ICANN Domain Expansion Could Increase Phishing

Orome1 writes "The ICANN board gave final approval to what some are calling 'the most dramatic change to the Internet in four decades,' allowing the expansion of new TLDs. Some argue this ICANN initiative could force a land grab of domains by businesses to protect their company reputation. However, they aren't the only ones who are likely to try to snag these new top level domains. There's a very legitimate concern that cybercriminals could also seek these new domains to create legitimate looking websites using well-known brand names. These can then be used for phishing attacks or delivery of Trojan malware to unsuspecting visitors."

First TLD to go?

[Flyerman]

.bank .banking .finance .lending .mortgage .ach

Re:First TLD to go?

[archer,+the]

Nope. Trojans on .trojan!

Re:First TLD to go?

[kpoole55]

it would be more like .rbc, .td, .scotia, .cibc, that sort of thing in Canada and maybe .citibank, .usbank, or some such in the US.

Re:First TLD to go?

[sarysa]

Close, but my predictions for frontrunners (on the same line of thought): .viagra .cialis ...

Re:First TLD to go?

Obviously phishing sites should be using the .con TLD: citibank.con, barclays.con etc. Truth in advertising and cunning typo-squatting at the same time!

Re:First TLD to go?

[robot256]

I'm sure somebody would appreciate a TLD for condoms...

Re:First TLD to go?

[jperl]

I would guess .shop

Re:First TLD to go?

[archer,+the]

Unfortunately, I actually meant computer trojans, not the prophylactic.

Re:First TLD to go?

[houstonbofh]

Better would be .c0m as with caps (which are disregarded ) it is almost unnoticeable. .C0M

Re:First TLD to go?

[flimflammer]

It was said earlier that each gTLD to be sold will be manually handled and the registrant needs to prove that they have legitimate claim to the name, not to mention there is like a $200k price tag. So I have my doubts that many phishing sites will be getting them.

Re:First TLD to go?

[joebok]

I've already got a lock on .TrustMe

Re:First TLD to go?

[digitig]

And the first turf wars will probably be over .cola

Re:First TLD to go?

[mjwalshe]

actually it is nearly $200k to apply not counting the cost of the application and the cost to run a robust infrastructure - from experience with .coop they will mandate multiple redundant servers in 4 continents probably.

Re:First TLD to go?

[makubesu]

Personally I think the real citibank should get the .con tld.

Re:First TLD to go?

[maxwell+demon]

To piss off AVM, get "box" :-)

Explanation: Every FritzBox can be accessed locally using the domain name "fritz.box" - which of course implies that this would clash with a public TLD named "box". And since AVM almost certainly doesn't have a trade mark on "box", they couldn't even sue you for it (them might be willing to buy it, though).

Re:First TLD to go?

[Flyerman]

that's a bit like someone buying local, which i hope is protected, good god.

As stated in the original story:

[Luniz]

"It will cost $185,000 to apply, and individuals or organizations will have to show a legitimate claim to the name they are buying." I do not think that Peggy will be able to set up .discovercard :p

Re:As stated in the original story:

I agree: this article is the epitome of FUD. Fear and uncertainty in title: "could increase phishing [emphasis mine]." Doubt from a lack of information from the proponents of the change. TFA was written with a very one-sided point of view, giving no indication that anyone had any thoughts about the potential problems. Does the article writer really think that the 13-1 vote was made by people who hadn't thought about all the potential problems and solutions to said problems?

Re:As stated in the original story:

[localman57]

Why?

Re:As stated in the original story:

[Konsalik]

Agree, also it will cost $25,000 per annum on top of that. I think people jumping on the "this is bad" idea before reading all the facts. Go read this. Spending $200,000 and waiting 9-20 months just to get it taken down a week later isn't worth it, even for high rolling criminals.

Re:As stated in the original story:

[Xest]

Out of interest, does anyone know at $185k a pop what exactly ICANN will be doing with it's new found millions?

Re:As stated in the original story:

[Inda]

Coke and hookers, my friend. Coke and hookers.

Re:As stated in the original story:

[HuckleCom]

Does everyone seriously think the cost will remain the same?
What happens when a company/brand goes belly up and the TLD is auctioned off?
Most of us don't trust ICANN as far as we can throw, this move is just point in case, the restrictions will loosen .

Re:As stated in the original story:

[N0Man74]

Indeed, I came here to say the same thing. First of all, it has an absurdly high cost of $185,000. That is a price that is going to discourage even many large legitimate corporations, let alone cybercriminals that could be just throwing the money away once their TLD becomes blacklisted.

Secondly, this application *does* have a vetting process to ensure that you have the right to the domain name you are requesting.

Complete FUD.

Re:As stated in the original story:

[UnknowingFool]

Hookers and blow?

Re:As stated in the original story:

[TrueSatan]

$185,000 is the initial charge they quoted but also with an ongoing predicted charge of a further $100,000 p.a. which, if anything, will increase over time.

Re:As stated in the original story:

[Lumpy]

Putting the final parts in place at the base on skull island for the earth core bomb?

What? Its easy to assume that ICANN is evil, just look at their past.

Re:As stated in the original story:

[Rary]

The article may be FUD, but the whole idea is pointless. What value would a new TLD add to the Internet anyway? For that matter, what value do the existing TLDs add to the Internet? If they were actually used properly, and therefore had any meaning, then they would add value. But they aren't used properly, and hence have absolutely no meaning. They should be abolished completely. Why do I need to type "slashdot.org" (or "slashdot.com", or "slashdot.net", which all take me to the same place). Why not just type "slashdot"? What value does having ".org" (and ".com" and ".net") introduce, other than generating more revenue for the domain registrar?

This was introduced for one reason: to put $185,000 per TLD into ICANN's pocket, and generate additional revenue for domain registrars.

Re:As stated in the original story:

[Qzukk]

The money isn't in using the TLD yourself, the money is in buying the TLD then reselling it to spammers and phishers.

That's what I'd do if I registered .c0m, anyway. Why dirty my own hands if someone else is willing to pay me to let them dirty theirs?

Re:As stated in the original story:

[kvezach]

And blackjack.

Re:As stated in the original story:

[jfengel]

The original TLDs are a quaint historical artifact, from a gentler time on teh intarwebz. It established a few spheres of control, but it wasn't particularly well thought out, but they weren't expecting the kind of land rush in domain names. This was back when they thought that 4 billion IP addresses was an absurdly large number, orders of magnitude more than would ever be needed.

It got famous all at once, and it quickly became apparent that it was mostly absurd. "dot-com" became synonymous with the web, a meaningless semantic particle in 99% of cases.

Still, it's there in every URL, and you can't live without it. I don't blame large companies for trying to do away with it, at least for themselves. I'm glad they've put a high price on it. It at least keeps out the riff-raff.

That's actually no small thing. The great thing about a .edu address is that there's a gatekeeper. .cocacola is going to be a small fee out of Coke's budget, and it can't possibly be an attack site or spammer. (Well, unless they've been careless with their servers, but that's not a problem you can solve with DNS.)

Re:As stated in the original story:

[tlhIngan]

Exactly. Think of all the misspellings you could buy - .comm, .coom, .cm, etc.

Not to mention if your bank buys .bankofamerica it's just as likely some phisher may buy a regular domain as well - .bankofamerica looks the same to most people as .bankofamerica.pl or other thing soon enough.

Or hell... buy .html and .htm. Then you can have www.bankofamerica.com.index.html and people won't notice the '/' was replaced with '.'.

There's a lot of potential in this, really.

Re:As stated in the original story:

[bigredradio]

Out of interest, does anyone know at $185k a pop what exactly ICANN will be doing with it's new found millions?

Out of interest, does anyone know at $185k a pop what exactly ICANN will be doing with it's new found billions?
Fixed that for you.

Re:As stated in the original story:

[Relayman]

For a scammer, $185k is pocket change. I can justify spending that on any number of TLDs. At $35 per year per name, you only need to sell 5,300 domain names to recoup your investment. At an ongoing cost of $25,000, you would have money in the bank.

Re:As stated in the original story:

[kmoser]

By that logic, the owner of couchsurfing.org has a legit claim to the ".localhost" TLD.

Re:As stated in the original story:

[shpoffo]

The real question is whether the Slashdot crew will finally have the dot.dot domain?

Why so silent? ;>

Trademarked Domains

[Marc+Madness]

Seems to me that the threat of phishing can be mitigated my requiring the entity registering the domain name to show proof that the name in the *.brand is in fact a registered trademark. Of course, I could just be taking an over simplified look at the problem.

Re:Trademarked Domains

[Marc+Madness]

I should also add, that they have to also prove that they own said trademark (just in case that wasn't clear). My bad for omitting that detail.

Re:Trademarked Domains

[gstoddart]

Seems to me that the threat of phishing can be mitigated my requiring the entity registering the domain name to show proof that the name in the *.brand is in fact a registered trademark.

I plan on mitigating this by treating every single one of these new TLDs as if they're likely be to scams, and not visiting them. No more than I will click on a link ending in .ly -- I have no idea of what it is, and I have no trust in the domain.

I have no interest in vetting a crapload of new domain extensions, and I will likely simply refuse to follow a link into anything which goes outside of the ones I'm familiar with now.

While I'm sure ICANN will be happy to rake in the $185K for each of these, I simply can't see why this actually improves anything on the internet ... it just gives yet another source of confusion for identifying legitimate web sites.

Do we need a .cocacola TLD? And if so, why?

Re:Trademarked Domains

[_0xd0ad]

Exactly - the people who know will treat the new TLD with suspicion, and the people who don't know will frankly just be oblivious anyway unless/until their browser displays a big scary warning instead of the web site they tried to click on.

Re:Trademarked Domains

[bigredradio]

I plan on mitigating this by treating every single one of these new TLDs as if they're likely be to scams

Really?

Right now it costs very little to register a domain name. Names can be altered to attempt to fool people such as mybank.com.cn?id=123451235123451234&asdfasd=sadfasd. But if it takes over 100K to register a name and show proof you have legitimate rights to the name, it would almost seem safer. Especially when it comes to banking applications. For banking, shopping, etc, it would seem the future is not about going to a web page anyway, but using your 'app' to conduct business. This could be hardcoded to use the TLDs the company owns to better provide a secure channel. There is nothing that stops app developers from hardcoding mybank.com, but there could be bandwidth and routing advantages.

Re:Trademarked Domains

[VJ42]

No more than I will click on a link ending in .ly -- I have no idea of what it is, and I have no trust in the domain.

.ly is just the ccTLD for Libya, nothing particularly sinister about it any more than .us, .uk, .au, .ie, .nl, .de, .it, .in, .cn, and so on.

Oooh, phear the phishing

[s.d.]

Yes, any change to how the internet works could increase phishing. But at $185,000 per application for a new TLD, as well as having each application reviewed by a human or committee, this isn't going to be like automating the registration of .com addresses so that in an afternoon, you can register every misspelling of bankofamerica. By no means do I have blind faith in them, but I feel like ICANN will be pretty sure to not allow some random dude in eastern Europe to register .bank.

Yes, yes, everything can increase the risk of cancer in lab rats, and everything increases the risk of phishing, but the barrier for entry is set relatively high here.

Re:Oooh, phear the phishing

[140Mandak262Jamuna]

By no means do I have blind faith in them, but I feel like ICANN will be pretty sure to not allow some random dude in eastern Europe to register .bank.

No not a random dude from eastern Europe. But a random analyst from Goldman Sachs consolidating a bunch of random dudes from anywhere in the world to create a portfolio of high risk/high reward venture exploiting the emerging opportunities due to the relaxed regulatory environment in the highspeed data networks, (note to secratary: Bradley, sprinkle some synergy, paradigm and out-of-the-box in there, will you)? Definitely.

Re:Oooh, phear the phishing

[wren337]

But once someone DOES register .bank, will I be able to buy chase.bank from godaddy?
It's not the people registering the new TLD you have to worry about, so much as the people that they sell domain names to in the new TLD. Scammers don't need to own a whole TLD, they just need a close-enough domain in some new TLD.

Re:Oooh, phear the phishing

[archen]

My impression was that they were reserving a lot of generic words so this wouldn't happen, and that only brands could be registered this way.

Re:Oooh, phear the phishing

[Serious+Lemur]

the barrier for entry is set relatively high here.

I for one will rest easy knowing that only the most enterprising and wealthy cybercriminals will be making a fortune in illicit bullshit from this. That's what a free market's all about, after all.

Re:Oooh, phear the phishing

[Lunix+Nutcase]

Scammers don't need to own a whole TLD, they just need a close-enough domain in some new TLD.

What scammer is going to pay $185,000 and wait several months for a manual screening process to own a fraudulent vanity TLD?

Re:Oooh, phear the phishing

[digitalsushi]

If the phishers figure out some way of gaining 185000 dollars, they might be able to afford a vanity tld. Maybe they could steal 185000 using deceptive luring techniques.

I bet icann will use part of that 185000 dollars to improve the title of "random dude in eastern europe" to "sir".

Re:Oooh, phear the phishing

[gstoddart]

If the phishers figure out some way of gaining 185000 dollars

Ummm ... from what I've read about how lucrative that can be, the $185K might actually be chump change.

Re:Oooh, phear the phishing

[wren337]

Scammers don't need to own a whole TLD, they just need a close-enough domain in some new TLD.

What scammer is going to pay $185,000 and wait several months for a manual screening process to own a fraudulent vanity TLD?

Wow, did you even read the comment you included in your reply? I am saying they will NOT buy an entire TLD. Scammers don't own the whole .com TLD - they buy _individual domains_ under existing TLDs.

Once someone registers a new .llc TLD what do you think they are going to do with it? They are going to sell domain names for $10 a year - to anyone with $10. And sooner or later someone with $10 will buy chase.llc and use it in a scam.

Again, buying an individual domain in a new TLD will not cost $185k; it will cost whatever the owner of the new TLD is charging.

Re:Oooh, phear the phishing

[Kokkie]

And who will do the dns resolving for the new TLDs? Will this be done securely, otherwise it will cost the scammer $0, with little risk for as long as it lasts.

Re:Oooh, phear the phishing

[Lunix+Nutcase]

Wow do you even understand how these new TLDs work? Clearly not when you post this nonsense.

Re:Oooh, phear the phishing

[wren337]

FTFA - "GTLDs such as .nyc, .london or .food could provide opportunities for many smaller businesses to grab names no longer available at the .com level -- like bicycles.london or indian.food.

What part of this is confusing you?

Re:Oooh, phear the phishing

[Adam_ST170]

What part of this is confusing you?

The next paragraph FTFA:

The new domains will also change how ICANN works, as it will have a role in policing how gTLDs are operated, bought and sold. Until now, it has overseen names and performed some other tasks but has been little involved in the Internet's thornier issues.

So to take your example, '.llc', the owner of .llc will probably reserve and offer chase.llc to Chase. (and probably for more than $10)

Re:Oooh, phear the phishing

[wren337]

Probably? They will PROBABLY offer chase.llc to Chase? That's your whole argument, that the new owners of each and every new TLD will probably do the right thing, so we have nothing to worry about?

You realize we're going to have full character sets available, so you'll have a dozen different characters that look like the letter "a"? There will be hundreds of domain names that look like "chase" in each TLD.

And you've seen how the registrars behave right now with the existing domains? And you're still optimistic?

Extortion

"Thats a mighty fine brand ya got there, company. Be a shame if someone came and - bought it as a TLD. For about 200 grand, we can help protect you."

Money, Money, Money

[JoeTalbott]

It's gonna cost a lot of money to get a vanity top-level domain. In order to prevent domain squatting. But won't this just allow those with deep-pocketbooks to call the shots? How well did .biz do? I don't think that in my vast Internet surfing I've ever intentionally visited a .biz address. I'm sure big businesses will snatch up their brand names out of fear and a misguided sense of getting on the bandwagon as soon as possible.

Re:Money, Money, Money

[localman57]

It'll happen over time. .biz and others will be accepted. People used to think of 1-888 as less good than 1-800 phone numbers. But that feeling has just about gone away over the last 20 years.

So who gets .apple?

[billrp]

Inc. or Corps Ltd. (computer or music)

Re:So who gets .apple?

[webbiedave]

The highest bidder. Literally.

Re:So who gets .apple?

[andydread]

Apple Growers Association.

Cash grab

[Tridus]

This scheme is nothing more then a cash grab. It does nothing useful for domain names. The cost of one of these is sky high ($185,000). There's no need being filled. It's just ICANN trying to get people who already have big websites to pay for another domain for the same site to keep someone else from registering it.

This stuff should not be run on a "how do we extort more money out of DNS" methadology.

Re:Cash grab

[Lunix+Nutcase]

It's just ICANN trying to get people who already have big websites to pay for another domain for the same site to keep someone else from registering it./quote?

Except that someone else won't be able to register one of these TLDs with someone else's trademark. That's the whole point of the manual screening process they are doing before handing out these vanity domains.

Re:Cash grab

[PPH]

ICANN get your money.

Re:Cash grab

[demonbug]

This scheme is nothing more then a cash grab. It does nothing useful for domain names. The cost of one of these is sky high ($185,000). There's no need being filled. It's just ICANN trying to get people who already have big websites to pay for another domain for the same site to keep someone else from registering it.

This stuff should not be run on a "how do we extort more money out of DNS" methadology.

This. I also want to know what they plan on doing with the additional millions of pure profit they will be making from their government imposed monopoly. Aren't they supposed to be non-profit? They're going to have to massively increase salaries to remain so.

Also, whatever happened to the egalitarian, level playing field of the internet? This move pisses me off coming and going. If you want to open up all these new TLDs, fine; do it. Let anyone and everyone register their own TLD for the price of a traditional TLD; there is no technical reason why it should cost 1,000 times as much for one of these. Alternatively, if you need to charge that much for your rigorous screening of applicants, then maybe it isn't such a good idea to offer the service in the first place - obviously they think it presents massive opportunities for fraud.

Either offer it to everybody at a reasonable price, or admit that it is a mistake and can the whole idea. Otherwise this is once again just a massive money grab on the part of ICANN.

Big deal over nothing

[_0xd0ad]

Realistically, someone who gets tricked by a fraudulent "mybank.bank" [example given in TFA] is equally likely to be tricked by "mybank.us", or "mybank.com". And we already have made browsers as nearly-idiot-proof as possible so it should display a big scary warning when they try to visit that URL anyway. I don't see this as being that much of a problem.

.here TLD

[TheLink]

More than 10 years ago I proposed that a TLD be officially reserved for _standard_ local private use. Basically something similar to RFC1918 but for TLDs.

I proposed it to the ICANN (emailed to icann@icann.org, Esther Dyson and Vint Cerf) and later the IETF: http://tools.ietf.org/html/draft-yeoh-tldhere-01

No luck, and I'm not rich enough to buy it (and give it to the world). Maybe Google can?

Re:.here TLD

[TheLink]

Already exists: use .local

Read my post again, .local is not officially reserved.

There's a difference between using some random IPv4 address range for your private use and using an RFC1918 IP address range.

Stop the fearmongering.

[LavouraArcaica]

It's not the possibilities of phishing that create phishing, but the will and greed of people. Even if phishers can't use a domain name, they'll use just a IP address. And people who believe that 'mybank.ru' is really they bank will equally believe that 'xxx.xxx.xxx.xxx' is their bank.

Come on Slashdot editors!

[wcrowe]

Whoever wrote this either cannot read, or is too lazy to read. It is not going to be easy to get these TLDs. For starters, each TLD will cost $185,000. The applications will also be investigated before the TLDs will be created.

Slashdot used to be a top-notch website, but lately the editors seem to be content to post any old bullshit as a legitimate story. This story should never have been accepted for submission.

Re:Come on Slashdot editors!

[fruey]

Old bullshit as a legitimate story has precedents as old as slashdot. It only seems like it got better because you filter the crap from your retrospective memory.

Re:Come on Slashdot editors!

[PPH]

each TLD will cost $185,000. The applications will also be investigated before the TLDs will be created.

You got $185,000? You just passed our investigation.

Hopefully there will be some sanity enforced

[Bloodwine77]

If ICANN allows people to obtain TLDs such as .comm, .ccom, .nett, .orrg, and so forth then we're in for a lot more scams and phishing attempts.

I wonder how well the vanity domains will work in the wild, though. They only work as well as software supports them. In theory it shouldn't be too much of a problem, but in reality I would not be surprised if a lot of software chokes on them.

Re:Hopefully there will be some sanity enforced

[unrtst]

I foresee a lot of software breaking, but not the obvious website url stuff. http://citibank/ will probably work just fine in all browsers... though if it doesn't exist, the browser will automatically try citibank.com, citibank.net, or default to a search for it these days.

I'm betting the bigger problem will be in all the ad-hoc validation code out there. For example, email validation... it often requires two parts to the domain portion (user@domain.something), so "user@citibank.com" works, "user@mail.citibank" will probably work, but "user@citibank" is probably going to fail with existing most existing software.

The other part will be length checking on the TLD... all TLD's these days are very short, though the DNS protocol allows for longer ones (up to 63 chars). Again, most of the stuff that uses the names will be fine (things that just pass it off to the name service resolver). But it'll require a lot of software updates to lots of odds and ends sites and programs. Those things could be labeled as poorly coded, but they're really just trying to protect users from ignorant mistakes.

IMO, I see no value in this at all, except to ICANN so they can get some extra cash flow. Even worse, this will cost businesses money, cause they'll feel the same need to protect their name here as they do on .com/.net/.org/etc, but instead of an extra $20/yr, it's $185000 + $20000/yr or more.

The only benefit I see on the business side is that maybe, just maybe, all of a companies subsidiaries will now show up under one hierarchy. For example, time warner has a TON of different domains, many location and product specific (ex. twcny.com). So maybe the extra cost will encourage them to make better use of the resource. But it really really really doesn't matter.

The theory that they'll vet these domains to make sure the owner is the right person is horribly misplaced. That should go to the SSL providers, who used to do a decent job of this before competition drove down both the cost and the benefit.

The Phishing angle just seems like a stawman to me. This is just a solution looking for a problem... a problem that isn't there. The idea that business "want" this is (IMO) a misreading of a statistic... it's been talked about for decades, so they're interested in knowing when they'll have to grab up their realestate.

bleh... the good ones are...

[elPetak]

.pr0n .porn .sex

intranet or localhost?

[PanIc+RidE]

How long will it take for someone to grease the right hands and get a hold of .intranet or .localhost?

This whole scenario seems to only benefit the pockets of ICANN execs. So why wouldn't they start allowing domains that could seriously break stuff if the price was right?

Re:intranet or localhost?

[icebraining]

According to the Application Guidebook, LOCALHOST is a reserved name.

Necessary?

[black+soap]

What was wrong with each of these superbrands being a .com? Besides the "we already hit diminishing returns on major corporations trying to lock in all the domains they might want" problem ICANN had? Maybe this is so companies can be their own registrar, once they have a .tld, so newflavor.coke can be held until newflavor's announcement date, without people seeing that it has been registered (or speculators buying them up before coke even decides on the newflavor's name?) - this is a marginal problem at most. I guess having your own domain and creating subdomains as you see fit wasn't good enough for these companies. people might confuse newflavor.coke.com and (unaffiliated speculator site) newflavor.com. I see this as one more step toward corporatizing the internet - you'll need the backing of some major company for your content to be visible.

anyone gotten .sucks yet?

[Sprouticus]

becausr THAT will be a money maker.

Re:anyone gotten .sucks yet?

[oodaloop]

becausr THAT will be a money maker.

Why don't you apply for it? I'm sure you can make a legitimate claim for it.

Re:anyone gotten .sucks yet?

[PPH]

It may cost you $185,000. But how much will people pay you to keep apple.sucks, microsoft.sucks, cowboyneal.sucks, etc. off your domain?

This is only one new top level domain

[cforciea]

From the end user perspective, this has the same net effect as opening up exactly one more top level domain: the blank TLD. It just happens to be a way more expensive TLD than any of the other ones, and has a higher chance of coercing companies into registering it. It does not add any new functionality that I can think of (NPR interviewed some asshat this morning talking about how Canon would hypothetically be able to open .canon domains and have cameras automatically upload pictures as they are taken, as if they couldn't already do that with subdomains and existing technology).

Really what aggravates me on a personal level is the support calls I am going to start getting. I work at a small ISP, and while I am largely higher tier support, I still sometimes end up being the first point of contact for customers calling in when tier 1 support gets overloaded. I just shudder at the thought of trying to explain to one of my 85 year old customers, who just finally figured out what a URL looks like that no, "msn" is actually a real address now. The normal TLDs are useful for triggering pattern recognition. In that sense this is actually making the internet harder for anybody who is not technologically savvy to learn.

Not to mention, I just can't wait to see what all of the tools on the internet that automatically convert URLs into hyperlinks do.

$185K? Psh...

[pongo000]

...OpenNIC charges $0 for TLD applications, and since it's a transparent democratic approval process, you get to actively participate in the approval process. We need to show ICANN there are alternatives to their extortion attempts.

For the naysayers...

[Lumpy]

Organized crime group forms a corperation called.... Continental Options Network.... and buys the .con TLD.

Now the price is nothing to organized crime, if the payout potential is big.

Hire some killer IT and networking black-hats. Give them $350,000US a year to live in china, south america, Russia, etc.. so they can life like rockstars and do epic coding for their data centers.

First sit low and record the number of typos for sites to .con instead of .com you can data mine where it comes from and target certian areas. set up the fake sites to load their bomb that only shows up ONCE and then innocently redirects to the real site.

and so on... heck even MITM attacks could be done.

This kind of cash is peanuts to organized crime. and if they hired good enough black hats and paid them well they could easily outwit the securoty companies long enough to make a giant pile of cash.... rinse, change up a little, repeat....

Cybercriminials

[Pf0tzenpfritz]

cybercriminals could also seek these new domains [...] These can then be used for phishing attacks

Terrorists could also seek these new domains These can then be used for terrorist attacks. Chinese hackers could also seek these new domains These can then be used for chinese hacking attacks. Software pirates could also seek these new domains These can then be used for software pirating attacks. Malicious attackers could also seek these new domains These can then be used for malicious attacking attacks,..

Just post the general case already

[Sloppy]

The more power people have, the more they'll use it and sometimes they'll use it for bad things.

The more expression people have, the more they'll express and sometimes they'll say fraudulent things.

There. Can we now stop treating it as big news every damn time it happens with every damn trivial variation, have the debates one last time, and then agree that we need to kill humanity in order to save it?

'create your own' TLDs?

[lostmongoose]

I propose '.hascheezburger' reserved for ICANN.

Rock and roller cola wars, I can't take it anymore

[tepples]

Coke and hookers.

Not if PepsiCo gets to .cola first.

.corn

Just toss an "R" into there:

citibank.corn

Troll? I'd love to know why.

[damn_registrars]

I have no idea how that comment is trolling. I pointed out how selling gTLDs creates a new bonanza of opportunity for spammers, and puts a little money into the pockets of the profiteering bastards who run ICANN. Did someone with a strong pro-ICANN slant (I didn't know any such people - outside of ICANN employees - existed) see the comment and moderate it down in retaliation?

It seems like crappy moderation to me. Bad moderator, bad bad bad.

Dear uninformed AC troll

[damn_registrars]

Your google-fu is no good. When you want to search a domain for a string on google, you need "site:" to be followed immediately by that domain. You errantly inserted a space after the colon, which then caused google to do a massive or search between the strings "your-least-favorite-slashdot-name", "site:", and "trolltalk.com".

If you drop that extra space, and rerun the search, you will find that neither my slashdot name, nor that of countertrolling, occur on trolltalk.com.

But thanks for playing!

Are you the same AC troll as before?

[damn_registrars]

I earlier had an encounter with an AC troll, who would ignore reality and likely to try to respond with links to irrelevant AC posts.

Nonetheless, I showed that your google link was wrong. You can go ahead and do the right search, and you'll find I have nothing to do with tomhudson's trolltalk.com. I have nothing else to say in response.

This is going to cause serious tech issues

[funky_vibes]

On our network we have things like:
printserver
ntpserver
fontserver
authserver
intranet
mail
etc.

A very practical way of moving your laptop between home and work, and always automatically seeing all relevant printers. (just set your cups server to printserver:631)

We have always assumed that internet things end in a limited amount of TLDs. With this change that assumption goes out the window.
I'm pretty sure this will lead to an immense amount of DNS filtering at all parties who didn't already implement it.

In protest, I'm going to filter out all TLDs ICANN creates from this day forth, on all networks I control, who's with me?