Author: Bruno Darras

Communication officer - Nameshield group

New e-mails authentication requirements from Google and Yahoo

New e-mails authentication requirements from Google and Yahoo - DMARC

Google and Yahoo recently announced significant changes to their e-mails authentication requirements. The aim of these adjustments is to strengthen the security of online communications, a major issue in the current context of cybercrime.

The two giants are emphasizing the adoption of advanced authentication protocols, in particular DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC relies on the existing SPF and DKIM standards, providing a robust method for verifying e-mails’ authenticity and reducing the risk of identity theft and phishing.

To implement these new requirements, Google and Yahoo will adjust their algorithms to give priority to e-mails from domains that have correctly implemented DMARC. The aim of this measure is to improve the deliverability of authenticated e-mails, reinforcing users’ trust in the security of their e-mail inboxes.

The new guidelines will apply from February 1, 2024 to all senders who send more than 5,000 emails per day. They underline Google and Yahoo’s commitment to fight against online threats, in particular phishing, a common method used by cybercriminals to deceive users and gain access to their sensitive information. By adopting stricter e-mails authentication requirements, these companies are strengthening users’ protection against malicious attacks.

It is now essential for domains holders and players in the digital world to comply with these new guidelines, in order to contribute to the creation of a safer and more secure Internet for all.

Nameshield’s experts are at your disposal to assist you in deploying this protocol.

New document: 5 minutes to understand the SYRELI procedure

5 minutes to understand - Domain names - SYRELI procedure - Nameshield

Placed under the aegis of AFNIC (French Association for Internet Naming in Cooperation), the SYRELI procedure allows to sanction obvious and indisputable infringements of a trademarks right resulting from the registration by third parties of identical or similar domain names.

Find in this “5 minutes to understand” document, available for download on Nameshield’s website, in which cases the SYRELI procedure applies and what are the rules and conditions to respect.

Download

New document: 5 minutes to understand UDRP procedure

5 minutes to understand - Domain names - UDRP procedure - Nameshield

Established on ICANN’s proposal, the UDRP (Uniform Domain-Name Dispute Resolution Policy) extra-judicial procedure allows to sanction obvious and indisputable infringements of a trademark right resulting from the registration of identical or similar domain names by third parties, a practice commonly referred as “cybersquatting “.


UDRP applies not only to generic extensions (gTLDs) in .aero, .biz, .com, .coop, .info, .jobs, .mobi, .museum, .name, .net, .org, .pro, .travel and new extensions (new gTLDs), but also to country code extensions (ccTLDs) of which the registry has accepted the UDRP principles.

Download

New document : 5 minutes to understand SSL / TLS certificates

5 minutes to understand - SSL/TLS certificates - Nameshield

An SSL (Secure Socket Layer) or TLS (Transport Layer Security) certificate is a digital certificate that authenticates a server (most often a web server) and encrypts the data exchanged with it. The data is thus exchanged in confidence between two actors whose identity is known. The data exchanged cannot be spied on or altered by a third party: confidentiality and integrity.

Download this document “5 minutes to understand: SSL / TLS certificates” on Nameshield’s website.

Download

A high school student tries to change his grades thanks to phishing

Phishing is cybercriminals’ means of choice to hijack users‘ data, posing as a trusty company and then encouraging them to deliver personal information. We are often more inclined to think that this technique is reserved to hackers who try to steal banking or very sensitive information, and yet!

Source : mohamed_hassan via Pixabay

An American student of Ygnacio Valley High School, in California, had a great time reproducing identically the website on which his teachers connect to enter marks and comments. This same student then emailed his teachers to connect to the fake school’s interface, which looked exactly the same as the original one. Thus, he could retrieve their login ID and passwords, and used them in order to raise his grades but also to lower his classmates’ grades.

Arrested by the police, the student said that what he had done was “as easy as stealing a candy from a baby”. Expelled from school, he was identified thanks to his computer IP address.

Quite light in consequence, this data corruption attempt highlights the simplicity of access to this hacking means. Today, phishing is one of the most popular methods and the easiest to implement. Web users, while unaware and fooled by similarities, consequently provide personal, sometimes very sensitive data.

PyeongChang Olympic Games: Cyberattack

PyeongChang 2018 Olympic Games: Cyberattack

It’s during the opening ceremony of the PyeongChang Winter Olympic Games that a cyberattack has aimed at the host infrastructure IT department.

Around 45 minutes before the start of the event, the servers and WI-FI network have been hit by an attack, which fortunately has not impacted the ceremony. However, in the Olympic Village, the press zone has been deprived of Internet connection and television. Furthermore, the official website of the PyeongChang 2018 Olympic Games has been unreachable for hours, hindering web users to print their tickets to access to the event. 12 hours were needed to completely restore the services.

The CIO didn’t wish to communicate on this attack origin, but PyeongChang 2018’s spokesperson points that “there was a cyberattack, the server has been updated yesterday (Sunday February 11), and we know the cause of the problem. We know what happened, this is a usual thing during Olympic Games. We will not reveal the source.” The CIO’s communication director, has assured “We refuse for now to reveal the details of our investigation, but we will do it.”

A cyberattack with destructive aim

Talos Security company’s two researchers have analyzed the attack though and observed that the purpose was not to retrieve sensitive or personal data contained on the organization server, but clearly to interfere with the games ‘running.

The virus samples’ analysis allowed to highlight its main purpose: the destructive aspect. Concretely, the effects caused by this cyberattack, were to delete the events of the calendar and the documents, and above all, to make the affected machine inoperable.

PyeongChang Games, victims once again

At a global scale and ensuring a visibility of choice for cybercriminals, this is not the first cyberattack suffered by the PyeongChang Olympic Games. At the end of December 2017, the infrastructure was hit by an attack mainly consisting of the sending of emails to the event organizers. According to the McAfee company, those mails contained Word files infected by a virus.

Russia, North Korea: the different leads considered

The potential attack’s perpetrators could be Russia, of which the delegation has been denied of the Games for doping reasons: before the Games, McAfee declared to have information indicating that hackers located in Russia had planned attacks in retaliation.

A possible North Korean involvement was also mentioned, despite the rapprochement that could be observed by the viewers during the opening ceremony.

An attack that shows, once again, the IT infrastructures ‘vulnerability despite the means implemented.

How horse names resemble trademarks

How horse names resemble trademarks

Trademarks identify a particular product or service and enable consumers to quickly identify the source of a given good. In order to meet this function they must be distinctive. Trademark law protects the owner’s right to use the trademark exclusively and prevent others using a mark that is confusingly similar. Use of an identical mark on the same product would be considered confusing and could clearly constitute infringement.

So far so good. But are you aware that the same standards exist for naming pedigree horses?

WorldFengur is the Icelandic committee in charge of the official register of the Icelandic horses breed. They have recently passed a rule stating that names must be of Icelandic heritage for them to be included in the official database. There are more than 400,000 horses registered across Europe and the USA. The two-person Horse Naming Committee has been set up to stop people giving obscene names to their horses but mainly to ensure that the names respect Icelandic tradition and grammar rules. It seems that purchasers don’t want their Icelandic horses to have foreign names.

Other countries have naming rules for horses too. The British Horseracing Authority (BHA) controls the appropriateness of names when horses are added to their database. In addition to being available – like trademarks – there is a long list of criteria that applicants need to meet. Here are some of the restrictions on name availability:

  • Names of more than 18 characters, including signs or spaces
  • Names followed by one or more numbers or which start with a sign other than a letter
  • Names made up entirely of initials, or which include figures, hyphens, full-stops, commas, signs, exclamation marks, inverted commas, forward or back slash, colon and semi-colon
  • The name of a public person or names of commercial significance without the appropriate permission
  • Names considered in poor taste or which may cause offence.

Further, when applying to the BHA for your name approval you need to supply two proposed names in order of preference with an explanation of the origin or meaning of the name. This all sounds familiar – a bit like applying for a drug marketing authorisation. One fun difference is that there is a Horse Name Availability Search tool that will not only tell you if the name is free but will provide some great alternatives if not.

 

How horse names resemble trademarks
British Horseracing Authority website

Trademark bullying? The Glencoe story

Trademark bullying? The Glencoe story

Glencoe is an “unforgettable place of dramatic mountains, rare beauty and haunting history” in the Scottish Highlands.

It is also a UK trademark, registered by several companies including The National Trust for Scotland. NTS’s 2016 trademark is registered for goods including beauty products, jewellery and clothing. A prior UK Glencoe mark protecting articles of clothing was registered in 1996 by Glenmuir Limited, a “family-run business dedicated to producing the finest golf wear” but it does not currently appear to be used on any articles of their clothing.

It is similarly the name that Hilltrek Outdoor Clothing gives to one of their hand crafted outdoor jackets.

 

The company, based in Aboyne, on the edge of the Highlands, has a 30 year history of manufacturing quality outdoor clothing. They have a long standing policy to name their jackets after some of their favourite places in Scotland. On the website you can find a link to a glossary providing information about the names and places used for their clothing.

Earlier this month Hilltrek owner Mr Shand received a cease & desist letter from NTS demanding they stop selling the Glencoe jacket. Mr Shand was surprised that a place name could be registered as a trademark. The Hilltrek website respects trademark rights, displaying the ® symbol next to several marks but not Glencoe.

The letter instructed Hilltrek to stop selling any goods bearing the name Glencoe immediately and refrain from using the name on any future products. Mr Shand published the letter that he found “bullying and threatening” on social media, saying that he would have understood and preferred a polite letter explaining the situation and asking for a dialogue.

This case raises serval interesting points for consideration.

Is it correct to register a place name to thereby blocking others from using it? NTS says that their aim is to protect the properties in their care and stop them being exploited. They encourage and support local business but have contacted a number of companies using trademarked names which are not local, including businesses based in France.

It is important to show tact when defending your IP rights in cases such as this. Reacting too harshly can result in this case with negative media attention for the complainant and great advertising opportunity for the “infringer”.

Which both underline the necessity of obtaining professional advice from an experienced IP Counsel whether you are defending a trademark or using one, even if you are not yet aware of it.