Posts Tagged ‘domain’
Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months.
The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions.
“Twenty gigs of data is a lot of data in six months of really doing nothing,” said researcher Peter Kim from the Godai Group. “And nobody knows this is happening.”
Well – truly conscientious IT departments are aware of the problem.
Doppelganger domains are ones that are spelled almost identically to legitimate domains, but differ slightly, such as a missing period separating a subdomain name from a primary domain name — as in the case of seibm.com as opposed to the real se.ibm.com domain that IBM uses for its division in Sweden.
Kim and colleague Garrett Gee, who released a paper this week (.pdf) discussing their research, found that 30%, or 151, of Fortune 500 companies were potentially vulnerable to having e-mail intercepted by such schemes, including top companies in consumer products, technology, banking, internet communication, media, aerospace, defense, and computer security…
They could have a tits-for-tithes promotion for new members.
On Friday, ICANN … voted to allow the application of the controversial “.xxx” top-level domain name for sites that display adult content.
The domain, which would need further approval before going live on the internet, would be applied to adult entertainment sites just as “.com” is now.
The .xxx internet suffix, which was first proposed six years ago by ICM Registry, a group that sells domain names, “will provide a place online for adult entertainment providers and their service providers who want to be part of our voluntary self regulatory community,” according to that company’s news release.
Adopting .xxx will be optional. However, some tech blogs speculate a push to make the domain mandatory for adult-only sites.
ICM Registry has already taken 110,000 pre-reservations for the domain, which could be available in early 2011, if not sooner, its news release states.
The “debate” over the xxx domain idea has been around for a long time. Its emergence probably has no implications whatsoever (but don’t expect that to stop the “debate”).
To date, more than 280 Internet domain names have been registered relating to Hurricane Gustav, some of them using words like “charity,” “relief,” and “support.” The U of Alabama – Birmingham [UAB] computer forensic team is watching these domains to detect any signs of fraudulent use. UAB’s Spam Data Mine collects millions of email messages used to provide investigators with spam intelligence and determine new attack methods.
“In past disasters, domain names have been used to lure the charitable into donating funds to fraudulent sites,” said Gary Warner, UAB’s Director of Computer Forensics. “As of this morning, no fraudulent usage has been detected, but consumers need to be on their guard.”
“While many new charities may pop up specifically related to the disaster only donate to well-established charities like Red Cross.org,” Warner said. “Avoid making donations through click buttons on newly established Web sites.”
I can’t agree more. Kudos to these folks at the U of Alabama!