These domains look a lot like banks' official domains. Krebs on Security today published a story about how a financial cybercrime group is using Punycode domains to trick internet users into thinking they're visiting banks' websites. Punycode is ... Continue Reading3 Comments
Should web browsers show domain name age?
· ServicesAlerting users about newly registered domains could help with web security. The U.S. Patent and Trademark granted patent number 11,240,257 (pdf) to security firm Lookout, Inc. today for Domain name and URL visual verification for increased ... Continue Reading3 Comments
Domaining.com compromised
· ServicesExtent of breach is unknown but the site did not store credit card details. Domaining.com has been compromised. Francois Carrillo, who operates the domain blog aggregator, posted on Twitter today that he has closed login functionality while he ... Continue Reading1 Comment
DNSSEC – DNW Podcast #226
· PodcastsDomain Name System Security Extensions -- what's it all about? You’ve probably heard about some recent hacks involving the domain name system. This week we’ll talk about how DNSSEC could help stem these attacks. Matt Larson, who co-hosts the Ask Mr. ... Continue ReadingLeave a Comment
The secure padlock doesn’t mean a website is safe
· UncategorizedNearly half of phishing sites now use SSL. Google has led a big push in recent years to get all websites to use Secure Sockets Layer (SSL). You know a site uses it when it starts with https:// instead of http:// and the browser shows a padlock next to ... Continue Reading3 Comments
Small business websites get hacked a lot
· ServicesUnsurprisingly, it happens a lot. GoDaddy has released new data on the prevalence of very small businesses being hacked, including having their website hacked. The numbers are staggeringly high, but I suppose it shouldn't be surprising. As someone ... Continue Reading1 Comment
Domain name sinkholes and those funky domain registrations
· UncategorizedSinkholes are why you see companies register a bunch of weird domain names. Palo Alto Networks Inc was granted a patent today related to domain sinkholing, and it's a continuation patent of one that was granted in 2016. It reminded me of times ... Continue Reading2 Comments
Security vs. Privacy with GDPR
· Policy & LawThere's a real security issue with ditching public Whois. Do the benefits outweigh the costs? I've written a lot about GDPR and how the domain registrar/registry ecosystem is responding to it. Privacy advocates are using this as an opportunity to push ... Continue Reading3 Comments
Google adds more of its top level domains to HSTS preload list
· ServicesSecond level domains under .dev, .foo and more that have SSL will automatically get benefits of HSTS preload list. Google is adding more of the top level domain names it operates, including some that allow second level domain registrations by the ... Continue Reading1 Comment
SSL comes to landing page tools, but at a price
· ServicesServices that make it easy to create landing pages across multiple domains need to implement SSL. Next month is the deadline for most sites to move to https with an SSL certificate. At that point, Google's Chrome browser will give a "not secure" ... Continue Reading3 Comments