DNC staff attended the Dispute Investigators Group (DIG) meeting this month. The purpose of DIG is to give complaint handling organisations the opportunity to touch base with their peers, and discuss the various challenges and opportunities present in the disputes and investigations space. The group discussed the future of the Complaintline site, including ways to improve its reach and usability.
Dylan Connolly (Complaints and Compliance Manager) attended this year’s WellyTech event on behalf of Future Leaders in Technology (FLINT). Dylan joined other FLINT members at the booth, and recruited new members to the organisation. You can learn more about FLINT at their new website, including how the organisation helps grow individuals at the start of their careers.
Dylan Connolly represents FLINT at the annual WellyTech event.
The International Privacy Symposium was held in Wellington at the start of the month. Data Protection Commissioners from around the globe and major tech companies provided some observations on emerging trends and issues from the privacy field. Data breach notifications featured, with the UK Information Commissioner Elizabeth Denham saying her Office had received more than 8,000 breach reports since May. Australian Information and Privacy Commissioner Angelene Falk reported on the 242 notifications received during the quarter 1 April to 30 June 2018, of which 59% were due to malicious or criminal attacks and 36% down to human error. The extra-territorial nature of European laws like the GDPR was also discussed, along with topics such as artificial intelligence, privacy certification programs and the self-regulation of health information in the online DNA testing industry.
Josh Cookson attended CERT NZ's inaugural New Zealand Cyber Security Landscape event. Over the past eighteen months, CERT NZ has found that most security attacks are financially motived and use low cost attacks on the weakest links in organisations or people's security.
The majority of these involve credential-based attacks, such as stolen passwords – vastly outnumbering all other types of attacks. The next most common is the exploitation of un-patched hardware. Both attack vectors can be largely protected against by using appropriate password management, and updating firmware, while retiring obsolete hardware.
CERT NZ has put significant work into producing information to help with common issues affecting New Zealanders, such as critical controls for IT specialists and guides on cyber security for organisations.
The Registrar Advisory Group met in November and discussed several matters. Key among the items discussed was the Registrar list on the DNC website. The RAG agreed to proceed with an updated layout that allows users to filter registrars on whether they offer certain technical protocols, such as IRPO and DNSSEC.
Awareness and education
The Domain Name Abuse Forum was held last month in Wellington. Delegates discussed the challenges facing the .nz domain name space, especially regarding malicious and abusive behaviour across a number of areas.
InternetNZ CEO Jordan Carter and Domain Name Commissioner Brent Carey discussed the outcomes of the DNA forum in their blog post earlier this month. Read their thoughts on the future of this work on the InternetNZ website.
The DNC focussed on online safety and domain name education this month, with the publication of two fact sheets to help Kiwis stay safer and better informed online. For Computer Security Day, the DNC published “Safer Online Shopping”, a guide that has helpful information on how to protect yourself when making purchases online.
Later in the month, the DNC released a guide to registration data, and how the WHO forms can help registrants stay informed about their domain names. This document helps registrants better understand the types of information they can request from the DNC, including finding any domain names they may have forgotten about.
DNS Flag Day
InternetNZ sent a reminder email to Registrars that have Registrants affected by the DNS Flag Day. This was sent to an email listed as a technical contact on 6 December.
The email was to notify that on 7 January 2019, the Domain Name Commission will be emailing all affected registrants that own a domain name that will break on 1 February. We strongly recommend that .nz registrars look into all their affected domains and make any possible changes now, so these particular domains are fixed, and we don't have to notify the registrants. InternetNZ has loaded information on the registrar portal, so you can clearly see which .nz domains are going to be affected.
The DNC staff want to wish everyone a safe and merry holiday season, and a happy New Year.