When someone with a camera asks if you’d “like to play the role of the server in a simulated DDOS attack?” say “no.”
Just wanted to post a quick note to give you all a heads up that it has come to our attention that there are phishing emails being sent out to Name.com customers. The email appears as if it is a notice of expiration from Name.com requesting a $75 renewal (youch!). The email will look similar to:
This is just a general reminder to read carefully through details and if something doesn’t feel right it probably isn’t. Let us know if you have any questions. Don’t fall victim!
This week our CTO, Sean Leach, joins the podcast to talk about a little thing called DNSSEC. The most basic explanation of DNSSEC is that it provides security for your DNS, but, as you will hear, there is oh so much more involved.
Non-tech folks, not to worry, Sean does a really good job of keeping the technobabble to a minimum. Even as I was politely smiling and nodding during recording, I was actually comprehending (most) of what was being said. 🙂
Anyone that has had one of their accounts (bank, online, or otherwise) compromised knows it can be a total nightmare to try and resolve. It’s not just an annoyance, it can leave you feeling violated and vulnerable. This can especially be the case if somehow this happens to your domain account(s). Now whether you’re a domainer or a small business, your domains can be your livelihood, and it’s important to secure your domains as best you can to ensure no one else can get their grubby little hands on them. Enter Name.com and a nifty little service we have deemed NameSafe.
The NameSafe VIP service is part of the VeriSign Identity Protection (VIP) credential system and it adds two-factor authentication to your account. This means that in addition to a username and password, you must enter a unique, randomly generated code in order to log in. This provides a second, stronger layer of security on your account, and if someone without this credential tries to log in as you, their IP will be blocked after a certain number of failed attempts.
This VIP credential comes in the form of a credit card sized card that fits in your wallet, a key fob, and you can even download applications for your Blackberry, iPhone, or Android device. The service itself is free, but the card credential will run you $30, the key fob $10, and the mobile applications are completely free. Even if you decide to go the $30 route, it’s a small price to pay for the peace of mind of having your domains and your identity protected.
What happens if you lose your credential? Not to worry, our support staff can help you get back into your account. It will be a minor hassle, as you have to contact us, fax a copy of your ID, etc., but this is only to ensure that the owner of the account is trying to gain access. After all, protecting your domains is just as important to us as it is to you.
If you’d like to learn a little bit more about the NameSafe service, you can check out our product page.
There are a lot of doomsday predictions out there about IPv4 address running out soon (there is even a countdown page/iphone app etc.). Whether they are true or not (there are ways to delay the inevitable using NAT etc.) we at Name.com know IPv6 is the future. We always strive to be on the cutting edge of the domain registration world so we are announcing full IPv6 support across both our domain registration platform and our DNS platform. What does that mean? It means if you want to support IPv6 on your network, and you are a customer of ours, we have you all covered. 🙂 You can submit IPv6 glue records to the registries, and if you host your domain on our DNS platform, we can support networks that use IPv6 for querying DNS. What does it mean for the geeks in the house? Well read below to get some more in depth details.
What is IPv6
Here is the Wikipedia page about IPv6. Basically it’s the next generation IP addressing technology that provides a MUCH larger address space (2e128 to be exact). Unfortunately, a host/network has to specifically support IPv6 to receive traffic and so some key systems (like the DNS) have to specifically support IPv6 for two IPv6-enabled networks to support it. The nice thing is IPv4 and IPv6 traffic can ride over the same network, so no need to rip out the existing Intertubes, hardware just needs to support it (most newer computers, wirelress routers etc. already do). The are three ways a network can support IPv6 so that two hosts can communicate:
|1. Not at all/IPv4 only||The network can only send traffic over IPv4|
|2. Split IPv4/IPv6||If a source host wants to send traffic to a destination host, and both hosts support IPv6, the traffic is sent over IPv6. If only one or none of the two hosts support IPv6, the traffic must be sent over IPv4|
|3. IPv6 only (VERY RARE)||The two hosts only support IPv6|
Domain Registration/Glue Record Support
To support #2 above, the DNS has a special record type called a quad-A record (AAAA). It provides the IPv6 address of a hostname (similar to how an “A” record gives the IPv4 record for a hostname). An example:
Here is the IPv4 address for ns1.name.com
$ dig ns1.name.com a
ns1.name.com. 172800 IN A 220.127.116.11
Here is the IPv6 address for ns1.name.com
$ dig ns1.name.com aaaa
ns1.name.com. 172800 IN AAAA 2607:f0d0:1002:95::2
You can see the same hostname has two different IP addresses. What generally happens is a host that is enabled for IPv6 and IPv4 that wants to communicate with another host will first look up it’s AAAA record to see if the destination host also supports IPv6. If there is no answer for the AAAA record (meaning the destination host doesn’t want to or can’t speak IPv6) the sending host then looks up the A record and sends the traffic over normal IPv4. Name.com now allows a domain registered on our platform to submit IPv6 glue records to the various registries. This means if a customer hosts their own DNS, and their DNS servers support IPv6, they can submit those glue record entries to the registry.
If a customer hosts their DNS on our platform, previously they could not support a recursive DNS server asking for the DNS information for their domain over IPv6 (remember recursive DNS servers ask the questions, authoritative DNS servers answer those questions – read more here at Wikipedia about DNS). We now fully support IPv6 transport to both ns1 and ns3.name.com, so if an end user of one our customer domains is on IPv6 only, or IPv4/IPv6 combo networks, that network can get the customer’s DNS information over IPv6.
Are that many people using IPv6?
Not a ton – BUT usage is growing steadily, and like other things (DNSSEC for example – a post will be coming shortly about this) – eventually a critical mass will be reached and a registrar MUST support it at that time. We just want to be ahead of the curve. 🙂
Why did we do this?
Because we want to be the coolest and most innovative registrar on the planet. Cheers!
Domain Name Hijacking has been an issue for almost as long as domain names have been around. In 1995 sex.com was stolen from it’s registrant in a very high profile case. It was still happening in 2001. In 2003. 2008 was a rough year from Godaddy – they were hit hard twice, in February and again in November and December.
The December incident, arguably one of the most troubling domain thefts in history made us realize how lacking domain registrars have been in dealing with account security.
But a domain name doesn’t have to be stolen to be problematic. USA Today addressed cyber criminal attacks being on the rise today and highlights the recent CheckFree.com fiasco:
In another recent attack, someone acquired the user name and password for a system administrator at CheckFree.com, the nation’s largest e-bill payment system. Using those log-in credentials, an intruder gained access to CheckFree’s domain name service account ’97 an account that permits the administrator to redirect traffic trying to access CheckFree’s home page to other legitimate company pages.
For several hours, the intruder redirected anyone typing www.mycheckfree.com to a Web server in the Ukraine that tried to install a password-stealing Trojan. Although as many as 160,000 customers may have been affected, none had any of his or her data stolen, says Lori Stafford-Thomas, a spokeswoman for Fiserv, the parent company of CheckFree. “CheckFree sites are all up and running properly and securely,” she says.
But the attempt was a sign of things to come, says Amit Klein, CTO of security firm Trusteer.
“The moral of this attack is that it’s so easy to take over your (website),” Klein says. “I just need to get ahold of your user name and password once. And we all know how easy it is to get your credentials.”
Name.com has long offered some of the industries best tools to keep entire accounts safe with login tracking/emails, history and IP restrictions. We’ve demonstrated once again why registrants trust us with their valuable digital assets by partnering with Verisign to offer their VIP (Verisign Identity Protection) service branded under NameSafe.
The NameSafe service offers a two factor authentication – combining something you know (your username and password) with something only you have access to (your one time randomly generate password) to create a more secure registrar experience. Currently both keyfob and credit card form factors are available for a nominal fee, and soon mobile phone options will be available for even greater convenience.