IDN Forums - Internationalized Domain Names  
Home | idntools | Advertise on idnforums | Premium Membership

Go Back   IDN Forums - Internationalized Domain Names > General Domains > General Domain Names Discussion

General Domain Names Discussion For non Multilingual International Domain Name discussions. This is the place to post about normal .com .net .org .info .biz .us .tv etc.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 8th May 2007, 09:54 AM
jacksonm's Avatar
Senior Member
 
Join Date: Feb 2007
Posts: 3,843
iTrader: (26)
Rep Power: 972
jacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished road
Send a message via MSN to jacksonm Send a message via Skype™ to jacksonm
Only 50k for a .bank domain?

Still sounds cheap enough to me for organized phishers to purchase and reap profits.

http://www.foreignpolicy.com/story/c...?story_id=3798

Quote:
--
Why do banks and other financial institutions operate under the public top-level domains, like .com? The Internet Corporation for Assigned Names and Numbers, the body that creates new top-level domains, should create a new, secure domain just for this reason—something like “.bank,” for example.

Registering new domains under such a top-level domain could then be restricted to bona fide financial organizations. And the price for the domain wouldn’t be just a few dollars: It could be something like $50,000—making it prohibitively expensive to most copycats. Banks would love this. They would move their existing online banks under a more secure domain in no time.
--

.
__________________
.
Reply With Quote
  #2 (permalink)  
Old 8th May 2007, 11:13 AM
seamo's Avatar
Senior Member
 
Join Date: Feb 2006
Location: SA, Australia
Posts: 1,216
iTrader: (24)
Rep Power: 607
seamo is an unknown quantity at this point
Re: Only 50k for a .bank domain?

Seems like a waste of money to me.

Another pointless extension to make the registrars money - only this time at $50,000 a pop!

It is hard enough getting traffic to .net's, let alone getting mum & dad internet user to remember to type in .bank!
Reply With Quote
  #3 (permalink)  
Old 8th May 2007, 12:33 PM
Rubber Duck's Avatar
Veteran
 
Join Date: Sep 2005
Location: Czech Republic (For those of you from USA = Chechnya)
Posts: 15,929
iTrader: (59)
Rep Power: 4498
Rubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura about
Re: Only 50k for a .bank domain?

Is that 50K a year?

Whatever, I wish them luck. If they can get the banks to invest that kind of money, then presumably Banks will start accepting domains as collateral. That wouild make a big difference!
__________________
All offers to sell are void.
Reply With Quote
  #4 (permalink)  
Old 8th May 2007, 02:33 PM
Moderator
 
Join Date: Dec 2005
Posts: 7,864
iTrader: (60)
Rep Power: 2190
bwhhisc will become famous soon enoughbwhhisc will become famous soon enoughbwhhisc will become famous soon enoughbwhhisc will become famous soon enoughbwhhisc will become famous soon enoughbwhhisc will become famous soon enoughbwhhisc will become famous soon enoughbwhhisc will become famous soon enough
Re: Only 50k for a .bank domain?

Banks in US have added sitekeys, etc. and other security levels to access accounts so not sure this would be any more foolproof.
Reply With Quote
  #5 (permalink)  
Old 8th May 2007, 06:18 PM
Rubber Duck's Avatar
Veteran
 
Join Date: Sep 2005
Location: Czech Republic (For those of you from USA = Chechnya)
Posts: 15,929
iTrader: (59)
Rep Power: 4498
Rubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura about
Re: Only 50k for a .bank domain?

Quote:
Originally Posted by bwhhisc
Banks in US have added sitekeys, etc. and other security levels to access accounts so not sure this would be any more foolproof.
Actually it seems to me that the guy that wrote this is a complete dipstick and understands little about the security issues.

The sitekey type stuff is where the real problems lie, however, if you stumble unawares on to a phishing site, then you are prompted to log in. Of course the data that you hand over is merely recorded, and you will be given as much information as possible to allay you suspicions. Some of them are very good.

The key is never link to your bank site. Always type in. That way you can be sure where you are going. Certainly never link from any emails that you might receive.
__________________
All offers to sell are void.
Reply With Quote
  #6 (permalink)  
Old 8th May 2007, 06:31 PM
jacksonm's Avatar
Senior Member
 
Join Date: Feb 2007
Posts: 3,843
iTrader: (26)
Rep Power: 972
jacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished road
Send a message via MSN to jacksonm Send a message via Skype™ to jacksonm
Re: Only 50k for a .bank domain?

Quote:
Originally Posted by Rubber Duck
Actually it seems to me that the guy that wrote this is a complete dipstick and understands little about the security issues.
Do you mean Bill or Mikko Hypponen?

Mikko is considered one of the top computer security experts in the world, by a good many people. His company, F-Secure, has produced encryption products, antivirus products, etc, for more than 10 years. They are quite successful, indeed - the kind of people who drive lamborghinis and own their own islands.

I don't know anything about Bill, so I can't comment there.

.
__________________
.
Reply With Quote
  #7 (permalink)  
Old 8th May 2007, 06:39 PM
Rubber Duck's Avatar
Veteran
 
Join Date: Sep 2005
Location: Czech Republic (For those of you from USA = Chechnya)
Posts: 15,929
iTrader: (59)
Rep Power: 4498
Rubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura about
Re: Only 50k for a .bank domain?

Well perhaps so, but at the end of the day the only real protection there is against phishing is to educate the public at large how to navigate. I can send you an email right now with a dot bank return address, which would be enough to convince most people I was authentic. At the end of the day you cannot mitigate against stupidity.

Not sure about the $50K argument either. Some phishing sites over the short-term can make more money than than real banks!

Quote:
Originally Posted by jacksonm
Do you mean Bill or Mikko Hypponen?

Mikko is considered one of the top computer security experts in the world, by a good many people. His company, F-Secure, has produced encryption products, antivirus products, etc, for more than 10 years. They are quite successful, indeed - the kind of people who drive lamborghinis and own their own islands.

I don't know anything about Bill, so I can't comment there.

.
__________________
All offers to sell are void.
Reply With Quote
  #8 (permalink)  
Old 8th May 2007, 06:43 PM
xxbossmanxx's Avatar
Member
 
Join Date: Dec 2006
Location: Detroit
Posts: 429
iTrader: (6)
Rep Power: 0
xxbossmanxx is an unknown quantity at this point
Send a message via AIM to xxbossmanxx Send a message via MSN to xxbossmanxx Send a message via Skype™ to xxbossmanxx
Re: Only 50k for a .bank domain?

I like Jackson's idea. Makes perfect sense. A bank would love an idea like that and 50k a year is nothing, they spend 100x that on security
__________________
I Build sites like this for cash and IDN's.
http://www.rarecom.com/
Reply With Quote
  #9 (permalink)  
Old 8th May 2007, 06:49 PM
Rubber Duck's Avatar
Veteran
 
Join Date: Sep 2005
Location: Czech Republic (For those of you from USA = Chechnya)
Posts: 15,929
iTrader: (59)
Rep Power: 4498
Rubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura aboutRubber Duck has a spectacular aura about
Re: Only 50k for a .bank domain?

Quote:
Originally Posted by xxbossmanxx
I like Jackson's idea. Makes perfect sense. A bank would love an idea like that and 50k a year is nothing, they spend 100x that on security
Don't get me wrong. It has huge benefits to the domain community. If banks think domains are worth big bucks then, it is going to make it much easier to convince everyone else.

I would have thought though from a security point of view providing credentials as to your legitimacy might be a better proof of security than just handing over the $50K. The good guys don't have a monopoly over the money. Banks in the UK have to be licensed by the Bank of England, similar systems in most countries. Evidence of that licensing is what is required not $50K.
__________________
All offers to sell are void.

Last edited by Rubber Duck; 8th May 2007 at 07:06 PM..
Reply With Quote
  #10 (permalink)  
Old 8th May 2007, 07:08 PM
jacksonm's Avatar
Senior Member
 
Join Date: Feb 2007
Posts: 3,843
iTrader: (26)
Rep Power: 972
jacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished road
Send a message via MSN to jacksonm Send a message via Skype™ to jacksonm
Re: Only 50k for a .bank domain?

Quote:
Originally Posted by Rubber Duck
Don't get me wrong. It has huge benefits to the domain community. If banks thing domains are worth big bucks then, it is going to make it much easier to convince everyone else.

I would have thought though from a security point of view providing credentials as to your legitimacy might be a better proof of security than just handing over the $50K. The good guys don't have a monopoly over the money. Banks in the UK have to be licensed by the Bank of England, similar systems in most countries. Evidence of that licensing is what is required not $50K.

It's a two-factor type of risk-mitigation:

1. be a licensed bank
2. be in a country where it costs you $100 and 10 minutes to become a bank and you still need to cough up enough cash every year that you feel like a real bank to the registry

And that's all security is about, risk mitigation; nothing more, nothing less.

BTW, bossmanxx, it wasn't my idea, I just posted a link with a quote.

.
__________________
.
Reply With Quote
  #11 (permalink)  
Old 8th May 2007, 07:11 PM
touchring's Avatar
Veteran
 
Join Date: Dec 2005
Posts: 7,547
iTrader: (29)
Rep Power: 1248
touchring is an unknown quantity at this point
Re: Only 50k for a .bank domain?

Quote:
Originally Posted by jacksonm
It's a two-factor type of risk-mitigation:

1. be a licensed bank
2. be in a country where it costs you $100 and 10 minutes to become a bank and you still need to cough up enough cash every year that you feel like a real bank to the registry

And that's all security is about, risk mitigation; nothing more, nothing less.

BTW, bossmanxx, it wasn't my idea, I just posted a link with a quote.

.

2-factor authentication alraedy eradicates this kind of risk - banks that implement 2-factor auth don't allow login on password alone.
Reply With Quote
  #12 (permalink)  
Old 8th May 2007, 07:18 PM
jacksonm's Avatar
Senior Member
 
Join Date: Feb 2007
Posts: 3,843
iTrader: (26)
Rep Power: 972
jacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished road
Send a message via MSN to jacksonm Send a message via Skype™ to jacksonm
Re: Only 50k for a .bank domain?

Quote:
Originally Posted by touchring
2-factor authentication alraedy eradicates this kind of risk - banks that implement 2-factor auth don't allow login on password alone.

No it doesn't. Phishing sites can also implement 2-factor auth.

The whole point behind the .bank, as I understood it, is that:

1. registration would be limited to licensed banks, thus preventing phishers from registering look-alike domains

2. high yearly fee would attempt to prevent "fly-by-night" banks (I personally think the fee should be 3 or 4 times more - still nothing for a bank).

.
__________________
.
Reply With Quote
  #13 (permalink)  
Old 8th May 2007, 08:00 PM
mulligan's Avatar
Senior Member
 
Join Date: Jan 2006
Posts: 4,253
iTrader: (78)
Rep Power: 2017
mulligan will become famous soon enoughmulligan will become famous soon enoughmulligan will become famous soon enoughmulligan will become famous soon enoughmulligan will become famous soon enoughmulligan will become famous soon enoughmulligan will become famous soon enoughmulligan will become famous soon enough
Re: Only 50k for a .bank domain?

In Singapore one bank I know of has issued all it's customers with a little digital keychain device that you have to use to generate a random 6 digit number and you have to enter this after you have entered your password for online banking.
Reply With Quote
  #14 (permalink)  
Old 8th May 2007, 08:08 PM
jacksonm's Avatar
Senior Member
 
Join Date: Feb 2007
Posts: 3,843
iTrader: (26)
Rep Power: 972
jacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished roadjacksonm is on a distinguished road
Send a message via MSN to jacksonm Send a message via Skype™ to jacksonm
Re: Only 50k for a .bank domain?

Quote:
Originally Posted by mulligan
In Singapore one bank I know of has issued all it's customers with a little digital keychain device that you have to use to generate a random 6 digit number and you have to enter this after you have entered your password for online banking.
Still doesn't help the user when he's on the wrong domain; this only protects the real bank from intruders. Say I reg a name similar to your banks name, and send enough spams to get users coming to change their password/update their info. All passwords are accepted. Once you've "logged in", I tell you to enter your random 6 digit number. All numbers are good. I send you to an "update your info" page, which obviously has incorrect information, you update it, I collect it, and I forward you to a page which says "online banking down for service", etc. You would never know the difference, and I have your bank password and all your personal information. Since the bank requires 2-factor, I can't directly break into your account, but I have enough info to perform identity theft and possibly get the bank to issue me a digital keychain.

Scary.

.
__________________
.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 10:37 PM.

Site Sponsors
Your ad here
buy idns
domain name lawyer
buy t-shirt
מחיר הזהב

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0
Copyright idnforums.com 2005

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54