Language Selection

English French German Italian Portuguese Spanish

Domain Hijacking Takes ICANN Spotlight

Filed under
Security

The report, announced Wednesday during an international meeting of the ICANN (Internet Corporation for Assigned Names and Numbers) in Luxembourg, followed at least two high-profile incidents this year of what is known as domain-name hijacking.

The committee advises the domain-name system overseer's board of directors and constituents such as the registrars that sell domain names to individuals and business and the registries that manage domains such as .com and .net.

Committee members expressed optimism that the report will lead to swift action, but it was still unclear as of late Wednesday whether ICANN's board planned to address the report's findings and recommendations at its meeting later this week.

The report left ICANN's recently changed policy for the transfer of domain names without blame in domain hijacking, although others in the domain-name industry have raised concerns that the change will fuel more stolen domain names. The new policy had focused on streamlining the process of transferring a domain.

The ICANN committee recommended 10 fixes for hijacking, which ranged from more public awareness and a domain-name emergency hotline to potentially stricter verification of the identity of domain-name holders and better record keeping of registrations.

One technical recommendation focused on the use of registrar locks and domain-name holder passwords. The report suggests that registrars use locks, which prevent a domain-name change until the name holder unlocks the name, and consider using a specification called "authInfo," which essentially password protects a domain name.

Currently, the authInfo password is not available for .com or .net, both of which are managed by VeriSign Inc. But VeriSign has said it plans to add the support, according to the report. Other domains, such as .org, .biz and .net, use the passwords.

Full Story.

More in Tux Machines

ammortizzata Scarpe Nike Zoom Winflo 2 marche che producono

Linux Graphics

  • Libinput X.Org Driver Updated For X.Org Server 1.19
    Peter Hutterer has announced the release of a new version of xf86-input-libinput, the X.Org DDX driver that makes use of libinput for input handling on the X.Org Server.
  • xf86-input-libinput 0.20.0
    Most important fix is the use of input_lock() instead of the old SIGIO stuff to handle the input thread in server 1.19.
  • Mesa 13.0 Planning For Release At End Of October, Might Include RADV Vulkan
    Following the mailing list talk over the past two days about doing the next Mesa release, plans are being discussed for releasing at the end of October and it might have just got a whole lot more exciting. Emil Velikov, Collabora developer and Mesa release manager for the past several release series, has commented on that previously discussed mailing list thread. He mentioned he was secretly waiting in hopes of seeing the RADV Radeon Vulkan driver merged for this next release! He said he'd even be willing to see it merged even if it's "not perfect/feature complete."

Security News

  • Don't Trust Consumer Routers
    Another example of why you shouldn’t trust consumer routers. d-link It isn’t just this specific d-link router. We’ve seen the same issues over and over and over with pretty much every non-enterprise vendor. Plus we don’t want our devices used by crackers to DDoS Brian Krebs anymore, right? We are Linux people. We CAN do this ourselves.
  • D-Link DWR-932 router is chock-full of security holes
    Security researcher Pierre Kim has unearthed a bucketload of vulnerabilities affecting the LTE router/portable wireless hotspot D-Link DWR-932. Among these are backdoor accounts, weak default PINs, and hardcoded passwords.
  • The Cost of Cyberattacks Is Less than You Might Think
    What's being left out of these costs are the externalities. Yes, the costs to a company of a cyberattack are low to them, but there are often substantial additional costs borne by other people. The way to look at this is not to conclude that cybersecurity isn't really a problem, but instead that there is a significant market failure that governments need to address.
  • NHS trusts are still using unsupported Windows XP PCs
    AT LEAST 42 National Health Service (NHS) trusts in the UK still run Microsoft's now-defunct Windows XP operating system. Motherboard filed Freedom of Information requests with more than 70 NHS hospital trusts asking how many Windows XP machines they use. 48 replied within the allotted time, and a whopping 42 of them admitted that they still use the operating system that reached end-of-life status in April 2014. Some of the culprits include East Sussex Healthcare, which has 413 Windows XP machines, Sheffield's Children's hospital with 1,290, and Guy's and St Thomas' NHS Trust in London with an insane 10,800 Windows XP-powered PCs. 23 replied to Motherboard's quizzing about whether they have an extended support agreement in place and, unsurprisingly, the majority said that they do not.

Games for GNU/Linux