NSFOCUS, our newest data provider

We are pleased to welcome Chinese security firm NSFOCUS as a new data provider! NSFOCUS joins Google and Sunbelt Software in feeding our Badware Website Clearinghouse with updated information about URLs they have discovered to be bad. Like all of our data providers, NSFOCUS will participate in our independent review process.

We are particularly excited to work with NSFOCUS because their team's extensive knowledge will give us insight into the often opaque world of Chinese networks and hosting providers.

NSFOCUS's press release about the data provider arrangement can be found here.

Google's new stance on China raises interesting badware questions

Posted on January 13, 2010 - 15:53 by zeroday

Everyone is talking about Google's latest move with regard to China and there is a possibility they will pull out of the country. If that were to occur there is the possibility that China will begin blocking Google from within the country. This raises some interesting questions for us here. Google provides the badware URL feed to Firefox browsers which prevents web surfers from viewing pages laden with infections. Will this tool continue to work for those in China?
We also receive appeals from Chinese webmasters whose sites have been infected, that produce warnings in Google's search results. Will we see a drop off in appeals? Will those webmasters have the ability to use Google's webmaster tools to manage the process of delisting themselves once they've cleaned their infection?

China restricts registration of .cn names

The China Internet Network Information Center (CNNIC) announced new rules a few days ago that are intended to "enhance the authenticity, accuracy, and integrality [sic] of the domain name registration information."
These rules require applicants for .cn domain names to submit copies of their business license and personal ID for review by the registrar within five days of registering the name. There are two big questions that aren't clear from the announcement:
First, does the requirement to submit a business license apply only to registrations on behalf of businesses, or does this mean that individuals are no longer allowed to register .cn domain names? The latter would be a substantial restriction on the Internet privileges of individuals in the country.
Second, what happens between the time an online registration occurs and the end of the five day period? Is the domain active during this time, or does the domain not become active until after the paperwork is reviewed? The exact language is "From the day of the submission of online application, if CNNIC does not receive the formal paper based application material within 5 days or the application material auditing is not qualified, the domain name to be applied will be deleted." This implies that someone can sign up for a domain name with fake information, use it for five days, and then have the name revoked. I suppose that's better than being able to use a fake domain indefinitely (sort of - it may make tracking down the perpetrator more difficult), but we've seen with domain tasting that this can be abused for creating ephemeral phishing and malware sites.
Underlying all of this, of course, is a long-running battle between privacy advocates who argue that being able to anonymously register a domain name extends the free speech opportunities, especially for dissidents in repressive regimes, and the security and law enforcement communities, which fret about the lack of accountability if the operator of a domain name cannot be tracked down. I'm not sure whether ICANN's requirement for registrars to disable domains with false registrant information applies to country-level TLDs, but the CNNIC policy for .cn domains would certainly be consistent with that requirement, if more heavy-handed than we've seen from most registrars.
[Update 12/18: Berkman Center Fellow Donnie (Hao Dong) posted this piece explaining even more aggressive measures being taken by the Chinese government to crack down on malicious use of domain registrations. This will almost certainly reduce the number of misused Chinese domain names, but as indicated above, we may see some additional consequences.