COVID19.com – The domain name registered by a third party redirects to the website of the World Health Organization (WHO)

COVID19 domain name
Image source: geralt via Pixabay

“Domainers” are always a step ahead when it comes to taking advantage of a good or bad situation. For example, some will anticipate elections by registering the names of political figures, others by taking advantage of a sport or cultural event. Consequently, regarding domain names, there will be opportunities for speculative registrations.

In the case of “COVID19.com“, it seems clear that at the time of this domain name registration on February 11, 2020, the holder obviously wants to speculate on the “COVID 19” virus, a term that can generate multiple requests in any language. The name is available for sale for $10,000 USD.

However, instead of simply redirecting the domain name to commercial links, the holder chose to redirect this strategic name to the World Health Organization (WHO) website. Is this a citizen’s initiative? Unlikely, because given the current context, using such a name to make a direct profit through commercial links could lead to a violation of the Registrar’s registration conditions.

If the holder does not immediately benefit from this domain name, he will at least have the merit to draw our attention to him for the time of an article.

.ZA websites will have to propose a link towards the COVID-19 official website implemented by the government

South Africa - .ZA domain names - dot ZA
Image source: 12019 via Pixabay

Since last Thursday, the South African government has imposed to all websites using domain names in .ZA to propose a link that redirects towards the official Covid-19 information website implemented by the government:  www.sacoronavirus.co.za

This new rule applies to all .ZA websites, regardless of their content.

The two other extensions managed by ZADNA registry, JOBURG and .CAPETOWN are also affected by this rule.

In the same logic, the registry also invites Internet services providers to block any websites which spread fake news.

Lastly, it is interesting to note that the government’s COVID information website is not www.coronavirus.co.za but www.sacoronavirus.co.za. This is because the domain name www.coronavirus.co.za has been registered by a domainer who proposes on his website to resell the name in question.

Like all crisis or news, COVID-19 led to a massive registration of domain names containing the associated terms, some unscrupulous players seeking to take advantage of the situation.

Unsurprisingly, during this unprecedented and complicated period, there has been a high increase in the number of cybercriminal attacks of all kinds.

Let’s Encrypt, do not confuse confidentiality and security

Let’s Encrypt was recently the subject of discussions in the small world of TLS certificates, by suddenly revoking 3 048 289 certificates which should not have been issued. A bug in its validation software prevented CAA registrations controls, and the certificates in question should not have been initially issued. These significant disruptions resulted from this mass revocation, but it is difficult to complain about a free service.

I am often asked what I think of Let’s Encrypt, and I always have this same answer: Let’s Encrypt has done a lot to encrypt the web, but is undermining the security of the web. Encryption allows to ensure confidentiality (no one can spy on) and integrity (no one can modify) of exchanges. But encryption alone is not enough if I do not have any guarantee of the identity of the one I am exchanging with (legitimate or fraudulent?)… And that is the whole problem.

Let's Encrypt - SSL TLS certificates - Nameshield

In 2015, the Let’s Encrypt initiative supported by leading players of the Internet (EFF, Mozilla, Cisco, Akamaï…) was created with the purpose of massively and freely spreading SSL certificates to the whole world. More than five years later, the organization secures 190 million websites and has just announced that it has issued a billion certificates. The milestone was reached on February 27, 2020. This is undoubtedly a great performance.

96% of the web encrypted in January 2020

In 2015, less than half of the web traffic was encrypted, to reach 96% in January 2020. Of course, Let’s Encrypt is not the only player responsible for this rise. Edward Snowden launched the first alert, Google has largely stepped into the breach, between referencing policy and changes in web security indicators. But by providing to all, free certificates based on a largely automated system, Let’s Encrypt has democratized encryption… and put the concept of identity into oblivion.

No identity, no security

Let's Encrypt - SSL TLS certificates - Nameshield

Let’s Encrypt’s credo is simplicity, to “simplify to the extreme HTTPS deployment and put an end to its horribly complex bureaucracy” (says EFF in the launch campaign). The horribly complex bureaucracy has however a meaning: high authentication, which guarantees the identity of the certificate’s holder. Maybe not the absolute guarantee of legitimacy, not a guarantee of content either, but the guarantee of a registered company, legitimately owner of the concerned domain name and with a certificate validated according to a drastic procedure.

Let’s encrypt merely verifies the domain name’s control (DV, Domain Validation). One only has to click on a link in an email or to fill in a TXT record on the domain name’s DNS zone. Yet domain names registration in most TLDs is purely declarative. It is quite easy to register a domain name, to request a certificate from Let’s Encrypt and to publish a website in HTTPS://.

The results?

In five years, all phishing and fraudulent websites have switched to HTTPS://. Since 2016, Vincent Lynch alerted on this problem, 15 270 certificates with the term “Paypal” had been issued by Let’s Encrypt, 14 766 of these certificates were fraudulent.

The market has been brought down in terms of authentication level. Let’s Encrypt is far from being the only one responsible, Google and Mozilla, with their 70% of market shares, have largely supported the initiative, the big Cloud hosting providers followed, as well as the Certification Authorities, challenged on the prices. Today we have a secure web with 77% (November 2019) of certificates whose proprietary’s legitimacy is not verified.

High authentication changes the game

The web has become encrypted by default. Does that make it more secure? Nothing is certain. The web user educated for twenty years to check the presence of the padlock in the address bar, trusts a web where all the fraudulent websites display the security padlock. Today, Internet is confidential but that does not make it safe.

It is urgent to return to high authentication. High authentication ensures a set of compulsory, drastic and controlled steps in order to obtain certificates. The procedures are enacted by CA/B Forum, regularly strengthened, and followed by audit from Certification Authorities.

23% of the certificates are still issued on the basis of high authentication, mostly in the corporate world, where CISO are pushing to preserve it. We all have to rely on them and support initiatives supporting OV (Organization Validation) and EV (Extended Validation) certificates, especially EV to guarantee the identity of the websites visited by web users. While identity on the Internet seems to have been somewhat forgotten for some time in favor of confidentiality, it is likely to come back to the spotlight again soon, driven in particular by web users and the need of personal data protection.

Nameshield renews its ISO 27001 certification

ISO 27001 - Nameshield renews its ISO 27001 certification

Nameshield Group is an expert in domain names, DNS, TLS/SSL certificates management.

Through our experience gained from world-renowned customers with ever-increasing security requirements, we have also become technical experts in Information security. That is why we have implemented an Information Security Management System (ISMS).

In 2017, we obtained the ISO 27001 certification of this ISMS for our activities of domain names portfolio, DNS and TLS/SSL certificates management. Nameshield Group has thus become the sole French registrar ensuring such a level of security for its customers.

Since then, our employees involved in the ISMS continuously contribute to the constant improvement of our security arrangements.

An analysis of the risks and their processing, according to the Ebios method, answer to our security goals and those of our clients.

We permanently adapt to security, performance and sustainability needs. It results in the deployment of more secure products and services, with higher added values, that meet our clients’ expectations more and better.

We know how to mobilize ourselves in case of incidents and learn to always do better by analyzing the processing of each alert.

We have and control a business continuity plan. Therefore, we are able to carry out our activities remotely (backup site, telecommuting, redundant servers…), whatever the threats.

Information security is the DNA of Nameshield Group and all its employees.

Logically, our ISO 27001 certificate has been renewed for 3 years in last February without any non-compliance nor comments being notified.

This international recognition ensures you:

  • An availability rate (domain names management platform and DNS Premium)
  • Tests implementation allowing us to permanently review ourselves and anticipate incidents
  • The raising awareness of all Nameshield employees to all Information security aspects
  • The reliability and performance of our system
  • The study of our experience feedbacks to continuously improve our security and thus yours

.ORG news – NGOs against the .ORG registry’s sale to Ethos Capital

Sale of .ORG registry - PIR Public Interest Registry - dot ORG - Nameshield

At the end of 2019, the announcement of the .org registry’s sale, Public Interest Registry (PIR) by Internet Society to Ethos Capital, a private equity firm, created a debate, which was also the subject of a previous article on this blog.

For reminder, this announcement caused several concerns from NGOs, such as the increase of .ORG prices and the implementation of rights protection policies that could lead to a form of censorship, as is already the practice in some countries. These fears led Electronic Frontier Foundation (EFF) to launch the SaveDotOrg campaign to raise awareness about the potential impact of this sale. To date, 846 organizations and 25 119 people have signed this petition demanding Internet Society to stop the sale.

In front of these many complaints, ICANN postponed the approval of the .ORG registry’s sale to Ethos Capital and requested additional information from Internet Society.

« Public Interest Commitments »: The measures proposed to address the .ORG community’s concerns

In response to these criticisms, Ethos Capital and Public Interest Registry try to reassure by proposing the implementation of “Public Interest Commitments” (PIC), binding commitments which would ensure that the .org prices’ increase would be limited.

Among these commitments, they also propose the creation of a “Stewardship Council” (a council for the .org management) which could influence decisions taken by PIR and thus ensure the preservation of freedom of expression.

These PIC would be added to the Registry Agreement, the contract between the registry and ICANN regarding the functioning of the registry.

A for-profit registry to defend non-profit organizations?

During the last ICANN summit, organized remotely from 7 to 12 March 2020 because of the Covid-19 pandemic, several NGOs, including EFF, mentioned this .ORG registry’s acquisition by Ethos Capital and asked ICANN about how it plans to review the change of control of the .ORG registry.

According to EFF, forming a “Stewardship Council” will not resolve the NGOs’ concerns. Indeed, the initial members of this council will directly or indirectly be selected by PIR and PIR will have the ability to veto new council members, which would thus ensure that the council will stay in lockstep with PIR.

Regarding the .ORG prices, according to NGOs, the implementation of the PIC doesn’t ensure a limitation of the prices increase. An amending of the Registry agreement can be negotiated at any time by the registry’s owner and ICANN, despite a public opposition. That’s what happened in June 2019, when the .ORG Registry Agreement was revised to diminish registrants’ rights and remove price caps. Furthermore, ICANN indicated in 2019, its interest in exiting the role of price regulation, but the PIC implementation would place ICANN back into that role.

Therefore, according to NGOs, these “Public Interest Commitments” would not protect adequately the .org community.

The NGOs’ questions remained without answer during the last ICANN summit, and this acquisition is still under review by ICANN.

We acknowledge the questions and concerns that are being raised” says ICANN. “To ease those concerns and maintain trust in the .ORG community, we urge PIR, ISOC, and Ethos Capital to act in an open and transparent manner throughout this process. […] We will thoughtfully and thoroughly evaluate the proposed acquisition to ensure that the .ORG registry remains secure, reliable, and stable.”

To be continued.

The launch of 8 new extensions for India

Domain Names - Extensions India - IDN in Indian Language - Nameshield
Image source: 0426xgds via Pixabay

.IN Registry launches new Internationalized Domain Name (IDN) in Indian Language.

IDN registrations will begin on March 16th 2020 and listed as below:

Internationalized Domain Name (IDN)

.ಭಾರತ

.ଭାରତ  

.ভাৰত   

.भारतम्  

.भारोत 

.بارت    

.ڀارت       

.ഭാരതം     

Language

Kannada

Oriya

Assamese

Sanskrit

Santali

Kashmiri

Sindhi

Malayalam

The launch schedule would be as follows:

  • Sunrise A (Indian Registrant holding Indian Trademarks) : starts 16/03/2020 ends 15/05/2020
  • Sunrise B (Overseas Registrant holding Indian Trademarks) : starts 16/04/2020 ends 15/05/2020
  • Sunrise C (Existing Registrant holding ASCII domain name .in) : starts 01/06/2020 ends 30/06/2020
  • General Availability: 15/07/2020

Note that the possibility of registration during the priority phase of SUNRISE for foreign holders starts a beat later.

For more information on the conditions for registration, don’t hesitate to contact us.

Apple announces the limitation of SSL certificates duration to 1 year in Safari

Apple Safari - SSL certifcates one year - Nameshield
Source de l’image : kropekk_pl via Pixabay

Apple announced this week that the maximum lifetime of SSL / TLS certificates on its devices and Safari browser would be limited to 398 days (1 year, and 1 month to cover the renewal period). The change, announced by Apple at the CA / Browser Forum meeting in Bratislava, Slovakia, will take effect for certificates issued after August 31, 2020.

Apple’s announcement follows a failure of the CA / B Forum’s vote on one-year certificates (Bulletin SC22), which was held in August 2019, and reflects a continuing trend to shorten lifespan certificates. Following this vote, Google had also expressed its intention to reduce certificate lifetime outside the framework of the CA / B forum if they do not position themselves quickly. This announcement is a bit of a surprise, we would rather have thought that Google or Mozilla would take the first step.

What are the consequences for companies and their SSL / TLS certificates?

Is shorter validity a good thing?

The shorter the validity period of a certificate, the more secure the certificate. By requiring replacement of certificates over a shorter period of time, security updates are made to certificates, they deploy faster. The shorter private key lifetime of a certificate is also a strong recommendation from online security players to limit the potential duration of fraud following a compromise.

From a security perspective, everyone agrees that reducing the life of certificates is a good thing. The problem lies on the operational side with the consequences of this reduction being: more frequent intervention on certificates, therefore greater complexity in keeping an up to date inventory and the need for optimal organization with partners for certificate issuance.

Should Apple’s announcement be taken into account?

Safari is one of the two main web browsers, with 17.7% in January 2020, behind Google Chrome (58.2%) and ahead of Microsoft Internet Explorer and Edge (7.1%). It is difficult to ignore the announcement as it will affect 1/5 of Internet users, what is more is that if Google does follow, it is better to anticipate and prepare. Nameshield’s has already adopted this stance.

Things to keep in mind

Certificates issued before September 1, 2020 are not affected by this change. They will remain valid for the entire two-year period. All certificates issued on or after September 1 must be renewed each year to be considered reliable by Safari.

We must therefore prepare to move towards having certificates with a maximum duration of one year compared to the current two years. Being able to rely on a partner and effective tools is more essential than ever.

Towards the end of the correlation between authentication and technical certificate management

What seems to be taking shape within the CA / B Forum is the idea of allowing an authentication duration identical to that which we know today (two years) while forcing the certificates to be replaced several times during this same period.

The main Certification Authorities, the bodies that issue certificates, anticipate these changes and are working on several automation systems to manage certificate life cycle. They would thus limit the need to go through a potentially cumbersome re-authentication procedure with each replacement. Companies could replace their certificates as many times as they want during this period. This would make it possible to anticipate possible further reductions in the maximum lifetime of certificates.

The trend is also towards the installation of automation tools for the maintenance of a precise inventory of certificates on the one hand and technical reinstallation on the other. Nameshield is closely monitoring these various developments and will allow you to continue working with confidence.

Our team is also at your disposal to anticipate these changes and answer any questions you may have.

Municipal elections 2020: buzyn2020.fr and buzyn2020.paris domain names redirect towards Anne Hidalgo’s campaign

Municipal elections 2020: buzyn2020.fr and buzyn2020.paris domain names redirect towards Anne Hidalgo’s campaign
Image source: Sadnos via Pixabay

Following the announcement on Sunday February 16, of Agnès Buzyn’s candidacy to Paris municipal elections, several political journalists discovered on Monday that the domain name buzyn2020.fr was registered but redirected towards “Paris en commun”, the campaign website of another candidate, Anne Hidalgo.

Several other names were registered on Sunday night, also redirecting towards Paris en commun’s homepage like buzyn2020.paris, agnesbuzyn2020.fr and agnesbuzyn2020.com.

If several of these names were anonymously registered, two of them were registered by the association “Montreuil en Commun”, a group of “four municipal councilors” who claims to be “without any political label” and explains to Numerama the fact that these names were available “indicates the improvisation of her candidacy and LREM’s lightness regarding a serious matter such as a candidacy to run for Paris’ mayor”.

Raising awareness to cybersquatting risks

The LREM candidate will not be able to use the domain name buzyn2020.com either, which was registered on Monday by Crisalyde, a risk and crisis management consulting company.

I took the opportunity to raise awareness. It’s my job, I saw a risk and I took advantage of it”, explains Selim Miled, Crisalyde’s CEO, to the Parisien.

Cybersquatting is a practice that consists in taking a domain name by registering it, using or mentioning a trademark, a business name, a patronym or any name on which the applicant has any right, in order to make material or moral profit from its current or future notoriety.

Thus, Crisalyde registered 6 domain names: buzyn.paris, agnesbuzyn2020.paris, buzynpourparis.com, buzynpourparis.fr, buzyn2020.info and buzyn2020.com. “As soon as Agnès Buzyn’s team contacts me, I will give them the domain name at the purchased price, with a friendly advice” adds Selim Miled.

What strategy to adopt against cybersquatting?

Agnès Buzyn’s team will have to contact the persons who registered these names, who may decide to graciously give them back or resell them at prices they will have set.

However, legal actions exist aiming to retrieve a cybersquatted domain name, like the UDRP procedure (Uniform Domain Name Dispute Resolution Policy). This procedure will allow to suppress or transfer the domain name.

And lastly, in order to prevent any cybersquatting risk, it is recommended to implement a domain names registration monitoring to be immediately alerted of any new domain names registration that can potentially infringe your notoriety or your business.

For more information on our online brand protection expertise and domain names recovery procedures, don’t hesitate to contact a Nameshield consultant.

ICANN67 – COVID19 : 0-1

ICANN67 - COVID19 : 0-1
Image source: geralt via Pixabay

The 67th annual ICANN Summit, a summit dedicated to Internet naming regulations, was to be held in Cancún, Mexico, from 7th to 12th March. Often referred to by the acronym ICANN67, it is finally another acronym COVID19 that designates the now famous coronavirus that forced ICANN to reconsider all the logistics of this major event.

Since 1999, ICANN has organised three annual meetings devoted to the regulations applicable to Internet naming and a fourth devoted to more operational aspects, often referred to as the GDD Summit (Global Domain Division Summit). These meetings are an opportunity for participants from some 150 countries to discuss live the hot topics related to the Domain Name System (DNS).

For the past few weeks, however, world attention has focused on a completely different subject: the ongoing spread of the coronavirus, which according to the latest figures available has contaminated some 75,465 people in mainland China and caused the death of 2,236 people since its emergence in December in Wuhan, capital of Hubei province. While South Korea also now has more than 150 confirmed cases, the list of countries with confirmed cases keeps growing. More than 30 countries are now in this situation.

Quite logically, in recent weeks, behind the scenes of the ICANN organization, coronavirus has been rising as a major concern for the players in the domain name industry. More and more potential participants were talking about the fact that they would prefer not to travel for this event, which is important to them, while others were asking whether it was appropriate to hold this event in such a context. Recent cancellations of similar events have indeed echoed their concerns. Earlier this month, the GSMA, the organizers of the world’s largest mobile industry exhibition, Mobile World Congress 2020, effectively cancelled the event after more than 30 exhibitors and sponsors withdrew due to the outbreak. The Fintech Festival of India (IFF 2020) organised by the government of Maharashtra, the Ministry of Electronics and Information Technology (MeitY), the National Payments Corporation of India (NPCI) and the Fintech Convergence Council also similarly announced this week that it would postpone the event to a “more appropriate time” due to coronavirus-related issues. The event was scheduled to take place on 4-5 March 2020.

At the 19 February session of the ICANN Board, which was extended by one hour, ICANN finally decided :

« Resolved (2020.02.19.01), by virtue of the public health emergency of international concern posed by COVID-19, the daily evolving developments, and the high global risk still identified, the Board directs the ICANN President and CEO, or his designees, to take all necessary actions to not hold ICANN67 as an in-person meeting in Cancún, Mexico.

Resolved (2020.02.19.02), as the Board has determined to not proceed to Cancun, Mexico for ICANN67, the Board directs the ICANN President and CEO to move ICANN67 to ICANN’s first fully remote public meeting. »

The ICANN Board communiqué confirms that the summit, which is usually held in person, will for the first time be entirely managed remotely with means still to be clarified.

If the holding of such event in a remote mode is unprecedented, it should be noted that in the past ICANN has already changed the organization of its meetings for similar reasons. Indeed in June 2016, for example, ICANN decided to move ICANN56 from Panama City to Helsinki in Finland because of the Zika virus. The only difference is that their decision could have been anticipated earlier.

This is why ICANN has already taken up the subject for the holding of the following events : the GDD Summit planned in Paris in May and then the ICANN68 planned in Kuala Lumpur in Malaysia in June.

Grandfathering registrations of a .TW in Chinese characters are opened for .TW domain names’ holders

Domain names in .TW in Chinese characters - .台灣
Image source: Yenyu_Chen via Pixabay

The .TW registry (TWNIC) offers grandfathering registrations for holders of existing ASCII.TW domains that wish to register the same ASCII domain under .台灣 (.xn--kpry57d).

Before the official opening, TWNIC provides priority registration for registrants who meet the eligibility requirements.

For example, twnic.tw can be registered for twnic.台灣 in the grandfathering period.

The following eligibility criteria apply and are checked by the registry:

  • The creation date for ACSII.tw should be earlier than the same ASCII name under .台灣 (.xn--kpry57d)
  • The registrant of ASCII.台灣 (.xn--kpry57d) should be the same as ASCII.tw
  • ASCII.tw and ASCII.台灣 (.xn--kpry57d) should be managed under the same registrar when creating ASCII.台灣.

Grandfathering Period : from January 7th, 2020 to February 10th, 2020.

The ASCII.tw Domain Name “.台灣(.xn--kpry57d)” will be starting  on February 18, 2020.

For more information on the conditions for registration of your .台灣, don’t hesitate to contact us.

*An internationalized domain name (IDN) is an Internet domain name that contains at least one language-specific script or alphabet, such as Arabic, Chinese, Cyrillic, Devanagari, Hebrew.  It allows the use of domain names in the native language of Internet users using special characters such as Asian, Arab or African users.