Many software applications rely on validation routines to check the validity of domain names. By validation, I mean here to test the string submitted by the user and see if it matches a pre-defined pattern. A typical example are web forms that need to validate e-mail addresses. This is by new means a new issue. It first appeared with the introduction of the .info Top-Level Domain (TLD). more
In the case of Lands' End, Inc. v. Remy, the defendant website owners were accused of crafting a clever scheme to get some extra commissions from their affiliate relationship with landsend.com. It looks like the scheme has backfired, however, as Lands' End's claim against the defendants under the Anticybersquatting Consumer Protection Act, [15 U.S.C. §1125(d)] ("ACPA") has survived a summary judgment motion and the case is heading for trial. more
According to page 123 of ICANN's annual report: "...Commitment to continued payment in the salary span of 50th to 75th percentile of for-profit market place of companies of a similar size and complexity to ICANN..." Note that the comparables have been "for-profit". This is obviously ridiculous, given the purported non-profit nature of ICANN, with its inherent job security... more
According to Google's 2006 Year-End Review, dubbed Zeitgeist, or the cultural climate of an era, a majority of the top-ten search terms for 2006 were trademarks. Topping the list is the registered BEBO mark which is held by Bebo.com LLC, a California company that runs a social networking website. Second on the list was MYSPACE, the registered mark associated with Newscorp's $580 million social-networking giant. Next, as a result of a majority of the world catching soccer fever over the summer, "world cup" ranked as the third most searched term... more
Here's another interesting angle on the Verisign Site Finder Web site. VeriSign has hired a company called Omniture to snoop on people who make domain name typos. I found this Omniture Web bug on a VeriSign Site Finder Web page... more
Here's my opening remarks from Media Access Project's Innovation '08 in Santa Clara this morning. A DVD will be available shortly. This was a lively discussion, with Google and Vuze on the case. Good morning and welcome. My name is Richard Bennett and I'm a network engineer. I've built networking products for 30 years and contributed to a dozen networking standards, including Ethernet and Wi-Fi... I'm opposed to net neutrality regulations because they foreclose some engineering options that we're going to need for the Internet to become the one true general-purpose network that links all of us to each other, connects all our devices to all our information, and makes the world a better place. Let me explain. more
The domain industry media was abuzz last week with speculation that tech giant Apple may be gearing up to launch its .apple brand TLD. Rumours began when it was discovered that Apple registered 29 .com domain names that to the untrained eye, appear to be strangely worded. These include the likes of imovieapple.com, macbookproapple.com and ipadapple.com, providing hope to many industry pundits that they could potentially be defensive registrations designed to protect Apple from losing traffic when it begins to utilise its .apple TLD. more
There are now several different courts of appeals that have upheld the right of individuals to post a non-commercial website using the domain name www.company.com, and there are as yet NO appellate decisions that forbid such websites outside the context of the serial cybersquatter who tries to erect a so-called gripe site as a CYA measure after being sued. In fact, it seems to me that we are getting close to the point where companies that sue over such websites have to consider seriously the possibility that they will not only lose the suit, but face a malicious prosecution action... more
There is a published spoofing attack using homographs IDN. By using a Cyrillic SMALL LETTER A (U+430), Securnia is able to pretend to be http://www.paypal.com/. Actually this is well-documented in RFC 3490 under the Security Consideration: "To help prevent confusion between characters that are visually similar, it is suggested that implementations provide visual indications where a domain name contains multiple scripts. Such mechanisms can also be used to show when a name contains a mixture of simplified and traditional Chinese characters, or to distinguish zero and one from O and l..." more
In a very casual and low-key footnote over the weekend, ICANN announced it would be further bypassing the Affirmation of Commitments and ignoring the WHOIS Review Team Report. There will be no enhanced validation or verification of WHOIS because unidentified people citing unknown statistics have said it would be too expensive... As a topic which has burned untold hours of community debate and development, the vague minimalist statement dismisses every ounce of work put in by stakeholders. more
After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I've been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period... To recap, DNSSEC is an approach to adding some "security" into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. more
A number of people, notably Viviane Reding, the European Commissioner for Information Society and Media, have been asking about how to Break The Internet. Since Mme Reding seems to have absolutely no prior experience in the Information Technology, Computing or Telecommunications industries, I have prepared this brief HOWTO. "1. Declare the creation of a new Root Zone. This is the easy bit - all you have to do is spout great volumes of hot air at a conference in Geneva, and then storm out in a huff when other people refuse to take you seriously. Then you get the PFY who services your photocopier to declare the creation of a new European Root Zone! Hooray!" more
In our continuing review of Rogue Registrars we have stumbled upon on a very elaborate fake banking site for "Swiss Bank" or "Bank of Switzerland". To the casual Internet consumer this site probably appears legitimate, but a number of clues tip off the fraud. Phishing sites are everywhere so this does not immediately raise eyebrows until you review the Thick WHOIS record for the domain. more
I wrote this history and analysis of domain tasting for the ICANN Business Constituency membership. It's by no means perfect but I thought I'd share it with those who would like a bit more color on the subject. "Present day 'Domain Tasting' has its roots in 2001 and 2002 when a small group of ambitious domain registrants persuaded two registrars to allow them to register large blocks of domain names for the purpose of establishing which names garnered type-in traffic..." more
We have just returned from the Brussels, Belgium ICANN meeting where we released our Registrar audit, the Internet "Doomsday Book." There are many topics covered in the report, but we wanted to follow up specifically on the issue of WHOIS access and add data to our previous column Who Is Blocking WHOIS? which covered Registrar denial of their contracted obligation to support Port 43 WHOIS access. more
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byRadix
A World-Renowned Source for Internet Developments. Serving Since 2002.