05 March 2013

Domains

Posts relating to the category tag "domains" are listed below.

21 October 2008

Flyposting on Your Shop Window

You might not have revenue-earning banner adverts on your web site. But here are some more ways other organisations find to advertise on your property.

In my post a month ago Someone Could Be Advertising on Your Web Site I mentioned the need to check all domains - not just the one being used by your corporate web site. Whilst doing some research on companies regulated by the Financial Services Authority, I came across some more examples for you.

This advertisement appears when a domain, used by a company only for its email, is requested in a web browser:

Advert for a hosting company on a domain used only for electronic mail

And, this one is apparently for a web site which has been removed, yet the domain is also currently being used for email:

BT's announcement on a web domain used for email, advertising their services

But it's not always non-standard domains that can have problems. I was very surprised to see these links appearing at the top of one firm's home page and the pop-up advert window:

Details of the host companby and their services appear as a header on the website

I wonder if anyone has checked their site recently? Try to keep a schedule of all domain names owned and used by your organisation. Record the registrars, contacts, renewal dates and any associated certificates. Periodically test all the domains to check they are only being used for your own approved purposes, and are not providing advertising space for others, or leaking details about your organisation or systems.

Posted on: 21 October 2008 at 07:52 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

16 September 2008

Moving Web Hosting Offshore

Changing a web site domain name can be search engine suicide, but there are many other considerations raised by moving hosting to the United States - the Data Protection Act 1998 in particular.

In mid-August, E-consultancy.com's Chief Executive announced on their forums their web site will be transferred to a new domain and move from UK hosting, to the United States (US). He had posted the message to gain feedback and suggestions of the effect to their search engine listings. The new host name will be www.econsultancy.com rather than the current www.e-consultancy.com (with a hyphen).

Apart from the search engine optimisation issues, and my previous post about domain due diligence, the discussion in the forum has touched on data protection issues. It appears that additional thought needed to be put into this matter before moving the site hosting and current data abroad.

One contributor even suggested "go for second-best practice and get the job done quicker and more cheaply". But E-consultancy Limited are more professional than that. They seem to have put significant effort into consideration of their privacy previously. They are a current registered data controller. They are also signed up with TRUSTe's privacy program for the web site, although such programs have debateable value.

Web site users are bound by a user agreement (the terms and conditions for using the E-consultancy.com web site) referencing the privacy policy which states:

TRUSTe operates as a third-party "watch dog" by auditing privacy practices to make sure that they are in compliance with TRUSTe's privacy standards. In as far as this represents best practice on the web, e-consultancy.com is committed to complying with these standards so that members can feel secure in the knowledge that their personal data is properly managed.

The privacy policy says the data are hosted in the UK:

Your Personal Information is stored in our databases, which are located in the UK. Please note that the information you enter may at some time be transferred outside the European Economic Area for the purposes of processing by E-consultancy.com or any of its affiliates. By submitting your information, you consent to this transfer.

This text has been on this page since the site was launched in 2001 - see the December 2001 copy of the page in the Way Back Machine Internet Archive.

I believe storing the databases outside Europe is different to transferring it outside for processing - and I think users and members would maintain that too. I hope E-consultancy Limited consider the effects and get some good legal advice sooner, rather than later. Perhaps "opt in" to the change rather than "opt out" will be necessary?

I'm also a little worried about their registration as a data controller - only having one data use purpose of "consultancy and advisory services" appears to be a bit simplistic - you'd assume there would be at least some "staff administration", "advertising, marketing and public relations" and "accounts and records" going on.

Frank Jennings has written some timely advice for organisations planning to move data offshore in his September SC Magazine blog post "Legal matters: In the age of consent". This includes a discussion on the principle of "safe harbor" - harmonisation of data privacy practices in the less strict US. See also the guidance at Out-Law.com on "Overseas transfers of personal data".

Posted on: 16 September 2008 at 10:40 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

22 August 2008

Which Type of SSL Certificate Should You Purchase?

Extended Validation (EV) SSL certificates have been available for 18 months, but despite the hard sales push, many web sites are continuing to use non-EV certificates. EV certificates cost significantly more but I don't think the case for their use is yet proven.

During 2006, the SSL Certificate Authorities (CAs) and browser vendors approved standard practices for certificate validation and display called the Extended Validation Standard. This was in reaction to the widespread sale of low-cost SSL certificates which did very little, if any, checking of the purchaser's details. The validation process is meant to establish the legal identity as well as the operational and physical presence of website owner, the identity of the individual making the request and that they have full control over the address/URL being used. In Internet Explorer (IE) 7 web browser, the address bar turns green when a trusted and display the organisation's name, current EV SSL certificate is in use (may require an update from Microsoft depending upon your operating system):

Partial screen capture of a web browser showing the green address bar that appears in IE7 when a valid Extended validation SSL certificate is in use

Users of Firefox 3 (and Firefox 2 with an extension) see something similar. But despite steady worldwide growth many UK web sites are continuing to use non-EV certificates:

Partial screen capture of a web browser showing the address bar when a conventional SSL certificate is in use

For an excellent insight into what EV SSL certificates offer, read Ivan Ristic's ModSecurity Blog post "Extended Validation Certificates: A Change for the Better (But Not Enough)".

If your competitors are using EV certificates, it might be worth buying one too, but they are costed at a premium and I don't think consumers are avoiding web sites with conventional certificates. Since some UK online banks aren't using them, I suspect the time to join the bandwagon hasn't yet arrived:

Partial screen capture of a web browser showing the address bar when a conventional SSL certificate is in use by an online bank

Perhaps when the cost differential reduces, more site owners will begin to buy them. This isn't yet something you need to be ahead of the wave on.

Posted on: 22 August 2008 at 08:50 hrs

Comments Comments (1) | Permalink | Send Send | Post to Twitter

15 August 2008

Is Your Web Site on Virtual Contaminated Land?

When we set up a web site, how much thought should we give to the previous use of the Internet Protocol (IP) address and domain name? Any previous use could spell disaster for a new web site.

When you buy a house your conveyancing solicitor will undertake local searches and review the Home Information Pack. For commercial transactions, organisations will usually undertake some form of due diligence checks including enquiring about previous uses of the site and adjoining properties using old maps and information from the local authority. No-one wants to inherit the liability for contaminated land, for example from a previous gas works, tanning plant or dye manufacturer that occupied the site.

Instead of chemical threats, web sites need some virtual due diligence, when setting up a new site or moving to a new hosting company or domain. It may also be an issue if your hosting company is changing their IP address ranges and this affects your servers. The threats are to your organisation's reputation if it becomes associated with something contrary to its beliefs, objectives or might upset its customers, clients or users. It could also lead to a lack of availability if the address is blocked by spam or web filtering gateways.

The Domain Name Service (DNS) is responsible for translating between human-friendly domain names (e.g. www.clerkendweller.com) and and machine-friendly IP addresses (e.g. 217.33.198.55). If a hosting company loses a client, they are very likely to re-allocate their web site's IP address to a new customer.

For a new IP address on your existing domain (e.g. a server move), my recommendation is to obtain details of:

  • How long the IP address has been allocated to the hosting company
  • All domains assigned to the IP address previously
  • Details of the organisations who own those domains
  • Check what is hosted on 'nearby' IP addresses i.e. in the same address block
  • Check what else is listed on the same domain name servers and the company who operates them

For a new web domain, check:

  • Ownership history
  • Current and prior internet usage (web, email, ftp, etc)
  • Check the IP addresses for both of these (as above)

Then, evaluate whether there is anything you might not want to be associated with or has been excluded by web/email filtering/firewall systems due to what it has been used for or the content it contained. Check other server IP addresses as well (e.g. your mail server) if this is changing as well. Also check what else is hosted on 'nearby' IP addresses in the same range.

For a new web domain, use tools like Netcraft, Site Advisor, The Way Back Machine and Google searches to investigate prior use. Check with suppliers of web filtering gateways and providers of reputational services whether the domains are blacklisted.

For mail, the Spam and Open Relay Blocking System (SORBS) and Spamhaus list potentially problematic spam sources and open mail relays. There are many more similar searchable spam lists listed at dr.moensted. You may also want to check whether Hotmail, GMail and AOL treat the IP or domain as a source of spam.

If you are purchasing an existing domain name, as opposed to registering one from scratch, check its previous and current use. Some companies serve advert pages for domains they own but are not allocated to a web site - be very wary of these.

If your hosting company won't help with this enquiry, go elsewhere.

Posted on: 15 August 2008 at 10:15 hrs

Comments Comments (1) | Permalink | Send Send | Post to Twitter

Domains : Web Security, Usability and Design
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Requested by 67.202.9.192 on Wednesday, 19 June 2013 at 15:56 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2008-2013 clerkendweller.com