The New York Times has an interesting story about Steve Marshall, an English travel agent who lives in Spain, sells trips to Europeans who want to go to sunny places, including Cuba, and in October found about 80 of his web sites stopped working, thanks to the United States government.

“The sites, in English, French and Spanish, had been online since 1998. Some, like www.cuba-hemingway.com, were literary. Others, like www.cuba-havanacity.com, discussed Cuban history and culture. Still others — www.ciaocuba.com and www.bonjourcuba.com — were purely commercial sites aimed at Italian and French tourists,” reported The Times.

It turns out Mr. Marshall’s Web sites had been put on a US Treasury Department blacklist and, as a consequence, his American registrar, eNom Inc., had disabled them. Mr. Marshall said eNom told him it did so after a call from the Treasury Department; the company, based in Bellevue, Wash., says it learned that the sites were on the blacklist through a blog, further notes The Times.

Mr Marshall told The Times “he did not understand ‘how Web sites owned by a British national operating via a Spanish travel agency can be affected by U.S. law.’ Worse, he said, ‘these days not even a judge is required for the U.S. government to censor online materials.’”

And the reason – “Mr. Marshall’s company had helped Americans evade restrictions on travel to Cuba and was ‘a generator of resources that the Cuban regime uses to oppress its people.’ It added that American companies must not only stop doing business with the company but also freeze its assets, meaning that eNom did exactly what it was legally required to do.” But Mr Marshall says he is not interested in American tourists as “they can’t go [to Cuba] anyway.”

Professor Susan Crawford, an ICANN board member and “visiting law professor at Yale and a leading authority on Internet law, said the fact that many large domain name registrars are based in the United States gives the Treasury’s Office of Foreign Assets Control, or OFAC, control ‘over a great deal of speech — none of which may be actually hosted in the U.S., about the U.S. or conflicting with any U.S. rights.’”

To read more on this disturbing issue, see the full article in the New York Times at www.nytimes.com/2008/03/04/us/04bar.html

source DomainNews

A civil suit filed in Florida by Dell and its Alienware subsidiary is giving insight into the enormous sums of money that can be made by creating Web pages full of advertising links reports IDG News Service.

The report notes that in” October, Dell sued a group of domain registrars, alleging the companies bought more than 1,100 domain names with trademark-infringing characteristics, such as ‘dellbatterrogram.com’ in order to put advertising links on the pages.”

The defendants are listed as Belgiumdomains, Capitoldomains, Domaindoorman, Netrian Ventures, iHoldings.com, Juan Pablo Vazquez, and 10 unnamed defendants and each one denies the allegations against them. “Dell contends the businesses, most of which are registered outside the United States, are shell companies engaged in collusion.”

Each of the websites in question was monetised and has advertising provided by Google Adsense and Google was ordered to hold the first $1 million collected in a special account “on behalf of the defendants each month. The second $1 million that accrues in the account every month will be given to the defendants. If more than $2 million accrues in one month, the money is split between the defendants and the Google account.”

Source DomainNews

OTTAWA (Ontario), le 11 janvier 2008 - La controverse soulevée par l’enregistrement du nom de domaine edstelmach.ca par un fervent critique de cet homme politique sur le Web a cristallisé l’attention des médias sur le processus d’enregistrement des noms de domaine (noms de pages Web).

Opinion: ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS.

The use of domain names in most phishing is relatively crude, You see a lot of names like www.somefreewebsite.com/~ingrid/www.bankofamerica.com/…. There’s no SSL, and the tricky part of the domain name is off to the right. A user would really have to ignore the domain name and focus on the body of the page, which is where the real phishing expertise comes in.

But a potentially lucrative minefield for phishing domains may open up through a series of developments currently underway. One of them is the move by some governments to develop alternative root servers. The other is the development of internationalized domain names, especially top-level domains. In at least one case the two are combined.

A coordinated attack on the root servers last year didn’t get very far.

The alternative root server is a strange concept to most people. The root servers are the DNS servers that control the root of the DNS. They control the top of the hierarchy or the bottom (root) of the tree, depending on the metaphor you want to use. So eWEEK controls the eweek.com domain; VeriSign controls the .com domain; and the root, the level above .com and also known as “.” is controlled by the IANA (the Internet Assigned Numbers Authority).

This Wikipedia article includes a list of alternative roots that exist and the non-standard zones they include. For instance, the home page for OpenNIC is http://opennic.glue/. You might be wondering at that “.glue” top-level domain, and if you click on it you’ll get an error. That’s because OpenNIC is an alternative root with a completely different name space. Your DNS, probably derivative of your ISP’s DNS, doesn’t point into the OpenNIC name space. Organizations like OpenNIC sometimes exist in order to escape the control of ICANN. Free to put up any TLD they wish, they have .geek for example.

But OpenNIC does exist on the public Internet; it’s not a private network. If your DNS is set up for it, it’s possible to see these as well as the real Internet. In fact, UnifiedRoot goes this extra mile, by setting up your systems to see the public DNS as well as their own, on which they sell new TLDs to whoever wants them.

These groups don’t worry me. Who’s going to use them anyway? I get worried when I see whole countries, like Russia, trying to set up separate roots. In the case of Russia, the government wants more control over the Cyrillic portion of the Internet. They can never have real control as long as the root zone is in the hands of the IANA. Call me a western hegemonist, but I just don’t trust the Russian government with a root zone.

Compounding the Russian issue is the ongoing development of IDNs (Internationalized Domain Names), which are domain names that support non-Latin character sets, including the Cyrillic used in Russia. Work on this has been in standards bodies coordinated by ICANN for years and some are in use. Work on Internationalized TLDs is also underway, and here’s where the phishing angle becomes really clear. .ru the Russian TLD, translates in Cyrillic to .py, the TLD for Paraguay. It’s not hard to see a Cyrillic phishing domain in the Paraguayan .py being used to fool Russian users.

This specific example isn’t the real point. I have a general concern about these expansions of the DNS in ways that seem destined to provide massive new opportunities for abuse. The limitations of freedom for the people of Russia and China, which is also interested in both developments. Internationalized domain names are not inherently objectionable, of course, and it would be great if they could be made to work securely. Unfortunately, I see most of the news being about new browser exploits and scams.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Source eWeek Article - January 7, 2008 by Larry Seltzer

Carolyn M. Gudmundson, 44, of Kirkland, Washington, was indicted yesterday by a grand jury in Seattle for eleven counts of Wire Fraud and seven counts of Mail Fraud for a scheme in which she fraudulently billed her employer and related entities for reimbursement for costs she had purportedly incurred in registering and maintaining Internet domain names for Microsoft and Expedia.

Gudmundson fraudulently made more than $1 million with this scheme. Gudmundson was arrested last night and will make her initial appearance on the charge in federal court in Seattle at 2:30 p.m. today. Wire Fraud and Mail Fraud are punishable by up to 20 years in prison and a $250,000 fine.

According to the indictment, Gudmundson was employed by Microsoft as a Program Manager in Microsoft’s MSN Division. Between 2000 and 2004, Gudmundson was responsible for registering, transferring, renewing, acquiring and retiring Internet domain names for Expedia and Microsoft. During the course of this part of her job, Gudmundson defrauded Microsoft in three ways.

First, Gudmundson was authorized to use her personal credit card to purchase, renew and acquire Microsoft’s domain names and then submit reimbursement requests to Microsoft. Gudmundson altered the credit card receipts she submitted so that they showed a much higher price for the purchase, renewal and acquisition of domain names than she actually had paid, and then used these altered credit card receipts to support the false and fraudulent amounts claimed on her reimbursement requests to Microsoft.

Second, Gudmundson allegedly submitted invoices to Expedia for the registration of domain names that she had not paid for.

Third, Gudmundson used an outside company that assists in the negotiation for the purchase of domain names from private parties. Gudmundson told an employee of that company that a fictitious individual had purchased domain names in his name on Microsoft’s behalf and that she needed the employee to send a check to that individual to reimburse him for his costs. Gudmundson then directed the employee to send the checks to her, where she allegedly deposited them into a bank account that she controlled.

The charges contained in the indictment are only allegations. A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.

The case was investigated by the US Postal Inspection Service. The case is being prosecuted by Assistant United States Attorney Kate Crisham.

For additional information please contact Emily Langlie, Public Affairs Officer for the United States Attorney’s Office, at (206) 553-4110.

Source: United States Attorney’s Office Western State of Washington Announcement - December 7th, 2007

By Erik J. Heels
Cybersquatters, typosquatters, parody domain names, look-alike URLs and competitors purchasing others’ keywords-these are the kinds of developments posing threats to brands online. Here are 11 protection tactics.

In 1997, if you had a domain name and a registered trademark for your brand, you were in good shape. In 2007, it takes more to protect a brand on the Internet owing to two key developments. One, the definition of brand has expanded to include things that aren’t necessarily trademarkable (such as the names of your key personnel). Second, brands are at risk from being used (and abused) by cybersquatters and others in ways that weren’t foreseeable a decade ago. To quote Aragorn in The Lord of the Rings: The Two Towers, Open war is upon you whether you would risk it or not.

Actually, the attack on your brands has been underway for years. But it is about to erupt into a full-scale brand war. Now is the time to act. Here are steps you can take to protect your brands online.

The 11 steps are:

* Step 1: Know Your Brands
* Step 2: Register Your Brands as Top-Level Domain Names
* Step 3: Register Your Brands as Country-Specific Domain Names
* Step 4: Register Misspelled Domain Names
* Step 5: Monitor Your Domain Names
* Step 6: Register and Monitor Third-Party URLs
* Step 7: Buy Keywords on Google and Yahoo
* Step 8: Don’t Game Google
* Step 9: Monitor Related Web Sites
* Step 10: Register Your Trademarks
* Step 11: Ignore the Box

Source DomainNews

“ICANN’s Security and Stability Advisory Committee (SSAC ) has issued an advisory on a process known as Domain Name Front Running. It is a practice of stealing someone’s domain name search queries and registering the domain name before the original person can register it. Let’s say you find a domain that is available for registration. If someone steals your idea and registers it before you, it is like holding you hostage and is called Domain Spying or Front Running. The SSAC was not able to find any hard evidence during their first inquiry so they are issuing the advisory for people to come forward with good hard evidence it is happening.

Much of the information presented before SSAC regarding domain name front running is anecdotal and incomplete. The information SSAC has reviewed allows us to observe that some part of the community believes monitoring practices that result in preemptive registration of domain names have occurred and that such practices are not acceptable. SSAC is concerned that, whether real or perceived, preemptive registration portrays an unfavorable image of the domain name industry. This Advisory is therefore a preliminary study and is intended to put the issue before the community for discussion and to solicit well-documented incidents, if any can be obtained.

There are several ways that spying could occur:

* Client software.
* 3rd Party WHOIS query portals.
* Unauthorized executables.
* DNS operators.
* Registrars (and resellers).
* Name Spinners.
* Registries
* Information leaks, social engineering.

Basically the SSAC is looking for hard evidence that this spying exists. If you can help with hard evidence, please contact them. I would encourage people to perform their whois query via our services as I can guarantee we are clean. We have also published ways that stealing can happen even if using our service. It is possible for spyware on your computer to steal your queries or even DNS queries at your own ISP. It is possible that a Registrar or Reseller is stealing your query. It is also possible that a Registry is leaking the information to Domain Tasters. Never type a domain name into a browser and see if a website exists. This is a horrible way to test if the domain exists because you are leaking the DNS query to global root servers and your ISP’s DNS servers. Major ISPs sell click stream data and non-existent domain name results.

As another side note. Our Bulk Check utility is not real-time. We run the results against a zonefile that could be up to 12 to 24 hours delayed. If you need a real-time query, please run it manually on our services. Domain Tasters are testing millions of domains a day that have been previously registered and that takes a lot of good names off the floor everyday. The only good news is that Domain Tasters generally throw back 99.9% of the domains within 5 days.

There will be a public forum next week at the LA ICANN meeting and I would encourage people to show up and speak out against Domain Tasting. I think Domain Tasting is causing a lot of damage to people, but it is hard to measure. People assume that names are being spied on while I find that the most common thing is Tasters that re-filter old domains over and over again.”

Source DomainTools

UPDATE: INSTANT DOMAIN SEARCH IS NOT MOST LIKELY NOT STEALING YOUR IDEAS PERSONALLY. THE NAME RESEARCH IS BEING COMPROMISED SOMEWHERE ALONG THE WAY. THE FOLLOWING SCENARIO MAY HAPPEN THROUGH ANY DOMAIN RESEARCH TOOL. BE CAREFUL

I am working with a few associates on project for a client who is starting a new website. Part of the project is to brand the company which includes naming the company and acquiring a domain name. I have been using Instant Domain Search for while now as it is a quick and easy way to find available names. My associate has been using what looks to be a GoDaddy affiliate/clone that she calls Name Intelligence.

We came up with a list of names(that contained some keywords of course) and my associate checked quite a few on Monday to see if they were available. I checked through almost all the names and then some on Tuesday. We went back to purchase a few and found that most of the names we had searched for had been bought up by the same company on Wednesday(damn it). This was too weird to be a coincidence so I did a bit of research.

Here is the company that bought the domains:
Organization: Maltuzi LLC
Email: admin@maltuzi.com
Address: 800 West El Camino Real Suite 180 Mountain View, CA, 94040
Phone: 1.6508146730

According to IPWalk, Maltuzzi LLC owns 1,768,141 domains (WOW) as of Jan 21,2007.

I found a thread on Webmaster World that discusses the same thing happening to some other folks by Maltuzi.

So as you can see these Maltuzi guys are a bunch of bastards. However I must ask, why in the hell did they want these domains? I can’t tell you the names we were thinking of, but really they weren’t gonna be the next Amazon or anything.

How Did Maltuzi Hijack my domain name research?

While I am still not sure which of the above querying services contributed to my research being comprised, I did find some information in an article by Larry Seltzer in eWeek titled Who is Hijacking my Domain Name Research. Larry does a great job of explaining the possibilities of how this name research may have been compromised. In Larry’s case it was a company name Chesteron Holdings buying up the domains after they had been searched for using CNets domain research tool.

Here is what’s possible, based on what I know:

CNet, or someone at CNet, could be passing the requests on to Chesterton. I don’t believe this for a second.
• One of the hosting services that CNet is checking with (and there could be more than they indicate) could be passing data on to Chesterton. This seems unlikely to me.
• Chesterton could have compromised one of the servers involved in the process, for instance the whois server used by one of the hosting services. This seems possible to me. There are a number of other hacking techniques, DNS cache poisoning for example, that could indirectly give Chesterton access to data from these queries.
• Verisign could be passing the data on to Chesterton. I don’t believe this, either.

How can these companies afford all these domain names?

Larry has another article about Domain Tasting which explains how these companies can afford to buy all these domain names. The short explanation is there is a 5 day grace period on domain name registration so the companies buy a domain, throw up some ads, and taste to see if the site makes any money. If no ads were click during the tasting period the domains are released and a refund is given. If the domains show potential, they are kept.

So who can you trust for domain name research. I am not sure at this point. I am hoping that a command line whois query is still safe but I am really not sure. I think you just have to have a list ready to go and if a name on your list is available, make the purchase right away.

I can only hope that my names will be freed in 5 days. I’ll post back with in update. In the meantime, be careful when you are searching for an available domain to buy!

Source Mike, The Internet Guy

It has happened to most of us:

• A perfect domain name pops into your mind.
• A quick check at your favorite domain registrar reveals that the domain is still available.
• For some reason, you put off the actual registration for a few days.
• And when you come back to finally register the domain, it’s taken by someone else!

In many cases, this is simply a coincidence. But there are increasing reports of domain search data being sold to domain tasting companies which then register your domain ideas to see if they attract any traffic.

No traffic? No problem. The domain taster simply drops the domain after five days. But if the domain proves popular, the taster will keep it and monetize its traffic through PPC (pay per click) ads.

Bob Parsons of GoDaddy.com was one of the first to raise hell about domain tasting. He focused on what he calls “domain kiting” - repeatedly registering a domain and dropping it right before the end of Verisign’s 5 days refund period, only to reregister it shortly thereafter. This strategy ensures that the domain taster never actually pays for the domain, even though his payment is “on deposit” with Verisign and therefore tied up permanently.

GoDaddy and its associated companies do not engage in domain tasting, according to Parsons. Not that they would have to: GoDaddy already earns millions of dollars in PPC revenue off their client’s newly registered and/or unused domains.

While the Daily Domainer considers random domain tasting to be a legitimate business, we believe that leeching off the domain searches of others (who expect their domain ideas to remain private) differs by several orders of ethical magnitude. Recent mainstream press reports about domain tasting in general are bad enough already.

For example, last night an Associated Press article made the rounds (read the full version here) and the arguments are predictable: Domain tasting is defended by those who are engaged in it and attacked by those who either missed the boat or consider themselves too “above-board” to take advantage of the opportunity.

Until recently, prospective domain tasters had to set up their own domain registrar to get started. But even individual domainers can now use registrars such as Dynadot or Moniker to register domains and give them back within 4 to 5 days at no charge (Dynadot). This is very helpful if you’re eying several domains and are undecided which ones to use.

So what can domain owners learn from this?

• Delay searching for available domains until you’re actually prepared to follow through with the registration. Better still, search for and register new domain ideas immediately whenever inspiration strikes you.
• If one of your domain searches is registered by a domain taster shortly after you checked availability of the domain, and you still want the domain, wait five days and it might become available again. Do not visit the domain during these five days, otherwise the domain taster will believe that the domain gets enough traffic to warrant adding it to his permanent portfolio!
• If you’re thinking of several domains for a project and are undecided which one to use, register all of your domain ideas immediately. If you use a registrar like Moniker or Dynadot, you’ll have 4-5 days to decide if you actually want to keep a domain once you have registered it. This practically eliminates the danger of impulse registrations that you might regret later.

Finally, if after reading this post and despite all our warnings you are thinking about joining the “dark side” of domain leeches and spies, here’s how you could go about it.

1. Set up your own domain search tool or approach registrars that will sell you their search data (not GoDaddy of course, they are too ethical to even consider doing something like that! ).
2. Once you have gained access to the domain search data, analyze it and register promising domains to test them for traffic. The faster you do this, the better.
3. Keep domains that earn at least 5% to 10% of their annual registration fee during the first five days. Drop all others.

And last not least: Be prepared for a massive backlash from disappointed end users who will publicly accuse you of having “stolen” their domain!

“Software pirates have launched an astonishing smash ‘n’ grab raid on the music biz, stealing the domain name of one of its foremost anti-piracy bodies.

The Pirate Bay has now taken up residence at IFPI.com, a domain once owned by the International Federation of the Phonographic Industry (IFPI). The Pirate Bay now says the site will promote the International Federation of Pirates Interests.

The Pirate Bay is, of course, infamous for being the world’s largest BitTorrent tracker with over 630,000 torrents that comprise illegal rips of audio CDs, TV shows and movies, as well as software and video games.

IFPI vs the pirates

The domain name steal is the latest in a long line of skirmishes between The Pirate Bay and IFPI. IFPI had most recently tried - and failed - to secure confidential files from the Swedish police.

When asked to confirm how they got the domain name, Pirate Bay administrator Brokeup told TorrentFreak:

“It’s not a hack. Someone just gave us the domain name. We have no idea how they got it, but it’s ours and we’re keeping it.”

Source Tech.co.uk