A secure democratic Net is a fundamental right

a domainextension is what you see behind the name, it is the .com or .be or .net that you see. Untill now these domainextensions have been organised around the country that every country had its own (few exceptions) and that aside where a few generic domainextensions. The number of Generic domainsextensions only kept growing and now ICANN has decided that every city or brand or region or whatever can organize its own domainextensions if it is willing to pay the (huge) price. Now a lot of multinationals are counting how much they spend on all these websites on all these extensions and if a seperate domainextension (coca) wouldn't be cheaper and more effective. It is more easy to say to that only the  .coca or .fortis domainnames are legal and that all the rests are frauds than to try to buy all the domainnames and their variations in all the different domainextensions.

That is the good part and that is why I support it - even if I think that the price for your own domainextension is much too high.

the problem now is what all these different domainextension will do. If they are going to have a very lax dns infrastructure and registration policy than we won't have to do with a real business of business hacking and redirecting but also with tenfold of frauduluous domainnames. The result may even be that some or most of these new domainextensions will be blocked entirely by the webfilters.

Belgium will problably have two new domainextensions

.gent (the unknown diamond of Belgium according to some)  this is in my opinion stupid because you limit yourself to the flemish name of the city .ghent would be better

.vlaanderen (who will remember that outside vlaanderen)

the biggest problem will be the operational level. If we don't want any cowboys or amateurs managing domainextensions we should oblige them to be certified and work with certified people and to have someone with a certified dns securitycertificate . We should also make yearly reports about the way in which they did their work and the number of incidents and frauds that were found in their domeinzone and how they did respond. We should takeover and transfer the management of domainextensions that are so badly operated that they are a danger for the whole internet or DNs infrastructure.

I think that in Belgium dns.be should evolve from the operator for .be to a general operator for all the domainextensions in Beligum. They have proven the last year that they have understood that security is the one of the most important factors of trust and that you need trust to be able to sell enough domainnames to make some money that you can reinvest in your infrastructure.

If for some political or private reasons the new domainextensions want to restart from zero, they shouldn't be surprised that the security community will have no mercy if they make mistakes and are being found amateurs.

For .ghent it a new firm set up by some ex employees of dns.be that say they will handle and finance it. It seems to be their first experience 'on their own'. a chance or a risk it is from which perspective you look at it.

for other domainextensions, you should have your plan and  your demand ready by more and contact the ICANN who probably will decide by october which new domainextenions will be accepted

there is a possibility that if you aren't ready now or want to look first how it goes that there won't be a second round because there were too many incidents, because there is no will to do it all over again, because there are already enough of them now, because everything has to be reviewed before and that can take years and so on. so even if you don't make it fully operational or only want to use for internal communication in the first place, you should consider jumping on the first train. You can find it difficult to explain to your CEO or political boss that you didn't want to have - even a formal demand - because you wanted to be prudent - while it maybe the case that there will not be another chance after - or that it can take up to 2 to 3 years before you can introduce a new demand. And 200.000 dollar in a communication budget of an international firm or big government is peanuts.

which other domainextensions should belgium have

.flanders  (instead of vlaanderen)  or .vl

.ghent (instead of gent)

.bruges (instead of brugge)

.bru (for brussels, bruxelles and brussel)

.wal (for wallonia)

and meanwhile Google will have a field day because without Google we won't be able to locate any content

There is a new leadership around at DNS.Be and maybe our battering on security had some effects but the new head of DNS.Be says that every day they go manually over all the new registered .be domainnames and throw out these that are malicious or need more investigation.

According to the chief of DNS.Be they have already thrown out a whole bunch of domainnames.

It doesn't have to be a manual operation although, but that there is at least some controls and checks is already a good step in the right directio. The advantage is that after a while you will be so accostumed to the flow of registrations that you will develop a knowledge and a gutfeeling that will become your maintool for doing this job is an ever diminishing timeframe. 

the second step should be to set up a warning and information exchange system between dns.be and other domainextension operators so that registrations that were flagged or blocked or stopped in one domainzone are also blocked in another if it has the same characteristics.

and after a while you will have a secret database with the historic information about the registrations of all these malicious domainnames (thousands every day).

Even if it doesn't stop the cybercriminals we shouldn't make it too easy either

and the next step would be that domainnames or registrars that have been flagged can't use anonymization services for the dns or whois anymore.

The report that has shown that .be was the fifth biggest victim of fastflux domainname registrations had some effect.

So we are talking about domainsquatting which is registering a domainname for a person or brand that is not yours and for which you have no objective reason to claim it

It is not cyberspeech - for example boycotxxx.be or neenaanxxxx.be - or domaintyposquatting in which only a letter changes - for example www.diirupo.be or di-rupo.be

According to Belgian law it is illegal to do but as long as DNS.Be continues to sell domainnames as if they are soap and doesn't control anything - even if the list of politicians is free to download from the net and can be integrated in a database - situations like the following will continue to happen.

An elected representative was quite astonished when a french newspaper published an article about her outrageous personal website that proves that her party (NVA, quite seperatist) is in fact extremist and not a moderate party. The website in question was a full with negatitionist articles, pedoconspiracies and that kind of stuff

It seems that our Belgian international neonazi and publisher of negationist material who was condemned already several times had registered her personal domainname ingefaes.be (now inactive)

DNS.Be has in the meantime not taken any steps to block the ownership so the domain can't be transferred to anybody else untill a decision has been made about the legality and even more the opportunity of this action

but it is really strange that on verkiezingssite.be in 2009 she gave that site as her personal site

probably she forgot to renew it or didn't know what to do with it but she can't blame the media who doesn't know her that it was her site. They could have contacted her, yeah.

but after all, was it worth all that trouble, those 30 Euro's a year for your .be domainname.

because as you see, dns.be will seel domainnames like soap, so long the politicians finally don't stop this.

So I have received the following email

that I should control my billing online

Van    Weergave gedetailleerde berichthoofding BNP Paribas Fortis Bank <billing@bnpparibasfortis1.be>
Datum    Maandag, Augustus 30, 2010 3:58 pm
Return-path    <billing@bnpparibasfortis1.be>
Received    from mta03.xtra.co.nz (mta03.xtra.co.nz [210.54.141.252])
Received    from ForbesandDavies.co.nz ([222.154.225.248]) by mta03.xtra.co.nz with ESMTP id <20100830135825.OXDA3697.mta03.xtra.co.nz@ForbesandDavies.co.nz>; Tue, 31 Aug 2010 01:58:25 +1200
Received    from User ([219.89.81.158]) by ForbesandDavies.co.nz with Microsoft SMTPSVC(6.0.3790.3959); Tue, 31 Aug 2010 01:58:18 +1200
Date    Tue, 31 Aug 2010 01:58:18 +1200
Reply-to    usethelink@bnpparibasfortis.be
Message-id    <FD-SBSJ0sca0ZkfzDsk000002cc@ForbesandDavies.co.nz>
MIME-version    1.0
X-MIMEOLE    Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer    Microsoft Outlook Express 6.00.2600.0000

It was in fact a stupid phish

and the reply link to bnpparisbasfortis.be had to alarm them :)

but

even if the server has taken away the phishing page, the directory is still there

http://safw.adm.ncku.edu.tw/fortis  which means that the security intrusion is still there

secondly according to dns.be it is still available for registration bnpparibasfortis1.be

how do you mean available for registration

the only one that should be able to register such a name would be parisbasfortis and no one else even if it would be bnppartis-fortis or whatever other combination or whatever name with bnpparibasfortis in it

it should be up for 'controlled reservation'

I know from talks that the people at DNS.Be don't like the idea but I still think personally that a list of about 100 important financial services should be protected against phishers by limiting the reservation to 'owners'.

One of the unsaid frustration of brandmanagers at ICANN in Brussels was that they each time new domainzones come along they have to spend thousands in blocking tradenames. It seemed a lot like blackmailing on a huge scale. And who can blame them. 'If you don't buy them anybody can and can do whatever he wants with it, even destroying your online reputation, so you better buy them'. You can explain this to your boss for 10 or twenty domainzones but not for hundreds. Except if certain businesscategories get their own domainzone and all other domainzones can't use those brandnames once they are in their proper domainzone. A bit radical but it could wipe out a lot of phishing and squatting.