News and Updates

VeriSign’s domain base grew by 1.91 million names last quarter

Domain Name Wire - Fri, 2018-04-27 13:50

Historically strong Q1 delivers for Verisign.

VeriSign (NASDAQ:VRSN) reported first quarter 2018 earnings after the bell yesterday.

The base of .com and .net domain names grew by 1.91 million during the quarter and 9.6 million new .com and .net domains were registered. This comes in toward the high end of Verisign’s predicted range of 1.5 million to 2.0 million net adds. Historically, Q1 is the strongest quarter for domain name registrations.

There were 9.0 million new registrations in Q4 2017 and 0.57 million net adds.

Verisign forecasts 0.7 million to 1.2 million net adds in Q2 2018.

On the investor conference call yesterday, Verisign said that it continues to work with the NTIA on the cooperative agreement, which expires in November this year. The NTIA has the option of extending the agreement or sunsetting it. For everyone in the domain industry, you should hope that the NTIA extends it. Remember, it was the NTIA that kept .com prices down in the 2012 contract renewal, not ICANN.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. IANA transition will not remove government relationship with .com contract
  2. A .com price freeze through 2024 more likely?
  3. Breaking: Verisign loses appeal in .XYZ lawsuit
Categories: News and Updates

Square to buy Weebly for $365 million

Domain Name Wire - Thu, 2018-04-26 20:34

Battle for website building and ecommerce platform supremacy is heating up.

Payments company Square (NYSE: SQ) is acquiring website building company Weebly, the company announced this afternoon. The $365 million cash and stock deal is expected to close by the end of the quarter.

One of Weebly’s largest competitors, Wix (NASDAQ: WIX), has a market cap of $4 billion. E-commerce platform Shopify (NYSE: SHOP) has a market cap of over $12 billion.

Weebly has generally been seen is the third player in the non-WordPress site builder market behind Wix and SquareSpace (no relation to Square).

Over the past year it has significantly enhanced its ecommerce capabilities as the market has moved in that direction.

Yesterday BigCommerce, a Shopify competitor based in Austin, announced a $64 million funding round led by Goldman Sachs.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Oh brother, .Shop applicant has really lost it this time
  2. Got $30k? Long and expensive .Shop Early Access opens Thursday
  3. Here are the domain and website biz’s 2 Super Bowl commercials
Categories: News and Updates

Google wants to patent domain reseller registration widget

Domain Name Wire - Thu, 2018-04-26 15:43

Patent application describes domain registration widget.

Not very novel. (Graphic from U.S. patent application 15/333565)

Google has filed an application (pdf) with the U.S. Patent and Trademark Office to patent a “Method and Device for Domain Web Page Registration”.

The application describes a need by third-party website builder services to offer domain name registration to people after they create a website. Of course, almost all website builders offer domain name registration through a reseller system.

I believe that the patent is related to a widget Google designed to sell domain names to Blogger users. The patent claims:

“According to some implementations, the list may include one or more available domain names having a top-level domain selected to be emphasized by the third-party website. For example, if the third-party website provides services for bloggers, the top-level domain “.blog” may be selected to be emphasized.”

If you create a blog on the Blogger platform now, you will get a pop-up dialog about registering a domain name:

Once you search for a domain you will see results in the same dialog box:

While creating a widget dialog like this is a different implementation of domain reselling systems, domain resellers might want to take note of some of the claims Google is making in the patent application.

The patent application was filed in 2016 and published today.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Google Domains is renewing domain names for free
  2. Google cross promoting domain names to existing customers
  3. Google begins using domains.google domain name
Categories: News and Updates

Original France.com owner sues to recover domain from the country

Domain Name Wire - Thu, 2018-04-26 14:27

French courts nabs valuable domain name for its government.

France.com was used by a tour operator. Now the French government owns it. (Photo from Screenshots.com)

The original registrant of France.com back in 1994 has filed a lawsuit (pdf) to try to recover the domain name France.com, which the country managed to wrestle away through the French court system.

France.com, Inc. filed the suit in U.S. District Court in the Eastern District of Virginia, where Verisign is located. It names The French Republic, a number of French government entities, the domain name, and Verisign as defendants.

The plaintiff has been using the domain name to promote tours in France. In 2015 the defendants tried to get control of the domain name through the French judicial system. In 2016 the Tribunal de Grand Instance de Paris ordered the domain transferred to the French government. The plaintiff appealed, and the appeals court affirmed the lower court decision.

The plaintiff says that the defendants lack authority to seize property in the United States (where France.com, Inc. is located) but they reached out to Web.com, the domain name registrar, and managed to get Web.com to transfer the domain name to the defendants in March.

Boom. The plaintiff’s business was sunk. The site now forwards to France.fr and obviously the plaintiff’s email addresses no longer work, too.

France.com, Inc. is suing on a number of grounds, including Reverse Domain Name Hijacking, expropriation, and more.

It’s interesting to note that the City of Paris, France, was ordered by a U.S. court to pay $100,000 for reverse domain name hijacking and tortious interference in a domain name dispute. Something tells me they haven’t paid.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Dreamlines GmbH is a reverse domain name hijacker
  2. Nat Cohen’s Telepathy sues for reverse domain name hijacking
  3. Telepathy gets another Reverse Domain Name Hijacking win
Categories: News and Updates

19 end user domain sales up to $55,000

Domain Name Wire - Thu, 2018-04-26 13:47

Here are some of the domain names that end users bought at Sedo over the past week.

Sedo’s public sales over the past week were led by SysAdmin.com, which sold for $55,000 and now forwards to SysAdmin.ru.

Other sales include a brand name purchase by an anti-fatigue mat maker, a tech company that uses .cn getting the matching .com domain, and an app using .guru buying the matching .com.

Let’s get to the list, and you can see previous lists like this here.

SysAdmin.com $55,000 – The buyer is using Whois privacy but the domain now forwards to SysAdmin.ru, a site with technical content.

Coba.com $15,500 – Coba International makes anti-fatigue mats, entrance mats and floor safety markings.

Cordet.com €10,000 – Cordet is an investment firm that was using the domain name CordetCapital.com. The longer name now forwards to Cordet.com.

DDEV.com $10,000 – DDEV is a development technology.

Sentinel.co $8,888 – Sentinel Industries in Fiji.

CamCube.com $7,525 – CamCube is a dental product made by Witlaken.

Haylion.com $7,000 – Haylion, based in China, is a technology company that uses the domain name Haylion.cn.

PlateRate.com €6,800 – PlateRate is a food app that uses the domain name PlateRate.guru.

VideoMapping.com $6,500 – Mr. Beam is a projection art studio.

Caisson.com $5,500 – Caisson is a new company offering secure data and documentation services.

MyJackpot.co.uk €4,999 – Whow Games GmbH, a gaming company in Germany.

FundEye.com $4,700 – Carnegie Fund Services is a “legal representative of foreign collective investment schemes in Switzerland”.

SeedMarketing.com $4,000 – Student marketing company Seed Marketing shortened its domain name from SeedMarketingAgency.com.

SecureGas.com $3,900 – Red Clay is a technology consultant to the utility industry.

Laparisina.com $3,000 – Parasina is a Mexican fabrics company that uses the domain name laparisina.com.mx.

AIninja.com $3,000 – This was purchased by a company called AI Ninja that does AI work for the finance industry.

1property.com $2,900 – 1Let Limited is a UK property leasing company.

SunshineMobile.com £2,500 – Sunshine Mobile (USA) Ltd is a mobile communications company.

BitNine.com $2,500 – BitNine is a blockchain and cryptocurrency company.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. What domain names Mozilla and others bought last week
  2. What domain names Goldman Sachs and others bought this week
  3. More end user domain name sales
Categories: News and Updates

6-Figure Headliners & 100s of Previously Unreleased Uniregistry Sales Rock This Week's Charts

DN Journal - Thu, 2018-04-26 02:50
The new weekly domain sales report is out at DNJournal.com and it is loaded with hundreds of previously unreleased sales. Five 6-figure sales lead the hit parade.
Categories: News and Updates

World's Largest DDoS-for-Hire Service Taken Down in Major International Probe

Domain industry news - Thu, 2018-04-26 02:02

Webstresser.org, considered the world’s biggest marketplace to hire DDoS services, has been taken down according to an announcement issued today by the European Union Agency for Law Enforcement (Europol). Webstresser.org had reached over 136 000 registered users and responsible for 4 million attacks by April 2018. Targets included banks, government institutions, police forces, as well as the gaming industry.

From Europol: "The administrators of the DDoS marketplace webstresser.org were arrested on 24 April 2018 as a result of Operation Power Off, a complex investigation led by the Dutch Police and the UK’s National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world. The administrators were located in the United Kingdom, Croatia, Canada and Serbia. Further measures were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong. The illegal service was shut down and its infrastructure seized in the Netherlands, the US and Germany."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DDoS

Categories: News and Updates

Cyber Scorecarding Services

Domain industry news - Wed, 2018-04-25 20:13

Ample evidence exists to underline that shortcomings in a third-parties cybersecurity posture can have an extremely negative effect on the security integrity of the businesses they connect or partner with. Consequently, there's been a continuous and frustrated desire for a couple of decades for some kind of independent verification or scorecard mechanism that can help primary organizations validate and quantify the overall security posture of the businesses they must electronically engage with.

A couple of decades ago organizations could host a small clickable logo on their websites — often depicting a tick or permutation of a "trusted" logo — that would display some independent validation certificate detailing their trustworthiness. Obviously, such a system was open to abuse. For the last 5 or so years, the trustworthiness verification process has migrated ownership from the third-party to a first-party responsibility.

Today, there are a growing number of brand-spanking-new start-ups adding to pool of slightly longer-in-the-tooth companies taking on the mission of independently scoring the security and cyber integrity of organizations doing business over the Web.

The general premise of these companies is that they'll undertake a wide (and widening) range of passive and active probing techniques to map out a target organizations online assets, crawl associated sites and hidden crevasses (underground, over ground, wandering free… like the Wombles of Wimbledon?) to look for leaks and unintended disclosures, evaluate current security settings against recommended best practices, and even dig up social media dirt that could be useful to an attacker; all as contributors to a dynamic report and ultimate "scorecard" that is effectively sold to interested buyers or service subscribers.

I can appreciate the strong desire for first-party organizations to have this kind of scorecard on hand when making decisions on how best to trust a third-party supplier or partner, but I do question a number of aspects of the business model behind providing such security scorecards. And, as someone frequently asked by technology investors looking for guidance on the future of such business ventures, there are additional things to consider as well.

Are Cyber Scorecarding Services Worth it?

As I gather my thoughts on the business of cyber scorecarding and engage with the purveyors of such services again over the coming weeks (post RSA USA Conference), I'd offer up the following points as to why this technology may still have some business wrinkles and why I'm currently questioning the long-term value of the business model.

1. Lack of scoring standards

There is no standard to the scorecards on offer. Every vendor is vying to make their scoring mechanism the future of the security scorecard business. As vendors add new data sources or encounter new third-party services and configurations that could influence a score, they're effectively making things up as they go along. This isn't necessarily a bad thing, and ideally, the scoring will stabilize over time at a per vendor level, but we're still a long way away from having an international standard agreed to. Bear in mind, despite two decades of organizations such as OWASP, ISSA, SANS, etc., the industry doesn't yet have an agreed mechanism of scoring the overall security of a single web application, let alone the combined Internet presence of a global online business.

2. Heightened Public Cloud Security

Third-party organizations that have moved to the public cloud and have enabled the bulk of the default security features that are freely available to them and are using the automated security alerting and management tools provided, are already very secure — much more so that their previous on-premise DIY efforts. As more organizations move to the public cloud, they all begin to have the same security features, so why would a third-party scorecard be necessary? We're rapidly approaching a stage where just having an IP address in a major public cloud puts your organization ahead of the pack from a security perspective. Moreover, I anticipate that the default security of public cloud providers will continue to advance in ways that are not easily externally discernable (e.g., impossible travel protection against credential misuse) — and these kinds of ML/AI-led protection technologies may be more successful than the traditional network-based defense-in-depth strategies the industry has pursued for the last twenty-five years.

3. Score Representations

Not only is there no standard for scoring an organization's security, it's not clear what you're supposed to do with the scores that are provided. This isn't a problem unique to the scorecard industry — we've observed the phenomenon for CVSS scoring for 10+ years.

At what threshold should I be worried? Is a 7.3 acceptable, while a 7.6 means I must patch immediately? An organization with a score of 55 represents how much more of a risk to my business versus a vendor that scores 61?

The thresholds for action (or inaction) based upon a score are arbitrary and will be in conflict with each new advancement or input the scorecard provider includes as they evolve their service. Is the 88.8 of January the same as the 88.8 of May after the provider added new features that factored in CDN provider stability and Instagram crawling? Does this month's score of 78.4 represent a newly introduced weakness in the organization's security, or is the downgraded score an artifact of new insights that weren't accounted for previously by the score provider?

4. Historical References and Breaches

Then there's the question of how much of an organizations past should influence its future ability to conduct business more securely. If a business got hacked three years ago and the responsibly disclosed and managed their response — complete with reevaluating and improving their security, does another organization with the same current security configuration have a better score for not having disclosed a past breach?

Organizations get hacked all the time — it's why modern security now works on the premise of "assume breach." The remotely visible and attestable security of an organization provides no real insights into whether they are currently hacked or have been recently breached.

5. Gaming of Scorecards

Gaming of the scorecard systems is trivial and difficult to defend against. If I know who my competitors are and which scorecard provider (or providers) my target customer is relying upon, I can adversely affect their scores. A few faked "breached password lists" posted to PasteBin and underground sites, a handful of spam and phishing emails sent, a new domain name registration and craftily constructed website, a few subtle contributions to IP blacklists, etc. and their score is affected.

I haven't looked recently, but I wouldn't be surprised if some blackhat entrepreneurs haven't already launched such a service line. I'm sure it could pay quite well and requires little effort beyond the number of disinformation services that already exist underground. If scorecarding ever becomes valuable, so too will its deception.

6. Low Barrier to Market Entry

The barrier for entry into the scorecarding industry is incredibly low. Armed with "proprietary" techniques and "specialist" data sources, anyone can get started in the business. If for some reason third-party scorecarding becomes popular and financially lucrative, then I anticipate that any of the popular managed security services providers (MSSP) or automated vulnerability (VA) assessment providers could launch their competitive service with as little as a month's notice and only a couple of engineers.

At some point in the future, if there ever were to be standardization of scorecarding scores and evaluation criteria, that's when the large MSSP's and VA's would likely add such a service. The problem for the all the new start-ups and longer-toothed start-ups is that these MSSP's and VA's would have no need to acquire the technology or clientele.

7. Defending a Score

Defending the integrity and righteousness of your independent scoring mechanism is difficult and expensive. Practically all the scorecard providers I've met like to explain their efficacy of operation as if it were a credit bureau's Credit Score — as if that explains the ambiguities of how they score. I don't know all the data sources and calculations that credit bureaus use in their credit rating systems, but I'm pretty sure they're not port scanning websites, scraping IP blacklists, and enumerating service banners — and that the people being scored have as much control to modify the data that the scoring system relies upon.

My key point here though lies with the repercussions of getting the score wrong or providing a score that adversely affects an organization to conduct business online — regardless of the scores righteousness. The affected business will question and request the score provider to "fix their mistake" and to seek compensation for the damage incurred. In many ways it doesn't matter whether the scorecard provider is right or wrong — costs are incurred defending each case (in energy expended, financial resources, lost time, and lost reputation). For cases that eventually make it to court, I think the "look at the financial credit bureau's" defense will fall a little flat.

Final Thoughts

The industry strongly wants a scoring mechanism to help distinguish good from bad, and to help prioritize security responses at all levels. If only it were that simple, it would have been solved quite some time ago.

Organizations are still trying to make red/amber/green tagging work for threat severity, business risk, and response prioritization. Every security product tasked with uncovering or collating vulnerabilities, misconfigurations, aggregating logs and alerts, or monitoring for anomalies, is equally capable of (and likely is) producing their own scores.

Providing a score isn't a problem in the security world, the problem lies in knowing how to respond to the score you've been presented with!

Written by Gunter Ollmann, CTO, Security (Cloud and Enterprise) at Microsoft

Follow CircleID on Twitter

More under: Cybersecurity

Categories: News and Updates

April 22, 1993 - A Day The Internet Fundamentally Changed

Domain industry news - Wed, 2018-04-25 15:49

25 years ago, on April 22, 1993, a software release happened that fundamentally changed the user experience of the Internet. On that day, version 1.0 of "NCSA Mosaic for the X Window System" was released. You could now have (gasp!) text MIXED WITH IMAGES on the same page!

Reading the Mosaic 1.0 release notes from Marc Andreessen is a bit of fun, as it includes gems like "Fixed mysterious stupid coredump that only hits Suns.” and " Obscure infinite loop triggered by extra space in IMG tag fixed.” It brings us back to a different era when the number of computing platforms was much smaller, as was the community of Internet users.

Marc, of course, would go on to co-found Netscape which would bring many improvements to the user experience, perhaps most notably the progressive loading of images. Unlike Mosaic, we suddenly no longer had to wait for everything to be downloaded to see the page displayed!

But all that was still to come. Back in April 1993, we were just delighted to be experimenting with this new Mosaic and this "World Wide Web" thing.

You must remember that at that time the Internet was primarily a text-based medium. Email was the major communication method. "Publishing", such that it was, took place on menu-based gopher servers (with veronica for search), or by placing files on FTP servers (with archie for search), or by posting text into various USENET groups. Even this small new service known as the "World Wide Web" was all text.

Sure, you could download/view images, but to do so, you chose a link or a menu item or a filename. And you got the one image or movie or whatever.

Mosaic allowed us to display both images and text mixed together. The images were "inline", as we would say. Wired published a good piece back in April 2010 that provides some perspective about how much this changed.

And suddenly so many of us wanted to publish our own web pages with our own images!

As if this weren't enough, Mosaic also did something else remarkable - it gave us one user client that could connect to many different Internet services. From within Mosaic, you could connect out to all the other existing services. As stated in the 1.0 release notes:

NCSA Mosaic provides a consistent and easy-to-use hypermedia-based interface into a wide variety of networked information sources, including Gopher, WAIS, World Wide Web, NNTP/Usenet news, Techinfo, FTP, local filesystems, Archie, finger, Hyper-G, HyTelnet, TeXinfo, telnet, tn3270, and more.

(Remember all those?) Sure, the ftp experience in Mosaic might not have been as good as a dedicated FTP client, but it was "good enough" for many people.

I doubt many of us (myself included) had any clue how much our world would change. Mosaic would put a "face" on the Internet for so many new users. It made the alphabet soup of existing command-line tools so much easier and accessible to non-techie users. And it ushered in the rise of Web from this small experimental service on the Internet ... to becoming the dominant way in which we interact with content across the Internet. It opened the door to what would become millions and then billions of people communicating, connecting, coordinating, collaborating and creating. And, of course, commerce. And it started the idea of the "web browser" being the one tool you could use to access all services.

But back in April 1993, all those of us on UNIX platforms knew was that this Mosaic thing many of us had been playing with in beta form for a few months was now available as "1.0". The Windows and Mac versions would come later that year. It was fun. It was cool.

And it would forever change the way users interact with services on the Internet.

Written by Dan York, Author and Speaker on Internet technologies - and on staff of Internet Society

Follow CircleID on Twitter

More under: Web

Categories: News and Updates

Privacy advocates want Whois private by default. It shouldn’t be.

Domain Name Wire - Wed, 2018-04-25 15:25

Like many other public databases, Whois serves a vital public interest. It shouldn’t be private by default.

It’s becoming increasingly clear that privacy advocates are using GDPR as an opportunity to demand privacy for all domain name registrants. They are successfully framing the discussion as privacy should be the expectation of everyone, and any exception to that requires scrutiny.

That’s a far cry from today’s status quo. No privacy is the default but privacy can be added.

Perhaps my view is colored by being a U.S. citizen, but I believe privacy advocates are going to far.

I have a reasonable expectation of privacy in my home. I don’t have one when I go out on the street. I also don’t automatically get privacy when I buy a home or car, start a business, or register a domain name.

Anyone in Austin can look up information about a homeowner’s property and its taxes through a centralized database. A record of my car purchase is available from the county or state. My name is attached to my business registrations. And for domains, there’s Whois.

Now, if I really want or need privacy, I can get it. But I have to put a little bit of effort into it. I can use a proxy for my transactions. A homebuyer can create a trust to buy a home or they can request their information be obscured in the county’s appraisal database. I can use a registered agent for my business. And I can use a Whois proxy service for my domain name.

The public is well served by making this information public. They can investigate who is behind a company. They can spot fraud or foreign governments spreading discontent. They can understand trends and find evidence of discrimination using public data.

Those people who need a little extra privacy can readily get it by essentially “opting out” of having their information public.

I’m fortunate to live in a country in which the government isn’t trying to silence bloggers (for the most part).

Anonymity can be a real problem for people in some parts of the world, and it’s an issue that domain name registrars have created a solution for: Whois proxy services, often called Whois privacy.

These services work really well and they can be added for free at many registrars. Registrars are good at pushing these services on registrants, too; GoDaddy adds them by default and asks people to opt out of using them.

Yes, you can interpret GDPR as meaning that Whois information should be private…for EU residents and citizens.

I also understand that the easiest approach for domain registrars is to use a blanket approach across all registrants.

But we should be careful about framing the discussion as privacy-first.

One of the areas this is coming up is with an accreditation system to give certain groups access to full Whois records. Privacy advocates are worried about people getting access to Whois records as these people chase down IP infringers, find phishers and, in my case, perform journalistic research.

Of course, GDPR will still apply to what people do with this data. I’m not going to take 20 unmasked Whois records of EU citizens and publish them. But there’s a real public interest in this data.

This is one of the reasons I believe there will still be a use for Whois proxy services in the age of GDPR. Even with an accredited access model, information will be seen by many groups…including government agencies.

If people truly need protection they can add a proxy service. At the same time, the public is served by making most of the information public.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. 15%-25% of Domain Names are Registered with Masked Whois
  2. Domain investors risk being left out of Whois discussion
  3. I just fixed Whois and GDPR
Categories: News and Updates

Credit bureaus go after more AnnualCreditReport.com typosquatters

Domain Name Wire - Wed, 2018-04-25 14:12

Company says that domains are typos of its AnnualCreditReport.com site.

Central Source, a company created by the three major U.S. consumer credit bureaus to AnnualCreditReport.com, has filed another lawsuit (pdf) against alleged typosquatting domain names.

The company has filed at least 10 cases in the past including one against 227 domain names.

The latest suit is against 15 domain names including annualcrediitreport(dot)com, wwwannualcreditreports(dot)com and httpannualcreditreport(dot)com.

Central Source says it has tried to identify the owners of the domain names but was thwarted by Whois privacy services and fake Whois information.

The in rem lawsuit was filed in Virginia, the home of .com registry Verisign. Many plaintiffs files in rem suits there to recover domain names.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Cybersquatting lawsuit filed against AnnualCreditReport.com typos
  2. AnnualCreditReport.com goes after a big typosquatter
  3. Edelman: Domainers Cause Harm, Add Little Value
Categories: News and Updates

DNS Server Hijacking Results in Funds Being Stolen from Popular Crypto Website, MyEtherWallet

Domain industry news - Tue, 2018-04-24 20:36

Close to 1300 IP addresses were hijacked this morning resulting in Amazon losing control of a number of its highly used cloud services. "The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users," reports Dan Goodin in Ars Technica. "Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country… The redirection came by rerouting domain-name system traffic and using a server hosted by Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site… The attackers managed to steal only a small amount of currency from MyEtherWallet users, most likely because the phishing site used a fake HTTPS certificate that would have required end users to click through a browser warning."

Update April 27, 2018 – Statement provided by Equinix: "Equinix is based in Redwood City, California. The server used in this incident was not an Equinix server but rather customer equipment deployed at one of our Chicago IBX data centers. Equinix is in the primary business of providing space, power and a secure interconnected environment for our more than 9800 customers inside 200 data centers around the world. We generally do not have visibility or control over what our customers — or customers of our customers — do with their equipment. Our role is to provide the best environment possible for our customers to transform their business. Through our blog and other customer resources, we offer best practices and advice for our customers on a variety of topics related to their digital infrastructure deployment including security."

Follow CircleID on Twitter

More under: Cyberattack, DNS

Categories: News and Updates

Afilias plans to file IRP to halt .Web

Domain Name Wire - Tue, 2018-04-24 17:42

More slowdowns for .web domain name.

A lawyer for domain name registry Afilias says the company plans to file a Cooperative Engagement Process (CEP) and subsequent Independent Review Process (IRP) should ICANN move forward with delegating .Web to Nu Dot Co.

Nu Dot Co won the auction to operate .web for $135 million. It was bankrolled by Verisign (NASDAQ:VRSN), and Nu Dot Co had an agreement with Verisign to assign rights to the domain after it completed contracting.

Afilias was one of the companies that was upset; it was the runner-up in the auction.

Donuts pursued the matter as well. It was disappointed that Nu Dot Co forced an auction of last resort rather than a private auction in which Donuts would get to split the proceeds. After going through ICANN’s accountability processes it sued ICANN. A court tossed the case out because new TLD applicants agreed not to sue, but Donuts appealed.  The appeals court has yet to hand down its decision. Oral arguments will likely occur this fall.

Adding to the delays was the U.S. government, which launched an antitrust investigation into Verisign running what many people think is the best new top level domain. The government closed its investigation without taking action.

Afilias is asking ICANN to give it a 60 day “heads up” when it starts contracting with Nu Dot Co so that it can file for CEP.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Verisign signs .com contract extension, amends cooperative agreement
  2. Donuts asks judge to allow limited discovery
  3. Department of Justice closes investigation on Verisign running .web
Categories: News and Updates

Is .Com still king in China?

Domain Name Wire - Tue, 2018-04-24 16:40

Kassey Lee analyzes new data about domain name and website usage in China.

Is .com still king in China? How important is .cn? Is there any other extension worth watching in China? These are questions many domain investors may have in their minds. To answer these questions, I turn to the annual publication “China Statistical Report on Internet Development,” the latest of which was released last month.

The big picture first. China now has a whopping 772 million internet users but the figure represents only 56% of the entire Chinese population, indicating a lot of room for further growth. More internet users will drive more demand for products and services, which in turn will require more websites.

You can also look at it from the number of websites developed in China. The number has grown to 5.3 million but is still very small when compared with the approximately 90 million companies reported by the National Bureau of Statistics of China. This large gap may be due to companies not being online yet or running their business on ecommerce platforms such as JD.com. Eventually, these companies will want to move to their own website to gain complete control of their business. Therefore, we can expect real demand for domains to continue for a long time in China.

Now let’s look at the domain market. The chart below shows domains registered in China since 2005. The total number of domains as of December 2017 was 38 million.

You may notice that the market skyrocketed in 2007. This was caused by speculative demand for .cn domains encouraged by attractive registration fees as low as 30 cents per domain. However, the demand fell off when the Chinese government announced a new rule in 2009 requiring all domain owners to submit personal information and photo identification. This rule especially hurt investors outside China, and many simply let their domains drop. Domain registrar Godaddy even stopped .cn registration in 2010 and did not resume it until early 2016.

The market recovered in 2012 when real demand for .cn and .com propelled the growth. Then, 2015 and 2016 saw another speculative boom with rapid growth of 51% and 36% respectively thanks to new investment themes: Chip (Chinese premium) and long number domains. When speculation died down, however, many investors simply let their domains expire, causing the drop in 2017.

Now, let’s look at individual extensions. Starting 2013, the survey provides information about the following extensions.

Year20132014201520162017 cn1082948011089231163635942060149120845513 com63114807949939109979411434524311307915 net743996910031141500116330711288239 info6451547624261072243211170601 org164476232614397970330457253819 biz517428548370770210062154322 .中国 (China)2745532853953527854741151895745 Others369209139634644569421564201 Total1844061120600000310205144227570238480355

Obviously, .cn and .com are the major players with market shares of approximately 50% and 30% respectively. Both are considered mainstream extensions in China and have kept their strong position for more than 10 years. Therefore, they are the best candidates for investment, with .com being the king in terms of prices and .cn the queen in terms of quantity. In corporate China, .com is the first choice.

If you invest in .cn domains, be aware that single-dot (second level) .cn domains are the norm, accounting for 80% of all .cn domains. The biggest third level domain category .com.cn (two dots) has only 11%. The global trend, in my opinion, is one-dot domains because of simplicity and consistency for consumers.

.net has grown from a mere 0.2 million in 2005 to 1.3 million in 2017 (ignoring the speculative boom mentioned earlier). .info and .中国 (China) are worth watching as they both broke the 1 million registration mark in 2017. To a lesser extent, .biz has increased as well. For new extensions launched in the last few years, unfortunately, they are still buried under the “Others” category, suggesting that they are not significant enough to be worth separate listing.

The report also contains other information relevant to domain investment. One thing unique to China is that it skipped the PC era and jumped right into mobile phone age. As a result, 98% of the internet users access the internet from their mobile phones. Therefore, if you plan to sell domains to Chinese buyers, make sure your sales landing page is designed for mobile phones. Also, 92% of the internet users use a messaging app such as Wechat as their communication tool. These apps are actively used by Chinese 24/7, so they will enable you to get reply from Chinese buyers much faster than by email which is not that popular in China.

If you plan to sell domains to Chinese buyers, make sure your sales landing page is designed for mobile phonesClick To Tweet

In short, the future of the Chinese domain market is bright and continued growth can be expected. .com remains king as it is favored by corporate China and it commands the highest prices. .Cn is most popular in terms of numbers because of wider choices and lower prices than .com. Finally, the extensions to watch are .info and .中国 (China).

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Report suggests bright future for Chinese domain market
  2. Analysis: next generation companies in China still prefer .com
  3. For VeriSign, it’s 2009 all over again
Categories: News and Updates

GoDaddy gets extensive aftermarket domain transfer patent

Domain Name Wire - Tue, 2018-04-24 15:10

GoDaddy (NYSE:GDDY) patent covers a number of methods for transfering domains as the result of an aftermarket sale.

The U.S. Patent and Trademark Office has granted patent number 9,954,818 (pdf) which covers a number of aspects of selling an expired domain.

The patent is a continuation-in-part of many other patents and is titled “Domain name hi-jack prevention”. However, the claims are directly related to certain aspects of domain name aftermarket purchases.

These include the fast transfer system used by Afternic, which involves getting pre-authorization from a seller and its registrar to transfer a domain name in the event of a sale. It also lists methods of handling domain name escrow transfers as well as selling expired domains.

Sarah Ptalis (Sr. Director of Product Management), Paul Nicks (VP, Aftermarket) and Frank Taylor (Director of Premier Services) are listed as inventors.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. GoDaddy releases earnings, picks GDDY ticker
  2. GoDaddy is buying NamesCon
  3. GoDaddy (GDDY) reports earnings, domain revenue of $263.3 million
Categories: News and Updates

EFF: Net Neutrality Not Dead Yet

Domain industry news - Tue, 2018-04-24 14:05

A number of news sources marked Monday, April 23, as the day Net Neutrality died. EFF in response posted a blog clarifying that the case is not true. "We still don't know when the previous net neutrality protections will end." Katharine Trendacosta writes: "On the Federal Register's website — which is the official daily journal of the United States Federal Government and publishes all proposed and adopted rules, the so-called 'Restoring Internet Freedom Order' has an 'effective date' of April 23. But that only applies to a few cosmetic changes. The majority of the rules governing the Internet remain the same — the prohibitions on blocking, throttling, and paid prioritization — remain. Before the FCC's end to those protections can take effect, the Office of Management and Budget has to approve the new order, which it hasn't done. Once that happens, we'll get another notice in the Federal Register. And that's when we'll know for sure when the ISPs will be able to legally start changing their actions."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation

Categories: News and Updates

Some panelists are afraid to find RDNH

Domain Name Wire - Tue, 2018-04-24 13:39

I can’t believe this panelist didn’t find RDNH.

A World Intellectual Property Organization panelist has found in favor of the owner of CAGI.com in a cybersquatting complaint but, for some mysterious reason, failed to find reverse domain name hijacking.

CSP International Fashion Group S.p.A., which owns CAGI.eu, filed the dispute against Capitol Appraisal Group.

Capitol Appraisal Group registered the domain name in 1995 and uses the domain for its business.

Here’s what panelist Dawn Osborne considered when finding that the case was not reverse domain name hijacking:

Nevertheless, a finding of reverse domain name hijacking involves some notion of wrongdoing or bad faith on the part of the Complainant. The panelist is not prepared to go this far as the extent of the Respondent’s rights and legitimate interests were not known to the Complainant who may have brought the Complaint in good faith. Therefore the Panel declines to make a finding of reverse domain name hijacking.

The extent of the respondent’s rights and legitimate interests were not known? OK, ask your child to take a look at the website at CAGI.com:

Ask them if it looks like a company is using the domain for its business.

The law firm representing the complainant, Rödl & Partner, was also not found guilty of reverse domain name hijacking in the recent case for MyBoutique.com.

They are losing cases but getting rather lucky on RDNH findings.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Non-Profit Urban Logic Guilty of Reverse Domain Name Hijacking
  2. USU.com Saved, But Panel Doesn’t Consider Reverse Domain Name Hijacking
  3. Clearwater Systems Guilty of Reverse Domain Name Hijacking
Categories: News and Updates

It Is All About Trust

Domain industry news - Tue, 2018-04-24 13:35

Trust is the lifeblood of the Internet and central to everything that is done here. In order for the current 3.5 billion users to continue using the Internet and its services, and for the next billion users to connect to the Internet, trust is required. The importance of trust is seen even more in Africa where, though there is a high growth of Internet users, the e-commerce uptake rate is very low. Users are very reluctant to carry out financial transactions over the Internet because of fear of being attacked by cybercriminals. Surprisingly though, many of these very users who are afraid to transact over the Internet choose to trust it with their privacy. They share everything about their lives on social media platforms. Such trust in social media could arguably be due to users lack of understanding of the concept of privacy especially since for most of them, their privacy is already being violated offline by their state governments. But the blind trust of social media is not only an African thing, studies show that users worldwide do not understand the data trade-off or are unaware of the implications of using social media platforms for free.

This is why policymakers and Internet optimists should be very worried when violations like the Facebook-Cambridge Analytica scandal occur, where 30 million personality profiles, constructed from 50 million Facebook users' data were sold to politicians to influence political elections. Big data and commercial profiling have enabled predatory targeting and unprecedented commercial discrimination. If users understood that data collected about them, of something as simple as a Facebook post about a car breakdown or a late bill payment post, could be used to determine their creditworthiness to access loans, for example, they would be very concerned. Not knowing what data is being collected about you and what it is being used for, is a concern and users find this creepy. Laws that encourage transparency in data collection and use, which gives control of the data to users will significantly improve users' trust.

How the Internet evolves from here on, its economic and social impact, and its ability to help achieve the UN Sustainable Development Goals (SDGs), depends on users trusting the Internet and its services. The end-to-end, permissionless nature of the Internet allows for and promotes innovation, but there will be no one using the innovative services if there exists no trust of the infrastructure over which the services are delivered. It seems obvious that the next billion Internet users will be from emerging regions like Africa because, though the Internet appears ubiquitous in North America and Europe, it isn't the case in other regions like Africa. It will, therefore, take more than just innovation and investment in infrastructure to bring the next billion of users onboard. Users not yet connected will need to be convinced that it is indeed safe to carry out financial transactions on the Internet, that they can trust service providers and platforms on the Internet with their data. Because as a survey carried out by the United Nations Conference on Trade and Development (UNCTAD) concludes, lack of trust is a top reason for not purchasing good or services online.

Written by Tomslin Samme-Nlar, Technology Consultant

Follow CircleID on Twitter

More under: Cybersecurity, Internet Governance

Categories: News and Updates

Digital Transformation in Five Minutes: What, Why and How

Domain industry news - Mon, 2018-04-23 18:35

Digital Transformation (DX) is picking up speed. According to a recent announcement by IDC, the market is expected to grow at a Compounded Annual Growth Rate (CAGR) of 17.9% to reach a whopping 321 billion dollars by 2021. In 2018 alone, IDC expects that 326 billion will be spent on transforming how people and things communicate.

Based on these numbers, it looks like Digital Transformation has become the real deal. The chances are it will have a tremendous impact on how our societies work and play going forward. Yet it seems that there is some ambiguity as to what Digital Transformation really is, how it came to be, and what actions organizations should take to embrace it.

The Short History of Digital Transformation

Over the last 20 years, most of the things we use on daily basis have been digitalized. Our communication methods have changed from analogical to digital. Much of our day-to-day activities including work is nowadays carried out electronically. Yet at the same time, the underlying processes have not changed drastically.

Looking at the productivity growth in the Western economies, the advances started winding down already some 30 years ago. Even digitalization and the growth of the Internet have been unable to change this pattern. As these two phenomena were expected to increase productivity, many economists have been taken by surprise.

What I believe has transpired is that the law of diminishing returns caught up with the industrial processes and business models of the post-war era. Despite all the digitalization efforts, we have reached a productivity plateau where improvements to the existing processes have become costlier than the productivity gains that they realize.

But while the productivity gains eroded, something else changed. With on-going advances in new technologies such as cloud computing, Artificial Intelligence (AI) and the Internet of Things (IoT), we have created new enablers that can be used to implement rethought processes that leverage the digitalized assets and media at our disposal. Essentially, it is the creation of these new processes and business models that Digital Transformation boils down to.

Making Digital Transformation Happen

With all the buzz going around on Digital Transformation, it sometimes reminds me about an old joke about teenage sex. Everyone is talking about it; no one knows how to do it; everyone thinks that everyone else does it; so everyone claims they are doing it too. At the end of the day, though, there are a few simple steps that can be taken to improve the chances of a successful transformation:

  • Focus on people. Like with all changes of large magnitude, they do not happen without engaging people. Therefore, before embarking on a Digital Transformation journey, we should be extremely clear on the why and what driving the change. With no concrete goals and little motivation, any transformation initiatives are likely to be watered down into a series of incremental improvements.
  • Define the business processes. Once the what and the why have been clarified, the next step in the transformation is to define the how. As this will essentially becomes the source of one's competitive advantage, majority of the input should come from within the organization. This ensures that transformational activities are based on challenges and opportunities specific to the organization. Once the how is defined, it also makes it easier to obtain the required buy-in, once the transition is on its way.
  • Implement the framework. After the what, why and how have been laid out, the time is right for designing a business platform that enables the rethought processes and business models. Since predicting the future is hard, one of the most important considerations here is to ensure that selected systems have been designed to meet the agility, the scalability and the interoperability requirements of tomorrow.

Considering the technological advances over the last couple of years, we now have the foundation in place to take the leap forward. The biggest obstacles holding us back are our imagination and the creativity in how we harness the new technologies. By being willing to let go of existing business models and processes, we are able to rethink new ones that will create unprecedented levels of prosperity and well-being for the decades to come.

To me, this is really what digital transformation is all about. Enjoy the ride.

Written by Juha Holkkola, Co-Founder and Chief Technologist at FusionLayer Inc.

Follow CircleID on Twitter

More under: Access Providers, Blockchain, Broadband, Cloud Computing, Cybersecurity, Data Center, Internet Governance, Internet of Things, Mobile Internet, Web

Categories: News and Updates

Park.io starts drop catching .AI domains

Domain Name Wire - Mon, 2018-04-23 17:51

Service known for ccTLDs adds .ai domains.

Park.io has begun offering drop catching services for .AI domain names. .AI is the country code for Anguilla but has become popular for artificial intelligence companies.

Park.io is known for helping domain investors get popular country code domain names that are good for domain hacks or have taken on a meaning of their own, such as .io, .me and .ly.

The addition of .ai domains was made possible by the registry moving to EPP.

As with all domain names at Park.io, catch fees are $99 and include a year registration. If there’s more than one interested party there will be an auction.

One of the first featured .ai domains coming up is eat.ai.

© DomainNameWire.com 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

No related posts.

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer