Report shows growth in DMARC, but slow adoption of other security measures. Corporate domain name registrar CSC has published its 2026 Domain Security Report, which evaluates the domain security hygiene of Global 2000 companies. The registrar ... Continue ReadingLeave a Comment
Squarespace explains what happened with crypto site hijackings
· Domain RegistrarsCompany said weakness in OAuth caused domain hijackings. Squarespace (NYSE: SQSP) has posted a postmortem on a security incident that impacted mostly crypto/web3 company sites earlier this month. Several web3 companies reported that their domain ... Continue ReadingLeave a Comment
Punycode continues to be the bad guys’ best friend
· Policy & LawThese domains look a lot like banks' official domains. Krebs on Security today published a story about how a financial cybercrime group is using Punycode domains to trick internet users into thinking they're visiting banks' websites. Punycode is ... Continue Reading3 Comments
Should web browsers show domain name age?
· ServicesAlerting users about newly registered domains could help with web security. The U.S. Patent and Trademark granted patent number 11,240,257 (pdf) to security firm Lookout, Inc. today for Domain name and URL visual verification for increased ... Continue Reading3 Comments
Domaining.com compromised
· ServicesExtent of breach is unknown but the site did not store credit card details. Domaining.com has been compromised. Francois Carrillo, who operates the domain blog aggregator, posted on Twitter today that he has closed login functionality while he ... Continue Reading1 Comment
DNSSEC – DNW Podcast #226
· PodcastsDomain Name System Security Extensions -- what's it all about? You’ve probably heard about some recent hacks involving the domain name system. This week we’ll talk about how DNSSEC could help stem these attacks. Matt Larson, who co-hosts the Ask Mr. ... Continue ReadingLeave a Comment
The secure padlock doesn’t mean a website is safe
· UncategorizedNearly half of phishing sites now use SSL. Google has led a big push in recent years to get all websites to use Secure Sockets Layer (SSL). You know a site uses it when it starts with https:// instead of http:// and the browser shows a padlock next to ... Continue Reading3 Comments
Small business websites get hacked a lot
· ServicesUnsurprisingly, it happens a lot. GoDaddy has released new data on the prevalence of very small businesses being hacked, including having their website hacked. The numbers are staggeringly high, but I suppose it shouldn't be surprising. As someone ... Continue Reading1 Comment
Domain name sinkholes and those funky domain registrations
· UncategorizedSinkholes are why you see companies register a bunch of weird domain names. Palo Alto Networks Inc was granted a patent today related to domain sinkholing, and it's a continuation patent of one that was granted in 2016. It reminded me of times ... Continue Reading2 Comments
Security vs. Privacy with GDPR
· Policy & LawThere's a real security issue with ditching public Whois. Do the benefits outweigh the costs? I've written a lot about GDPR and how the domain registrar/registry ecosystem is responding to it. Privacy advocates are using this as an opportunity to push ... Continue Reading3 Comments
