Subscribe: CircleID
Added By: Feedage Forager Feedage Grade B rated
Language: English
attack  brand  complainant  digital economy  digital  domain  dyn  global  google  internet  mdash  new  registry  udrp 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID


Latest posts on CircleID

Updated: 2016-10-23T14:01:00-08:00


How Did We Get Here? A Look Back at the History of IANA


October 2016 marks a milestone in the story of the Internet. At the start of the month, the United States Government let its residual oversight arrangements with ICANN (the Internet Corporation for Assigned Names and Numbers) over the operation of the Internet Assigned Numbers Authority (IANA) lapse. No single government now has a unique relationship with the governance of the protocol elements of the Internet, and it is now in the hands of a community of interested parties in a so-called Multi-Stakeholder framework. This is a unique step for the Internet and not without its attendant risks. How did we get here? Scott Bradner, long time IETF participant and also an active individual while he was the Internet Society's Vice President for Standards, was personally involved for much of the IANA's history, and he took some time at the recent NANOG 68 meeting in October this year to mark this change with his history of the IANA function. Having been directly involved in some of these events myself, I found Scott's history quite enlightening and I found myself taking detailed notes. In anticipating that others may find this equally interesting, I'll reproduce my notes here. * * * SCOTT BRADNER, NANOG 68 Keynote IANA Transition, DALLAS, TEXAS / OCT 2016 / NANOG Photograph Originally the IANA function started within the research project that became the Internet, and the initial "bookkeeping" was performed under the name of the "Network Working Group", which dates back to 1968. This was an Ad‐hoc group "concerned with the HOST software, the strategies for using the network, and initial experiments with the network" according to RFC 3. The "IANA" name itself did not show up until 1988 in RFC1060, but of course things had been happening well before that time. Much of the DNS structure was put in place by 1984: RFC822/823 and RFC920 date from the early 1980's, and define the hierarchical structure of the domain name space and the role of the registry of those names that were directly delegated from the DNS Root. Of course at the time the Internet was a well kept secret, and from a wider perspective, at the time no one had even the slightest interest in this project. Even when the Internet started to gain some attention in the academic and research environment in the late 80's and early 90's, there was much scepticism from the mainstream IT and communications enterprise sectors. So much so that at one conference at the time, the Internet folks in attendance used the bumblebee as the Internet's icon because, in theory, bumblebees could not fly — as with the common perception of the Internet at the time! "The shift from an obscure semi-private function, to the glare of public attention, and the challenges on an enthusiastic entrepreneur sector, happened at a pace for which the IANA function appeared to be ill-equipped to cope with."The mid 90's saw the comprehensive demise of OSI and the interest in the Internet as a public service was taken up by various agencies and corporate entities, complementing the earlier adoption in the research and educational community. Interestingly, it was the namespace that attracted the most interest and attention, and this posed some real challenges to the nascent community and IANA in particular. The shift from an obscure semi-private function, to the glare of public attention, and the challenges on an enthusiastic entrepreneur sector, happened at a pace for which the IANA function appeared to be ill-equipped to cope with. As early as 1995, the Internet Society Advisory Council championed a proposal to move the global DNS root to Internet Society. This was aired at the DNS Evolve BOF in IETF 34 in Dallas, and the Internet Society proposal received spirited discussion. Despite this, there was not much support either way, but rough consensus was that there was no technical threat from more TLDs. However there was a feeling that they were not solving any particular problem and so from that respect, there seemed little need for change at the time. But the external pressure for chang[...]

Substantial DDoS Attack Disrupts Twitter, Netflix, Visa and other Major Sites


AREAS AFFECTED BY THE OUTAGE / 21 OCT 2016 – Source: Level3 Outage Map Major internet sites were disrupted for several hours this morning as internet infrastructure provider Dyn reported it was under a cyberattack, mainly affecting traffic on the U.S. East Coast. Twitter, Spotify, Airbnb, Reddit, Visa and various media sites were among organizations whose services were reported to be down on Friday morning. Amazon also disclosed an outage that lasted several hours on Friday morning. — Doug Madory, director of internet analysis at Dyn, in an email said: Dyn received a global DDoS attack on its Managed DNS infrastructure in the east coast of the United States. DNS traffic resolved from east coast name server locations experienced a service interruption during the attack. Updates will be posted as information becomes available. Services were restored to normal as of 13:20 UTC. — Update: As of around 12 PM ET, Dyn reported that it is investigating another DDoS attack, and is continuing to attempt to “mitigate” the attack. Box, Twitter and other sites appear to be down again. The White House press secretary has also said that the Department of Homeland Security is investigating the attacks. — Update from Dyn: "Our engineers continue to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure." — Gillian Christensen of the U.S. Department of Homeland Security says the agency is "investigating all potential causes." — "The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG)," says Brian Krebs whose own site recently underwent historic DDoS attack. "Madory's talk ... delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks. ... I have no data to indicate that the attack on Dyn is related to extortion, to Mirai or to any of the companies or individuals Madory referenced in his talk this week in Dallas. But Dyn is known for publishing detailed writeups on outages at other major Internet service providers. Here's hoping the company does not deviate from that practice and soon publishes a postmortem on its own attack." — Update, 3:50 p.m. ET / Brian Krebs reports: "Security firm Flashpoint is now reporting that they have seen indications that a Mirai-based botnet [see earlier report on Mirai] is indeed involved in the attack on Dyn today. Separately, I have heard from a trusted source who’s been tracking this activity and saw chatter in the cybercrime underground yesterday discussing a plan to attack Dyn." — "This was not your everyday DDoS attack," Kyle York, Dyn’s chief strategist. Nicole Perlroth reporting in the New York Times: "Dave Allen, the general counsel at Dyn, said tens of millions of internet addresses, or so-called I.P. addresses, were being used to send a fire hose of internet traffic at the company's servers. He confirmed that a large portion of that traffic was coming from internet-connected devices that had been co-opted by type of malware, called Mirai." ... Dale Drew, chief security officer at Level 3: "Roughly 10 percent of all devices co-opted by Mirai were being used to attack Dyn's servers." — Update, 7:53 p.m. ET / Dyn issues Preliminary Findings Report with additional detail: "On Friday October 21, 2016 at approximately 11:10 UTC, Dyn came under attack by a large Distributed Denial of Service (DDoS) attack against our Managed DNS infrastructure in the US-East region. Customers affected may have seen regional resolution failures in US-East and intermittent spikes in latency globally. Dyn’s engineers were able to successfully mitigate the attack at approximately 13:20 UTC, and shortly after, the attack subsided. At roughly 15:50 UTC a second DDoS attack began against the Managed DNS platform. This attack was distributed in a more global fashion. Affected customers [...]

Understanding 'Reverse Domain Name Hijacking' Under the UDRP


"Reverse Domain Name Hijacking" (RDNH) is a finding that a panel can make against a trademark owner in a case under the Uniform Domain Name Dispute Resolution Policy (UDRP). RDNH Defined Specifically, according to the UDRP Rules, RDNH is defined as follows: "Reverse Domain Name Hijacking means using the [UDRP] in bad faith to attempt to deprive a registered domain-name holder of a domain name." The Rules also state: "If after considering the submissions the Panel finds that the complaint was brought in bad faith, for example in an attempt at Reverse Domain Name Hijacking or was brought primarily to harass the domain-name holder, the Panel shall declare in its decision that the complaint was brought in bad faith and constitutes an abuse of the administrative proceeding." While neither the UDRP nor the Rules provide any further details or guidance, the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition, provides some insight into the circumstances in which panels have found RDNH: To establish Reverse Domain Name Hijacking, a respondent would typically need to show knowledge on the part of the complainant of the complainant's lack of relevant trademark rights, or of the respondent's rights or legitimate interests in, or lack of bad faith concerning, the disputed domain name. Evidence of harassment or similar conduct by the complainant in the face of such knowledge (e.g., in previously brought proceedings found by competent authorities to be groundless, or through repeated cease and desist communications) may also constitute a basis for a finding of abuse of process against a complainant filing under the UDRP in such circumstances. The WIPO Overview lists the following circumstances in which UDRP panels have actually entered a finding of RDNH: the complainant in fact knew or clearly should have known at the time that it filed the complaint that it could not prove one of the essential elements required by the UDRP the complainant failed to notify the panel that the complaint was a refiling of an earlier decided complaint or otherwise misled the panel a respondent's use of a domain name could not, under any fair interpretation of the reasonably available facts, have constituted bad faith the complainant knew that the respondent used the disputed domain name as part of a bona fide business for which the respondent obtained a domain name prior to the complainant having relevant trademark rights RDNH in Practice Although WIPO's UDRP statistics do not indicate how many cases have resulted in a finding of RDNH, a regular reading of decisions makes clear that RDNH is far from common. It appears as if a little more than 100 WIPO UDRP decisions so far this year have mentioned RDNH — out of more than 2,400 decisions to date. And, of course, not all of those decisions actually found RDNH; many of them denied it. Here's one particularly interesting example: In a decision denying transfer of the domain name , a divided panel issued a decision finding RDNH. Two of the three panelists wrote: The disputed domain name is a single and common generic English term. As such, it is subject to an obviously large range of third party interests. The Respondent has held the disputed domain name for more than 6 years and used it for a variety of purposes, none of which related to the Complainant's business. The Complaint does not show any "reasonable investigation" on these points. Rather, the Complainant made no effort to address these obvious points of substantial weakness in its case. The Complainant is represented by counsel. The majority cannot see how any responsible practitioner could see how to prove bad faith in registration and use when there is no evidence of targeting or otherwise taking advantage of any value attached to the Complainant's mark. But, one of the three panelists disagreed and wrote: Having a weak and poorly motivated Complaint, does not in itself constitute evidence the Complainant having acted in bad fa[...]

Over 3.2 Million Debit Cards May Have Been Compromised, Says National Payment Corporation of India


A total of 3.2 million debit cards across 19 banks may have been compromised as a result of a suspected malware attack. The breach, possibly largest of its kind in India, was confirmed by the National Payment Corporation of India (NPCI) in a statement today. The problem was brought to NPCI's attention via complaints from banks informing the agency that their customers' cards were used fraudulently, mainly in China and USA, while customers were in India, according to the statement.

"How the breach could have occurred," Alex Mathew reporting in Bloomberg: "The breach that has apparently given hackers access to the PIN codes of several bank customers is likely to be on account of a malware attack. This attack is believed to have originated at an ATM. The actual modus operandi of the hackers will only become clear once the forensic audit is released in November… First, the hacker would have had to gain physical access to an ATM. The malware was then likely injected by connecting a laptop or another special device to a port on the cash disbursing machine, said Tiwari, a consultant at Centre For Internet & Society in Bengaluru. Once the malware is injected, it automatically spreads across the network..."

Follow CircleID on Twitter

More under: Cybercrime, Malware, Security

Building a Base of Knowledge for Advocacy Abroad in the Digital Age


Update on the Digital Economy Officers Program at the U.S. Department of State Answering questions at the Internet Association's Virtuous Circle conference last week, Secretary Kerry presented the U.S. Department of State's effort to prioritize global digital economy issues abroad in order to reflect the growing importance of these issues in both economic and foreign policy. The State Department has made real progress on this initiative in the last year and hopes to continue our momentum going forward. Approximately six months ago, we announced the State Department's new Digital Economy Officers (DEO) Program with the goal of strengthening the capacity of our people, embassies, and consulates overseas to address the challenges and seize the opportunities that are emerging with the development of the global digital economy. We believe that this new global platform will help enhance the prosperity not only of U.S. people and firms, but that of other nations and their people, helping achieve more broadly shared prosperity and sparking innovative solutions to both commercial and social challenges that the world faces. Secretary Kerry Speaking About Internet Policy – Virtuous Circle Conference on October 10, 2016, at the Rosewood Sandhill Hotel in Menlo Park, California. State Department PhotoGiven that the internet and the digital economy are global in scope and affect a range of U.S. interests, the State Department is uniquely equipped among U.S. agencies, to engage, lead, and advocate on these issues.The component parts of the global digital economy are the communications networks that connect the world and the data, information, and services that ride over those wires and airwaves as well as every industry process across sectors dependent on those networks and services. With that definition in mind, it is clear that the global economy is in many ways dependent on the health of the global digital economy. And the issues involved — from debates over data localization to privacy to intellectual property and platform regulation — constitute a dynamic and rapidly changing area of foreign and economic policy that demands constant updating of skills, access to information, and new capacities to keep pace. The development of the modern digital economy creates immense opportunity for economic social progress due to its economies of scale and scope but it is not without its challenges. It raises complex issues that are often technical but require an understanding of how the technical interacts with the political and economic outcomes we are pursuing in the world. Issues ranging from market competition between firms operating in the digital space to how changes in production resulting from the digital economy are impacting labor markets to how all of this information is transferred and used in a manner that respects our basic dignity are confronting us in dialogues and debates within and across markets all over the world. Since the launch of the DEO program, we have identified nearly 140 digital economy officers at our embassies and consulates around the world. To make sure that our diplomatic workforce is informed and competitive in this space, we have taken some important steps in the last six months in key areas to elevate our game in this space: Training: We have strengthened our annual training course on Internet and telecommunications policy at the Foreign Service Institute and are working on a proposed global training event for digital economy officers to be held in the United States in the spring of next year. Communications: We have increased the frequency of our communications with posts on digital economy issues, improved the Department's internal website on digital economy issues, and kicked off a series of webinars on our work. We have hosted two webinars so far and have two more scheduled in the coming months. Human Resources Management: We are continually striving to make sure that[...]

The Importance of Protecting Credibility: Claiming and Rebutting Cybersquatting


The Uniform Domain Name Dispute Resolution Policy (UDRP) is an online dispute resolution regime. While panelists technically have discretion under Rule 13 to hold in-person hearings if they "determine[ ] ... and as an exceptional matter, that such a hearing is necessary for deciding the complaint" no in-person hearing has ever been held. Rule 13 exists to be ignored. Parties make their appearance and present themselves on the written page, and what they say and how they express themselves in pleadings and what they annex are crucial to their argument. Traditionally with live witnesses, juries and judges look and listen to performances; demeanor, comportment, and facial expression are important factors as indicators of truthfulness. While we can't transfer these qualities to paper submissions in any literal sense, there are equivalents if we think of these qualities in a broader sense as meaning the content and nuance of a speaker's presentation in writing, selecting, organizing, and proving contentions. What speakers say, the language they use, the allegations they make, the narratives they construct, and the evidence they produce or withhold play a decisive role in assessing their claims and defenses. In a word, speakers have to be credible, which is no small matter because it requires a disciplined approach to the content of argument both in the pleadings and annexes. We are constantly reminded of this in UDRP decisions. In the small percentage of contested disputes (that is, where respondents appear and defend), there is either a lack of evidence or lack of credibility, or both. It infects both parties' submissions. However, measuring credibility is not scientific and there are cases that go one way when they should have gone the other. The dispute over is an example, Camilla Australia Pty Ltd v. Domain Admin, Mrs Jello, LLC, D2015-1593 (WIPO November 30, 2015), in which the UDRP award ordering transfer was vacated in its entirety, Mrs. Jello, LLC v. Camilla Australia Pty Ltd. 15-cv-08753 (D. NJ 8/1/2016). but there are tics that tend to undermine trust in the speaker (pleadings or declaration), including inconsistencies between contentions and proof and suppositional, fantastic, and unbelievable statements. The Panel in Mills & Associates, LLC v. Center for Internal Change Inc., FA0903001251337 (Forum May 4, 2009) ( and ) found it "incredulous for Complainant to claim it had any superior trademark rights or priority over Respondent" when in the same year that Complainant began using the trademark "Respondent began using the same descriptive terms in promoting its DISC products and services." While trademarks composed of common words and descriptive phrases are protected against infringement they are not protected against others using the same terms legitimately. For example, in Quality Craft Industries, Inc. v. Domain Admin / Ashantiplc Limited, FA1607001684372 (Forum September 13, 2016) () the Panel "viewed no credible evidence that Respondent has infringed any trademark rights that Complainant may have had in the 'Montezuma' name. Rather, Respondent has used the domain in connection with its value as a geographic/generic term, and not necessarily as it relates to any rights Complainant may have in the 'Montezuma' mark." Criticism has also been levelled at complainants who must know that the claims asserted could not possible be adjudicated in a UDRP proceeding. The Panel in Cary Pinkowski, Darren Little, and Joe Whitney v. Perlake Corp. SA, FA1507001631539 (Forum September 22, 2015) () found that, Complainant must have known and in all probability did know, that it was bringing its claim in the wrong forum because the dispute was inherently a complicated contractual dispute beyond the scope of the UDRP and it must also have known that both[...]

European Court Declares Dynamic IP Addresses are Subject to Privacy Protection Rules


The Advocate General, top advisor to the European Court of Justice, has issued an opinion today about Internet anonymity, Electronic Privacy Information Center reports. "He found that dynamic IP addresses are personal data subject to data protection law. The opinion concerns the case of German pirate party politician and privacy activist Patrick Breyer who is suing the German government over logging visits to government websites. ... The opinion is not legally binding but 'is usually a good indication of how the court will eventually rule'." The issued opinion in full: Case C-582/14, Patrick Breyer v Bundesrepublik Deutschland.

Follow CircleID on Twitter

More under: Internet Protocol, IP Addressing, Law, Privacy

US Banks Face New Demands by Regulators for Higher Cyber Risk Management Standards


U.S. bank regulators on Wednesday outlined cyber security standards meant to protect financial markets and consumers from online attacks against the nation's leading financial firms," Patrick Rucker reporting in Reuters: "Leading banks will be expected to use the most sophisticated anti-hacking tools on the market and to be able to recover from any attack within two hours… Banks with assets of $50 billion or more must satisfy the new rules that will be finalized in the months ahead."

"Agencies Issue Advanced Notice of Proposed Rulemaking on Enhanced Cyber Risk Management Standards," states the press release issued today by Federal Reserve: "The Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency are considering applying the enhanced standards to depository institutions and depository institution holding companies with total consolidated assets of $50 billion or more, the U.S. operations of foreign banking organizations with total U.S. assets of $50 billion or more, and financial market infrastructure companies and nonbank financial companies supervised by the Board. The proposed enhanced standards would not apply to community banks. The standards would be tiered, with an additional set of higher standards for systems that provide key functionality to the financial sector. For these sector-critical systems, the agencies are considering requiring firms to substantially mitigate the risk of a disruption or failure due to a cyber event."

Follow CircleID on Twitter

More under: Cyberattack, Policy & Regulation, Security

FBI, Czech Police Arrest Russian in Connection With US Hacking Attacks


(image) A screenshot from a video released by Czech police showing a man identified only as a Russian hacking suspect being taken into custody at a restaurant in Prague. CBS NEWS / 19 OCT 2026

FBI in a joint operation with the Czech police, arrested a Russian citizen in Prague on Wednesday in connection with attempted cyber-attacks against the United States. FBI says the man was suspected of conducting criminal activities targeting U.S. interests, but have not give any more details. The arrest is not related to the Russian hacks of the Democratic National Committee and other political organizations or the ongoing probe of Russian interference in the U.S. election, federal law enforcement officials said. Czech courts will decide whether to extradite the man to the United States. –Katie Mettler further reports in the Washington Post

Update / 19 Oct 2016: LinkedIn and other sources report the arrestee is suspect in a major 2012 LinkedIn hack involving theft of nearly 6.5 million user credentials. Statement by LinkedIn spokesperson: "Following the 2012 breach of LinkedIn member information, we have remained actively involved with the FBI's case to pursue those responsible. We are thankful for the hard work and dedication of the FBI in its efforts to locate and capture the parties believed to be responsible for this criminal activity."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime

China Shows Positive Attitude Towards IANA Transition


Observers of IANA transition may have found a remarkably interesting fact that both supporters and opponents of the transition like citing China, along with a small number of other countries, as evidence in favor of their arguments. For supporters, take Larry Strickling as an example, blocking transition benefits China in that it will "intensify their advocacy for government-led or intergovernmental management of the Internet via the United Nations." On the contrary, opponents led by Ted Cruz think that the US should not "give away control of the Internet to a body under the influence and possible control of foreign governments" like China, as they will "censor the internet internationally." The understanding of relating IANA's technical coordination to censorship is certainly wrong, as Tim Berners-Lee and Daniel Weitzner have persuasively pointed out. By contrast, the pro-transition camp's arguments appear more plausible. Their arguments imply that China does not like the transition at all, therefore they have to make this happen. It is an unsurprising, even popular idea. In many places, China has been labeled as a stakeholder who at best "dislikes," and at worst "opposes" the multistakeholder governance process, which is claimed to be the building blocks of ICANN and the broader Internet community. Unfortunately, these understandings turned out to be misleading or wrong. China has recently extended welcome to IANA transition. In a press conference for the preparation of the third World Internet Conference a week ago, Ren Xianliang, the deputy chief of Cyberspace Administration of China (which oversees Internet governance) said that China welcomes US government's decision to relinquish its oversight of the critical Internet resources. Mr. Ren emphasized that China has given high-level attention to Internet development and Internet governance. In addition, China has consistently advocated constructing a cyberspace that features being peaceful, secure, open and cooperative. Wishing a smooth transition, Mr. Ren believed that the transition would have positive impact on the internalization of the critical resources management and on bridging the digital gap between the developed and developing countries. I am not in the position to elaborate too much about the policy implication of Mr. Ren's remarks. However, the positive attitude from high-profile authority at least sends a clear signal that China is not standing as a hurdle in the transition. I believe that it will encourage the Chinese Internet community to be more actively participating in the post-transition ICANN affairs and more broadly, in the global Internet governance discussions. Written by Jian Chuan Zhang, Senior Research Fellow at KENT and ZDNSFollow CircleID on TwitterMore under: ICANN, Internet Governance [...]

Another Free Registry Software Option


Google has recently announced the release of Nomulus, its free, open source registry software, triggering discussion of its impact on the industry. Afilias has over 15 years of experience in registry operations, and offers the following initial thoughts. * * * First, free registry software is not new. CoCCA (Council of Country Code Administrators) has offered this option for years, and TLDs such as .CX (Christmas Island) and .KI (Kiribati) use it. It is supported on a "best efforts" basis and appears to meet the limited needs of a few small operators. Second, registry services are about the SERVICE, not the software. While software is important, someone has to answer the phone when registrars (and ICANN) call. Someone has to deal with abuse if it happens. Someone has to accept deposits, manage billing, and keep the accounts straight. Even Afilias doesn't know how to automate EVERYTHING (and we have tried!). Most TLD owners don't like operational administrivia, and find it cheaper and easier to outsource it. Third, free registry software does not mean a free registry operation, as Minds and Machines (MMX) recently concluded. MMX has decided to stop running its own registry and outsource their entire registry (and registrar) operations. Why? As stated in their 20SEP2016 Investor Presentation, this was to "Rationalize the business into a pure play owner of top level domains. Historically, MMX ran its own technical backend (RSP) and retail outlet (registrar) at considerable cost." After years of trying to do everything themselves, MMX is outsourcing operations so they'll be free to focus scarce internal resources on the strategically more important parts of their business. Finally, even Google misses the mark sometimes, as evidenced in the Google Graveyard, which is rife with examples of products that were launched and then discontinued (e.g. Google Reader, Google Talk, iGoogle, Google Health, Knol, Picnik and many others). * * * What will be the impact of another free registry software option? With over 1400 TLDs in the root now, surely someone will try it and gain some real-life experience. Stay tuned. Written by Roland LaPlante, Senior Vice President and Chief Marketing Officer at AfiliasFollow CircleID on TwitterMore under: Domain Names, Registry Services, Top-Level Domains [...]

Syria's Undersea Cable Repairs Will Take Down 60% of Nation's Internet for Close to 10 days


Syrian Telecom has announced that 60 percent of the country's Internet will be down for close to ten days, starting Wednesday. According to the statement, the outage is due to undersea cable repairs on international service lines. The announcement comes several days after a Russian ship purported to be equipped with cable-cutting technology was spotted moving in a northern track towards Syria. Syrian Telecom says it is working with international operators to secure international alternative paths as part of the plan to bring Internet back up and to normal speeds.

Follow CircleID on Twitter

More under: Access Providers

Google Announces Nomulus, Open Source Top-Level Domain Name Registry


Google today announced the release of Nomulus, a new open source cloud-based registry platform that runs Google's top level domains (TLDs) and now available to everyone. — Ben McIlwain, Google's Software Engineer writes: "The project that became Nomulus began in 2011 when the Internet Corporation for Assigned Names and Numbers (ICANN) announced the biggest ever expansion of Internet namespace, aimed at improving choice and spurring innovation for Internet users. Google applied to operate a number of new generic TLDs, and built Nomulus to help run them." — "Nomulus can manage any number of TLDs in a single shared instance and supports the full range of TLD functionality required by ICANN, including the Extensible Provisioning Protocol (EPP), WHOIS, reporting, and trademark protection. It is written in Java and is released under the Apache 2.0 license." –McIlwain — "Donuts collaborates as pressure on registry providers mounts," writes Andrew Allemann in Domain Name Wire: "Donuts, which currently uses Rightside's backend technical services for its roughly 200 domain names, has been contributing to the project for the past 20 months, it revealed today. ... All of this means that Donuts could theoretically drop Rightside (NASDAQ:NAME) and move to Nomulus. But Donuts CEO Paul Stahura said the company has not committed to moving the backend for its top level domain names to Nomulus." — In a press today from Donuts, Paul Stahura said: "the option to evaluate and contribute to the Google Nomulus project presented a unique opportunity. ... Donuts must continually explore compelling technologies and ensure our back-end operations are cost-efficient and flexible. Collaborating with Google on this groundbreaking project is an opportunity to do exactly that." According to the company, Donuts' contributions to Nomulus project included technical specifications for the Domains Protected Marks List (DPML), Early Access Period (EAP) and tiered pricing. Follow CircleID on TwitterMore under: DNS, Registry Services, Top-Level Domains [...]

Using Dot Brand Domains in Brand Communication


A certain number of brands are using a dot brand domain as their main actual website. The following analysis looks at how dot brands are used in brand communication. Are brands communicating about their domain names, or are domain names supporting brand communication? Dot brand domains – what are they ? Dot brand corresponds to the ability, for a certain number of pioneering brands, to use their brand name at the top level of the naming system for their own purpose, in parallel to a dot com or a country code. Early October, 553 brands had signed an agreement with ICANN to run their own brand Top Level Domain. Five more brands are still finalizing their discussions and agreements. Additional potential new openings will happen in the next years. Thirty of the brands have decided to shift major significant digital assets to their dot brand and around ten have chosen to use a dot brand domain as their main domain name. Three main communication options There are three main options on dot brand domain name communication: — Communicating about the launch and the new domain name itself — Explaining the change in a global communication — In a totally seamless way Communicating about the launch of domain name The launch of these new domain names is most often simultaneous to the launch of a new website, therefore most of the communications are a mix between launching a new website and a new digital platform. Weir's launch, in march 2016, is a very good example of a global digital platform launch. The main support of that communication are press releases issued by brands upon launch. In a previous article, we had outlined the content of the press releases issued upon launch of the new dot brand websites. There is limited communication with the end customer. The only brand that displayed a banner on the very first page of the sites and on social media, is Sener. Figure 1: SENER promotes its top-level dot brand domain on its new website. (Click to Enlarge) Explaining the change Canon has decided to explain to their visitors that there was a change in the structure of the domain name. Figure 2: Canon welcoming customers to "Until now, the URL we used for Canon's global website was '' From now on, however, we will begin gradually introducing '' to provide information to a global audience with a new online presence." (Click to Enlarge) This message is very prominently displayed on the first page of Canon's new corporate website. Here, Canon is not using their new domain names to communicate, but believes it is important to explain the change to their users and visitors, who may be surprised to have this new domain name that appears when typing in Totally seamless communication The majority of brands are launching their domain name as if it had a traditional structure. The first uses of domain hacks — mainly used as URL shorteners to post links on social media — are an interesting example. On December 15, 2009, Google used the ccTLD of Greenland to use the domain, and then, using the ccTLD of Belgium. There was no communication about that, but brands simply started to use them and it became natural. Dot brand is a much more significant change than simple domain hacks involving business issues such as distribution network or security. On October 1, 2016, Google launched blog.Google, described by the company as: "Discover all the latest about our products, technology, and Google culture on our official blog." Interestingly, the site discusses the introduction of new features in Google products such as docs, sheets, or the presentation of new phone, [...]

DNC Emails Hacked Using Fake Gmail Login Forms



A new report from SecureWorks Counter Threat Unit has revealed a hacking group operating from the Russian Federation, implemented spearphishing techniques involving use of look-alike Google login pages to gain access to DNC emails and other data. According the the report, hackers targeted the staff working for or associated with Hillary Clinton's presidential campaign and the Democratic National Committee (DNC), including individuals managing Clinton's communications, travel, campaign finances, and advising her on policy.

Examination of DNS Records shows that the domain's MX records - i.e. the mail server used by the domain - point to, the mail server used by Google Apps. Hakcers exploited the Hillary for America campaign's use of Gmail and leveraged campaign employees' expectation of the standard Gmail login page to access their email account."

First malicious URLs targeting email addresses were created in mid-March 2016; the last URL was created in mid-May. Overall, 213 URLs targeting 108 email addresses on the domain were created during the period.

Through open-source research, researchers identified owners of 66 of the targeted email addresses. No open-source footprint were found for the remaining 42 addresses, which would indicate they were acquired from another source.

The targeted email owners held a wide range of responsibilities within the Hillary for America campaign, extending from senior figures to junior employees and the group mailboxes for various regional offices. Targeted senior figures managed communications and media affairs, policy, speech writing, finance, and travel, while junior figures arranged schedules and travel for Hillary Clinton's campaign trail.

Follow CircleID on Twitter

More under: Cyberattack, Email

WikiLeaks: Ecuador Has Cut Off Assange's Internet Access


WikiLeaks has accused Ecuador for cutting off Internet access of its founder, Julian Assange. The activist organization first reported the incident via Twitter last night stating that Assange's internet link has been intentionally severed by a state party. In a follow up tweet a few hours ago, WikiLeaks reported: "Ecuador cut off Assange's internet access Saturday, 5pm GMT, shortly after publication of Clinton's Goldman Sachs speechs." — "The WikiLeaks founder has been living at the Ecuadorean Embassy in London for more than four years. ... Assange sought refuge there after Sweden issued a warrant for his arrest to question him over allegations of sex crimes. He has said that if sent to Sweden, he fears he would be handed over to the U.S. and could face trial over the release of classified U.S. material on WikiLeaks." NPR / 17 Oct 2016 — Update / 18 Oct 2016: Peter Van Buren, former officer, US State Department's Foreign Service in an RT interview: "It is unlikely that Ecuador, supporting whistleblower Julian Assange, deprived him from the opportunity to use internet. ... At the same time, imagining the reasons a third party might have cut that internet access are fairly easy to do. Assange has embarrassed the US government. The US government has made claims that he is working with the Russians, and that the Russians with Assange are trying to disrupt or interfere in America's election. And we've seen reports over the weekend that the US is planning some form of retaliation in cyberspace. It is not unlikely that that retaliation may include poking the bear in the nose, perhaps starting with cutting off Assange's internet access." — Update / 18 Oct 2016: Ecuador has released a statement confirming it has restricted Assange's access to the Internet. The full official letter below – Official Communiqué Ecuador granted political asylum to Julian Assange in 2012 based on his legitimate fears of political persecution because of his journalistic activities as the editor of WikiLeaks. In recent weeks, WikiLeaks has published a wealth of documents, impacting on the U.S. election campaign. This decision was taken exclusively by that organization. The Government of Ecuador respects the principle of non-intervention in the internal affairs of other states. It does not interfere in external electoral processes, nor does it favor any particular candidate. Accordingly, Ecuador has exercised its sovereign right to temporarily restrict access to some of its private communications network within its Embassy in the United Kingdom. This temporary restriction does not prevent the WikiLeaks organization from carrying out its journalistic activities. Ecuador, in accordance with its tradition of defending human rights and protecting the victims of political persecution, reaffirms the asylum granted to Julian Assange and reiterates its intention to safeguard his life and physical integrity until he reaches a safe place. Ecuador’s foreign policy responds to sovereign decisions alone and does not yield to pressure from other states.Follow CircleID on TwitterMore under: Access Providers, Censorship [...]

Montenegro Election Day Disrupted by Several Cyberattacks


The Ministry for Information Society and Telecommunications of Montenegro has confirmed several key websites were targeted by cyberattacks on Sunday (16 October), the day of the country's parliamentary elections. Attacks targeted several media and government websites including news service CDM, radio station Antena M, and the website of the ruling political party, Democratic Party of Socialists of Montenegro. Officials have informed reporters that many of the attacks have been endured and service for most government sites are returning to normal. The ministry has not responded to any requests for comments on individual or groups responsible for the attacks.

Follow CircleID on Twitter

More under: Cyberattack, DDoS

Web Localization: Sometimes as Simple as a Black and White


The death of Thailand's King Bhumibol Adulyadej has led to stores running out of black and white clothing as the population mourns its leader in color-appropriate clothing.

What does this mean for website localization?

Consider the Thailand home pages for Apple:(image)





And Coca-Cola has gone black on its social feeds:(image)

Web localization isn't about creating a localized website and forgetting about it.

It's about creating a living and breathing website that responds quickly to local events. Web localization is about respect.

Written by John Yunker, Author and founder of Byte Level Research

Follow CircleID on Twitter

More under: Web

UK Security Agencies Have Unlawfully Collected Data for 17 Years, Says Court


"British security agencies have secretly and unlawfully collected massive volumes of confidential personal data, including financial information, on citizens for more than a decade, top judges have ruled," according to a report published today in The Guardian. "The ruling said the regime governing the collection of bulk communications data (BCD) — the who, where, when and what of personal phone and web communications — failed to comply with article 8 protecting the right to privacy of the European convention of human rights (ECHR) between 1998, when it started, and 4 November 2015, when it was made public."

Follow CircleID on Twitter

More under: Law, Privacy

Lawsuit Against IANA Transition Dropped


"Four US states attorneys general have quietly thrown in the towel in their attempt to have the IANA transition blocked," reports Kevin Murphy this morning in Domain Incite. "The AGs of Texas, Nevada, Arizona and Oklahoma unilaterally dropped their Texas lawsuit against the US government on Friday, court records show… That basically means the case is over."

Follow CircleID on Twitter

More under: ICANN, Internet Governance