Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/5/2016
08:30 PM
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

New Internet Security Domains Debut

Meet the new .security and .protection domains.

Registry operator gen.xyz these week launched two new top-level Internet domains -- .security and .protection -- aimed at creating websites with higher security as well as a safer online experience for end users.

Registrants can use domains to reinforce a brand, organization name, service locations, or industry keywords, says Nils Decker, director of business development for gen.xyz.  

Big security players such as Norton, FireEye, and Masterlock, have already registered names with the new .security and .protection domains.  An organization in Southern California, for example, might select la.security; spam.protection could do the trick for an email filtering company. 

Early adopters of the new domains include Microsoft's office365.protection site; IBM managed security provider blue.security; arrow.security (formerly arrowsecuritycorp.com); and grupo.security (formerly security.cl).

Registrants are strongly encouraged – but not required by gen.xyz -- to use both SSL and DNSSEC to bolster security. The protocols ensure that "a website visitor that the company behind the website is a legitimate company, and that they're actually talking to who they think you're talking to, not a phisher or malicious site," Decker says.

Pricing for the new domains is relatively expensive, between $2,500 and $4,000. Decker and gen.xyz are counting on that high price point to discourage spammers and miscreants from using the domains as covers for malicious activity or spoofing.

"If the technology creates more security awareness or makes customers more comfortable, they're more likely to succeed," says domain name expert Monte Cahn, president of Rightofthedot, which advises on top-level domain strategies. Cahn notes that he hasn't seen the details of gen.xyz's announcement, but did note that other more recently introduced domains such as .bank and .insurance, have been well-received. However, those domains also come with special registration forms to verify that would-be registrants are in fact part of the industries they say they are, Cahn notes.

Decker says gen.xyz isn't doing any verification itself, but rather leaving that up to SSL providers such as Symantec or Comodo. "At a high level, we are the registry operator, so we control the name space, but don't sell the names themselves," Decker says. "End-user companies go to GoDaddy or Web.com for that."

Because the domains are so new and considered premium domains, availability is quite good, Decker says, in contrast to .com or .org, which are much more picked over.

 

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
clipartsgram
50%
50%
clipartsgram,
User Rank: Apprentice
10/31/2016 | 10:09:38 PM
Re: Clipart
yeah! I agree with you.This post very benefit for everyone.
T Sweeney
50%
50%
T Sweeney,
User Rank: Moderator
10/17/2016 | 12:08:21 PM
Re: Identity theft
It's a good reminder that these new domains, in and of themselves, are not inherently secure, lorraine89. Humans still need to add basic protections and anonymizing features, like the ones you've suggested.
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
10/17/2016 | 11:54:09 AM
Identity theft
New domains are pretty much vulnerable to data theft. That is why it is important to deploy some good security software and hide your IP using a genuine vpn server like PureVPN. 
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
9/19/2016 | 9:38:58 AM
online security
Great article. I always take extra caution in maintaining my online privacy and security. I deploy vpn server, purevpn, to maintain my online integrity and to avoid any type of scams and phishy threats. 
showtime33
50%
50%
showtime33,
User Rank: Apprentice
8/22/2016 | 9:31:04 AM
Re: The Irony of It
Finally....some smarts about TLD's.  Exactly right, a new domain name is just another thing to block.  Making it harder to defend by adding extensions to block.  Ask people that fix pc's in the trenches and you will find that .biz, .casino,..etc... is just another way to launch a malware link to compromise a pc.  Malware can still use .security to launch randsomware for example.  duh...adding them does nothing for protection for anyone. The irony is right....lol
umutarcn
50%
50%
umutarcn,
User Rank: Apprentice
8/9/2016 | 11:31:05 PM
Quotes
Thanks, for the information on SSL and domain details.
SEO..
50%
50%
SEO..,
User Rank: Apprentice
8/9/2016 | 11:40:49 AM
Does it really matter to have .com
Thanks, for the information on SSL. On other hand, recently I read an atricle which said it's no more important to have domain as .com it can be anything google no more consider much weightage on this domain scenario. I am planning to buy one as a web designer - let me know your thought's  
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
8/9/2016 | 10:16:52 AM
Re: Worth a try
Yes agreed as well, one protection or measure is never enough.  I am looking at it more as an additional potential measure.
T Sweeney
50%
50%
T Sweeney,
User Rank: Moderator
8/9/2016 | 10:11:41 AM
Re: Worth a try
Agreed, Juliette... but a simple domain in and of itself will not convey security on a website or its visitors. Regardless of what your domain is, there's plenty that still needs to happen on the backend to lock down and protect hardware, data and users.
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
8/9/2016 | 10:03:30 AM
Worth a try
I think it is worth a try.  But like anything unless 1. the enforcement of standards is done and 2. the false positive blocks are minimum, this will be a wasted effort.
Page 1 / 2   >   >>
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28452
PUBLISHED: 2021-01-20
This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request ...
CVE-2020-28483
PUBLISHED: 2021-01-20
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
CVE-2021-21269
PUBLISHED: 2021-01-20
Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more f...
CVE-2020-25686
PUBLISHED: 2021-01-20
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same...
CVE-2020-25687
PUBLISHED: 2021-01-20
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This...