Domain Names

ICANN Should Keep Content Regulation and Other Arbitrary Rules Out of Registry Contracts

The domain name system is not the place to police speech. ICANN is legally bound not to act as the Internet's speech police, but its legal commitments are riddled with exceptions, and aspiring censors have already used those exceptions in harmful ways. This was one factor that made the failed takeover of the .ORG registry such a dangerous situation. But now, ICANN has an opportunity to curb this abuse and recommit to its narrow mission of keeping the DNS running... more

Holiday Shoppers Beware: Tips on Protecting Brand Owners and Consumers from Domain Security Threats

With the COVID-19 pandemic persisting, online shopping will be the preferred method for the 2020 holiday shopping season. While staying home to shop is the safest option right now, it means consumers are more vulnerable to online fraud, counterfeits, and cyber crime. Increased online activity provides opportunities for unscrupulous infringers to abuse trusted brand names to drive visitors to their own fraudulent content. more

Authenticated Resolution and Adaptive Resolution: Security and Navigational Enhancements to the DNS

The Domain Name System (DNS) has become the fundamental building block for navigating from names to resources on the internet. DNS has been employed continuously ever since its introduction in 1983, by essentially every internet-connected application and device that wants to interact online. Emerging from an era where interconnection rather than information security was the primary motivation, DNS has gradually improved its security features. more

Speculating in Domain Names: Pricing War(e)s

Speculation in one form of another has an ancient and honorable history. It not only creates entrepreneurial activity but fuels markets for selling wares and offering services, but also generates competition for consumers and wars over loyalty. The commercialization of the Internet in the 1990s, which extended market activity into virtual (cyber) space, has many of the virtues of the actual but also its vices: cheating and fraud, and other skullduggery. more

An Investigative Analysis of the Silent Librarian IoCs

The Silent Librarian advanced persistent threat (APT) actors have been detected once again, as the academic year started in September. With online classes increasingly becoming the norm, the group's phishing campaigns that aim to steal research data and intellectual property could have a high success rate. Dozens of phishing domain names have been reported, although some may have already been taken down. more

Brand Abuse and IP Infringements – Part 2: Enforcement and Return on Investment

In the first article in this two-part series, we looked at the impact of brand abuse and infringements against intellectual property (IP) on an organization's brand value. In this second article, we delve into how action against enforceable infringements can deliver tangible return on investment (ROI) for a brand, and demonstrate the importance of a robust brand protection program. more

Brand Abuse and IP Infringements – Part 1: Brand Impact

In this two-part blog series, we take a closer look at brand abuse and intellectual property (IP) infringements. In this first article, we explore the components making up a company's IP and how online content can affect a brand's value, both actual and perceived... The IP held by an organization -- i.e., the portfolio of brands, trademarks, and other intangible assets that provide it with its distinctiveness, and protect it from unfair competition in the marketplace... more

ICANN Doubles Down on Technical Internet Governance Label: What Are the Implications?

Back in September of 2020, ICANN CEO Göran Marby wrote a blog post discussing the implementation of "a common strategy for Internet governance (IG) and technical Internet governance (TIG)", raising the question of whether the ICANN org. intended to pursue this distinction moving forward, as debated in a previous article. This was proven to be the case during the 2020 IGF's Open Forum #44: "ICANN Open Forum - Technical Internet Governance", organized by ICANN itself... more

A Brief Look at the Domain Attack Surface of Streaming Media Companies

The term "attack surface" is often heard in cybersecurity conversations. It refers to the sum of all possible attack vectors or the vulnerabilities that threat actors can exploit to penetrate a target network or damage an organization somehow. An unused and forgotten subdomain, for instance, can become an attack vector when taken over. Certain categories of companies have very large attack surfaces. Such is the case of streaming media businesses like Netflix and HBO Max. more

A Look at DNS Trends and What the Future May Hold

We used to think of computer networks as being constructed using two fundamental common infrastructure components: names and addresses. Every connected device had a stable protocol address to allow all other devices to initiate a communication transaction with this device by addressing a data packet to this protocol address. And every device was also associated with a name, allowing human users and human use applications to use a more convenient alias for these protocol addresses. more

2020 Hindsight After 20 Years at ICANN

After two decades of involvement with ICANN, I am stepping down from the Board of Directors, where I served for nine years. I have spent considerable time of late reflecting on the past 20 years, and I have isolated some memories that help frame my time with ICANN. ... November 2000, ICANN07 in Marina del Rey, California - With only a scant idea of what ICANN is all about, I am warmly welcomed by the flag-wearing country code top-level domain (ccTLD) community, who come to ICANN to ensure that nothing happens to affect the independence of ccTLDs... more

US Election-Related Web Properties Prone to Fraud and Misinformation Due to Lack of Domain Security

The risks of fraud and disinformation in the U.S. election process have been hiding in plain sight. CSC's new research finds that a large majority of web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are prone to domain spoofing tactics. This makes them a potential target for hackers looking to spread disinformation ahead of the election, and criminals who want to take advantage of voter intentions... more

Phishing 2020: A Concentrated Dose of Badness

How much phishing is there? Where is it occurring, and why? How can it be reduced? I and my colleagues at Interisle Consulting have just published a new study called Phishing Landscape 2020, designed to answer those questions. We assembled a deep set of data from four different, respected threat intelligence providers and enriched it with additional DNS data and investigation. The result is a look at phishing attacks that occurred in May through July 2020. more

The Whois Wars Go On

There is a lot of discussion about the Expedited Policy Development Process (EPDP) Phase 2 report on evaluating a System for Standardized Access/Disclosure (SSAD) to non-public gTLD registration data after the decisions taken by the GNSO Council on September 24th. Notably, the Business Constituency (BC) and the Intellectual Property Constituency (IPC) have voted against the adoption of the Final Report of the EPDP team. more

The Competition to Become the Next .eu TLD Registry Is Now Open

I am glad to announce that the European Commission has officially launched the process to select the next Registry for the .eu Top-Level Domain (TLD). This is done through a competitive procedure that will be concluded, by October 2021, with the signature of a service concession contract between the European Commission and the entity that will be entrusted with the organisation, administration and management of the .eu TLD. more