Featured Blogs

Latest

Is Zoom’s Server Security Just as Vulnerable as the Client Side?

Zoom programmers made elementary security errors when coding, and did not use protective measures that compiler toolchains make available. It's not a great stretch to assume that similar flaws afflict their server implementations. While Mudge noted that Zoom's Windows and Mac clients are (possibly accidentally) somewhat safer than the Linux client, I suspect that their servers run on Linux.Were they written with similar lack of attention to security? more

An End to Data Caps?

All of the major ISPs that were enforcing data caps have lifted those caps in response to the COVID-19 crisis. This includes AT&T, Comcast, Cox, Mediacom, and CenturyLink. All of these companies justified data caps as a network management tool that was in place to discourage overuse of the network. That argument no longer holds water if these ISPs eliminate them during a crisis that is overtaxing networks more than we are likely to ever see again. more

Can Legislatures Safely Vote by Internet?

It is a well understood scientific fact that Internet voting in public elections is not securable: "the Internet should not be used for the return of marked ballots. ... [N]o known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet." But can legislatures (city councils, county boards, or the U.S. Congress) safely vote by Internet? Perhaps they can. To understand why, let's examine two important differences between legislature votes and public elections. more

Coronavirus Online Threats Going Viral, Part 1: Domain Names

As news of the spread of the coronavirus (COVID-19) continues to emerge, CSC has undertaken the first in a series of studies looking at how the development of the crisis has affected online content. This first article looks at the numbers of registered domains with names containing coronavirus-related strings - "coronavirus" or "covid(-)19" (optional hyphen) - and analyzes the types of content present on the associated websites. more

New Cyberthreats: Have You Been Exposed at Home?

There are new threats that you may have already been exposed to. Here are some of the new threats and advice on how to protect yourself. During this pandemic, Zoom has emerged as a very popular teleconferencing choice for companies and educational institutions, but a new weakness for Zoom was also discovered. Some online conferences and classes that had not password protected their sessions fell victim to eavesdroppers using the screen sharing feature to "Zoom Bomb" those sessions with graphic images. more

COVID-19, WHOIS, and the Pressing Need for Help With Domain Name System Abuse

As widely reported, and not surprising, the internet is swimming in COVID-19 online scams. Criminals, accustomed to rapidly grabbing online territory during times of crisis and profiting from public fear, are working overtime in the face of the coronavirus. Unfortunately, ICANN's failure to enforce its minimal WHOIS and DNS abuse requirements has resulted in delayed mitigation efforts at a time when swift responses are needed to protect the public from COVID-19 scams. more

A New Low for the ICANN Multistakeholder Process

ICANN's dismissal of public comments submitted on the .COM Registry Amendment wasn't surprising given that it recently dismissed the public comments on the .Org Renewal Agreement, but the speed and disdain which it demonstrated was. Despite public pronouncements by ICANN President and CEO, Gören Marby and assurances from ICANN Board Chair, Maarten Botterman, that public comments were welcomed and that ICANN would take them seriously... more

Free the Fiber Now

In a previous blog post I mentioned that the FCC had taken away restrictions to allow broadband supplied by E-Rate funding to be used to provide free WiFi for the public. That's a good idea that will provide some relief for areas with little or no other broadband. But the announcement raises a more fundamental question - why was such a restriction in place to begin with? more

This COVID-19 Crisis Proves the Internet Is Indeed a Caribbean Right

The coronavirus pandemic has, in the most emphatic way, shown us all just how interconnected everything and everyone is. A worldwide race is underway to minimize human interactions in order to avoid a global catastrophe. The inescapable consequence of these initiatives is an unprecedented shut down of the local, regional and global economy. The latest cost estimate to save the global economy is now at $7 trillion and climbing. more

Recent Case in Federal Court Shows Inefficiencies of Anticybersquatting Consumer Protection Act

A recent case1 from a federal court in Kentucky shows why the Anticybersquatting Consumer Protection Act (15 U.S.C. 1125(d) - the "ACPA") can be - when compared to the Uniform Domain Name Dispute Resolution Policy ("UDRP") - a relatively inefficient way of resolving a domain name dispute. Here is a quick rundown of the facts. Defendant owned a business directly competitive to plaintiff ServPro. Plaintiff had used its mark and trade dress since the 1960's... more

The Government Needs to Address the Homework Gap

I've been at a bit of a loss over the last few days on what to write about, because suddenly newspapers, blogs, and social media are full of stories of how impossible it is for some students to work at home during the COVID-19 shutdowns. I've been writing this topic for years, and there doesn't seem to be a lot I can add right now - because the endless testimonials from students and families struggling with the issue speak louder than anything I can say. more

Trusting Zoom?

Since the world went virtual, often by using Zoom, several people have asked me if I use it, and if so, do I use their app or their web interface. If I do use it, isn't this odd, given that I've been doing security and privacy work for more than 30 years, and "everyone" knows that Zoom is a security disaster? To give too short an answer to a very complicated question: I do use it, via both Mac and iOS apps. Some of my reasons are specific to me and may not apply to you... more

Zoom Cryptography and Authentication Problems

In my last blog post about Zoom, I noted that the company says "that critics have misunderstood how they do encryption." New research from Citizen Lab show that not only were the critics correct, Zoom's design shows that they're completely ignorant about encryption. When companies roll their own crypto, I expect it to have flaws. I don't expect those flaws to be errors I'd find unacceptable in an introductory undergraduate class, but that's what happened here. more

Data Center Operators Are Essential Critical Infrastructure Workers Amid COVID-19 Pandemic

The March 19, 2020, guidance from the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) declared what global citizens appreciate more each day as the COVID-19 pandemic crisis unfolds: "Functioning critical infrastructure is imperative during the response to the COVID-19 emergency for both public health and safety as well as community well-being." more

Spring Clean Your House of Domains, DNS and Digital Certificates

At the start of the year, many responsible for managing domain name portfolios may be considering spring cleaning! Traditionally, such a task consists of a review to check that all domains in the portfolio serve a purpose either from a commercial or defensive perspective. The aim is to ensure budget isn't wasted on domains of little to no value. It's fair to say that for many organizations, this is a difficult process - almost as feared as actually spring cleaning our own homes. more

Topics

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days