In my last blog post I shared some of the general security challenges that come with the Internet of Things (IoT). In this post, I will focus on one particular security risk: distributed denial of service (DDoS) attacks. Even before the age of IoT, DDoS attacks have been turning multitudes of computers into botnets, attacking a single target and causing denial of services for the target's users. By "multitudes" we can be talking about thousands or even millions of victim devices. Now add IoT into the equation... more
Shadow IT -- the use of unsanctioned software and services by employees -- is a problem. It's a big one. According to Forbes, 72 percent of executives don't know how many "shadow" apps are being used on their network. Beyond overloading network resources and impacting data compliance, there is also the real threat of security breaches from unapproved apps. Managing IT you can't see is no easy task, but fortunately it's not impossible. Here are five tips to help bring light to the shadows. more
Over the last few years I've been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they're not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email. Botnets are a problem online. They're a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins... more
The IANA Stewardship Transition process may have started more than a year ago, but last week it reached its pinnacle with the publication of the compiled Proposal to Transition the Stewardship of the Internet Assigned Numbers Authority (IANA) Functions from the US Commerce Department's National Telecommunications and Information Administration (NTIA) to the Global Multistakeholder Community" by the IANA Coordination Group (ICG). more
Back in the 1990s as the Internet was starting to become visible to the world, several people had the bright idea of setting up their own top level domains and selling names in competition with what was then the monopoly registrar Network Solutions (NSI). For these new TLDs to be usable, either the TLD operators had to persuade people to use their root servers rather than the IANA servers, or else get their TLDs into the IANA root. Attempts to get people to use other roots never were very successful... more
Google has posted details on Ranking of new gTLDs (new gTLDs) in search. John Mueller, Webmaster Trends Analyst, said that new gTLD's will be treated the same as other gTLD's such as .com. He stated: "Overall, our systems treat new gTLDs like other gTLDs (like .com & .org). Keywords in a TLD do not give any advantage or disadvantage in search." The ambiguous use of the word "overall" in the statement, may leave some doubt as to whether the 600 .brands -- new domain extensions operated by brand owners -- are included or excluded in any VIP search ranking treatment. more
Would you like to present an idea you have related to DNSSEC or DANE to a gathering of people within the DNSSEC community? Do you have an idea for a new tool or service? Have you recently implemented DNSSEC or DANE and want to share your story? The deadline is Monday, August 17, so please send your proposal soon! We are open to proposals on a wide range of topics... more
Today we at the Internet Society submitted our contribution to the United Nations General Assembly's 10-year review of the World Summit on the Information Society (WSIS+10) that will take place in New York in December. The goal of this meeting is to set the agenda for the UN - and through that the agendas of nations around the world -- with regard to the future of the "Information Society". more
In 2013 I wrote a blog Telecoms as a spying tool, in which I mentioned that those who use the internet to spy indiscriminately will have to face the reality that such activities will only start a cat-and-mouse game -- the technology will always be able to stay one step ahead of those who are using the internet for criminal purposes. Since that time some very significant developments have taken place that have confirmed our prediction. more
Posted here on behalf of DotConnectAfrica Trust as rejoinder and reply to Andrew Mark's recent article... In his article, Mr. Mark tried to re-frame the ongoing discussions and commentary about DCA Trust's recent IRP victory against ICANN as one about "requisite support for geographic string" to assist him reach the biased conclusion that ZACR's bid has the required support to run .Africa whilst DCA Trust's bid does not. more
Today marks a major milestone for .brand Top-Level Domain applicants, as we pass the deadline set by ICANN for them to sign their Registry Agreement (RA). For those who have knuckled down over the last few weeks and months to meet this deadline, congratulations -- for many, this was no mean feat and the effort should be acknowledged. more
Today the Internet Technical Advisory Committee (ITAC) to the OECD published the fifth edition of its newsletter. The ITAC was created in 2009 following the OECD's Seoul Ministerial with the objective to provide Internet technical and policy expertise to the work of the OECD on Internet-related issues. This informal group is coordinated by the Internet Society and currently counts 28 members active in domains such as open Internet/Web standards development, interconnection, IP addressing, security or privacy. more
Unlike consultant-led penetration testing, periodic or continual vulnerability scanning programs have to operate harmoniously with a corporation's perimeter defenses. Firewalls, intrusion prevention systems, web proxies, dynamic malware analysis systems, and even content delivery networks, are deployed to protect against the continuous probes and exploit attempts of remote adversaries -- yet they need to ignore (or at least not escalate) similar probes and tests being launched by the managed security service providers an organization has employed to identify and alert upon any new vulnerabilities within the infrastructure or applications that are to be protected. more
This year's Independent Show summer conference was held in Boston, a place where the accents are strong and you hear great quotes like... If I had to sum up this year's conference with one phrase, it would have to be: out-of-the-box thinking. The keynote speech was given by Professor Bharat Anand of the Harvard School of Business, whose expertise is in the areas of digital strategy, corporate strategy, and media strategy -- in other words, digital marketing. The title was "Lessons from the Digital Transformation of Media". more
I think it's fair to say that quite a few people -- both within the domain name industry and beyond -- have an opinion on whether the new TLD program is succeeding or struggling. But are things really all that bad? Are we forecasting doom before it has really had a chance to run? Crunching the numbers... Let's consider the (relatively short) history to this point and take a look at some statistics. more
Sponsored byVerisign
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byWhoisXML API