Featured Blogs

Latest

The Cost of an ISO 27001 Certification

The first question I often get when talking to IT Service providers on ISO 27001 certification is: "How much does it cost to get it?" I like to reply with a question: "how much does it cost when you don't have it?" The answer to the first question is easy, the answer to the second one is more complicated. As a financial I am interested in the business case. If the cost of not having an ISO 27001 certification is higher than the cost of getting and maintaining one, you can actually make a profitable investment by getting certified. more

Overcoming Cloud Storage Security Concerns: 7 Key Steps

According to a 2013 TwinStrata survey, 46 percent of organizations use cloud storage services and 38 percent plan to adopt this technology in the near future. Cloud storage capacity demands are increasing 40 to 60 percent year-over-year, while storage density lags behind at 20 percent. The result? More data, growing demands for space and increasing security concerns. How do enterprises overcome cloud storage security challenges? more

Permissionless Innovation: Why It Matters

We live in a world of information abundance and the proliferation of ideas. Through mobile devices, tablets, laptops and computers we can access and create any sort of data in a ubiquitous way. But, it was not always like that. Before the Internet information was limited and was travelling slow. Our ancestors depended on channels of information that were often subjected to various policy and regulatory restrictions. The Internet changed all that. more

AOL Has a Security Hole, and It’s Our Problem

Two weeks ago I wrote about Yahoo's unfortunate mail security actions. Now it's AOL's turn, and the story, as best as I can piece it together, is not pretty. Yahoo used an emerging system called DMARC, which was intended to fight phishing of often forged domains like paypal.com. A domain owner can publish a DMARC "reject" policy which, oversimplifying a little, tells the world that if mail with their name on the 'From:' line didn't come from their servers, it's not from them so you should reject it. more

Better Than Best Efforts Routing of Mission Critical Traffic and the FCC

It appears that the FCC will permit exceptions to the standard, plain vanilla best efforts routing standard for Internet traffic, such as the paid peering arrangement recently negotiated between Comcast and Netflix. In both academic and applied papers I have supported this option, with several major conditions... With no opposition that I have seen, companies like Akamai offer better than best efforts routing of "mission critical" traffic from content source to last mile, "retail" Internet Service Providers. more

Former ICANN Board Member to Congress - ICANN Needs Oversight

Karl Auerbach has written a quite long but very detailed and well thought out letter to Congress. It's not clear which members of Congress were sent the letter. Karl Auerbach is a former member of ICANN's board and is probably best remembered by many as having taken ICANN to court (and winning) in order to gain access to the organisation's financial records. more

Spotlight on African Contributions to Internet Governance Discussions (Part 1: NETmundial)

The internet affects every individual in this world whether directly or indirectly. For example, a medical professional somewhere in Goma, Congo might access the internet to read and post reviews to current medication available and this might have an impact on the kind of medication that he/she recommends to the patient, whether the patient has access to affordable internet or not. Since the internet affects everyone, Africans citizens who are aware of internet governance discussions, expect African stakeholders to engage in these discussions. more

The Importance of IP Resource Planning in Government ICT Strategic Plans

It seems everywhere I turn, there's someone throwing around statistics for how the Internet and broadband will drive economic growth, create jobs, end world hunger and bring world peace (ok, maybe not the later). Sure enough, government officials are buying into that rhetoric and extending it in initiatives like national broadband strategies, cybercrime and cybersecurity plans as well as e-governance strategies. more

Doing Crypto

The recent discovery of the goto fail and heartbleed bugs has prompted some public discussion on a very important topic: what advice should cryptologists give to implementors who need to use crypto? What should they do? There are three parts to the answer: don't invent things; use ordinary care; and take special care around crypto code. more

European Data Protection Supervisor Smacks ICANN Over Privacy Issues With 2013 RAA

ICANN has been sent a letter by the European Data Protection Supervisor calling them out with respect to both data collection, retention and privacy within the context of the 2013 Registrar contract (RAA). The letter is the first instance of one, to my knowledge, which makes reference to the ECJ's recent ruling that rendered the data retention directive null and void. more

Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more

Blocking Amplification Attacks: Sometimes the Incentives Work Against You

Since the end of last year, amplification attacks have been increasingly used by attackers and received heavy media coverage. Everyday protocols not given much thought before, like Network Time Protocol (NTP), can be asked in a very short remote command to send a very large response (list of 600 clients last connected to the NTP server) to a spoofed IP address (the target) by the requestor/attacker. more

Applicant Auction Announces Suggested Schedule for 8 Future Private gTLD Auctions

The Applicant Auction team is getting an increasing number of requests from applicants who are scheduled for ICANN's Last Resort auction and would prefer to participate in the Applicant Auction instead. A common question is: What is my last chance to participate in an Applicant Auction? To be able to give a clear answer for this, we are suggesting a schedule for future Applicant Auctions. more

Open Source Software Is the Worst Kind Except for All of the Others

Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd. A few people have suggested that the problem is that OpenSSL is open source, and code this important should be left to trained professionals. They're wrong. more

NTAG Chair Blog: A Better Auction Framework

New gTLD Applicants now have a more fair and reasonable ICANN auction framework. A collaborative negotiation between the New TLD Applicant Group (NTAG) Auctions Working Group and ICANN Staff resulted in changes that improve the auction rules and bidder agreement. The indemnification and waivers in the agreement are now aligned with breaches that applicants can control. Applicants also now have an indemnification from Power Auction for third party claims related to IP infringement. more

Topics

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days