Category: News

HTTPS://: China doesn’t like confidentiality and blocks the ESNI extension

China doesn't like confidentiality and blocks the ESNI extension- Great Firewall
Image source: HealthWyze via Pixabay

According to a joint report by iYouPort, the University of Maryland, and the Great Firewall Report, TLS connections using the preliminary encrypted SNI extension (ESNI) are being blocked in China. A new step towards censorship and a desire to be able to track Internet users.

What is SNI (Server Name Indication)?

When an Internet user consults a website in HTTPS://, it means that the site is secured by an SSL/TLS certificate. The consultation of the website begins with the establishment of the secure connection, the “handshake”. This handshake consists of several steps and aims to check the certificate and establish the encryption level of the connection. The first message of a TLS handshake is called “client hello”. With this message, the client asks to see the TLS certificate of the web server. The server must attach the certificate to its response.

Presenting the right certificate poses no problem in the case of dedicated hosting: one IP address, one certificate, possibly containing several SAN (Subject Alternative Name) belonging to the same organization. The problem occurs with shared hosting where the host has the same IP address but wants to install several different certificates, otherwise he will have to be the owner of the certificate by adding SAN for all his customers. Not a recommended practice.

The SNI responds to this specific request from hosting providers and their shared hosting. With the SNI protocol, the client indicates the hostname with which it tries to start a TLS negotiation. This allows the server to present several certificates for the same IP address (but different host names). The SNI could be compared to the apartment number of a postal address: a building has several apartments, so each apartment must be identified by a different number. Similarly, if the server is indicated by the IP address, client devices must include the SNI in their first message to the server to indicate which website (which apartment) they are trying to reach.

What is ESNI (Encrypted Server Name Indication)?

The establishment of an encrypted TLS connection begins at the end of the handshake. Problem, the SNI is not encrypted because the “client hello” message is sent at the beginning of the TLS handshake. A hacker can reconstruct the path of an Internet user by reading the SNI part of the handshake, even if he is not able to decrypt subsequent communications. The main interest for the pirate is to be able to trick the Internet user by creating a phishing site. On the other hand, the major web players like confidentiality, and wish to preserve the confidentiality of users’ browsing data. The ESNI was therefore born.

The ESNI (Encrypted server name indication) encrypts the Server Name Indication (SNI) part in the TLS handshake. The ESNI extension is accessible through the latest version of the TLS protocol, 1.3, which is being increasingly adopted today. The principle is to retrieve an encryption key through DNS (which can be secured through DNS via HTTPS). Still at the draft stage, some large hosting providers are already implementing it.

And China in all this?

In their report, iYouPort, the University of Maryland and the Great Firewall Report, detail how China views handshake encryption in a very negative light. This effectively prevents the Chinese government’s Great Firewall monitoring tool from seeing what Internet users are doing online. China has therefore decided to simply block HTTPS connections established through the latest version of the TLS protocol (1.3) associated with ESNI. In addition, the IP addresses involved in the connection are temporarily blocked for two to three minutes.

Some circumventing methods exist… but until when?

All three organizations appear to have found circumventing methods to apply on either the client side (in applications and software) or the server side to evade the current blocking implemented by the Great Firewall. ” Unfortunately, these specific strategies may not be a long-term solution: as the cat and mouse game progresses, the Great Firewall will likely continue to improve its censorship capabilities“, write the three organizations in their report.

New launching dates for the .GAY

The launch of .GAY - New gTLDs - Nameshield Blog
Image source : Top Level Design website

In our article of January 24, 2020, we announced the launch of the .GAY by the TOP LEVEL DESIGN registry. This extension is intended for individuals, organizations, businesses supporting the LGBTQ community. It will increase their visibility and create a safe online space.

Originally scheduled for May 20, the date of general availability has been postponed to September 16, 2020.

Currently in Sunrise II Phase, here are the new launching dates:

  • Second Sunrise phase (period opened to any trademark holder, Sunrise I was restricted to holders of trademarks registered with the TMCH): until 04/09/2020
  • EAP (Early Access Period): from 08/09/2020 to 15/09/2020
  • General availability: from 16/09/2020

Find more information about this new extension .GAY in our previous article of January 24.

If you have any questions, do not hesitate to contact a Nameshield consultant.

Interpol warns of alarming rise in cyberattacks during COVID

Cyberattack - Covid 19
Image source : geralt via Pixabay

In a new study of August 2020, INTERPOL measured the impact of COVID-19 on cybercrime. The results reveal that while the primary targets of cyberattacks usually remain individuals and SMEs, these have significantly expanded to large organizations and governments during the COVID period, revealing a new underlying trend.

The fact that working from home was massively implemented has obviously increased vulnerabilities which cybercriminals have been able to exploit seeking to take advantage of the situation.

According to this study, between January and April 2020, 907,000 spam messages, 737 malware incidents and 48,000 malicious URLs, all related to COVID-19 were detected.

The most common cyberattacks during the COVID-19 period were as follows:

  • Phishing
  • Ransomware
  • DDoS
  • Data harvesting malware
  • Cybersquatting / fraudulent domain names
  • Fake news

In Europe, two-thirds of member countries report a major increase in the number of cybersquatted domain names containing the keywords COVID or CORONA and ransomware deployments on critical infrastructures.

Cloning of official government websites is increasing massively as cybercriminals seek to steal sensitive data that can be used in future attacks.

In this report, you will discover all the measures implemented by INTERPOL.

It is more crucial than ever to secure your domain names carrying critical services and to protect your infrastructures.

Our consultants are, of course, at your disposal to assist you on these points.

New document available on the Nameshield’s website: “5 minutes to understand – SEO of domain names”

5 minutes to understand -SEO of Domain names - Nameshield

Search Engine Optimization (SEO) is a set of techniques aimed at optimizing the visibility of a web page in the search results.

For your positioning in search engines and for your communication, the domain name is of significant importance.

Find in this “5 minutes to understand” document, available for download on the Nameshield’s website, the good practices to optimize your referencing on search engines.

DOWNLOAD

New document available on the Nameshield’s website: “5 minutes to understand – Operations on domain names”

5 minutes to understand - Domain names - Nameshield

Domain names are subject to various operations. The modalities for these operations may vary according to the extensions and the rules set up by the registries.

Find in this “5 minutes to understand” document, available for download on the Nameshield’s website, the different operations on domain names.

DOWNLOAD

Booking.com, a generic term turning into a brand?

Booking.com - domain name
Image source: Julius_Silver via Pixabay

A trademark must be “distinctive”, which is why no one can register a generic term as a trademark.

However, a decision of the US Supreme Court on June 30, 2020 allows Booking.com to register its domain name as a trademark.

If for USPTO (U.S Patent and Trademark Office), “booking” is a generic term, and adding the .COM would amount to adding “Company” to a name, thus arguing that booking.com cannot be registered as a trademark, the Court decided otherwise.

Indeed, it considered that “.COM” could not be compared to “company” since the essential criterion would be the identification of consumers.

In particular, the online travel company presented consumers surveys indicating that 75% of consumers thought Booking.com was a brand.

Of course, this first argument, easily challenged by Judge Breyer, was not the one that hit the nail on the head in the final decision. Since a domain name can only belong to one holder, the risks of confusion that must be avoided by trademarks could not arise here, since no one else can use the name Booking.com.

Despite the registration of the booking.com trademark, the company will not be able to use it as a trademark right in disputes that could oppose it to other companies using the generic term “booking” in their trademark.

To read the full decision, click here.

The importance of reverse DNS

Reverse DNS - Nameshield
Image source : Jonbonsilver via Pixabay

Reverse DNS is often unknown to domain name managers, especially when the names are hosted by major hosting companies. Reverse DNS allows you to resolve from an IP address to an FQDN. This is the exact opposite of the classic use of DNS, which associates domain names to IP addresses. The reverse DNS allows to answer the question: I have an IP address, what is the FQDN related to it?

Reverse DNS operates by creating a reverse DNS zone in which DNS PTR records (for Pointer Record) will be configured.

  • Classic DNS: Record A: we know the name of a site and we want to obtain its IP address…
  • Reverse DNS PTR: we know an IP address and we want to retrieve the name of the site.

The resolution system is constructed in a similar way to the classic resolution. To perform DNS resolution, the IP address to be queried is configured in the reverse zone with the suffix .arpa and points to the required destination. The principle is the same for IP v4 and v6 addresses according to the following construction:

Ex: IPv4: 11.80.92.81.in-addr.arpa. IN PTR capp.perf1.com.

Ex: IPv6: 0.0.0.0.0.0.0.0.0.1.0.1.0.0.0.0.0.8.c.0.0.1.0.a.2.ip6.arpa. 4080 IN PTR capp.perf1.com.

This construction enables to operate a classic DNS resolution on a domain name with a “.arpa” extension.

Why is this so important?

Reverse DNS is mainly used to track the origin of a website visitor, the origin of an e-mail message, etc. It is usually not as critical as the classic DNS, visitors will reach the website even without the presence of reverse DNS for the IP of the web server or the IP of the visitor.

However, Reverse DNS is important for one particular application: the e-mail system.

Many mail servers on the Internet are configured to reject incoming mail from any IP address that does not have reverse DNS. For those who manage their own mail server, reverse DNS must exist for the IP address from which the outgoing e-mail is sent.

Regardless of the address to which the reverse DNS record of the IP address points, a reverse DNS record is expected. In case of hosting several domains on a single mail server, it is enough to configure the reverse DNS to point to the domain name considered as the main one (mail servers checking the reverse DNS recognize that it is normal to host many domains on a single IP address and that it would be impossible to list all these domains in the reverse DNS for IP). We recommend that you check the possibility of setting up reverse DNS with your DNS hosting solution.

New document available on Nameshield’s website: ” 5 minutes to understand – Register a domain name “

5 minutes to understand - Domain names - Nameshield

The domain name is the first link between the web user and your website. It is thanks to the domain name that you are found on the Internet, that you are visible, that your identity is displayed and that you develop your business on the net. It is a digital asset of your business.

The more meaningful this name is, the more likely it is to position you effectively on the web, and to best represent your identity.

Discover the right questions to ask yourself before registering a domain name and the registration rules in this new “5 minutes to understand” document to download on the Nameshield’s website.

DOWNLOAD

Modification of registration conditions in .DZ – Register the equivalent in .TM.DZ to keep control!

Modification of registration conditions in .DZ
Image source : SofiLayla via Pixabay

The Algerian registry has changed its registration conditions quite restrictively. These changes also affect already registered domain names:

  • The applicant must now be “an entity established in Algeria, having legal representation in Algeria”.
  • This means that holders or applicants holding only an Algerian brand and who cannot justify a local presence in Algeria will have to move towards the registration of a .TM.DZ domain name.
  • Please note, registering a .TM.DZ domain name opens an identical registration in .DZ.

Another important element relating to .DZ already registered:

  • Changes are no longer possible on these names, except for holders who are a local entity. The only “operation allowed” is renewal.

Our advice:

Since the end of 2018, Nameshield has been encouraging you to register your .TM.DZ domain names, we of course maintain this advice and strongly encourage you to quickly register the equivalent of your .DZ in .TM.DZ. This will maintain a high level of reactivity, especially in case of emergency modifications.

New resources available on the Nameshield’s website: The “5 minutes to understand” documents

5 minutes to understand - Domain names - Nameshield

Nameshield offers you new resources that will be regularly published and available for download on the Nameshield’s website: the “5 minutes to understand” documents.

Quick and easy to read documents to understand the basics of domain names in just a few minutes.

Discover now the first document “5 minutes to understand – The reading a domain name“:

DOWNLOAD