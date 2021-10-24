



The “next major threat” is which domain name Microsoft’s latest annual security report writes to a distributed ledger that is maintained throughout the computer’s constellation, rather than being stored in a traditional centralized registry. Is it characterized as?

Storing a domain name on the blockchain can make it difficult to shut down the domain name or track its owner. Also, you will not be able to access it without special software or settings.

“In recent years, we’ve observed blockchain domains integrated into cybercrime infrastructure and operations,” the report said, nodding to Microsoft’s experience of disrupting a botnet called Necurs last spring.

The botnet used a domain generation algorithm to create new hosts in bulk. This includes under the top-level domains of the .bit blockchain, so it cannot be policed ​​like .com or other standards-compliant domains.

Due to potential exploitation, a group called OpenNIC, which promotes the replacement of traditional Domain Name Systems, blocks .bit domains “so that organizations are not directly responsible for creating entirely new classes of malware.” Voted for 2019.

Add a Microsoft report. “This trend of threats to leverage blockchain domains as an infrastructure with the means to create an indisputable criminal network should be taken seriously.”

can not stop”

On the other hand, there is a general reaction among supporters of the decentralized Internet to the criticism that blockchain domains cannot be removed. Yes, that’s right.

A blockchain domain registrar, Unstoppable Domains, sells on its home page as follows: !! ). “

One-time registration fees for blockchain top-level domains such as .crypto, .wallet, .coin, .888, and .x range from $ 20 to $ 100, but costs for shorter, more memorable domains. Can rise dramatically. For example, potomac ver.x costs $ 100, while potomac.x costs $ 7,500.

In an email, Matthew Gould, CEO of Unstoppable Domains, rejected the idea that a San Francisco-based company was an irresponsible actor. He mentions the company’s trademark compliance policy (the site is unable to initiate registration of fastcompany.x and displays the domain as “protected”) and measures to screen applicants. bottom.

“We also prevented domain registrations related to known pirated software and other types of IP theft and fraud,” he wrote. Proprietary Cryptocurrency Wallet — The former option is an easier route that about 75% of registrants use today.

Gould also rejected the notion that blockchain domains were optimized for malware and instead argued that they would increase the credibility of cryptocurrency transactions.

“Because this is a best practice, anonymous users want to generate a new address every time,” he writes. “The domain creates a single, immutable endpoint that actually reduces the anonymity of cryptocurrency payments.”

Microsoft has refused to extend the findings of the report.

Requires a special browser

Sean Gallagher, a senior threat researcher at research firm Sophos, said that malware uses blockchain domains, but because malware cannot spread through different types of malware, it requires custom routing. I wrote in an email that it is an inefficient option against attacks. Web browsers that do not support domains. He also said that blockchain domains have less privacy than Tor, a cloaked routing system used to circumvent many censorship regimes. “They do not provide anonymity to the destination.”

The easiest way to route yourself to a blockchain domain such as brad.crypto, the web space of Bradley Kam, co-founder of Unstoppable Domains, is one of the few that already supports that namespace, such as Chrome-based privacy optimization. Is to use one of the browsers. Brave. Type brad.crypto in Brave’s address bar and click to accept blockchain routing to see Kam’s gallery of NFT (Non-Fungible Token) artwork.

Kevin Werbach, a professor at the Wharton School of the University of Pennsylvania, said he had just registered kwerb.eth (the suffix refers to another blockchain domain system, the Ethereum Name Service), and blockchain domain browser support I suspect it will be expanded at any time. soon.

“Google, Apple, and Microsoft aren’t going to provide native support without a comfortable level to address these concerns,” he wrote. This will encourage people to switch browsers, install browser extensions, customize DNS settings, and more. The latter two methods are a type of tinkering that can be exploited by malware.

“DNS has security vulnerabilities that are partially due to a centralized structure, but placing domain names on the blockchain poses a new set of security risks,” Werbach added. “I don’t think we have enough knowledge to make a clear statement about the magnitude of the relative risk.”

The general bubbling of cryptocurrency and blockchain hype provides a reason for skepticism.

Mike Masnick, publisher of the Techdirt tech-policy blog and advocate of the more decentralized social internet, said, “Both different types of incentive structures and structures that give users more control over their information. I praised the possibility of creating a blockchain domain. “

But then he said that today’s blockchain space is “almost completely filled with profit-seeking mercenaries, which has some useful factors in terms of funding and encouraging certain actions. But there is also the real possibility of prioritizing pure interests over society. Benefits. “

Masnick does not point out similarities to today’s commercial social media. But why does he have to?

