StratVantage Consulting, LLC — Mike’s Take on the News 09/04/01

From Evernote:

StratVantage Consulting, LLC — Mike’s Take on the News 09/04/01

Clipped from: http://www.stratvantage.com/news/090401.htm

The News – 09/04/01

In this Issue:

Cybersquatting Is Legal – For Some

There’s nothing like a monopoly. You get to make your own rules and wield power however you want. So I guess it’s not surprising that, when ICANN gave monopolies to the registrars for the seven new top level domains (.biz, .name, .pro, .museum, .info, .aero, and .coop), there’d be opportunities for abuse. Turns out abuse is practically mandated in the new domain operators’ contracts, which entitles them to register up to 10,000 domains for themselves before allowing anyone else access. This means that 10,000 of the most valuable, juiciest domain names are likely to not be available to all comers. Names like business.biz, museum.museum and the like could be controlled by the domain registrar, who could auction them to the highest bidders. Afilias, a consortium of 18 companies and domain registrar for the .info domain, has registered search.info, for example. ICANN argues that a registry operator will need a wide range of addresses on that registry in order to work effectively. Here’s a list of names reserved by NeuLevel, the administrator of the .biz gTLD (generic Top Level Domain).

As if that’s not bad enough, other registrants have taken many desirable domain names in the early registration period, which is supposed to be available only to trademark owners. So if you had your heart set on getting sports.info, computer.info, bank.info, or finance.info, you can forget it. All have been snapped up by registrants who did not hold legitimate trademarks. Afilias says they’ll take action in December, after their review of the early registration period ends. One study found that of 11,000 .info registrations, between 15 and 25 percent were bogus. My personal favorite bogus registration was for bible.info, which claimed its trademark number was “1”. Not according to the USPTO, it’s not. With all this potential cybersquatting, Afilias has its work cut out for it if it hopes to clear it all up by yearend.

Domain registrar NeuLevel, which was awarded the .biz monopoly, has been accused by Amazon of running an illegal lottery, and has filed suit to defend itself. At issue is the pre-registration period NeuLevel established in which applicants pay a small fee to reserve the rights to a name. On September 17, the company will randomly award contested names. I don’t know about you, but that sounds an awful lot like a lottery to me. However, I don’t really know how else a registrar can resolve multiple claims for a single name, unless there’s trademark or other intellectual property rights at stake (like in cocacola.biz). Amazon supposedly has said in a letter to the company, “NeuLevel is deriving enhanced revenues by selling chances to register or to challenge registration of domain names that incorporate famous trademarks such as AMAZON.COM.” NeuLevel counters with a reasonable-sounding point: other firms, such as Amazon Imaging Inc., might reasonably stake a claim to the address www.amazon.biz. “Because amazon.com and amazon.biz exist in different top-level domains, they resolve to different and unique Internet addresses and thus can function and coexist without collision,” the suit says. Where’s Solomon when we need him?

The bottom line on all of this is, as I’ve said before , the new domain names will not provide any relief to the overcrowding of the .com top level domain. In a random check of .info registrations, the usual suspects held the domains coke.info, pepsi.info, nike.info, and nbc.info. How exactly is this better? If Amazon is insisting on getting Amazon.biz, even though they are by far not the only Amazon in the world, what can we expect of names like “Excel,” which are applied to various businesses in various industries. Trademark law allows this because a trademark only applies to a class of trade. The new gTLDs are not industry-specific, and so chaos will again reign, and the big companies will scoop up all the good names.

That being said, businesses need to evaluate the need for representation in the new gTLDs. Do you want your competition to register your name? Most businesses have no choice other than registering in all the gTLDs possible. It’s a shame ICANN has not come up with a better solution. Heck, at this point, we may not ever see a better solution.

IT Analysis

Briefly Noted

  • Shameless Self-Promotion Dept.: StratVantage’s P2P4B2B – Peer to Peer for Business Directory was featured in the July 16th issue of Network World File Sharing newsletter, along with some nice mentions of white papers I’ve done. Even more impressive is the fact that a search for “StratVantage” on Google now gets you two pages of hits! Hoohoo!
    NWFusion

One very confusing aspect about all the Code Red coverage involves whether or not Microsoft’s Personal Web Server is vulnerable. Microsoft requires you to install PWS when you install FrontPage, their Web authoring tool. Many FrontPage users probably did the install back when they were still learning about the Web and have forgotten that they are running a Web server on their computers. However, neither Microsoft nor CERT nor Information Warfare thinks PWS is vulnerable. Some reports claim PWS is vulnerable to Code Red when run on Windows NT or 2000, but Information Warfare says it doesn’t even run on 2000, and indeed I couldn’t install it on my Windows 2000 machine. PWS does run on Windows NT Workstation, according to the site. Whatever the real deal is, it just may be possible that some of these attacks are coming from people who do not know they are running PWS or Internet Information Server (IIS). However, your machine is not vulnerable unless you are running Windows NT or 2000.

Regardless of the possible Code Red vulnerability, you should probably not be unintentionally running a Web server, as they can expose you to threats without your knowledge. You can check to see if PWS or IIS is running on your machine. One easy way is to see if you have either of the following directories: C:/Webshare/Wwwroot or C:/InetPub/Wwwroot. These are the default root directories of various versions of PWS and IIS. Another way is to go to Control Panel and see if you have a Personal Web Server icon. If you are running PWS, I recommend uninstalling it just to be safe. If you are running IIS, a patch is available on Microsoft’s Code Red page . By the way, it is important to note that the Microsoft patch that fixes the vulnerability only prevents future infections. If you are infected, you need to remove the file /inetpub/scripts/root.exe in order to disable the backdoor installed by Code Red.

Finally, system administrators can get a scanning tool to identify vulnerable computers from eEye . And Microsoft has released Personal Security Advisor , which takes a look at your NT or 2000 system and finds common misconfiguration problems.
FightBack Script

Return to Mike’s Take

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.