Two principles in computer security that help bound the impact of a security compromise are the principle of least privilege and the principle of minimum disclosure or need-to-know. As described by Jerome Saltzer in a July 1974 Communications of the ACM article, Protection and the Control of Information Sharing in Multics, the principle of least privilege states, "Every program and every privileged user should operate using the least amount of privilege necessary to complete the job." more
As the FCC moves forward with its plans to regulate the internet in the U.S., it's worth taking a look at what's happened when the government has regulated other innovative industries. As a facilitator of innovation, I've always been fascinated with the history of Bell Labs. Bell Labs was once thought of as the source of most modern innovations... The work done at Bell Labs built the foundation for modern invention leading to phones, space exploration, the internet, music distribution, cell phones, radio and television and more. more
I admire Annalisa Roger. I know from my single email interaction with her that she means well. Nonetheless, dot Green apparently ranks below 330 in the list of operational new gTLDs with an apparent total of 117 domains, give or take a few. Why is this the case? It seems to me that dot Green is one the few new gTLDs that actually deserves support... The notion that most generic gTLDs [like dot Green] are already positioned to accommodate brand channel partners such as this or that 'brandchannel.green' is illusion. more
The Obama administration's proposals to regulate the Internet according to common carrier rules have set off a storm of opposition from carrier interests, whose scale and reach have been impressive. The arguments they muster are fatuous and deceitful. The Internet is not what the carriers own or have created; the Internet is what they seek to extract money from. "Regulating the Internet" is not the issue; regulating the carriers is. more
Kenji Kushida is a scholar at Stanford University, who has written a most explanatory overview of how America came to dominate cyberspace, through computer companies. He traces the evolution of the Internet to a series of actions taken by the US government to limit the power of the telephone companies. Kushida looks at the USA, Europe and Japan from the perspective of what happened when telephone monopolies were broken up and competition introduced in the 1990s. more
The UN Broadband Commission -- which I assisted in establishing and to which I am special advisor -- is now in its fifth year. Set up by the two UN agencies, UNESCO and ITU, it received the support of 50 leading international people such as government ministers, heads of a range of UN and associated organisations, and CEOs of leading private industry companies. Overall it is a public-private partnership. It is chaired by the President of Rwanda, Paul Kagame, and Carlos Slim from Mexico. more
This week's myth is interesting because if we weren't talking security it wouldn't be a myth. Say what? The phrase "96 more bits, no magic" is basically a way of saying that IPv6 is just like IPv4, with longer addresses. From a pure routing and switching perspective, this is quite accurate. OSPF, IS-IS, and BGP all work pretty much the same, regardless of address family. Nothing about finding best paths and forwarding packets changes all that much from IPv4 to IPv6. more
Many voices are hailing February 26th as a watershed day in the history of the Internet in the United States. After a year of loud argument, frequent misrepresentations, and epic flows of political contributions, the FCC has restored the open Internet rules which prevailed from 2010 until struck down in a court ruling last year. And it has done so with new reliance on existing provisions of U.S. telecom law which it believes will pass judicial scrutiny. more
There's been a lot of controversy over the FCC's new Network Neutrality rules. Apart from the really big issues -- should there be such rules at all? Is reclassification the right way to accomplish it? -- one particular point has caught the eye of network engineers everywhere: the statement that packet loss should be published as a performance metric, with the consequent implication that ISPs should strive to achieve as low a value as possible. more
Several years ago, I had a very interesting conversation with a talented marketing executive from Portland, Oregon who joined the DotGreen Community, Inc. Board of Directors. When I told him about the new gTLD program, which was then under development at ICANN, Dave Maddocks immediately understood the value of what new gTLDs would mean to all businesses that have an online location. more
ICANN reports that Google paid over $25 million for .APP in the February 25 domain auction. They were willing to bid $30M, but it's a second bid auction so that was just enough to beat out whoever the second highest bidder was. The auction proceeds piggy bank just nearly doubled from $34M to about $59M dollars, and ICANN still has no idea what to do with it. more
The new gTLDs program can't succeed unless two things happen. The approved registries must do good, and ICANN must weed out applicants who are in love. This is to say that registries should put users' good first, and applicants shouldn't get the nod unless their motive is economic and/or social viability. A recent study reveals that leading companies have enjoyed healthy profits because they made doing good their strategic foundation. more
It has been observed that the most profound technologies are those that disappear (Mark Weiser, 1991). They weave themselves into the fabric of everyday life until they are indistinguishable from it, and are notable only by their absence. The feat of reticulating clean potable water into every house, so that it is constantly accessible at the turn of a tap, is a great example of the outcome of large scale civil engineering projects, combining with metallurgy, hydrology, chemistry and physics. But we never notice it until it is no longer there. more
It makes me cringe when I hear operators or security practitioners say, "I don't care who the attacker is, I just want them to stop." I would like to believe that we have matured past this idea as a security community, but I still find this line of thinking prevalent across many organizations -- regardless of their cyber threat operation's maturity level. Attribution is important, and we as Cyber Threat Intelligence (CTI) professionals, need to do a better job explaining across all lines of business and security operations... more
The most interesting feature of the newly-described "Equation Group" attacks has been the ability to hide malware in disk drive firmware. The threat is ghastly: you can wipe the disk and reinstall the operating system, but the modified firmware in the disk controller can reinstall nasties. A common response has been to suggest that firmware shouldn't be modifiable, unless a physical switch is activated. more
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byRadix
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byVerisign