New e-mails authentication requirements from Google and Yahoo

New e-mails authentication requirements from Google and Yahoo - DMARC

Google and Yahoo recently announced significant changes to their e-mails authentication requirements. The aim of these adjustments is to strengthen the security of online communications, a major issue in the current context of cybercrime.

The two giants are emphasizing the adoption of advanced authentication protocols, in particular DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC relies on the existing SPF and DKIM standards, providing a robust method for verifying e-mails’ authenticity and reducing the risk of identity theft and phishing.

To implement these new requirements, Google and Yahoo will adjust their algorithms to give priority to e-mails from domains that have correctly implemented DMARC. The aim of this measure is to improve the deliverability of authenticated e-mails, reinforcing users’ trust in the security of their e-mail inboxes.

The new guidelines will apply from February 1, 2024 to all senders who send more than 5,000 emails per day. They underline Google and Yahoo’s commitment to fight against online threats, in particular phishing, a common method used by cybercriminals to deceive users and gain access to their sensitive information. By adopting stricter e-mails authentication requirements, these companies are strengthening users’ protection against malicious attacks.

It is now essential for domains holders and players in the digital world to comply with these new guidelines, in order to contribute to the creation of a safer and more secure Internet for all.

Nameshield’s experts are at your disposal to assist you in deploying this protocol.

A high school student tries to change his grades thanks to phishing

Phishing is cybercriminals’ means of choice to hijack users‘ data, posing as a trusty company and then encouraging them to deliver personal information. We are often more inclined to think that this technique is reserved to hackers who try to steal banking or very sensitive information, and yet!

Source : mohamed_hassan via Pixabay

An American student of Ygnacio Valley High School, in California, had a great time reproducing identically the website on which his teachers connect to enter marks and comments. This same student then emailed his teachers to connect to the fake school’s interface, which looked exactly the same as the original one. Thus, he could retrieve their login ID and passwords, and used them in order to raise his grades but also to lower his classmates’ grades.

Arrested by the police, the student said that what he had done was “as easy as stealing a candy from a baby”. Expelled from school, he was identified thanks to his computer IP address.

Quite light in consequence, this data corruption attempt highlights the simplicity of access to this hacking means. Today, phishing is one of the most popular methods and the easiest to implement. Web users, while unaware and fooled by similarities, consequently provide personal, sometimes very sensitive data.

PyeongChang Olympic Games: Cyberattack

PyeongChang 2018 Olympic Games: Cyberattack

It’s during the opening ceremony of the PyeongChang Winter Olympic Games that a cyberattack has aimed at the host infrastructure IT department.

Around 45 minutes before the start of the event, the servers and WI-FI network have been hit by an attack, which fortunately has not impacted the ceremony. However, in the Olympic Village, the press zone has been deprived of Internet connection and television. Furthermore, the official website of the PyeongChang 2018 Olympic Games has been unreachable for hours, hindering web users to print their tickets to access to the event. 12 hours were needed to completely restore the services.

The CIO didn’t wish to communicate on this attack origin, but PyeongChang 2018’s spokesperson points that “there was a cyberattack, the server has been updated yesterday (Sunday February 11), and we know the cause of the problem. We know what happened, this is a usual thing during Olympic Games. We will not reveal the source.” The CIO’s communication director, has assured “We refuse for now to reveal the details of our investigation, but we will do it.”

A cyberattack with destructive aim

Talos Security company’s two researchers have analyzed the attack though and observed that the purpose was not to retrieve sensitive or personal data contained on the organization server, but clearly to interfere with the games ‘running.

The virus samples’ analysis allowed to highlight its main purpose: the destructive aspect. Concretely, the effects caused by this cyberattack, were to delete the events of the calendar and the documents, and above all, to make the affected machine inoperable.

PyeongChang Games, victims once again

At a global scale and ensuring a visibility of choice for cybercriminals, this is not the first cyberattack suffered by the PyeongChang Olympic Games. At the end of December 2017, the infrastructure was hit by an attack mainly consisting of the sending of emails to the event organizers. According to the McAfee company, those mails contained Word files infected by a virus.

Russia, North Korea: the different leads considered

The potential attack’s perpetrators could be Russia, of which the delegation has been denied of the Games for doping reasons: before the Games, McAfee declared to have information indicating that hackers located in Russia had planned attacks in retaliation.

A possible North Korean involvement was also mentioned, despite the rapprochement that could be observed by the viewers during the opening ceremony.

An attack that shows, once again, the IT infrastructures ‘vulnerability despite the means implemented.

How horse names resemble trademarks

How horse names resemble trademarks

Trademarks identify a particular product or service and enable consumers to quickly identify the source of a given good. In order to meet this function they must be distinctive. Trademark law protects the owner’s right to use the trademark exclusively and prevent others using a mark that is confusingly similar. Use of an identical mark on the same product would be considered confusing and could clearly constitute infringement.

So far so good. But are you aware that the same standards exist for naming pedigree horses?

WorldFengur is the Icelandic committee in charge of the official register of the Icelandic horses breed. They have recently passed a rule stating that names must be of Icelandic heritage for them to be included in the official database. There are more than 400,000 horses registered across Europe and the USA. The two-person Horse Naming Committee has been set up to stop people giving obscene names to their horses but mainly to ensure that the names respect Icelandic tradition and grammar rules. It seems that purchasers don’t want their Icelandic horses to have foreign names.

Other countries have naming rules for horses too. The British Horseracing Authority (BHA) controls the appropriateness of names when horses are added to their database. In addition to being available – like trademarks – there is a long list of criteria that applicants need to meet. Here are some of the restrictions on name availability:

  • Names of more than 18 characters, including signs or spaces
  • Names followed by one or more numbers or which start with a sign other than a letter
  • Names made up entirely of initials, or which include figures, hyphens, full-stops, commas, signs, exclamation marks, inverted commas, forward or back slash, colon and semi-colon
  • The name of a public person or names of commercial significance without the appropriate permission
  • Names considered in poor taste or which may cause offence.

Further, when applying to the BHA for your name approval you need to supply two proposed names in order of preference with an explanation of the origin or meaning of the name. This all sounds familiar – a bit like applying for a drug marketing authorisation. One fun difference is that there is a Horse Name Availability Search tool that will not only tell you if the name is free but will provide some great alternatives if not.

 

How horse names resemble trademarks
British Horseracing Authority website

Trademark bullying? The Glencoe story

Trademark bullying? The Glencoe story

Glencoe is an “unforgettable place of dramatic mountains, rare beauty and haunting history” in the Scottish Highlands.

It is also a UK trademark, registered by several companies including The National Trust for Scotland. NTS’s 2016 trademark is registered for goods including beauty products, jewellery and clothing. A prior UK Glencoe mark protecting articles of clothing was registered in 1996 by Glenmuir Limited, a “family-run business dedicated to producing the finest golf wear” but it does not currently appear to be used on any articles of their clothing.

It is similarly the name that Hilltrek Outdoor Clothing gives to one of their hand crafted outdoor jackets.

 

The company, based in Aboyne, on the edge of the Highlands, has a 30 year history of manufacturing quality outdoor clothing. They have a long standing policy to name their jackets after some of their favourite places in Scotland. On the website you can find a link to a glossary providing information about the names and places used for their clothing.

Earlier this month Hilltrek owner Mr Shand received a cease & desist letter from NTS demanding they stop selling the Glencoe jacket. Mr Shand was surprised that a place name could be registered as a trademark. The Hilltrek website respects trademark rights, displaying the ® symbol next to several marks but not Glencoe.

The letter instructed Hilltrek to stop selling any goods bearing the name Glencoe immediately and refrain from using the name on any future products. Mr Shand published the letter that he found “bullying and threatening” on social media, saying that he would have understood and preferred a polite letter explaining the situation and asking for a dialogue.

This case raises serval interesting points for consideration.

Is it correct to register a place name to thereby blocking others from using it? NTS says that their aim is to protect the properties in their care and stop them being exploited. They encourage and support local business but have contacted a number of companies using trademarked names which are not local, including businesses based in France.

It is important to show tact when defending your IP rights in cases such as this. Reacting too harshly can result in this case with negative media attention for the complainant and great advertising opportunity for the “infringer”.

Which both underline the necessity of obtaining professional advice from an experienced IP Counsel whether you are defending a trademark or using one, even if you are not yet aware of it.

 

Bitter taste to confectionary disputes

KitKat Nestlé - confectionary disputes

 

Last week the UK Court of Appeal ruled on the long running battle between Nestlé and Cadbury (owned by Mondeleze) over the attempt to register the shape of the KitKat bar in the UK.  Trademarks need to be a “badge of origin”. In particular registration of a shape mark requires good evidence of acquired distinctiveness to show that consumers rely on shape in a “trade mark sense”. The UK court has ruled that this is not the case for the KitKat shape. The mere fact that consumers recognise the mark is insufficient and the applicant must demonstrate that a significant proportion of the relevant public rely on the mark to indicate the product origin.

KitKat Bar - shape mark

Once again this shows how applications for non-traditional marks are more vulnerable to objections for lack of distinctive character.

But it is also interesting that the industry continues to fight these costly battles. Most of us might view these disputes as irrelevant and a waste of money but the parties involved see them as a battle for an all-important edge in the marketplace. The confectionery industry is extremely competitive – the aim is to ring-fence your brand and intellectual property rights in order to block others from cutting into your space.

There are quite a few registered shape marks in the world of confectionery and many of them have seen some level of trademark dispute.

 

Some well-known shape marks:

Bitter taste to confectionary disputes

The maker of the Golden Bunny, Lindt, launched a chocolate teddy bear. Haribo, which invented gummy bears in the 1920s, said shoppers would confuse the two products, even though Lindt’s bears are made of chocolate and gummy bears are jelly sweets.

 

Examples of colour marks:

Color marks

Both these shades of purple are used for chocolate products and are owned by Kraft / Mondelez. But there has been an ongoing battle between Nestle and Cadbury about the legitimacy of use as a trademark. The British public has linked this shade of purple with Cadbury for over a century in the same way that the Milka shade is well accepted by a wider European consumer audience.

Good name, bad product

New product development is exciting – and costly. In addition to the essential R&D, market research and marketing initiatives, all products require a name which is (ideally) distinctive and available. Finding the right name in itself is a costly business that involves many steps: name & logo creation, trademark research, brand validation & strategy, trademark filing and protection). Depending on where you plan to launch and therefore protect your product name will define the costs which will probably range from $5,000 to $50,000+.

A failed product is a costly error for any company. In addition to the wasted time the failure can haunt companies for years to come. Now a new museum is opening in Sweden to celebrate these failures and hopefully to help companies learn how to succeed.

The Museum of Failure (museumoffailure.se) opens in Helsingborg in June this year with the tag line “Learning is the only way to turn failure into success”. The collection consists of over sixty failed products and services from around the world, many of which have carefully created trademarked names. The founder Samuel West comments that even big and competent companies fail. It is important to create a culture that accepts failure and learns from it.

Here are some of the branded exhibits which have failed for various reasons ranging from poor design to products that were just plain awful or simply useless.

 

Examples of failed products

 

One interesting exhibit on display is a board game called Trump, The Game. This was similar to Monopoly but with Trump dollars, Trump properties and T-shaped game pieces. Trump, The Game was launched in 1989 but only sold 800,000 units instead of the estimated two million copies. It was re-released in 2004 but still failed to impress. It is interesting to note that the original trade mark is no longer in force but a new application was filed in the US at the end 2016.

 

Trump, The Game

What is the appropriate way to deal with inappropriate content on the internet?

The internet is a great place to find content of all sorts. Videos of cats doing crazy stunts, memes, thought provoking lifestyle messages. But this rich availability means ease of access to a wide variety of inappropriate content.

Inappropriate content means any material that is disturbing, improper, and just wrong. It can be images of real or simulated violence or of a sexually explicit nature. Recently there have been concerns raised around disturbing YouTube videos. These strongly resemble videos of popular cartoons but contain disturbing and inappropriate content not suitable for children. In some cases the videos are parodies, some are clear cases of copyright infringement where unauthorised use is made of authentic cartoons or characters, most are simply not aimed at an audience of children.

So what is the best way to deal with cases that you discover?

Google and social media sites offer reporting tools highlighting inappropriate content and copyright or trademark infringement cases.

A copyright infringement submission is a legal process and only accepted from the right owner or their authorised agent.  But it is essential to consider if the content is being used fairly. Fair use generally covers adaptations of original works for the purpose of parody or comment. Parodic uses of copyrighted works are normally justified by freedom of expression but the key factor is that the public must be able to differentiate between the works. If the content is being used fairly then it is best to avoid submitting what might be considered a false claim and maybe even provoking further parodying activity. In summer 2015 the artist Banksy launched the clearly satirical Dismaland, an obvious play on words and “look and feel” of Disneyland, but Disney (sensibly) remained silent.

 

Dismaland

 

Inappropriate disturbing content should be flagged using the platform system. YouTube takes feedback very seriously and they appreciate people drawing attention to problematic content and make it easy for anyone to flag a video.  Flagged videos are manually reviewed 24/7 and any videos that don’t belong are removed within hours.  In addition they have a YouTube Kids app which helps limit access to flagged content.

Of course no filter is 100% accurate and nothing replaces vigilance. Careful monitoring can help ensure that your copyright protected content is not being used unfairly and allow you to submit takedown notices. But there is no product which can ever replace parental awareness.

 

YouTube

Alibaba’s use of technology to fight counterfeit reaps first rewards

In December 2016 Alibaba was placed on a US blacklist for fakes. A US industry watchdog called the company’s Taobao website (the world’s largest e-commerce platform) a “notorious” market for counterfeiting and piracy. Now Alibaba is diligently combatting this label. Via a program called Operation “Cloud Sword” big data technology such as advanced algorithms, machine learning, optical character recognition (OCR), and mapping technologies, is used to generate clues to help identify and take down fakes.

In January Alibaba sued two fake Swarovski watch sellers who allegedly link merchants with people willing to falsify purchases and write positive comments on its Taobao e-commerce platform for violations of goodwill and contract. The company claimed 1.4 million yuan, or about $201,000, in damages. Shenzhen police raided the seller and confiscated about 125 counterfeit watches after Alibaba’s claim. Alibaba used gathered and analysed data to identify the counterfeit Swarovski merchants and subsequently purchased a watch from the seller in a test-buy program.

Zheng Junfang, chief platform governance officer of Alibaba Group said. “We will bring the full force of the law to bear on these counterfeiters so as to deter others from engaging in this crime wherever they are.”

Has President Trump’s executive order on ‘Public Safety’ killed off Privacy Shield?

Governments rightly accord great attention to the importance of privacy and human rights but are also cognisant that there are situations where public authorities require access to the content of electronic communications. Three decades of negotiations and agreements on what constitutes acceptable levels of sharing of personal data and communications between the US and Europe resulted at the start of 2016 in the Privacy Shield agreement which provided obligations to protect and monitor the shared personal data of Europeans.

In his first week in office President Donald Trump signed six executive orders (Obama managed 5 in the same period). The order “Enhancing Public Safety in the Interior of the United States” has caused a huge reaction and controversy due to the attempted ban on citizens from seven countries but there are also important implications for data protection and human rights beyond those boarders.

Section 4 of the Executive Order instructs agencies to employ “all lawful means to ensure the faithful execution of the immigration laws of the United States against all removable aliens”. And Section 14 states that “agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information”.

These sections relate to all visitors and foreign nationals irrespective of nationality. A removable alien refers to all non-USA citizens. The Order makes it quite easy for any non-USA national to be considered a risk to public safety and therefore become a legal subject for agencies to access the content of electronic communications and personally identifiable information.

Fundamental stipulations of the Privacy Shield agreement are that companies operating in the EU can only share and send personal data to “third countries” outside the EEA if they guarantee adequate levels of protection, ensure equivalence of privacy protections for European citizens’ data in the U.S. and that the monitoring remains necessary and proportionate (unlike the U.S. Government mass surveillance programs which led to the invalidation of the Safe Harbour agreement). The essence of the fundamental right to respect for private life must not be violated.

By considering any non-USA citizen as a removable alien it is difficult to see how the equivalence of protection for US and EU citizens can be ensured.