Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Networking Security The Internet IT

Generic TLDs Threaten Name Collisions and Information Leakage 115

Posted by Unknown Lamer from the turns-out-bad-practices-bite-you dept.
CowboyRobot writes "As the Internet Corporation for Assigned Names and Numbers (ICANN) continues its march toward the eventual approval of hundreds, if not more than 1,000, generic top-level domains (gTLDs), security experts warn that some of the proposed names could weaken network security at many companies. Two major issues could cause problems for companies: If domain names that are frequently used on a company's internal network — such as .corp, .mail, and .exchange — become accepted gTLDs, then organizations could inadvertently expose data and server access to the Internet. In addition, would-be attackers could easily pick up certificates for domains that are not yet assigned and cache them for use in man-in-the-middle attacks when the specific gTLD is deployed." Another way to look at it: why were they using invalid domains in the first place?
This discussion has been archived. No new comments can be posted.

Generic TLDs Threaten Name Collisions and Information Leakage More

Generic TLDs Threaten Name Collisions and Information Leakage

Comments Filter:

  • I don't like numbers without context . . . (Score:5, Interesting)

    by Mitchell314 ( 1576581 ) on Tuesday July 16, 2013 @03:28AM (#44293655)

    Currently, 25 percent of queries to the domain name system are for devices and computers that do not exist, suggesting the companies are already leaking information to the Internet

    And how many of those are due to actual people as opposed to confused webcrawlers looking up dead links?

    "Oh hai, a new webpage. Lookie, a link. hddp://mywobsite.youspace.com/forum/?post=1. Oh, there's nothing there.
    Lookie, another link. hddp://mywobsite.youspace.com/forum/?post=2. Oh, there's nothing there
    Lookie, another link. hddp://mywobsite.youspace.com/forum/?post=3. Oh, there's nothing there"

    ...

  • Re:That's why I have been giving my internal (Score:5, Interesting)

    by TheLink ( 130905 ) on Tuesday July 16, 2013 @04:43AM (#44294003) Journal

    No. .local is for different usage:
    http://tools.ietf.org/html/rfc6762 [ietf.org]
    Sure took them a long while to reserve that too.

    I proposed reserving a "RFC1918" like TLD about 12+ years ago, but there was not enough interest: http://tools.ietf.org/html/draft-yeoh-tldhere-01 [ietf.org]

    I did try via the ICANN (emailed them to ask them to reserve it). But the ICANN were more interested in "yet another dotcom tld" like .biz .info.
    And I didn't have a spare USD100k lying around to apply for the TLD through ICANN, and give it to the world if I even succeeded in getting it.

  • On the other hand, why not simply use subdomains of an actual domainname you own?

    I do realize it's inconceivable, but some people do not own domain names. Well, I do, but they don't really match my internal naming scheme. So, my internal domain is something that wasn't valid until they came up with the stupid gTLD concept: shark species as hostname, domain "sharks" on my network and in a similar vein Kiplings Jungle Book characters as hostnames and "jungle" as domain for my parents network. This works fine, looks pretty and works.

    Now of course, I could use jawtheshark.com for my internal network. As a direct consequence, I'd have to either slave my LAN DNS to a public DNS and expose my internal IP numbering to the world, or keep my LAN DNS manually synchronized with my global DNS. You see, all kind of problems I didn't have because my internal domain was completely not used on the Internet. For my parents network, I don't even have a domain name that would match the naming scheme. My dad has our surname.lu, but that hardly will match the jungle naming scheme. Well, I could just buy yet another domain name and use it only internally, but that's added cost I didn't use to have.

    The gTLD stuff is just stupid. That's my opinion.

  • Re:I don't like numbers without context . . . (Score:5, Interesting)

    by DriedClexler ( 814907 ) on Tuesday July 16, 2013 @05:11AM (#44294135)

    True. At the same time, though, I remember that for a while my favorite site was donotreply.com, where the owner would post emails he got as a result of organizations listing email addresses in the @donotreply.com domain. Apparently, even major security firms made it easy to accidentally reply confidential information to whoever happened to own donotreply.com.

  • Re:That's why I have been giving my internal (Score:5, Interesting)

    by dissy ( 172727 ) on Tuesday July 16, 2013 @06:41AM (#44294537)

    I wonder which three letter organization icann will be giving .onion to :/

  • Re:That's why I have been giving my internal (Score:4, Interesting)

    by intermodal ( 534361 ) on Tuesday July 16, 2013 @09:57AM (#44296241) Homepage Journal

    I think .biz was helpful, in that I don't trust any domain name that ends in .biz.

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close