I guess some of you may have a question already – what is a TLD? Well, first things first, you don’t need to worry about getting tested. Even if you had a very good Saturday night.
The letters TLD actually stand for Top Level Domain and refer to what you see after the “.” when you type in the name of a web site. So for security-faqs.com the TLD would be the “.com” part. The same thing is true with any other TLDs such as .net, .org and many others.
So you might be wondering how can a few letters at the end of a domain name affect your cyber security, especially if there are more of them? That is what I am going to explain in this article. While there have always been a large amount of TLDs the reason why this has come up is because of a new ruling by ICANN (the guys who oversee the domain name system) which will allow companies to make their own TLDs.
An example of this might be if the company Coca-Cola would like to make one all they would have to do is pay $180,000 and ICANN would allow them to do so. They would then be able to send you to a web page that has been created with a specialised TLD such as “drink.coke”. While this idea itself is not bad, if you look long term then you can probably see the potential of abuse is definitely there. And that is what this article is about. How can TLDs be used against the average user when it comes to security?
The problem with so many TLDs
The most direct problem with so many TLDs besides them being confusing is that someone is easily able to duplicate a popular web site. For example, if you are trying to duplicate Google.com then all you would have to do is wait for a company who is outside of the borders when it comes to copyright laws to open a new TLD and someone could register Google.thiscompanyname. We say that it has to be a company outside of the United States or any other country that respects copyright because if you tried to use Google in that way here it would get shutdown very quickly. But you have to remember that the internet is global and not all countries respect the copyright laws in the same way. So you could easily see a company, or even a highly profitable illegal operation using this back door to be able to trick people into using their version of Google.
But a company like Google has the money to be able to buy all versions of their name. What about a small company who doesn’t? How are they going to be able to protect their name when there are so many endings of it coming out all of the time? When they become a bigger company they will probably be able to buy them all but by that time someone might have already scooped them up. It is very hard when you are a company that is just starting out to be able to afford all versions of your domain name. And with so many end users not being educated on how to tell if a domain is real or not this can mean real trouble. This is one of the ways that phishing attacks are so successful. People see the name of the web site but they do not look at the endings. They do not realize that someone just has made a sub domain on their web site with a totally different primary domain name.
Stopping any problems with the new TLDs
The only way to stop this from being a problem is to educate the end users about TLDs and looking at the whole domain and not just the first couple of letters. They need to know whether the web site that they are looking for is a .net or a .com. Most people assume those .coms are the only TLDs out there and they have not bothered about learning the rest. If we teach people to look for that part of the domain as well then we will not only help solve the problem with the new TLD’s but also phishing attacks in general.
The new TLD’s could be a problem but only if we let them be. Just like anything else on the internet, education is the key. The more people who get used to the internet the more simple matters like the new TLDs seem to bother them.