Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ICANN Domain Expansion Could Increase Phishing

CmdrTaco posted more than 3 years ago | from the salmon-is-yummy dept.

Businesses 142

Orome1 writes "The ICANN board gave final approval to what some are calling 'the most dramatic change to the Internet in four decades,' allowing the expansion of new TLDs. Some argue this ICANN initiative could force a land grab of domains by businesses to protect their company reputation. However, they aren't the only ones who are likely to try to snag these new top level domains. There's a very legitimate concern that cybercriminals could also seek these new domains to create legitimate looking websites using well-known brand names. These can then be used for phishing attacks or delivery of Trojan malware to unsuspecting visitors."

Sorry! There are no comments related to the filter you selected.

First TLD to go? (1)

Flyerman (1728812) | more than 3 years ago | (#36511674)

.bank .banking .finance .lending .mortgage .ach

Re:First TLD to go? (1)

archer, the (887288) | more than 3 years ago | (#36511790)

Nope. Trojans on .trojan!

Re:First TLD to go? (1)

sarysa (1089739) | more than 3 years ago | (#36511864)

Close, but my predictions for frontrunners (on the same line of thought): .viagra .cialis ...

Re:First TLD to go? (1)

archer, the (887288) | more than 3 years ago | (#36512104)

Unfortunately, I actually meant computer trojans, not the prophylactic.

Re:First TLD to go? (1)

robot256 (1635039) | more than 3 years ago | (#36511990)

I'm sure somebody would appreciate a TLD for condoms...

Re:First TLD to go? (0)

Anonymous Coward | more than 3 years ago | (#36512386)

Wouldn't it be Trojans on .troy?

Re:First TLD to go? (1)

kpoole55 (1102793) | more than 3 years ago | (#36511800)

it would be more like .rbc, .td, .scotia, .cibc, that sort of thing in Canada and maybe .citibank, .usbank, or some such in the US.

Re:First TLD to go? (5, Funny)

Anonymous Coward | more than 3 years ago | (#36511872)

Obviously phishing sites should be using the .con TLD: citibank.con, barclays.con etc. Truth in advertising and cunning typo-squatting at the same time!

Re:First TLD to go? (1)

houstonbofh (602064) | more than 3 years ago | (#36512150)

Better would be .c0m as with caps (which are disregarded ) it is almost unnoticeable. .C0M

Re:First TLD to go? (1)

makubesu (1910402) | more than 3 years ago | (#36515554)

Personally I think the real citibank should get the .con tld.

Re:First TLD to go? (1)

jperl (1453911) | more than 3 years ago | (#36512060)

I would guess .shop

.here TLD (1)

TheLink (130905) | more than 3 years ago | (#36512134)

More than 10 years ago I proposed that a TLD be officially reserved for _standard_ local private use. Basically something similar to RFC1918 but for TLDs.

I proposed it to the ICANN (emailed to icann@icann.org, Esther Dyson and Vint Cerf) and later the IETF: http://tools.ietf.org/html/draft-yeoh-tldhere-01 [ietf.org]

No luck, and I'm not rich enough to buy it (and give it to the world). Maybe Google can?

Re:.here TLD (0)

Anonymous Coward | more than 3 years ago | (#36513442)

More than 10 years ago I proposed that a TLD be officially reserved for _standard_ local private use. Basically something similar to RFC1918 but for TLDs.

I proposed it to the ICANN (emailed to icann@icann.org, Esther Dyson and Vint Cerf) and later the IETF: http://tools.ietf.org/html/draft-yeoh-tldhere-01 [ietf.org]

No luck, and I'm not rich enough to buy it (and give it to the world). Maybe Google can?

Already exists: use .local

Re:.here TLD (1)

TheLink (130905) | more than 3 years ago | (#36515118)

Already exists: use .local

Read my post again, .local is not officially reserved.

There's a difference between using some random IPv4 address range for your private use and using an RFC1918 IP address range.

Re:First TLD to go? (0)

Anonymous Coward | more than 3 years ago | (#36512276)

sex

Re:First TLD to go? (1)

flimflammer (956759) | more than 3 years ago | (#36512398)

It was said earlier that each gTLD to be sold will be manually handled and the registrant needs to prove that they have legitimate claim to the name, not to mention there is like a $200k price tag. So I have my doubts that many phishing sites will be getting them.

Re:First TLD to go? (0)

Anonymous Coward | more than 3 years ago | (#36514004)

Plus even if you do get it, you'd still have to beat phishing site detectors. IE9 anything but unobtrusive when you visit a known phishing site, and scammers paying that premium is bound to attract a lot of attention - and get themselves blocked, fast.

Re:First TLD to go? (1)

mjwalshe (1680392) | more than 3 years ago | (#36514546)

actually it is nearly $200k to apply not counting the cost of the application and the cost to run a robust infrastructure - from experience with .coop they will mandate multiple redundant servers in 4 continents probably.

Re:First TLD to go? (2)

joebok (457904) | more than 3 years ago | (#36512478)

I've already got a lock on .TrustMe

Re:First TLD to go? (1)

digitig (1056110) | more than 3 years ago | (#36512568)

And the first turf wars will probably be over .cola

YA THINK ??!! (-1)

Anonymous Coward | more than 3 years ago | (#36511770)

What do you think we are, motherfucka, dumasses ??!!

As stated in the original story: (5, Informative)

Luniz (1115637) | more than 3 years ago | (#36511778)

"It will cost $185,000 to apply, and individuals or organizations will have to show a legitimate claim to the name they are buying." I do not think that Peggy will be able to set up .discovercard :p

Re:As stated in the original story: (1)

Anonymous Coward | more than 3 years ago | (#36511896)

I agree: this article is the epitome of FUD. Fear and uncertainty in title: "could increase phishing [emphasis mine]." Doubt from a lack of information from the proponents of the change. TFA was written with a very one-sided point of view, giving no indication that anyone had any thoughts about the potential problems. Does the article writer really think that the 13-1 vote was made by people who hadn't thought about all the potential problems and solutions to said problems?

Re:As stated in the original story: (0)

Anonymous Coward | more than 3 years ago | (#36511958)

Does the article writer really think that the 13-1 vote was made by people who hadn't thought about all the potential problems and solutions to said problems?

As a matter of fact, they haven't. The only reason ICANN went through with this was that it's head is soon to retire and he wanted to be remembered. The decision to allow this is the worst decision ICANN has ever made.

Re:As stated in the original story: (1)

localman57 (1340533) | more than 3 years ago | (#36512032)

Why?

Re:As stated in the original story: (0)

Anonymous Coward | more than 3 years ago | (#36512346)

OK, so even if I grant you that, how do you explain the other 12 votes? I mean, it is hard to argue with your well thought out list of reasons as to why this is a bad idea, but I'll give it a shot: This is a good idea.

Re:As stated in the original story: (0)

Anonymous Coward | more than 3 years ago | (#36512304)

Does the article writer really think that the 13-1 vote was made by people who hadn't thought about all the potential problems and solutions to said problems?

Have you ever seen the US Congress? haha. yes, I know ICANN is not US Congress. For now, let the sheep fear the million dollar waving cyber criminals.

Re:As stated in the original story: (1)

N0Man74 (1620447) | more than 3 years ago | (#36512476)

Indeed, I came here to say the same thing. First of all, it has an absurdly high cost of $185,000. That is a price that is going to discourage even many large legitimate corporations, let alone cybercriminals that could be just throwing the money away once their TLD becomes blacklisted.

Secondly, this application *does* have a vetting process to ensure that you have the right to the domain name you are requesting.

Complete FUD.

Re:As stated in the original story: (3, Insightful)

Rary (566291) | more than 3 years ago | (#36513204)

The article may be FUD, but the whole idea is pointless. What value would a new TLD add to the Internet anyway? For that matter, what value do the existing TLDs add to the Internet? If they were actually used properly, and therefore had any meaning, then they would add value. But they aren't used properly, and hence have absolutely no meaning. They should be abolished completely. Why do I need to type "slashdot.org" (or "slashdot.com", or "slashdot.net", which all take me to the same place). Why not just type "slashdot"? What value does having ".org" (and ".com" and ".net") introduce, other than generating more revenue for the domain registrar?

This was introduced for one reason: to put $185,000 per TLD into ICANN's pocket, and generate additional revenue for domain registrars.

Re:As stated in the original story: (1)

jfengel (409917) | more than 3 years ago | (#36513742)

The original TLDs are a quaint historical artifact, from a gentler time on teh intarwebz. It established a few spheres of control, but it wasn't particularly well thought out, but they weren't expecting the kind of land rush in domain names. This was back when they thought that 4 billion IP addresses was an absurdly large number, orders of magnitude more than would ever be needed.

It got famous all at once, and it quickly became apparent that it was mostly absurd. "dot-com" became synonymous with the web, a meaningless semantic particle in 99% of cases.

Still, it's there in every URL, and you can't live without it. I don't blame large companies for trying to do away with it, at least for themselves. I'm glad they've put a high price on it. It at least keeps out the riff-raff.

That's actually no small thing. The great thing about a .edu address is that there's a gatekeeper. .cocacola is going to be a small fee out of Coke's budget, and it can't possibly be an attack site or spammer. (Well, unless they've been careless with their servers, but that's not a problem you can solve with DNS.)

Re:As stated in the original story: (2)

Konsalik (1921874) | more than 3 years ago | (#36512036)

Agree, also it will cost $25,000 per annum on top of that. I think people jumping on the "this is bad" idea before reading all the facts. Go read this [mashable.com] . Spending $200,000 and waiting 9-20 months just to get it taken down a week later isn't worth it, even for high rolling criminals.

Re:As stated in the original story: (2)

HuckleCom (690630) | more than 3 years ago | (#36512436)

Does everyone seriously think the cost will remain the same?
What happens when a company/brand goes belly up and the TLD is auctioned off?
Most of us don't trust ICANN as far as we can throw, this move is just point in case, the restrictions will loosen .

Re:As stated in the original story: (1)

Qzukk (229616) | more than 3 years ago | (#36513224)

The money isn't in using the TLD yourself, the money is in buying the TLD then reselling it to spammers and phishers.

That's what I'd do if I registered .c0m, anyway. Why dirty my own hands if someone else is willing to pay me to let them dirty theirs?

Re:As stated in the original story: (1)

tlhIngan (30335) | more than 3 years ago | (#36514000)

Exactly. Think of all the misspellings you could buy - .comm, .coom, .cm, etc.

Not to mention if your bank buys .bankofamerica it's just as likely some phisher may buy a regular domain as well - .bankofamerica looks the same to most people as .bankofamerica.pl or other thing soon enough.

Or hell... buy .html and .htm. Then you can have www.bankofamerica.com.index.html and people won't notice the '/' was replaced with '.'.

There's a lot of potential in this, really.

Re:As stated in the original story: (5, Interesting)

Xest (935314) | more than 3 years ago | (#36512066)

Out of interest, does anyone know at $185k a pop what exactly ICANN will be doing with it's new found millions?

Re:As stated in the original story: (4, Insightful)

Inda (580031) | more than 3 years ago | (#36512232)

Coke and hookers, my friend. Coke and hookers.

Re:As stated in the original story: (2)

kvezach (1199717) | more than 3 years ago | (#36513396)

And blackjack.

Re:As stated in the original story: (0)

Anonymous Coward | more than 3 years ago | (#36515940)

In fact, forget about the TLD. Ahh, screw the whole thing.

Re:As stated in the original story: (1)

UnknowingFool (672806) | more than 3 years ago | (#36512538)

Hookers and blow?

Re:As stated in the original story: (1)

Lumpy (12016) | more than 3 years ago | (#36513188)

Putting the final parts in place at the base on skull island for the earth core bomb?

What? Its easy to assume that ICANN is evil, just look at their past.

Re:As stated in the original story: (1)

bigredradio (631970) | more than 3 years ago | (#36514418)

Out of interest, does anyone know at $185k a pop what exactly ICANN will be doing with it's new found millions?

Out of interest, does anyone know at $185k a pop what exactly ICANN will be doing with it's new found billions?
Fixed that for you.

Re:As stated in the original story: (1)

TrueSatan (1709878) | more than 3 years ago | (#36513142)

$185,000 is the initial charge they quoted but also with an ongoing predicted charge of a further $100,000 p.a. which, if anything, will increase over time.

Re:As stated in the original story: (1)

Relayman (1068986) | more than 3 years ago | (#36515596)

For a scammer, $185k is pocket change. I can justify spending that on any number of TLDs. At $35 per year per name, you only need to sell 5,300 domain names to recoup your investment. At an ongoing cost of $25,000, you would have money in the bank.

Trademarked Domains (2)

Marc Madness (2205586) | more than 3 years ago | (#36511788)

Seems to me that the threat of phishing can be mitigated my requiring the entity registering the domain name to show proof that the name in the *.brand is in fact a registered trademark. Of course, I could just be taking an over simplified look at the problem.

Re:Trademarked Domains (1)

Marc Madness (2205586) | more than 3 years ago | (#36511814)

I should also add, that they have to also prove that they own said trademark (just in case that wasn't clear). My bad for omitting that detail.

Re:Trademarked Domains (1)

gstoddart (321705) | more than 3 years ago | (#36512102)

Seems to me that the threat of phishing can be mitigated my requiring the entity registering the domain name to show proof that the name in the *.brand is in fact a registered trademark.

I plan on mitigating this by treating every single one of these new TLDs as if they're likely be to scams, and not visiting them. No more than I will click on a link ending in .ly -- I have no idea of what it is, and I have no trust in the domain.

I have no interest in vetting a crapload of new domain extensions, and I will likely simply refuse to follow a link into anything which goes outside of the ones I'm familiar with now.

While I'm sure ICANN will be happy to rake in the $185K for each of these, I simply can't see why this actually improves anything on the internet ... it just gives yet another source of confusion for identifying legitimate web sites.

Do we need a .cocacola TLD? And if so, why?

Re:Trademarked Domains (1)

_0xd0ad (1974778) | more than 3 years ago | (#36512116)

Exactly - the people who know will treat the new TLD with suspicion, and the people who don't know will frankly just be oblivious anyway unless/until their browser displays a big scary warning instead of the web site they tried to click on.

Re:Trademarked Domains (1)

bigredradio (631970) | more than 3 years ago | (#36514634)

I plan on mitigating this by treating every single one of these new TLDs as if they're likely be to scams

Really?

Right now it costs very little to register a domain name. Names can be altered to attempt to fool people such as mybank.com.cn?id=123451235123451234&asdfasd=sadfasd. But if it takes over 100K to register a name and show proof you have legitimate rights to the name, it would almost seem safer. Especially when it comes to banking applications. For banking, shopping, etc, it would seem the future is not about going to a web page anyway, but using your 'app' to conduct business. This could be hardcoded to use the TLDs the company owns to better provide a secure channel. There is nothing that stops app developers from hardcoding mybank.com, but there could be bandwidth and routing advantages.

Oooh, phear the phishing (4, Interesting)

s.d. (33767) | more than 3 years ago | (#36511798)

Yes, any change to how the internet works could increase phishing. But at $185,000 per application for a new TLD, as well as having each application reviewed by a human or committee, this isn't going to be like automating the registration of .com addresses so that in an afternoon, you can register every misspelling of bankofamerica. By no means do I have blind faith in them, but I feel like ICANN will be pretty sure to not allow some random dude in eastern Europe to register .bank.

Yes, yes, everything can increase the risk of cancer in lab rats, and everything increases the risk of phishing, but the barrier for entry is set relatively high here.

Re:Oooh, phear the phishing (1)

140Mandak262Jamuna (970587) | more than 3 years ago | (#36511912)

By no means do I have blind faith in them, but I feel like ICANN will be pretty sure to not allow some random dude in eastern Europe to register .bank.

No not a random dude from eastern Europe. But a random analyst from Goldman Sachs consolidating a bunch of random dudes from anywhere in the world to create a portfolio of high risk/high reward venture exploiting the emerging opportunities due to the relaxed regulatory environment in the highspeed data networks, (note to secratary: Bradley, sprinkle some synergy, paradigm and out-of-the-box in there, will you)? Definitely.

Re:Oooh, phear the phishing (1)

wren337 (182018) | more than 3 years ago | (#36512064)

But once someone DOES register .bank, will I be able to buy chase.bank from godaddy?
It's not the people registering the new TLD you have to worry about, so much as the people that they sell domain names to in the new TLD. Scammers don't need to own a whole TLD, they just need a close-enough domain in some new TLD.

Re:Oooh, phear the phishing (1)

archen (447353) | more than 3 years ago | (#36512130)

My impression was that they were reserving a lot of generic words so this wouldn't happen, and that only brands could be registered this way.

Re:Oooh, phear the phishing (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#36512176)

Scammers don't need to own a whole TLD, they just need a close-enough domain in some new TLD.

What scammer is going to pay $185,000 and wait several months for a manual screening process to own a fraudulent vanity TLD?

Re:Oooh, phear the phishing (1)

wren337 (182018) | more than 3 years ago | (#36512470)

Scammers don't need to own a whole TLD, they just need a close-enough domain in some new TLD.

What scammer is going to pay $185,000 and wait several months for a manual screening process to own a fraudulent vanity TLD?

Wow, did you even read the comment you included in your reply? I am saying they will NOT buy an entire TLD. Scammers don't own the whole .com TLD - they buy _individual domains_ under existing TLDs.

Once someone registers a new .llc TLD what do you think they are going to do with it? They are going to sell domain names for $10 a year - to anyone with $10. And sooner or later someone with $10 will buy chase.llc and use it in a scam.

Again, buying an individual domain in a new TLD will not cost $185k; it will cost whatever the owner of the new TLD is charging.

Re:Oooh, phear the phishing (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#36513596)

Wow do you even understand how these new TLDs work? Clearly not when you post this nonsense.

Re:Oooh, phear the phishing (1)

Serious Lemur (1236978) | more than 3 years ago | (#36512142)

the barrier for entry is set relatively high here.

I for one will rest easy knowing that only the most enterprising and wealthy cybercriminals will be making a fortune in illicit bullshit from this. That's what a free market's all about, after all.

Re:Oooh, phear the phishing (1)

digitalsushi (137809) | more than 3 years ago | (#36512188)

If the phishers figure out some way of gaining 185000 dollars, they might be able to afford a vanity tld. Maybe they could steal 185000 using deceptive luring techniques.

I bet icann will use part of that 185000 dollars to improve the title of "random dude in eastern europe" to "sir".

Re:Oooh, phear the phishing (1)

gstoddart (321705) | more than 3 years ago | (#36512402)

If the phishers figure out some way of gaining 185000 dollars

Ummm ... from what I've read about how lucrative that can be, the $185K might actually be chump change.

Re:Oooh, phear the phishing (0)

Anonymous Coward | more than 3 years ago | (#36512548)

For the big domainer's out there right now 185k is maybe a weeks revenue? I dont think the barrier to entry is high enough.

Re:Oooh, phear the phishing (1)

Kokkie (2291672) | more than 3 years ago | (#36512986)

And who will do the dns resolving for the new TLDs? Will this be done securely, otherwise it will cost the scammer $0, with little risk for as long as it lasts.

Extortion (2, Insightful)

Anonymous Coward | more than 3 years ago | (#36511820)

"Thats a mighty fine brand ya got there, company. Be a shame if someone came and - bought it as a TLD. For about 200 grand, we can help protect you."

Money, Money, Money (2)

JoeTalbott (2146840) | more than 3 years ago | (#36511834)

It's gonna cost a lot of money to get a vanity top-level domain. In order to prevent domain squatting. But won't this just allow those with deep-pocketbooks to call the shots? How well did .biz do? I don't think that in my vast Internet surfing I've ever intentionally visited a .biz address. I'm sure big businesses will snatch up their brand names out of fear and a misguided sense of getting on the bandwagon as soon as possible.

Re:Money, Money, Money (1)

localman57 (1340533) | more than 3 years ago | (#36512054)

It'll happen over time. .biz and others will be accepted. People used to think of 1-888 as less good than 1-800 phone numbers. But that feeling has just about gone away over the last 20 years.

This proves my assertion that TLDs are dumb (0)

Anonymous Coward | more than 3 years ago | (#36511940)

Now that the 2nd part of the hostname (eg, slashdot here), can be moved to the 1st part (usually .org for slashdot, but they answer to a number of TLDs), now remind me what was the point of the 1st part to begin with?

I guess this will finally get rid of the only publicly accepted TLD out there, .com, and back to AOL keywords :)

So who gets .apple? (2)

billrp (1530055) | more than 3 years ago | (#36511942)

Inc. or Corps Ltd. (computer or music)

Re:So who gets .apple? (1)

webbiedave (1631473) | more than 3 years ago | (#36511986)

The highest bidder. Literally.

Cash grab (5, Insightful)

Tridus (79566) | more than 3 years ago | (#36511944)

This scheme is nothing more then a cash grab. It does nothing useful for domain names. The cost of one of these is sky high ($185,000). There's no need being filled. It's just ICANN trying to get people who already have big websites to pay for another domain for the same site to keep someone else from registering it.

This stuff should not be run on a "how do we extort more money out of DNS" methadology.

Re:Cash grab (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#36512076)

It's just ICANN trying to get people who already have big websites to pay for another domain for the same site to keep someone else from registering it./quote?

Except that someone else won't be able to register one of these TLDs with someone else's trademark. That's the whole point of the manual screening process they are doing before handing out these vanity domains.

Re:Cash grab (0)

Anonymous Coward | more than 3 years ago | (#36512326)

Except that someone else won't be able to register one of these TLDs with someone else's trademark. That's the whole point of the manual screening process they are doing before handing out these vanity domains.

Except that many companies doing different things can all use the same trademark (i.e. Apple Computer vs. Apple Music). All companies (especially big ones with valuable trademarks) will probably register the TLD to prevent some small company that does something completely different from grabbing it.

Re:Cash grab (0)

Anonymous Coward | more than 3 years ago | (#36512462)

Except for the fact that many users/companies have been asking for custom TLDs for years. "Group gives consumers what they want; charges them money". That's not extortion; it's commerce.

Re:Cash grab (1)

PPH (736903) | more than 3 years ago | (#36513028)

ICANN get your money.

Re:Cash grab (2)

demonbug (309515) | more than 3 years ago | (#36514626)

This scheme is nothing more then a cash grab. It does nothing useful for domain names. The cost of one of these is sky high ($185,000). There's no need being filled. It's just ICANN trying to get people who already have big websites to pay for another domain for the same site to keep someone else from registering it.

This stuff should not be run on a "how do we extort more money out of DNS" methadology.

This. I also want to know what they plan on doing with the additional millions of pure profit they will be making from their government imposed monopoly. Aren't they supposed to be non-profit? They're going to have to massively increase salaries to remain so.

Also, whatever happened to the egalitarian, level playing field of the internet? This move pisses me off coming and going. If you want to open up all these new TLDs, fine; do it. Let anyone and everyone register their own TLD for the price of a traditional TLD; there is no technical reason why it should cost 1,000 times as much for one of these. Alternatively, if you need to charge that much for your rigorous screening of applicants, then maybe it isn't such a good idea to offer the service in the first place - obviously they think it presents massive opportunities for fraud.

Either offer it to everybody at a reasonable price, or admit that it is a mistake and can the whole idea. Otherwise this is once again just a massive money grab on the part of ICANN.

Re:Cash grab (0)

Anonymous Coward | more than 3 years ago | (#36515686)

s/then/than

4chan (0)

Anonymous Coward | more than 3 years ago | (#36512022)

Anonymous.4chan

Big deal over nothing (1)

_0xd0ad (1974778) | more than 3 years ago | (#36512086)

Realistically, someone who gets tricked by a fraudulent "mybank.bank" [example given in TFA] is equally likely to be tricked by "mybank.us", or "mybank.com". And we already have made browsers as nearly-idiot-proof as possible so it should display a big scary warning when they try to visit that URL anyway. I don't see this as being that much of a problem.

Re:Big deal over nothing (0)

Anonymous Coward | more than 3 years ago | (#36512278)

It seems to be a cash grab more than anything.

For example you probably will not see .bank. Which would oh I dont know be useful... Instead you will see things like .wellsfargo. It is the new .com. But no .com to put in there.

slash.dot (0)

Anonymous Coward | more than 3 years ago | (#36512126)

Redirects to digg.reddit.

Stop the fearmongering. (1)

LavouraArcaica (2012798) | more than 3 years ago | (#36512148)

It's not the possibilities of phishing that create phishing, but the will and greed of people. Even if phishers can't use a domain name, they'll use just a IP address. And people who believe that 'mybank.ru' is really they bank will equally believe that 'xxx.xxx.xxx.xxx' is their bank.

Come on Slashdot editors! (1)

wcrowe (94389) | more than 3 years ago | (#36512178)

Whoever wrote this either cannot read, or is too lazy to read. It is not going to be easy to get these TLDs. For starters, each TLD will cost $185,000. The applications will also be investigated before the TLDs will be created.

Slashdot used to be a top-notch website, but lately the editors seem to be content to post any old bullshit as a legitimate story. This story should never have been accepted for submission.

Re:Come on Slashdot editors! (1)

fruey (563914) | more than 3 years ago | (#36512374)

Old bullshit as a legitimate story has precedents as old as slashdot. It only seems like it got better because you filter the crap from your retrospective memory.

Re:Come on Slashdot editors! (1)

PPH (736903) | more than 3 years ago | (#36512870)

each TLD will cost $185,000. The applications will also be investigated before the TLDs will be created.

You got $185,000? You just passed our investigation.

Visit my Pokemon porn website (-1)

Anonymous Coward | more than 3 years ago | (#36512240)

http://pokemonpornpictures.com/ Visit my pokemon porn website

Hopefully there will be some sanity enforced (1)

Bloodwine77 (913355) | more than 3 years ago | (#36512244)

If ICANN allows people to obtain TLDs such as .comm, .ccom, .nett, .orrg, and so forth then we're in for a lot more scams and phishing attempts.

I wonder how well the vanity domains will work in the wild, though. They only work as well as software supports them. In theory it shouldn't be too much of a problem, but in reality I would not be surprised if a lot of software chokes on them.

bleh... the good ones are... (1)

elPetak (2016752) | more than 3 years ago | (#36512248)

.pr0n .porn .sex

intranet or localhost? (1)

PanIc RidE (16388) | more than 3 years ago | (#36512272)

How long will it take for someone to grease the right hands and get a hold of .intranet or .localhost?

This whole scenario seems to only benefit the pockets of ICANN execs. So why wouldn't they start allowing domains that could seriously break stuff if the price was right?

Re:intranet or localhost? (1)

icebraining (1313345) | more than 3 years ago | (#36513714)

According to the Application Guidebook, LOCALHOST is a reserved name.

Don't Overlook The Spam Potential (0)

damn_registrars (1103043) | more than 3 years ago | (#36512432)

The mechanism they just approved for selling gTLDs also has a built-in mechanism that basically excludes spammers from any responsibility, ever, if they are associated with a new gTLD in any way, shape, or form.

For example, say your favorite spammer registers ".pillz". Of course, you'll blacklist that in your email program but that doesn't matter because they'll spoof the email headers so it looks like it came from your own domain, or google, or anywhere else they want. You can try to filter your email for spamvertised addresses in the ".pillz" gTLD but that doesn't matter because of course the email will instead link to a .com with a redirect, or a tinyurl or whatever else they like to obfuscate the spamvertised domain.

So how does the gTLD help them? Well, once you buy a gTLD, you become your own registration body. You can sell and register as many domains under your gTLD as you want, and you don't have to share the registration data with anyone, just the status and the IP that it resolves to (if any). So spammers can register new domains faster than you can find them, and they never have to worry about losing them. They can buy just one .com domain from someone else, and just have it redirect so they have the .com they want and the spam-sponsored gTLD-derived domain they need.

In short, we previously had almost nothing in terms of mechanisms for shutting down spamming and spamvertised domains. ICANN just sold those mechanisms and now we have nothing.

Urgent, Password Reset Needed! (0)

Anonymous Coward | more than 3 years ago | (#36512472)

Warning your Facebook password has been compromised!

Please click the link below to reset it:

http://www.face.book/passwords/?1s97489vc9e7e89vc7v89

Necessary? (1)

black soap (2201626) | more than 3 years ago | (#36512540)

What was wrong with each of these superbrands being a .com? Besides the "we already hit diminishing returns on major corporations trying to lock in all the domains they might want" problem ICANN had? Maybe this is so companies can be their own registrar, once they have a .tld, so newflavor.coke can be held until newflavor's announcement date, without people seeing that it has been registered (or speculators buying them up before coke even decides on the newflavor's name?) - this is a marginal problem at most. I guess having your own domain and creating subdomains as you see fit wasn't good enough for these companies. people might confuse newflavor.coke.com and (unaffiliated speculator site) newflavor.com. I see this as one more step toward corporatizing the internet - you'll need the backing of some major company for your content to be visible.

Idea? (0)

Anonymous Coward | more than 3 years ago | (#36512598)

3 of a kind for 100% security: bankofamerica.bankofamerica.bankofamerica is guaranteed to be the real site. Anything less than 3 of the same domain names is insecure. For login pages I mean.

Maybe the stupidest idea ever, but it can't be, they decided to approve custom TLDs which is the stupidest idea ever. I see no benefit to anyone but the people getting the money.

anyone gotten .sucks yet? (1)

Sprouticus (1503545) | more than 3 years ago | (#36512602)

becausr THAT will be a money maker.

Re:anyone gotten .sucks yet? (2)

oodaloop (1229816) | more than 3 years ago | (#36512748)

becausr THAT will be a money maker.

Why don't you apply for it? I'm sure you can make a legitimate claim for it.

Re:anyone gotten .sucks yet? (1)

PPH (736903) | more than 3 years ago | (#36514642)

It may cost you $185,000. But how much will people pay you to keep apple.sucks, microsoft.sucks, cowboyneal.sucks, etc. off your domain?

This is only one new top level domain (1)

cforciea (1926392) | more than 3 years ago | (#36513042)

From the end user perspective, this has the same net effect as opening up exactly one more top level domain: the blank TLD. It just happens to be a way more expensive TLD than any of the other ones, and has a higher chance of coercing companies into registering it. It does not add any new functionality that I can think of (NPR interviewed some asshat this morning talking about how Canon would hypothetically be able to open .canon domains and have cameras automatically upload pictures as they are taken, as if they couldn't already do that with subdomains and existing technology).

Really what aggravates me on a personal level is the support calls I am going to start getting. I work at a small ISP, and while I am largely higher tier support, I still sometimes end up being the first point of contact for customers calling in when tier 1 support gets overloaded. I just shudder at the thought of trying to explain to one of my 85 year old customers, who just finally figured out what a URL looks like that no, "msn" is actually a real address now. The normal TLDs are useful for triggering pattern recognition. In that sense this is actually making the internet harder for anybody who is not technologically savvy to learn.

Not to mention, I just can't wait to see what all of the tools on the internet that automatically convert URLs into hyperlinks do.

$185K? Psh... (2)

pongo000 (97357) | more than 3 years ago | (#36513156)

...OpenNIC [opennicproject.org] charges $0 for TLD applications, and since it's a transparent democratic approval process, you get to actively participate in the approval process. We need to show ICANN there are alternatives to their extortion attempts.

For the naysayers... (1)

Lumpy (12016) | more than 3 years ago | (#36513336)

Organized crime group forms a corperation called.... Continental Options Network.... and buys the .con TLD.

Now the price is nothing to organized crime, if the payout potential is big.

Hire some killer IT and networking black-hats. Give them $350,000US a year to live in china, south america, Russia, etc.. so they can life like rockstars and do epic coding for their data centers.

First sit low and record the number of typos for sites to .con instead of .com you can data mine where it comes from and target certian areas. set up the fake sites to load their bomb that only shows up ONCE and then innocently redirects to the real site.

and so on... heck even MITM attacks could be done.

This kind of cash is peanuts to organized crime. and if they hired good enough black hats and paid them well they could easily outwit the securoty companies long enough to make a giant pile of cash.... rinse, change up a little, repeat....

Cybercriminials (1)

Pf0tzenpfritz (1402005) | more than 3 years ago | (#36513836)

cybercriminals could also seek these new domains [...] These can then be used for phishing attacks

Terrorists could also seek these new domains These can then be used for terrorist attacks. Chinese hackers could also seek these new domains These can then be used for chinese hacking attacks. Software pirates could also seek these new domains These can then be used for software pirating attacks. Malicious attackers could also seek these new domains These can then be used for malicious attacking attacks,..

Just post the general case already (1)

Sloppy (14984) | more than 3 years ago | (#36514364)

The more power people have, the more they'll use it and sometimes they'll use it for bad things.

The more expression people have, the more they'll express and sometimes they'll say fraudulent things.

There. Can we now stop treating it as big news every damn time it happens with every damn trivial variation, have the debates one last time, and then agree that we need to kill humanity in order to save it?

'create your own' TLDs? (1)

lostmongoose (1094523) | more than 3 years ago | (#36515412)

I propose '.hascheezburger' reserved for ICANN.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?