The recent discovery of the goto fail and heartbleed bugs has prompted some public discussion on a very important topic: what advice should cryptologists give to implementors who need to use crypto? What should they do? There are three parts to the answer: don't invent things; use ordinary care; and take special care around crypto code. more
ICANN has been sent a letter by the European Data Protection Supervisor calling them out with respect to both data collection, retention and privacy within the context of the 2013 Registrar contract (RAA). The letter is the first instance of one, to my knowledge, which makes reference to the ECJ's recent ruling that rendered the data retention directive null and void. more
Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more
Since the end of last year, amplification attacks have been increasingly used by attackers and received heavy media coverage. Everyday protocols not given much thought before, like Network Time Protocol (NTP), can be asked in a very short remote command to send a very large response (list of 600 clients last connected to the NTP server) to a spoofed IP address (the target) by the requestor/attacker. more
The Applicant Auction team is getting an increasing number of requests from applicants who are scheduled for ICANN's Last Resort auction and would prefer to participate in the Applicant Auction instead. A common question is: What is my last chance to participate in an Applicant Auction? To be able to give a clear answer for this, we are suggesting a schedule for future Applicant Auctions. more
Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd. A few people have suggested that the problem is that OpenSSL is open source, and code this important should be left to trained professionals. They're wrong. more
New gTLD Applicants now have a more fair and reasonable ICANN auction framework. A collaborative negotiation between the New TLD Applicant Group (NTAG) Auctions Working Group and ICANN Staff resulted in changes that improve the auction rules and bidder agreement. The indemnification and waivers in the agreement are now aligned with breaches that applicants can control. Applicants also now have an indemnification from Power Auction for third party claims related to IP infringement. more
Size and cost have always been restraining factors to the utilization of computers. The first computers occupied whole rooms. When personal computers arrived, they were still rather bulky. Today, we have slim ultrabooks and compact small form factor PCs. Computers are not only getting smaller in this age, they're also becoming cheaper. And single-board computers like the Raspberry Pi are taking cost and size down a step further. These units bring compact and affordable processing to the masses. more
There's been a lot of ink and pixels spilled of late over the Heartbleed bug. Yes, it's serious. Yes, it potentially affects almost everyone. Yes, there are some precautions you should take. But there's good news, too: for many people, it's a non-event. Heartbleed allows an attacker to recover a random memory area from a web or email server running certain versions of OpenSSL. The question is what's in that memory. It may be nothing, or it may contain user passwords (this has reportedly been seen on Yahoo's mail service), cryptographic keys, etc. more
Given the "going live" of New gTLDs as well as the NTIA's announcement of its intent to transition Internet domain name functions to a multi-stakeholder environment, the 49th ICANN meeting in Singapore was sure to be a busy one. Here's a breakdown of some of the key happenings during the week. more
Here at the Anti-Phishing Working Group meeting in Hong Kong, we've just released the latest APWG Global Phishing Survey. Produced by myself and my research partner Rod Rasmussen of Internet Identity, it's an in-depth look at the global phishing problem in the second half of 2013. Overall, the picture isn't pretty. There were at least 115,565 unique phishing attacks worldwide during the period. This is one of the highest semi-annual totals we've observed since we began our studies in 2007. more
DMARC is what one might call an emerging e-mail security scheme. It's emerging pretty fast, since many of the largest mail systems in the world have already implemented it, including Gmail, Hotmail/MSN/Outlook, Comcast, and Yahoo. DMARC lets a domain owner make assertions about mail that has their domain in the address on the 'From:' line. It lets the owner assert that mail will have a DKIM signature with the same domain, or an envelope return (bounce) address in the same domain that will pass SPF validation. more
Starting Dot ("SD") is a French new gTLD applicant which applied for five strings: .ARCHI, .BIO, .DESIGN, (which has been withdrawn) .IMMO and .SKI. It is the only French applicant to have applied for several open new gTLDs. Some French brands have applied too but as closed Top-Level Domains... While Starting Dot may be one of the smaller portfolio applicants, there is a considerable difference here in the way their projects are handled when compared to some of the larger applicants. more
A lot of people have been talking about the "interconnection" deal between Comcast and Netflix and whether that deal is related to network neutrality. (It is.) This question comes partly because the FCC's 2010 Open Internet Order (also known as the network neutrality order) was recently struck down. So network neutrality lands back at the FCC, with a new Open Internet proceeding, at the same time Netflix starts working so poorly on Comcast that Netflix had to cut a special deal with Comcast. more
Carlos Slim of Telmex tells me the world is about to change. "Two billion more people will connect to the Internet when smartphones cost $50. The phone makers are promising me a $50 phone in 2014." If Spreadtrum and Firefox deliver a $25 smartphone, as promised, that could accelerate takeover. ~310,000,000 Africans will be connected to the Internet in 2017, Arielle Sumits of Cisco predicts... It's inevitable that the U.S. will be dwarfed by the rest of the world. more
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byDNIB.com