The Spamhaus Project just published a long article about the botnets they've been watching during 2014. As this chart shows, we're not making any progress. They also note that the goals of botnets have changed. While in the past they were mostly used to send spam, now they're stealing banking and financial information, engaging in click fraud, and used for DDoS and other malicious mischief. more
On December 17th a US proposal for online commerce in a major trade negotiation, the Trade in Services Agreement ("TISA") leaked. A flurry of press releases and opinion pieces claim that TISA is a threat to the Internet. The headlines are lurid: "TISA leak: EU Data Protection and Net Neutrality Threatened" and "Leaked TISA text exposes US threat to privacy, civil rights"... Because I've spent years in Geneva regularly meeting with and advising negotiators on the networked economy I have a very different perspective. more
"Nobody knows anything," screenwriter William Goldman (think "Butch Cassidy and the Sundance Kid" and "The Princess Bride") said famously of Hollywood. The same may be said of enterprise security. Word now comes that the Sony hack for which the FBI has fingered North Korea may, in fact, be the work of some laid-off and disgruntled Sony staff. But that's not clear, either. more
One thing I enjoy about following Dyn Research (formerly Renesys) on Twitter is that they provide quite interesting graphics and charts about Internet outages. They've been tracking North Korea's Internet access quite closely over the past week and their tweets have been quite enlightening. Back on December 22, for instance, DynResearch tweeted a chart showing a 9-hour, 31-minute outage... more
My Twitter feed has exploded with lots of theorizing about whether or not North Korea really hacked Sony. Most commentators are saying "no", pointing to the rather flimsy public evidence. They may be right -- but they may not be. Worse yet, we may never know the truth. One thing is quite certain, though: the "leaks" to the press about the NSA having concluded it was North Korea were not unauthorized leaks; rather, they were an official statement released without a name attached. more
Losing your monopoly must be hard. True, few companies ever experience that particular breed of angst, but if Verisign's reply to even modest success in the new gTLD marketplace is any indication, it must be very hard to say goodbye. We understand why they're worried... The quality of newly registered .COM names is dropping and has been for years. And there is nothing Verisign can do about it. So welcome to the fire sale. more
Two weeks ago I blogged about ICANN's astonishingly lucrative domain auctions. At that time, they'd raised $26.7 million. Now, two auctions later, they're up to about $33 million. Yesterday's two auctions were for .MLS and .BABY. The former, for those who aren't deep into the real estate biz, stands for Multiple Listing Service, the system that lets you list a house with one broker, and all the other brokers can sell it. more
A fledgling attempt to create a new global Internet governance clearinghouse has run into trouble as leading business and civil organizations said they are not yet prepared to participate in the NETmundial Initiative (NMI) championed by ICANN President Fadi Chehade. In highlighting that there remain several unanswered questions, the Internet Society (ISOC), Internet Architecture Board (IAB), and International Chamber of Commerce (ICC-BASIS) raised serious concerns... more
Many with financial interests in new gTLDs, such as Donuts, have painted a rosy picture of how new gTLDs create greater availability of meaningful domain name options that the global masses have been waiting for. Their message seems to be: FINALLY, there is an alternative to .com in new domain extensions like .guru, .photography, .blackfriday and .tips. But, the reality is that we have always had options other than .com to choose from when registering a domain name. The challenge isn't choice, its relevance and credibility. more
The recent huge security breach at Sony caps a bad year for big companies, with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and no doubt other companies who haven't admitted it yet. Is this the new normal? Is there any hope for our private data? I'm not sure, but here are three observations... This week Brian Krebs reported on several thousand Hypercom credit card terminals that all stopped working last Sunday. Had they all been hacked? more
DMARC is extremely useful, yet I've heard some vendors are putting their implementations on hold because of the IETF DMARC working group. You really shouldn't wait though -- it's been in wide use for nearly three years, enterprises are looking at DMARC for B2B traffic, and the working group charter is limited in it's scope for changes. Let's compare this to a similar situation in the past. more
There are many voices calling for increased initiatives by municipalities to build and operate broadband internet infrastructure as a public utility, but until this week, very little in the way of economic analysis to fully examine whether the benefits justify the costs. A paper released this week finds that local efforts produce small economic benefits, but cause a notable increase in the size of local government. more
As the autumn leaves fall from naked trees to be trampled or encased in the winter snow, it reminds us of another year quickly gone by. Yet, for organisations that were breached and publicly scrutinised for their security lapses, it's been a long and arduous year. It was about this time last year that the news broke of Target's mega breach. Every news outlet was following the story and drip feeding readers with details, speculation and "expert opinion" on what happened, why it happened and who did it. more
Wait and see approach on abuse attracts ICANN Stakeholder attention: A few weeks ago I made a detailed argument as to why product safety applies to domains, just like it does to cars and high chairs. I also argued that good products equal good business or "economically advantaged" in the long run. Then I really made a strong statement, I said if we don't actively engage other Internet stakeholders -- those that interact with our products, we would eventually lose the opportunity to self-regulate. more
As a follow up to the earlier article on the IaaS business model, here is a high level overview of the SaaS provider business model and some of the strategic options that are in there... As examples in this article I consider two hypothetical SaaS providers. The first one delivers bookkeeping software, the second one delivers a project collaboration platform. more
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byRadix
Sponsored byCSC