- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
The registry for the new .asia top-level domain plans to ban domain names that are consistently used for phishing sites.
DotAsia Organization has agreed to implement a policy to ban domain names associated with phishing, said Laura Mather, of the Anti-Phishing Working Group (APWG), a consortium of companies and government groups that studies phishing. She is also a senior scientist at MarkMonitor.
It's the first time that a registry has undertaken such a drastic action to stop the proliferation of fake Web sites designed to dupe people into divulging sensitive personal data. Registries are organizations that oversee technical implementation of top-level domains.
Phishing remains a huge problem despite improvements in security technology. Phishers attract people to their sites by sending links through spam e-mails. The sites, which spoof well-known brands with similar-looking domain names, are usually kicked off the Internet by Internet service providers after they receive reports that a site is fraudulent.
Often, the phisher switches hosting providers using the same domain name and the game repeats.
Phishers are also increasingly using a technique called "fast flux," which is designed to make sure a Web site is always available. Fast flux allows a Web site to resolve to numerous different IP addresses. If one server fails, a person browsing for the site is automatically redirected to another server hosting it.
Phishers are using fast flux with their sites, meaning the site's IP address changes every few minutes, redirecting to countless servers, all of which would have to be taken down. Fast flux makes it very difficult to keep a site off the Internet, turning antiphishing efforts into an endless game of chase.
"This is the weakest link online today in Internet security," wrote Gadi Evron, a security evangelist with Beyond Security. "We need to be able to get rid of domain names."
But if the top-level domain registry takes the domain name out of its system, the site will go down permanently, though there are some technical exceptions. One problem is a feature of the Internet's architecture designed to reduced the burden on nameservers, which match a domain name with its corresponding IP address and enable a Web site to be delivered in a browser.
The Leader in Network Knowledge
Comments (1)
RE: Registry for .asia domain to crack down on phishy sitesBy Freeman Hung on December 1, 2007, 11:50 amwww.ix-one.com open asia domain now.
Reply | Read entire comment
View all comments