You don’t have to look too far or for too long to find someone who has had their domains hijacked. User names and passwords can be hacked, but when you add two-factor authentication–AND IT’S FREE–you can rest easy. Get your NameSafe today. And, yes, while we say free, we mean when you use your smart phone to get the Namesafe App. Here, Owen has all the details in Technicolor.
But a few days ago I was building a sand castle on the beach with my two little boys. Actually, I’d build it and they’d knock it down. It was hilarious fun and could have had us featured on a brochure for contentment. I’ve been thinking fondly about those days, and hoping I was savoring every second of it, because I had no idea that at that very moment my work was getting spanked by the biggest DDOS attack ever to come barreling at Name.com.
In short, some very large and very powerful Chinese entity was not happy with one of our customers. The owner of Boxun.com has been publishing news about the scandal of the former Chinese political superstars Bo Xilai and his wife, Gu Kailai. It’s a story involving murder, corruption and the widening gap between China’s rich and poor. This story deserves some serious media attention, but instead many involved have been silenced or locked up.
So here we are, this little but growing company in Denver, suddenly a target of some ticked off Chinese elite. This is where I show up, breezing in happy and as tan as paste can get, and receiving applause for returning to work. Let me warn you, when you come back to work and people applaud, it’s not because they’ve missed you. It’s because they’re thrilled to have someone else take some bullets. I was quickly briefed on the situation, “Yah, it was bad, there are some pissed people,” and I swear there was an actual skip in her step as she walked away. I should give her more credit than that. It was Ashley, our Marketing Something or Other, and she and the entire staff did an amazing job of handling what could be the equivalent of a Honda getting sideswiped by the moon. DDOS attacks are common, and we have an awesome crew that regularly handles the onslaught, but this was the kind of mauling that inspires international treaties.
All our peeps are back to their regular scheduled programming, we’re still talking with Boxun.com for the best results for them, and I’m still on Hawaiian time, alternately staring out the window and at Google Translate. I think 你的母亲的气味像猪 isn’t good, and not once has anyone here at work offered to bring me a piña colada or rub sunscreen on my back.
It’s OK, it’s what I do, be the public face to these situations. At Name.com it’s easier than places that take more time glossing over things than they do being open and honest about them. So for that I’m happy to be back.
Last week a string of domain hijackings caught the attention of many. Perhaps because the victims of the hijackings are all well established, technologically savvy individuals. The three notable cases where css-tricks.com, davidwalsh.name, and designshack.net each of them have written their own blog posts detailing their experience of finding out their domain was stolen and the ugly road to recovery. We won’t speculate too much on what happened but we do want to give everyone a heads up on security features that you can put in place to insure that this won’t happen to you!
If you are not currently a Name.com customer, you should be 🙂 We are running a $7.39 COM/NET transfer special from now through the end of December. You can click here to start your transfer and then follow the instructions below to keep your domain safe by adding NameSafe -a free service!
What is NameSafe VIP?
NameSafe VIP service adds an additional layer of security by using the VeriSign Identity Protection (VIP) credential system. It will generate a unique six digit code every 30 seconds that is required to access your account. So you’ll log in using your username and password as usual, then enter the unique 6 digit code. It’s a super easy way to keep your account secure. The service is FREE unless you do not have a SmartPhone and need to purchase the FOB that will create the credential (the 6 digit ever-changing number).
How do I get NameSafe VIP?
From within your Name.com account you’ll see a link on the left hand side for ‘NameSafe’ (see below)
Simply click, ‘NameSafe’ then click the link ‘Signup for the NameSafe service.’ If you’re using your phone to generate your credential, you’ll set it up at m.verisign.com but don’t worry, we’ll email you activation instructions that are really quick.
Setting up 2 factor authentication keeps your domain safe and secure, out of the hands of the bad guys. NameSafe is quick to set up and free of charge. You don’t have much to lose setting up extra security precautions but seems you have everything to lose by not being proactive when it comes to security of your domain names.
What that thing is that’s been attacking Yahoo!, Google and Visa…and now Name.com.
When someone with a camera asks if you’d “like to play the role of the server in a simulated DDOS attack?” say “no.”
Just wanted to post a quick note to give you all a heads up that it has come to our attention that there are phishing emails being sent out to Name.com customers. The email appears as if it is a notice of expiration from Name.com requesting a $75 renewal (youch!). The email will look similar to:
This is just a general reminder to read carefully through details and if something doesn’t feel right it probably isn’t. Let us know if you have any questions. Don’t fall victim!
This week our CTO, Sean Leach, joins the podcast to talk about a little thing called DNSSEC. The most basic explanation of DNSSEC is that it provides security for your DNS, but, as you will hear, there is oh so much more involved.
Non-tech folks, not to worry, Sean does a really good job of keeping the technobabble to a minimum. Even as I was politely smiling and nodding during recording, I was actually comprehending (most) of what was being said. 🙂
Anyone that has had one of their accounts (bank, online, or otherwise) compromised knows it can be a total nightmare to try and resolve. It’s not just an annoyance, it can leave you feeling violated and vulnerable. This can especially be the case if somehow this happens to your domain account(s). Now whether you’re a domainer or a small business, your domains can be your livelihood, and it’s important to secure your domains as best you can to ensure no one else can get their grubby little hands on them. Enter Name.com and a nifty little service we have deemed NameSafe.
The NameSafe VIP service is part of the VeriSign Identity Protection (VIP) credential system and it adds two-factor authentication to your account. This means that in addition to a username and password, you must enter a unique, randomly generated code in order to log in. This provides a second, stronger layer of security on your account, and if someone without this credential tries to log in as you, their IP will be blocked after a certain number of failed attempts.
This VIP credential comes in the form of a credit card sized card that fits in your wallet, a key fob, and you can even download applications for your Blackberry, iPhone, or Android device. The service itself is free, but the card credential will run you $30, the key fob $10, and the mobile applications are completely free. Even if you decide to go the $30 route, it’s a small price to pay for the peace of mind of having your domains and your identity protected.
What happens if you lose your credential? Not to worry, our support staff can help you get back into your account. It will be a minor hassle, as you have to contact us, fax a copy of your ID, etc., but this is only to ensure that the owner of the account is trying to gain access. After all, protecting your domains is just as important to us as it is to you.
If you’d like to learn a little bit more about the NameSafe service, you can check out our product page.
There are a lot of doomsday predictions out there about IPv4 address running out soon (there is even a countdown page/iphone app etc.). Whether they are true or not (there are ways to delay the inevitable using NAT etc.) we at Name.com know IPv6 is the future. We always strive to be on the cutting edge of the domain registration world so we are announcing full IPv6 support across both our domain registration platform and our DNS platform. What does that mean? It means if you want to support IPv6 on your network, and you are a customer of ours, we have you all covered. 🙂 You can submit IPv6 glue records to the registries, and if you host your domain on our DNS platform, we can support networks that use IPv6 for querying DNS. What does it mean for the geeks in the house? Well read below to get some more in depth details.
What is IPv6
Here is the Wikipedia page about IPv6. Basically it’s the next generation IP addressing technology that provides a MUCH larger address space (2e128 to be exact). Unfortunately, a host/network has to specifically support IPv6 to receive traffic and so some key systems (like the DNS) have to specifically support IPv6 for two IPv6-enabled networks to support it. The nice thing is IPv4 and IPv6 traffic can ride over the same network, so no need to rip out the existing Intertubes, hardware just needs to support it (most newer computers, wirelress routers etc. already do). The are three ways a network can support IPv6 so that two hosts can communicate:
|1. Not at all/IPv4 only||The network can only send traffic over IPv4|
|2. Split IPv4/IPv6||If a source host wants to send traffic to a destination host, and both hosts support IPv6, the traffic is sent over IPv6. If only one or none of the two hosts support IPv6, the traffic must be sent over IPv4|
|3. IPv6 only (VERY RARE)||The two hosts only support IPv6|
Domain Registration/Glue Record Support
To support #2 above, the DNS has a special record type called a quad-A record (AAAA). It provides the IPv6 address of a hostname (similar to how an “A” record gives the IPv4 record for a hostname). An example:
Here is the IPv4 address for ns1.name.com
$ dig ns1.name.com a
ns1.name.com. 172800 IN A 126.96.36.199
Here is the IPv6 address for ns1.name.com
$ dig ns1.name.com aaaa
ns1.name.com. 172800 IN AAAA 2607:f0d0:1002:95::2
You can see the same hostname has two different IP addresses. What generally happens is a host that is enabled for IPv6 and IPv4 that wants to communicate with another host will first look up it’s AAAA record to see if the destination host also supports IPv6. If there is no answer for the AAAA record (meaning the destination host doesn’t want to or can’t speak IPv6) the sending host then looks up the A record and sends the traffic over normal IPv4. Name.com now allows a domain registered on our platform to submit IPv6 glue records to the various registries. This means if a customer hosts their own DNS, and their DNS servers support IPv6, they can submit those glue record entries to the registry.
If a customer hosts their DNS on our platform, previously they could not support a recursive DNS server asking for the DNS information for their domain over IPv6 (remember recursive DNS servers ask the questions, authoritative DNS servers answer those questions – read more here at Wikipedia about DNS). We now fully support IPv6 transport to both ns1 and ns3.name.com, so if an end user of one our customer domains is on IPv6 only, or IPv4/IPv6 combo networks, that network can get the customer’s DNS information over IPv6.
Are that many people using IPv6?
Not a ton – BUT usage is growing steadily, and like other things (DNSSEC for example – a post will be coming shortly about this) – eventually a critical mass will be reached and a registrar MUST support it at that time. We just want to be ahead of the curve. 🙂
Why did we do this?
Because we want to be the coolest and most innovative registrar on the planet. Cheers!
Domain Name Hijacking has been an issue for almost as long as domain names have been around. In 1995 sex.com was stolen from it’s registrant in a very high profile case. It was still happening in 2001. In 2003. 2008 was a rough year from Godaddy – they were hit hard twice, in February and again in November and December.
The December incident, arguably one of the most troubling domain thefts in history made us realize how lacking domain registrars have been in dealing with account security.
But a domain name doesn’t have to be stolen to be problematic. USA Today addressed cyber criminal attacks being on the rise today and highlights the recent CheckFree.com fiasco:
In another recent attack, someone acquired the user name and password for a system administrator at CheckFree.com, the nation’s largest e-bill payment system. Using those log-in credentials, an intruder gained access to CheckFree’s domain name service account ’97 an account that permits the administrator to redirect traffic trying to access CheckFree’s home page to other legitimate company pages.
For several hours, the intruder redirected anyone typing www.mycheckfree.com to a Web server in the Ukraine that tried to install a password-stealing Trojan. Although as many as 160,000 customers may have been affected, none had any of his or her data stolen, says Lori Stafford-Thomas, a spokeswoman for Fiserv, the parent company of CheckFree. “CheckFree sites are all up and running properly and securely,” she says.
But the attempt was a sign of things to come, says Amit Klein, CTO of security firm Trusteer.
“The moral of this attack is that it’s so easy to take over your (website),” Klein says. “I just need to get ahold of your user name and password once. And we all know how easy it is to get your credentials.”
Name.com has long offered some of the industries best tools to keep entire accounts safe with login tracking/emails, history and IP restrictions. We’ve demonstrated once again why registrants trust us with their valuable digital assets by partnering with Verisign to offer their VIP (Verisign Identity Protection) service branded under NameSafe.
The NameSafe service offers a two factor authentication – combining something you know (your username and password) with something only you have access to (your one time randomly generate password) to create a more secure registrar experience. Currently both keyfob and credit card form factors are available for a nominal fee, and soon mobile phone options will be available for even greater convenience.