. The historical Whois records at DomainTools change from Internet Channel to Thorn Communications in 2006.

I can’t find much information about Thorn Communications, but a Yelp review states that the company is non-responsive. The phone number on its website doesn’t work. And the company’s landlord won a judgment against it.

Thorn is an outsourced IT shop, so these domains might be stuck in limbo.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

No related posts.

Categories: News and Updates

Building a Secure Global Network

Domain industry news - Wed, 2019-02-20 14:58

Choose Partners, Data, Protocols carefully. Diversity is important

Recently, the DNS has come under an extensive attack. The so-called "DNSpionage” campaigns have brought to light the myriad methods used to infiltrate networks. These attacks employed phishing, system hopping via key exfiltration, and software zero day exploits, illustrating that many secure networks may not be fully protected.

When organizations and nations set out to build secure global networks, policy makers, technicians and architects often focus on operational aspects, such as performance, network coverage and routing, and technical support procedures. Public and private sector procurements for global public assets may add other requirements. For example, in 2011, the Australian[1] government banned Chinese telecom vendor Huawei from the country's $38 billion National Broadband Network (NBN) tender. Huawei has made headlines recently also.

Too often, companies touting secure networks focus on the security of the data at rest, or of the data in transit, and believe that this is the most important thing to secure. Other factors may be even more important to consider. For example, is the data traveling on a network whose integrity is not questionable? Is the data stored on equipment from reputable vendors? Is there the ability to look into your supply chain to determine if the data is on equipment from vendors who are either of questionable heritage, or whose integrity has been doubted.

Our extensive experience building and managing secure global networks shows that focusing primarily on operational parameters may miss several critical aspects in the supply chain, including:

  • The security profile and footprint of each vendor and their downstream supply chain;
  • The origin and type of hardware and software used by each provider;
  • The protocols used to secure data inside a provider's network;
  • Contractual and audit commitments to vet each vendor's downstream supply chain
  • Procurement diversity: How diversified is each component of the infrastructure - including software, hardware, operating systems, and upstream providers; and
  • Business Continuity Plans: The reassurance that these organizations have a comprehensive plan which includes business continuity practices to mitigate a catastrophic (zero day) failure. Certifications such as ISO 27001 and 22301 (or equivalent) are useful mitigations.

It is also important to make this an ongoing risk management discussion. Providers make changes to their infrastructures and products that should influence your own assessment of the risk you are managing, and have comprehensive strategies in place to mitigate these risks. It is essential to conduct regular audits of your understanding of what your vendors have and continue to do so.

In short:

  • Secure your data internally AND externally (careful how/where you store data).
  • Secure your data in transit (encrypt data in transit).
  • Choose providers with a security profile equivalent to your own (high integrity providers).
  • Build diversity (no single point of failure).
  • Practice risk management (audit and enforcement).

Proper consideration of these factors, balanced with recognition of any specific contractual requirements, and you will be on your way to building a secure global network.

[1] Afilias is the technology provider for Australia’s .AU domain, and conforms to relevant requirements.

Written by Ram Mohan, Executive Vice President & CTO, Afilias

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, DNS, DNS Security, Networks

Categories: News and Updates

.Inc domains will be about $60,000 at Early Access

Domain Name Wire - Wed, 2019-02-20 14:50

Start a purchase order if you want to buy a .Inc domain in April.

Yesterday was day one of early access for .Dev domain names. I watched with amusement as Google’s Ben McIlwain (podcast) responded to complaints on twitter about the $10,000+ price tag. He explained that it was a Dutch auction and they should just wait a few days to buy the domains at lower prices.

If people were startled by .Dev’s early access prices, wait until they hear about .Inc.

Early access for .inc starts on April 30, but you’ll need to raise your credit card limit to participate. Expect to pay about $60,000 (not a typo) to get a .inc domain on day one. That drops a few thousand dollars on the second day. Wait until day 3 to pay about $30,000. The final day is still in the $6,000 neighborhood.

.Inc will always have a premium price tag, even in general availability. Retail prices will be about $2,000 per year.

I assume the value in these domains is for companies with common names that could be registered by someone else. I doubt cybersquatting will be a big problem; I don’t know many cybersquatters who will risk $2,000 on these names.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Final new TLD objection tally: Donuts 55, Amazon 24, Google 22
  2. .LLC and .INC domain names are on their way
Categories: News and Updates

Google’s .Dev domains are now available…for a hefty price

Domain Name Wire - Tue, 2019-02-19 17:33

Wealthy developers can get a .Dev domain today. Others should wait until next week.

Today is the first day that non-trademark holders can register domain names ending in .Dev.

Google is releasing the domain name in Early Access today. The Dutch-auction style phase started at 4:00PM UTC.

On the first day, expect to pay over $10,000 for the right to register a .dev domain. This drops to roughly $3,000 tomorrow and under $200 on Monday.

General availability begins February 28. Expect to pay around $10-$15 retail for .dev domains that Google has not marked as premium.

Google’s .app domain took off like a rocket ship last year and there are now more than 350,000 .app domains registered.

.Dev looks like it won’t be quite the same juggernaut. Sunrise trademark registrations appear to be lower than .app.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Arbitrage is Alive and Well on Google’s Content Network
  2. Final Thoughts on TRAFFIC East
  3. Publisher Who Sued Google Adsense Loses Appeal
Categories: News and Updates

New Public Interest Registry CEO Jon Nevett Seeks to Position .ORG as the Best TLD, Period

DN Journal - Tue, 2019-02-19 16:40
In the early days of domaining people debated whether .net or .org was the best alternative to .com. The new CEO at PIR thinks .org was, and is, the best TLD, period.
Categories: News and Updates

Tucows releases “Tiered Access” Whois request data

Domain Name Wire - Tue, 2019-02-19 16:33

2,100 requests for Whois data so far.

Most Whois data requests are related to trademark infringement.

Domain name registrar Tucows (NASDAQ: TCX) released data today about requests for Whois information under its tiered access program.

The company started the program following the implementation of the European Union’s General Data Protection Policy (GDPR) last year. At that time, Tucows masked Whois records for all domain names on its platform.

People could still ask for Whois data through an online platform.

The company, which has over 20 million domains under management, said it has received 2,100 data access requests since starting the tiered access program in May. 65% of the requests came from a single requestor.

While Tucows didn’t name this company in its blog post, it’s certainly AppDetex on behalf of Facebook, which flooded Tucows with requests timed around ICANN meetings.

Overall, Tucows provided data on 25% of requests including for 21% of AppDetex’s requests.

These numbers don’t tell the whole story. Only about 5% of requests were denied; the other 70% of requests weren’t fulfilled because the requestor didn’t respond to Tucows’ request for more information. So the majority of requestors that provided all the information Tucows wanted got data.

90% of requests came from commercial litigation. This includes the AppDetex requests.

Tucows points out that few requests came from security researchers. (That said, I believe most security researchers use Whois data in bulk to connect the dots, so requesting individual records is not feasible.)

The data don’t include ICANN Compliance requests. Tucows has not given personal registration data in response to any of ICANN’s requests but has been able to help ICANN investigations without disclosing this data, it said.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Did Parava Bilk Customers from Renewal Fees?
  2. Tucows’ Revenues Steady, Brandable Domain Sales Growing
  3. Chinese registrars lose of lot of .com, but HiChina picks up domains from others
Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer