Language Selection

English French German Italian Portuguese Spanish

Domain Hijacking Takes ICANN Spotlight

Filed under
Security

The report, announced Wednesday during an international meeting of the ICANN (Internet Corporation for Assigned Names and Numbers) in Luxembourg, followed at least two high-profile incidents this year of what is known as domain-name hijacking.

The committee advises the domain-name system overseer's board of directors and constituents such as the registrars that sell domain names to individuals and business and the registries that manage domains such as .com and .net.

Committee members expressed optimism that the report will lead to swift action, but it was still unclear as of late Wednesday whether ICANN's board planned to address the report's findings and recommendations at its meeting later this week.

The report left ICANN's recently changed policy for the transfer of domain names without blame in domain hijacking, although others in the domain-name industry have raised concerns that the change will fuel more stolen domain names. The new policy had focused on streamlining the process of transferring a domain.

The ICANN committee recommended 10 fixes for hijacking, which ranged from more public awareness and a domain-name emergency hotline to potentially stricter verification of the identity of domain-name holders and better record keeping of registrations.

One technical recommendation focused on the use of registrar locks and domain-name holder passwords. The report suggests that registrars use locks, which prevent a domain-name change until the name holder unlocks the name, and consider using a specification called "authInfo," which essentially password protects a domain name.

Currently, the authInfo password is not available for .com or .net, both of which are managed by VeriSign Inc. But VeriSign has said it plans to add the support, according to the report. Other domains, such as .org, .biz and .net, use the passwords.

Full Story.

More in Tux Machines

Security News

  • Security advisories for Tuesday
  • FOI: NHS Trusts are ransomware pin cushions [Ed: Windows]
    The FOI requests found that 87 per cent of attacks came via a networked NHS device and that 80 per cent were down to phished staffers. However, only a small proportion of the 100 or so Trusts responded to this part of the requests. "These results are far from surprising. Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short-changed when it comes to security basics like regular software patching," said Tony Rowan, Chief Security Consultant at SentinelOne. "The results highlight the fact that old school AV technology is powerless to halt virulent, mutating forms of malware like ransomware and a new more dynamic approach to endpoint protection is needed.

10 reasons to use Cinnamon as your Linux desktop environment

Recently I installed Fedora 25, and found that the current version of KDE Plasma was unstable for me; it crashed several times a day before I decided to try to try something different. After installing a number of alternative desktops and trying them all for a couple hours each, I finally settled on using Cinnamon until Plasma is patched and stable. Here's what I found. Read more

Android Leftovers

Red Hat Financial News