If you’ve been following the progress of ICANN’s latest endeavor, then you know that soon, companies and individuals will be able to purchase custom web address endings. For instance, I”m thinking of registering www.mikebrown.utest. All I need is $185,000 and a good lawyer

Anyway, if you’ve been following this story, you’re probably also aware of the major security bug that exposed sensitive details of domain applicants and put a halt to what Reuters calls the “most ambitious expansion of the Internet so far.” Here’s Politico with the details of the bug:

Because of the glitch, as many as 50 applicants were potentially able to see information for about 105 applicants. The information is closely guarded by many applicants who do not want others to apply for similar words and bid up the price. ICANN is in the process of notifying applicants whose information may  have been revealed as well as those who may have looked at the information. At some point, it will reopen the application system for five days.

The Association of National Advertisers recently called for an independent investigation of the ICANN application system. Beckstrom said ICANN hadn’t responded to the request, which can be pursued through ICANN’s multi-stakeholder process.

“The good news here is that we had enough security; we can see every user’s  keystroke, every turning of a page,” he said. “That’s going to discourage any parties from using information they might have seen.”

That was a few weeks ago. On Tuesday, the project reopened after more than 40 days, with ICANN apologizing for the inconvenience. The deadline for submission is now May 30th.

To close, I’ll leave you with a few thoughts and impressions from this story, as well as a classic South Park video:

• Relative to some other high-profile security breaches (cough – Sony – cough) this one did not seem too serious. Only 50 applicants could see info on 105? That seems low to me, but it was enough to shut down the process for well over a month. Something to think about.
• Is there a definitive Guide to Dealing With Security Bugs anywhere out there? I would think a book on this subject would be immensely valuable. Better yet if there were a consulting firm soley dedicated to security bug crisis management – someone to come in and handle angry customers, the media and of course, to patch the security hole. I’m picturing a geekier version of The Wolf from Pulp Fiction.
• Are these new domain names really going to take off? Granted, the $185k application fee will deter old-school cyber-squatters, but it seems to also eliminate all but the biggest brands and businesses.
• What, if any, are the testing implications of these new domains?
• What would happen if the Internet really closed? I think it would look something like this:

What do you think about this story? Let us know!