Archive for March 2015

North Korean Hacker Steals a .Mobi

FRIDAY, 20 March 2015   THE DOMAINS

According to the news from Domain.cn 1(1)on March 20th,a North Korean hacker has stolen one of their names, and its a .mobi of all things.

 

LONDON – England – You’ve got to hand it to those pesky North Koreans, they have now acquired one of our domain names and we have no chance of ever getting it back.

 

Is this some kind of humour malfunction the North Koreans have?

According to Whois records www.dailysquib.mobi is being held ransom by some politburo member in the staunchly Communist country where internet access is strictly restricted.

Author Asks Security Expert To Steal His Godaddy Domain/Account & He Does

FRIDAY, 20 March 2015   THE DOMAINS

According to the news from Domain.cn 1(1)on March 20th, csoonline.com, just published a Troubling post on  how easy it was to gain control of a domain name and access to a Godaddy account they did not own.  The author of the story, Steve Ragan, tells the tale of how he asked the CEO of Night Lion Security Vinny Troia, to try to take control of the author’s domain name and account at Godaddy.

The story entitled “GoDaddy accounts vulnerable to social engineering and Photoshop” and subtitled “GoDaddy’s layered verification protections defeated by a phone call and four hours in Photoshop”

Here are the highlights:

“On Tuesday, my personal account at GoDaddy was compromised. I knew it was coming, but considering the layered account protections used by the world’s largest domain registrar, I didn’t think my attacker would be successful.

I was wrong. He was able to gain control over my account within days, and all he needed to do was speak to customer support and submit a Photoshopped ID.

Sometimes, customers forget their account number or password; perhaps they forget what email they’ve used to register a domain. In either case, GoDaddy’s support staff are there to assist.

According to GoDaddy support, account resets are a simple process. If you’ve forgotten your username or customer number, you simply select the correct link at the login screen or account assistance page. However, you can also call customer support and complete the process over the phone.

Depending on the circumstances, a phone call will resolve most account related problems, provided you know your domain, the email address on file, customer number (or username), street address on file, or the last four digits of the credit card used on the account.

“Initiating the takeover was a relatively simple process. said Mr. Troja who called GoDaddy and explained that I no longer had access to my domain. We reviewed and verified the WHOIS information – which really consisted of me reciting the WHOIS information back to the representative”

“She asked if I had access to the email address on file, which I obviously did not. I explained that there were a lot of office politics at the moment that I didn’t feel like getting into. Long story short, it was my domain and I wanted access to it.”

“Resetting a username and password seems reasonable, provided the customer isn’t being pushy and can justify a lack of information. That’s what Mr. Troia did. He justified a lack of information by playing the frustrated executive.

“She asked me to verify the PIN, which I didn’t have.

She then asked me to verify the last four digits of the credit card used to purchase the domain, which I also didn’t have.

I explained to her that I’d asked my assistant to setup the domain for me,” Mr. Toria said, continuing his explanation.

Mr. Troia told GoDaddy’s support representative that his “assistant” had said he’d used a card ending in four random numbers.

The numbers he gave the representative were made-up on the spot. Naturally, those numbers were incorrect and that verification step failed.

Adding to this, the support representative was told that the assistant didn’t remember setting up a PIN”

I was directed to a website where I could fill out a form and request access,” Mr. Troia said.

If none of the account information is available during a reset request, GoDaddy will allow customers to use a change of account (or email) form.

This form requires that you provide a copy of a government-issued ID, such as a passport, military ID, or driver’s license, in order to prove you’re who you say you are. If the domain in question isn’t a personal domain, then business information is required as well. The entire process is completed online.

In order for the attack to work, Mr. Troia created a fake Gmail account, as well as a Google + profile to match his version of Steve Ragan the owner of the domain. The email account would be used for password resets. The social media account was simply there to give Troia’s Steve Ragan a presence on the Web.

I knew a few people in Indiana and they both sent me quality pictures of their license. In the end, I found it easier to modify their existing license than to make a new one from scratch. I spent about four hours with the details of the license and getting the shading of the text right.

The form was submitted on Friday, March 13

On Tuesday afternoon, Mr. Troia received an email asking for additional information. Most of the domains under my account are registered to a business name, which would require additional information.

“I sent an email stating that there was no actual business which they could verify, and that I just put something there because I thought I had to. I sent the email and immediately called right after. The woman I spoke with was super nice. She looked at the email while we were on the phone and said that people use non-existent business names all the time. They just needed the written copy for an audit trail. She authorized the email switch while we were on the phone. Instructions to reset my account password were in my email by the time we hung up,” Mr. Troia said

There was no document verification performed and the ID submitted by Mr. Toria used an image that looks nothing like me. From social engineering, to the crafted social media profile, fake ID and email account, this was a classic example of a targeted attack from start to finish.

An account takeover such as this allows an attacker to use the hijacked domain to create code-signing certificates. It could be used to impersonate someone’s personal brand, and leverage said brand to target customers, fans, or business partners.”

An attacker could develop any number of domains and use them for a watering hole attack, or alter DNS and direct visitors to a server under their control.

In fact, such tactics are a favorite of groups such as Lizard Squad and the Syrian Electronic Army, who target hosting accounts for exactly those reasons.

“If [the attackers] wanted to be slick about it, they could gain access, insert their code, create backdoor admin accounts, and return access back to the original owner before they even knew what had happened. The owner would receive the confirmation email, see that their website is still online, and consider it a Phishing attack and just delete it,” Mr. Troia said.

GoDaddy isn’t the only major domain registrar to use photo ID as a last resort. Network Solutions also has an ID-based verification, but unlike GoDaddy, the ID and required documents must be faxed over, instead of uploaded. Interestingly enough, one domain registrar, Hover.com, doesn’t allow photo ID as a form of verification, because “anyone could just whip something up in Photoshop.”

Using GoDaddy’s DomainControl and privacy features, which are offered as a value-added service for an additional cost, would only slow a determined attacker. While the public can’t see the registration details, the support staff can. So an attacker armed with public information could abuse the change of account form.

Two-factor authentication isn’t viable either, he said, because if someone hijacks the domain and enables that protection after the fact, then the customer would be left with few options for reacquiring access to the domain.””

Hip-Hop Artist Wiz Khalifa Files UDRP On TaylorGang.com, Registered in 2007; TM Filed 2014

FRIDAY, 20 March 2015   THE DOMAINS

According to the news from Domain.cn 1(1)on March 20th,Hip-Hop artist and rapper Wiz Khalifa whose real name is Cameron Thomaz, filed a UDRP again the owner of the domain name TaylorGang.com with the World Intellectual Property Organization (WIPO).

The domain name was first registered in August 2007 according to DomainTools.com but according to Screenshots.com there was a site on the domain going back to 2005.

However again according to Screenshots.com, going to the domain appears to have been going to a parked page from 2008 until 2014 and now is going to a Godaddy placeholder.

Wiz Khalifa intellectual property company, Wiz Khalifa Trademark, LLC registered a trademark with the USPTO on May 7, 2014 on the term “Taylor Gang” which seems geared towards the e-cig, Vaporizers, the vape, and vapor market but actually covers almost anything you can smoke and any product you can use related to smoking:

“Vaporizers for the ingestion and inhalation of tobacco and other herbal matter; electronic smoking vaporizers, namely, electronic cigarettes, and electronic smoking vaporizers for use as an alternative to traditional cigarettes; smoker’s vaporizer pipe cartridge sold empty; smokeless cigar vaporizer pipes; smokeless cigarette vaporizer pipes; tobacco grinders; cigarette rolling papers; ashtrays; cigar and cigarette boxes; cigar cases; cigar cutters; cigar holders; cigar humidifiers; cigar lighters; cigar tubes; cigar wraps; cigarette ash receptacles; cigarette cases; cigarette filters; cigarette holders; cigarette lighter holder; cigarette lighters not for land vehicles; cigarette paper; cigarette papers; cigarette rolling machines; cigarette tubes; cigarette-rolling machines; clips for attaching cigarette lighters onto objects; computerized cigarette lighters; electric cigarettes; electric cigars; electronic cigarettes; electronic cigarette lighters; electronic cigarette refill cartridges sold empty; electronic cigars; electronic hookahs; electronic smoking pipes; filter tips; flints and firestones; flints for lighters; hand-held machines for injecting tobacco into cigarette tubes; holder for a cigarette pack and lighter; holders for cigars and cigarettes; hookah parts, namely, hoses, bowls, mouthpieces, and bases; hookahs; humidors; lighter flints; lighters for smokers; liquefied gas cylinders for cigarette lighters; machines allowing smokers to make cigarettes by themselves; match boxes; match holders; matches; paraffin matches; pipe pouches; pipe tampers; pocket apparatus for rolling cigarettes; pocket appliances for rolling one’s own cigarettes; pocket devices for self-rolling of cigarettes; pocket machines for rolling cigarettes; pocket-size cigarette rolling machines; safety matches. smoker’s articles, namely, filter tubes, metal pocket-sized receptacles with lids for cigarette butts, keystones for pipes, cigar storage tubes, cigar glue, rehydration tubes, containment clips used to keep a cigar from falling apart, cigar relighting liquid solution, and hookah charcoal; smoking pipe cleaners; smoking pipe racks; smoking pipes; smoking urns; snuff boxes; snuff dispensers; sulfur matches; tobacco filters; tobacco jars; tobacco pipe cleaners; tobacco pipes; tobacco pouches; tobacco tins; tobacco water pipes; yellow phosphorus matches”

We will let you know how this turns out.

Great Britain Looking to Regulate Digital Currencies

FRIDAY, 20 March 2015   THE DOMAINS

According to the news from Domain.cn 1(1)on March 20th,Reuters had a story on Britain announcing it would be looking to regulate digital currencies like Bitcoin.

From the story:
Britain took a significant step towards becoming a global bitcoin hub on Wednesday as the government announced it would regulate digital currencies for the first time by applying anti-money laundering rules to exchanges.

Already the center of the $5-trillion-a-day market for traditional currencies, the UK is fast emerging as a center for digital currencies too, cementing its place as European’s financial technology, or “FinTech”, capital.

In a report published alongside finance minister George Osborne’s annual budget statement, Britain’s Treasury said the new regulation would support innovation and prevent criminal use of digital currencies. The proposals will be consulted on early in the next parliament.

Tom Robinson, co-founder of Elliptic, the world’s first bitcoin insurance vault in London, and a board member of the UK Digital Currency Association, said the new regulation effectively served as a “stamp of approval” from the government.

“It provides enough oversight to provide legitimacy without stifling innovation,” he said. “I think it is a good balance between on the one hand the U.S. and specifically New York, which I think have gone too far, and what a lot of countries are doing which is just completely ignoring it.”

Donuts Wins new gTLD .GMBH Beating Google & 3 Other Applicants

THURSDAY, 19 March 2015   THE DOMAINS

According to the news from Domain Forum of China on March 19th,Donuts has won the rights to the new domain extension .GMBH beating Google, Straat (.Co) as well as InterNetWire Web-Development GmbH, and TLDDOT GmbH which had applied and lost its bid to win the extension on a community basis.

GMBH is a a type of legal entity very common in Germany, Austria, Switzerland, and other German-speaking Central European countries and would be equivalent to .INC and even LLC in the United States.

Here is a link to a story where you can learn more about GMBH’s

I have no  idea and could not find stats on how many GMBH’s there are in the world but would assume its a pretty big number probably in the millions.

By the way GMBH.com is parked and GMBH.de does not resolve.

Major League Baseball (MLB) Wins the New Domain Extension .Baseball Beating Donuts

THURSDAY, 19 March 2015 THE DOMAINS

According to the news from Domain.cn 1(1)on March 19th,in what only can be described as win for the new gTLD program, Major League Baseball (MLB) has won the rights to operate the new domain name extension .Baseball.

Donuts was the only other applicant.

Donuts had won many sports extensions including .football, .Hockey, .Run and .Soccer.

.Baseball was scheduled to go to a ICANN Last Resort Auction next week.

Here is what MLB plans for the new gTLD .Baseball according to its application with ICANN:

Major League Baseball (“MLB”) is the oldest professional sports league in the United States and consists of 30 member clubs in the United States and Canada (the “MLB Clubs”) representing the highest level of professional baseball.

MLBAM DH currently envisions a three-stage rollout for the .BASEBALL gTLD:

1. Stage

The initial stage of implementation of the gTLD will involve MLBAM DH registering a limited number of .BASEBALL second-level domain names. This initial use will provide MLBAM DH’s information technology and security personnel the opportunity to conduct tests to ensure seamless and secure access using the .BASEBALL gTLD domain names.

2. Stage 2

Once all testing has been successfully completed, MLBAM DH will begin allocating domain names for use by MLBAM, on its own behalf, and on behalf of the MLB Entities. It is in Stage 2 that MLBAM DH will evaluate expanding the operations of the gTLD to permit registration by other third-party registrants. Should this assessment lead to a decision to extend registration rights, this expansion is currently planned to take place during Stage 3.

3. Stage 3

In Stage 3, MLBAM DH will evaluate a potential expansion of the registration and use of the .BASEBALL domain names by third parties with a separate, qualifying commercial or charitable agreement with an MLB Entity, such as, but not limited, to media rights holders, licensees, sponsors, strategic partners, sanctioned charities (“Qualified Entities”).

Additionally, MLBAM DH will also evaluate whether to allow registration by third parties that have established themselves as a legitimate baseball entity (“Qualified Third Parties”).

It is the current intention that MLBAM DH would require any class of future potential registrants to be in compliance with and legally bound by qualifying criteria. Any decision to expand the gTLD, would likely be predicated by a MLBAM DH analysis of the market for new gTLD registrations and consumer adoption of these new Internet addresses.

MLBAM DH anticipates implementing a throttle mechanism to ensure that any future expansion is controlled and responsible. This proposed “time-out” mechanism is described in greater detail in the responses Questions 45 through 50 of this application. Such potential expansion would be subject to a proper feasibility analysis to ensure that there are no potential impacts on the security and stability of the .BASEBALL gTLD.

The .BASEBALL gTLD will help protect MLB’s online presence and identity. By serving as a trusted source identifier that will provide a new, secure channel for the distribution of MLB-related goods, services, and content, the .BASEBALL gTLD will benefit baseball fans, and Internet users in general.

It will help them to navigate to MLBAM’s official and trusted online sites and services, and away from unauthorized, rogue online sites and services that falsely and intentionally portray themselves as sanctioned by MLB. At such rogue online sites and services, Internet users are vulnerable to illegal and harmful activities including, but not limited to, credit card and identity theft, distribution of malware, phishing, cybersquatting, counterfeiting, and content piracy.

In addition, the .BASEBALL gTLD can potentially establish a trusted online hub for baseball fans, organizations, and Internet users around the world seeking information, online content, goods, and services related to baseball.

In addition, when MLBAM DH allocates domain names for use by MLBAM, on its own behalf, and on behalf of the MLB Entities, and potentially for use by Qualified Entities and Qualified Third Parties, each will benefit from short, memorable, intuitive, and trusted Internet addresses and increased ability to present MLB or baseball-related information, content, goods, and services to baseball fans, and Internet users in general, while minimizing the cost and need for defensive registrations because domain names within the .BASEBALL gTLD will only be allocated by MLBAM DH to its parent company, MLBAM, to the MLB Entities, and potentially to Qualified Entities and Qualified Third Parties.

The .BASEBALL gTLD is intended to be exclusively used by MLBAM for itself and potentially the MLB Entities, Qualified Entities, and Qualified Third Parties. Because of these conditions precedent, any registration and use requirements are more appropriately vested in corporate⁄affiliate, commercial, or membership agreements, and not in a domain name registration agreement.

After careful analysis of a targeted rollout using the new .BASEBALL domains, MLBAM DH may plan to engage in a broader, strategic initiative, should the results be positive.

The actual usage of .BASEBALL domain names will dictate what public communications and consumer outreach may be done to encourage navigation to the .BASEBALL gTLD. This is not limited to, but may include advertising, media outreach, in-ballpark communications, and email campaigns.””

Can Hollywood Stop Popcorn Time ?

THURSDAY, 19 March 2015   THE DOMAINS

According to the news from Domain.cn1(1) on March 19th,Andy Greenberg did a story on Wired that was a great read for those interested in the intellectual property battles around the Internet when it comes to piracy and how each side plays the game.

The article centers around Popcorn Time and Greenberg interviewed one of the programmers under an alias. The programmer discussed how they are looking to go p2p so that no matter how many domains are suspended it won’t matter. These guys so far are not making any money they seem to be doing it for the admiration of their users and believe what they are doing is not illegal.

From the article:

The video streaming service made BitTorrent piracy as easy as Netflix, but with far more content and none of those pesky monthly payments. Hollywood quickly intervened, pressuring Popcorn Time’s Argentinian developers to walk away from their creation. But anonymous coders soon relaunched the copyright-flouting software. Today, Popcorn Time is growing at a rate that has likely surpassed the original, and the people behind it say they’re working on changes designed to make the service virtually impervious to law enforcement.

Popcorn Time isn’t a new kind of piracy so much as an inviting new front-end interface for the BitTorrent underground. The software collects and organizes popular files from existing BitTorrent sources like the Pirate Bay, Kickass Torrents, Isohunt, and YTS. “We’re like Google,” Pochoclin says, “scraping for new content all over the internet.”

On the matter of whether it is illegal, the article continued:

Pochoclin says the service doesn’t do anything illegal: It merely organizes preexisting BitTorrent files hosted on other sites. “It’s all automated and all working on existing open source technologies and existing websites online. Therefore, it’s legal. Or better … not illegal,” Pochoclin says. “We all live in a free society, where what is not forbidden is allowed.”

HipHop.com Redirecting to KanyeWest.com

THURSDAY, 19 March 2015   THE DOMAINS

According to the news from Domain.cn 1(1)on March 19th,back on March 4 we posted an article about the owner of Loser.com redirecting that domain to the Wikipedia page of Kanye West. Elliot Silver actually spoke to the owner and got some insight behind the move. You can read Elliot’s post here

Well now it seems the registrant of HipHop.com who lives in the U.K. is redirecting HipHop.com to KanyeWest.com. This looks to have been a recent change, maybe it was done by the registrant to counteract the loser.com redirect. Maybe Kanye’s people did some kind of deal.

Survey: domain name registrars must focus on security and price

DFRIDAY, 6 March 2015   DOMAIN NAME WIRE
According to the news from Domain.cn1(1)on March 6th,domain name registrars must offer strong security and price to attract customers.

There are some questions I’ve asked on the Domain Name Wire Survey over the past ten years that have predictable answers year after year.

One of these is “Rank the importance of these items when choosing a domain registrar.”

Just about every year, security and price are the top two. That was the case again in 2015.

The weighted score for these two factors was essentially a statistical dead heat for the most important factor when selecting a domain name registrar.

The next two factors are also about the same — account management tools and customer service. However, account management tools received more #1 rank votes than customer service.

Here’s a complete ranking:

1. Security
1. Price
3. Account Management Tools
3. Customer Service
5. Easy of intra-registrar transfers
6. Availability of desired top level domains
7. Value added services
7. How they handle expired domains

This makes intuitive sense to me. I’m not going to touch a registrar with high prices, nor one that doesn’t offer two-factor authentication or that has a history of theft. After clearing these two hurdles, I’m going to walk away if I can’t figure out the user interface. Next, I’d be concerned if the customer service is weak.

70% of survey-takers said they keep at least 80% of their domains at a single registrar.

Domain name registrars that are doing well should not rest on their laurels. 44% said they are considering trying a new domain name registrar in 2015.

Password Managers can save you from phishing attempts

FRIDAY, 6 March 2015   DOMAIN NAME WIRE

According to the news from Domain.cn 1(1)on March 6th,software makes it difficult to enter passwords on illegitimate sites.

PasswordDomain theft is rampant, and a key way domain names get stolen is when domain name registrar login credentials are phished.

I’m vigilant about monitoring emails for suspicious links and alerts. But with so many emails and accounts to manage, avoiding phishing schemes is a growing challenge.

Here’s one tool to combat phishing: password managers.

The primary purpose of a password manager is to remember online account passwords for you. You don’t have to remember dozens of passwords or write them down on a pad of paper. Instead, password managers such as Roboform save the passwords for you.

A side benefit is that many of these managers can save you from entering your login credentials at a phishing site.

Software like Roboform will only prompt you to submit your password on URLs that match the site on which the password was originally saved. If you show up at what you think is GoDaddy.com, but Roboform doesn’t show a saved password, then you’re probably on an imposter website.

Password managers certainly come with their own security issues. For most people, however, they are a security improvement. They enable you to use stronger and unique passwords at each site you use, taking out the human limitation of memorization.

And if you do accidentally cough up a password, using two-factor authentication will make it much harder for the thief to use it.