EURid Wins Registry of the Year at 2019 CENTR Awards

The 2019 CENTR Awards were held last week and EURid, the .eu registry, emerged as winner of the 2019 Registry of the Year award, 2 years after they first won the award in 2017. The awards coincided with CENTR’s 20th anniversary celebrations and saw winners from a number of European registries.

The Registry of the Year award is based on the votes given by a sample of registrars who evaluated the customer service of the CENTR registry members.

“This win is a testament to our incredible registrar community, and we greatly appreciate their dedication and support towards our TLD and initiatives,” said EURid in a statement. “Thank you all for it.”

Another big winner was the CENTR Innovation Award: the CENTR Security Maturity Model (CM-SMM). CM-SMM was introduced as a joint initiative of SIDN, DENIC, DNS Belgium, nic.at and SWITCH under the direction of CENTR. The aim of the model is a regular, mutual evaluation of the current security status of domain registries by a so-called self-assessment scorecard. Based on common benchmarks, each registry can measure the development of its security measures, evaluate strengths and weaknesses and initiate improvements.

CM-SMM has also previously been a winner of a CENTR Award, albeit as its predecessor in 2015, a project called “Security Audits”.

“The renewed award shows us that the project is justified and definitely forward-looking,” said a delighted Richard Wein, CEO of nic.at. “The mutual audits make it possible, on one hand, to maintain high security standards and, on the other hand, to ensure continuous improvement”.

Other winners of the 2019 CENTR Awards were:

Working Group Champions:

  • Administrative Working Group : Thomas Tammegger (EURid, .eu)
  • Legal and Regulatory Working Group: Maarten Simon (SIDN, .nl)
  • Marketing Working Group: Michiel Henneke (SIDN, .nl)
  • R&D Working Group: Maciej Andziński (CZ.NIC, .cz)
  • Security Working Group: Kristof Tuyteleers (DNS Belgium, .be)
  • Technical Working Group: Oli Schacher (Switch, .ch)

CENTR Anniversary Achievement Award: Annebeth Lange (Norid, .no)

Another TLD coup for nic.at’s RcodeZero DNS

Take Control of Your Domain Names

nic.at’s RcodeZero DNS service has just started supplying Anycast technology to the Polish domain extension .pl. This means that nic.at infrastructure provides supplementary hosting and security to the seventh biggest ccTLD in the EU with over 2.5 million domains. According DNSperf statistics, RcodeZero DNS is one of the fastest anycast providers worldwide.

CEO Richard Wein is delighted with the new RcodeZero DNS customer NASK, the Polish national research institute responsible for the Top Level Domain .pl.

“After .nl and .eu, we have succeeded in convincing another major country code TLD with a couple of million domains to use our services. In an industry where you know each other very well, this is a big compliment for me: The relevant players trust the technical competence of nic.at. This shows that even a small country can provide services to the big ones so long as you focus on quality, reliability and flexibility.”

It is the clear goal of nic.at to gain more RcodeZero DNS customers within the TLD community – also on other continents.

The technical implementation for .pl is proof of nic.at’s ability to meet individual customer requirements. The .pl TLD consists of 159 subzones. Therefore – in contrast to other customers with fewer zones – every process and check has to be performed 159 times before distributing the zone to the servers all over the globe.

The constant expansion and upgrading of the RcodeZero infrastructure is also recognised in the worldwide Ranking of DNSperf where the DNS performance of the top Anycast providers is measured. RcodeZero DNS actually ranks sixth – not far away from well-known names like Cloudflare and Wordpress.

This nic.at news release was sourced from: https://www.nic.at/en/news/nic-at/another-tld-coup-for-nicats-rcodezero-dns

Afnic Updates .FR Registry Lock

Big Discounts for Domains, Hosting, SSL and more

Afnic have announced changes to the Registry Lock for .fr that are intended to speed up adoption of the service.

There are four major changes announced:

  • a 24/7 service even easier to use, and an authentication process which speeds up interactions between contacts
  • the use of dual authentication, which strengthens the security process even further
  • batch locking and unlocking: all or some domain names associated with the owner can be locked and unlocked during the same application
  • registration of authorised contacts for locking and unlocking operations in a “directory”. This list of advisors and trusted contacts is checked upstream by AFNIC’s customer representatives.

Afnic launched their Registry Lock for .fr in 2015. A Registry Lock provides peace of mind for businesses, in particular that their domain name is made much more difficult to hijack, if not nigh on impossible providing their details are kept up to date.

With the Registry Lock operational, any changes to the ownership of the domain name cannot be made without authorisation from the registrant, which must be verified by Afnic with the coordination of the registrar.

Only a handful of .fr registrants have chosen to take advantage of the Registry Lock domain names. Currently only 350 domains are locked in this way out of 3.4 million, but this number is up from 216 as of December 2018.

A fee is charged by the registrant’s registrar, but this is quite small for business and very small if a domain name is hijacked and used for nefarious purposes and can lead to a loss of business and trust among customers.

Neustar And .US To Hold Virtual Town Hall On 24 October

Big Discounts for Domains, Hosting, SSL and more

Neustar and the usTLD Stakeholder Council will hold a virtual .US Public Stakeholder Town Hall Meeting on Thursday October 24, 2019 at 11:00 EDT. The Town Hall will provide an opportunity for the community to hear from the .US team on the 2019 developments and for community discussions on how to build and grow the .US domain to meet the demands of the future.

In addition to an “open floor,” where stakeholder thoughts, suggestions and questions can be addressed, there is a plan to focus on two key topics:

  • Marketing and .US: The Voice of .US
  • 2019 Policy Year in Review and What’s ahead: Our Policy Recommendations, Locality Space updates, Statistics and overview

The meeting will take place virtually, and details will be circulated to all registered participants in advance of the meeting. For anyone interested in the .US domain space or internet growth and trends, Neustar and .US are encouraging participation.

To register for the free virtual Town Hall, click here.

Almost Half of 20 Most Abused TLDs Are ccTLDs As Newly Detected Botnet C&Cs Reach All Time High: Spamhaus

Spamhaus released their quarterly Botnet Threat Update for the third quarter of 2019 and almost half of the TLDs in their top 20 “most abused top-level domains” were within ccTLD name spaces: .ru (Russia), .pw (Palau), .eu (European Union), .ga (Gabon), .tk (Tokelau), .su (the former Soviet Union), .ml (Mali), .cf (Central African Republic) and .me (Montenegro). There were also a handful of new gTLDs: .top, .xyz, .icu, .name, .live, .site and .club. But the TLD with by far the most abused domains, and also by far the largest, was .com, with 4,058 abusive domain names and around 145 million domains in total while .net was second with 534 fraudulent domains.

During the third quarter the number of fraudulent domain names registered within Russia’s ccTLD .ru almost halved from 731 domains in Q2 to 392 domains in Q3. And 2 more gTLDs joined .com in Q3 in the top 3: .net and .info.

Of the registrars with the most abused domain names on their books, Namecheap easily came out top with 1,034 while the Chinese West263.com was second with 375. By country, there were 5 Chinese registrars on the top 20 list, 3 from the United States and 2 each from Russia and Germany.

The highlight, or rather lowlight, of the report from Spamhaus’ point of view was the number of newly detected botnet command & control servers (C&Cs) reached an all-time high in July this year with more than 1,500 botnet C&Cs detected by Spamhaus Malware Labs. This is far in excess of the monthly average, set in the first half of this year, of 1,000 botnet C&Cs.

One of the most notorious botnets called “Emotet”, however, did appear to go on vacation. This botnet went silent for several months, but returned in September with a large scale spam campaign. Emotet, also known as “Heodo”, was a former e-banking Trojan that targeted e-banking customers around the world. In 2018, Emotet ceased it’s e-banking fraud activities and started to offer infected computers on a “Pay-Per-Install” model to other cybercriminals. As of 2019, Emotet is one of the most dangerous botnets and indirectly responsible for a large amount of ransomware campaigns like Ryuk.

The most notable change between Q2 and Q3 Spamhaus observed was TrickBot. They identified a 550% increase in the number of botnet C&Cs that were associated with this malware family. There were additional smaller changes in the malware landscape, with some families dropping out of the charts and others appearing.

Spamhaus observed they continued to see Cloudflare, a US-based content delivery network (CDN) provider, being one of the preferred options by cybercriminals to host botnet C&C servers. This trend has been evident since 2018. Disappointingly, Spamhaus say they’ve still seen no apparent attempts from Cloudflare to battle the ongoing abuse of their network for botnet hosting and other hostile infrastructure. However, as of Q3, Cloudflare got beaten by the Chinese cloud provider Alibaba, by a narrow margin of 4.

There was also a surge in the number of Botnet C&Cs hosted in Russia with a proliferation of botnet C&Cs hosted across various hosting providers in Russia, notably ispserver.com, reg.ru, simplecloud.ru, marosnet.ru and spacenet.ru. After a short period of respite, there is once again a trend among cybercriminals moving their infrastructure to Russian Internet service providers.

The Spamhaus Botnet Threat Update: Q3-2019 can be downloaded in full from: https://www.spamhaus.org/news/article/789/spamhaus-botnet-threat-update-q3-2019

12 Winners of the Inaugural .ORG Impact Awards Announced at Gala Event

12 individuals and organisations from around the world were named winners of the inaugural 2019 .ORG Impact Awards last Friday.

At the event in Washington D.C., leaders from the philanthropic and Internet communities joined finalists at The Watergate Hotel to experience the live announcement of the 2019 winners. Actor, philanthropist and children’s book author Taye Diggs also joined in on the fun and was named the 2019 .ORG Impact Awards Honoree for his dedication to the greater social good via charitable and community involvement with a multitude of .ORG community member organisations.

Jon Nevett, CEO of .ORG Introduces the 2019 .ORG Impact Awards
Jon Nevett, CEO of .ORG Introduces the 2019 .ORG Impact Awards

Individual Awards honouring the contribution of an individual to their organisation or the broader sector received a $5,000 donation to the charitable organisation of the winner’s choice. The winners were:

Diane Diamantis of Dollars 4 TICS accepts the Rising Star awards from .ORG Board Chair Lise Fuhr
Diane Diamantis of Dollars 4 Tic Scholars accepts the Rising Star award from .ORG Board Chair, Lise Fuhr

Sector Awards recognising organisational and team accomplishments and received a $2,000 donation to the charitable organisation of the winner’s choice. The winners were:

Initiative Awards celebrating achievement in a specific online niche area received a $1,000 donation to the charitable organisation of the winner’s choice. The winners of this award were:

  • Best Integrated Communications Campaign – Skateistan, “Empowering Children Through Skateboarding and Education” (U.S. / Germany)
  • Best Social Media Campaign – The Mayhew, “Mayhew Website Redesign” (UK)
  • Best Use of Partnerships/Celebrity Endorsements – Kiva, “The Big Impact of Small Loans” (U.S.)
Louisa Daly of KIVA accepts the Best Use of Partners/Celebrity Endorsements from Tommy Ho of GoDaddy
Louisa Daly of KIVA accepts the Best Use of Partners/Celebrity Endorsements from Tommy Ho of GoDaddy
  • Outstanding Multimedia Content – C Three Foundation, “C Three Foundation Multimedia Approach” (U.S.)
  • Outstanding Online Fundraising Campaign – Teach For America, “Teach For America Alumni and Staff Challenge” (U.S.)
Ava Miles and Stephanie Davis of Teach For America accet the award for Outstanding Online Fundraising Campaign
Ava Miles and Stephanie Davis of Teach For America accept the award for Outstanding Online Fundraising Campaign
  • Outstanding Website Redesign – The Mayhew, “Home Is Where Their Dog Is” (UK)
  • Top #GivingTuesday Campaign – The City Mission, “Fund a Project That Would Change Your Community” (U.S.)

The .ORG Impact Awards is one of two new .ORG initiatives designed to educate, recognise and empower the global .ORG community. To learn more about The .ORG Impact Awards, navigate over to www.orgimpactawards.org, and to see additional pictures from the gala follow #ORGimpactAwards through Facebook and Instagram.

Google Launches .NEW Sunrise This Week

On the same day that Google is making their big announcement of new and updated products, their Google Registry, aka Charleston Road Registry, is launching the Sunrise period for their .new gTLD, which is promising something… new! Google is billing their new gTLD as one that “must be used for action generation or online creation flows.”

Already underway is a “qualified launch period” that commenced on 6 September and runs until 14 January 2020. This period will see up to 53 .new domains registered to promote the gTLD. And ending this week has been a “sunrise notice” period where trademark owners are notified of the .new Sunrise Dates and policies.

Which brings us to the Sunrise period, which commences on 15 October, the same day as Google’s annual showcase in New York City that is expected to see the launch of the Pixel 4 and other hardware products. The Sunrise period for trademark holders to get their domain names will run until 14 January.

Leading up to General Availability in July 2020 there will also be a “Limited Registration Period”, from 14 January to 14 July. This is a period during where prospective registrants can apply to operate .new names, that will be allocated by Google Registry in batches provided that they demonstrate compliance with the .new registration policy and other specified criteria.

This will be the seventh of Google new gTLDs that will be publicly available out of a total of 46 that have been delegated, many of which will be for Google to use in house. The largest is .app, currently with 425,000 registrations followed by .dev with 164,000 – the only 2 with more than 100,000 registrations.

So what’s new about .new? Google explains in their policies posted on the ICANN new generic top-level domains page that “all .new domain names must be used for action generation or online creation flows. Navigation to a .new domain must bring a user directly into the action generation or online creation flow. Navigation or redirection to a homepage or landing page that requires the user to take additional steps or clicks to initiate action or creation will not be deemed to comply with this policy. An exception is provided for services that require a user to be logged in, navigation to a .new domain may bring a logged-out user to a sign up or sign in page. After completing sign in and any other required authentication, the user must be brought directly into the action generation or online creation flow. A user that is already signed in must be brought immediately into the action flow. Subscription services that require an account to access content or undertake activities may register .new domain names, provided that, upon request, Google Registry or its designee is granted access free-of-charge to verify compliance with this policy.”

Google goes on to explain “any .new domain must be compliant no more than 100 days from the date of registration; and a link to the .new Domain Registration Policy and other resources provided by Google Registry indicating that users can find the full Action Domains Requirements and more information about enforcement by following the link.”

Google Registry note in their policies document they “believe the benefit of the programme will be to promote the success of not only the .new registry but ICANN’s new gTLD program as well. By publicising quality .new websites to consumers at an early stage and indicating the type of specialised content they will find there, Google Registry will be able to guide interested registrants to the opportunities afforded by .new SLDs.  In addition, by launching and promoting select domain names before and during Sunrise, Google Registry will raise awareness of the Sunrise program and allow trademark holders who may have otherwise not been able to avail themselves of the opportunity to protect their brands during the .new Sunrise to do so. Google Registry will also be able to generally demonstrate the value of the new gTLD programme, which enhances consumer choice by expanding the SLD namespace, providing registrants with flexibility, opportunities for differentiation, and enhanced utility of domain names.”

As with all of Google’s new gTLDs, .new is a secure namespace that requires HTTPS to be used on all .new domains in order for the domains to work in web browsers.

DENIC Makes Available Software Tool for High-Performance Measurement to Internet Community

DENIC has developed a software tool for performance measurement of DNS servers and has now handed it over to DNS OARC, a platform for DNS developers and DNS operators.

According to a post linked from the DENIC announcement on Medium by the Domain Name System Operations Analysis and Research Center (DNS OARC) team, the tool was developed by Patrick Fedick at DENIC eG, one of DENIC‘s software testers with a strong DNS background and experience with performance testing.

Key features of dnsmeter as outlined in the DNS OARC post are:

  • payload can be given as text file or PCAP file
  • can automatically run different load steps, which can be given as list
    or ranges
  • results per load step can be stored in a CSV file
  • sender address can be spoofed from a given network or from PCAP file,
    if payload is a PCAP file
  • answers are counted, even if source address is spoofed, if answers get
    routed back to the load generator
  • round-trip-times are measured (average, min, mix)
  • amount of DNSSEC queries can be given as a percentage of total traffic
  • optimized for a high quantity of packets by pre-compiling the payload,
    on an Intel(R) Xeon(R) CPU E5–2430 v2 @ 2.50GHz, it can generate more than 900,000 packets per second
  • runs on Linux and FreeBSD

The DNSmeter is now available to be used as open source.
For more details please go to medium.com/@dnsoarc/dnsmeter-53eec8e82e51.

Nominet Consults On Reducing Phishing, Reducing Criminal Activity and Drop List For .UK

Nominet has opened a consultation process that will see the .uk registry seek feedback on reducing phishing, law enforcement landing pages for domain names suspended for criminal activity and implementing a drop list for expired domains.

The 2019 consultation invites feedback on three important issues:

I. Reducing the use of .UK domain names for phishing attacks

II. Implementing law enforcement landing pages following suspensions for criminal activity

III. Implementing a .UK drop list to provide a transparent and orderly process for the re-registration of expired domains

On phishing, since 2018 Nominet has used Domain Watch, an anti-phishing initiative. The initiative operates as a risk-based enhanced verification of registration data for all newly-registered domains. It uses a combination of technical algorithms and manual intervention to highlight suspicious domains. Of the 3.6 million newly registered domains in the 12 month period July 2018 to July 2019, over 1,500 domains were blocked in the DNS as a result of our Domain Watch initiative.

Nominet are asking if they should update their policies to specifically allow them to prevent resolution in the DNS where they have identified a high risk of phishing use.

On implementing landing pages following suspensions for criminal activity, while Nominet does not have the means to remove content or alter websites, they can disrupt the impact of criminal behaviour by removing or suspending a domain name. So Nominet is now seeking views on what should happen following the suspension. One option proposed is an informational landing page.

And lastly, on a drop list, Nominet is consulting on implementing a .uk drop list to provide a transparent and orderly process for the re-registration of expired domains. They also want to know if there is support for the publishing of official information for registrars to clarify when expired domains will become available for general registration. They’re also asking if Nominet should encourage competition in the .uk secondary domains market?

Looking forward, in the consultation paper Nominet raises several other issues they are considering to improve the .uk namespace including:

  • Moving to an inter-registrar transfer system that is more widely adopted across the industry
  • Standardising domain name renewals, expiry and cancellations in line with generic Top Level Domains (gTLDs) by implementing RFC 3915 and a life cycle to match gTLDs
  • Removing the option for direct registration of domains with Nominet, without operating through a registrar.

“We are committed to running a world leading registry and are always looking for ways to improve,” said Eleanor Bradley, MD of Registry Solutions and Public Benefit at Nominet. “As the environment in which we operate evolves, we actively engage with a wide variety of UK stakeholders to ensure that the policies we maintain reflect emerging threats, changes in stakeholder expectations and new industry practices.”

“This consultation sets out ambitious ideas to ensure .UK maintains its position as a vibrant and trusted namespace and provides an important opportunity for the UK internet community to provide input. We believe open consultation creates better policy so I encourage all interested parties to engage and look forward to hearing from you.”

Since 1996 Nominet has operated .uk, developing policies that provide the framework of principles for the .uk namespace. They are developed in consultation with a wide variety of stakeholders and aim to ensure a connected, inclusive and secure space for the UK internet community.

The .UK Policy Consultation invites feedback from all interested stakeholders by 16 December 2019. A roundtable event towards the end of the consultation period will be held on 4 December 2019. Interested parties can find out more and submit responses here.

CIRA Survey Finds 71% Of Canadian Organisations Impacted By A Cyberattack In 2018

Canada’s ccTLD registry has published the results of their 2019 Cybersecurity Survey Report that found 71% of organisations reported experiencing at least one cyber-attack that impacted the organisation in some way, including time and resources, out of pocket expenses and paying a ransom.

“Now more than ever, Canadians need trust in the internet,” said Byron Holland, president and CEO, CIRA. “We believe that security is the foundation of that trust which is why we have leveraged our experience safeguarding the .CA domain to help Canadian organisations protect themselves and their users.”

The report provides an overview of the Canadian cybersecurity landscape and surveyed more than 500 individuals with responsibility over IT security decisions at both private and public sector institutions across Canada to learn more about how they are coping with the increase in cyber threats.

The full report, released as part of CIRA’s Cybersecurity Awareness Month activities, also found 96% of respondents said that cybersecurity awareness training was at least somewhat effective in reducing incidents while only 22% conducted the training monthly or better.

Other key findings were:

  • Only 41% of respondents have mandatory cybersecurity awareness training for all employees.
  • Among those businesses that were victimised by a cyber-attack, 13% indicated the attack damaged their reputation. This perception is a sharp contrast to the findings of CIRA’s recent report: Canadians deserve a better internet, which indicated that only 19% of Canadians would continue to do business with an organisation if their personal data were exposed in a cyber-attack.
  • 43% of respondents were unaware of the mandatory breach requirements of PIPEDA.
  • Of those businesses that were subject to a data breach, only 58% reported it to a regulatory body; 48% to their customers; 40% to their management and 21% to their board of directors.
  • 43% of respondents who said they didn’t employ dedicated cybersecurity resource cited lack of resources as the reason. This is up from 11% last year.

“While technical solutions are important, the best layer of security for any organisation are cyber-aware employees,” said Jacques Latour, chief security officer, CIRA. “We are happy to see more organisations embracing cybersecurity awareness training as a critical element of their defence. However, there is more work to be done to ensure the quality and rigor of the training offered keeps pace with the ever-changing world of cybersecurity.”

The full report is available to download from: https://cira.ca/resources/cybersecurity/report/2019-cira-cybersecurity-survey