********************************************************** Sponsored by the Singapore Internet Research Centre Nanyang Technological University, Singapore http://www.ntu.edu.sg/sci/sirc/
********************************************************** Don't forget to check out www.auda.org.au/domain-news/ for today's edition of the complete domain news, already online! Headlines from the August 13 edition of the news include: ICANN: Updates to New gTLD Program Implementation | Over 2 Million .biz Domain Names Under Management | Free.nz is the domain name of the game | Patch for Web Security Hole Has Leaks of Its Own | DNS creator: It's time to add security | Cyberspace Barrage Preceded Russian Invasion of Georgia | Georgia Takes a Beating in the Cyberwar With Russia | VeriSign Reports $68 Million Loss; 87.3 Million .com/.net Domain Names | Flipping For Domains And see my website - http://technewsreview.com.au/ - for daily updates in between postings. *************************************************** The domain name news is supported by auDA *************************************************** ICANN Highlights Domain Name System Vulnerability; Releases Tools http://icann.org/en/announcements/announcement-06aug08-en.htm £20,000 grant boost for .cym domain bid http://news.bbc.co.uk/2/hi/uk_news/wales/7543956.stm N.Korea Likely to Provide Internet Service from 2009 http://english.chosun.com/w21data/html/news/200808/200808070011.html Net address bug worse than feared http://news.bbc.co.uk/2/hi/technology/7546557.stm Kaminsky: Many ways to attack with DNS [IDG] http://www.infoworld.com/article/08/08/06/Kaminsky_Many_ways_to_attack_with_DNS_1.html Kaminsky: DNS Vulnerability Will Affect Email, Internal Systems, Too http://www.darkreading.com/document.asp?doc_id=161009 Email gets hit by major web security flaw [AP] http://www.nzherald.co.nz/category/story.cfm?c_id=55&objectid=10525801 Giant cyberspace security hole getting fixed, slowly [AP] http://www.nzherald.co.nz/feature/story.cfm?c_id=1501832&objectid=10525623 VeriSign shares fall after 2nd-quarter report [AP] http://www.forbes.com/feeds/ap/2008/08/07/ap5301246.html VeriSign Reports Second Quarter 2008 Results [news release] http://www.verisign.com/static/043991.pdf T.R.A.F.F.I.C. Down Under to Donate Profits to ICA; Discount Pass Expires Soon http://technewsreview.com.au/article.php?article=5584 ********************** GOVERNANCE ********************** Directive of the European Parliament and of the Council concerning the EU Global Online Freedom Act EXPLANATORY MEMORANDUM: More and more authoritarian states as Belarus, Burma, the People's Republic of China, Cuba, Egypt, Ethiopia, Iran, North Korea, Saudi Arabia, Syria, Tunisia, Turkmenistan, Uzbekistan and Vietnam censor the internet by blocking websites and filtering search results and intimidate internet users through 'cyber police' and obliged registration. As this constitutes a clear violation of human rights under article 19 of the Universal Declaration of Human Rights, EU action needs to be undertaken, especially since European companies are cooperating with authoritarian governments to restrict the access of citizens to the provision of Internet and information society services. http://www.julesmaaten.eu/_uploads/EU%20GOFA.htm Major U.S. Internet companies agree on a code of conduct for operating in repressive countries It's been a journey longer than the meandering, months-long trip the Olympic torch is taking to Friday's opening ceremonies in Beijing. But Google, Yahoo and Microsoft said today that they were close to finishing a voluntary code of conduct for doing business in China and other countries that censor the Internet -- a project they started in January 2007. http://latimesblogs.latimes.com/technology/2008/08/major-internet.html Internet firms agree to 'code of conduct' in China Just days before the Olympic torch will reach Beijing, Internet leaders Google, Yahoo, and Microsoft say they are close to an agreement on a code of conduct for doing business in China and other countries that censor the Internet. http://news.cnet.com/8301-13578_3-10007122-38.html Internet Companies Agree On China Code Of Conduct U.S. technology giants Microsoft, Google, and Yahoo, in talks with other Internet companies and human-rights groups, have reached an agreement on a voluntary code of conduct for activities in China and other restrictive countries, the Wall Street Journal reported on Tuesday. http://uk.reuters.com/article/technologyNews/idUKBNG13395520080805 http://in.reuters.com/article/technologyNews/idINIndia-34833420080805 http://www.informationweek.com/news/internet/policy/showArticle.jhtm?articleID=209903195 Vint Cerf calls for Internet speed limits Internet papa Vint Cerf said broadband speed limits rather than broadband data caps would be more useful in managing congested networks. http://news.cnet.com/8301-1023_3-10007079-93.html Cerf totes consumer SLAs Father of the internet and Google's chief internet evangelist, Vint Cerf has waded into the debate about how broadband carriers should manage network congestion, suggesting, in effect, data rate service level agreements (SLAs) for consumers. http://www.vnunet.com/vnunet/news/2223299/cerf-totes-consumer-slas Cerf’s call for simple pricing: Net Neutrality all over again Vint Cerf, one of the co-inventors of the underlying technology that makes the Web work, now Google’s Internet evangelist, has issued a call for throughput-based pricing by ISPs. This in response to the Comcast ruling by the FCC, which fined the cable carrier for capping bandwidth used by customers if they exceed what the company considers reasonable use—Comcast has called their approach, which can cap the number of bits a user sends per month “consumption-based pricing.” http://blogs.zdnet.com/Ratcliffe/?p=358 Questioning the Coming US Internet Clog One of the nation’s top authorities on global Internet traffic growth says his latest data show no reason to fear network capacity shortages, as traffic growth may even be slightly decelerating. http://communicationsdirectnews.com/do.php/110/31939 ********************** DOMAIN NAMES ********************** ********************** - ICANN ********************** .ORG & NCUC Joint Letter to ICANN on Internationalized Domain Names by PIR Recently we teamed up with the Non-Commercial Users Constituency (NCUC) to express our concern to ICANN that the rights and needs of end-users are taken into account in the discussion of Internationalized Domain Names (IDN). http://www.circleid.com/posts/88710_org_ncuc_internationalized_domain_names/ Can ICANN Manage the DNS Root Zone by Itself? "No!" Says US Department of Commerce In a recent letter, the US Department of Commerce NTIA strongly denied being engaged in discussions about a "root zone transition" from VeriSign to ICANN. The community, ICANN President Strategic Committee (PSC), and perhaps ICANN and IANA staff are suddenly informed that no transition of root zone management is going to occur. http://www.circleid.com/posts/88712_icann_manage_dns_root_zone/ ICANN Highlights Domain Name System Vulnerability; Releases Tools ICANN is raising awareness of a recently discovered vulnerability in the DNS. This includes releasing an FAQ and an online tool for domain operators to test their domains. http://icann.org/en/announcements/announcement-06aug08-en.htm ICANN to raise awareness of domain name system vulnerability [sub req'd] http://telecom.paper.nl/news/article.aspx?id=225475 ********************** - ccTLD & gTLD NEWS ********************** Grant boost for .cym domain bid A £20,000 grant to secure a "dot cym" internet address for Wales is to be given by the assembly government. Deputy First Minister Ieuan Wyn Jones said the money was to support the DotCYM campaign for a Welsh version of the .com or co.uk endings. http://news.bbc.co.uk/2/hi/uk_news/wales/7543956.stm Bid for .cym for Welsh websites WELSH companies should have the right to use .cym as well as .com on their websites, Deputy First Minister Ieuan Wyn Jones said yesterday. http://www.walesonline.co.uk/news/wales-news/2008/08/07/bid-for-cym-for-welsh-websites-91466-21480320/ More options for Welsh identity on the net The campaign to allow Welsh companies to use the .cym suffix in their web addresses is almost as old as the internet itself, so it’s pleasing to see this decent idea finally take its first steps off the drawing board. http://www.walesonline.co.uk/news/wales-news/2008/08/07/more-options-for-welsh-identity-on-the-net-91466-21479926/ Assembly cash for dotCYM campaign DEPUTY First Minister Ieuan Wyn Jones will today announce Assembly Government funding to campaign for “full internet status for Wales”. http://www.dailypost.co.uk/news/north-wales-news/2008/08/06/assembly-cash-for-dotcym-campaign-55578-21473223/ Wales applying for its own domain name The Welsh deputy first minister is backing a campaign for a Welsh internet domain name. http://www.publicservice.co.uk/news_story.asp?id=6704 DotCym campaign wins £20k grant Wales The Welsh Assembly is to donate £20,000 to support the campaign to secure the "dot cym" internet address for Wales. http://www.webuser.co.uk/news/news.php?id=265029 N.Korea Likely to Provide Internet Service from 2009 It seems likely that North Korea will finally join the worldwide web and provide Internet service from next year. Kim Sang-myung, the chief of the North Korea Intellectuals Solidarity, a group of former North Korean professionals, at a symposium in the National Assembly on Wednesday said, "According to the Internet Access Roadmap it launched in 2002, North Korea will begin providing Internet service for special agencies and authorized individuals as early as next year." ... It has also recently finished necessary consultations with ICANN for the Internet service in North Korea. In this situation, North Korea can begin providing Internet service any time provided equipment for server and Internet-based relay systems is supplied, Kim said. http://english.chosun.com/w21data/html/news/200808/200808070011.html 100,000 .me Domain Names Now Registered The .ME Registry announced today it has registered more than 100,000 domain names. This milestone comes a little more than two weeks after opening for live, real-time registrations by the general public and less than four months after opening its doors. http://www.nic.me/index.php?page=12&news=94 .ME Domain Crosses 100,000 Milestone New personalized domain .ME is the hot new destination for Web addresses. The milestone comes a little more than two weeks after opening for live, real-time registrations by the general public and less than four months after opening its doors. http://www.webhostdir.com/news/showNews.aspx?ID=27076 ********************** - DNS SECURITY ********************** Net address bug worse than feared A recently found flaw in the internet's addressing system is worse than first feared, says the man who found it. Dan Kaminsky made his comments when speaking publicly for the first time about his discovery at the Black Hat conference in Las Vegas. http://news.bbc.co.uk/2/hi/technology/7546557.stm Kaminsky: Many ways to attack with DNS [IDG] There were 6 a.m. calls from Finnish certificate authorities and also some pretty harsh words from his peers in the security community, even an accidentally leaked Black Hat presentation, but after managing the response to one of the most highly publicized Internet flaws in recent memory, Dan Kaminsky said Wednesday that he'd do it all over again. http://www.infoworld.com/article/08/08/06/Kaminsky_Many_ways_to_attack_with_DNS_1.html http://www.networkworld.com/news/2008/080608-kaminsky-many-ways-to-attack.html http://www.itworld.com/networking/54104/kaminsky-many-ways-attack-dns Kaminsky: DNS Vulnerability Will Affect Email, Internal Systems, Too After almost a month of holding back, security researcher Dan Kaminsky took off the gloves and delivered the full impact of his newly discovered Domain Name Server vulnerability to an audience of more than 2,000 security experts here. http://www.darkreading.com/document.asp?doc_id=161009 Kaminsky reveals 'many ways' to attack with DNS [IDG] Dan Kaminsky has revealed more details about the DNS flaw, and has said that he would do it all over again, despite receiving some harsh words from his peers in the security community. http://www.techworld.com/news/index.cfm?NewsID=102315 Dan Kaminsky Reveals DNS Flaw At Black Hat At the Black Hat conference in Las Vegas on Wednesday, attendees occupied every available seat and most of the floor space to hear security researcher Dan Kaminsky finally explain the Domain Name System (DNS) vulnerability that has been the talk of the Internet security community since early July. http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=209903948 IOActive's Kaminsky Warns: DNS Danger Still Exists IOActive's Dan Kaminsky discovered a DNS vulnerability in July, and the attack code was released weeks later. At his Black Hat speech, Kaminsky warned that patching the DNS vulnerability is urgent. Though Kaminsky said 85 percent of Fortune 500 firms have patched their networks to fix the DNS vulnerability, too many users are still unprotected. http://www.toptechnews.com/news/Kaminsky--DNS-Danger-Still-Exists/story.xhtml?story_id=013000G4YOWK http://www.cio-today.com/news/Kaminsky--DNS-Danger-Still-Exists/story.xhtml?story_id=0130015Q09QS http://www.newsfactor.com/news/Kaminsky--DNS-Danger-Still-Exists/story.xhtml?story_id=013000G4YOWK Kaminsky Details DNS Flaw at Black Hat Talk Roughly 85 percent of Fortune 500 companies have patched their networks to fix a security flaw that lets cyber criminals redirect visitors to counterfeit or malicious Web sites, but Internet users still remain at grave risk due to the large number of infrastructure providers that have not yet addressed the issue, a prominent security researcher warned today. http://voices.washingtonpost.com/securityfix/2008/08/kaminsky_details_dns_flaw_at_b.html Email gets hit by major web security flaw [AP] A newly discovered flaw in the internet's core infrastructure not only permits hackers to force people to visit websites they didn't want to, it also allows them to intercept email messages, the researcher who discovered the bug said. http://www.nzherald.co.nz/category/story.cfm?c_id=55&objectid=10525801 http://www.cnn.com/2008/TECH/biztech/08/06/internet.security.ap/ http://www.usatoday.com/tech/news/computersecurity/2008-08-07-internet-flaw-email_N.htm Giant cyberspace security hole getting fixed, slowly [AP] A giant vulnerability in the internet's design is allowing criminals to silently redirect traffic to websites under their control. The problem is being fixed, but its extent remains unknown and many people are still at risk. http://www.nzherald.co.nz/feature/story.cfm?c_id=1501832&objectid=10525623 http://www.smh.com.au/articles/2008/08/06/1217702102160.html http://www.theage.com.au/articles/2008/08/06/1217702102160.html Kaminsky reveals details and extent of DNS flaw Security researcher Dan Kaminsky has given details of a fundamental flaw in the Domain Name System, and the extent of the vulnerability. http://news.zdnet.co.uk/security/0,1000000189,39458177,00.htm http://news.cnet.com/8301-1009_3-10009827-83.html Day 30: Kaminsky DNS Bug Disclosure In a highly anticipated presentation, Internet security researcher Dan Kaminsky today gave details of the much talked about Domain Name System (DNS) vulnerability issue which has been intensely covered since it was publicly announced a month ago on Jul 8th. http://www.circleid.com/posts/88670_kaminsky_dns_bug_disclosure/ Kaminsky (finally) reveals gaping hole in internet Black Hat After a four-week orgy of speculation, recrimination and warnings, Dan Kaminsky's domain-name system vulnerability has finally gone public. And boy, are we glad the net's overlords paid attention. http://www.theregister.co.uk/2008/08/06/kaminsky_black_hat/ Beijing Braces for Olympic Cyber-War - Can the world's most futuristic data center protect the Olympics' storage? With the world’s eyes firmly focused on Beijing, officials and IT staff are bracing themselves for a flood of cyber-attacks when the Olympic Games begin later this week. http://www.darkreading.com/document.asp?doc_id=160642 Giant online security hole getting fixed, slowly [AP] A giant vulnerability in the Internet's design is allowing criminals to silently redirect traffic to Web sites under their control. The problem is being fixed, but its extent remains unknown and many people are still at risk. http://www.washingtonpost.com/wp-dyn/content/article/2008/08/05/AR2008080502656.html Russian Gang Hijacking PCs in Vast Scheme A criminal gang is using software tools normally reserved for computer network administrators to infect thousands of PCs in corporate and government networks with programs that steal passwords and other information, a security researcher has found. http://nytimes.com/2008/08/06/technology/06hack.html DHS: Networking security worth the money [IDG] When it comes to investing in computer security, the U.S. federal government could get a good return on investment by shoring up its networking protocols, according to the man who's been hired to coordinate computer security between federal agencies. http://www.itworld.com/security/54122/dhs-networking-security-worth-money http://www.pcworld.com/article/149554/2008/08/.html New US cyber defense coordinator hints at plans [AP] One of the United States' biggest challenges in securing government computers from foreign attacks isn't necessarily technical. The country first needs to figure out how much those networks are worth and how much the U.S. should spend on protecting them, the new Homeland Security official in charge of that effort said Thursday. http://news.smh.com.au/technology/new-us-cyber-defense-coordinator-hints-at-plans-20080808-3rvl.html http://news.theage.com.au/technology/new-us-cyber-defense-coordinator-hints-at-plans-20080808-3rvl.html ********************** - DOMAIN DISPUTES ********************** Retailers Beware – Recent Losses In Domain Name Decisions [reg req'd] Retailers and brands in the retail sector have recently been hit with a string of losses under the Uniform Domain Name Dispute Resolution Procedure ("UDRP"), which was designed to offer brand owners a quick and relatively inexpensive way of resolving domain name disputes. http://mondaq.com/article.asp?articleid=64400 us: State Fund Insurance Nailed for Reverse Domain Name Hijacking State Fund Mutual Insurance, a company providing workers’ compensation insurance in Minnesota, Wisconsin, and South Dakota, has been found guilty of reverse domain name hijacking in its attempt to snag SFM.com. http://domainnamewire.com/2008/08/07/state-fund-insurance-nailed-for-reverse-domain-name-hijacking/ us: SureWest critic will change Web site's address The Sacramento computer programmer and SureWest Communications shareholder who started a Web site critical of the Roseville company's move to drop its quarterly dividend plans to change the domain address. http://www.sacbee.com/102/story/1140527.html ********************** - IPv4/IPv6 ********************** DISA certifies Red Hat OS for IPv6 The Defense Information Systems Agency has certified the Red Hat Enterprise Linux (RHEL) operating system as being ready for swapping Internet Protocol version 6 packets with other Defense Department servers, Red Hat announced this week. http://www.gcn.com/online/vol1_no1/46832-1.html ********************** - MISCELLANEOUS ********************** New publication on Domain Name Law A new international Handbook on Domain Name Law has been published. The “Handbuch des Domainrechts” is an updated German version of the international Handbook “Domain Name Law and Practice”which was published by Oxford University Press in 2005. It was edited and written by leading experts in the fields of domain name dispute resolution and trade mark law from around the world. http://www.domainnews.com/en/general/new-publication-on-domain-name-law.html VeriSign shares fall after 2nd-quarter report [AP] VeriSign Inc.'s shares fell Thursday after the Internet infrastructure company reported a wider second-quarter loss as it absorbed the costs of a major reorganization. http://www.forbes.com/feeds/ap/2008/08/07/ap5301246.html VeriSign Reports Second Quarter 2008 Results [news release] VeriSign, Inc. ... reported financial results for the second quarter ended June 30, 2008. VeriSign reported revenue of $303 million for the second quarter of 2008. On a GAAP basis, VeriSign reported a net loss of $68 million and a net loss per share of $0.35. These GAAP results reflect a $92 million non-cash impairment charge on certain long-lived assets and assets held for sale. Also recorded were restructuring charges of $98 million in continuing and discontinued operations. ... VeriSign Naming Services ended the quarter with approximately 87.3 million active domain names in the adjusted zone for .com and .net, representing a 3% increase over Q1 2008 and 20% increase year over year. In June, VeriSign announced additional infrastructure deployments in Europe with new sites in France and Belgium to fortify its Internet infrastructure as part of Project Titan. http://www.verisign.com/static/043991.pdf VeriSign's Losses Widen VeriSign reported higher losses in the second quarter in part because of restructuring-related charges. The company posted net loss of $68 million, or 35 cents a share, that included a $92 million non-cash impairment charge and restructuring charges of $98 million. That compares with a net loss of $4.7 million, or 2 cents a share the year before. http://www.thestreet.com/s/verisigns-losses-widen/newsanalysis/technology-update/10432210.html VeriSign reports $68 million loss [Bloomberg] VeriSign, the biggest operator of computers that direct Internet traffic, reported a $68 million loss and projected sales that missed some estimates as growth in the number of Web sites slowed. http://www.mercurynews.com/business/ci_10124679 VeriSign Reports 2Q Losses VeriSign has reported a net loss of $68 million or $0.35 per share for the second quarter, despite ending the quarter with approximately 87.3 million active domain names, a 3 percent increase over Q1 and a 20 percent increase year over year. http://www.thewhir.com/marketwatch/080708_VeriSign_Reports_2Q_Losses.cfm Register.com Gives Out Free Domain Names Register.com is giving away domain names , 1 per company. There appears to be no-strings-attached to the promotion. This isn’t an affiliate link either . . . probably should be eh ? Click here to get a free domain name. http://www.domainnamenews.com/registrars/registercom-gives-out-free-domain-names/1913 Registries Must Lobby GoDaddy for Success - GoDaddy ’s power in domain registration cannot be ignored. Here’s a tip to any registries for new domains coming online in the next couple years: before you create your marketing strategy and invest in infrastructure, go cozy up with your new pal Bob Parsons at GoDaddy. http://domainnamewire.com/2008/08/05/registries-must-lobby-godaddy-for-success/ The Dutch Cable SIP Exchange Project, XConnect Global Networks and Nokia Siemens Networks Successfully Test Intelligent Network (C7) and ENUM Integration in Cable Telephony Peering Project [news release] The Dutch Cable SIP Exchange project (SIPX), an initiative of the Dutch cable industry, successfully tested interoperability between its peering system, which is provided by XConnect Global Networks, Ltd., and the Nokia Siemens Networks hiQ VoIP platform used in many of its participant networks. http://www.tmcnet.com/usubmit/2008/08/06/3587978.htm ********************** - DOMAINING & AFTERMARKET ********************** Google offers deeper look into searches Google is giving everyone a chance to peek deeper into its database of search requests and discover the things that preoccupy individuals and, in aggregate, entire cities, regions or nations, at any one time. http://iht.com/articles/2008/08/06/business/adco.php New Google tool aims to provide more insight into online searches Google Inc. yesterday rolled out a new tool that it said can help marketing and advertising users better analyze Internet search patterns, while also adding new tools such as a "heat map" for graphically displaying search volumes and other data. http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9111841 T.R.A.F.F.I.C. Down Under to Donate Profits to ICA; Discount Pass Expires Soon T.R.A.F.F.I.C. Down Under is happening on the Gold Coast, Australia, with Fabulous.com (Dark Blue Sea Ltd) and T.R.A.F.F.I.C. partnering to host the premiere event being held from November 18 to 20, to be held at the Sheraton Mirage Resort, Gold Coast, Queensland, Australia. http://technewsreview.com.au/article.php?article=5584 http://www.domainpulse.com/2008/08/05/traffic-down-under-to-donate-profits-to-ica/ Domain Roundtable Goes to Washington Next conference will be held in Washington D.C. June 2009. http://domainnamewire.com/2008/08/05/domain-roundtable-goes-to-washington/ au: Domain name sales dip no surprise The number of internet domain names being bought and sold has dropped off in just the second month since a rule change that allowed them to be openly trading was introduced. http://smartcompany.com.au/Free-Articles/The-Briefing/20080805-Domain-name-sales-dip-no-surprise.html Domain Trading Post takes over as Australia's largest .au aftermarket Australia's newest domain name aftermarket trading website, Domain Trading Post has quickly taken over as the premier marketplace for trading secondary .com.au domain names. http://www.domaininformer.com/news/press/080804DomainTradingPost.html OD.com Sells for $220,000 The domain name OD.com has sold for $220,000 at Sedo , according to the “recent sales” section of the site. http://domainnamewire.com/2008/08/07/odcom-sells-for-220000/ New York TRAFFIC Auction - Open call for Domains Aftermarket logoWe are pleased to announce the launch of the first phase of Aftermarket.com. This first phase is a dual online & offline auction system using the new platform of DomainTools created specifically for the Aftermarket.com. http://blog.domaintools.com/2008/08/new-york-traffic-auction-open-call-for-domains/ ********************** - NON-ENGLISH NEWS ********************** DNS-Prüftools von der ICANN Die Internet-Adressverwaltung ICANN hat am Mittwoch neue Hilfedokumente und Online-Werkzeuge zur Behebung der DNS-Sicherheitslücke bereitgestellt, die unlängst von dem US-Sicherheitsexperten Dan Kaminsky vorgestellt wurde. http://futurezone.orf.at/hardcore/stories/298586/ IETF diskutiert Übergangsszenarien fürs neue Internetprotokoll IPv6 Die Internet Engineering Task Force (IETF) disktutiert derzeit heftig über die Übergangszenarien auf dem Weg zum Internetprotokoll IPv6. Gleich mehrere Vorschläge dazu, wie sich IPv4-Systeme mit IPv6-Systemen verständigen sollen, legten die Entwickler auf ihrem Treffen in Dublin auf den Tisch. Beachtung fand die Lösung, die seit zwei Jahren das chinesische Forschungsnetzwerk Cernet mit dem Cernet 2 verbindet, das IPv6-Adressen nutzt. http://www.heise.de/newsticker/IETF-diskutiert-Uebergangsszenarien-fuers-neue-Internetprotokoll-IPv6--/meldung/113929 Kaminsky veröffentlicht letzte Details zur DNS-Schwachstelle Dan Kaminsky hat in seinem Black-Hat-Vortrag die letzten Details zu der vom ihm entdeckten Schwachstelle im Domain Name System enthüllt. Neben dem Angriff auf einen CNAME-Record ist es offenbar möglich, einem anfragenden Nameserver eine Antwort mit gefälschten Angaben für die Anfrage bei weiteren Nameservern unterzujubeln. Damit lässt sich nicht nur ein einzelner Adress-Eintrag im Cache manipulieren, sondern alle weiteren Anfragen an den Nameserver eines Angreifers umleiten. http://www.heise.de/newsticker/Kaminsky-veroeffentlicht-letzte-Details-zur-DNS-Schwachstelle--/meldung/113975 Wie ein Riesenloch im Netz die Sicherheit bedroht Es ist die größte und gefährlichste Sicherheitslücke, die es je im Internet gegeben hat: Geld überweisen, Aktien kaufen, E-Mails schicken - jede Aktion im Netz ist ein Risiko. Jetzt hat ein Experte erstmals erklärt, wie Kriminelle die Schwachstelle ausnutzen können. http://www.spiegel.de/netzwelt/web/0,1518,570584,00.html Dan Kaminsky würde es wieder tun Nachdem er im Februar auf einen grundlegenden schweren Fehler im Internet-Adressdienst DNS (Domain Name System) stieß, hatte Dan Kaminsky wirklich keine leichte Zeit. Trotzdem würde er im Wiederholungsfalle wieder alles genauso machen. http://www.computerwoche.de/knowledge_center/security/1870645/ Verschiedene Angriffsszenarien möglich DNS-Bug-Entdecker Dan Kaminsky warnt vor verschiedenen denkbaren Angriffsszenarien. Auch SSL-Verbindungen sind von der Sicherheitslücke bedroht. http://www.pcwelt.de/start/sicherheit/sicherheitsluecken/news/174614/verschiedene_angriffsszenarien_moeglich/ DNS-Lücke grösser als ursprünglich angenommen Die von Dan Kaminsky entdeckte Sicherheitslücke im Domain Name System (DNS) ist grösser als zunächst angenommen. Wie er laut diversen Medienberichten bei seinem heutigen Vortrag an der Black-Hat-Konferenz in Las Vegas mitgeteilt habe, liessen sich auch SSL-Verbindungen knacken. http://www.infoweek.ch/news/NW_single.cfm?news_ID=18732&sid=0 Giftangriff aufs Netz Eine Lücke im Internet-Telefonbuch DNS zeigt, wie anfällig wichtige Teile der Internet-Infrastruktur sind. Beim Online-Banking könnten dadurch Kunden auf Seiten von Kriminellen landen - ohne etwas zu merken. http://www.taz.de/1/leben/internet/artikel/1/giftangriff-aufs-netz/ .Asia: Vergabestelle ist zufrieden mit Auktionsergebnissen Seit Beginn der Vergabe der .asia-Domain wurden durch Auktionen bereits über 7 Millionen US-Dollar eingenommen. Das gab die Vergabestelle DotAsia gestern bekannt. Unter den Top 10 der wertvollsten Auktionsdomains (einige sind noch nicht beendet) sind u. a.: http://www.sedo.de/links/showhtml.php3?Id=2122 Sedo Live Auktion in Berlin: Abstimmung gestartet Am 05. September werden auf der Sedo Live Auktion in Berlin beim Domainvermarkter Forum exklusive Domainnamen zur Versteigerung angeboten. Welche Domains das sein werden, entscheiden auch Sie! Aus über 10.000 Bewerbungen haben wir bereits eine Vorauswahlliste mit ca. 350 Domainnamen zusammengestellt. Jetzt möchten wir von Ihnen wissen: Welche Domains finden Sie am Besten? Sie können bis zu 10 Stimmen abgeben. Der Abstimmungsprozess endet am Montag, den 11. August um 20 Uhr MEZ. http://www.sedo.de/links/showhtml.php3?Id=2121 Olympia-Betrugsseiten haben Hochkonjunktur Der Run auf Tickets für die Olympischen Spiele in Peking ruft Cyberkriminelle auf den Plan. Wieder einmal setzen diese auf gefälschte Webseiten, um Nutzern mit angeblichen Kartenverkäufen vertrauliche Daten zu entlocken. http://www.computerwoche.de/knowledge_center/security/1870529/ http://www.pcwelt.de/start/sicherheit/firewall/news/174457/olympia_betrugsseiten_haben_hochkonjunktur/ Vint Cerf: Wie sieht vernünftiges Netzwerkmanagement aus? Vint Cerf, einer der Väter des Internets und "Chief Internet Evangelist" bei Google, hat in einem Google-Blog erläutert, warum Netzwerkmanagement notwendig sei und wie er sich ein faires Netzwerkmanagement vorstellt. http://www.golem.de/0808/61561.html Internetpionier Vint Cerf für lastabhängige Geschwindigkeitsbegrenzung im Netz Vint Cerf, Mitentwickler von TCP/IP und als einer der "Väter des Internet" tituliert, hat sich für eine Art Geschwindigkeitsbegrenzung auf der Datenautobahn zur Vermeidung von Staus ausgesprochen. Im netzpolitischen Blog seines derzeitigen Arbeitgebers Google schlägt Cerf eine Begrenzung der Übertragungsraten von Daten in Zeiten mit hohem Verkehrsaufkommen vor. http://www.heise.de/newsticker/Internetpionier-Vint-Cerf-fuer-lastabhaengige-Geschwindigkeitsbegrenzung-im-Netz--/meldung/113812 Black Hat: Kaminsky livre les détails sur la faille du DNS Malgré la pression des autorités et les commentaires parfois peu amènes de ses pairs du milieu de la sécurité, si c'était à refaire, Dan Kaminsky le referait, car désormais « des centaines de millions de gens sont plus en sécurité ». S'exprimant hier à la conférence Black Hat de Las Vegas, le découvreur de la faille des DNS est revenu sur sa façon de procéder, et a affirmé qu'il existait de multiples moyens d'exploiter cette faille, y compris pour circonvenir la sécurité d'un certificat SSL. http://www.lemondeinformatique.fr/actualites/lire-black-hat-kaminsky-livre-les-details-sur-la-faille-du-dns-26696.html Black Hat: Kaminsky fait le point sur la 'faille DNS' L'intervention de Dan Kaminsky, le chercheur en sécurité à l'origine de la découverte d'une faille inhérente au protocole DNS (Domain Name System) était attendue comme l'un des points forts de la « Black Hat ». Il n'aura finalement pas eu à dévoiler les modalités techniques d'exploitation de cette vulnérabilité puisque d'autres s'en sont chargés avant lui, mais a pu analyser la réponse des éditeurs et équipementiers concernés à cette découverte sans précédent. http://www.clubic.com/actualite-154952-black-hat-kaminsky-point-faille-dns.html Faille DNS: un risque difficilement mesurable Les effets de la faille sécuritaire qui permet aux pirates d'exploiter le Domain Name System (DNS) sont difficilement mesurables, soutiennent différents experts en sécurité informatique. http://techno.branchez-vous.com/actualite/2008/08/faille_dns_un_risque_difficile.html Dan Kaminsky parle: La faille DNS plus grave que prévue La conférence de l'inventeur de la vulnérabilité DNS, Dan Kaminsky la confirmé au Black Hat, la faille DNS est grave. http://www.zataz.com/news/17583/faillen-dns--black-hat--15-methodes.html Noms de domaine : promotion sur l'achat d'un .travel Registravel, représentant français de Tralliance Corporation, gestionnaire des noms de domaine en ".travel" annonce une promotion sur la vente de ces derniers. http://www.journaldunet.com/breve/france/30139/noms-de-domaine---promotion-sur-l-achat-d-un--travel.shtml Les IDN argentins lancés cette semaine Les noms de domaines en .AR accepteront à partir du 7 août 2008 15 nouveaux caractères accentués espagnols et portugais. Priorité aux détenteurs de noms en .AR. http://domainesinfo.fr/extension/1602/argentine-les-idn-argentins-lances-cette-semaine.php Les héritiers de Caillebotte déboutés en UDRP Enregistré par une société néo-zélandaise, les héritiers du célèbre peintre n’ont pu obtenir le transfert de caillebotte.com, faute de disposer d’un droit de marque reconnu par l’expert. http://domainesinfo.fr/chronique/209/les-heritiers-de-caillebotte-deboutes-en-udrp.php dotCYM: £20,000 o hwb Mae ymgyrchwyr wedi dweud bod £20,000 oddi wrth Lywodraeth y Cynulliad yn "gam mawr" wrth anelu at gael parth .cym ar y we. http://news.bbc.co.uk/welsh/hi/newsid_7540000/newsid_7544000/7544084.stm Nooit was beveiliging internet zo lek Noodoplossing is er, maar eenderde van Nederlandse bedrijven heeft die niet ingevoerd http://www.nrc.nl/economie/article1198580.ece/Nooit_was_beveiliging_internet_zo_lek Hackers vallen lek internet aan Kaminsky ontdekte de fout een half jaar geleden. Inmiddels is een zogeheten patch op de markt gebracht waarmee computerbezitters zich tegen de gevolgen van de fout kunnen beschermen. Kaminsky stelde echter dat nog lang niet iedereen deze software heeft geïnstalleerd. http://www.parool.nl/parool/nl/7/Misdaad/article/detail/26341/2008/08/07/Hackers-vallen-lek-internet-aan.dhtml Hackers vallen lek internet aan [ANP] Hackers hebben gebruik gemaakt van een cruciale fout in het internet. “Er gebeuren hele rare dingen”, aldus internetdeskundige Dan Kaminsky op een congres in de Amerikaanse stad Las Vegas, waar voor het eerst publiekelijk over de fout gesproken werd. http://www.telegraaf.nl/digitaal/1633838/__Hackers_vallen_lek_internet_aan__.html http://www.trouw.nl/laatstenieuws/ln_enieuws/article1055739.ece/Hackers_vallen_lek_internet_aan http://www.ad.nl/economie/2507970/Hackers_vallen_lek_internet_aan.html Un fallo peor de lo temido Hace unos meses, un especialista en seguridad informática detectó de forma accidental, según sus propias declaraciones, un gravísimo fallo en uno de los pilares básicos que sustentan la Red, el Domain Name System (DNS), cuya función es traducir al lenguaje natural los números que componen las direcciones de Internet. http://www.elpais.com/articulo/internet/fallo/peor/temido/elpeputec/20080807elpepunet_7/Tes Expertos en seguridad informática discuten falla que permite ataques [AFP] Profesionales en seguridad informática llenaron un salón de Las Vegas este miércoles para asistir a la primera reunión informativa sobre una falla en Internet que permitió a hackers entrometerse en el tráfico en la web. http://www.mipunto.com/punto_noticias/noticia_tecnologia.jsp?tipo=TECNOLOGIA&archivo=080807010339.tc57brcd.txt http://www.terra.com.ar/canales/tecnologia/185/185607.html .pa: 618 Nombres de Dominios serán liberados el Sábado 09 de Agosto de 2008 Confirmando nuestro compromiso en ofrecerles el mejor servicio y atención personalizada, NIC-Panamá les comunica que el Sábado 09 de Agosto de 2008 procederá a liberar 618 Nombres de Dominio. Los Nombres de Dominio liberados estarán disponibles para ser registrados a partir de esa fecha. http://www.latinoamericann.org/modules.php?op=modload&name=News&file=article&sid=1672 .co: Aprueban nuevas politicas de delegacion de nombres de dominio bajo el ccTLD .co El Ministerio de Comunicaciones informa a la comunidad en general que la política del ccTLD .co fue aprobada el pasado 30 de julio mediante Resolución 001652 de 2008. http://www.latinoamericann.org/modules.php?op=modload&name=News&file=article&sid=1671 Brecha no DNS ainda ameaça internautas [AP] Uma falha na estrutura central da internet, descoberta recentemente, não apenas permite que hackers induzam pessoas a visitarem sites que elas não querem, mas também facilita a interceptação de e-mails, disseram pesquisadores. http://info.abril.com.br/aberto/infonews/082008/07082008-0.shl Nytt navn: Killstatoil? Kan ett av domenenavnene Statoil eier være det nye navnet på StatoilHydro? Fuckstatoil.com er blant de frekke domenene. http://www.tu.no/industri/article175832.ece Stories in Russian mentioning ICANN http://www.rian.ru/announce/20080807/150166200.html http://www.vesti.ru/doc.html?id=199174&cid=1 http://www.vedomosti.ru/newsline/index.shtml?2008/08/06/634011 +++++++++++++++++++++++++++++++ The domain name news is supported by auDA For information on subscriptions to the domain name and/or general internet news please contact me. For archives of postings to the list, see http://lists.technewsreview.com.au/pipermail/technewsreview/. Also see http://technewsreview.com.au/ for recent updates. +++++++++++++++++++++++++++++++ (c) David Goldstein 2008 --------- David Goldstein address: 4/3 Abbott Street COOGEE NSW 2034 AUSTRALIA email: Goldstein_David @yahoo.com.au phone: +61 418 228 605 (mobile); +61 2 9665 5773 (home) "Every time you use fossil fuels, you're adding to the problem. Every time you forgo fossil fuels, you're being part of the solution" - Dr Tim Flannery Win a MacBook Air or iPod touch with Yahoo!7. http://au.docs.yahoo.com/homepageset _______________________________________________ APPLe mailing list [email protected] http://mailman.apnic.net/mailman/listinfo/apple
