There is a published spoofing attack using homographs IDN. By using a Cyrillic SMALL LETTER A (U+430), Securnia is able to pretend to be http://www.paypal.com/. Actually this is well-documented in RFC 3490 under the Security Consideration: "To help prevent confusion between characters that are visually similar, it is suggested that implementations provide visual indications where a domain name contains multiple scripts. Such mechanisms can also be used to show when a name contains a mixture of simplified and traditional Chinese characters, or to distinguish zero and one from O and l..." more
Back in the days of dial-up modems and transfer speeds measured in hundreds of bits per second, unwanted email messages were actually felt as a significant dent in our personal pocketbooks. As increases in transfer speeds outpaced increases in spam traffic, the hundreds of unwanted emails we received per week became more of a nuisance than a serious financial threat. Today sophisticated spam filters offered by all major email providers keep us from seeing hundreds of unwanted emails on a daily basis, and relatively infrequently allow unwanted messages to reach our coveted Inboxes. So, to some degree, the spam problem has been mitigated. But this "mitigation" requires multiple layers of protection and enormous amounts of continually-applied effort. more
As most readers are no doubt aware, when it comes to the topic of Top-Level Domains (TLDs), Internet Corporation for Assigned Names and Numbers (ICANN) takes center stage. Vint Cerf, Google's VP and Chief Internet Evangelist, who has served as chairman of the board of ICANN since the November of 1999 has accepted CircleID's invitation to directly respond to your questions on the topic. This is your opportunity to have your Top-Level Domain related questions responded by Vint Cerf. more
It is now clear that by sending its letter of August 12 blocking approval of the .XXX domain, the US Government has done more to undermine ICANN's status as a non-governmental, multi-stakeholder policy body than any of its Internet governance "enemies" in the ITU, China, Brazil, or Iran. And despite all the calls for a government role that would ensure "rule of law" and "accountability" of ICANN, the interventions of governments are making this aspect of Internet governance more arbitrary and less accountable. more
One of the consistent chants we've always heard from ICANN is that there has to be a single DNS root, so everyone sees the same set of names on the net, a sentiment with which I agree. Unfortunately, I discovered at this week's ICANN meeting that due to ICANN's inaction, it's already too late. Among the topics that ICANN has been grinding away at is Internationalized Domain Names (IDNs) that contain characters outside the traditional English ASCII character set. more
This document is intended to be a starting point for a discussion on upcoming city Top-Level Domain Names (city TLDs) such as .berlin, .nyc, or .london. It reflects considerations about the impact of city TLDs on the city society, the individuals in the city, the regional and global environment, and the Internet at large. more
Wikis have been around for a long time on the Web. It's taken a while for them to transform from geek tool to a mainstream word, but we're here now. Last week at the ICANN Meeting in Vancouver, it was fun to watch hundreds of people get introduced to Wikis and start using them, thanks to Ray King's ICANN Wiki project. In the past few days since, I've come to believe that Wikis are doomed unless they start thinking about security in a more serious way. more
The recent ICANN meeting in Vancouver touched upon many issues important to ordinary Internet users: privacy in domain name registration; the cost and terms of .com domain names; internationalized domains; introduction of new domain suffixes. But there were few "ordinary Internet users" at the meeting. Few people can roam the globe to keep up with ICANN's travels, and not many more participate in online forums. more
Despite the significant traffic that comes from typed-in domain names, the public harumphing and clucking about type-in traffic is climbing in volume as it becomes clear how much money is involved. Articles this week show that domain names, and the people who make money on them, are making some commentators uncomfortable. more
The Intellectual Property Constituency, meeting at the ICANN conference in Vancouver, was interested in increasing ICANN's budget not because they thought they deserved it, but because they wanted ICANN to actually enforce the rules on the books about fake registrations. Now there's some evidence about how prevalent that is. If there's any surprise here, it's that the numbers are so low. more
Recent attention to the Eighth Circuit decision in Coca-Cola v. Purdy brings to mind the class of sometimes difficult cases involving the use of another's trademark as a domain name for criticism. An ICANN UDRP decision, Full Sail Inc. v. Ryan Spevack, Case No. D2003-0502 (WIPO October 3, 2003), by Mark VB Partridge, presiding panelist, with Frederick M. Abbott and G. Gervaise Davis III, included a review and analysis of the "your trademark sucks.com" cases that remains a useful reference worthy (I hope) of the lengthy quote below. more
I think that a large number of people buying domains can't get their first choice name because some "parked domain monetization" operation (cyber-squatter) owns it and is making money running ads on the page. The trick is to sign up for millions of domain names; set up pages and run ads on them; after 1 day delete domains that have no traffic; after 3 days delete names that have some traffic; after 5 days delete pages with marginal traffic; keep the 1% of pages that have enough traffic to be worth keeping the domain. Because of the refund policy, the 99% of pages deleted before the 5 day grace period are refunded in full and the "monetizer" gets to keep the ad revenue generated over those 5 days. ...Interestingly, I think Google AdSense probably has boosted the viability of this business. more
For three years, I've been a member of ICANN's "Interim" At-Large Advisory Committee, ALAC. At this Vancouver meeting, for the first time, the ICANN Board met with us, and Bret captured it on mp3 for podcast. ALAC criticized ICANN's proposed settlement with VeriSign, and then spoke about the problems with the current structure for at-large participation. more
Unfortunately I cannot be in Vancouver for the conference. I write this from Cape Town, venue of last years fall ICANN. I want to disclose a couple of things upfront. Those who know me will know I am nothing if not strongly independent in my views. However disclosure helps those of a more suspicious mind know my associations and if they choose to, take them into account in interpreting my opinions. ...I am somewhat disappointed by the reaction to the proposed settlement. I feel that most of the discussion fails to take into account the actual conditions under which the settlement has been negotiated. more
The new organization called Coalition for ICANN Transparency (CFIT) has filed a lawsuit against ICANN and VeriSign in order to stop implementation of the proposed .com registry agreement. According to its description, "CFIT is a not-for-profit Delaware corporation based in Washington, D.C. CFIT’s supporters include individuals, organizations, institutions and companies who are committed to the core principles on which ICANN, the internet governing body is founded." more
A World-Renowned Source for Internet Developments. Serving Since 2002.