News and Updates

Collaboration: A Means to Boost Enterprise Network Protection

Domain industry news - Thu, 2019-09-19 21:41

In an age where cyber threats and attacks have reached a point of ubiquity, managing your organization's network security single-handedly may no longer be sufficient. The increasing volume and sophistication of threats, not to mention the continuous advancement in attack tools and their perpetrators' skills and know-how, has led to concerns on whether potential targets can keep up.

The current cybersecurity skills gap could exacerbate these concerns. A study revealed that by 2022, the number of unfilled cybersecurity positions would reach 1.8 million. In response, security providers have widened their portfolios to offer outsourced services such as managed detection and response (MDR) to enterprises.

In the public sector, federal governments are encouraging departments to engage in public-private partnerships (PPPs) to augment their capabilities. This practice is especially critical for public utility service providers who run critical infrastructure but may not have the expertise to sufficiently protect them from cyberattacks.

The question is: Does collaboration boost an enterprise's capability to safeguard its digital assets? Moreover, what kinds of collaborators should organizations consider? This post attempts to provide answers.

Potential Collaboration Options

Organizations that lack skilled cybersecurity personnel or the tools and systems necessary to defend their networks can rely on various solution or service providers for their needs. We've listed down three collaboration types they can consider below.


Several companies provide clients with either the skilled human resources or tools to enhance their cybersecurity posture. An enterprise without its own pool of threat hunters can, for instance, hire an MDR service provider to ensure its network remains protected against both known and unknown threats. Should it lack even a cybersecurity team, it can opt to hire a managed security service provider (MSSP) to take care of its daily defense requirements. Some providers even offer the services of their security operations centers (SOCs) to fulfill clients' customized requirements.

Outsourcing to a third-party provider depends on an enterprise's security requirements. The more prone to attacks, for instance, a company is, the more advanced the provider must be. Enterprises that store vast amounts of customer data need the most protection and so should choose the right providers. To be the best, the providers, meanwhile, should have access to all available threat intelligence to safeguard clients' networks adequately.


Forming PPPs is a widespread practice in the public sector. It is, after all, a known fact that most governments don't spend a lot on cybersecurity. In place of hiring cybersecurity specialists or training existing personnel to take on the responsibility, federal offices instead enlist the help of private organizations. This practice is especially true for law enforcement agencies tasked to investigate, capture, and indict cybercriminals.

In the private sector, meanwhile, cybersecurity companies often work together to take down some of the biggest criminal operations because the job may be too big for one organization to tackle. The massive scale of the Internet also makes it impossible for individual organizations to gather all relevant information. As such, practices such as threat intelligence sharing are common. Independent organizations that maintain threat data repositories, for instance, seek the help of their users in the endeavor.


Another common practice is launching affiliate programs that offer members access to data and tools in exchange for sharing methods to use these in cybersecurity efforts. These programs and their owners and affiliates help companies improve their threat defense capabilities.

* * *

Regardless of collaboration means an organization chooses, one thing is sure: partnership and collaboration are critical if it is to survive in today's threat landscape. Dealing with advanced threats and increasingly sophisticated threat actors is no longer a one-person job. When it comes to cybersecurity, there is strength in numbers.

Written by Jonathan Zhang, Founder and CEO of WhoisXMLAPI &

Follow CircleID on Twitter

More under:

Categories: News and Updates

Engineering firm sues to recover domain name

Domain Name Wire - Thu, 2019-09-19 14:42

Company says a thief took the domain name it has been using for nearly two decades.

A California engineering firm has filed a lawsuit (pdf) to recover the domain name, which it says was stolen from it.

K.F. Davis Engineering has been using the domain name since it registered it in 2000. It alleges the domain name was stolen from its Network Solutions account this year.

Historical Whois records show that the domain was at Network Solutions in July of this year. The domain was renewed through 2023.

The first August record at DomainTools shows the registrar as Xiamen ChinaSource Internet Service Co., Ltd. Oddly, the registrar’s Whois now has a create date of August 20, 2019. (Verisign’s still shows 2000.)

Wiley Rein is assisting K.F. Davis Engineering with its in rem lawsuit to recover the domain name. It filed the dispute in U.S. District Court in Virginia, where .com registry Verisign is located.


© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Case Discusses Lawsuit Over Domain Theft
  2. Wall Street Journal covers domain name theft
  3. Stolen domain recovered through cybersquatting claim
Categories: News and Updates

Unlicensed Millimeter Wave Spectrum

Domain industry news - Thu, 2019-09-19 00:59

I haven't seen it talked about a lot, but the FCC has set aside millimeter wave spectrum that can be used by anybody to provide broadband. That means that entities will be able to use the spectrum in rural America in areas that the big cellphone companies are likely to ignore.

The FCC set aside the V band (60 GHz) as unlicensed spectrum. This band provides 14 GHz of contiguous spectrum available for anybody to use. This is an interesting spectrum because it has a few drawbacks. This particular spectrum shares a natural harmonic with oxygen and thus is more likely to be absorbed in an open environment than other bands of millimeter wave spectrum. In practice, this will shorten bandwidth delivery distances a bit for the V band.

The FCC also established the E band (70/80 GHz) for public use. This spectrum will have a few more rules than the 60 GHz spectrum, and there are light licensing requirements for the spectrum. These licenses are fairly easy to get for carriers, but it's not so obvious that anybody else can get the spectrum. The FCC will get involved with interference issues with the spectrum — but the short carriage distances of the spectrum make interference somewhat theoretical.

There are several possible uses for the millimeter-wave spectrum. First, it can be focused in a beam and used to deliver 1-2 gigabits of broadband for up to a few miles. There have been 60 GHz radios on the market for several years that operate for point-to-point connections. These are mostly used to beam gigabit broadband in places where that's cheaper than building fiber, like on college campuses or in downtown highrises.

This spectrum can also be used as hotspots, as is being done by Verizon in cities. In the Verizon application, the millimeter-wave spectrum is put on pole-mounted transmitters in downtown areas to deliver data to cellphones as fast as 1 Gbps. This can also be deployed in more traditional hot spots like coffee shops. The problem of using 60 GHz spectrum for this use is that there are almost no devices yet that can receive the signal. This isn't going to get widespread acceptance until somebody builds this into laptops or develops a cheap dongle. My guess is that cellphone makers will ignore 60 GHz in favor or the licensed bands owned by the cellular providers.

The spectrum could also be used to create wireless fiber-to-the-curb like was demonstrated by Verizon in a few neighborhoods in Sacramento and a few other cities earlier this year. The company is delivering residential broadband at speeds of around 300 Mbps. These two frequency bands are higher than what Verizon is using and so won't carry as far from the curb to homes, so we'll have to wait until somebody tests this to see if it's feasible. The big cost of this business plan will still be the cost of building the fiber to feed the transmitters.

The really interesting use of the spectrum is for indoor hot spots. The spectrum can easily deliver multiple gigabits of speed within a room, and unlike WiFi, spectrum won't go through walls and interfere with neighboring rooms. This spectrum would eliminate many of the problems with WiFi in homes and in apartment buildings — but again, this needs to first be built into laptops, smart TVs and other devices.

Unfortunately, the vendors in the industry are currently focused on developing equipment for the licensed spectrum that the big cellular companies will be using. You can't blame the vendors for concentrating their efforts in the 24, 28, and 39 GHz ranges before looking at these alternate bands. There is always a bit of a catch 22 when introducing any new spectrum — a vendor needs to make the equipment available before anybody can try it, and vendors won't make the equipment until they have a proven market.

Electronics for millimeter-wave spectrum is not as easily created as equipment in lower frequency bands. For instance, in the lower spectrum bands, software-defined radios can easily change between nearby frequencies with no modification of hardware. However, each band of the millimeter-wave spectrum has different operating characteristics and specific antenna requirements, and it's not nearly as easy to shift between a 39 GHz radio and a 60 GHz radio — they requirements are different for each.

And that means that equipment vendors will need to enter the market if these spectrum bands are ever going to find widespread public use. Hopefully, vendors will find this worth their while because this is a new WiFi opportunity. Wireless vendors have made their living in the WiFi space, and they need to be convinced that they have the same with these widely available spectrum bands. I believe that if some vendor builds indoor multi-gigabit routers and receivers, the users will come.

Written by Doug Dawson, President at CCG Consulting

Follow CircleID on Twitter

More under: Broadband, Wireless

Categories: News and Updates

Legacy TLD .ORG Takes On New Branding Focus as Part of a New Transformative Journey, Says PIR

Domain industry news - Thu, 2019-09-19 00:45

Public Interest Registry (PIR), the non-profit organization in charge of operating the 34-year-old legacy top-level domain .ORG on Tuesday revealed a new global brand, including a new visual identity and a new website named According to PIR, the rebrand was created to build on .ORG's long-time support of the organizations, associations, clubs, businesses and individuals using the domain, but to also take the commitment a step further and actively unite .ORG communities around shared interests and passions.

Jonathan Nevett, CEO of Public Interest Registry, told CircleID: "For more than 30 years, .ORG has served as a powerful platform for mission-driven communities to unite around a common interest, and that's an important legacy to uphold. But quite simply, the world around us is everchanging and how people connect with brands and companies has changed too — the domain industry is not exempt." Nevett added:

"As stewards of the .ORG domain, we need to remain adaptable to how that change is affecting our registrants' connection to .ORG and their ability to use it to achieve mission success. A new look and feel, and a new brand positioning helps us do that."

"The refreshed .ORG brand will help us continue to cultivate its reputation as a trustworthy platform where individuals and organizations can bring their ideas to life. We also hope the new education and outreach initiatives connected to the .ORG rebrand will ultimately bring together registrants and champion their voices online."

Follow CircleID on Twitter

More under: Domain Names, Registry Services

Categories: News and Updates Lands at #1 on This Week's Sales Chart - 2 ccTLDs Make Top 5 & a New gTLD Goes Top 10

DN Journal - Wed, 2019-09-18 22:15
This week's domain sales report gives just about everybody something to be happy about! Fans of every category have some successes they can point to.
Categories: News and Updates

A bumper crop of end user domain sales at Uniregistry

Domain Name Wire - Wed, 2019-09-18 15:57

Uniregistry’s market has an active week for end user domain sales.

XClean bought and forwards it to its Austrian country code domain

Uniregistry released its weekly top 20 sales list yesterday. Unlike the past couple of weeks, I was able to figure out who bought most of them. And at least half can be definitively tied to end users. Three of the domains are .com sales that now forward to matching domains in country code domains.

Check out the list below.

1. $57,500 – Uniregistry Whois privacy. The domain still points to the Uniregistry parked page. Empresa means company in Spanish.

2. $34,000 – According to Whois, the likely buyer is a coworking company in Australia called CoSpaces. It uses the domain name

3. $21,750 – BlueSuit is a new commercial real estate contracts system.

4. $20,000 – CreditPilot, PLC is a FinTech company with some strong customers/partners. I suspect this name will be used for one of its partnerships.

5. $16,675 – Eurasia Capital Holdings SARL in Luxembourg. My guess is a gambling company.

6. $15,000 – Italgelatine SpA is an Italian company that makes gelatine.

7. $11,000 – The buyer appears to be a chauffeur company in South Africa. The domain forwards to its website,

8. $10,000 – Brandon Sample LLC in Texas bought this domain. I think this is connected to a law firm.

9. $10,000 – It has Whois privacy and still resolves to a Uni lander.

10. $10,000 – BuyDomains sold this domain for $7,544 in February. The buyer appears to have been Black Ball Ferry Line, which is located just up the Olympic Penninsula from where I live. It connects people to Victoria, B.C. Its ship is the MV Coho and its website is forwards to that website. So who bought it now? And why would the ferry company turn around and sell it?

11. $9,500 – The buyer is in Kanagawa, Japan, but the site doesn’t resolve yet.

12. $9,000 – Truking is a pharmaceutical equipment company in China. It forwards the domain to

13. $7,000 – Tydings & Rosenberg, a law firm in Baltimore.

14. $6,000 – Someone in New Jersey bought the domain. It still resolves to a Uni lander.

15. $5,000 – XClean sells car wash products. It forwards the domain to its website

16. $5,000 – Both this domain and the plural below are now at GoDaddy with Domains By Proxy. I suspect this is an end user.

17. $5,000 – See above

18. $5,000 – It has Whois privacy and still resolves to a Uni lander.

19. $5,000 – Global Hospitality Services in Great Britain. It works with independent hotels.

20. $5,000 – Accillion AS, an internet security firm.

© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. 19 end user sales…including one to Uniregistry
  2. 11 end user domain name sales at Uniregistry
  3. What domain names Harvard Business School and others bought last week
Categories: News and Updates

15 end user domain sales at Sedo

Domain Name Wire - Wed, 2019-09-18 13:21

A German eyewear company, a Canadian cannabis seller and a sustainable food manufacturer all bought domain names.

An upswing in sales came through this week from Sedo, making me think the lull of summer is over and, hopefully, a steady rise in domain purchases by end users will continue. Two of Sedo’s top sales this past week appear to be end users, but I can’t figure out who bought them: for €35,000 and for $20,000.

As for domains I could directly connect to end users, here’s the list. You can view previous lists like this here. €23,950 – A German prescription eyewear subscription-based service. Brillen is German for eyeglasses. $15,000 – It looks like the company that owns bought the matching .com. €13,299 – Famosos is a company that lets you buy messages form celebrities. It’s like Cameo but for the Spanish-speaking market. The domain forwards to the company’s domain Famosos means famous in Spanish. $10,000 – TestFreaks AB is a product testing and reviews company. TrustVoice sounds like a good brand for the business. €12,832- Purchased by Brainstorm Network, an innovation consulting firm that uses as their main website. $7,000 – Purchased by Luminess Cosmetics, a cosmetics company focused on airbrush cosmetics and anti-aging products. $5,799 – Purchased by Franklin Mutual Insurance Company. It’s not clear what it plans to do with this domain. $5,500 – In development with a “Coming in October”. Mars Finance and Consensus Lab are listed in the fine print. Mars is a financial firm focused on the blockchain industry, so this site looks to be ultimately be involved with that sector. $4,999 – Canadian based company, a cannabis and marijuana product e-commerce site. $4,900 – A boutique hotel in Miami Beach. €3,490 – Forwards to, a private school in Switzerland. $2,995 – Purchased by SAIA LTL Freight, an American trucking and logistics company. TMS is short for Transportation Management System. $2,250- Forwarding to This company offers caregiver services and more for elderly, handicapped and others needing assistance with everyday tasks from their home. $2,150 – The buyer appears to be a Data and logistics consultancy firm. The logo on the site is for BuyingTime. €2,000 – BHJ is a Sustainable food manufacturing and distribution company. It owns the .com and forwards this domain to it.

© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Major League Baseball buys an “outstanding” domain name
  2. 20 End User Domain Name Purchases
  3. End user domain name sales including .io and .org
Categories: News and Updates

Public Interest Registry's .ORG Rolls Out Global Rebrand with New Website and Logos

DN Journal - Tue, 2019-09-17 21:17
The venerable .ORG extension has gotten a major makeover that went public today when a new website and visual identity was launched worldwide by PIR.
Categories: News and Updates

GoDaddy launches Websites + Marketing

Domain Name Wire - Tue, 2019-09-17 20:00

GoDaddy’s new all-in-one online presence system launches.

GoDaddy (NYSE: GDDY) announced its new Websites + Marketing service today as it takes aim at (or defends against) website builders like Wix, Weebly and SquareSpace.

Websites + Marketing is the company’s latest salvo in the battle, and the service seems to be an improvement on many of its attempts to date. It builds upon the feature set of Website Builder, which was originally called GoCentral.

The new service is designed to be a one-stop-shop for a business owner’s web presence. It helps them create a website and then market it.  This includes email marketing, ecommerce, SEO, online advertising, appointment booking and social integrations.

Websites + Marketing “gamifies” the process of improving a website by providing a score, which is something other web builders do.

GoDaddy announced the product in a live stream today. It was the first major public appearance for new CEO Aman Bhutani.

© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. The Perils of Trying to Go Public
  2. GoDaddy reports earnings and domain revenue growth
  3. Afternic increases fast transfer limit to $100k
Categories: News and Updates

Wi-Fi Alliance Launches Wi-Fi 6 Certification Program

Domain industry news - Tue, 2019-09-17 19:31

Wi-Fi Alliance, the non-profit entity that oversees implementation of the Wi-Fi standard, officially launches the Wi-Fi 6 certification program. The new "Wi-Fi CERTIFIED 6" technology promises advanced security protocols requiring the latest generation of Wi-Fi security. Wi-Fi Alliance says "the certification program brings new features and capabilities that enable substantially greater overall Wi-Fi network performance in challenging environments with many connected devices such as stadiums, airports, and industrial parks." Also noted in the announcement:

4 times faster: "Wi-Fi CERTIFIED 6 delivers nearly four times the capacity of Wi-Fi 5, and is an evolutionary advancement for Wi-Fi's ability to deliver high-performance infrastructure and optimized connectivity to all devices on a network simultaneously — bringing noticeable improvements in densely connected Wi-Fi environments."

5G support: "Wi-Fi CERTIFIED 6 delivers critical connectivity that supports cellular networks, and leverages high speeds, low latency, power efficiency, greater capacity, and enhanced coverage to deliver many advanced 5G services."

Follow CircleID on Twitter

More under: Broadband, Mobile Internet, Wireless

Categories: News and Updates

Man who paid $360k for says it’s stolen

Domain Name Wire - Tue, 2019-09-17 17:24

Dubai man files lawsuit to recover domain.

A man who says he paid $360,000 to buy the domain alleges it has been stolen.

Sami Debizet filed an in rem lawsuit (pdf) against the domain in U.S. District Court in Virginia in an effort to recover the domain.

According to Debizet, he paid $360,000 to acquire the domain on May 7, 2013.

Two number .com domains are extremely rare and sales are infrequent, but this domain is probably worth a lot more than $360,000 today. NameBio shows just three two-number sales since 2014 and they are all for over $1.7 million. 2013 was before the big Chinese surge in short-domain investing.

One thing that’s troubling about the case is that it appears this domain has been out of the Plaintiff’s control for many years, and perhaps only in his control for a very brif period. Historical Whois records at DomainTools show the following timeline:

May 9, 2013: Japanese owner, domain at Melbourne IT

July 11, 2013: Domains By Proxy, domain at GoDaddy

September 13, 2013: Chinese owner, domain at eName

The Whois records show various Chinese owners since 2013.

Debizet’s declaration might shed more light on this, but it has not been add to the court system yet.

If anything, it seems like it will be difficult to argue common law trademark rights in a domain that was only in the owner’s control for a brief period of time six years ago.

Greenberg & Lieberman is representing the Plaintiff.


© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Former owner goes to court to recover domain name
  2. Stolen domain lawsuit filed over $100k domain name
  3. Auto parts company’s domain stolen and held for ransom
Categories: News and Updates

PIR changes its domain name as part of rebrand

Domain Name Wire - Tue, 2019-09-17 16:32

Non-profit that runs .org moves from PIR to

PIR’s new website

Public Interest Registry has launched its new branding. And although the logo is what we expected, there’s a big twist: PIR has been relegated to the background in favor of .Org.

The group has even changed its main domain name from to TheNew.Org. When you visit, the logo in the top corner is for .Org instead of PIR and you won’t see the words Public Interest Registry until you get to the bottom of the page.

PIR launched a few domains as part of the new top level domain expansion but none of them have caught on. The new website seems to nod to the fact that PIR is all about .Org.

While this makes sense, I question the new domain it’s using. The New?

PIR’s fact sheet states:

The rebrand builds upon .ORG’s long-time support of the organizations, associations, clubs, businesses and individuals using the domain, but takes the commitment a step further by actively uniting .ORG communities around shared interests and passions.

So yes, it’s doing new things. But one of the big benefits of .org is that it’s not new. It’s trusted. seems like a good domain for an individual marketing campaign, but at some point, won’t make much sense.

© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Shorter .Org Domain Names May Be On The Way
  2. $32 million .Org contract up for bids
  3. How ICANN uses the .Org registry to fund the Internet Society
Categories: News and Updates

New guide: Get Started Selling Your Domains

Domain Name Wire - Tue, 2019-09-17 15:27

This free guide helps you list your domains for sale and get them in front of the most searchers possible.

I get a lot of emails from friends-of-friends that have heard I’m “the domain guy.”

These people have a lot of domains they’ve collected over the years and they want to know how to sell them. I get so many of these requests that I decided to write a step-by-step guide on how to sell your domains through GoDaddy.

My new guide explains:

• How companies and entrepreneurs find and buy domain names for their business
• How to price your domain names and how to list them for sale
• How GoDaddy and Afternic’s Domain Listing Service (DLS) promote your domains to potential domain buyers
• How GoDaddy can accelerate delivery of your domains to buyers and put cash in your pocket sooner

It walks people through each step with screenshots. It will help everyone, from the person who has never heard of the aftermarket to domain investors that haven’t yet connected their Afternic account to the GoDaddy domain manager.

And if you’re tired of answering people who ask you for help selling their domains, feel free to direct them to this guide.

Thanks to GoDaddy for helping by sponsoring the report so that I can offer it for free.

The guide download page is here.

© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. New Aftermarket Launches with Odd Name and Business Model
  2. 30 end user domain sales including Microsoft and America’s Cup
  3. 37 end user domain sales
Categories: News and Updates

Brent Oxley buys for $33,000

Domain Name Wire - Tue, 2019-09-17 14:59

A small price for a low-population state.

Lots of land and cattle. Not many people.

HostGator founder Brent Oxley has snapped up state .com domain names lately, include

He just added to his portfolio.

The domain was listed for sale in Sedo’s last GreatDomains auction with a reserve price of $50,00-$100,000. A lot of people thought it would sell for that price, but the auction ended without a sale.

After the auction, Oxley bought the domain for $33,000.

When a domain isn’t headed toward its reserve in an auction, it make sense to back off as a bidder and negotiate a price after the auction concludes.

North Dakota is the fourth-least-populated state in the U.S. with fewer than one million people. It is a boom state for oil, however.

© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Leads Sedo’s Sales for Week at $125,000
  2. Sedo Sells for $75,000
  3. ZeniMax Buys for Upcoming Rage Video Game
Categories: News and Updates

The Operationalization of Norms and Principles on Cybersecurity

Domain industry news - Tue, 2019-09-17 00:49

With two simultaneous processes getting underway in the UN General Assembly's First Committee, the UN Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG) on Cybersecurity, and several technology and multi-stakeholder initiatives pushing cybersecurity improvement, the world of cyber norms has become both more interesting and more complicated. Interesting, because a wider set of voices has the ability to share their views on processes that work to improve cybersecurity at a global level — and more complicated, as the concept of a norm has slowly been eroded by the fact that less agreement exists on a wider variety of ideas.

The IGF Best Practices Forum (BPF) on Cybersecurity is a multistakeholder group focusing on identifying best practices in Cybersecurity. From 2016-2018, the group has focused on identifying roles and responsibilities of individual stakeholder groups in cybersecurity, and it investigated the development of culture, norms and values in cybersecurity.

This year, the BPF has continued this work by identifying best practices related to implementation of the different elements (e.g., principles, policy approaches) contained within various international agreements and initiatives on cybersecurity. It has seen widespread support from a group of volunteers, including technical community members and engineers, legal scholars, and experienced human rights and cybersecurity professionals.

Earlier this summer, the group published a research paper identifying a wide set of relevant initiatives and agreements, while looking to identify overlapping elements. For instance, the group reviewed whether support for a technical process (e.g., responsible or coordinated vulnerability disclosure), or at a more abstract level (e.g., support for the applicability of international law), is encoded in many of these documents.

The review took a wide look, focusing both on inter-state agreements such as the Budapest Convention, intra-industry agreements such as the Tech Accord, and multi-stakeholder forums such as the Paris Call for Trust and Security in Cyberspace.

Agreements were included based on the following rough criteria:

  • The agreement describes specific commitments or recommendations that apply to any or all signatory groups (typically governments, non-profit organization or private sector companies);
  • The commitments or recommendations have as a stated goal to improve the overall state of cybersecurity;
  • The agreement must be international in scope - it must have multiple well-known actors that either operate significant parts of internet infrastructure, or are governments (representing a wide constituency).

In total, this initial review looked at 19 documented agreements, both global and regional.

The goal of this work is to identify best practices around the implementation of many of these principles. If a concept is widely supported, and signatories to these agreements have a wide set of experiences around the implementation of that concept, sharing this knowledge and experience will allow for its implementation to cascade. This facilitates the adoption by other parties; and as a result, improving the overall cybersecurity goals intended behind the agreement.

Following publication of our background paper, the BPF has now called for wider input from the community on the topic, focusing on the key questions of what best practices exist related to the implementation, operationalization and support of principles, norms and policy approaches of these international agreements. Organizations and individuals involved in either the development of these agreements, or the implementation of any of their concepts, are invited to share their experiences.

This input will be used to help create a final outcome document, which will drive discussion at the IGF's 14th Annual Meeting in Berlin from November 25th to 29th of 2019. We invite you to contribute by sending your response to our Call for Contributions to by September 20th.

Written by Maarten Van Horenbeeck, Lead Expert to the Best Practices Forum on Cybersecurity

Follow CircleID on Twitter

More under: Cybersecurity, Internet Governance, Policy & Regulation

Categories: News and Updates

Beware this PayPal invoice for GoDaddy domains

Domain Name Wire - Mon, 2019-09-16 20:15

Scammer is sending PayPal invoices for domain renewals.

Fake domain name renewal emails are nothing new, but some aspects of one making the rounds are.

A Domain Name Wire reader received a fake renewal notice today. Instead of being sent from the scammer, the person sent it as a PayPal invoice. Here’s what it looks like:

A message on the invoice states:

The paid registration period of the domain [domain] expired. It is necessary to pay for the prolongation of domain name within a day from the date of having notice. We would like to inform you that if payment is not made within the specified time frame, domain delegation will be terminated. The domain will be deleted from the registry and can be accessible for registration to other customers.

The link goes directly to PayPal to make the payment, and the invoice includes the GoDaddy logo:

Anyone can upload the logo of their choice when sending PayPal invoices. They’re supposed to use their own logo, though.

Clearly, the scammer is harvesting Whois to send these invoices.

The good news is that PayPal offers buyer protection, even for intangible goods. I suspect PayPal will be on to this quickly as it has systems in place to prevent scams.

© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

No related posts.

Categories: News and Updates

281 Arrested Worldwide by US Federal Authorities in Connection With Business Email Compromise Scheme

Domain industry news - Mon, 2019-09-16 17:44

U.S. Department of Justice says federal authorities successfully carried out a "significant" coordinated effort to disrupt Business Email Compromise (BEC) schemes designed to intercept and hijack wire transfers from businesses and individuals. According to the announcement, the operation, dubbed reWired, was a coordinated law enforcement effort involving various agencies including the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, U.S. Postal Inspection Service, and the U.S. Department of State, spanning over a four-month period. The operation resulted in 281 arrests in the United States and overseas, including 167 in Nigeria, 18 in Turkey and 15 in Ghana. Arrests have also been made in France, Italy, Japan, Kenya, Malaysia, and the United Kingdom (U.K.). Nearly $3.7 million was seized. Full released here. Details on some of the arrests here.

Follow CircleID on Twitter

More under: Cybercrime, Email

Categories: News and Updates

NamesCon calls for submissions for 2020 event

Domain Name Wire - Mon, 2019-09-16 17:38

Submit proposals to speak at NamesCon 2020.

NamesCon is taking a new approach for its NamesCon Global 2020 event next year. Not only is it in a new location (Austin), but it is calling it The Domain Economic Forum. Its goal is to expand beyond just the domain topics we’re used to.

It’s also opening up the sessions a bit.

In an email last week, the group noted, “we’re proud of how we partner with our sponsors to create deep and actionable experiences at NamesCon Global”. This alludes to the fact that most sessions are paid sessions, not selected just because of their value to the audience.

But for 2020, it wants to augment this with other sessions. NamesCon just opened a call for session proposals. Organizers want session proposals related to three tracks:

  1. The economics of the domain name ecosystem – understanding the size and scope of the domain industry as a whole, especially the secondary market.
  2. Navigating market threats and opportunities – how alternative online presences through marketplaces and social media threaten domains.
  3. The buyer’s perspective – domain buyers’ stories and case studies

Proposals can be submitted online.

© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Could NamesCon hit 1,000 attendees next year?
  2. NamesCon registrations top 600
  3. My two sessions at NamesCon
Categories: News and Updates

HugeDomains gets reverse domain name hijacking win

Domain Name Wire - Mon, 2019-09-16 16:56

Company opted to file a UDRP instead of paying just $2,695 to buy the domain.

An online crystals seller could have bought a domain for $2,695. Instead, it spent nearly that much to lose a UDRP against the domain.

Domain investment company has successfully defended one of its domain names in a cybersquatting dispute, and the company that brought it has been found guilty of reverse domain name hijacking.

A company that sells rocks and crystals at filed the dispute.

The company wanted to get when it expired but HugeDomains beat it on the drop. It then tried to buy the domain from HugeDomains for $1,000. The list price was apparently $2,695.

At this point, the Complainant filed a trademark application in the United States and filed the UDRP.

It told the World Intellectual Property Organization that not getting the domain would force it “to effectively kill our company and start a new one.”

The panel was not amused by this silly claim. It pointed out that the Complainant already has a domain it has been using for its site.

I also wonder why the company chose to file a poorly-argued UDRP for $1,500 (it actually paid more because HugeDomains chose a three-personal panel) when it could have bought the domain for only a bit more.

The panel found that the filing was insufficient on all three elements of UDRP and that it filed the case in abuse of the policy.

© 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. New Forests Asset Management is a Reverse Domain Name Hijacker
  2. Master Call Connections is a domain name hijacker
  3. Company tries to hijack domain name
Categories: News and Updates

DoH Creates More Problems Than It Solves

Domain industry news - Mon, 2019-09-16 15:54

Unlike most new IETF standards, DNS over HTTPS has been a magnet for controversy since the DoH working group was chartered on 2017. The proposed standard was intended to improve the performance of address resolutions while also improving their privacy and integrity, but it's unclear that it accomplishes these goals.

On the performance front, testing indicates DoH is faster than one of the alternatives, DNS over TLS (DoT). This is because DoH is better able to use persistent connections than DoT because of where it's instantiated.

But the best that can be said of its performance vs. conventional DNS is that users probably won't notice much additional delay. The individual lookups are slower, but they can be interleaved with other page load activities in such a way that the delays will be hidden.

Changing the DNS Architecture

The privacy and integrity issues are much more complicated, depending on who you trust and why you trust them. DoH has some fairly serious drawbacks in homes that use parental controls, campus intranets, and small business scenarios.

The most serious complaints concern the overall change DoH makes to DNS architecture, but these are more implementation decisions made by some application designers than inherent features. A DoH implementation that uses the DHCP-specified resolver wouldn't suffer from these issues, but there's more going on than simply cloaking address lookups.

Mozilla enables DoH by default but makes it relatively easy for enterprises to opt-out; but Google is committed to an approach that takes implementation decisions out of the hands of operating systems, network administrators, and local laws. By implementing DoH in browsers, the firms have created a scenario where lookup speed and integrity depend on the applications doing the lookups.

DNS has always been more than an address book; it is currently a distributed database that supports a number of application needs for email, CDNs, video streaming, and a host of other distributed applications with inter-process communication needs. DoH changes all of this by reducing the capacity of DNS, in contradiction to early hopes.

Who Do You Trust?

If you're the kind of person that uses Chrome on a Pixel phone to access websites embedded with DoubleClick trackers through Android, you don't lose any privacy because of DoH; you've actually got nothing left to lose. But you or your supplier may have problems in countries that require opt-ins for certain types of data collection and in those that ban lookups of dodgy domains.

You won't be sharing your browsing habits with your ISP (other than the IP addresses you visit, of course,) but that may not be your worry. If you're living in an oppressive regime, you may be better off because you should be able to evade governmentally-mandated content filters.

That's the theory, anyhow. I suspect the practice will be for said oppressive regimes to simply block access to IP addresses such as,, and At the very least, you'll be raising red flags every time you perform an unlawful access; but you're probably used to that.

You Have to Trust Someone

My point is that every DNS transaction depends on the user trusting some provider somewhere to return the correct answer. Protocols can implement user choices, but they can't remove the requirement for trust.

If you trust your ISP more than Google or Cloudflare — not unreasonable for many — DoH does nothing for you outside of the narrow case of using public Wi-Fi over unsecured networks. If you're doing that, of course, you have much bigger privacy issues than DNS lookups.

For general privacy on a public network, you need WPA3 (not widely implemented) or a VPN. Otherwise, the IP addresses (and many of the payloads) of your packets are easy pickings for anyone who knows how to use Wireshark.

It's the Revenue, Stupid!

The major barrier to privacy on today's Internet isn't black hats, governments, or ISPs, it's the revenue model that Geoff Huston pointed out in his recent CircleID post, DNS Privacy at IETF 104: "...pervasive monitoring is a feature, not a bug" of today's Internet.

When Google takes DNS lookups away from ISPs, it's not gaining any new information for itself if you're already in their ecosystem; but they're preventing anyone else from collecting and monetizing that information.

This is true regardless of the motivation for the design and implementation of DoH as it currently stands. But that doesn't make DoH a bad standard all by itself.

How to Spot a Good Standard When You See One

Good networking standards work well in a variety of settings. Today's DNS — placed inside the TCP/IP stack inside the client OS — is fast, flexible, and easy to implement.

Today's DNS complies with national laws, is easy to bypass through hostfiles, works for CDNs, aids email with security keys, doesn't leak local network architecture to the Internet, plays well with parental controls, and is resilient because it's a distributed database.

It does communicate queries in plain text, but only over a wire that's not generally accessible to any curious parties. If the goal of DoH is to cloak that rather trivial vulnerability, we can achieve it by implementing DoH in the protocol stack and beefing up DHCP. As implemented by Mozilla and Google, DoH is a very bad standard indeed.

The Rainbows and Unicorns Paradigm

The contradiction between the idealistic, privacy-enhancing, censorship evading goals of DoH and the commercial reality of monopolizing access to ad placement data is all too common in Internet history. Our utopian spirt has been compromised by cynical commercial interests as long as there's been an Internet.

In 1993, the visionary Howard Rheingold laid this dynamic bare in his book, The Virtual Community:

We temporarily have access to a tool that could bring conviviality and understanding into our lives and might help revitalize the public sphere. The same tool, improperly controlled and wielded, could become an instrument of tyranny. The vision of a citizen-designed, citizen-controlled worldwide communications network is a version of technological utopianism that could be called the vision of "the electronic agora." ... But another kind of vision could apply to the use of the Net in the wrong ways, a shadow vision of a less utopian kind of place--the Panopticon.

When we design standards without thinking about the way they'll be implemented, we feed the growth of the Panopticon while mouthing the rhetoric of the Utopia. A standard that lends itself to taking control of personal data away from users and concentrating it in the hands of firms that are already drowning in our personal data is not progress.

We need to redesign DoH so that it works with DHCP and local policies, not against them. The layered architecture of the Internet and the distributed nature of DNS become nothing more than cruel jokes if this standard is rolled out in its current form.

Written by Richard Bennett, Consultant

Follow CircleID on Twitter

More under: Cybersecurity, DNS, DNS Security, Internet Protocol, Policy & Regulation, Privacy

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer