I recently had the opportunity to speak on a podcast with Dave Bittner at CyberWire to discuss how .AI is giving cybercriminals a new avenue to take advantage of some of the largest companies in the world based on research findings from CSC's 2023 Domain Security Report. Below is a summary of the key points discussed during this podcast. more
In the last year, the company that runs the Turkish Domain Registry has made many changes to how the extension is run. First, it has a brand new portal for registrars to interact with, liberalizing the extension .COM.TR, so registrants are no longer required to meet local presence rules, and it has launched a new dispute process to help brand holders recover domain names. more
The Internet Watch Foundation (IWF) leads the charge to combat child sexual abuse material (CSAM) online, and we at Public Interest Registry (PIR) are dedicated to supporting their efforts. We are honored to work with them across two important programs: Domain Alerts and TLD Hopping List. IWF services have been extremely successful in addressing CSAM on .ORG over the past five years more
From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology. more
It seems that every day, a new artificial intelligence (AI) capability emerges, posing exciting possibilities for technological advancements -- but also great potential to equal or greater risks. Cybercriminals have taken notice of this rapid surge in the popularity of AI technologies and are attempting to take advantage. more
Domain names give your intellectual property visibility, as well as provide function for your company's infrastructure. Vital domain names are simply too important to be left exposed. To protect them, you can add extra layers of security to your digital brand with easy, secure, server-level protection in addition to multi-level locks that combat domain name system (DNS) hijacking and protect against unauthorized changes and deletions to your critical domain names. more
Companies today manage hundreds or even thousands of domain names that support their organization, their visitors from different countries, and their brands and trademarks. They register misspelling of their names as a defensive strategy to protect their brand from online fraud, or from losing traffic to simple user typos. more
In this article, I present an overview of a series of 'proof-of-concept' studies looking at the application of domain-name entropy as a means of clustering together related domain registrations, and serving as an input into potential metrics to determine the likely level of threat which may be posed by a domain. more
On the sunny beaches of Anguilla -- a small island of just 35 square miles -- I'm sure artificial intelligence (AI) is the last thing people are thinking about. The primary industries of Anguilla, set in the Leeward islands in the Caribbean, are tourism and offshore banking. However, this nation has been assigned the country code top-level domain (ccTLD) .AI -- which is being repurposed to represent artificial intelligence. more
In 2014, computer scientist Gavin Wood coined the term "Web 3.0." The phrase, which has now been shortened to "Web3", refers to the third generation of the internet that's designed to be truly decentralised and free from a central authority. Web3 has the potential to add real-world value for businesses by creating additional avenues to reach consumers. However, owing to its less regulated nature, brands also have the potential to be taken advantage of both by users and by the providers in the space. more
The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system and IP addressing. The ROW series is being co-sponsored by Verisign and ICANN and organized by Cofomo, and we are looking forward to an engaging set of talks, panel discussions, and conversations with individuals involved with the operation of domain name registrations systems. more
Last month, the U.S. National Cybersecurity Strategy was launched, providing a new roadmap for stronger collaboration between those operating within the digital ecosystem. The strategy calls on software makers and American industry to take far greater responsibility to assure that their systems cannot be hacked while accelerating efforts by the Federal Bureau of Investigation and the Defense Department to disrupt the activities of hackers and ransomware groups around the world. more
In the fall of 2022, around 9,000 numeric domain names such as 0146.se, 0148.se, 0149.se, and so on were registered in the .SE zone. These domains were registered with two registrars, Register.eu and 1API. They had the same kind of SSL certificate, and there were other similarities among them that strongly suggested they were connected. All these domains were registered after September 1, 2022, but not on the same date... more
Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement... more
Domain tasting is a long-established practice involving the short-lived existence of a domain, which is allowed to lapse a few days after its initial registration. The practice arose in response to an Internet Corporation for Assigned Names and Numbers (ICANN) policy allowing a domain to be cancelled -- with all fees refunded -- within a five-day grace period, intended to address the issue of accidental registrations1. However, the practice is open to abuse by infringers. more