A reader recently brought to my attention an upcoming conference in London in the UK -- The Oil and Gas Cyber Security Forum. Here's a little blurb: "Despite investments into state of the art technology, a majority of the oil and gas industry remain blissfully unaware of the vulnerabilities, threats and capability of a malicious cyber attack on control systems..." I bring this up because it is relevant to the trends in cyber security that we see this year - that of the Advanced Persistent Threat. more
As each day passes, I spend more time immersing myself with prospective clients who are weighing up our offering over those of alternative providers. The more I become entrenched in this competitive process, the more it becomes increasingly clear that many of the competing RSPs pitching their wares to hopeful applicants are misleading them by hiding critically important information in fine print disclaimers or feeding them rubbish in order to whittle down the competition. Competition is a great thing; it just needs to be on the same playing field. Make sure you are comparing apples with apples. more
I came across an interesting article on Reuters today: "U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a rash of high-profile Internet crimes..." This is a pretty big step for the SEC. Requiring companies to disclose when they have been hacked shifts the action on corporations from something voluntary to something that they have to do. The question is do we want to hear about everything? more
Mainsleaze is nerdy slang for spam sent by large, well-known, otherwise reputable organizations. Although the volume of mainsleaze is dwarfed by the volume of spam for fake drugs, account phishes, and Nigerian 419 fraud, it causes work for mail managers far out of proportion to its volume... The problem with mainsleaze is that it is generally mixed in with mail that the recipients asked for, and there's no way to tell the difference mechanically. more
One of the primary purposes of the ICANN New generic Top-Level Domain (gTLD) program is to foster innovation in the DNS industry and the wider Internet. While having a desirable TLD string that users can relate to is a good starting point, gTLD applicants may want to bolster their value propositions by offering innovative services and differentiate their TLDs from others. Defining the services to be offered is so central to a gTLD that it should be part of the initial strategy of any prospective applicant. more
According to Kaspersky Lab, 2011 has seen "numerous DDoS attacks with a variety of motives," many of which will "go down in the annals of cybercrime." As we look ahead to 2012, it's worth examining some of those motives to see what they portend. more
As a seasoned internet user, even an old 'Domainer', I was there when ICANN launched the first round of New TLDs. I remember the criticism we received from the media back then. We were invited to countless roundtable discussions, press conferences, and local internet events at which we were expected to answer the key media question: "Why are new TLDs necessary?" Dot BIZ, .INFO, and four more were the test bed new TLDs -- I represented .BIZ in EMEA. more
Too many techies still don't understand the concept of due process, and opportunistic law enforcement agencies, who tend to view due process constraints as an inconvenience, are very happy to take advantage of that. That's the lesson to draw from Verisign's proposal and sudden withdrawal of a new "domain name anti-abuse policy" yesterday. The proposal, which seems to have been intended as a new service to registrars, would have allowed Verisign to perform malware scans on all .com, .net, and .name domain names quarterly when registrars agreed to let them do it. more
Studies have found only limited, insufficient agency adherence with FISMA's (Federal Information Security Management Act) continuous monitoring mandates. One survey found almost half of federal IT professionals were unaware of continuous monitoring requirements. A recent GAO report found that two-thirds of agencies "did not adequately monitor networks" to protect them "from intentional or unintentional harm." more
It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns. more
This debate never got heated during the NewDomains.org conference in Munich last month. One might speculate that it was largely because most in the audience and on the panel, support and believe in the existence of both. There is no need to make a direct either/or comparison. What sets Facebook and Apps apart from existing popular Top-Level Domains (TLDs) is the concept of a closed environment in which users can interact with the technology and each other in a dedicated space. more
Recent articles in the press have outlined how sites including MSN and Hulu are now using an advanced version of the old cookie file to track user behavior. These "supercookies" are very hard to detect and delete, and can track user behavior across multiple sites, not just one. These tricky little trackers have lawmakers pressing the FTC to investigate, and the IAB scrambling to defend industry practices. more
There has been considerable debate on whether the Internet needs new Top Level Domains. Advertising advocacy groups have objected to the expense of re-investment in online branding. There's a lot of work involved in telling the world .BEYONCE is where you will now find all official Beyonce related information. I'm wondering, why would anyone object to some order being applied to the internet? more
"Smartphones (and tablets, WdN) are invading the battlefield", reports the Economist on its website of 8 October 2011. On the same day the hacking of U.S. drones is reported on by several news sites. ("They appear friendly". Keyloggers???) Is this a coincidence? more
Internet routes are specified for an address prefix. The shorter the prefix, the more general the route. A shorter prefix covers more address space and thus a bigger part of the Internet. Very long prefixes cover few addresses and are used for local routing close to the destination address. In general, it is not necessary to distribute very long prefixes to the whole Internet, because a more general, shorter prefix is sufficient to direct packets in the direction of the destination. more
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byVerisign
Sponsored byDNIB.com