DNS Belgium will now take offline fraudulent websites within 24 hours

DNS Belgium will now take offline fraudulent websites within 24 hours
Source of the picture: Kreutzfelder via Pixabay

In the context of the fight against insecurity on the web, DNS Belgium, the .BE registry, decided to intensify its action by cooperating with the FPS Economy [The FPS Economy, SMEs, Middle Classes and Energy is a Federal Public Service of Belgium which is responsible for contributing to the development, competitiveness and sustainability of the goods and services market in Belgium] in order to shut down fraudulent websites within 24 hours.

Philip Du Bois, general manager of DNS Belgium indicates: “This protocol will enable us to take even more targeted action, together with the FPS Economy, against possible abuses where .be domain names are involved. It underscores our ambition for a high quality and safe .be zone which serves as suitable environment for the further development of the Internet.”

The aim: to ensure consumers a completely safe Internet browsing on .BE websites.

This procedure will ensure a much higher reactivity. Indeed, until now, FPS Economy couldn’t request a blocking from the registry regarding the content, moreover fraudulent websites with correct identification data (at least of which the forgery couldn’t be proven), were untouchable. The blocking required a request from the Prosecution, i.e. a two weeks long procedure, which left plenty of time for the fraudulent website to create important damages to the consumers. Several hundreds of such websites per year were concerned!

From December, the 1st 2018, the protocol will then allow at the request of FPS Economy, the DNS Belgium registry to block .BE domain names which:

  • Are used for fraudulent websites
  • Host phishing websites

Of course, this procedure will be applied in the case of serious crimes.

The blocked domain name’s owner will have two weeks to react against the blocking. Without action of their part within 6 months, the blocked name will expire.

This still too rare initiative is to be welcomed in a context of the fierce fight against cybercriminality!

Google makes HTTPS encryption mandatory for its 45 new TLDs : .dev / .app / .how…

Google makes HTTPS encryption mandatory for its 45 new TLDs - HSTS
Source : Sean MacEntee via flickr

In a recent article in this blog, we mentioned the arrival of Chrome 68 in July 2018 and the fact that HTTP will be considered “not secure” from then on. Well, this is not the only weapon that Google is planning to use to encourage large-scale adoption of encrypted websites.

You may not be aware, but Google has submitted a number of applications to ICANN as part of the new TLD program, and as a registry, they have secured the management of 45 top-level domains*. Just as the .bank and .insurance extensions have very strict security rules, Google has announced that they will apply HSTS implementation and pre-loading to their new TLDs therefore making HTTPS implementation mandatory.

What is HSTS?

HTTPS Strict Transport Security (HSTS) is a way in which browsers automatically enforce HTTPS-secured connections instead of unsafe HTTP. For example, if the website http://www.nameshield.net is on the list, a browser will never make insecure connections to the website, it will always be redirected to a URL that uses HTTPS and the site will be added to its list of sites that must always be accessed through HTTPS. From thereon, the browser will always use HTTPS for this site, whatever happens, whether the user has accessed the site via a Favorite, a link or simply by typing HTTP in the address bar, he has nothing more to do.

HSTS was first adopted by Chrome 4 in 2009, and has since been integrated in to all major browsers. The only flaw in the process is that browsers can still reach an unsafe HTTP URL the first time they connect to a site, opening a small window for attackers to intercept and carry out such attacks as Man-in-The-Middle attacks, misappropriation of cookies or the Poodle SSLv3 attack which was very much in the news in 2014.

A fully secured Top-Level Domain

HSTS pre-loading solves all this by pre-loading a list of HSTS domains into the browser itself, eliminating the threat of attacks. Even better, this pre-loading can be applied to entire TLDs, not just domains and subdomains, which means that it becomes automatic for anyone who registers a domain name ending in that TLD.

Adding an entire TLD to the HSTS pre-upload list is also more efficient because it secures all domains under this TLD without having to include all of the domains individually. Since HSTS pre-load lists can take months to update in browsers, TLD setup has the added benefit of making HSTS instant for newer websites that use them.

HTTPS deployment will be obligatory for .app and .dev extensions

Google is therefore planning to make HSTS mandatory for its 45 TLDs in the coming months. What does that mean? Millions of new sites registered under each TLD will now be HTTPS (and domain owners will need to configure their websites to switch to HTTPS or they will not work). In order to use a .dev, .app, .ads, .here, .meme, .ing, .rsvp, .fly … domain name, you will need to acquire an SSL certificate and deploy HTTPS.

Our team is at your disposal for any questions related to TLDs, domain names or SSL certificates.

* Google’s 45 TLDs: .gle .prod .docs .cal .soy .how .chrome .ads .mov .youtube .channel .nexus .goog .boo .dad .drive .hangout .new .eat .app .moto .ing .meme .here .zip .guge .car .foo .day .dev .play .gmail .fly .gbiz .rsvp .android .map .page .google .dclk .search .prof .phd .esq .みんな .谷歌 .グーグル

South Africa, domain names and brands: the advantage of a simultaneous registration

South Africa, domain names and brands: the advantage of a simultaneous registration

The domain name is to the virtual, what the brand is to the real. It is actually a little more complicated but this small sentence allows to associate brands and domain names.

It’s in the context of this shared vision, that the South African brands registration Office, CIPC has developed a partnership with the registry of .ZA, the South Africa geographic extension.

Thus, the brand applicants can choose the “domain name” option, registering that way the two protections. This is here the first collaboration I’ve seen between these kinds of registration office.

For more information, you can read the CIPC press release.

Note that a webinar is planned on Thursday January 25 2018.

The blockchain at the service of domain names

The blockchain at the service of domain names
Photo’s author : Ethereum – Source : https://www.ethereum.org/assets

The case of Ethereum foundation and the «.ETH » extension.

Ethereum is a foundation created during 2015, by Vitalik Buterin, a 21 years old Canadian. This foundation aims to promote the Ethereum blockchain technology, created by this young computer engineer, who proposes in addition to a virtual currency, like the Bitcoin blockchain, the possibility to create applications ensuring traceability, inviolability and sustainability of the transactions they manage. To allow to the greatest number of people to access to these applications, the Ethereum foundation has recently presented the ENS for «Ethereum Name Service», and its corollary, the «.ETH» extension.

Back to the Blockchain technology

For the record, the concept of blockchain, can be defined as being « a technology of storage and transmission of information, transparent, secured and operating without a central review body » (source: https://blockchainfrance.net/decouvrir-la-blockchain/c-est-quoi-la-blockchain/).

Thus, if we take the example of the Bitcoin blockchain, the purpose was to create a virtual currency. The major interest consists in the absence of any central regulatory body, since it is controlled and managed by the community members, in a fully decentralized way. Any transaction done on the blockchain leads to an inscription in a block, published on a registry shared between the members. The transactions’ inscription in a block is carried out by « miners », who check, register and secure the transactions in the blockchain. This database hence lists all the transactions in blocks, creating a blocks chain supposed to be immutable and inviolable, due to the use of electronic signatures, and redistributed on the network, since it is decentralized.

Ethereum blockchain also has its currency, namely the Ether. But unlike Bitcoin, Ethereum didn’t create a virtual currency but has extended the use of the blockchain to other applications: the «smart contracts». Thus, Ether must not be considered as a currency but rather as a consumable allowing to exchange on the blockchain, use the applications it hosts.

The « smart contracts » concept

Ethereum proposes many possibilities of decentralized applications usable on its blockchain. These smart contracts are defined by the Blockchain France website as being « autonomous programs, which once started, automatically execute predefined conditions. They operate as any conditional instruction of « if – then » type (if such condition is verified, then such consequence is executed) ».

Concretely, this is a decentralized application, developed according to the Ethereum programming language (the Solidity), which automatically executes predefined instructions, on the conditions that the requirements are met, without the assistance of a third party, and ensuring that no modification is possible. These programs are executed on the Ethereum blockchain and controlled and certified by its members.

Thus, the promise is to delete intermediaries thanks to the total decentralization, managed by the processes automation.

For example, among possible applications, Ethereum foundation has announced on May 4th 2017, the creation of Ethereum Name Service, allowing domain names registration using «.ETH » extension.

Names’ registration in «.ETH »

The Ethereum Name Service, or ENS, corresponds to the Internet DNS, managed by ICANN, but unlike the latter, ENS is not based on root servers, but on the multitude of servers/machines, members of the Ethereum blockchain.

This is not a new registry having created another extension, but rather an alternative notion of the Internet.

Indeed, ENS is neither attached to the Global DNS, or to the IANA organization, nor to ICANN. ENS is a naming system specific to the Ethereum blockchain.

Domain name registration using «.ETH » is operating in a different way than classic domain name registration. This is a bidding system by anonymous deposit of a number of Ethers. In short, the name request opens a 72 hours period allowing other persons to bid. A second period of 48 hours then opens, during this period, each bidder must disclose their bid. The best bidder wins the name registration and is refund of their bid, minus the value corresponding to the difference of amounts between the two best bids. These funds are kept in a contract during 1 year minimum and can be removed at the end of this period, subject to release the name. If the name is the subject of one bid only, the bid’s winner is refund of the invested Ethers, except 0.01 Ether, corresponding to the minimum bid. This system should allow according to the ENS developers to prevent from speculation on domain names registration.

The system then doesn’t need an authority like ICANN, since the names ‘attribution is automated thanks to an IT program distributed and secured on the blockchain.

Nevertheless, if you type a domain name in «.ETH » in your browser search field, like Google Chrome, or Mozilla Firefox, an error page will be displayed. Indeed, the registered names in «.ETH » are not recognized by these browsers, since they aren’t part of the DNS network, they aren’t recognized as a domain name. Google Chrome extensions are proposed to create a bridge between the « web Ethereum » and the Internet that we know.

Hence, essentially, names currently registered in «.ETH » are only usable on the Ethereum blockchain, and therefore don’t affect the general public.

Lastly, the first use of ENS is, like the DNS, to allow the user to read and remember more easily an address by giving it a meaning. The DNS allows to translate an IP address in a legible address via the domain name.

Thus, ENS allows to translate an Ethereum user’s address (a user portfolio) of type «f14955b6f701a4bfd422dcc324cf1f4b5a466265 » in « myfirstname.eth ».

For example, when a user wishes to send Ether to another user, they only have to know their domain name and not their user address anymore. These domain names have a quite limited use, but may thereafter be used to access to future Ethereum applications.

The risks of the «.ETH » for brands owners

To this day, current web browsers don’t support these extensions, it seems that brands owners have no need to worry.

However, many French and international brands are « cybersquatted ». I.e. Ethereum users have won bids on brands names like « samsung.eth » or « volkswagen.eth ». They take over the name’s ownership for one year.

At the end of this first year of registration, the owners may release these names to retrieve the Ether stock associated to the name.

Risks should not be excluded in a near future if the «.ETH » are led to become more common and to offer interesting uses for the general public. Under this hypothesis, current web browsers could natively integrate «.ETH », in the same way as «.COM » or «.XYZ ».

Therefore, the owners of «.ETH » taking registered trademarks, for example may seek to benefit from this registration by using the reputation or identity of these protected brands, in order to divert the traffic to their own products or services. It may also be competitors seeking to tarnish their competitor’s brand image.

In the ICANN system, the rules enacted, in particular with UDRP procedures, propose to overcome these risks afterwards by allowing brands owners to try to recover a domain name using unjustly their brand. The restrictive nature of these rules, accepted and respected by registration offices, facilitates the application of the decision of Arbitration Center experts, and thus a domain name transfer to their rightful owner.

In the ENS system, there is no central authority which could enact these rules. Furthermore, domain names in «.ETH » have no real Whois file. To register such a domain name, they need to have Ethers and to create a portfolio. The identity is concealed behind a characters sequence, i.e. the digital impression of a cryptographic key. Therefore, it seems difficult to know the real identity of an owner in «.ETH ».

Furthermore, unlike the current system, it seems difficult to justify a territorial competence for «.ETH». The blockchain is not linked to any territory, it is distributed on all its members ‘machines, and thus all around the world.

The solution could eventually be developed by the Ethereum users themselves. It’s not to be excluded that an application is created in order to check the legitimacy of a domain name owner, on the basis of criteria defined in a program, like for example, the risk of confusion regarding a preexisting brand, and the good faith criteria in the use made of them. The constitution of a «popular jury » with voting materials would allow to decide on the issue as the result of a complaint from another member.

 

 

Disastrous consequences of a domain name non-renewal

Domain name - domain names renewal
Source of the image : SEO Link Building

The American telecommunication company, Sorenson Communication, has forgotten to renew a domain name for only a few days in June 2016. The decision has fallen at the end of September 2017, Sorenson Communication has to pay a fine of 3 million dollars. Why such a high amount?

The domain name which has fallen back into public domain was carrying a critical service for some users! It was the “Video Relay System” which telecommunication companies must provide to deaf people and persons with vocal disabilities, so they can make video calls and contact the 911 USA emergency number, by using sign language. Utah residents with these disabilities were unable to reach 911 for 3 days!

Sorenson Communication indeed realized rather late its omission and ended up renewing the domain name only 3 days later.

But this kind of omission can be easily prevented, thanks to the “automatic renewal” option for all your domain names portfolio. Your critical domain names, carrying services, website and/or mailboxes, will not be interrupted by a simple renewal omission.

On the fine of $3 million, 252 000$ are transferred to “The Federal Communication Commission” and $2.7 million to the company of “Telecommunications Relay Services Fund”, which has found a temporary solution to rent its bandwidth during these 3 sensitive days.

Acquisition of Rightside by Donuts: What are the consequences on DPML Programs?

Acquisition of Rightside by Donuts: What are the consequences on DPML Programs?

At the Internet new extensions launch, Donuts operator, the biggest extensions applicant (.services, .legal, .photos, .vin etc.) has launched a specific protection program in addition to the TMCH.

The Donuts Protected Mark List (DPML) allows to block the registration by a third party of a domain name similar to the brand under all the extensions managed by the registry.

For example, if the brand “iPhone” is registered in the TMCH (prerequisite) then in the DPML, no one can register <iphone.photos> or <iphone.services>, as well as the other hundred Donuts extensions.

Other registries have also created protection programs, in common with Donuts’ DPML, on more restricted perimeters. It was the case of Rightside which managed the following 40 extensions:

.ACTOR

.AIRFORCE

.ARMY

.ATTORNEY

.AUCTION

.BAND

.CONSULTING

.DANCE

.DEGREE

.DEMOCRAT

.DENTIST

.ENGINEER

.FAMILY

.FORSALE

.FUTBOL

.GAMES

.GIVES

.HAUS

.IMMOBILIEN

.KAUFEN

.LAWYER

.LIVE

.MARKET

.MODA

.MORTGAGE

.NAVY

.NEWS

.NINJA

.PUB

.REHAB

.REPUBLICAN

.REVIEWS

.RIP

.ROCKS

.SALE

.SOCIAL

.SOFTWARE

.STUDIO

.VET

.VIDEO

At the end of July, Donuts announced the acquisition of Rightside.

What are the impacts of this acquisition on the holders of these two protection programs?

  • The DPML now integrates the extensions of Rightside, without supplementary cost.
  • It’s not possible to only subscribe to Rightside’s program anymore, you will have to necessarily turn to Donuts’ DPML.
  • It will not protect the names previously registered by third parties.
  • It excludes premium domain names.

If you want to register your brand in the TMCH and/or in the DPML, don’t hesitate to contact your interlocutor at Nameshield.

 

Irma storm and its unexpected consequences on the domain names industry

Irma storm and its unexpected consequences on the domain names industry

.TV means television, .FM, FM radio, .IO tech companies…

Actually no. In fact, yes but no. These codes do not designate sectors of activity but territories according to ISO 3166-1 alpha 2:

  • TV is for Tuvalu, a Polynesian state;
  • FM is for Federated States of Micronesia ;
  • IO for British Indian Ocean Territory.

Why such a mix of genres? In fact, domain names and geopolitics make a whole.

When you communicate with a .COM domain name, you trust Verisign, an American company. With a .FR, it’s the AFNIC! For the .TV, nothing to fear, this extension is technically delegated to Verisign. And for the .IO, it will be said that the infrastructure is fairly resilient. Why mention this reality?

Simply because geopolitics are moving, political events have frequently cut off domain name extensions. This is the case of .LY, which corresponds to Libya. For example, South-West professionals communicating in .SO met some technical problems when Somalia has cut its DNS infrastructure for some time.

Precisely, that’s what happens with the .AI. AI for Artificial Intelligence? Not at all, it is the country code of Anguilla, a territory heavily affected by Irma Hurricane. Thus, many companies using .AI domain names have encountered difficulties in registering, managing or renewing their domain names.

But then, how do we do? This is precisely what is exciting in this intangible industry: if no guide is available to track real-time geopolitical movements and the consequences on registries’ DNS availability, Nameshield informs you in real time.

Do not hesitate to contact us if you have any questions.

.BRAND : 4 episodes, for this summer

.BRAND : 4 episodes, for this summer
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/

Act 4: Reconstruction

While a myriad of new extensions were open for recording, the time was to select .COM, .CM, .OM, .CO or .CAM records? .FR or .FRL?

The decision to make registrations in all new extensions of course has a high cost and is no longer necessarily wise.

This is also why, some brands have chosen a .BRAND: its own TLD, its own sovereignty, its own management rules! Many brands have opted for this configuration and we can see now the blooming of .BNPPARIBAS, .ALSTOM, .SNCF, .LECLERC, .GOOGLE …

This reflection on .BRAND has sometimes been badly conducted: some brands have now abandoned their own TLDs, such as McDonald’s. ICANN has a list of these TLDs, along with the very formal letters from the companies asking to remove the area of ​​confidence, historically so costly. It reminds me of The Fallen Astronaut. We can say that the abandonment of these TLDs will be used for others to build themselves up. A good general uses the strength of the enemy as Sun Tzu said!

These discontinuations show that the companies concerned have not seen today the benefits they could make from the costs associated with the creation and management of a .BRAND. Others, more daring, have discovered the interest and / or imagine discovering new service opportunities allowing them to have an increased or even total control over their infrastructure to come with high stakes, Internet of Things, Industry 4.0 …

Let’s wait for the first connected objects and the deployment of a real infrastructure around a resilient .BRAND and we’ll see!

Read act 1: Denial (and Anger)

Read act 2: Expression

Read act 3: Depression

 

.BRAND: The importance of the digital strategy, or the McDonald’s case

McDonald’s! The symbol of globalization: from the invention of the express service by the eponymous brothers to its successful franchise by Ray Kroc (I recommend the film ‘The Funder’), McDonald’s is an example of post-war entrepreneurial success. The BigMac, the Filet o’Fish? These are the inventions of franchisees that headquarters have agreed to develop throughout the world. A model of innovation.

What about their digital strategy? When Internet arrives and everyone talks about it, a Wired reporter contacted McDonald’s to explain that Burger King could record mcdonalds.com. McDonald’s will not register it. Then the reporter does, the US firm tries to recover it and will donate 3500USD to a school in order to buy computer equipment.

Once bitten, twice shy. As a result, McDonald’s is creating a preventive policy of registration of domain names: goldenarches.com, mcd.com, bigmac.com, …

If RayKroc.com and mcdo.com are already cybersquatted, the implementation of a defensive registration policy has begun.

Thus, when the new gTLD program is launched in 2012, McDonald’s is a candidate and wins the .MCD and the .MCDONALDS (MCD is used internally for e-mail).

 

McDonald's Illustration: Home page of NIC.MCD
Illustration 1: Home page of NIC.MCD

We note the weak development on the home page of the .MCD, which is limited to ICANN’s obligations regarding the presentation of the TLD.

 

McDonald's Illustration : WHOIS of .MCDONALDS
Illustration 2: WHOIS of .MCDONALDS

 

The Whois service of the .MCDONALDS allows the identification of the owner, although, as presented in the file for ICANN, the .MCDONALDS is not intended to be an open extension.

What is interesting in the Whois is the joint management of different departments:

  • First contact: IP Division, Eric William Gallender, Senior Intellectual Property Counsel
  • Second Contact: Marketing Division, Anja Morrison Carroll, ‘Senior Director, Marketing’

In the motivations of the company to benefit from a .MCD and a .MCDONALDS coming from a public document, we can find the will to recreate confidence. McDonald’s highlights its gTLD, ccTLD and preventive registrations (.XXX, among others).

McDonald’s has many commitments:

  • provide an easy and intuitive reference and access point for internet users;
  • represent authenticity thus promoting user confidence;
  • direct internet users to locally relevant information and products;
  • use appropriate geographic names to connect with internet users in the relevant regions ;
  • potentially use IDNs to enable customers to interact in their native language;
  • enhance security and minimise security risks by implementing necessary technical and policy measures;
  • strengthen brand reputation and user confidence by eliminating user confusion; and
  • prevent potential abuses in the registration process reducing overall costs to businesses and users.

However, on May 2nd, 2017, a signed letter from VP Global Brand Marketing, Colin Mitchell announces the end for both TLDs.

There is no reason mentioned to justify this request and McDonald’s IP has not responded to the requests for communication.

McDonald's illustration: The letter of McDonald’s
Illustration 3: The letter of McDonald’s

McDonalds has failed to do with these two TLDs more than a trusted place for the websites: a .BRAND, yes, but it’s necessary to have a real strategy of deployment and use.

Creating a .BRAND with the only purpose of defending the intellectual property doesn’t seem, in that light, to be a successful tactic. The success of a .BRAND is mainly conditioned by an effective strategy, and its development has to anticipate far ahead, its use, as well as its implications regarding the digital and commercial communication.

 

 

.BRAND : 4 episodes, for this summer

.BRAND : 4 episodes, for this summer
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/

Act 3: Depression

 

Five years ago, the number of domain name extensions was alright: less than 500. It was still possible to register its trademark and its company’s name in the extension of its choice and to act against fraudulent deposits. Attacks were unusual and you defended yourselves when smart little ones made contentious deposits. Some extensions only accepted subdomains registrations, such as Australia and the United Kingdom. Impossible to save at the root and impossible to register without having any rights: .CO.UK for companies, .AC.UK for the academic world,…

But that was before.

 

Domain names - Number of delegated TLDs

 

Then arrived several generic extensions and if the rare extensions created, caused only few problems (.MUSEUM, .MOBI, .AERO,…), this was not the case for the thousand new delegated extensions following the new gTLD program, opened on January 12, 2012. Although brands have filed .BRAND or .COMPANY to protect their territories, many extensions were open and the registration race allowed smart little ones to create big damage. The registration of BLOOMBERG.MARKET and VINCI.GROUP are two particularly well-known examples.

Today, the management of domain names is managed by people dedicated to this activity, mostly within marketing, legal and IT departments.

But what do you have to do? Register your brand in all TLDs? Spend an important amount in domain name retrieval procedures? An in-between?

Interesting alternatives are born from the opening of the new gTLDs:

  • Create a closed extension with subdomains to find the identification-trust link, such as the .FX project I presented a few days ago to NetWare2017 ;
  • Create your own extension: some already do this well, like .BNPPARIBAS or .LECLERC ;
  • Help the end user and this is the project of the Nameshield’s CEO, through Brandsays, a browser extension.

If the brands continue to rightfully submit domain names, they will also develop other means of access, such as SEO or social networks.

While INTA, in its recent study, highlighted impressive figures regarding defensive actions, to get the right answer, you have to ask the right question. We will see in the fourth and last episode of this summer saga, how to understand the .BRAND strategy.

 

Read act 1: Denial (and Anger)

Read act 2: Expression

Read act 4: Reconstruction