After Epsilon lost a bunch of customer lists, I've been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen -- not least because it'll be interesting to see where this data ends up. Recently I got mail from Marriott, telling me that "unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list."... more
Resource certification verifies that an Internet number resource (IP address space or autnonomous system number) has legitimately been allocated by a Regional Internet Registry. It will also benefit every network operator and Internet user in the world by helping to ensure long-term routing stability. more
If there is one fundamental trend everyone can agree on in technology circles, it's the move to mobile. More and more online traffic is originating not from PCs, but from smart mobile devices. You can pick your research study to confirm -- recently I read that Tony White of Ars Logica is projecting that by next year 50% of all web traffic will be generated by mobile devices. That may be aggressive, but you get the idea. more
Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes: "There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.' In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.' In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples." more
At ThousandEyes, we've always been curious about the performance of various public DNS resolvers -- especially since Google threw their hat in the ring back in 2009. We satisfied our curiosity this week, so we thought we'd share the results. Here's how we did it. more
Over at Word to the Wise, Laura Atkins has a post up where she talks about the real problem with ESPs and their lack of internal security procedures which resulted in the breach of many thousands of email addresses (especially Epsilon). However, Atkins isn't only criticizing ESP's lack of security but also the industry's response wherein they have suggested countermeasures that are irrelevant to the problem. more
The following is a proposal for an "Early Warning" system to resolve one of the remaining impasses between the ICANN Board and the ICANN Governmental Advisory Committee (GAC) as identified in the GAC Scorecard. Based upon phased array radar technology, this proposal is designed to incorporate multiple discrete evaluation phases into the new generic Top-Level Domain (gTLD) program to provide an integrated and comprehensive early warning system for the GAC in providing advice to the ICANN Board, potential applicants, and the broader Internet community. more
One of the essential features of the social compact that makes ICANN viable in its stewardship of the Domain Name system is that the operations of the Contracted Parties, i.e. Registrars and Registries, are governed by the cooperation of the contracted parties and the non-contracted parties, i.e. the stakeholders, in the creation of policy. In ICANN, contracts and other agreements are the method by which this policy is instantiated. more
Applying for a new Top-Level Domain (TLD) is an expensive and lengthy process, costing an estimated $500K for application and various legal and professional services. Central to the application is the business case. Even though ICANN requires an albeit simple version, most applicants must have a credible business case, especially if they need to secure internal approval, or more importantly attract and secure outside investment. Given the truth to the maxim "if you fail to plan, you plan to fail," some closer scrutiny of your business plan will pay dividends in the long-term... more
A few days ago, CAUCE published a blog post entitled "Epsilon Interactive breach the Fukushima of the Email Industry" on our site, and the always-excellent CircleID. A small coterie of commenters was upset by the hyperbolic nature of the headline. Fair enough, an analogy usually has a high degree of probability that it will fail, and clearly, no one has died as a result of the release of what appears to be tens of millions of people's names and email addresses. But, the two situations are analogous in many other ways, and here's why. more
Market research firm Infonetics Research this week released VoIP and UC Services and Subscribers, a market share and forecast report that includes two Business VoIP Service Provider Scorecards that will be published later this year, and an IP Centrex Provider Tracker highlighting deployments by provider, region, service, and platform. more
After wading through the various IANA Notice of Inquiry (NOI) submissions I thought I would take a break and do a secondary review of the recently concluded ICANN regional meeting in San Francisco. In doing this review there were three things that kind of jumped out at me as still missing in action. more
A series of attacks on the Email Service Provider (ESP) community began in late 2009. The criminals spear-phish their way into these companies that provide out-sourced mailing infrastructure to their clients, who are companies of all types and sizes. ... On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially. Email lists of at least eight financial institutions were stolen. more
In comments to the U.S. Government, ICANN sought to convince the National Telecommunications and Information Administration (NTIA) to relinquish its oversight of the Internet Address and Number Authority ("IANA") functions. At its heart, ICANN's presentation is a plea for NTIA to declare the privatization of DNS management finished. For several reasons, ICANN's plea should be refused. more
About two years ago I wrote with concern about Bit.ly's use of Libya's country code. I noted that It's always important to keep in mind that a company can't "own" a domain the way it owns real estate. Now it appears that companies that have built brand names on Libya's country code are facing difficult times. more
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byVerisign
Sponsored byDNIB.com