CIRA has issued a phishing attack warning to advise .CA domain name holders of a phishing scam designed to collect personal information including Canadian Social Insurance Numbers. The e-mails were made to appear to be coming from the Canada Revenue Agency, but with "CIRA" listed in the "from" address line.

This is a targeted phishing attack. CIRA is advising Internet users not to respond to these e-mails.

The full text of the alert can be found on the following CIRA links:

English

Francais

  So today is April 1st, which means a bevy of April Fools gags. This year we saw the Gmail Autopilot and the discontinuation of the Blackberry Storm and upside down Youtube to name a few.  If you have been listening to the Internets lately, there's also something big that's supposed to be going on, and that's the Conficker worm. 

If you've been keeping up to date with this story, you'll have seen that as of right now, it's been sort of a nonissue.  Now this doesn't mean that it's not out there and going to deploy at some magic hour that's been predetermined.  This worm is definitely still a threat. It's been estimated that it has already infected between 9 and 15 million Windows based machines.  It has infected everybody from casual at home users to the UK Ministry of Defense. 

The problem with this worm is that nobody knows for sure just what exactly it's going to do. Conficker is supposed to be getting a set of new instructions on April 1st which is why there are a lot of jumpy IT professionals today.  Just because there hasn't been much activity doesn't mean that there isn't going to be any in the future.  The code of the virus basically tells it to listen for updates at any time past April 1.

If you think you may have been infected, there are many resources out there that will help you determine if you've been infected.  If you're running Windows, you should already have gotten an automatic security patch for it and it goes without saying that if you're clicking around the internet with abandon, you should be investing in a good anti-virus program.

I think we need to wait and see what this worm does in the near future before counting it entirely down and out, the potential is definately there even if things have been relatively quiet on the Conficker front so far. 

The Conficker worm, also known as Downup, Downadup and Kido, is scheduled to activate on April 1, 2009; however the first series of infections attributed to the Conficker worm were detected back in November 2008. A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program.

The Conficker worm is capable of preventing antivirus products from functioning effectively on infected machines. The new variant of this malicious program also generates a dramatic number of unique domain names which it then contacts to download daily updates: 50,000, in contrast to the 250 generated and contacted by previous versions of the worm. An estimated 12 million of computers have been infected worldwide.

We don't know the purpose of the Conficker worm. As of this moment the worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines. What will that software do? We don't know. One theory is that the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.

The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it can do any number of the following things: turn off the automatic backup service; delete previous restore points; disable security services; block access to a number of security web sites; and open infected machines to receive additional programs from the malware's creator. The worm then tries to spread itself to other computers on the same network.

How does a computer get infected?

The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

What is the risk of infection?

Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are also at risk since pirated system usually cannot get Microsoft updates and patches

What can you do to protect yourself?

One leading antivirus vendor, Kaspersky Lab recommends that all users install the relevant operating system security update (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). An antivirus solution with up-to-date signature databases and a properly configured firewall can also prevent infection. Users of Kaspersky Lab antivirus products who have installed the security update released by Microsoft will be fully protected from Kido.

More Information:

Wikipedia description of the Conficker Worm

PC World - Protecting Against the Rampant Conficker Worm

Most of us have, at one time or another, dreamed of escaping it all and disappearing to a Caribbean island or a log cabin in the mountains for some peace and tranquility. While this particular dream will elude most of us (and would probably get a little dull after a couple of weeks), those who value their privacy may want to look to the new dot TEL name to provide it.
 
If you yearn for a world without SPAM; a world without telemarketing calls; a world where you control who can contact you and who cannot, then dot TEL is definitely worth a look.

Normally when people talk about the dot TEL, it's in the context of 'connecting for life' or being 'easier to find'. This is true. A dot TEL allows you to attach all of your contact information to a single name like JohnSmith.tel, so you have one simple name to give to people, from which they can get all your contact information, whether though a web page, cell phone or other internet enabled device. Anytime you update your contact information, the updates are automatically propagated to anyone you've given your dot TEL name to, so you never lose contact.

At the same time, you can decide exactly who sees what information, so friends and family may be able to see more personal information than business connections or acquaintances.

Setting the Stage: Depreciation of the Phone Number (and other Contact Details)

When was the last time you visited http://74.125.19.103/? Chances are it was less than 10 minutes ago.  It's the IP address associated with Google.com (one of many, as Google is so popular).  In the late 80's and early 90's it was quite normal to enter IP addresses instead of domain names, especially in academic circles, when people were starting play with the web and put up their own sites.

The DNS (Domain Name System) maps easy to remember names like Google.com to IP addresses like 74.125.19.103; but, ultimately it's the IP address that identifies the specific host computer to connect to. It's hard to believe that it took more than two and a half years to register the first 100 .COM names, but now that we're there, who'd want to go back to remembering numbers?

Just like IP addresses, telephone numbers are the mechanism by which we connect to other parties and just like IP addresses, it's a good system - but it doesn't make them easy to remember.

Personally, I don't care what Google's IP address is. It's a detail that doesn't help me accomplish my goal. Similarly, I don't care what my daughter's cell phone number is - I just want to be able to reach her easily. One of the reasons I like the cell phone so much is I can simply "Call Grace Mobile" and I'm done. I'm happy if the underlying mechanism that enables me to achieve my goal stays hidden from me -  whether it be a number, an e-mail address, an Instant Messaging ID, profile URL for a social site or any other mechanism that allows me to connect.

"Call Grace", "E-mail Grace", "Message Grace", "Map Grace" - it makes a lot more sense.

Execution: Escaping the Grid

Chances are that if you've had your number or e-mail address for a while, you receive SPAM and marketing calls, despite best efforts of legislation and initiatives like the Do Not Call Registry . Enter dot TEL and all of that could be a thing of the past.

Here's the plan:

I have lane.tel. It's easy to remember and I can attach all of my contact information - both business and personal. It's on my business card for convenience and I can give it to someone in a conversation. My hope is eventually to have it as the only listed item in the White Pages and other directories.

If you were to lookup lane.tel (after February 25th, when .TEL names go live) on your smart phone or browser, you'll see only the public information I elect to share with everyone - my name, title, business name, business phone (switchboard only) and corporate web site (I don't want to be completely off the grid).

Anyone wanting more information would need to send me a friending request. This can be done directly off the web page or through the smart phone.  I am notified by e-mail of all requests and can evaluate each one and assign it to a privacy group I've set up that determines what information you'll be able to see. If I receive a request from a business connection, they'll be able to see my work e-mail, my direct dial number, business profiles (LinkedIn) and additional business information. For friends and family, the information will include my home number, mobile, social media profiles, etc.

All non-public information is protected by 1024 bit encryption. To put this in context, there are teams of security experts out there with the expressed goal of cracking this encryption. According to the security team at Kaspersky, it would take 15 million modern computers, running for about a year to crack. I like to think of this as some hacker with a laptop waiting 15 million years to discover my e-mail address.

So my friends, family and business connections now have my .TEL. They can "Call Matt", "E-mail Matt", etc and if I ever move, change my e-mail, lose my cell phone, the specific contact details change, but since they're automatically propagated, my contacts can simply "Call Matt" and "E-mail Matt" and probably wouldn't know or care that my numbers have changed.

And that's the plan. Get a .TEL, attach my contact details, distribute my .TEL and then change any numbers, e-mail accounts, etc that I don't want known in the public domain. It doesn't preclude me being contacted and I remain visible through the presence of my .TEL name - but only people I authorise know my details.

I know it's not a perfect plan. It's a hassle to change contact details and since my contacts can see my details, it's relatively easy for the information to get back into the public domain. Spamming and telemarketing also include random and sequential mechanisms that 'guess' at addresses and numbers,   but still, it's a step in the right direction and gives me back control of my own information.

Spam-fighting organization KnujOn, or "no junk" spelled backwards, has released a report on the top 10 registrars it has linked to spam and other illicit activity.

Founded in 2005, the KnujOn project targets spam at its root by collecting spam samples from the public, not to build better filters or blacklists, but to terminate illicite websites, to test the Internet's policy infrastructure, and gather spam statistics. The goal is to target illicit transaction sites and remove the  financial incentive out of the spam cycle. The organization is credited with shutting down close to 300,000 junk mail sites to date.

Domain name registrars occupy an key position in the fight against spam. Because spammers often register multiple domain names to evade antispam detection software, they can be lucrative customers for many registrars. Registrars are in a unique position - they can aggressively fight spam at the root by quickly removing fraudulent domains from their databases and ousting spammers from the Internet, or they can be leisurely in responding.

While many registrars are quick to weed out malicious activity on their domains, the purpose of the report is to draw attention to registrars that could and should be doing more to fight spam. According to Garth Bruen, the creator of KnujOn, "Because [the domain industry] has been a free-rein, profit-driven enterprise, the registrars have made up their own rules."

In regards to the most serious offenders, Bruen thinks it's time that ICANN - the organization in charge of accrediting domain name registrars - get tough and threaten to pull the accreditation of long offending registrars. Two companies that were formerly on KnujOn's list, Beijing Innovative Networks and Joker, were issued warnings by ICANN and have since cleaned up their act, Bruen said in his report.

The list takes into account a variety of factors including the amount of spam associated with a registrar's domains and the percentage of the registrar's domains linked to spam.

KnujOn's top 10 spam-related registrars are:

1. Xinet
2. eNom
3. Network Solutions

Click to view the full list.

For more information, read the original article on Network World: Top 10 Spam-Friendly Registrars Named and Shamed   

It can be very difficult to know at times if the domain notices you receive are legitimate or aggressive marketing.  While many legitimate registrars do contact their clients about renewals or other services, many trademark holders and domain name registrants have been receiving confusing and sometimes fraudulent emails and letters from companies in Asia, Europe and/or North America.  

At Webnames.ca, we receive numerous enquiries from business owners and individuals asking us for advice as to whether to respond to these notices or not. We hope that posting this information will help many of you decipher which are scams and how you can protect yourself.

These notices so far have appeared in two forms:

Sender: Usually an Asian or European company. Recently a new company from Las Vegas. Some are domain registrars; others don't appear to be a valid company at all.

Method: Typically by email.

Message: "We have received an application for a domain name which is similar to one you own or is one of your trademarks, so we thought we would let you know so you have the first chance to register it through our company, before the unscrupulous cybersquatter gets their hands on it".

Purpose: A clever marketing ploy using a scare tactic to fool you into registering domain names.
 
Sender: The Domain Registry of Canada, Domain Registry of America (and even Verisign has done it in the past).

Method: Typically by snail mail. The mail looks like an official invoice from an official department of the government.

Message: Renew your domain registration or it will expire in the near future. It's easy, just fill out the term of renewal, your billing information and sign it. Unfortunately the renewal form is an unsolicited domain name transfer agreement effectively stealing your business from your existing registrar.

Purpose: A practice called "Domain Slamming" whereby one registrar attempts to trick customers to switch.
 

5 Tips on How to Protect Yourself Against Domain Slamming or Aggressive Marketing

Below are some key questions you need to ask yourself when you receive these types of notices.

1. Do I recognize the sender of this notice and is the sender of the notice a legitimate company?
   
   If you have not dealt with the company before, then most likely the notice you have received is a sales and marketing ploy the sender of the notice is using to entice you into buying the domain names through them. Run a search on the company (don't click on the links in their email as they are probably tracking these). Read up on what the company is about or determine if it even exists.
   
   
2. Even if the company looks legitimate what is their reputation?
   
   It is always a good idea to run a better business bureau search when dealing with any company you are not familiar with. Never send money or sign any notice or contract until you are sure who you are dealing with even if they seem like a government agency.
   
   
3. Who is the Registrar of Record for my existing domains?
   
   If you receive a notification of renewal for one of your domains, be sure that it is coming from the registrar of record for that domain name.  No Registry in the world directly charges a fee to any domain registrant. All registrations are handled by registrars and your Registrar of Record is who you initially registered your domain with. You can check your domains at http://www.webnames.ca/whois.asp or call your registrar.
   
   
4. What is the likelihood of someone infringing on my trademark or brand and what are the consequences to me?
   
   If you are worried about someone infringing on your brand contact www.webnames.ca and we can advise you on how to register and protect your domains. If someone is infringing on your trademark you can always submit a domain dispute through ICANN's Uniform Domain Name Dispute Resolution Policy or for .ca's CIRA's Domain Name Dispute Resolution Policy.
   
   
5. How do I stop these notices from being sent to me?
   
   Check out Webnames Privacy Service which protects you from spam, telemarketers, and identity and domain theft. You will only receive official correspondence from Webnames.ca and the Registries and all other companies will be blocked out.
   

The main point to remember when receiving any communication is to read it fully and carefully (including the fine print) so you understand what the information is. Always deal with companies you know and trust.  Most importantly, if ever you are unsure as to the legitimacy of a notification, contact us at support@webnames.ca and we will be happy to review the notice you received.

The Register.co.uk published an article last week about how dot-tel will be unattractive to cybersquatters because it does not host websites, only contact information that will be sent to Internet-enabled devices.

Cyberquatters make money by placing pay-per-click advertisements on web pages that are set up on domain names which visitors assume belong to a legitimate organization. For example, look at the advertisements set up on http://www.costcowholesale.ca/. Seeing the domain name, it's safe to say a visitor would assume this domain belonged to Costco Wholesale Canada and that an official website for this company could be found at this URL.

Because a dot-tel can only contain contact information and keywords, cybersquatting activity of this type will not work. While this is positive in some respects, it does not mean abuse cannot occur because not all cybersquatting hinges on creating a revenue stream from advertising.

Another type of cybersquatting activity is when an individual registers domain names related to well known companies, brands or products. Typically they hold on to these domains hoping the legitimate namesake will cough up some cash rather than undergo a time consuming domain dispute resolution process. 

When you think about it, dot-tel's unique qualities make it a highly important piece of internet real estate to secure. Dot-tel would enable a cybersquatter to input information of their own choosing in the contact fields, and redirect a visitor to whatever website, phone number or email address they wish. There is serious potential for a company's brand and good name to be compromised and their customers diverted to competing interests with dot-tel. With this in mind, it is critical that companies with registered marks register their dot-tel names during the Sunrise registration period that is restricted to trademark holders.

Read the Register article - New no-advertising domain will deter some cybersquatters.
Click here for more information on dot-tel.

Timeline
Sunrise Registration (registered trademark required) - Dec 03, 2008 - Feb 02, 2009
Landrush Registration - Feb 03 - Mar 23, 2009
General Registration - Opens Mar 23, 2009

My teenage children both asked me to pre-book them a .TEL name last week. On the face of it, it's just a question of submitting the domain request, but the process turned into something a lot more long winded and raised some serious concerns around privacy, identity theft and spam.

The lighter side of the conversation was about the name itself. I assumed that they would want something simple like first name, last name. What came back was much more entertaining - at least to a 16 year old and his peers.

I tried to explain that what seemed like a good, humorous name now may not stand the test of time. As the conversation continued however, my view point changed.

It's not that the suggested names grew on me, but rather the realization that I didn't want anyone to be able to be able to look up their .TELs, even with the built-in privacy.

What emerged was a strategy that would protect their identities but allow them to use the .TEL with their friends.

Does a 16 year old need a .TEL name?

The easy answer is of course not. But then again, they don't really need a cell phone, a plan with unlimited texting, a Facebook account, an e-mail address, a computer, Xbox Live account or any of the other bits of technology that many 16 year olds enjoy.

However, they really don't need a .TEL name at 16. For the most part, their group of friends is relatively fixed and as a parent, I don't want my son sharing information with friends met online.

However, it is new and it's cool in a geeky kind of way, and I must admit I also didn't  see the point of Pokemon cards a few years back. My concern with getting him a .TEL name is that it doesn't land him in any more trouble than Picachu would have.

The Plan

What emerged from out discussions was a plan with some criteria. The plan was a little different for my daughter, who's 18 and at university, but for the most part, the same criteria applied.

• Zero Information Leakage
• Zero Spam
• Transparent to Dad
• Extensible to adulthood

Zero Information Leakage
The first concern is that no information that reveals anything that might be used to cause harm would be allowed. To this end, the names we chose do not identify them to strangers. For my son, this was a nickname that friends would appreciate and for my daughter, her first name and last initial. On top of that, the only public information that will be available is the .TEL name itself and since this isn't an identifier, it causes no harm.

Friends and family of course will be able to see phone numbers, gaming handles, Facebook profiles, instant messaging handles and so on, but only once they've been authorized to do so.

The .TEL is a domain name and is subject to the whois information being published. Individuals however may elect to hide the whois information, stemming any leakage of information.

Zero Spam

One of the big fears about .TEL is that it will be a spam magnet. By making e-mail addresses public, there is the possibility that an e-mail address could be  'scraped' and distributed to spammers; however by not making any information public - or simply not publishing your e-mail publicly, this concern goes away.

Parental Transparency

Not too tricky as Dad is going to be have administrator access and will be able to ensure that everything stays secure. It may take a slightly longer discussion with my daughter to explain the benefits of this, but as a family, we've grown up with technology and have a good understanding about the balance between parental oversight and respect for privacy. As the kid's knowledge and understanding of administration grows and Dad grows more confident of their abilities, Dad's role will likely to become more one of technical support.

Extensible to Adulthood

It's unlikely that my son will want to keep his name past the end of school. For this reason, we also chose a second, more staid name that he can use in his professional life. When he's ready to transition, we'll simply create a reference in the old name and point it to the new name. This will allow his friends to make the relevant updates and we'll eventually retire the old name. For my daughter, we also chose a second name, so she has a choice should she want to transition in the future.

Yes, it's a bit more expensive to maintain two names, but there are a finite number of .TEL names and our sense is that if competition for names is high, we'll have invested well in getting our children good .TEL names for the future.

Final Thoughts on .TEL Names for Teenagers

I recently advised some friends not to get their 17 year old a .TEL name for use now. I did suggest considering registering a name that their child could use in the future, when she finished school. Since her name is quite unique, they can probably wait a bit and see how the .TEL develops.

Personally, I see the .TEL target market as the 24-35 group, but I have to admit interest in seeing whether the younger markets pick up on it. I'm still stunned by the amount of information young people seem to share about themselves on Facebook and mySpace.

.TEL is an address in a global directory and while it's tempting for kids to want to be there, it's important that parents take an active role in monitoring this and ensure that apart from known friends and family, their information remains strictly unlisted.

------------------------------------------------------

Click here for more information on .TEL

Privacy and security are often among the early concerns voiced by people excited about the new .TEL names. Fortunately .TEL provides a way for each .TEL owner to easily set their own levels of security, based on their needs and comfort levels.

Once you've registered your .TEL name, you'll be able to configure and manage the information through the TelHosting interface.

You'll start by adding some contact information. For example:

• Home Telephone
• Work Telephone
• Cell Phone
• Work E-mail Address
• Gmail Address
• MSN Instant Message ID
• Work Website

Once the information is entered, you can create security groups to which users may be added. For example:

• Friends
• Family
• Coworkers
• Business Associates

From there, it's simply a question of mapping contact information to security groups to determine who can see what information.

In this example, the only thing that a member of the general public could see is your work website address.

Friending Requests

To see more information, someone would have to send a "Friending" request. This is a request that includes their name, email address and a short message. You can manage your friending requests through the TelHosting interface and assign each requestor to the appropriate group. If you don't know the friending requestor, simply decline the request.

1028 Bit Encryption

All private contact records (held as NAPTR records in the DNS) are encrypted with 1024 bit encryption, so unless you explicitly allow someone to see a record through the security groups you create and the friending requests you allow, there's no way for them to see your information.

Public Key Encryption

The friending process is built on a popular and well used security model based on public and private "key" pairs. When you allow someone you've 'friended' to see secured information, the system encrypts the data using their public key. No one other than the recipient can unlock the data, but when the recipient receives the information, they can unlock it using their private key.

This is all managed transparently by the TelHosting software so it's not something you need to be knowledgeable about in order to use it.

-------------------------------------------

Click here for more information on .TEL