» ISP News » 

UPD3 Nominet UK Bodge Risks Google.c.uk and BBC.c.uk Typo Security Threat

Friday, August 1st, 2014 (11:31 am) - Score 1,609

Nominet, which handles the registry of .uk Internet domains, is no stranger to controversy and some of their decisions over the years have caused plenty of head scratching. The latest bit of fun seems to be as a result of their new .uk rules, which have allowed typos for UK sites (e.g. bbc.c.uk, google.c.uk and hsbc.c.uk) to go to a different server (you can do it for almost any .uk or .co.uk domain).

At one point or another most of us will have miss-typed a domain name and in the past this was used by hackers and phishers to trick people into visiting fake versions of legitimate websites and brands. For example, it’s perilously easy to type google.c.uk instead of google.co.uk, the difference is that the .co.uk will take you to the real website while c.uk takes you to a completely separate site that could be exploited.

On top of that the text-prediction used by most web browsers can mean that once miss-typed you are highly likely to land upon the same fake site a second time when trying to type it again because the browser corrects your address to the previously typed one, which by now we’re all automatically attuned to accept (I’ve done it a few times by accident while testing for this article).

The situation appears to stem from the November 2013 introduction of Nominet’s new .uk namespace (here) and its associated rules (here), which is perhaps a risky approach to take when the potential collision space is so large (i.e. the owner of c.co.uk got c.uk by default = mass website redirection fun). But far from making .uk domains more secure it appears as if Nominet’s current approach could risk opening a door to scammers.

The introduction of the new .uk name (i.e. being able to register examplz.uk rather than just examplz.co.uk) was highly controversial and occurred against a background of strong opposition, with some viewing it as a victory of profit over sense. Never the less it happened and one of the consequences seems to be that Nominet has effectively allowed someone to register c.uk and thus redirect innocent typos into its clutches. ISPreview.co.uk has contacted Nominet for comment.

UPDATE 1:19pm

As some readers have pointed out claims.co.uk, a law firm for personal injury claims, owns the c.co.uk domain and under the .UK rules this meant they automatically got .c.uk without any checks. It’s unclear why claims.co.uk is allowing the domain to be used in such a way, although it’s possible they aren’t aware.

The registrar for the .c.uk domain itself goes back to the Dark Group Ltd t/a YSH (http://www.ysh.uk), which is the same organisation behind broadband ISP Fast.co.uk. ISPreview.co.uk has shot off a message to Fast.co.uk’s Mark Baker in the hopes of getting more information. In the meantime.. still no reaction from Nominet.

Domain name:

Claims.co.uk Ltd

Registrant type:
UK Limited Company, (Company number: 6843986)

Registrant’s address:
Suite 5083
6 Slington House
Rankine Road
RG24 8PH
United Kingdom

Data validation:
Registrant contact details validated by Nominet on 30-Oct-2013

Dark Group Ltd t/a YSH [Tag = YSH]
URL: http://www.ysh.uk

Relevant dates:
Registered on: 10-Jun-2014
Expiry date: 10-Jun-2024
Last updated: 17-Jun-2014

Registration status:
Registered until expiry date.

Name servers:

UPDATE 1:54pm

Fast.co.uk’s Mark Baker has informed ISPreview.co.uk that one of their customers changed the name servers for the offending domain to those of a “parking company who appear to have enabled wildcard DNS, hence anything.c.uk resolves” (i.e. it doesn’t appear to be specifically targeting popular brands and sites – it just hits everything the same). Baker noted that he couldn’t be “sure if that behaviour is intentional on our clients part“. Meanwhile the problem persists. Oh c.uk.

UPDATE 3:30pm

We had hoped that Nominet might wish to take this more seriously..

A Spokesperson for Nominet told ISPreview.co.uk:

Use of a domain name for unlawful purposes, or in a way that infringes the intellectual property rights of third parties is contrary to the terms and conditions of domain name registration, to which all registrants must agree. If any use of a .uk domain name comes to our attention that appears to be in breach of those terms, we would cooperate with law enforcement agencies in order to take any appropriate steps, and would reserve the right to take any action open to us under the registration contract.

In the case of the domain name c.uk it would appear that the registrant is redirecting all c.uk sub domains to www.c.uk, not targeting or imitating any specific websites. We have no indication that www.c.uk is being used for any unlawful purpose.”

Leave a Comment
7 Responses
  1. Avatar TomL says:

    But can’t only one person register c.uk? and then have to create ALL the fake subdomains like suggested? I think the authorities might already be keeping a close eye on that getting purchased. Plus this will be reserved for the person who already owns c.co.uk until 2017 anyway.

    1. Avatar Vince says:

      No need to create the sub-domains specifically.

      You can wildcard with one entry in DNS, so not tricky or difficult.

  2. Avatar Richard says:

    You’re right of course Tom, except that it already exists – anything.c.uk is redirected to http://www.c.uk, which is merrily making money from advert clicks as we speak.

  3. Mark J, as Nominet members ourselves, these domains should fail data validation and thus get pulled fairly quickly. However, as claims.co.uk own the c.co.uk they automatically got .c.uk without any checks. Questions clearly need to be asked of claims.co.uk moral standing.

    The Dark Group, who have the domain on their tag, may take a dim view of the domains use, however, it’s been a while since I’ve spoken to Mark @ Dark

    Nominet seem fairly on the ball if they are informed.

    1. Mark Jackson Mark Jackson says:

      Connects us neatly to broadband ISP Fast.co.uk and I’ve shot off a message to Mark to see what his thoughts are.

    2. Avatar Chris says:

      After reading this comment about claims.co.uk’s moral understanding I was interested to have a look myself. It seems claims.co.uk have fairly good morals when making comparisons to other claims websites. A small company that appear to give to different types of charities.
      Have a look – http://www.claims.co.uk/about/charity

      I also found this link after searching ‘claims.co.uk’ in google search (page 4) http://www.rspb.org.uk/news/details.aspx?id=361153 – quite an interesting article.

  4. Interesting topic shown here, i am now working on it regularly here and would say keep the future posts like this continusoly.

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £22.00
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Onestream £22.49 (*29.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • Vodafone £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2768)
  2. FTTP (2745)
  3. FTTC (1783)
  4. Building Digital UK (1740)
  5. Politics (1662)
  6. Openreach (1619)
  7. Business (1428)
  8. FTTH (1340)
  9. Statistics (1240)
  10. Mobile Broadband (1221)
  11. Fibre Optic (1062)
  12. 4G (1052)
  13. Wireless Internet (1020)
  14. Ofcom Regulation (1014)
  15. Virgin Media (1004)
  16. EE (696)
  17. Sky Broadband (668)
  18. Vodafone (666)
  19. TalkTalk (661)
  20. 5G (514)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact