News and Updates

Dynadot jumps into top 10

Domain Name Wire - Tue, 2019-08-06 16:36

Dynadot jumps into the top ten registrars for new .com registrations.

ICANN has published the latest official data from Verisign (NASDAQ: VRSN) about the .com namespace. This registrar-by-registrar report covers April 2019.

An anomaly this month is Dynadot, which jumped into the top ten for monthly .com registrations. This pushed NameSilo out of the top ten. I think this has to do with pricing; while NameSilo’s .com sale ended at the end of Q1, Dynadot has continued with discounted pricing. It’s charging $6.99 right now for new .com registrations.

While this means NameSilo is absent from the monthly board this month, it should soon appear on the top ten overall. It has crossed two million .com domains under management but this isn’t reflected in the ICANN numbers, which only go through April.

Here’s how registrars did in terms of new .com registrations:

1. GoDaddy.com* 970,751 (NYSE: GDDY) (1,045,199 in March)
2. Xin Net Technology Corporation 324,617 (294,415)
3. Tucows** (NASDAQ:TCX) 191,620 (206,170)
4. NameCheap Inc. 152,606 (160,737)
5. Alibaba (HiChina) 130,946 (126,659)
6. Endurance+ (NASDAQ: EIGI) 125,059 (138,627)
7. Google Inc. (NASDAQ: GOOGL) 119,976 (135,927)
8. Dynadot 104,837
9. Web.com++  88,873 (83,600)
10. Chengdu West 82,351

Here’s the leaderboard of the top registrars in terms of total .com registrations as of the end of April 2019.

1. GoDaddy* 50,940,640 (50,831,723 in March)
2. Tucows**  12,484,323 (12,552,098)
3. Endurance+ 7,026,808 (7,065,847)
4. Web.com++ 6,713,881 (6,717,360)
5. Alibaba 6,288,135 (6,226,249)
6. United Internet^ 5,609,664 (5,630,889)
7. Namecheap 4,745,085 (4,694,598)
8. Xin Net Technology Corporation 3,814,331 (3,500,398)
9. Google 2,434,742 (2,361,414)
10. GMO 2,026,751 (2,007,437)

Many domain companies have multiple accreditations and I’ve tried to capture the largest ones. See the notes below.

* Includes GoDaddy, Wild West Domains and 123 Reg
** Includes Tucows and Enom
+ Includes PDR, Domain.com, FastDomain and Bigrock. There are other Endurance registrars, but these are the biggest.
++ Includes Network Solutions and Register.com
^ Includes 1&1, PSI, Cronon, United-Domains, Arsys and world4you

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. New .Com Winners & Losers
  2. A strong month for .Com
  3. Google Domains tops 2 million .com domains
Categories: News and Updates

Web.com July sales including .UK release auctions

Domain Name Wire - Tue, 2019-08-06 15:36

.UK domains and NamesCon Europe auction add to July sales.

Web.com has reported its sales for domains of $2,000 or more on its aftermarket platforms for July. Web.com owns both NameJet and SnapNames.

Overall, the company reported 90 sales meeting this threshold for a total of $400,000.

July’s results include some of the sales from the NamesCon Europe conference as well as auctions for the “drop” of second level .uk domain names.

The top .uk sale was pink.uk for $8,402. The top NameJet sale was Beings.com at $16,302 and Vota.com was the top SnapNames sale at $15,000. Vota means vote in Spanish and has similar meanings in other languages.

Here’s the complete list of sales:

Domain NameSale PricePlatformNotes 4m.com36000NameJetNC Europe beings.com16302NameJet vota.com15000SnapNames 538888.com14000SnapNames s95.com8700NameJet pink.uk8402SnapNames.UK Release singlemen.com7988NameJetNC Europe thebell.com7655NameJet gurv.com7500SnapNames winterhaven.com7500SnapNames extropia.com7099NameJet kodit.com6805NameJet waterland.com6733NameJet lingerie.uk6270SnapNames.UK Release base10.com6200SnapNames prodental.com6055SnapNames bed.org6000NameJetNC Europe dot.uk5250SnapNames.UK Release bigbud.com5211NameJet bitcoinmarket.com5200NameJetNC Europe bhoomi.com5102NameJet centreville.com5000NameJet ziz.com5000NameJetNC Europe zlz.com5000NameJetNC Europe automate.org5000SnapNames holbox.com4900NameJet byun.com4900SnapNames coin.uk4800SnapNames.UK Release yaap.com4705SnapNames wordmark.com4608NameJet qaas.com4400NameJet drbrand.com4200NameJet dentaire.com4002NameJet sellhouses.com4000NameJetNC Europe room.uk3681SnapNames.UK Release toploan.com3633NameJet mariachis.com3500NameJet erotic.uk3500SnapNames.UK Release candy.uk3400SnapNames.UK Release creative.uk3309SnapNames.UK Release proscape.com3306NameJet globallaw.com3244NameJet bicycletools.com3188NameJet sendfree.com3161NameJet xn--msica-7ua.com3106SnapNames fangio.com3001NameJet saturnia.com3000SnapNames epago.com2999NameJet akgroup.com2909NameJet 365.uk2877SnapNames.UK Release hvacparts.com2755NameJet apoio.com2721NameJet norest.com2705NameJet winecork.com2701NameJet tuitionpay.com2700NameJet unesco-ci.org2700NameJet getmobile.com2700NameJet cd.ca2667NameJetNC Europe expy.com2667SnapNames multibrand.com2655NameJet discounts.uk2630SnapNames.UK Release therapy.uk2611SnapNames.UK Release vision.uk2611SnapNames.UK Release elephants.org2600NameJet bankuptcylawyer.com2600NameJet xn--yfru5m85i.com2600SnapNames voipphonesystem.com2536NameJet iambeautiful.com2500NameJet drugfreeworkplace.org2420NameJet anleger.com2384SnapNames redot.com2322NameJet real.uk2316SnapNames.UK Release skyauto.com2309SnapNames cendera.com2300NameJet cme.org2300NameJet people.uk2300SnapNames.UK Release theadvocates.com2295NameJet laptop.uk2274SnapNames.UK Release mdba.com2223NameJet rehabmed.com2173SnapNames call.uk2161SnapNames.UK Release rhcc.com2125NameJet eztalk.com2100NameJet tulan.com2100NameJet applabs.com2100NameJet dunphy.com2067NameJet fundview.com2050SnapNames informat.com2007NameJet 15229.com2000NameJet jsst.com2000NameJet sppc.com2000NameJet

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. NamesCon auction lifts Web.com sales in February
  2. Web.com aftermarket sales up to $45k
  3. NamesCon sales top Web.com’s June domain name sales
Categories: News and Updates

The Weekend Was Nirvana for Domain Investors With Meetups On Both Sides of the Globe and an Industry Pioneer Online

DN Journal - Mon, 2019-08-05 23:45
With domain investor meetups in Asheville & New Delhi and one of the industry's pioneers holding court online, it was a great weekend to soak up domain expertise.
Categories: News and Updates

8chan Website Pushed Offline Over Ties to the Mass Shooting in El Paso

Domain industry news - Mon, 2019-08-05 21:15

The notorious social networking website 8chan was taken offline on Monday afternoon following discontinuation of support from various service providers to the platform over its links to the mass shooting in El Paso, Texas. Emily Birnbaum reporting in The Hill: "8chan, which critics have called a breeding ground for white extremism, first went offline early Monday morning after web security firm Cloudflare cut ties with the website. While it came back online briefly, its service was cut off again by the afternoon after two other firms critical to its web infrastructure dropped 8chan as a client. 8chan administrator Ron Watkins confirmed the website had gone down around 1 p.m."

Follow CircleID on Twitter

More under: Internet Governance, Policy & Regulation, Web

Categories: News and Updates

Sedo adds COO to its executive ranks

Domain Name Wire - Mon, 2019-08-05 20:29

Company hires Michael Robrock for new executive position.

Michael Robrock

Sedo has hired Michael Robrock for its newly created Chief Operating Officer role.

Robrock will oversee all customer-facing departments at the domain marketplace, including sales and operations.

He has been involved with digital marketing or the past twenty years as a consultant, and also as CEO of mixcon AG Trengdroup GmbH.

Sedo says that he has been involved in the domain industry during this time; he is active in domain investor networks and attended domain investor events.

Matthias Conrad, who joined Sedo as its new CEO at the beginning of this year, is on the DNW Podcast this week.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. The Perils of Trying to Go Public
  2. Sedo Revenue Down But Earnings Up
  3. Sedo and TLDs promote domain names at dmexco
Categories: News and Updates

What's in Your DNS Query?

Domain industry news - Mon, 2019-08-05 19:34

Privacy problems are an area of wide concern for individual users of the Internet — but what about network operators? Geoff Huston wrote an article earlier this year concerning privacy in DNS and the various attempts to make DNS private on the part of the IETF — the result can be summarized with this long, but entertaining, quote:

"The Internet is largely dominated, and indeed driven, by surveillance, and pervasive monitoring is a feature of this network, not a bug. Indeed, perhaps the only debate left today is one over the respective merits and risks of surveillance undertaken by private actors and surveillance by state-sponsored actors. ... We have come a very long way from this lofty moral stance on personal privacy into a somewhat tawdry and corrupted digital world, where "do no evil!" has become 'don't get caught!'"

Before diving into a full-blown look at the many problems with DNS security, it is worth considering what kinds of information can leak through the DNS system. Let's ignore the recent discovery that DNS queries can be used to exfiltrate data; instead, let's look at more mundane data leakage from DNS queries.

For instance, say you work in a marketing department for a company that is just about to release a new product. To build the marketing and competitive materials your sales critters will need to stand in front of customers, you do a lot of research around competitor products. In the process, you examine, in detail, each of the competing product's pages. Or perhaps you work in a company that is determining whether another purchasing or merging with another company might be a good idea. Or you are working on a new externally facing application, or component in an existing application, that relies on a new connection point into your network.

All of these processes can lead to a lot of DNS queries. For someone who knows what they are looking for, the pattern of queries may be enough to examine strings queried from search engines and other information, ultimately leading to someone being able to guess a lot about that new product, what company your company is thinking about buying or merging with, what your new application is going to do, etc. DNS is a treasure trove of information at a personal and organizational level.

Operators and protocol designers have been working for years to resolve these problems, making DNS queries "more private;" Geoff Huston's article provides a good overview of many of these attempts. DNS over HTTPS (DoH), a recent (and ongoing) attempt bears a closer look.

DNS is normally sent "in plain text" over the network; anyone who can capture the packets can read not only the query but also the responses. The simplest way to solve this problem is to encrypt the DNS data in flight using something like TLS — hence DoT, or DNS over TLS. One problem with DoT is it is carried over a unique port number, which means it is probably blocked by default by most packet filters, and can easily be blocked by administrators who either do not know what this traffic is or do not want it on their network. To solve this, DoH carries TLS encrypted traffic in a way that makes it look just like an HTTPS session. If you block DoH traffic, you will also block access to web servers running HTTPS. This is the logical "end" of carrying everything else over HTTPS to avoid the impact of stateful and stateless packet filters and the impact of middle boxes on Internet traffic.

The good result is, in fact, that DNS traffic can no longer be "spied on" by anyone outside servers in the DNS system itself. Whether or not this is "enough" privacy is a matter of conjecture, however. Servers within the DNS system can still collect information about what queries you are making; if the server has access to other information about you or your organization, combining this data into a profile, or using it to determine some deeper investigation is warranted by looking at other sources of data, is pretty simple. Ultimately, DoH is only really useful if you trust your DNS provider.

Do you? Perhaps more importantly — should you?

DNS providers are like any other business; they must buy hardware, connectivity, and the time of smart people who can make the system work, troubleshoot the system when it fails, and think about ways of improving the system. If the service is free…

DoH, however, has another problem Geoff outlines in his article — DNS is moved up the stack, so it no longer runs over TCP and UDP directly, but instead, it runs over HTTPS. This means local applications, like browsers, can run DNS queries independently of the operating system. In fact, because these queries are TLS encrypted, the operating system itself cannot even "see" the contents of these DNS queries. This might be a good thing — or might be a bad thing. If nothing else, it means the browser, or any other application, can choose to use a resolver not configured by the local operating system. A browser maker, for instance, can direct their browser to send all DNS queries made within the browser to their DNS server, exposing another source of information about users (and the organizations they work for).

Remember that time you mistyped an internal hostname in your browser? Thankfully, you had a local DNS server configured, so the query did not go out to a resolver on the Internet. With DoH, the query can go out to an open resolver on the Internet regardless of how your local systems are configured. Something to ponder.

The bottom line is this — the nature of DNS makes it extremely difficult to secure. Somehow you have to have someone operate, and pay for, an open database of names which translate to addresses. Somehow you have to have a protocol that allows this database to be queried. All of these "somehows" expose information, and there is no clear way to hide that information. You can solve parts of the problem, but not the whole problem. Solving one part of the problem seems to make another part of the problem worse.

If you haven't found the tradeoff, you haven't looked hard enough.

In the end, though, the privacy of DNS queries at a personal and organizational level is something you need to think about.

Written by Russ White, Infrastructure Architect at Juniper Networks

Follow CircleID on Twitter

More under: Cybersecurity, DNS, DNS Security, Privacy

Categories: News and Updates

Donuts moves back to Bellevue

Domain Name Wire - Mon, 2019-08-05 18:30

Registry for hundreds of top level domains returns to its original building.

Top level domain name registry Donuts has returned to its former home in Bellevue, Washington.

The company had been located down the street in Kirkland, Washington, where Rightside was located. Donuts acquired Rightside in 2017 and left its original office in Bellevue to use the Rightside office. Now the company has returned to its former building in Bellevue.

For a couple of years, Donuts, Tucows and GoDaddy all had offices within steps of each other of the shores of Lake Washington in Kirkland. Tucows’ office is in the same building that Donuts occupied after Tucows acquired the Enom business from Rightside. GoDaddy’s is right down the street.

GoDaddy recently hired Aman Bhutani, who currently resides in Seattle, as its new CEO. It will be interesting to see if it expands its operations in the Seattle area.

Of course, the biggest headquarters change announcement in the area is that Domain Name Wire is now based in the region.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Donuts promoting its TLDs at Vegas fashion show (photo)
  2. Donuts chooses Rightside over Google Nomulus
  3. Donuts’ acquisition of Rightside makes it easier on brand owners
Categories: News and Updates

Terahertz WiFi

Domain industry news - Mon, 2019-08-05 17:19

While labs across the world are busy figuring out how to implement the 5G standards, there are scientists already working in the higher frequency spectrum looking to achieve even faster speeds. The frequencies that are just now being explored are labeled as the terahertz range and are at 300 GHz and higher spectrum. This spectrum is the upper ranges of radio spectrum and lies just below ultraviolet light.

Research in these frequencies started around 2010, and since then the achieved broadband transmission speeds have progressed steadily. The first big announced breakthrough in the spectrum came in 2016 when scientists at the Tokyo Institute of Technology achieved speeds of 34 Gbps using the WiFi standard and the 500 GHz spectrum range.

In 2017, researchers at Brown University School of Engineering were able to achieve 50 Gbps. Later that year a team of scientists from Hiroshima University, the National Institute of Information and Communications Technology and Panasonic Corporation achieved a speed of 105 Gbps. This team has also subsequently developed a transceiver chip that can send and receive data at 80 Gbps — meaning these faster speeds could be moved out of the lab and into production.

Like with all frequencies, when transmitted through the air, the higher the bandwidth, the shorter the distance until a radio transmission scatters. That makes the biggest challenge for using these frequencies the short transmission distances. However, several of the research teams have shown that transmissions perform well when bounced off walls and the hope is to eventually achieve distances as long as 10 meters (30 feet).

The real benefit of superfast bandwidth will likely be for super-short distances. One of the uses of these frequencies could be to beam data into computer processors. One of the biggest impediments to faster computing is the physical act of getting data to where it's needed on time, and terahertz lasers could be used to speed up chips.

Another promising use of the faster lasers is to create faster transmission paths on fibers. Scientists have already been experimenting, and it looks like these frequencies can be channeled through extremely thin fibers to achieve speeds much faster than anything available today. Putting this application into the field is probably a decade or more away — but it's a breakthrough that's needed. Network engineers have already been predicting that we will exhaust the capabilities of current fiber technology on the major Internet transmission paths between major POPs. As the volume of bandwidth we use keeps doubling, we will be transmitting more data in a decade or two between places like New York and Washington DC than all of the existing fibers can theoretically carry. When fiber routes get that full, the problem can't be easily fixed by adding more fibers — not when the volumes double every few years. We need solutions that involve fitting more data into existing fibers.

There are other applications that could use higher frequencies today. For example, there are bandwidth needs for specific applications like real-time medical imaging and real-time processing for intricate chemical engineering that need faster bandwidth that is possible with 5G. The automated factories that will create genetic-based drug solutions will need much faster bandwidth. There are other, more mundane uses of the higher frequencies. For example, these frequencies could be used to replace X-rays and reduce radiation risks in doctor's offices and airports.

No matter what else the higher frequencies can achieve, I'm holding out for Star Trek holodecks. The faster terahertz frequencies could support creation of the complex real-time images involved in truly immersive entertainment.

These frequencies will become the workhorse for 6G, the next generation of wireless technology. The early stages of developing a 6G standard are underway with expectations of having a standard by perhaps 2030. Of course, the hype for 6G has also already begun. I've already seen several tech articles that talk about the potential for having ultrafast cellular service using these frequencies. The authors of these articles don't seem to grasp that we'd need a cell site every twenty feet — but facts don't seem to get in the way of good wireless hype.

Written by Doug Dawson, President at CCG Consulting

Follow CircleID on Twitter

More under: Access Providers, Broadband, Mobile Internet, Telecom, Wireless

Categories: News and Updates

Epik CEO Rob Monster statement on 8chan

Domain Name Wire - Mon, 2019-08-05 15:58

8ch.net moves to Epik. Here’s Rob Monster’s response.

Rob Monster, CEO of Epik, releases statement on 8chan moving to his registrar.

8Chan, a website again in the spotlight after the shooting in El Paso this weekend, has switched registrars. It already got booted off of its DDoS provider CloudFlare. Now, perhaps to avoid any pressure from its domain registrar, it moved to Epik for registration services. Epik also offers DDoS.

Epik has accepted domains that other registrars have kicked out, including Gab.com.

The registrar’s CEO Rob Monster said that it did not solicit 8chan’s business and is evaluating whether to offer it DDoS mitigation. Here’s Monster’s full statement about 8ch.net moving to the registrar.

Freedom of speech and expression are fundamental rights in a free society. We enter into a slippery slope when we start to limit speech that makes us uncomfortable. The censorship we’ve seen across major social media platforms as of late has created a vacuum. Our services fill the ever growing need for a neutral service provider that will not terminate accounts based on arbitrary reasoning or political pressure. Our philosophy is, if the customer is not breaking the law, they are protected under our umbrella of services.

Specific to any of the “Chan” sites, Epik did not solicit this business. We have not made a definitive decision about whether to provide DDoS mitigation or Content Delivery services for them. We will evaluate this in the coming days. From what little we know so far, the Chans are not lawless and do have moderation, especially in regards to DMCA and content which is illegal in the United States. Ultimately, we believe that the best disinfectant for darkness however this must absolutely occur within the bounds of the law.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Rob Monster explains why he accepted GAB.com domain at Epik
  2. Pennsylvania Attorney General subpoenas Epik over Gab.com domain name
  3. It’s official: GoDaddy owns Host Europe Group
Categories: News and Updates

Sedo CEO Matthias Conrad – DNW Podcast #247

Domain Name Wire - Mon, 2019-08-05 15:30

How Matthias Conrad views the domain aftermarket so far.

Matthias Conrad joined Sedo as its new CEO at the beginning of the year. On this show, Matthias talks about his impression of the domain aftermarket—and Sedo—after about half a year on the job. Conrad explains how he thinks Sedo can improve, what the aftermarket needs to take it to the next level, and some data including Sedo’s median domain sales price.

Also: Change at the top at GoDaddy, MicroStrategy’s domain profit, premium domain sales, end of an era at Uniregistry, ICANN’s “sort of” response to ICA.

This week’s sponsor: Name.com.

Subscribe via Apple Podcasts to listen to the Domain Name Wire podcast on your iPhone or iPad, view on Google Play Music, or click play above or download to begin listening. (Listen to previous podcasts here.)

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Domain aftermarket update – DNW Podcast #151
  2. 2017 Predictions – DNW Podcast #116
  3. Domain name due diligence – DNW Podcast #148
Categories: News and Updates

Kathie Lee Gifford needs to spell this for you

Domain Name Wire - Mon, 2019-08-05 13:44

Kathie Lee Gifford spells this company’s name out for you because otherwise, you can’t spell it..

We often talk about the radio test when it comes to domain names. If someone hears the name of your website can they spell it when they type it into their browser?

The same goes for apps. When someone goes to the app store to find an app, can they spell the name correctly?

Name Ninja Bill Sweetman sent this commercial featuring Kathie Lee Gifford to me. It’s for an app called Takl. But it’s pronounced tackle, like tackling a job on your todo list.

If you hear the name of the app there’s no way you will know how it’s spelled. Unless the company spells it out for you, and that’s just what they have Kathie Lee Gifford do at the end of this commercial. Click the image at the top to watch the ad, especially the ending.

The company uses the domain name Takl.com.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Startup domain name fails: 68% fail radio test
  2. A name that failed the “radio test” was hurting this real estate business
  3. That’s Zero, X-E-R-O
Categories: News and Updates

Facebook, Privacy, and Cryptography

Domain industry news - Fri, 2019-08-02 21:39

There has long been pressure from governments to provide back doors in encryption systems. Of course, if the endpoints are insecure it doesn't matter much if the transmission is encrypted; indeed, a few years ago, I and some colleagues even suggested lawful hacking as an alternative. Crucially, we said that this should be done by taking advantage of existing security holes rather than be creating new ones.

Facebook may have taken part of this to heart. A Forbes columnist has written that Facebook is incorporating content analysis into its mobile client and that:

The company even noted that when it detects violations, it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service.

(It's not even clear that this claim is accurate, but for this analysis let's assume that it is.)

Now, it's not unreasonable for Facebook to move some analysis to the client; indeed, a few months ago I speculated that they might. But that's a very different issue than using their clients for government access.

As I and others have often noted, security is a systems property. That is, you don't achieve security just by hardening this or encrypting that or putting a firewall in front of some other thing. Rather, security emerges from a system where the individual elements are secure and they're combined properly and there are no gaps and everything is used properly and — well, you get the picture. Let's walk this back: if the Facebook mobile client has wiretapping ability, how might that fail?

First, of course, that code might itself be buggy. To give one example, suppose that the wiretap code tried to set up an encrypted connection back to Facebook. It turns out, though, that certificate-checking in that sort of code is very hard to get right:

We demonstrate that SSL certificate validation is completely broken in many security-critical applications and libraries. Vulnerable software includes Amazon's EC2 Java library and all cloud clients based on it; Amazon's and PayPal's merchant SDKs responsible for transmitting payment details from e-commerce sites to payment gateways; integrated shopping carts such as osCommerce, ZenCart, Ubercart, and PrestaShop; AdMob code used by mobile websites; Chase mobile banking and several other Android apps and libraries; Java Web-services middleware including Apache Axis, Axis 2, Codehaus XFire, and Pusher library for Android and all applications employing this middleware. Any SSL connection from any of these programs is insecure against a man-in-the-middle attack.

The code would work correctly — until someone launched an active attack on the connections.

Alternatively, someone could try to hack Facebook. Facebook is a very sophisticated corporation and probably has very good internal security controls but are they — proof against a major attack by a foreign intelligence agency? An attack that is aided by pressure on some country's expatriates who now work for Facebook?

Beyond that, of course, there are all of the procedural and diplomatic issues: how would Facebook authenticate requests, what about requests from oppressive governments, etc.?

In other words, although this scheme would (probably) not suffer from the fragility of cryptographic protocols, it would open up other avenues for attack.

As I noted above, we endorsed using existing holes, not creating new ones. Yes, it's more expensive, but that isn't necessarily a bad thing. As Justice Sotomayor noted in her concurrence in United States v. Jones, "limited police resources and community hostility" are major checks on police misbehavior. A cheap, surreptitious means of breaking security is exactly the wrong thing to do.

The claim about Facebook's plans may be wrong. I certainly hope so.

Update: Will Cathcart, the VP in charge of WhatsApp, has categorically denied the allegation:

To be crystal clear, we have not done this, have zero plans to do so, and if we ever did it would be quite obvious and detectable that we had done it. We understand the serious concerns this type of approach would raise, which is why we are opposed to it.

I hope no one suggests that other companies try this, either — the reasons why it would be bad if Facebook did it are at least as applicable to anyone else, especially to companies with less engineering talent (and that's most of the world).

Written by Steven Bellovin, Professor of Computer Science at Columbia University

Follow CircleID on Twitter

More under: Cybersecurity, Privacy

Categories: News and Updates

Radix TLDs Produced $1.36 Million in Premium Domain Sales in the First Half of 2019

DN Journal - Fri, 2019-08-02 21:24
Radix has released a new report detailing premium domain sales results in the first half of 2019 for the nine gTLDs the company administers.
Categories: News and Updates

July’s top stories: Michael Jackson, Photoshop

Domain Name Wire - Fri, 2019-08-02 15:14

Adobe, JUUL, and Porsch lose cybersquatting disputes.

August just started so it’s time to review the last month in the domain name business.

All top stories on DNW had to do with legal questions. In several of them, the company bringing a cybersquatting dispute lost. But Michasel Jackson’s estate finally got KingOfPop.com.

Here are the top five stories ranked by views:

1. Adobe is really annoyed by this Dominican man’s “photo shop” – The company has filed two UDRPs to try to get his photoshop domain names. It lost both times.

2. Michael Jackson estate gets KingOfPop.com domain name – MJ lovers rejoice! Popcorn lovers, not so much.

3. Stolen domain lawsuit now officially a clusterf*ck – It started as a simple in rem case. It snowballed into something else entirely.

4. Porsche tries to take down escort’s website – It lost the cybersquatting dispute.

5. This JUUL cybersquatting case is interesting – Yep, another cybersquatting case makes the top 5.

Miss any podcasts? Click the links to listen or subscribe on your podcat app.

#242 – Domain pricing with Jeffrey Gabriel

#243 – DAN.com

#244 – Eternal September with John Berryhill

#245 – Avoiding stolen domains with Josh Reason

#246 – Grow your business with podcasts

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Michael Jackson estate gets KingOfPop.com domain name
  2. Adobe is really annoyed by this Dominican man’s “photo shop”
Categories: News and Updates

GoDaddy reports earnings, domain revenue up nearly 10% from last year

Domain Name Wire - Fri, 2019-08-02 13:11

Domain revenue continues upward charge at GoDaddy.

The big news out of GoDaddy (NYSE: GDDY) on its Q2 earnings release wasn’t the numbers. It was Scott Wagner stepping down as CEO. He is leaving for health reasons and will be replaced by Aman Bhutani, previously President of Brand Expedia Group.

On the numbers side of things, revenue in Q2 2019 was $737.2 million, up 13.1% year-over-year. Total bookings hit $846.1 million, up 12.2%. The customer base increased by 1.0 million customers.

Domains revenue was $334.4 million, up 9.7% year over year. GoDaddy pulled in $319.6 million from domains in Q1 of this year, so it had a good quarter-over-quarter lift.

Revenue in the company’s hosting/web presence business grew 14% year-over-year and business applications revenue was up 20%.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. GoDaddy reports earnings and domain revenue growth
  2. GoDaddy posts 17% revenue growth in Q3
  3. .Com Winners & Losers
Categories: News and Updates

Sedo Selects Michael Robrock to Fill Newly Created Position as Chief Operating Officer

DN Journal - Thu, 2019-08-01 21:21
For the first time, Sedo has a COO, a role that will be filled by new management board member Michael Robrock who brings over 20 years of experience to the job.
Categories: News and Updates

OneWeb Fails in Latest Attempt to Get Russian Approval for Its Worldwide Internet Coverage Plan

Domain industry news - Thu, 2019-08-01 21:13

Russian State Commission for Radio Frequencies has denied the global satellite communications company OneWeb to use a certain band of radio frequencies in Russia that the company seeks as part of its plan to launch hundreds of satellites into orbit to provide worldwide internet coverage. The company has failed to get approval for its application for frequencies in Russia since 2017 even though OneWeb founded a joint venture with state space corporation Roscosmos. "Russian federal telecommunications regulator Roskomnadzor earlier objected to the allocation of frequencies to OneWeb with the claim that it could cause interference with other space systems," according to a report by the telecompaper.

Update Aug 5, 2019: "OneWeb says Russia did not block its plans," reports BBC. "OneWeb told the BBC it had submitted but then withdrawn an application to use radio frequencies in Russia." (BBC)

Follow CircleID on Twitter

More under: Access Providers, Broadband, Wireless

Categories: News and Updates

Scott Wagner leaving GoDaddy for health reasons, new CEO from Expedia named

Domain Name Wire - Thu, 2019-08-01 20:29

Wagner will be replaced by Expedia veteran Aman Bhutani.

Aman Bhutani

Scott Wagner is stepping down as CEO of GoDaddy for unspecified health reasons, the company announced today.

Wagner has been involved with GoDaddy since KKR invested in the company in 2011. He served as interim CEO for a bit in 2012-2013 until Blake Irving was hired, and then held President/COO and CEO roles since then.

He will be succeeded by Aman Bhutani, who has spent the last nine years at Expedia Group. His most recent role there was President of Brand Expedia group.

Bhutani currently lives in Seattle, where Expedia is located. GoDaddy has an office in the Seattle area that was started under Blake Irving’s tenure.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Two thoughts from GoDaddy’s conference call yesterday
  2. GoDaddy reintroduces China’s .Cn domain name
  3. Rob Monster explains why he accepted GAB.com domain at Epik
Categories: News and Updates

My favorite end user domain purchase ever (and 11 others)

Domain Name Wire - Thu, 2019-08-01 16:15

I love this domain name an end user bought on Sedo.

It’s not the most expensive. Not at all. But this week I got a big kick out of the domain name a California sperm bank bought at Sedo: Generate.us. Get it?

It was one of a dozen end user domain purchases uncovered on this week’s Sedo list. I’m also waiting to see if RX.com, which sold for $1 million, is an end user purchase or a Chinese domain investor.

Here’s a look at sales to end users that recently closed at Sedo. See prior end user lists here.

4DMedical.com $17,500 – 4D Imaging Systems, which now offers a healthcare imaging system.

Bkind.com $10,100 – BKIND, a beauty products company that operates at Bkind.ca.

LEPro.com $10,000 – Home EVER Inc, which sells lighting online. One of its websites is LightingEver.com, branded as LE. So we might be looking forward to a site for professional customers.

Generate.us $8,000 – One of the best domains ever? California Cryobank, an online sperm bank in California, bought this domain.

Teleion.com $4,750 – Consultant Group focused on marketing operations, cyber-security, and business intelligence for the Pacific Northwest.

CAOil.com $3,888 – In development for a medical cannabis provider.

BeyondInvesting.com $3,500 – Beyond Investing offers climate-conscious and zero animal exploitation investment portfolios. It forwards the domain to BeyondFundAdvisors.com.

CareerSite.de €2,888 – SoftGarden, a company offering a recruiting/applicant management platform.

Inalca.com €2,850 – This domain name was purchased by Inalca, an Italian beef manufacturer and distributor.

GesundheItsallianz.de €2,500 – Forwards to the German language page at Dr-Rath-Health-Alliance.org – The Dr. Rath Health Alliance is a non-profit health foundation advocating for patient rights and research. Gesundheitsallianz translates to “health alliance”.

Pergament.com $2,200 – Pergament Properties is a commercial property development company in Woodbury, NY.

SchlagerEvent.com €2,000 – Forwards to Galfri.ch/volksschlager, a company that organizes pop music concerts.

 

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. 15 end user domain name sales
  2. 24 end user domain name purchases
  3. 11 more end user domain name sales
Categories: News and Updates

Endurance reports earnings, domain customer growth

Domain Name Wire - Thu, 2019-08-01 15:27

Green shoots at Endurance International Group?

Endurance International Group (NASDAQ: EIGI) reported second-quarter earnings this morning.

All major metrics for the business continue to decline as forecasted.

Revenue was $278.2 million, down from $287.8 million in the same quarter last year and $280.7 million in Q1 2019. Adjusted EBITDA and the customer base also declined.

On the positive side, the company continues to pay down its heavy debt load.

Endurance is maintaining its full-year guidance based on these results.

The domain name business, which includes BuyDomains, Domain.com and ResellerClub, also had year-over-year and quarter-over-quarter declines. However, its subscriber base continues to tick up this year after losses last year.

In prepared remarks, Endurance International Group CEO Jeffrey Fox said that premium domain sales (i.e., BuyDomains portfolio) are trending weaker.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Domain names are one bright spot for Endurance
  2. Why Endurance bought BuyDomains, and why the price might make sense
  3. One domain name stock is actually up today
Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer