Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    ICANN’s Custom Domains May Make Cyber-Squatting More Expensive

    By
    Fahmida Y. Rashid
    -
    June 27, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Now that the Internet Corporation for Assigned Names and Numbers has approved the proposal to allow new generic top-level domains, experts weighed in on the security implications.

      The ICANN plan would expand the number of gTLDs (generic top-level domains) from 22, including .com, .net and .org, and 250 country-level domains to a nearly infinite number, the organization announced June 21.

      The new custom domains can be brand-based or generic, such as .coke or .music, or even be in other languages and using other scripts such as Cyrillic, Arabic and Chinese. Several hundred new gTLDs are expected to be created under the plan.

      “After years of discussion, debate and deliberation with many different communities-including business groups, cultural organizations and governments-we have opened the door to an era of creative innovation unlike any other since the Internet’s inception,” Rod Beckstrom, ICANN’s president and CEO said.

      The ICANN proposal created a high barrier of entry for anyone wishing to register a custom domain, beginning with the nonrefundable $185,000 application fee, an additional $25,000 a year to administer the registry afterward and a 200-page application in which companies have to prove they own the company name and brand they are registering.

      “The $185,000 price tag for applying to register the custom brand suffixes will price much of the problematic stuff out of the market for outright fraudulent gTLD applications,” Kurt Baumgartner, senior malware researcher at Kasperksy Lab, told eWEEK.

      The complex application process and the lengthy time period should deter “casual cyber-squatters,” Janet Satterthwaite, a trademark and domain name attorney with Washington-based law firm Venable, told eWEEK. It won’t eliminate cyber-squatting altogether, as the current practice of scammers registering company names and brands in other TLDs will likely continue, according to Satterthwaite.

      Companies can continue to do “defensive registrations” to register their brands under each new domain, “unless and until the number of [new] top-level domains make this prohibitively expensive,” Satterthwaite said. Even if someone does try to register a gTLD similar to an existing brand, the legitimate owner has the opportunity to oppose it. However, new registries located outside the United States may not be subjected to the U.S. anti-cyber-squatting consumer-protection laws, she said.

      “There is a legitimate fear that an explosion of new registries will threaten Internet security,” Satterthwaite said.

      Along with brand names, generic words can be turned into a domain-name suffix. Satterthwaite said there will be rules to prevent registry owners from locking out domain applications on those domains. For example, an owner of a .ski TLD will likely be prevented from blocking a competitor from registering a domain with that suffix, she said.

      Some security experts are skeptical that the ICANN plan would really work as designed. James Lyne, director of technology strategy at Sophos, said there was the potential for abuse with the new suffixes. “The question is,” Lyne told eWEEK, “how stringent will they really be?” If the actual implementation is flawed, then it doesn’t matter what the plan’s intent was, according to Lyne. The custom gTLDs could “end up a bit like SSL,” which is not really as secure as its original designers had hoped, Lyne said.

      It’s unlikely that a cyber-scammer will fraudulently register a domain suffix to launch scams, since it will be fairly easy to block access to an entire TLD.

      However, it’s likely that DNSSec (Domain Name System Security Extensions) adoption may spread with the new domain suffixes, Baumgartner said. Increased DNSSec on the domain level will potentially prevent Web communications from being hijacked by attackers in “future rollouts,” Baumgartner said. It’s also possible, however, that DNSSec adoption may actually confuse users about what HTTPS site is verified, and thus increase the chances of spoofing a site. Baumgartner said DNS servers will likely become more attractive targets.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×