Category: News

Black July for the .xyz

.XYZ - new gTLD

The volume leader of the new gTLDs has seen its zone file cut by more than half.

While it started its July month with more than 5.2 million of registered domain names in its zone, it had only 2.5 million on Monday 17, letting the .top get its way back to the top in the meantime.

How to explain such a phenomenon?

First of all, the multigenerational extension doesn’t escape the non-renewal law.

A year after having massively registered at the derisory price of 0.01$ or even received for free their domain names in .xyz, the acquirers simply don’t renew these latter, hence a considerably reduced zone file.

Last but not least, a big part of the non-renewals comes from the ban done to registries by the China Ministry of Industry and Information Technology to sell .xyz.

Yet, half of the registered domain names in .xyz were owned by people in China.

The case is currently in the process of being resolved, so the .xyz has yet to type its final point.

Nameshield: The first French registrar certified ISO 27001 on all its registrar activity

Nameshield's ISO 27001 certification

 

 

Nameshield is proud to announce its ISO 27001 certification on all its registrar activity, the product of many months of work.

Why the ISO 27001 certification?

Since its creation, 23 years ago, Nameshield has taken to heart to provide to its customers the best services under conditions of optimal security. By choosing the ISO 27001 standard, this constant care given to all our services is now certified by a competent authority.

The impressive rise of the occurrence and the force of the cybercriminal attacks has comforted the founder and CEO of Nameshield, Jean-Paul Béchu, in his determination to propose to all our users an ISO 27001 certification on all our registrar activity.

Today, it’s frequent that cybercriminals attack services providers in order to reach indirectly their final targets. And if our Security Officer of Information System monitored already the security of our infrastructure, the ISO 27001 reinforces the requirements.

If Nameshield has engaged in this process, the result of an important investment, human and financial, it’s because it’s essential for us to demonstrate and certify the dimension of our engagement in term of security.

To be certified ISO 27001 is to ensure our customers and partners that the security of the Information systems is completely integrated and that Nameshield is committed to a process of constant improvement requiring specific resources, which we have chosen to deploy.

The certification confirms the competence of Nameshield’s employees and their expertise in the protection of critical information.

 

What is the ISO 27001 certification?

ISO 27001 is an international standard which describes the requirements for the establishment of an Information security Management System. This one is intended to choose the security measures to set up in order to ensure the protection of sensitive goods of a company on a defined perimeter. In the case of Nameshield, it covers all of its registrar activity.

At a higher level, the ISO 27001 standard requires that the managers of the company are involved in the cyber defense. In parallel, a steering committee follows the implementation of the new arrangements respecting the standard.

An audit carried out by LRQA, the World Leader of the certification of value added Management systems, allows us to deploy our security measures and to become the first French registration office to be certified on the complete perimeter of its registrar activity.

Nameshield, your trusted partner.

 

.BRAND : 4 episodes, for this summer

.BRAND : 4 episodes, for this summer
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/

Act 1: Denial (and Anger)

 

The brand, a forbidden territory. Everything is played out by attacks, complaints, courts. A ruthless world. Since the 23rd of June 1857 and the creation of the first system of trademarks by France, it is possible to benefit from an exclusive right of use for a term on different applications. Otherwise the law is coming. The arrival of the Internet will shake up this foundation.

If one remembers the Milka conflict with Kraft foods, which led to the famous opposition between Milka Budimir, a seamstress in Bourg-lès-Valence, and the American giant Kraft Foods about the domain name milka.fr, we can keep in mind the case of many domain names holders who succeeded in winning attacks against those bigger than them.

The expression of David vs Goliath is illustrated in France with leclerc.fr, domain name registered by a fan of the Leclerc tank. In spite of an attempt at recovery of SYRELI type, the tradesmen never succeeded in obtaining this famous domain name. For posterity, the justification of the individual will be retained in his argument: “… in life there are not only shopping centers and consumption, France is above all, a country of history, a strong history of which we can be proud!”

 

.BRAND - Leclerc.fr website
Leclerc.fr website

 

In the United States, the case of Nissan Computers is interesting. The little known IT company was registered after the name of its owner, Uzi Nissan. The eponymous Japanese company Nissan Motors evidently pouted at the deposit of nissan.com and tried to recover the domain name in question. Despite an incessant media campaign and numerous attacks, today nissan.com remains the property of Nissan Computers. Nissan Motors now uses nissanusa.com for its US business. In this case, the Nissan.com website only reflects Nissan Computers’ computer sales activity. We can instead find a strong attack against Nissan Motors. A bad buzz in action!

 

.BRAND - nissan.com website
Nissan.com website

 

What can we keep in mind through these two experiences? A relatively interesting bone marrow: the domain name, this intangible asset representing the image of a company, has not been sufficiently monitored by multinationals.

Schmidt launches its new website in dot brand: Home-design.schmidt

Schmidt is one of the first French brands of kitchens, but also the first kitchen furniture export company in France.

Schmidt group has decided to launch its new website in « .brand » (dot brand), .schmidt and thus has joined many big companies which have made this bet, like BNP Paribas (mabanque.bnpparibas), MAIF (voyagepro.maif), Club Med (corporate.clubmed) or the latest, SNCF (oui.sncf).

Schmidt chose to regroup its activity under the « home design » designation which describes well its industry. The company is not only dedicated to the kitchen world but also proposes bathrooms and “custom-made” furniture for the entire house: dressing, TV furnitures… all with a design touch.

The domain name home-design.schmidt allows on the one hand, to optimize the SEO and on the other hand, to facilitate its development and its international communication. After its launch in Great Britain at the end of April, the website arrives in Belgium, and will continue with Spain, Italia and Switzerland by July the 4th.

The domain name home-design.schmidt is easy to recognize and to remember for general public.

dot brand - Home-design.schmidt website
Home-design.schmidt website

But what is the benefit for brands to have their own extension?

In 2013, some companies (including some thirty French companies) wished to have their own « .brand » extension, in order to capitalize on their leading brand. Most of them wanted to secure and protect their naming spaces (to limit intermediaries in the chain of actors involved on a domain name registration). The purpose is also to have a domain name really distinctive and reassuring for the final consumer. The brands fight against cybersquatting, but this is an endless war. It represents an important annual budget and doesn’t limit the damages enough. The message of the brands owners of a « .brand » (dot brand) is the following: If you’re not on my « .brand » website, then you don’t buy the products or services of my brand.

This practice to communicate in « .brand » isn’t known enough by the general public. Of course, the consumers’ awareness should be increased in order to use extra caution during their navigation, and that means the domain name verification.

So having its « .brand » is a differentiating factor and will be more and more used for marketing purposes.

.brand - ma.cuisinella website
ma.cuisinella website

Bitter taste to confectionary disputes

KitKat Nestlé - confectionary disputes

 

Last week the UK Court of Appeal ruled on the long running battle between Nestlé and Cadbury (owned by Mondeleze) over the attempt to register the shape of the KitKat bar in the UK.  Trademarks need to be a “badge of origin”. In particular registration of a shape mark requires good evidence of acquired distinctiveness to show that consumers rely on shape in a “trade mark sense”. The UK court has ruled that this is not the case for the KitKat shape. The mere fact that consumers recognise the mark is insufficient and the applicant must demonstrate that a significant proportion of the relevant public rely on the mark to indicate the product origin.

KitKat Bar - shape mark

Once again this shows how applications for non-traditional marks are more vulnerable to objections for lack of distinctive character.

But it is also interesting that the industry continues to fight these costly battles. Most of us might view these disputes as irrelevant and a waste of money but the parties involved see them as a battle for an all-important edge in the marketplace. The confectionery industry is extremely competitive – the aim is to ring-fence your brand and intellectual property rights in order to block others from cutting into your space.

There are quite a few registered shape marks in the world of confectionery and many of them have seen some level of trademark dispute.

 

Some well-known shape marks:

Bitter taste to confectionary disputes

The maker of the Golden Bunny, Lindt, launched a chocolate teddy bear. Haribo, which invented gummy bears in the 1920s, said shoppers would confuse the two products, even though Lindt’s bears are made of chocolate and gummy bears are jelly sweets.

 

Examples of colour marks:

Color marks

Both these shades of purple are used for chocolate products and are owned by Kraft / Mondelez. But there has been an ongoing battle between Nestle and Cadbury about the legitimacy of use as a trademark. The British public has linked this shade of purple with Cadbury for over a century in the same way that the Milka shade is well accepted by a wider European consumer audience.

Cyber-blurring: the strategy used by Macron’s digital team to face cyberattacks

Cyber-blurring - the strategy used by Macron’s digital team
Photo : www.gouvernement.fr

 

May the 5th , 2017, two hours before the end of 2017 presidential campaign, thousands of documents owned by the campaign team of the candidate Emmanuel Macron have been leaked and have been made public on American forum 4Chan, relayed by Wikileaks. Social media have played an important role in the attack and content diffusion: internal discussion of the political party, briefing notes, pictures, bills, accounting, which represent 9 gigaoctets of hacked data.

Since the beginning of the presidential campaign, it wasn’t the first attack faced by the team of En Marche’s candidate.  Alerted of a potential attack a long time ago, they have set up a cyber-blurring strategy to defend themselves. This method creates dozens of false documents (false emails, false passwords, false accounts) trying to slow down hackers’ work. This strategy is often used in the banking field to protect their customers. (This diversion method is also called digital blurring.)

 

L'Express Twitter account - Cyber-blurring: the strategy used by Macron’s digital team to face cyberattacks
L’Express Twitter account

 

Even if Mounir Mahjoubi, digital director of the En Marche campaign, thinks to have slowed down the hackers’ job with this cyber-blurring method, despite these measures, the attack was not avoided.

The hackers didn’t ask for money in exchange of the documents publishing. These documents which are not compromising for the Emmanuel Macron’s team, were not monetizable because the hackers would have to sort out 9 gigaoctets of data in a few period of time.

Consequences are few on the presidential campaign and the En Marche staff was not really affected. This counterattack was well implemented.

The hackers who were against Macron, didn’t have the success desired. Nevertheless, this failure will get them to become smarter, more ingenious, less visible and better prepared for a next attack.

To be continued.

Mastodon : What about cybersquatting ?

Mastodon : What about cybersquatting

 

Communication on social media is the subject of many justified concerns from trademarks owners. As a matter of fact, user’s names creation, called “username”, are not legally protected beforehand. Specifically, the owner has to register or retrieve the username corresponding to their brand or demonstrate to the social media that the use of their brand is used with ill intent. In short, it’s a time consuming activity…

Mastodon, a few months old social network, trendy since a few days, is the subject of some articles regarding its nature, process and goal. But what about the associated brands protection?

Mastodon is a social network, created by Eugen Rochko, a 24 years old German developer. Twitter’s clone where characters are limited to 500, Mastodon is free, open source and not centralized. We will be interested in this last term. It’s possible to access Mastodon with its “basic official” website mastodon.social.

However mastodon.social is only an instance, you can use others like mastodon.fun developed in Angers. You choose a username for an instance and your complete username will be @username@instance. Keep in mind that instances are associable with each other, giving them a federal term.

Anyone can create an instance, so you have two cumulative possibilities:

  • Either you register your brand for all existing instances (today there are more than 2000 of them and it’s only the beginning).
  • Or you create your instance, closed, corresponding to your brand.

As you might have guessed, I will advise you the second choice: as it doesn’t exist any certification on Mastodon, anyone can be anybody. But by creating an instance corresponding to your principal domain name, you create this certification!

Of course .BRAND owners should create social.BRAND so they have a dedicated instance which allows them to highlight their TLD, like @pierre.dupont@social.brand.

If you need more information on Mastodon, don’t hesitate to contact us.

Good name, bad product

New product development is exciting – and costly. In addition to the essential R&D, market research and marketing initiatives, all products require a name which is (ideally) distinctive and available. Finding the right name in itself is a costly business that involves many steps: name & logo creation, trademark research, brand validation & strategy, trademark filing and protection). Depending on where you plan to launch and therefore protect your product name will define the costs which will probably range from $5,000 to $50,000+.

A failed product is a costly error for any company. In addition to the wasted time the failure can haunt companies for years to come. Now a new museum is opening in Sweden to celebrate these failures and hopefully to help companies learn how to succeed.

The Museum of Failure (museumoffailure.se) opens in Helsingborg in June this year with the tag line “Learning is the only way to turn failure into success”. The collection consists of over sixty failed products and services from around the world, many of which have carefully created trademarked names. The founder Samuel West comments that even big and competent companies fail. It is important to create a culture that accepts failure and learns from it.

Here are some of the branded exhibits which have failed for various reasons ranging from poor design to products that were just plain awful or simply useless.

 

Examples of failed products

 

One interesting exhibit on display is a board game called Trump, The Game. This was similar to Monopoly but with Trump dollars, Trump properties and T-shaped game pieces. Trump, The Game was launched in 1989 but only sold 800,000 units instead of the estimated two million copies. It was re-released in 2004 but still failed to impress. It is interesting to note that the original trade mark is no longer in force but a new application was filed in the US at the end 2016.

 

Trump, The Game

New extensions: The first signs of a (R)evolution?

Domain names registration strategies follow reasoning sometimes hard to understand. However “sheep-like” reasoning is the one we can easily observe.

When Alphabet (Google) used for the first time its domain name ABC.XYZ, a sensitive rise of registrations for this extension has been observed. More than a simple registration, ABC.XYZ has created for the public, informed or not, an interrogation on the extension used: “they aren’t in .COM?”

 

New extension - abc.xyz Alphabet Google

 

New gTLDs’s program by ICANN has generated many thoughts on naming politic on the web. Until now, these extensions weren’t well known by the general public, despite the real concern of the brands to communicate on this subject: BNP Paribas, Leclerc and AXA for French examples, which have chosen a dedicated extension.

New gTLDs creation allows to register domain name by searching to give a meaning to the associated activity: be it geographical or by sector.

That way, the following sentence makes more sense: “When I look at the domain name, I know what’s behind it”.

Today, despite this opportunity, few companies of big scale have chosen to use a new extension. And none to my knowledge, suppress its former address to go on the new one. Which can be quite logical. But things which seem unchanging, are changing.

DXC an American company, present in NYSE, has changed its short domain name, three characters, dxc.com to dxc.technology. It was our colleagues of DNW who announced this news. However the email addresses service didn’t move to the new extension yet.

 

New extension - dxc.technology
Example of dxc.technology

 

This information may seem of little importance, but have in mind the impact it will have on the process of new extensions use. Simply put, it begins with the importance and the safety of the extension for a company to change. Wait for the next step! It may only be the beginning of an underlying trend on communication and naming strategy on Internet.

Technology revolution growth is usually slower than the one planned, but its impact is often more important… To be continued.

Connected objects: unavoidable in DDoS attacks?

IoT- DDoS attacks

 

Nowadays consumers use and are around connected objects. The Internet of Things (IoT) includes all connected objects like a connected refrigerator, captor, light bulb, security camera, router or even a thermostat control. Their common point? To have an IP address and to be connected to communicate.

According to the American company Gartner, connected objects will reach 20.5 billion units by 2020. We will face an impressive growth of IoT in the years to come.

China, North America and West Europe will represent 67% of IoT in 2017.

However these connected objects are spreading frequently with security flaws, which is an opportunity for DDoS attacks!

Nowadays, Distributed Denial of Service (or DDoS) attacks are frequent. For hackers, it’s quite easy to set up attacks against an unprotected target. These attacks could lead to significant financial loss for companies by disruption of service (website or email) or indirectly, by the harm caused to the target’s image (bad buzz, bad reputation…).

With the arrival of connected objects, chances to be confronted to DDoS attacks are high.

These attacks are making a service unavailable by flooding the system with requests. With the help of digital and connected objects, hackers can send a massive number of requests on one or many DNS servers. They get to remotely control our objects because of their security flaws. If the DNS servers are not protected by a strong anti-DDoS filter, then they are under the risk of not absorbing the high number of requests and as a result, won’t respond to the user’s demands anymore.

In October 2016, DYN Company, DNS service supplier had been the victim of a DDoS attack by connected devices. DNS infrastructure services had been unavailable, which then impacted on their customers’ services: Twitter, Netflix, Spotify…

Many hours offline for these web pure players have a direct impact on sales revenue. DYN affirms that “Ten billion of IP addresses were touched” by this attack.

Last week, Melbourne IT Registrar was also a victim of a DDoS attack. Some of its customers were affected by this service disruption.

We might see more powerful attacks of this kind in 2017.

In the past, attacks were done by computers, today connected devices are a real weapon. Luckily those companies have affirmed wanting to reinforce security on their connected products.

DNS is an absolute priority. It’s essential to secure his strategic domain names by using highly secured DNS, so you can have a high permanent availability.

Nameshield offers a DNS Premium solution to gain performance and assure 100% availability.