ICANN oversees the creation of many contracts. Its highest paid contractor has historically been the law firm of Jones Day, and of course ICANN has many lawyers on staff. In the past I've identified loopholes in proposed contracts, and those were corrected before they were exploited. However, are there other loopholes sitting in existing contracts waiting to be exploited, or ambiguities with major financial consequences depending on their interpretation? more
On eBay, a Virgin Mary Grilled Cheese Sandwich sold for $28,000, a ghost in a jar for $55,000, and a Corn Flake shaped like the state of Illinois $1,350. In each of these very real examples, auction participants placed significant value on the items they were pursuing, in spite of their questionable value. These lucky eBay winners may have also received a case of Winner's curse... Unfortunately, human beings are not always rational and information is rarely - if ever - perfect. So how do you avoid winner's curse for your TLD? more
As Ray King emphasized in his post on private auctions, "[m]ost importantly, let's get moving -- private auction makes business sense, provides clarity and speeds the process for everyone." In the "get moving" spirit, I wish to answer a number of questions that I am frequently asked about private auctions in general and the Applicant Auctions in particular. more
Time for another annual roundup from the world of IP addresses. What happened in 2012 and what is likely to happen in 2013? This is an update to the reports prepared at the same time in previous years, so lets see what has changed in the past 12 months in addressing the Internet, and look at how IP address allocation information can inform us of the changing nature of the network itself. more
It is just another phishing case. Why should I care? I happened to receive my own copy of the phishing email message. Most Internet users will just smile bitterly before deleting it. I checked it to see why it had gone through the spam filters. It had no URL in the text but a reply-to address. So it needed a valid domain name, and had one: postfinances.com. PostFinance (without trailing "s") is the payment system of the Swiss Post. It has millions of users. more
In general, a network firewall is just a traffic filter... Filtering rules can be anything from "allow my web server to hear and answer web requests but not other kinds of requests" to "let my users Ping the outside world but do not let outsiders Ping anything on my network." The Internet industry has used firewalls since the mid-1980's and there are now many kinds, from packet layer firewalls to web firewalls to e-mail firewalls. Recently the DNS industry has explored the firewall idea and the results have been quite compelling. In this article I'm going to demonstrate a DNS firewall built using RPZ (Response Policy Zones) and show its potential impact on e-mail "spam". more
I recently talked about the top trends of 2012. Well, now it's time for me to look into my crystal ball and predict the future. I believe that this year we'll see great developments when it comes to TR-069. I know you'll say that this was a trend last year, but I'm confident that 2013 is the year that this protocol will really shine. more
Anyone who expected that with the end of the Dubai ITU World Conference on International Telecommunications (WCIT) in December 2012, the heated debate on the future regulation of the Internet will slow down should remember to fairytale of the battle of the knight with the seven-headed dragon. Hardly a head is cut off, another is growing. In 2013 the discussion on Internet freedom will likely gain in sharpness. more
As an applicant in this new gTLD round with quite a few overlapping strings, I've had a keen interest in the various proposed auction platforms. In the past six months the ideas behind private auction have matured significantly and I now see it as a strong mechanism for resolving contention. Following are my observations. more
It was 30 years ago today, on January 1, 1983, that the ARPANET had a "flag day" when all connected systems switched from using the Network Control Protocol (NCP) to the protocols known as TCP/IP. This, then, gave rise to the network we now know as the Internet. more
.tk was once designated as the riskiest ccTLD. .ru is often said to be, after .com, the most used in the content of spam messages. But is there a ccTLD that is a favorite destination for copyright infringement? The question is worth asking in view of the growing trend for .com domain names seizures related to copyright infringement. more
The capabilities IPv6 provides will enhance online security, but the shift to the new Internet address scheme may also present risks if not properly managed. Previously, Internet security was largely an after-thought for the early Internet, as its primary purpose was to facilitate open, end-to-end, any-to-any communications and information exchange for bridging and accelerating research efforts. Today, we have a much more complex online ecosystem that spans billions of users across the globe and serves not only as an engine for e-commerce, but as an engine for all commerce. more
The problem with setting expectations is that when they are not fulfilled the fallout is generally considered to be a failure, and while everyone wants to claim parenthood of success, failure is an orphan. In that sense it looks like the WCIT meeting, and the International Telecommunications Regulations (ITRs) that were being revised at that conference this month are both looking a lot like orphans. There have been a number of reports of the outcome of the two week... Most of the blogs were quick to characterize the outcome as a loss for the dark forces that lurked somewhere in the closets of the ITU's headquarters in Geneva. But there is more to it than that. more
In the previous installments we looked at software changes in mail servers, and in the software that lets user mail programs pick up mail. What has to change in the user mail programs? ... The first and most obvious is that users have to be able to enter the addresses. more
Throughout the second half of 2012 many security folks have been asking "how much is a zero-day vulnerability worth?" and it's often been hard to believe the numbers that have been (and continue to be) thrown around. For the sake of clarity though, I do believe that it's the wrong question... the correct question should be "how much do people pay for working exploits against zero-day vulnerabilities?" more
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byRadix