MakeUseOf: The 9 Best Websites to Look Up WHOIS Information for Free. “Typical WHOIS data can include a name, address, email, phone number, administrative and technical contacts, or other important personally-identifying information.” If the registration data isn’t being protected by anonymity features. BUT it’s also important to check WHOIS data to learn things like when a domain was registered. I’ve never seen that information masked.
Android Police: 🍕Google adds pizza.new and 60 more ‘.new’ domain shortcuts🍕. “It’s been two years since Google started introducing .new domain shortcuts to speed the creation of Drive documents, and one year since it opened the .new TLD to third-party companies. As more and more shortcuts joined the fold, Google published a directory of all domains, which stood at a little less than 200 in July. Now they’re up to 250 approximately, with some useful and other questionable additions.”
The Register: Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers
The Register: Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers . “More than 240 website subdomains belonging to organizations large and small, including household names, were hijacked to redirect netizens to malware, X-rated material, online gambling, and other unexpected content.”
ZDNet: GoDaddy takes down 15,000 subdomains used for online scams. “Web hosting provider and domain registrar GoDaddy has taken down more than 15,000 subdomains that were being used as part of a spam operation that lured users on web pages selling fake products.”
Ars Technica: The wave of domain hijackings besetting the Internet is worse than we thought. “The wave of domain hijacking attacks besetting the Internet over the past few months is worse than previously thought, according to a new report that says state-sponsored actors have continued to brazenly target key infrastructure despite growing awareness of the operation.”
This update is especially for Carl Friedberg, and I’m using his full name because he left a public comment about how much the new Google .dev domains cost when they launched in late February. It’s much better now, Carl! From BetaNews: Now you can buy a .dev domain for a sensible price. “Google recently launched the new top-level domain, .dev. When the TLD was introduced, pricing was a little out of the reach of most people — there are few who would be willing to part with $11,000. Now, however, pricing has dropped dramatically. “
Krebs on Security: Bad .Men at .Work. Please Don’t .Click. “Web site names ending in new top-level domains (TLDs) like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online. Not that there still aren’t a whole mess of nasty .com, .net and .biz domains out there, but relative to their size (i.e. overall number of domains) these newer TLDs are far dicier to visit than most online destinations.”
GoDaddy has launched a search engine for emoji domain names. “Technically, emoji domains have been around for years. GoDaddy provides a timeline on its search site. But they were difficult to search for and required some understanding of how the domain name system handles characters. (If ASCII or Punycode mean anything to you, you probably already knew about emoji-based domains.) GoDaddy’s site aims to make it easy for anyone with a phone to find available emoji domains.”
A new technique hopes to detect malicious Web sites as early as when the domains are registered. “Malicious websites promoting scams, distributing malware and collecting phished credentials pervade the web. As quickly as we block or blacklist them, criminals set up new domain names to support their activities. Now a research team including Princeton University computer science professor Nick Feamster and recently graduated Ph.D. student Shuang Hao has developed a technique to make it more difficult to register new domains for nefarious purposes.
Google has open-sourced its domain registry platform. “Nomulus is the platform it uses to manage all the registration data for domains that fall under its TLDs (think blog.google). Among other things, this platform handles all of the requests to buy, renew and transfer domains. While you may be buying a domain name from GoDaddy, for example, you’re really just using GoDaddy as an intermediary between you and the TLD’s owner.”
Oh boy, I’ve been worried about this: spammers are exploiting .gov domains. “Spam purveyors are taking advantage of so-called ‘open redirects’ on several U.S. state Web sites to hide the true destination to which users will be taken if they click the link. Open redirects are potentially dangerous because they let spammers abuse the reputation of the site hosting the redirect to get users to visit malicious or spammy sites without realizing it.”
What are the worst Top-Level Domains (TLDs) for malware? You’ve probably never heard of them. “Spamhaus, an organization that monitors spam, botnet and malware activity on the Internet, has published a list of the world’s top 10 ‘worst TLDs’ on Saturday. What’s interesting is that the list is not based on the overall number of abusive domains hosted under a TLD, but on the TLD’s ratio of abusive domains compared to legitimate ones.”