Jump to content

Search the Community

Showing results for tags 'Domains'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 7 results

  1. Cloudflare has announced that they are expanding their domain registrar services so that all of their customers can register or renew a domain at cost. You heard me right. No more paying extra fees to register a domain. You pay what Cloudflare pays for a domain registration or renewal. Cloudflare already acts as a registrar for their enterprise clients, but have now expanded their service so that all of their customers can use them to register new domains or manage existing ones. “When we looked at the marketplace for domain registration, we were shocked at the deceitful pricing around a service that is really just a commodity,” said Matthew Prince, co-founder and CEO of Cloudflare in a blog post. “We realized that the one thing every Cloudflare customer needs is a domain, so they needed a registrar they could trust. With Cloudflare Registrar, we’re promising to offer our customers the best security practices at the best possible price. Our goal is simply to create the first domain registrar you can love.” As a registrar, for each domain that is registered, Cloudflare needs to pay a price to the company that manages the particular TLD. For example, when someone uses Cloudflare to register a .com domain, Cloudflare pays Verisign, who manages the .com TLD, $7.85 plus an ICANN fee of $0.18. This brings the total cost of a .com domain to $8.03. While most registrars would then add some extra money to make a profit, Cloudflare has stated that they will only charge a customer what they themselves have to pay. So if they have to pay $8.03 for a domain, that is all their customers will have to pay as well. Cloudflare has released the costs for registering .com, .net, .info, and .org domains. A .com domain would cost $8.03, a .net would cost $9.95, a .info would cost $11.02, and a .org would cost $10.11. Cost to register domain with Cloudflare While saving money is always great, Cloudflare is also offering increased security for their customers. This includes two-factor authentication, DNSSEC, automatic domain lock, and free whois privacy. For those who are interested in registering new domains or transferring domains to Cloudflare Registrar, Cloudflare is opening up their service to existing customers first to give them a chance to take advantage of these savings. As time goes on, this service will also be opened to others. For those who are interested in trying Cloudflare Registrar, you can sign up here. Source
  2. Google's move to strip out the www in domains typed into the address bar, beginning with version 69 of its Chrome browser, has drawn an enormous amount of criticism from developers who see the move as a bid to cement the company's dominance of the Web. The criticism comes a few days after Chrome's engineering manager Adrienne Porter Felt told the American website Wired that URLs need to be got rid of altogether. The change in Chrome version 69 means that if one types in a domain such as www.itwire.com into the browser search bar, the www portion is stripped out in the address bar when the page is displayed. When asked about this change in a long discussion thread on a mailing list, a Google staffer wrote: "www is now considered a 'trivial' subdomain, and hiding trivial subdomains can be disabled in flags (will also disable hiding the URL scheme): chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains." But this was contested by a poster to the list, who wrote: "This is a dumb change. No part of a domain should be considered 'trivial'. As an ISP, we often have to go to great lengths to teach users that 'www.domain.com' and 'domain.com' are two different domains, and that they may not necessarily go to the same destination. "The marketing world has done a lot of damage convincing people that 'www' is both ubiquitous and non-essential, when in fact, for some domains, the use or lack of it can be quite important to getting to the correct location." A Google staffer attempted to justify the change, writing: "The subdomains reappear when editing the URL so people type the correct one. They disappear in the steady-state display case because this isn't information that most users need to concern themselves with in most cases. I think this is an OK tradeoff even in the rare case when www.foo.com is not actually the same as foo.com. (Side note: like it or not, almost no real-world users will use such a thing correctly; configuring your server like this seems like a Bad Move even if it's technically legal, because people are going to access the wrong thing, and that has been true for some time and irrespective of Chrome's UI changes.) "There are multiple real bugs here though: www.www.2ld.tld should become www.2ld.tld, not 2ld.tld (we should strip at most one m. and www.) subdomain.www.domain.com should be left as-is, not subdomain.domain.com (should only strip prefixes)." But this drew an angry response from a poster who questioned the statement "this isn't information that most users need to concern themselves with in most cases" and asked: "According to who? This is simply an opinion stated as a fact." This same individual also hit back at the statement, "(Side note: like it or not, almost no real-world users will use such a thing correctly;)", saying, "That's unfortunately, just another opinion stated as fact." This is not the first time Google has been criticised for its moves to change the fundamental structure of URLs. Its Accelerated Mobile Pages, introduced in October 2015, have been criticised for obscuring the original URL of a page and reducing the chances of a reader going back to the original website. Probably for this reason, Apple last year decided that version 11 of iOS would update its Safari browser to that AMP links would be stripped out of an URL when the story was shared. Doubts have also been expressed about the extent to which AMP links increase traffic to a website. Apart from Google staff on the mailing list referred to, nobody else thought the stripping of the "www" portion was a good idea. Another poster wrote: "This does appear to be inconsistent/improperly implemented. Why is www hidden twice if the domain is "www.www.2ld.tld"? I feel like the logic could be worked out better, eg If the root zone is a 301 to the 'www' version, removing 'www' from the omnibox would be acceptable since the server indicated the root zone isn't intended for use. "This isn't the behaviour, though. If example.com returns a 403 status, and www.example.com returns a 404 status, the www version is still hidden from the user. The www and the root are very obviously different pages and serve different purposes, so I believe the should be some logic regarding whether or not www should be hidden." "This is Google making subdomain usage decisions for other entities outside of Google. My domains and how subdomains are assigned and delegated are not Google's business to decide," said yet another poster. Another view was: "If the objective is to make URLs less confusing an emphasise the main domain name, why not just render parts in gray or make the main part bold. Wouldn't that achieve the same goal without essentially breaking the Internet?" And another poster wrote: "Since this is essentially a security vulnerability, is Google going to get a CVE assigned for it? It would make it easier to help affected users make sure this is patched on their end." iTWire has contacted Google for comment. Source
  3. Last month, leading Kodi addon repository TVAddons shut down in the wake of a lawsuit filed in the US by satellite and broadcast provider Dish Network. Just over a month later and with no other news surfacing, TF has now discovered that several recent and historical TVAddons' domains have been transferred to a Canadian law firm. The last couple of months have been the most chaotic on record for the booming Kodi third-party addon scene. After years of largely interrupted service, a single lawsuit changed the entire landscape. Last month, TF broke the news that third-party Kodi add-on ZemTV and the TVAddons library were being sued in a federal court in Texas. The fallout was something to behold. Within days the ‘pirate’ Kodi community found itself in turmoil. Several high-profile Kodi addons took the decision to shut down and even TVAddons itself went dark without explanation. At the time, unsubstantiated rumors suggested that TVAddons’ disappearance could be attributed to some coincidental site maintenance. However, with around 40 million regular users built up over a number of years, a disappearing Facebook page, and complete radio silence during alleged “routine maintenance,” something was clearly wrong. It would’ve taken just a couple of minutes to put a ‘maintenance’ notice on the site but one didn’t appear back in June, and one hasn’t appeared since. Behind the scenes, however, things have been shifting. In addition to wiping the DNS entries of TVAddons.ag, on at least another couple of occasions the domain has been quietly updated. The image below shows how it used to look. TVAddons historical domain WHOIS PrivacyDotLink refers to a service offered by Cayman Islands-based registry Uniregistry. Instead of displaying the real name and address of the domain owner (in this case the person behind TVAddons.ag), the registry replaces the information with details of its own. The privacy service is used for many reasons, but it’s not hard to see why it’s of particular use to sites in the ‘pirate’ sector. While some of the changes to the TVAddons domain during the past five weeks or so haven’t been obvious, this morning we observed the biggest change yet. As seen in the image below, its ownership details are no longer obscured by the privacy service. TVAddons new domain WHOIS What stands out here is the name Daniel Drapeau. On closer inspection, this gentleman turns out to be a Canada-based lawyer who was admitted to the Quebec Bar in 1991. “A passion for IP and a 20 year track record, servicing corporations and individuals alike in a wide variety of industries, including industrial equipment, consumer products, publishing, food & beverage, fashion and arts,” Drapeau’s Linkedin page reads. “His forte is the strategic use of IP rights and litigation to achieve his clients’ goals, whether they be protective, aggressive or defensive. Specialties: Expeditive remedies, including injunctions and seizure orders.” The other fresh detail in the WHOIS is an address – 600, de Maisonneuve West, Montreal (Quebec) H3A 3J2. It’s a perfect match for the premises of DrapeauLex, a law firm launched by Drapeau in 2012. Only adding to the intrigue is the fact that other domains operated by TVAddons both recently and historically have also been transferred to the lawfirm. XMBCHUB.com, which was the domain used by TVAddons before making the switch several years ago, was transferred yesterday. The same can be said about Offshoregit.com, the domain used by TVAddons to distribute Kodi addons. While there are a few explanations for a lawyer’s name appearing on the TVAddons domains, none of them are yet supported by legal documentation filed in the United States. As of this morning, the Dish Network case docket had received no additional updates. No notice of action in Canada has been made public. Nevertheless, as a past president of the Intellectual Property Institute of Canada’s anti-counterfeiting committee, Drapeau is certainly an interesting character in the IP space. As noted in a 2009 article by Professor of Law Michael Geist, Drapeau “urged the government to adopt a system of notice-and-takedown.” Interestingly, Drapeau also worked at law firm Smart & Biggar, where former colleague Jean-Sébastien Dupont recently went on to represent Canadian broadcasters in Wesley (Mtlfreetv.com) v. Bell Canada, the big Kodi-addon piracy case currently underway in Canada. At this stage, it’s unclear who Drapeau is working for in the TVAddons case. It’s possible that he’s working for Dish and this is a step towards the domains being handed over to the broadcaster as part of a settlement deal with TVAddons. That being said, the XBMChub and Offshoregit domains weren’t mentioned in the Dish lawsuit so something else might be underway. TorrentFreak reached out to Drapeau for comment and clarification, but at the time of publication, we had received no response. TorrentFreak
  4. An unknown attacker has managed to modify the name servers assigned to 751 domains, which resulted in some visitors to the hijacked domains being redirected to a site hosting the Rig Exploit Kit and delivering the Neutrino Bot. Discovery of the attack As reported by French domain registrar and web host Gandi, the attack started last Friday, and was made possible through use of compromised login credentials of one of the company’s technical partners (through whom they manage domain names in 34 geographic TLDs, including .ASIA, .CH, .ES, .RU, and .JP). Once the attacker gained unauthorised access to the technical partner’s web portal, he made the changes to the assigned name servers, and the attack was underway. Swiss information security company SCRT was one of the first to notice that something wasn’t right. “Last Friday at around 14:05 we noticed that our website (www.scrt.ch) along with some other services we use internally were no longer accessible. We immediately tried to figure out why that was and quickly noticed that our DNS requests were not returning the correct IP addresses,” they explained in a blog post. After ascertaining that they did not forget to renew their domain name or that the account at their registrar (Gandi) hasn’t been hacked, they saw that the DNS configuration at the registrar and in their name servers was not modified. They soon contacted SWITCH, who’s responsible for registering domain names ending in .CH and .LI, and discovered that they received the change request from Gandi. “Following further discussion with them, they found that similar changes had been requested for 94 .CH and .LIlater report by Gandi, they changed the compromised login credentials mere minutes after having been notified of the suspicious modifications, and started to undo the damage, while also starting a parallel investigation to see whether their infrastructure has been compromised. The aftermath Their investigation revealed that they haven’t been breached, and that the technical partner’s infrastructure has been breached. “These credentials were likewise not obtained by a breach of our systems and we strongly suspect they were obtained from an insecure connection to our technical partner’s web portal (the web platform in question allows access via http),” they said. “The first [name server] modification occurred at 8:04 UTC and the last was performed at 9:44 UTC. The last name server update was undone at 13:50 UTC. Taking into account the delay in name server provisioning at the individual registries in question and the TTLs of the relevant DNS zones, the unauthorized changes were in place at the most for 8 to 11 hours,” they also shared. “By 16:15 UTC, all unauthorized updates we had reversed at each of the registries and we only needed to wait for propagation delay (up to three hours later) to be completely sure that the modifications had been successfully reversed.” SCRT has noted a few changes they will be making to reduce the impact such an attack could have in the future (such as preloading Strict-Transport-Security into browsers and implementing DNSSEC), and said that they discussed with SWITCH how detection of this type of massive changes can be improved. The company also shared that during the attack, all emails sent to scrt.ch addresses were not delivered to their server but to a foreign mail server that was (luckily!) not configured to accept emails for their domain. “While it doesn’t seem to have been the objective here, this type of attack could potentially be used to read incoming emails while the name servers are poisoned,” they noted. Article source
  5. This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers: There is a phishing attack that is receiving much attention today in the security community. As a reminder: A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be trusted. Merely visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing. This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker. This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers. We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘epic.com’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real epic.com. Here is what the real epic.com looks like in Chrome: Here is our fake epic.com in Chrome: And the real epic.com in Firefox: And here is our fake epic.com in Firefox: As you can see both of these domains appear identical in the browser but they are completely different websites. One of them was registered by us, today. Our epic.com domain is actually the domain https://xn--e1awd7f.com/ but it appears in Chrome and Firefox as epic.com. The real epic.com is a healthcare website. Using our unicode domain, we could clone the real epic.com website, then start emailing people and try to get them to sign into our fake healthcare website which would hand over their login credentials to us. We may then have full access to their healthcare records or other sensitive data. We even managed to get an SSL certificate for our demonstration attack domain from LetsEncrypt. Getting the SSL certificate took us 5 minutes and it was free. By doing this we received the word ‘Secure’ next to our domain in Chrome and the little green lock symbol in Firefox. How is this possible? The xn-- prefix is what is known as an ‘ASCII compatible encoding’ prefix. It lets the browser know that the domain uses ‘punycode’ encoding to represent Unicode characters. In non-techie speak, this means that if you have a domain name with Chinese or other international characters, you can register a domain name with normal A-Z characters that can allow a browser to represent that domain as international characters in the location bar. What we have done above is used ‘e’ ‘p’ ‘i’ and ‘c’ unicode characters that look identical to the real characters but are different unicode characters. In the current version of Chrome, as long as all characters are unicode, it will show the domain in its internationalized form. How to fix this in Firefox: In your firefox location bar, type ‘about:config’ without quotes. Do a search for ‘punycode’ without quotes. You should see a parameter titled: network.IDN_show_punycode Change the value from false to true. Now if you try to visit our demonstration site you should see: Can I fix this if I use Chrome? Currently we are not aware of a manual fix in Chrome for this. Chrome have already released a fix in their ‘Canary’ release, which is their test release. This should be released to the general public within the next few days. Until then, if you are unsure if you are on a real site and are about to enter sensitive information, you can copy the URL in the location bar and paste it into Notepad or TextEdit on Mac. It should appear as the https://xn--….. version if it is a fake domain. Otherwise it will appear as the real domain in its unencoded form if it is the real thing. Spread the word The concept of an IDN homograph attack has been around since 2001 when Israeli researchers Evgeniy Gabrilovich and Alex Gontmakher first wrote about it. Web browsers have attempted various fixes but the current implementations in Chrome and Firefox are clearly not doing a good enough job. To Chrome’s credit, they are about to fix that. Thankfully there is a manual fix for Firefox. We would like to encourage you to spread the word. This new twist on phishing is getting a lot of attention today, Friday April 14th and is making the rounds currently in the security community. Xudong Zheng wrote about this earlier today and it is also being discussed on the netsec subreddit. We think here is a high possibility that this may be exploited in phishing attacks before the Chrome fix is released to the general public, which is why we are posting this public service announcement. Article source
  6. To Completely Block Facebook Add these entries below to your hosts file Your hosts file Location: Linux, Unix and Mac OS X -> /etc/hosts Windows XP, Vista and Windows 7 -> C:\WINDOWS\system32\drivers\etc\hosts Windows 2000 -> C:\WINNT\system32\drivers\etc\hosts Windows 98/ME -> C:\WINDOWS\hosts You can edit the hosts file with any text editor On Windows 7, the default AV security scan will try to remove the facebook.com entry; you'll need to add an exception to tell the OS to keep the block listing in the hosts file and not to remove it Facebook blocklist
  7. The movement by technology companies to encrypt their respective corners of the Internet continues to gain steam as more and more are enabling SSL and other encryption technologies such as Perfect Forward Secrecy to ward off surveillance and enhance the privacy and security of user data. WordPress on Thursday became the latest to promise to encrypt its traffic by default. The popular blog and content management platform said it plans to have all wordpress.com subdomains served only over SSL by the end of 2014. “In the face of intrusive surveillance, we believe that everyone in the tech community needs to stand up and do what they can, starting with their own sites and platforms,” said Paul Sieminski, general counsel at Automattic, parent company to WordPress, Cloudup, Simplenote and other web-based development platforms. The announcement came on the anniversary of the first news reports describing the depths of NSA surveillance, also known as Reset the Netday, a coordinated movement urging websites to encrypt traffic using SSL, HSTS and PFS, applications to also deploy SSL and certificate pinning, and promoting privacy tools such as Tor for users interested in keep Web traffic private. Despite yesterday’s announcement, WordPress remains a laggard among its technology provider peers. According to the Electronic Frontier Foundation’s running tally on encryption, calledEncrypt the Web, WordPress does not support HTTPS Strict, also known as HSTS, nor does it support STARTTLS. The EFF was also unable to determine whether WordPress supports Perfect Forward Secrecy, or whether it encrypts data center links. Experts believe that web and application developers that Perfect Forward Secrecy and HSTS should be default encryption technologies in any new deployment. HSTS is a policy declaration that browsers, for example, may interact only over HTTPS connections; Perfect Forward Secrecy ensures that private session keys securing an encrypted connection are random and if one is compromised, it cannot be used to compromise other messages at a future time. “Intercepted encrypted data is protected from prying eyes long into the future, even if the website’s secret key is later compromised,” said Parker Higgins, an EFF activist, last November. Privacy and security advocates have long urged technology companies to encrypt traffic in order to secure communication and make government surveillance that much more difficult. The NSA’s efforts have long been facilitated by laggard technology companies who were lax in encrypting not only traffic streams, but also links between data centers which the NSA hacked in order to intercept email and other data on Yahoo and Google users. Both companies have since encrypted those links. “Just as troubling as the [snowden] revelations themselves is the fact that since last summer, little if anything has changed,” Automattic’s Sieminski said. “Despite a lot of rhetoric, our three branches of government in the United States have not made many concrete steps toward truly protecting citizens from unchecked government surveillance.” WordPress is not alone in failing to encrypt data center links; according to the EFF, other large providers such as Amazon, Apple, AT&T, Comcast, Foursquare, LinkedIn and Verizon do not. “If we’ve learned anything over the past year, it’s that encryption, when done correctly, works,” Sieminski said. “If we properly encrypt our sites and devices, we can make mass surveillance much more difficult.” Source
  • Create New...