Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN Domain Expansion Could Increase Phishing

Posted by CmdrTaco on from the salmon-is-yummy dept.

Orome1 writes "The ICANN board gave final approval to what some are calling 'the most dramatic change to the Internet in four decades,' allowing the expansion of new TLDs. Some argue this ICANN initiative could force a land grab of domains by businesses to protect their company reputation. However, they aren't the only ones who are likely to try to snag these new top level domains. There's a very legitimate concern that cybercriminals could also seek these new domains to create legitimate looking websites using well-known brand names. These can then be used for phishing attacks or delivery of Trojan malware to unsuspecting visitors."

18 of 142 comments (clear)

  1. As stated in the original story: by Luniz · · Score: 5, Informative

    "It will cost $185,000 to apply, and individuals or organizations will have to show a legitimate claim to the name they are buying." I do not think that Peggy will be able to set up .discovercard :p

    1. Re:As stated in the original story: by Konsalik · · Score: 2

      Agree, also it will cost $25,000 per annum on top of that. I think people jumping on the "this is bad" idea before reading all the facts. Go read this. Spending $200,000 and waiting 9-20 months just to get it taken down a week later isn't worth it, even for high rolling criminals.

    2. Re:As stated in the original story: by Xest · · Score: 5, Interesting

      Out of interest, does anyone know at $185k a pop what exactly ICANN will be doing with it's new found millions?

    3. Re:As stated in the original story: by Inda · · Score: 4, Insightful

      Coke and hookers, my friend. Coke and hookers.

      --
      This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
    4. Re:As stated in the original story: by HuckleCom · · Score: 2

      Does everyone seriously think the cost will remain the same?
      What happens when a company/brand goes belly up and the TLD is auctioned off?
      Most of us don't trust ICANN as far as we can throw, this move is just point in case, the restrictions will loosen .

    5. Re:As stated in the original story: by Rary · · Score: 3, Insightful

      The article may be FUD, but the whole idea is pointless. What value would a new TLD add to the Internet anyway? For that matter, what value do the existing TLDs add to the Internet? If they were actually used properly, and therefore had any meaning, then they would add value. But they aren't used properly, and hence have absolutely no meaning. They should be abolished completely. Why do I need to type "slashdot.org" (or "slashdot.com", or "slashdot.net", which all take me to the same place). Why not just type "slashdot"? What value does having ".org" (and ".com" and ".net") introduce, other than generating more revenue for the domain registrar?

      This was introduced for one reason: to put $185,000 per TLD into ICANN's pocket, and generate additional revenue for domain registrars.

      --

      "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

    6. Re:As stated in the original story: by kvezach · · Score: 2

      And blackjack.

  2. Trademarked Domains by Marc+Madness · · Score: 2

    Seems to me that the threat of phishing can be mitigated my requiring the entity registering the domain name to show proof that the name in the *.brand is in fact a registered trademark. Of course, I could just be taking an over simplified look at the problem.

  3. Oooh, phear the phishing by s.d. · · Score: 4, Interesting

    Yes, any change to how the internet works could increase phishing. But at $185,000 per application for a new TLD, as well as having each application reviewed by a human or committee, this isn't going to be like automating the registration of .com addresses so that in an afternoon, you can register every misspelling of bankofamerica. By no means do I have blind faith in them, but I feel like ICANN will be pretty sure to not allow some random dude in eastern Europe to register .bank.

    Yes, yes, everything can increase the risk of cancer in lab rats, and everything increases the risk of phishing, but the barrier for entry is set relatively high here.

  4. Extortion by Anonymous Coward · · Score: 2, Insightful

    "Thats a mighty fine brand ya got there, company. Be a shame if someone came and - bought it as a TLD. For about 200 grand, we can help protect you."

  5. Money, Money, Money by JoeTalbott · · Score: 2

    It's gonna cost a lot of money to get a vanity top-level domain. In order to prevent domain squatting. But won't this just allow those with deep-pocketbooks to call the shots? How well did .biz do? I don't think that in my vast Internet surfing I've ever intentionally visited a .biz address. I'm sure big businesses will snatch up their brand names out of fear and a misguided sense of getting on the bandwagon as soon as possible.

  6. Re:First TLD to go? by Anonymous Coward · · Score: 5, Funny

    Obviously phishing sites should be using the .con TLD: citibank.con, barclays.con etc. Truth in advertising and cunning typo-squatting at the same time!

  7. So who gets .apple? by billrp · · Score: 2

    Inc. or Corps Ltd. (computer or music)

  8. Cash grab by Tridus · · Score: 5, Insightful

    This scheme is nothing more then a cash grab. It does nothing useful for domain names. The cost of one of these is sky high ($185,000). There's no need being filled. It's just ICANN trying to get people who already have big websites to pay for another domain for the same site to keep someone else from registering it.

    This stuff should not be run on a "how do we extort more money out of DNS" methadology.

    --
    -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    1. Re:Cash grab by demonbug · · Score: 2

      This scheme is nothing more then a cash grab. It does nothing useful for domain names. The cost of one of these is sky high ($185,000). There's no need being filled. It's just ICANN trying to get people who already have big websites to pay for another domain for the same site to keep someone else from registering it.

      This stuff should not be run on a "how do we extort more money out of DNS" methadology.

      This. I also want to know what they plan on doing with the additional millions of pure profit they will be making from their government imposed monopoly. Aren't they supposed to be non-profit? They're going to have to massively increase salaries to remain so.

      Also, whatever happened to the egalitarian, level playing field of the internet? This move pisses me off coming and going. If you want to open up all these new TLDs, fine; do it. Let anyone and everyone register their own TLD for the price of a traditional TLD; there is no technical reason why it should cost 1,000 times as much for one of these. Alternatively, if you need to charge that much for your rigorous screening of applicants, then maybe it isn't such a good idea to offer the service in the first place - obviously they think it presents massive opportunities for fraud.

      Either offer it to everybody at a reasonable price, or admit that it is a mistake and can the whole idea. Otherwise this is once again just a massive money grab on the part of ICANN.

  9. Re:First TLD to go? by joebok · · Score: 2

    I've already got a lock on .TrustMe

  10. Re:anyone gotten .sucks yet? by oodaloop · · Score: 2

    becausr THAT will be a money maker.

    Why don't you apply for it? I'm sure you can make a legitimate claim for it.

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  11. $185K? Psh... by pongo000 · · Score: 2

    ...OpenNIC charges $0 for TLD applications, and since it's a transparent democratic approval process, you get to actively participate in the approval process. We need to show ICANN there are alternatives to their extortion attempts.