New top-level domains unlikely to be a panacea for phishing

Three of Australia's Big Four banks have applied for new domains under ICANN's TLD scheme

A number of financial institutions have jumped on the Internet Corporation for Assigned Names and Numbers' (ICANN) opening up of a round of application for 'dot word' domains.

The forty domains applied for by Australian organisations include a handful proposals lodged by financial institutions. Three of the Big Four have participated in the process, with ANZ applying for .anz, National Australia Bank applying for .nab and .ubank and the Commonwealth Bank applying for three domain suffixes: .cba, .netbank and .commbank.

Unlike current domains like .com and .net, which are effectively open slather in terms of usage, the new top-level domains (TLDs) can be managed under more stringent regulations set by the successful applicant. For example, Western Australia physiotherapist Glenn Ruscoe has applied for .physio, which he intends to restrict to registered physiotherapists only. This means applicants for a .physio domain will be required to provide their credentials proving they are a qualified physiotherapist.

The banks are yet to give an indication of how they will use the new domains (CBA issued a brief statement saying, "Commonwealth Bank can confirm we have applied to ICANN to register the generic Top Level Domains (gTLD) .cba, .commbank and .netbank. We are excited to achieve this first milestone and look forward to the upcoming ICANN approval process.”)

However, the applications for new TLDs should help banks provide another way that consumers can verify a website is genuine before conducting financial transactions, such as online banking.

The new domains will not be a panacea for phishing attacks, however, according to the Asia Pacific director of security firm Sophos, Rob Forsyth. Forsyth noted that the underlying architecture of the internet will remain the same after the new domain suffixes are introduced. "I see it as having perhaps a very small improvement, but in reality it's business as usual," Forsyth said.

"I think there's still a bit of caveat emptor — let the buyer beware — with clicking on any links."

For example, browsers will still be vulnerable to spoofing of their location bar by adding a phoney URL followed by a series of spaces, with the actual URL being navigated to appearing on the right-hand side of the bar.

Rohan Pearce is the editor of Techworld Australia. Contact him at rohan_pearce at idg.com.au.

Follow Rohan on Twitter: @rohan_p

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: ANZ, CBA, Commonwealth Bank, ICANN, Internet Corporation for Assigned Names and Numbers, National Australia Bank, NN, Sophos
References show all
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers

NBN Co hits 105Mbps in limited FTTN trial

READ THIS ARTICLE
MORE IN Social Networking
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia