There are some real problems in DNS, related to the general absence of Source Address Validation (SAV) on many networks connected to the Internet. The core of the Internet is aware of destinations but blind to sources. If an attacker on ISP A wants to forge the source IP address of someone at University B when transmitting a packet toward Company C, that packet is likely be delivered complete and intact, including its forged IP source address. Many otherwise sensible people spend a lot of time and airline miles trying to improve this situation... The problems created for the Domain Name System (DNS) by the general lack of SAV are simply hellish. more
Throughout this year I have once again travelled extensively through USA, Europe, Asia and Latin America. Naturally, being in this industry I watch closely the various developments in broadband, mobile and WiFi. When you are travelling obtaining access is never far from one's mind. This also provides good opportunities to compare what is available, where, what the quality is, and so on. Looking back over many years there is no doubt that, no matter where you travel, there has been incredible progress. more
Picture this: you just completed hours of internal Web services preparations with your system administrative team prior to the holidays. You discovered possible points of failure and made appropriate modifications with the expectation of a perfect load test. You take a few minutes to relax, refill the coffee mug sitting in front of you, and connect to the conference bridge where real-time discussion about the load test will occur. Things go well for the first 20 minutes of the test... Then it happens: one of the simulated users logs an error stating that it has timed out. more
Back on February 4, 2013, I wrote a CircleID post entitled 'How the registrar Cash Flow Model Could Collapse with New ICANN gTLDs.' My key point back then was this: new gTLD applicants need to be mindful of how the cash flow policies of their registry (and of their back-end service provider) could impact whether their TLD is actively promoted by ICANN registrars... registries have historically assumed near-zero risk. This is going to change. more
I've been having arguments about Network Neutrality with a lawyer. My position is that you can't adequately regulate ISPs to be neutral, because there's no agreement what "neutral" means in practice. He points out that the courts aren't interested in technical details like what packets are dropped, it's that all traffic has to be treated the same, and ISPs should just figure out how to do that. So I contemplated a city with Plumbing Neutrality with the simple rule that all people must be treated the same... more
The new Community Priority Evaluation (CPE) guidelines prepared by the Economist Intelligence Unit (EIU), and published by ICANN are now past their feedback period. We, at Radix, believe that ICANN has received feedback from approximately 10 stakeholders, and I for one, am looking forward to those being published. In light of the fact that none of the comments that ICANN received have been made public yet, I decided to blog about my multiple concerns with the new guidelines. Sparing a thought for the not-so-involved reader, I have limited my rant to some of the more important issues. more
Over the last 5 years, hacktivists have continued the practice of redirecting well-known domain names to politically motivated websites utilizing tactics such as SQL injection attacks and social engineering schemes to gain access to domain management accounts -- and that, in and of itself, is not surprising. But what IS surprising is the fact that less than 15% of the 500 most highly trafficked domains in the world are utilizing Registry Locking. more
This weekend Jari Arkko, Chair of the Internet Engineering Task Force (IETF), and Stephen Farrell, IETF Security Area Director, published a joint statement on the IETF blog titled: "Security and Pervasive Monitoring"... They go on to outline some of the IETF's general principles around security and privacy as well as some of the new developments. They also point out a vigorous (and still ongoing) discussion within the IETF around how to improve the security of the Internet in light of recent disclosures. more
Last week, The New York Times website domain was hacked by "the Syrian Electronic Army". Other famous websites faced the same attack in 2012 by the Hacker group "UGNazi" and, in 2011 by Turkish hackers. Basically, it seems that no Registrar on the Internet is safe from attack, but the launching of new gTLDs can offer new ways to mitigate these attacks. more
With a goal of 270M fixed broadband lines in 2015 and near-universal service by 2020, the new "Broadband China" strategy is extraordinary. OFweek, a valuable site in Chinese, breaks the plan into three phases. The first is a full speed stage, ending in 2013, that deploys basic broadband and 3G widely. The second stage, 2014-2015, is dedicated to a further takeup and wider deployment. That will include 400,000+ LTE cell sites. more
When the scale of global surveillance carried out by the NSA (USA) and by the GCHQ (UK) was exposed by Edward Snowden through The Guardian, people around the world were shocked to discover how two established democracies routinely resort to methods that they have long deplored -- and rightly so -- in dictatorships, theocracies and other single-party arrangements. In a previous article, I lamented the fact that by carrying out this surveillance on an unprecedented scale, the US and the UK are, in fact, converging with the very regimes they criticize. more
Having been a member of the Committee for this past year, I'm pleased to share that the US Federal Communications Commission (FCC) "Open Internet Advisory Committee" has published its first annual report... The report is weighty - 98pp if you kill trees to print it. The OIAC was established as part of the US FCC Open Internet activity and Open Internet Report and Order from 2010. The FCC appointed expert committee members from a broad range of commercial, academic, and not-for-profit organizations. more
During the "GNSO Discussion with the CEO" at the recent ICANN meeting in Durban, I stated that ICANN talks a lot about the importance of supporting the public interest, but in reality the organization's first priority is protecting itself and therefore it avoids accountability and works very hard at transferring risks to others. In response to my comments, ICANN CEO Fadi Chehadé asked me to provide him examples of where ICANN can be more accountable. Copied below is my response letter to Chehadé, which provides seven examples. more
This post follows an earlier post about DNS amplification attacks being observed around the world. DNS Amplification Attacks are occurring regularly and even though they aren't generating headlines targets have to deal with floods of traffic and ISP infrastructure is needlessly stressed -- load balancers fail, network links get saturated, and servers get overloaded. And far more intense attacks can be launched at any time. more
Real browsers vs. virtual browsers. It's a hot topic among Web performance testing providers and customers. Which is the better choice? Well, it depends. They're not intended for use under the same circumstances and requirements, so you aren't comparing apples to apples, instead, you are comparing apples to grapples. more
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byVerisign
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byWhoisXML API