Slashdot Mirror

← Back to Stories (view on slashdot.org)

Generic TLDs Threaten Name Collisions and Information Leakage

Posted by Unknown on from the turns-out-bad-practices-bite-you dept.

CowboyRobot writes "As the Internet Corporation for Assigned Names and Numbers (ICANN) continues its march toward the eventual approval of hundreds, if not more than 1,000, generic top-level domains (gTLDs), security experts warn that some of the proposed names could weaken network security at many companies. Two major issues could cause problems for companies: If domain names that are frequently used on a company's internal network — such as .corp, .mail, and .exchange — become accepted gTLDs, then organizations could inadvertently expose data and server access to the Internet. In addition, would-be attackers could easily pick up certificates for domains that are not yet assigned and cache them for use in man-in-the-middle attacks when the specific gTLD is deployed." Another way to look at it: why were they using invalid domains in the first place?

5 of 115 comments (clear)

  1. I don't like numbers without context . . . by Mitchell314 · · Score: 4, Interesting

    Currently, 25 percent of queries to the domain name system are for devices and computers that do not exist, suggesting the companies are already leaking information to the Internet

    And how many of those are due to actual people as opposed to confused webcrawlers looking up dead links?

    "Oh hai, a new webpage. Lookie, a link. hddp://mywobsite.youspace.com/forum/?post=1. Oh, there's nothing there.
    Lookie, another link. hddp://mywobsite.youspace.com/forum/?post=2. Oh, there's nothing there
    Lookie, another link. hddp://mywobsite.youspace.com/forum/?post=3. Oh, there's nothing there"

    ...

    --
    I read TFA and all I got was this lousy cookie
    1. Re:I don't like numbers without context . . . by DriedClexler · · Score: 5, Interesting

      True. At the same time, though, I remember that for a while my favorite site was donotreply.com, where the owner would post emails he got as a result of organizations listing email addresses in the @donotreply.com domain. Apparently, even major security firms made it easy to accidentally reply confidential information to whoever happened to own donotreply.com.

      --
      Information theory is life. The rest is just the KL divergence.
  2. Re:That's why I have been giving my internal by TheLink · · Score: 4, Interesting

    No. .local is for different usage:
    http://tools.ietf.org/html/rfc6762
    Sure took them a long while to reserve that too.

    I proposed reserving a "RFC1918" like TLD about 12+ years ago, but there was not enough interest: http://tools.ietf.org/html/draft-yeoh-tldhere-01

    I did try via the ICANN (emailed them to ask them to reserve it). But the ICANN were more interested in "yet another dotcom tld" like .biz .info.
    And I didn't have a spare USD100k lying around to apply for the TLD through ICANN, and give it to the world if I even succeeded in getting it.

    --
  3. Re:That's why I have been giving my internal by dissy · · Score: 4, Interesting

    I wonder which three letter organization icann will be giving .onion to :/

  4. Re:That's why I have been giving my internal by intermodal · · Score: 4, Interesting

    I think .biz was helpful, in that I don't trust any domain name that ends in .biz.

    --
    In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!