Archive for World Wide Web

Plans To Remove .org Domain Price Cap Prompts Complaints

Many charities and other non-profit organisations that use .org, .biz or .info domains have complained that proposals to lift the price cap on those domains could lead to the price rocketing.

What Price Cap?

The price cap on .org domains was originally put in place by the US Department of Justice at a time when only a few top-level domains were available and offered a level of price protection to the mainly non-profit groups and organisations that used those domains.

The Internet Corporation for Assigned Names and Numbers (Icann) oversees the web’s domain name system and is the organisation that has made the proposal to lift the price cap after having discussions with the Public Interest Registry, a Pennsylvania non-profit corporation, and  Registry Operator for the .org top-level domain (TLD).

Consultation

Icann launched a consultation “Proposed Renewal of .org Registry Agreement” on a forum on its website throughout March in order to obtain community input and to encourage debate among those involved with domains.  The consultation ended on the  29th April, and the resulting report is due on the 30th May.

Many Complaints

Many organisations and interested parties have complained about the proposed .org renewal agreement.  For example, registrar Namecheap has said that the move would put prices up, and that with switching domains being hard, organisations will be left little option but to pay the higher prices.

It appears that most holders of .org domains, companies selling domain names, ISPs and net marketing firms have objected to the proposal.

Critics of Icann’s proposal to remove the price cap have said that Icann appears to be doing so for administrative convenience rather than for the public interest.

Icann

Icann has justified the proposal to drop the price cap by saying that when the cap was introduced there were only a few top-level options available for organisations wanting to register a domain name, whereas there are now around 1200 different options. This could mean, therefore, that price protection for a few choice domains may longer be necessary.

Icann has also pointed out that even if there are price increases, domain registrants will be given a minimum six-month notice of any price increase, and that they can effectively protect themselves against price increases by renewing their registrations for as many as 10 years prior to the change taking effect.

Another Way?

One other possible option that has been raised online is ICANN’s Non-Commercial Stakeholders Group reportedly suggesting that price caps should remain but could be raised by a reasonable level from their current level of 10% per year.

What Does This Mean For Your Business?

The thought of increased costs and domain price instability for non-profit organisations that need to use their money for their causes is proving to be a very unpopular idea.  Also, for those organisations (particularly larger ones) that have already established a presence online with a .org (.biz or .info), switching to another type of domain is likely to be difficult, costly in many ways, and is likely to be making many organisations feel angry at feeling forced into a position where they’ll have no option but to accept the new higher prices as a result of remaining with their .org (if the proposal goes ahead).

As Icann has pointed out, however, there would be some consolation with organisations being able to renew their registrations for as many as 10 years prior to the change taking effect.

The report from the consultation is due on the 30th May, so it’s a case of waiting until beyond that date to get a clearer indication of what Icann will do.

DNS infrastructure Under Attack

The Internet Corporation for Assigned Names and Numbers (ICANN) has issued a warning that the DNS infrastructure is facing an “ongoing and significant risk” and has urged domain owners to deploy DNSSEC technology.

ICANN

ICANN is one of the many organisations involved in the decentralised management of the Internet but is specifically responsible for coordinating the top-most level of the DNS in order to ensure that it can operate in a secure and stable way and maintain universal resolvability.

Attacks

According to ICANN’s statement, public reports indicate that the DNS infrastructure is facing “multifaceted attacks utilizing different methodologies”.  Examples of such attacks include replacing the addresses of intended servers with addresses of machines controlled by attackers.  The prevalence of so-called “man in the middle” attacks, where a user is unknowingly re-directed to a potentially malicious site is of particular concern.

Cisco’s Talos Intelligence blog has highlighted how this type of attack has been carried out on a grand scale by some international players.  For example, the blog reports how Lebanon and the United Arab Emirates (UAE) have been targeting .gov domains, as well as a private Lebanese airline company.  The attackers used two fake, malicious websites containing job postings via malicious Microsoft Office documents which had embedded macros. The malware, dubbed “DNSionage” supported HTTP and DNS communication with the attackers.

The Cybersecurity Infrastructure Security Agency in the US has also been forced to order federal agencies to act against DNS tampering.

DNSSEC

One of the main ways that ICANN and Internet companies like Cloudflare and Google are suggesting that DNS-focused attacks can be countered is through the deployment of DNSSEC technology by domain owners.   Domain Name System Security Extensions (DNSSEC) has been described as a suite of Internet Engineering Task Force (IETF) specifications.  DNSSEC was designed to protect Internet resolvers/clients from forged DNS data, and it complements other technologies e.g. Transport Layer Security (usually used in HTTPS) that protect the end user/domain communication.  In essence, it cryptographically signs data to make it much more difficult to forge.

Low Adoption Rate

One of the reasons why DNS-focused attacks are so prevalent may be that the adoption rate of DNSSEC is so low – around 20%.  In fact, according to Cloudflare, only 3% of the Fortune 1,000 are using DNSSEC.

What Does This Mean For Your Business?

It is good that ICANN has identified this threat as this will now facilitate greater discussion and action and may motivate more domain owners to look into and adopt DNSSEC, hopefully across all unsecured domain names.  Although full deployment of DNSSEC is not the ultimate answer, it may go a long way towards drastically reducing the current threat.

ICANN has produced a helpful checklist of recommended security precautions that members of the domain name industry e.g. registries, registrars, resellers, and others, can proactively take to protect their systems, their customers’ systems and any that could be reached via DNS.  You can find the checklist here: https://www.icann.org/news/announcement-2019-02-15-en

UK Government Warns ‘No Deal’ Brexit May Mean A .COM Replacement For Your .EU

The UK Government’s Department for Digital, Culture, Media and Sport has issued advice to holders of .eu domains that, in the event of a ‘no deal’ Brexit, they may need to switch to another top-level domain such as .com and may also need to seek legal advice.

What? Why??

The government guidance, published online on 21st December, says that the European Commission’s notice states that where a holder of a domain name no longer fulfils the general eligibility criteria, the registry for .eu will be entitled to revoke the domain name. This is because the rules for .eu domains are decided by the European Commission and the operator, which won a contract to run .eu, is obliged to follow these rules.

This could mean that even though you were the owner of the .eu domain up until 29 March 2019, after that date, and with a ‘no deal’ Brexit, you may no longer be able to access your .eu website or email. This may also essentially mean that .eu domains cannot be bought or renewed after Brexit by people or organisations located outside the European Union.

Is This A Real Threat?

Yes. In March last year, the European Commission announced it planned to simply cancel all 300,000 domains under the .eu top-level domain that have a UK registrant, after the UK’s departure from the European Union. EURid, the company that runs the .eu domain registry was not even consulted about the EC’s decision.

Also, last September the EU added the .eu registry to the official State of the Union document, stating that the implementation and functioning of the .eu top-level domain name would be included alongside copyright, cybersecurity, and privacy reforms.  This means that, if the EU is serious (which it appears to be) and proposed amendments are made to the State of the Union document for post-Brexit, anyone who wants to purchase a .eu domain may need to provide proof of EU citizenship, and registry operators will need to verify that proof.

Lost Revenue

As well as damaging the profits of Eurid, the UK citizens who hold a .eu domain make 10% of the registry, and by taking such a hard line, the European Union would be reducing its own revenues by a significant amount if it simply excluded UK citizens from owning a .eu domain.

What Does This Mean For Your Business?

The government may have just lost a ‘no deal’ Brexit vote, but it looks as though the EU had already set itself on a course to stop UK citizens from owning .eu domains with Brexit anyway, even though they will lose the revenue from nearly 300,00 domains.  There had been plans to set up a Commission on the implementation of the rules, but this is unlikely to happen or to be able to change the EU’s decisions in such a short time.  This means that UK businesses holding .eu domains, having websites with those domains and using email linked to them are now faced with the cost and trouble of having to switch to another top-level domain. One key challenge here, is that they may not be able to find their .com or .uk equivalents, thereby causing even more problems.  The EU’s decision looks like being a bad deal for both UK businesses and the EU, and seeking advice both from the registry and / or other independent legal advice may be advisable at this point.

Google Search Results Biased Says Trump

President Donald Trump has criticised Google for what he sees as hiding “fair media” coverage of him in its search engine results in a way that amounts to left-wing political bias and negativity.

Tweeting Again

The US President’s latest swipe at a tech giant accused Google of prioritising negative news stories from the “national left-wing media”.

He went so far as to say that his perceived promotion by Google of mainstream (left-wing) media outlets such as CNN, and the suppression of conservative political voices amounted to a dangerous action and a “very serious situation”.

Prompted By Fox News Report?

It has long been known that President Trump’s favourite (right-wing) news channel is Fox News. Many commentators believe that it may be no coincidence that his criticism of Google via Twitter followed the morning after a feature about the matter on Fox News.

The segment featured details of a report by Paula Bolyard who said she had performed test searches in Google on many different computers registered to different users, and that she found that 96% of the news articles presented by Google for the phrase “Trump news” were from left-wing news outlets. This is the exact figure that President Trump reported in his tweets. While Ms Bolyard accepted that this was not a scientific experiment, she noted that it did suggest a “bias against right-leaning content.”.

Paula Bolyard is also a supervising editor at PJ Media, the conservative news site.

Search Not Used To Set A Political Agenda

Google’s response has been to re-iterate that its search feature, which is controlled by automatic algorithms, is not used to set a political agenda, and that the results of searches aren’t biased toward any political ideology.

Google’s search algorithms are reported to take into account over 200 different factors, and these algorithms are regularly changed and improved to make sure that they find the most relevant links to user queries as quickly as possible.

One possible explanation for sites such as CNN.com and NYTimes.com ranking highly in searches is the fact that they are likely to have many readers linking to them, and they are very popular sites.

What Does This Mean For Your Business?

Google (Alphabet Inc) is a private company, and as one U.S. member of Congress Ted Lieu pointed out in a tweet responding to President Trump’s tweets, courts would not tolerate governments trying to dictate the free speech algorithms of private companies.

It is, however, important to note that President Trump’s comments can have a direct and fast effect on any countries / industries / businesses that he focuses on. For example, as well as shares of Alphabet falling 0.3% after Mr Trump’s accusations, President Trump’s warning against countries doing business with Iran forced the EU to bring in a blocking statute to protect EU firms and a means to allow EU businesses affected by the sanctions to sue the US administration.

Many see these latest comments as a continuation of President Trump’s criticism of news media coverage of him, a desire exert control over what’s being said, and as a way to apply more pressure to tech companies to clamp down on anything that could point to any foreign interference in and disruption of US politics, especially in the wake of accusations of Russian influence and Facebook being used to spread messages that may have affected the US election result. Facebook and Twitter have also been in the US administration’s firing line over accusations of removing content from some conservatives, and being called upon to remove conspiracy driven content and hate speech.

This is a war of words with economic consequences that is likely to continue.

Adults To Get Same Online Protection As Kids Says Government

The UK government has announced that, in a move to reinforce digital safety for everyone across the country, it will be expanding the scope of the UK Council for Child Internet Safety (UKCCIS) to cover the adult population too.

What Is The UKCCIS?

Formed in 2008, the UKCCIS is now made up of more than 200 organisations drawn from across government, industry, law, academia and charity sectors that have been working in partnership to help keep children safe online. It has been doing this by running an array of campaigns and forwarding policy proposals that aim to improve the online safety and welfare for children in UK schools and colleges.

Some of the help it gives includes providing advice for dealing with ‘sexting’, proposals for the default filtering of online pornography (2012), tackling race and faith targeted bullying, as well as creating a guide for providers of social media and interactive services with examples of good practice, and creating a guide for parents and carers whose children are using social media.

Scope Widened – Same Protection For All

The plans to expand the UKCCIS were announced in the government’s Internet Safety Strategy green paper in October 2017.

The newly proposed widening of the scope of the activities of the UKCCIS with a view to protecting adults as well as children will enable it to focus on tackling issue like cyber-bullying and sexual exploitation, the spread of radicalism and extremism across the internet, mitigating violence against girls and women, hate crime and hate speech, and any online discrimination that contravenes the Equality Act 2010.

Collaborative Approach

It is thought that a collaborative approach among the expanded number of organisations in UKCCIS and the bringing together key stakeholders, from the tech giants to the third sector, coupled with the wider scope of the population should help to bring about a safer online environment for all.

Board Member Applications Invited

The UKCCIS website is currently inviting applications for its Executive Board, a new collaborative forum through which government, the tech community, and the third sector plan to work together to ensure the UK is the safest place in the world to be online. The deadline for applications is 3rd September, and the information and links to the application forms can be found here: https://www.gov.uk/government/groups/uk-council-for-child-internet-safety-ukccis

What Does This Mean For Your Business?

All parents, whether they are business owners or not, would undoubtedly prefer to see the Internet as we know it in the UK, made a much safer place for young people to explore and use. This means that someone / something needs to take responsibility for helping to tackle the risks, and a government-led collaboration of hundreds of organisations seems to be as good a way forward as any at the current time.

With the evolving nature of cyber threats and the fact that all age groups are affected by a variety of unpleasant and criminal activity online, it makes sense that the scope of the UKCIS should be expanded to help adults too.

The Internet is a place to trade as well as to learn, communicate and interact, and a safer Internet for all can only be good news for businesses.

Fewer Shop Visits Due To Digital. But More Spending

British Retail Consortium (BRC) figures show that footfall in retail stores fell by 3.3% in April 2018 compared to last year, marking a further shift in consumer behaviour towards digital adoption.

Two Consecutive Months

The drop in footfall numbers for April was the second consecutive month where the trend away from visiting the physical high street could be observed, and in comparison to this time last year when footfall was on the up, it is seen by analysts as being significant.

Visiting Even Less – But Still Spending

The last time such a significant drop in footfall occurred (3.8%) was recorded was in 2009 when the UK was in recession and consumers were spending less as a result. Even compared to that, this year’s drop in the numbers of people visiting physical store locations is larger at 4.8%.

Despite the apparent fall in physical store visits, Barclays bank data shows that consumer spending is still on the increase.

What’s Happening?

Retail experts have noted a shift in consumer behaviour towards digital shop visits rather than physical ones, based on a number of benefits including flexibility (in what goods they purchase and when), product / service ranges available, convenience, digital innovations enhancing customer experiences, and a predisposition towards leisure rather than retail spend.

This changing consumer behaviour is forcing the retail industry to evolve and re-structure.

Increased Leisure Spending

One key trend that has been noted by analysts is the increase in leisure rather than retail spending by consumers. For example, a report by Deloitte based on the quarterly survey of more than 3,000 UK adults found that 2017 (last quarter) ended positively for the leisure sector, with consumer spending increasing in 7 out of 11 leisure categories compared to the previous year.

The areas that have shown an increase include experience-led activities, short break holidays, going to the gym, drinking in pubs and bars and attending live sporting events.

What Does This Mean For Your Business?

For retail businesses, these figures mean that the digital retail environment is posing many challenges, but the changes can also be embraced as part of a restructured strategy to remain competitive.

Many retailers understand that they now need to rebalance investment in physical and digital infrastructure, and change the way stores are used e.g. by adopting technology to engage people, and to make stores more like centres for experiences rather than just places for purchasing goods. This is particularly important for younger consumer groups.

Retailers can embrace technology as an opportunity to deliver more value to customers whether in store, at home or on the move. Retail commentators frequently talk about the importance of the need to create a seamless customer experience between online and offline, and to develop an omni-channel platform. Improving and optimising the current experience that retailers offer customers, and replicating these as effectively as possible across all channels could be the key to staying competitive in the evolving retail business environment.

UK Launched Major Cyber Attack Against ISIS

GCHQ’s new director has revealed that last year, the UK has conducted a large-scale cyber-attack against ISIS that was designed to suppress online terrorist propaganda and hinder ISIS’s ability to coordinate attacks.

Growing For A Decade

Confirmation that the attack took place came as part of the first public speech by GCHQ’s new director and former MI5 agent, Jeremy Fleming. During his speech at the National Cyber Security Centre’s (NCSC) flagship event in Manchester, Mr Fleming said that the cyber attack is just the latest part in what have been GCHQ’s efforts to grow its online counterterrorism capabilities over more than a decade.

The outcomes of cyber attacks as weapons against any enemy can range from denying online services, disrupting a specific online activity, and deterring individuals or groups, to effectively destroying equipment and networks.

Degraded Infrastructure

The UK’s cyber-attack against ISIS is reported to have degraded the terror group’s online infrastructure, made a significant contribution to coalition efforts to suppress any Daesh propaganda, hindered the terror group’s ability to coordinate attacks, and provided more protection for coalition forces on the battlefield.

Over-Achievers

It seems that this latest big cyber-attack success is only the tip of the iceberg, as a report by Parliament’s Intelligence and Security Committee (ISC) has said that GCHQ spies had “over-achieved” in 2017, and that GCHQ had delivered on the first of three stages in its mission to bolster its cyber capabilities thanks to staging almost twice as many potential hacks than its targets.

Russia In The Spotlight

The recent deterioration of the relationship between the West and Russia means that its cyber-behaviour, as well as that of ISIS, is now reported to be more of a focus for GCHQ. In the director’s speech in Manchester, Mr Fleming said that the Russian state should be held accountable for what it does, and that the UK will continue to respond to malicious cyber-activity in conjunction with international partners such as the United States.

Helpful Tool

Another helpful tool that could be used to combat terrorist propaganda online could include the auto-blocker for extremist content that was mentioned by Home Secretary Amber Rudd. The tool, which Home Secretary Rudd would like to see adopted by ISPs can be configured to detect 94% of extremist video uploads.

What Does This Mean For Your Business?

It stands to reason that the UK is launching its own cyber-attacks against what it sees as legitimate targets elsewhere in the world. Cyber-attack and security capabilities are now being used worldwide to support military operations, damage enemy communications and infrastructure and thereby degrade the threat they pose, as well as protecting home infrastructure and vital networks.

Attacks by other states, criminal and terror groups e.g. hacks, DDoS attacks and viruses, can end up impacting many UK businesses, so its good to hear that GCQH, MI5 and other actors are ‘over-achieving’ in their efforts to protect the UK, and reduce the threats that we face in a time of shifting geopolitical and technological landscapes. We can assume, therefore, that the successful actions of our security agencies must be indirectly protecting many of the interests of UK businesses.

Google, The Law and Your ‘Right To Be Forgotten’

A businessman has won the “right to be forgotten” by Google after taking his case to the High Court, because he wanted a past crime he had committed to be removed from Google’s search engine results.

What Crime?

The (un-named) businessman was hoping to remove details from Google of a conviction from 10 years ago, and of the six months jail sentence he was given for ‘conspiring to intercept communications’. The businessman was forced to take Google to court after Google refused his requests to have the information removed from its search engine results. The man’s legal argument was that the details of his past conviction were disproportionately impacting his life, and were no longer relevant, and therefore, it was not it was not in the public or the man’s interest for Google to show the details in searches.

What Does The “Right To Be Forgotten” Mean?

The legal precedent for what has become known as ‘the right to be forgotten’ was set by the Court of Justice of the European Union back in 2014. It was the result of a case brought by Spaniard Mario Costeja Gonzalez who had asked Google to remove information about his financial history from its search engine results.

In this particular case, the ‘right to be forgotten’ means that Google has to remove all search results about the businessman’s conviction, including links to news articles.

Had Shown Remorse

The judge ruled in favour of the businessman, stating that he had shown remorse. Google has said that it will respect the judgement made in the case and pointed out that it has removed 800,000 pages from its results following ‘right to be forgotten’ requests.

Not So Lucky

Another businessman who also brought a ‘right to be forgotten’ case against Google, and who had committed a more serious crime of ‘conspiring to account falsely’ was not so lucky, and lost his case. It was decided, in the High Court, that the man, who had spent four years in jail for the crime, had “mislead the public”, and that it would still be in the public interest for Google to keep the information about the man and his crimes in the search engine results.

Less Than Half

Google’s own Transparency Report from May this year revealed that of the 2.4 million requests made since 2014 to remove certain URLs from its search results, Google has only complied with less than half. Google doesn’t actually have to comply with a request, and can refuse to take links down if can demonstrate that there is a public interest in the information remaining in the search results. Google can also re-instate links that it has already taken down in a previous request if it can show that it has grounds to do so.

What Does This Mean For Your Business?

It is good news that powerful international tech companies whose services are widely used, and who have the power to influence opinion and affect lives can sometimes be held accountable to national courts. There is a strong argument that they should not be a law unto themselves, and that they may not always be the best party to judge what is in the public interest.

The ‘right to be forgotten’ is particularly significant because it is something that all EU citizens will have when GDPR comes into force next month. This will impact businesses, many of whom may expect to receive ‘right to be forgotten’ requests, and will need to get their data management in order to both comply with GDPR generally, and to be able to respond quickly to such requests and avoid possible fines.

World Cup 2014 Marred By Online Security Threats From Protesters

With the World Cup underway, you would have thought that a nation blessed by a huge football tradition would welcome hosting such a tournament. Unfortunately, the tournament has been overshadowed by protests from activists who are unhappy with the expenses put towards the tournament in comparison to basic salary and healthcare. Intriguingly, one of the many ways activists have looked to protest is by hacking official websites.

Protesto_20_de_junho_de_2013_em_Natal

Back in February, activists stated that they had the capabilities to hack official sites and subsequently disrupt the tournaments progression online. One of the activists, known as Che Commodre, said in February that “The attacks will be directed against official websites and those of companies sponsoring the cup. It’s fast, damaging and relatively simple to carry out”.

Thankfully, the activists ruled out the possibility of targeting the Brazilian population, stating that official websites were their primary target. With the World Cup having kicked off last night, it certainly wouldn’t be surprising to learn that hackers were putting their plans into action over the last 48 hours.

One of the biggest concerns for the Brazilian population is how easy the hacking process could be, with another activist stating that the procedures would be “nothing out of this world as security remains very low”.

If you’re interested in learning more about our online protection services here at Pronetic for your online business, get in touch with us today.

More Security Issues Detected In OpenSSL Post-Heartbleed

It seems that the Heartbleed bug has left a rather worrying aftermath behind it, after the subsequent fix was found to have smaller bugs that had originally gone undetected.

Heartbleed-Patch-Needed

These security holes are not thought to be as dangerous as Heartbleed, although they have proven to be much harder to exploit and deal with.

Heartbleed was brought to light a few weeks back when it was found that the popular OpenSSL software had been compromised, which brought about concerns regarding the security of personal data stored on websites.

OpenSSL was originally meant to encrypt data that was transferred from one user to the other over the internet. Major companies have since provided the project with more cash to improve their security methods and prevent any further exploitation from taking place.

A spokesman from the firm Rapid7 issued a statement saying “They are going to have to patch. This will take some time”. Updated versions of OpenSSL have already been released, so anyone who is still vulnerable has been urged to carry out the necessary updates as soon as possible.

If you want to learn more about our free network health check solutions, contact us today and we’ll take you through our services.