ZDNet: GoDaddy takes down 15,000 subdomains used for online scams. “Web hosting provider and domain registrar GoDaddy has taken down more than 15,000 subdomains that were being used as part of a spam operation that lured users on web pages selling fake products.”
Ars Technica: The wave of domain hijackings besetting the Internet is worse than we thought. “The wave of domain hijacking attacks besetting the Internet over the past few months is worse than previously thought, according to a new report that says state-sponsored actors have continued to brazenly target key infrastructure despite growing awareness of the operation.”
This update is especially for Carl Friedberg, and I’m using his full name because he left a public comment about how much the new Google .dev domains cost when they launched in late February. It’s much better now, Carl! From BetaNews: Now you can buy a .dev domain for a sensible price. “Google recently launched the new top-level domain, .dev. When the TLD was introduced, pricing was a little out of the reach of most people — there are few who would be willing to part with $11,000. Now, however, pricing has dropped dramatically. “
Krebs on Security: Bad .Men at .Work. Please Don’t .Click. “Web site names ending in new top-level domains (TLDs) like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online. Not that there still aren’t a whole mess of nasty .com, .net and .biz domains out there, but relative to their size (i.e. overall number of domains) these newer TLDs are far dicier to visit than most online destinations.”
GoDaddy has launched a search engine for emoji domain names. “Technically, emoji domains have been around for years. GoDaddy provides a timeline on its search site. But they were difficult to search for and required some understanding of how the domain name system handles characters. (If ASCII or Punycode mean anything to you, you probably already knew about emoji-based domains.) GoDaddy’s site aims to make it easy for anyone with a phone to find available emoji domains.”
A new technique hopes to detect malicious Web sites as early as when the domains are registered. “Malicious websites promoting scams, distributing malware and collecting phished credentials pervade the web. As quickly as we block or blacklist them, criminals set up new domain names to support their activities. Now a research team including Princeton University computer science professor Nick Feamster and recently graduated Ph.D. student Shuang Hao has developed a technique to make it more difficult to register new domains for nefarious purposes.
Google has open-sourced its domain registry platform. “Nomulus is the platform it uses to manage all the registration data for domains that fall under its TLDs (think blog.google). Among other things, this platform handles all of the requests to buy, renew and transfer domains. While you may be buying a domain name from GoDaddy, for example, you’re really just using GoDaddy as an intermediary between you and the TLD’s owner.”