Directi Corporate Blog

Directi was host to the ILUG-Bom (linux user group mumbai) and Mumpy (mumbai python user group) on Sunday 8th march 09. This has been the second time that we have taken care of the venue and hospitality requirements for these meets, the previous one was held on 14th February, 09.

Rajeev R. K. did a presentation on video conferencing using open source tools. He also gave some information on OSGRID which is mainly used by different universities for video conferencing.

Baishampayan Ghose then took over with an introductory session on python programming language. He went on to share some information on Google App engine which is also based in python.

All in all the event went well and we’re looking forward to the next one : )

~ Gaurav Chaturvedi

With a plethora of large scale Internet products in development, we at Directi are posed with a host of exciting challenges everyday. We would like to have on board those with aptitude and attitude to overcome any challenge.  Keeping this in mind we have created a dedicated puzzles section on our careers space

Our purpose of having a puzzles page, is to understand what a developer can do to chase a problem. Solutions to such problems go a long way to explain numerous traits of a developer like problem solving skills, understanding of algorithms and data structures, simplicity of expression and thoroughness of programming knowledge to name a few.

For a challenger, the thirst for a new challenge can never be quenched; and an impressive solution will show us if a developer has what it takes to be a part of Directi.

~ Co-authored by Anup and Ramakrishna

Directi sponsored IIT Mumbai’s Techfest that was held over the weekend. We were the Golden Edition sponsor, sponsor for Technoholix as well as Codecamp, all rolled into one. At the Technoholix night, 3Run from UK enthralled the audience the audience by fusing Martial Arts, Free-running and Parkour and Action Team from Turkey put up a unique acrobatic-basketball performance.

Techfest also served as a soft launch pad for CodeChef.com – our nation wide coding contest portal. Our booth was bustling with the computer science legion eager to attempt the questions and win freebies.

Although it was a Sunday, the lecture hall was packed with students excited to attend sessions on Automated Testing v/s Manual Testing by Bhavin, amongst others. You can browse through the PPT as well as download it from our wiki.

All in all, Techfest was a pleasant experience. Kudos to our team of enthusiastic developers and community evangelists that made this a success!

It had been more than a month since the last TechCamp and so we were all eagerly looking forward to the fourth episode, scheduled for 11th October, in Mumbai. It promised to be a good one for the geeks and techies, with interesting sessions on User Experience and Web 2.0 Security, both being conducted by experts in their respective domains.

The first session was An Introduction to User Experience, by Mr. Aniruddha Joshi, a faculty member in the Industrial Design Centre, IIT Bombay, who teaches and does research in the field of human-computer interaction design, user studies and usability evaluation. He started off by explaining the different elements of User Experience. Those of us who had attended Jesse James Garrett’s master class on the same subject at GIDS were familiar with the concepts involved, but Mr. Joshi covered them well and raised quite a few thought provoking questions and discussions with the audience. We then participated in an exercise that involved identifying user experience issues at different levels, and another one which demonstrated a possible approach to setting user experience goals for a product and evaluating their relative importance in the product design process.

Next in the agenda was a session on Web 2.0 Security - Defending Next Generation Applications, by Mr. Shreeraj Shah, Founder and Director at Blueinfy Solutions. Mr. Shah first talked about the differences that have been brought about in the underlying technology beneath the new breed of Web 2.0 applications with respect to application architecture, frameworks, components, protocols, data exchange formats etc. He then briefly explained various application attack vectors, including SQL injection, AJAX based Cross Site Scripting (XSS), Cross Site Request Forgery (XSRF), RSS injections and many more. He also demonstrated methodologies, tools and techniques to scan applications for vulnerabilities against these vectors. Most of the developers in the audience were eager to see live demonstrations of every possible hacking technique, but it was not possible to cover each and every one in detail, given the limited amount of time we had. While this was a bit of a disappointment, all in all it was a very interesting and informative session.

Jart Armin of HostExploit.com & Bhavin Turakhia, CEO of Directi are pleased to jointly report on the outcome of community actions against abuse of Directi’s domain registry and PrivacyProtect.

The above in figures review of the actions that Directi, in conjunction with HostExploit, have recently taken to track down and stop abusive domain names and registrants from abusing Directi’s services.
Registrar Abuse

• Over 50,000 domain names have been suspended that were either involved in abusive activity or registered by customers/registrants exhibiting persistent patterns of abuse.
• These domain names (and/or their registrants) were involved in various types of abuse, such as spamming, phishing/spoofing, malware perpetration, suspected pedopornography, financial frauds and falsified ‘Whois’ information.
• All other services utilized by any of these domain names have also been revoked.
• Over the past three months, certain resellers have been identified who have been the destination of choice for bad actors; among these are Vivids Media GMBH, Klikdomains, MyNick.name, and Webst.ru. Approximately 125,000 domain names registered through these resellers have been suspended so far.

PrivacyProtect

• A large incentive for bad actors to use Directi’s services has been PrivacyProtect.org. This service has been disabled for over 27,000 abusive domain names.
• The service had been permanently disabled for all existing and new registrations through resellers/registrars that have seen high volumes of abusive registrations - notable being the ones mentioned above and Estdomains. This has amounted to approximately 500,000 domain names which had privacy protection canceled.

Analysis

When suspending domain names on receiving complaints about their involvement in abuse, HostExploit is pleased to report that, Directi, while reviewing the complaints over the past few months, even before the ‘Atrivo-Cyber Crime USA’ report, found certain trends:

• Domain names registered with the same/similar contact information (name, address patterns)
• Bulk registrations of domain names with a slight variation in the domain name e.g. 018xyz.com, 018xyza.com, 018xyzb.com, 018xyzc.com …. by abusive registrants/customers
• Same blacklisted name servers being repeatedly utilized.
• Registrations in the same customer account involved in various forms of abuse
• Based on these, we reviewed all domain names, first in the customer’s account, then in the reseller’s account and then across the databases. Based on these similarities, 35,000 domain names were identified and have been labeled as co-network.

Discussion

Directi’s strengthened abuse team continues to review complaints and revoke privacy protection for abusive domain names, while also forwarding the complaint to the Registrars for whom Directi provide software and other services for them to take action. Where reports of abuse emerge from security community blogs or forums, Directi are now proactively making searches for such comments and investigating any issue that may involve Directi or a reseller.

One advantage of this exercise has been the development of active communication channels between us and the community. We’ve been able to refresh contacts with organizations e.g. StopBadware, Knujon, CastleCops, Spamhaus, and Artists Against 419, among others, sharing intelligence on abuse activity.

In scouring for more such cases however, every emphasis is made on avoiding any false positives. With this is mind and with the view on net-neutrality all actions are based upon ACM (Association of Computing Machinery) http://www.acm.org/about/code-of-ethics e.g.

1.2 Avoid harm to others.“Harm” means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm to any of the following: Internet users, and the general public.

An active list of directly suspended domains is available for down load from HostExploit.com

HostExploit and Directi have agreed to maintain their cooperative collaboration to clamp down spam and other forms of abuse on the Internet as rapidly as possible. HostExploit confirms that they are pleased to work directly with the Directi abuse desk in helping Directi identify any miscreants that maybe using Directi’s services. The partnership includes sharing investigative processes and intelligence data on an ongoing basis.

We welcome any concerns or reports related to the abuse of Directi’s registry services forward to abuse(at)directi.com or admin(at)hostexploit.com

Together with the community we hope to continue taking steps to make the Internet a better and safer place.