Spamfiltering blocks email. This is something we all know and understand. For most people, that is everyone who doesn't manage an email server or work in the delivery field or create spamfilters, filtering is a totally unseen process. The only time the average person notices filters is when they break. The breakage could be blocking mail they shouldn't, or not blocking mail they should. more
Ripped from the headlines: A recent DDoS attack lasted an entire 60 days. In other news, a single site was attacked 218 times in Q2 alone. To those of us in the business of protecting Web infrastructure, these stories are hardly surprising. What's notable, though, is where they were reported, in The Financial, whose focus is banking and financial services, not technology. The reporters used the term "DDoS" as if it were as common as "hedge fund," something everyday business people, not just techies, grasp. It's this human element that caught my interest and got me thinking a little. more
There's often a lot of discussion about whether a piece of malware is advanced or not. To a large extent these discussions can be categorized as academic nitpicking because, at the end of the day, the malware's sophistication only needs to be at the level for which it is required to perform -- no more, no less. Perhaps the "advanced" malware label should more precisely be reattributed as "feature rich" instead. more
Signing Email is now a Draft Standard! Signing email transitioned from a proposed standard to a draft standard (RFC6376 -- one of the new RFCs) over at the IETF a few days ago. The other is RFC6377. Let's go through a brief history of DKIM RFCs to refresh our memories... more
Cloud computing, from a business and management perspective, has a great deal in common with mainframe computing. Mainframes are powerful, expensive and centralized pieces of computing equipment. This is in line with their role as infrastructure for mission-critical applications. For these types of applications, mainframes can be fairly efficient, even though they tend to need large teams of support specialists... Cloud computing is a new style of computing... more
While typosquatting is not a new phenomenon, recent research highlights that it is being used to collect sensitive corporate information from employees and lure consumers to interact with dubious websites. ... Security consultancy Godai Group recently uncovered the use of a specific type of typosquat - a "doppelganger domain" - to collect sensitive enterprise information via email-based attacks. more
On September 12 China, the Russian Federation, Tajikistan and Uzbekistan released a Resolution for the UN General Assembly entitled "International code of conduct for information security." The resolution proposes a voluntary 12 point code of conduct based on "the need to prevent the potential use of information and communication technologies for purposes that are inconsistent with the objectives of maintaining international stability and security and may adversely affect the integrity of the infrastructure within States..." more
In the wake of Google's settlement with the Department of Justice for permitting advertising by illegal online pharmacies, what are the legal implications for Domain Name Registrars and ISPs in the US and elsewhere? In short, if you're a Registrar or ISP, it's a new ballgame. Here's why it's critical for you to steer clear of criminal and civil liability by making sure your registration services aren't used by rogue online pharmacy criminals. (And, here's how to do it.) more
I read with interest the piece by the Chairman of the Association of National Advertisers (ANA), Garry Elliot, in Advertising Age, which was partly prompted by my commentary in the same publication describing why new generic Top-Level Domains (gTLDs) could be an opportunity for some brands. He says: "From all I've seen, no matter how one tries to justify ICANN's process or the benefits it speculates will occur, it is simply impossible to defend the economics of the ICANN proposal. That is the Achilles' heel of this entire exercise. To paraphrase an old saying, 'It's the economics, stupid.'" more
On September 2nd ICANN opened a one-month public comment period asking whether its Conflict of Interest Policy and related Bylaws should be altered. In light of recent heightened scrutiny of ICANN's policies regarding permissible employment options for departing Directors and key employees this announcement might have been welcome news. Instead, it's a narrow, cart-before-the-horse initiative that seems tone-deaf to predictable stakeholder, political and public relations fallout. more
Everyone seems to be talking about how the big boom is set to happen in India for domain names, and there are significant factors to ensure that this growth happens. The internet spends and E-commerce usage is fast becoming the face of modern India, a part of everyday lifestyle. Although awareness is still the biggest barrier domain name Registrars face with consumers, there are signs of significant improvement in trust, usability and the adoption of web services. more
Since ICANN's CEO announced (on Twitter) that he would be leaving in July 2012, the Internet has been abuzz with details on what happened and why. Rod Beckstrom's tenure so far has earned praise and criticism, much of the latter dwelling on his management style, and on the rate of turnover in ICANN's staff since his appointment. As for the praise, it was implicit in the official announcement put out by ICANN on 16 September, with a link to a list of the outgoing CEO's achievements. Many in our community have a vivid recollection of the criticism leveled at Beckstrom, during a plenary session in an ICANN international meeting, by Maria Farrell, a former staff member. more
In previous installments we've been looking at aspects of the design of the DNS. In today's grand finale we look at the the subtle but very knotty issue of names inside and outside the DNS. In the early years of the DNS, domain names were typically resolved to A records which were used to identify a host running a service. With the notable exception of e-mail, once the host was identified, the name no longer mattered. more
The front page story of the September 13 2011 issue of the International Herald Tribune said it all: "Iranian activists feel the chill as hacker taps into e-mails." The news story relates how a hacker has "sneaked into the computer systems of a security firm on the outskirts of Amsterdam" and then "created credentials that could allow someone to spy on Internet connections that appeared to be secure." According to this news report this incident punched a hole in an online security mechanism that is trusted by hundreds of millions of Internet users all over the network. more
As it's coming down to brass tacks and companies are now seriously considering applying for their own .Brand Top-Level Domain (TLD), questions about whether to also apply for a truly generic TLD keep popping up. Many large corporations want to know whether it's even possible to apply for something like .Shoes AND to restrict registrations so that only a single specified registrant is allowed. After all, for the right company it seems that something like .Shoes could be a valuable namespace -- short, easy to remember, and easy to spell. more
Sponsored byDNIB.com
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byRadix
Sponsored byVerisign