CDG Summary -2008

Posted by admin on June 8th, 2010

Attendants: Kamimura Jay Adam Mikami Chew Arai Kodama

Summary of 2008 Activities

a. Arai reported i-Galaxy database which collects and stores data from NUT and Waseda  Univ.Waseda’’s data contains those from .com domain and CJK data. Rosette is used for language identification. Thus languages of some data remain unanalyzed. Waseda’’s data lacks some features that are contained in NUT’’s data. Arai-kun will gather the requests and send them to Waseda. Another Problem is to improve analyzing speed. Now 5,000 pages is processed a day but this is so slow that some improvement is needed.

b. Chew – His programs under development are DDF (dangerous domain finder), G2LI(Global Information Infrastructure laboratory’s Language Identifier) and G2AT(Global Information Infrastructure laboratory’s Analysis Tool).

DDF needs third party’s data provided by, ex. McAfee to verify the accuracy of collected data. Chew will contact the providers

c. Kamimura visited on Cambodia Laos and mexico. We shall provide short trip report on the person met and some other things. Maybe it is useful to create the template for trip report.

That is used for circulation and periodical report.

d. Adam report on ccTLD redelegation and stakeholders’ function redelegation process, players from various sectors interacts and many conflicts are now occurring. We need to think the shape of charter. It may be difficult to create a single charter that can be applied to domain governors from different origins. Instead, options and subsets should be prepared for them to choose the most appropriate.

Comments from JST

a. Mikami On comments from JST. They say that social implementation is important, that is how to implement our methodology, charter, etc. We should investigate how to do it.

Plan for 2009

a. CDG maturity indexes : NUT is planning on once more crawling this year. Model ccTLD CharternCaribbean Internet Governance Policy framework for all the stakeholders, this will be a model

2009 Workshop

The fourth annual IGF Meeting will be held from 15-18 November in Sharm El Sheikh, Egypt organizing original workshop or joining to other workshop. Proposal for workshop deadline 21st Apr. Adam-seisei will register. In 18th Sep., workshop CDG 2009 in Tokyo, it will be organized by Kamimura-sensei.

Coming Meetings 27th May 3PM-6PM 18th Jun 17th Jul. 2PM-5PM

Posted on 2008-07-20

Summary of 2008 Activities

Posted by admin on June 8th, 2010

Attendants: Kamimura, Jay, Adam, Mikami, Chew, Arai, Kodama

Arai – He reported i-Galaxy database which collects and stores data from NUT and Waseda  univ. Waseda’’s data contains those from .com domain and CJK data. Rosette is used for language identification. Thus languages of some data remain unanalyzed. Waseda’’s data lacks some features that are contained in NUT’’s data. Arai-kun will gather the requests and send them to Waseda. Another Problem is to improve analyzing speed. Now 5,000 pages is processed a day but this is so slow that some improvement is needed.

Chew – His programs under development are DDF (dangerous domain finder), G2LI(Global Information Infrastructure laboratory’s Language Identifier) and G2AT(Global Information Infrastructure laboratory’s Analysis Tool).

DDF needs third party’s data provided by, ex. McAfee to verify the accuracy of collected data. Chew will provide more information about DDF next time.

Kamimura visited on Cambodia Laos and mexico. We shall provide short trip report on the person met and some other things. Maybe it is useful to create the template for trip report. That is used for circulation and periodical report.

Adam report on ccTLD re-delegation and stakeholders’ function. In re-delegation process, players from various sectors interacts and many conflicts are now occurring. We need to think the shape of charter. It may be difficult to create a single charter that can be applied to domain governors from different origins. Instead, options and subsets should be prepared for them to choose the most appropriate.

Comments from JST

- Mikami  On comments from JST social implementation is important.

- Plan for 2009 CDG maturity indexes NUT is planning on once more crawling this year.

- Model ccTLD Charter Caribbean Internet Governance Policy framework for all the stakeholders, this will be a model.

2009 Workshop

The fourth annual IGF Meeting will be held from 15-18 November in Sharm El Sheikh, Egypt organizing original workshop or joining to other workshop. Proposal for workshop deadline 21st Apr Adam-seisei will register 18th Sep., workshop CDG 2009 in Tokyo, it will be organized by Kamimura-sensei. Coming Meetings 27th May 3PM-6PM 18th Jun 17th Jul.

Posted on 2009-04-17

Drop-Catching domains is Business

Posted by admin on June 8th, 2010

Coalition Against Domain Name Abuse (CADNA) recently published its study about drop-catching — ”a process whereby a domain that has expired is released into the pool of available names and is instantly re-registered by another party.” The study showed that 100% of ”.com” and ”.net” domain names were immediately registered after they had been released.

Quoting: “The results also show that 87% of Dot-COM drop-catchers use the domain names for pay-per-click (PPC) sites. They have no interest in these domain names other than leveraging them to post PPC ads and turn a profit. Interestingly, only 67% of Dot-ORG drop catchers use the domains they catch to post these sites — most likely because Dot-ORG names are harder to monetize due to the lack of type-in traffic and because they tend to be used for more legitimate purposes.”

SOURCE:

http://www.cadna.org/en/pdf/cadna-white-paper-drop-catching.pdf

CADNA white paper Drop-Catching

Posted on 2008-02-01

SANS Top-20 2007 Security Risks (2007 Annual Update)

Posted by admin on June 7th, 2010

SANS Institute released the top 20 security risks for year 2007. The report break down risks into several sections, likes Client-side Vulnerabilities, Server-side Vulnerabilities, Security Policy and Personnel, Application Abuse, Network Devices, Zero Day Attacks.

Full report can be read http://www.sans.org/top20/ HERE, ‘SANS Top-20 2007 Security Risks (2007 Annual Update)’

Posted on 2008-01-15

CDG and UNCITRAL Model Law on E-Commerce

Posted by admin on June 7th, 2010

Can the Internet country domain governance learn from the UNCITRAL’s Model Law approach to address the Internet governance problems/weaknesses/vulnerabilities on the country domain level? The motivations for the Model Law included “the progressive harmonization and unification of the law of international trade and in that respect to bear in mind the interests of all peoples, in particular those of developing countries, in the extensive development of international trade”.

The United Nations Model Law facilitating the use of electronic commerce intends to be acceptable to States with different legal, social and economic systems, and could contribute significantly to the development of harmonious international economic relations is intended to facilitate the use of communications and storage of information … and contains rules in specific areas.

http://www.uncitral.org/uncitral/en/uncitral_texts/electronic_commerce/1996Model_status.html

The legislation implementing provisions of the United Nations Model Law has been adopted by many countries, including Dominican republic, Colombia, Ecuador, overseas territories of the United Kingdom. The Model Law influenced the legislation in the USA and Canada.

The UNCITRAL’’s Model Law approach seems to be a viable approach to address, in some extent, the existing problems/weaknesses/vulnerabilities of the Internet Country Domain Governance on the country domain level.

Posted on 2007-11-22

MEETING MINUTES

Posted by admin on June 7th, 2010

CDG Meeting Minutes

6 November, 2007

VENUE: International University of Japan

CALL TO MEETING: Chair, Prof. Yoshiki Mikami called the meeting to discuss on project outline and data collection and analysis.

Participants:

Yoshiki Mikami

Marasinghe Chandrajith Ashudoda

Jay R. Rajasekera

Keisuke Kamimura

Adam Peake

Naohisa Murakami

Katsuko T. Nakahira

Turrance Nandasara

Shigeaki Kodama

Chew Yew Choong

Apologies from Pavol Zavarsky\nTakashi Yukawa

Agenda:

- Briefing of the project outline.

- Discussion on data collection and analysis.

MEETING MINUTES

  • Briefing on today agenda.

Ashu introduced papers regarding Internet governance which found on Internet.

  • Data collection and analysis tools for CDG.

Chew briefly introduce the system going to implement for data collection.

  • Work in progress
  • Mikami asked everyone to study page 39 of Ashu’’s note.

- Mikami mentioned that during the next meeting in Tokyo, one aspect to discuss about is Risk Management; keyword should be how CCTLD is manage.

- Mikami asked everyone to inform him which part of the final report they are more interest to write.

- Kamimura said 1. We need to improve the relationship with domain manger before asking them. 2. We should filter already know/available information, and focus on unknown information.

Mikami asked Kimura to prepare a questionnaire for December meeting, list of what we know and what we don”t.

- Mikami asked Jay to prepare a definition of vulnerability and governance by December meeting.

- Mikami said NUT will responsible for data collection and analysis.

- Kamimura showed everyone the flyer he prepared for Rio.

- Mikami remind everyone that by end of March, we need to answer to Toi sensei on

1. How we define CCTLD governance.

2. What is our plan to solve CDG issue?

Next meeting.

Meeting #3: Suggested: 11, 17 or 21 of December 2007 somewhere in Tokyo. Mikami asked to invite Japan Registry Services Co., Ltd. (JPRS) staff to join this meeting.

Posted on 2007-11-15

CDG’’s Meeting Minutes

Posted by admin on June 7th, 2010
CDG’’s Meeting Minutes
8th October 2007
VENUE: Nagaoka University of Technology, SOGO KENKYU BLDG. 6F

CALL TO MEETING: Chair, Prof. Yoshiki Mikami called the meeting to kick off CDG project.

Participants:

Yoshiki Mikami
Marasinghe Chandrajith Ashudoda
Jay R. Rajasekera
Keisuke Kamimura
Adam Peake
Naohisa Murakami
Katsuko T. Nakahira
Turrance Nandasara
Shigeaki Kodama
Chew Yew Choong
Zin Maung Maung
Pann Yuu Mon
Apologies from:Pavol Zavarsky,Takashi Yukawa

Agenda: Briefing of the project outline

Discussion

MEETING MINUTES

Mikami introduced some background information about JST and RISTEX program.

Introduction to CDG’’s research plan:

Program: Governance in the Ubiquitous Society

Project title: Country Domain Vulnerability

Project period: 6 months Feasibility Study (Oct 07 – Mar 08). Mikami reminded that the RISTEX program is not a program for technology development; rather a social solution uld put more focus on “Governance in the Ubiquitous Society”, not on technology only.

Keywords: What is vulnerability of country domain? (Adam asked what is non-vulnerability or well-managed country domain then?)  How our study can contribute to solve the problem?

Stakeholders” involvement/network. Example of stakeholder: ICANN, centrefold’’s manager, government, user, etc. Any more keywords?

Questions from Toi sensei: List of sub-themes.

Predefined milestones of R&D (Adam suggested to predefined an incremental process).

-Way(s) to implement the result of this research into real world.

-Way(s) to perform self-evaluation and what is the evaluation criteria.

- Feedback to the program coordinator’s comments and questions?

Two papers about ccTLD:

- RFC 1591 (Domain Name Sstsem Structure and Delegation)

- ICP-1: Internet Domain Name System Structure and Delegation (ccTLD Administration and Delegation)

Possible conference dates:

- APTLD Bangkok Oct. 24-25

- IGF Brazil 2007 Nov. 12-15

- ICANN Feb. 10-15

- APTLD Taipei 2008 Feb. 20-29

Mikami mentioned that the final feasibility study report should submit by mid of March 2008.

Target parties:

NSO – Country Code Names Supporting Organisation. Chris Disspain (Chris) (.au)

APTLD – Asia Pacific Top Level Domain Association. Shariya Haniz Zulkifli (Shariya) (.my)

PICISOC  – Pacific Islands Chapter of the Internet Society. Frank Martin

FUNREDES Fundaci -Redes-y-Desarrollo or  Networks-and-Development-Foundation.

Daniel Pimienta Catalan TLD – Amadeu Abril i Abril.

To Do

- To define the final scope of study:

- To be focus on ccTLD, especially Pacific Islands

- To be consider non-ccTLD like .cat, .eu, .asia, etc in later stage.

- How about other cases like the using of .us on famous social bookmarking site http://del.iciou.us

- To define what is vulnerability and non-vulnerability.

For example, non-vulnerability (well-managed):

Does not allow inappropriate services

Contents : Efficient and fair allocation of sub-domains

Physical and online security.

Serving good for local peoples/society.

Connectivity of whole local/Internet community.

- To review existing and/or propose new way to perform study on the business plans, money flow, government policy, authority and assignment on ccTLD in each country.

- To draft “TLD management questionnaire”

- Chew to get ready CDG’’s blog server. Create all user accounts and email users about the web site URL and their login information.

- To arrange a meeting with Daniel Pimienta in Rel de Janeiro during IGF Brazil 2007.

Next meeting:

Meeting #2: Suggested: 6 November 2007 in IUJ campus

Suggested: 11, 17 or 21 of December 2007 somewhere in Tokyo. Mikami asked to invite Japan Registry Services Co., Ltd. (JPRS) staff to join this meeting.

Posted on 2007-11-15

US Internet Control To Be Topic

Posted by admin on June 7th, 2010

Crazy Taco writes “It looks as though the next meeting of the UN’’s  http://www.intgovforum.org/

Internet Governance Forum is about to descend into another heated  http://news.yahoo.com/s/ap/20071110/ap_on_hi_te/internet_governance debate about US control of key Internet systems. Although the initial purpose of this year’s summit was to cover such issues as spam, free speech and cheaper access, it appears that nations such as China, Iran, and Russia, among others, would rather discuss US control of the Internet. In meetings leading to up to the second annual meeting of the IGF in Rio de Janiero on Monday, these nations won the right to hold an opening-day panel devoted to ”critical Internet resources.” While a number of countries wanting to internationalize Internet control simply want to have more say over policies such as creating domain names in languages other than English, we can only speculate what additional motives might be driving nations that heavily censor the Internet and lock down the flow of information across it.

SOURCE:

http://slashdot.org/article.pl?sid=07/11/10/2134212″>slashdot

US Internet Control To Be Topic

Posted on 2007-11-12

Islands of Red

Posted by admin on June 7th, 2010

McAfee’s report “Mapping the Mal Web” (March 2007) pointed out a weakness in registration process of several small islands” domains: free-of-charge registration in Tokelau, and an anonymous registration allowed in Niue. Following is an excerpt from Islands of Red chapter of the report.

Islands of Red

Small island nations and island territories frequently rank high on the list of most risky TLDs. If we include TLDs for which Site Advisor has tested 100 or more sites, we find five small island TLDs that are unusually risky.

Sao Tome / Principe (.st) 18.5%

Tokelau (.tk) 10.1%

Turks and Caicos (.tc) 9.9%

South Georgia / South Sandwich Islands (.gs) 9.3%

British Virgin Islands (.vg) 9.1%

Cocos Islands (.cc), while not highly ranked on overall risk, is 10th for e-mail practices (11.4% risky sites) and 4th for downloads (7.5% risky sites). Likewise, Tuvalu (.tv) ranks 13th for e-mail practices (7.4% risky sites) and 7th for downloads (6.7% risky sites). And Niue (.nu) ranks 1st for exploits (0.45%).

One possible reason for the relatively higher concentration of risky sites for at least some of these domains is cost. For example, Tokelau gives out domains for free. Scammers, particularly those employing phishing, exploit or spam tactics, are subject to frequent blacklisting and so they must register and discard many domains very quickly. Registration costs, minimal for one or two domains, become significant when the number of registered sites becomes large.

The .nu TLD makes itself attractive to registrants by allowing anonymous registration. The owner of the TLD indirectly acknowledged the problem some years ago when it announced a http://www.nunames.nu/Press/spam.cfm zero tolerance policy for spammers. But our tests indicate that this policy may not be effective in actually deterring scammers. By contrast, some larger nations require additional documentation as part of the site registration process. Japan, one of the safest TLDs. http://www.marcaria.com/absolutenm/templates/?a=83&z=513 a local postal address as do Ireland, Sweden, and Finland. Norway, another safe TLD, http://www.norid.no/regelverk/index.en.html businesses to register with the government in order to receive a .no domain.

Posted on 2007-11-10

Domain tasting – Abuse Tendencies

Posted by admin on June 7th, 2010

Domain tasting extremely encourages various fraudulent activities such as

  1. Phishing and pharming. During the AGP period a tasted name is attached to a fraudulent web site mirroring the content of a trustworthy organization to fool users in order to grab their credentials. 5 days is long enough to get some fallen victims to this practice but after elapsing the AGP period the name automatically disappears, often making effective investigation hard or impossible; especially, when considering that the 5 day period can be insufficient in filing a valid history record.
  2. Spam. After 5 days the spam domain name disappears and another name is being tasted in order to fool mail filter-out criteria while still delivering the same advertising content. For the same reasons as mentioned above possible investigation experiences the lack of domain name owner evidence.
  3. Domain name mining and WHOIS lookup tracking. Interesting domain names, subject to possible tasting are being harvested in different ways. Various web client add-on components track typed in names, suspect domain resellers track the WHOIS lookup traffic on the web and immediately register those found valuable. Moreover, some registries are eligible (by the respective registry agreement) to track the overall lookup traffic and use it for commercial purposes (e.g. Verisign).
  4. Trademark Infringement. The tasters taste domains with trademark name variations, or use trademark-based typo domains believing to gain more traffic while showing PPC (pay-per-click) advertisement related to the trademark business. As discovering such a name and applying for verbal or formal complaint against the taster takes time a significant amount can be earned during the tasting period. Moreover, in case of possible complaint the taster eventually lets the name expire and thus covers its tracks.

Domain tasting – an example of the Internet domain name governance vulnerability

http://forum.icann.org/lists/rfi-domaintasting/

Posted on 2007-11-02