[Owasp-singapore] [security-77] Re: [Fwd: Confusing domain - www.posbank.com.sg]

Wong Onn Chee ocwong at usa.net
Mon Apr 13 11:36:18 EDT 2009


Hi Francis,

Well said. :-)

Just want to clarify that I am referring to just .com.sg domains, not
.com domains.

In Singapore, I believe that everyone will assume posbank.com.sg as POSB
and ocbcbank.com.sg as OCBC
I may be wrong and stand to be corrected.

At the end of the day, you are right.
I have no better suggestion, as SGNIC is not equipped to decide on
intellectual property overlaps.

Only thing I can think of is to mimic what ACRA or ROS does when
allowing companies or societies to register.
>From my experience, even when one is registering a society with ROS, ROS
will do a check with ACRA for similar sounding names too.

If SGNIC can do something similar, it will reduce the likelihood of
cyber-squatting or even risks of phishing of .com.sg domain names.
This approach should work in Singapore since we are small in size.
(I won't prescribe this solution to .com registrars as it is not humanly
possible for them.)

Cheers.
Onn Chee


francis yeow wrote:
> I remember time during my school day, when ly lecturer invited a
> lawyer specialising in� intectual property, copyright to speak to us
> about cyber squatting or cyber hogging.
>> a question: What is "posbank" referring to posbank.com.sg
> <http://posbank.com.sg>? it can� refer to " _P_aris _O_r _S_ingapore
> _B_ank", " _P_eople _O_f _S_hanghai Bank". In this case, can we safely
> say the registrar is actually referring to� the bank with a key icon?
> If the answer is no, then� let's forget about copyright, or trademark
> issue.
>> Similarly, how can we be 100% sure that� "OCBC" is referring to the
> local bank with the junk ship logo? Do a google, and you will find/
> Orange County Badminton Club/ <http://www.ocbadmintonclub.com/>.
>
> There is very little companies can do in a true cyber squatting case.
> Unless the following occur:-
>
> 1. the web site hosting unlawful or immorale content which threat the
> companies' reputation
> 2. The web site hinder it's business objective( diverting the customer
> to the fake web site, depressing the real company of its customer)
> 3. Conducting illegal activities, like stealing the companies'
> customer data.
> 4. unrightfully using the companies' trademark, copyrights,etc.
> 5. <can't think of any now, keke...>
>
> If any of the few stated above really occur, companies can either
> lodge a complaint to the domain companies, like SGNIC. Alternatively,
> if companies have a solid ground that some illegal activities are
> going on ( e.g. phishing), they can go on to complain to CERT team of
> the country that the illegal web site are hosted.
>
> =)
>
> Fran
>
>
> On Mon, Apr 13, 2009 at 7:46 PM, Johnny Wong <johnnywkm at gmail.com
> <mailto:johnnywkm at gmail.com>> wrote:
>
>     Is there an algorithm to generate that? Then again, what about
>     indirect URLs e.g. http://www.banks.com/posbank? I think it is
>     indeed pretty inefficient, but it's a start though.
>
>
>     At 06:33 PM 13-04-09, Rick Zhong wrote:
>
>         Have you guys heard of "Defensive Domain Name Registration"? -
>         register all domain names relevant or sounds like your
>         company's brand
>         names. It sounds incredibly inefficient, but this is the
>         current most
>         effective defense against malicious domain name registration
>         against
>         your company under current legal frames. :-) �even in developed
>         countries like US. The domain registration fees are peanuts
>         comparing
>         with the resources you need to folk out to settle this kind of
>         domain
>         dispute.
>
>         I won't be surprised if MAS put this in the next version of
>         IBTRM ... LOL
>
>
>
>         On Mon, Apr 13, 2009 at 3:06 PM, Frenky Tjioe
>         <tjioefrenky at gmail.com <mailto:tjioefrenky at gmail.com>> wrote:
>         > Dear Onn Chee & all
>         >
>         > We need to bear in mind that Singapore is one of the top
>         destinations
>         > for MNCs and one of the best places to setup business. Hence
>         in my
>         > opinion, this issue should be left within the domain of
>         intellectual
>         > property (in the same family with copyright, trademark, and
>         patent).
>         > It won't be wise for the government to rule the internet address
>         > ownership with iron hand.
>         >
>         > And we are not alone, many developed countries are also
>         dealing with
>         > the similar issue.
>         >
>         > The most desired solution is to make the legal framework
>         clearer. In
>         > other words, the current law need to be improved. Why don't
>         you gather
>         > enough signatures to support me to get into Parliament
>         through NMP
>         > recruitment, and I will submit a private member Bill? :)
>         >
>         > Cheers,
>         >
>         > On Mon, Apr 13, 2009 at 2:44 PM, Wong Onn Chee
>         <ocwong at usa.net <mailto:ocwong at usa.net>> wrote:
>         >> Hi folks,
>         >>
>         >> Got a call from SGNIC.
>         >> Frenky is right.
>         >>
>         >> Their stand is unless DBS/POSB complains, they will
>         register the domains
>         >> on a first-come-first-serve basis.
>         >>
>         >> I further asked if a company other than OCBC register this
>         domain -
>         >> www.ocbcbank.com.sg <http://www.ocbcbank.com.sg>, will
>         SGNIC allow.
>         >> The answer is yes.
>         >>
>         >> Folks, not sure whether you agree with me, but something in
>         my gut is
>         >> telling me that something is not right here.
>         >> Don't you agree?
>         >>
>         >> Anyone from OCBC or DBS/POSB who cares to share your view?
>         >>
>         >>
>         >> Wong Onn Chee wrote:
>         >>> FYI.
>         >>>
>         >>> -------- Original Message --------
>         >>> Subject: � � �Confusing domain - www.posbank.com.sg
>         <http://www.posbank.com.sg>
>         >>> Date: � � � � Sat, 11 Apr 2009 20:40:49 +0800
>         >>> From: � � � � Wong Onn Chee <ocwong at usa.net
>         <mailto:ocwong at usa.net>>
>         >>> To: � dnq at sgnic.sg <mailto:dnq at sgnic.sg>
>         >>>
>         >>>
>         >>>
>         >>> Hi SGNIC administrator,
>         >>>
>         >>> As a concerned Singapore citizen, I will like to highlight
>         that the
>         >>> above domain name - www.posbank.com.sg
>         <http://www.posbank.com.sg> which is not related to DBS/POSB,
>         >>> is easy to be confused with the actual POSB domain -
>         www.posb.com.sg <http://www.posb.com.sg>
>         >>>
>         >>> Fortunately, this site is not used for phishing purpose.
>         >>> If it were, with its very similar domain name, it would
>         have a high
>         >>> success rate in tricking innocent visitors.
>         >>>
>         >>> Appreciate your further attention.
>         >>> Thanks.
>         >>>
>         >>>
>         >>> Regards
>         >>> Onn Chee
>         >>> HP: 98387930
>         >>>
>         >>>
>         >>>
>         >>>
>         >>>
>         >>>
>         >>>
>         >>>
>         >>
>         >>
>         >>
>         >>
>         >> --
>         >> Please Note: If you hit "REPLY", your message will be sent
>         to everyone on this mailing list (security-77 at meetup.com
>         <mailto:security-77 at meetup.com>)
>         >> http://security.meetup.com/77/
>         >> This message was sent by Wong Onn Chee (ocwong at usa.net
>         <mailto:ocwong at usa.net>) from The Singapore Security Meetup Group.
>         >> To learn more about Wong Onn Chee, visit his/her member
>         profile: http://security.meetup.com/77/members/1756147/
>         >> To unsubscribe or to update your mailing list settings,
>         click here: http://www.meetup.com/account/comm/
>         >> Meetup Support: support at meetup.com <mailto:support at meetup.com>
>         >> 632 Broadway, New York, NY 10012 USA
>         >>
>         >>
>         >
>         >
>         >
>         > --
>         > Please Note: If you hit "REPLY", your message will be sent
>         to everyone on this mailing list (security-77 at meetup.com
>         <mailto:security-77 at meetup.com>)
>         > http://security.meetup.com/77/
>         > This message was sent by Frenky Tjioe (tjioefrenky at gmail.com
>         <mailto:tjioefrenky at gmail.com>) from The Singapore Security
>         Meetup Group.
>         > To learn more about Frenky Tjioe, visit his/her member
>         profile: http://security.meetup.com/77/members/7761652/
>         > To unsubscribe or to update your mailing list settings,
>         click here: http://www.meetup.com/account/comm/
>         > Meetup Support: support at meetup.com <mailto:support at meetup.com>
>         > 632 Broadway, New York, NY 10012 USA
>         >
>         >
>
>
>
>         --
>         Please Note: If you hit "REPLY", your message will be sent to
>         everyone on this mailing list (security-77 at meetup.com
>         <mailto:security-77 at meetup.com>)
>         http://security.meetup.com/77/
>         This message was sent by Rick Zhong (rick.zhong at gmail.com
>         <mailto:rick.zhong at gmail.com>) from The Singapore Security
>         Meetup Group.
>         To learn more about Rick Zhong, visit his/her member profile:
>         http://security.meetup.com/77/members/5637126/
>         To unsubscribe or to update your mailing list settings, click
>         here: http://www.meetup.com/account/comm/
>         Meetup Support: support at meetup.com <mailto:support at meetup.com>
>         632 Broadway, New York, NY 10012 USA
>
>
>
>
>
>     --
>     Please Note: If you hit "REPLY", your message will be sent to
>     everyone on this mailing list (security-77 at meetup.com
>     <mailto:security-77 at meetup.com>)
>     http://security.meetup.com/77/
>     This message was sent by Johnny Wong (johnnywkm at gmail.com
>     <mailto:johnnywkm at gmail.com>) from The Singapore Security Meetup
>     Group.
>     To learn more about Johnny Wong, visit his/her member profile:
>     http://security.meetup.com/77/members/5695170/
>
>     To unsubscribe or to update your mailing list settings, click
>     here: http://www.meetup.com/account/comm/
>     Meetup Support: support at meetup.com <mailto:support at meetup.com>
>     632 Broadway, New York, NY 10012 USA
>
>
>
>
>
>
> --
> Please Note: If you hit "*REPLY*", your message will be sent to
> *everyone* on this mailing list (security-77 at meetup.com
> <mailto:security-77 at meetup.com>)
> This message was sent by francis yeow (yeowboon at gmail.com) from The
> Singapore Security Meetup Group <http://security.meetup.com/77/>.
> To learn more about francis yeow, visit his/her member profile
> <http://security.meetup.com/77/members/7272148/>
> To unsubscribe or to update your mailing list settings, click here
> <http://www.meetup.com/account/comm/>
>
> Meetup Support: support at meetup.com
> 632 Broadway, New York, NY 10012 USA 



More information about the Owasp-singapore mailing list