All of the major ISPs that were enforcing data caps have lifted those caps in response to the COVID-19 crisis. This includes AT&T, Comcast, Cox, Mediacom, and CenturyLink. All of these companies justified data caps as a network management tool that was in place to discourage overuse of the network. That argument no longer holds water if these ISPs eliminate them during a crisis that is overtaxing networks more than we are likely to ever see again. more
It is a well understood scientific fact that Internet voting in public elections is not securable: "the Internet should not be used for the return of marked ballots. ... [N]o known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet." But can legislatures (city councils, county boards, or the U.S. Congress) safely vote by Internet? Perhaps they can. To understand why, let's examine two important differences between legislature votes and public elections. more
As news of the spread of the coronavirus (COVID-19) continues to emerge, CSC has undertaken the first in a series of studies looking at how the development of the crisis has affected online content. This first article looks at the numbers of registered domains with names containing coronavirus-related strings - "coronavirus" or "covid(-)19" (optional hyphen) - and analyzes the types of content present on the associated websites. more
There are new threats that you may have already been exposed to. Here are some of the new threats and advice on how to protect yourself. During this pandemic, Zoom has emerged as a very popular teleconferencing choice for companies and educational institutions, but a new weakness for Zoom was also discovered. Some online conferences and classes that had not password protected their sessions fell victim to eavesdroppers using the screen sharing feature to "Zoom Bomb" those sessions with graphic images. more
As widely reported, and not surprising, the internet is swimming in COVID-19 online scams. Criminals, accustomed to rapidly grabbing online territory during times of crisis and profiting from public fear, are working overtime in the face of the coronavirus. Unfortunately, ICANN's failure to enforce its minimal WHOIS and DNS abuse requirements has resulted in delayed mitigation efforts at a time when swift responses are needed to protect the public from COVID-19 scams. more
ICANN's dismissal of public comments submitted on the .COM Registry Amendment wasn't surprising given that it recently dismissed the public comments on the .Org Renewal Agreement, but the speed and disdain which it demonstrated was. Despite public pronouncements by ICANN President and CEO, Gören Marby and assurances from ICANN Board Chair, Maarten Botterman, that public comments were welcomed and that ICANN would take them seriously... more
In a previous blog post I mentioned that the FCC had taken away restrictions to allow broadband supplied by E-Rate funding to be used to provide free WiFi for the public. That's a good idea that will provide some relief for areas with little or no other broadband. But the announcement raises a more fundamental question - why was such a restriction in place to begin with? more
The coronavirus pandemic has, in the most emphatic way, shown us all just how interconnected everything and everyone is. A worldwide race is underway to minimize human interactions in order to avoid a global catastrophe. The inescapable consequence of these initiatives is an unprecedented shut down of the local, regional and global economy. The latest cost estimate to save the global economy is now at $7 trillion and climbing. more
A recent case1 from a federal court in Kentucky shows why the Anticybersquatting Consumer Protection Act (15 U.S.C. 1125(d) - the "ACPA") can be - when compared to the Uniform Domain Name Dispute Resolution Policy ("UDRP") - a relatively inefficient way of resolving a domain name dispute. Here is a quick rundown of the facts. Defendant owned a business directly competitive to plaintiff ServPro. Plaintiff had used its mark and trade dress since the 1960's... more
I've been at a bit of a loss over the last few days on what to write about, because suddenly newspapers, blogs, and social media are full of stories of how impossible it is for some students to work at home during the COVID-19 shutdowns. I've been writing this topic for years, and there doesn't seem to be a lot I can add right now - because the endless testimonials from students and families struggling with the issue speak louder than anything I can say. more
Since the world went virtual, often by using Zoom, several people have asked me if I use it, and if so, do I use their app or their web interface. If I do use it, isn't this odd, given that I've been doing security and privacy work for more than 30 years, and "everyone" knows that Zoom is a security disaster? To give too short an answer to a very complicated question: I do use it, via both Mac and iOS apps. Some of my reasons are specific to me and may not apply to you... more
In my last blog post about Zoom, I noted that the company says "that critics have misunderstood how they do encryption." New research from Citizen Lab show that not only were the critics correct, Zoom's design shows that they're completely ignorant about encryption. When companies roll their own crypto, I expect it to have flaws. I don't expect those flaws to be errors I'd find unacceptable in an introductory undergraduate class, but that's what happened here. more
The March 19, 2020, guidance from the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) declared what global citizens appreciate more each day as the COVID-19 pandemic crisis unfolds: "Functioning critical infrastructure is imperative during the response to the COVID-19 emergency for both public health and safety as well as community well-being." more
At the start of the year, many responsible for managing domain name portfolios may be considering spring cleaning! Traditionally, such a task consists of a review to check that all domains in the portfolio serve a purpose either from a commercial or defensive perspective. The aim is to ensure budget isn't wasted on domains of little to no value. It's fair to say that for many organizations, this is a difficult process - almost as feared as actually spring cleaning our own homes. more
Zoom - one of the hottest companies on the planet right now, as businesses, schools, and individuals switch to various forms of teleconferencing due to the pandemic - has come in for much criticism due to assorted security and privacy flaws. Some of the problems are real but easily fixable, some are due to a mismatch between what Zoom was intended for and how it's being used now - and some are worrisome. more
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byVerisign