domains

Nombray is a new site that lets you buy vanity domains for your name. The service is aimed at people with very little experience setting up a Web site, letting them "squat" the page while funneling any traffic to third-party services they're already using.

On Nombray's home page, you simply type in your first and last name, and the site will search to see which coordinating domains have been taken and which are still available. From there, you're able to claim available domains for $20 a pop, which gets you a free year of hosting … Read more

The era of online domination by the Roman alphabet will come one step closer to its end next year when a new top-level domain for China, .中国, is deployed. Xinhua reports that ICANN expects the domain, which uses the two-character modern Chinese word for "China," will be ready in 2009.

The report also notes that people will be able to use Chinese characters for their mailbox name (the part before the @ sign) as well.

In the future, Internet users (will be able to) use their native languages as mailbox names to send and receive e-mail, which means (the) English-dominant (… Read more

Botnets are proving to more resilient and harder to shut down.

That's largely due to an increased use of methods people use to obscure the domain by constantly mapping to different bots within the network, according to a recently released study (PDF).

The study's authors, Jose Nazario of Arbor Networks and Thorsten Holz of the University of Mannheim, tracked the traffic of 900 fast-flux domain names used by botnets within the first six months of 2008. "Fast-flux" is a term to describe how the botnets use constant changes in the mapping of the hard-coded domain name … Read more

GoDaddy, the world's leading domain name registrar, is inaccessible in China, writes Moonlight Blog. Possible reasons? Efforts to prevent people from registering Olympic winners' names, or the hope that Chinese users will register domains in China.

If the goal is to make it less convenient (though by no means impossible) for Chinese to register non-Chinese domain names, this may represent an effort to keep Chinese-published material under home control.

Moonlinght tells us more about the Olympic angle:

The current blocking may be related to the Beijing 2008 Olympic Games. China's sport authority has banned the issuing of Internet … Read more

Thirteen days after Dan Kaminsky asked his fellow security researchers not to speculate on the details of his DNS flaw, a fellow Black Hat researcher published his own speculation, and apparently got it right.

On July 8, IOActive researcher Kaminsky disclosed a flaw in the Domain Name System (DNS), but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured it would take about 30 days for that to happen. The 30-day mark also just happened to coincide with his speaking engagement at Black Hat in Las … Read more

In the middle of a flood of news surrounding a serious vulnerability within the fundamental structure of the Domain Name System (DNS) is the story of how researcher Dan Kaminsky chose to handle his discovery and, hopefully, it's mitigation. What Kaminsky did was coordinate several vendors in a multiparty, simultaneous release of a patch--a patch that he feels doesn't lend itself to easy reverse engineering.

For the moment, Kaminsky is not talking details. He's hoping that people will apply the various patches, update their DNS servers and clients, and do so before the bad guys can craft … Read more

A security researcher has responsibly disclosed a fundamental flaw within the Domain Name System (DNS), the addressing scheme behind the common names used on the Internet. Currently, it may be possible to guess these transaction ID values in advance and assert a malicious server as the authoritative DNS server for a popular bank or e-commerce site. The news was announced Tuesday.

Dan Kaminsky, director of penetration testing services for IO Active, found the DNS flaw earlier this year. Rather than sell the vulnerability, as some researchers have done, Kaminsky decided instead to gather the affected parties and discuss it with … Read more

Microsoft today released its July 2008 security bulletin highlighting items all considered important but not critical. They are for Domain Name Service in Windows, Windows Explorer within Windows Vista, Outlook Web Access (OWA), and Microsoft SQL servers. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-037: Important

Entitled "Vulnerabilities in DNS Could Allow Spoofing (953230)," this bulletin is for users of Windows 2000, Windows XP, and Windows Server 2003; not affected are users of Windows Vista (both 32-bit and 64-bit editions) and Windows Server … Read more

On Wednesday, Microsoft announced new security features within the upcoming release of Internet Explorer 8 Beta 2. The features are designed to combat the rising tide of drive-by downloads and malicious scripts contained within carefully crafted links embedded in e-mail and Web pages. Most of the new features require systems to be running Windows Vista SP1 or Windows XP SP3.

Perhaps the most anticipated addition is Internet Explorer's new antimalware protection. Opera 9.5 and Firefox 3 both recently added antimalware protection. Safari has so far not announced plans for similar protection. Using mostly its own antimalware technology, Microsoft … Read more