Monday, April 30, 2012

ICANN to notify domain applicants of data breaches

Organizations taking part in the most ambitious expansion of the Internet so far will find out next week whether their applications for new domain names could have been viewed by competitors as a result of a software bug.

The U.S. non-profit Internet Corporation for Assigned Names and Numbers (ICANN), which operates the Internet's naming system, has been inviting Organizations to apply to own and run their own domains, for example .apple, .nyc or .gay, instead of entrusting them to the operators of .com, .org and others.

But the system hit a problem earlier this month, just as a three-month window for applications was about to close, when a software glitch was discovered that allowed some applicants to see user or file names of other applicants.

Organizations had been careful not to reveal the domain names they were applying for, fearing the knowledge they were applying for a generic domain like .food would encourage rivals to compete for that domain and drive up the price.

"We're very apologetic for the inconvenience to any applicants," ICANN chief executive Rod Beckstrom told Reuters.

"Clearly, we're going to take every step that we can to make sure that no one takes advantage of any information they may have obtained," he said in a telephone interview, declining to detail exactly what steps could be taken.

The domain-name expansion programme had been opposed by some influential trademark owners who feared they would have to spend large sums of money simply to protect their brands online, despite protections built into the system.

Critics have also complained about conflicts of interest as some past and present ICANN board members stand to benefit financially from the programme.

Peter Dengate Thrush, who was chairman of ICANN when it gave the go-ahead for the expansion, went on to become executive chairman of Top Level Domain Holdings, a London-listed firm set up to acquire and operate the new domains.

Beckstrom said he was confident the glitch in the system had been caused by a software bug rather than an attack.

"We have absolutely no reason to believe it's a hack. We have been able to find some of the instructions in the software that caused the issue," he said.

Beckstrom added that ICANN had captured every keystroke made by applicants since the window opened in January, and was currently combing through the more than 500 gigabytes of data to determine what may have been visible to whom.

The organization plans to notify applicants by May 8 if details of their applications could have been viewed by others, but will not tell them who could have seen those details. Those who may have viewed such information will also be notified.

ICANN, which says it has now fixed the bug and is extensively testing the system, plans to reopen the application window at a date yet to be determined for an extra five days.

Beckstrom said 1,268 Organizations had registered for the application system to date, up from a previously reported figure of 839, and stressed that most applicants were not affected.

"As CEO, I take full responsibility for this issue," said Beckstrom, who is due to step down on July 1. "I would like to resolve it before handing on the baton."

(Reporting by Georgina Prodhan; Editing by Mark Potter)
Reuters

 
News Update Users