Home
 » ISP News » 
Sponsored Links

UPD3 Nominet UK Bodge Risks Google.c.uk and BBC.c.uk Typo Security Threat

Friday, Aug 1st, 2014 (11:31 am) - Score 1,609

Nominet, which handles the registry of .uk Internet domains, is no stranger to controversy and some of their decisions over the years have caused plenty of head scratching. The latest bit of fun seems to be as a result of their new .uk rules, which have allowed typos for UK sites (e.g. bbc.c.uk, google.c.uk and hsbc.c.uk) to go to a different server (you can do it for almost any .uk or .co.uk domain).

At one point or another most of us will have miss-typed a domain name and in the past this was used by hackers and phishers to trick people into visiting fake versions of legitimate websites and brands. For example, it’s perilously easy to type google.c.uk instead of google.co.uk, the difference is that the .co.uk will take you to the real website while c.uk takes you to a completely separate site that could be exploited.

Advertisement

On top of that the text-prediction used by most web browsers can mean that once miss-typed you are highly likely to land upon the same fake site a second time when trying to type it again because the browser corrects your address to the previously typed one, which by now we’re all automatically attuned to accept (I’ve done it a few times by accident while testing for this article).

The situation appears to stem from the November 2013 introduction of Nominet’s new .uk namespace (here) and its associated rules (here), which is perhaps a risky approach to take when the potential collision space is so large (i.e. the owner of c.co.uk got c.uk by default = mass website redirection fun). But far from making .uk domains more secure it appears as if Nominet’s current approach could risk opening a door to scammers.

The introduction of the new .uk name (i.e. being able to register examplz.uk rather than just examplz.co.uk) was highly controversial and occurred against a background of strong opposition, with some viewing it as a victory of profit over sense. Never the less it happened and one of the consequences seems to be that Nominet has effectively allowed someone to register c.uk and thus redirect innocent typos into its clutches. ISPreview.co.uk has contacted Nominet for comment.

UPDATE 1:19pm

Advertisement

As some readers have pointed out claims.co.uk, a law firm for personal injury claims, owns the c.co.uk domain and under the .UK rules this meant they automatically got .c.uk without any checks. It’s unclear why claims.co.uk is allowing the domain to be used in such a way, although it’s possible they aren’t aware.

The registrar for the .c.uk domain itself goes back to the Dark Group Ltd t/a YSH (http://www.ysh.uk), which is the same organisation behind broadband ISP Fast.co.uk. ISPreview.co.uk has shot off a message to Fast.co.uk’s Mark Baker in the hopes of getting more information. In the meantime.. still no reaction from Nominet.

Domain name:
c.uk

Registrant:
Claims.co.uk Ltd

Registrant type:
UK Limited Company, (Company number: 6843986)

Registrant’s address:
Suite 5083
6 Slington House
Rankine Road
Basingstoke
Hampshire
RG24 8PH
United Kingdom

Data validation:
Registrant contact details validated by Nominet on 30-Oct-2013

Registrar:
Dark Group Ltd t/a YSH [Tag = YSH]
URL: http://www.ysh.uk

Relevant dates:
Registered on: 10-Jun-2014
Expiry date: 10-Jun-2024
Last updated: 17-Jun-2014

Registration status:
Registered until expiry date.

Name servers:
buy.internettraffic.com
sell.internettraffic.com

UPDATE 1:54pm

Fast.co.uk’s Mark Baker has informed ISPreview.co.uk that one of their customers changed the name servers for the offending domain to those of a “parking company who appear to have enabled wildcard DNS, hence anything.c.uk resolves” (i.e. it doesn’t appear to be specifically targeting popular brands and sites – it just hits everything the same). Baker noted that he couldn’t be “sure if that behaviour is intentional on our clients part“. Meanwhile the problem persists. Oh c.uk.

Advertisement

UPDATE 3:30pm

We had hoped that Nominet might wish to take this more seriously..

A Spokesperson for Nominet told ISPreview.co.uk:

Use of a domain name for unlawful purposes, or in a way that infringes the intellectual property rights of third parties is contrary to the terms and conditions of domain name registration, to which all registrants must agree. If any use of a .uk domain name comes to our attention that appears to be in breach of those terms, we would cooperate with law enforcement agencies in order to take any appropriate steps, and would reserve the right to take any action open to us under the registration contract.

In the case of the domain name c.uk it would appear that the registrant is redirecting all c.uk sub domains to www.c.uk, not targeting or imitating any specific websites. We have no indication that www.c.uk is being used for any unlawful purpose.”

Tags:
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.00
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £26.50 - 27.00
150Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
New Forum Topics
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £19.00
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £22.99
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5721)
  2. BT (3570)
  3. Politics (2602)
  4. Openreach (2342)
  5. Business (2324)
  6. Building Digital UK (2277)
  7. FTTC (2061)
  8. Mobile Broadband (2039)
  9. Statistics (1830)
  10. 4G (1724)
  11. Virgin Media (1674)
  12. Ofcom Regulation (1494)
  13. Fibre Optic (1427)
  14. Wireless Internet (1417)
  15. FTTH (1383)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon