In his eloquent dissent against approving .XXX, ICANN Board member George Sadowsky talked about blocking and filtering top-level domains. It's a concise statement of a concern that has been identified by various people, including members of the Governmental Advisory Committee (GAC), as an impediment to the new generic Top-Level Domain (gTLD) program. It's a thorough defense of a common point of view about blocking TLDs, but while no-one can disagree about the fact of blocking, what is the actual effect? more
I recently wrote about the encouraging level of DNSSEC adoption among top-level domain name registries, and noted that adoption at the second level and in applications is an important next step for adding more security to the DNS. The root and approximately 20 percent of the top level domains are now signed; it is time for registrars and recursive DNS servers operated by the ISPs to occupy center stage. more
Over the last ten years we have heard a lot about edge-based services. These were needed to enable the operation of applications at the edge of the network, as the lack of available bandwidth capacity made it difficult to do so over the core network. However, with the prospect of limitless bandwidth the design of the network is changing again. more
There has been a lot of talk, blogging, tweeting and press reportage about the Epsilon breach, but little in the way of concrete information to consumers as to where they stand, if their personal information (PII) such as their name and email address has been lost to criminals. The CAUCE Board of Directors have developed the following FAQ that provides facts and guidance for those affected by the breach. more
Within a single month, privacy has moved to the top of the "to-do" list for government, business and consumers. In fact, the confluence of activity is the best indication in the last ten years that the will exists to establish regulatory and self-governance programs that complement consumer protection. Privacy is a growth market. more
After Epsilon lost a bunch of customer lists, I've been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen -- not least because it'll be interesting to see where this data ends up. Recently I got mail from Marriott, telling me that "unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list."... more
Resource certification verifies that an Internet number resource (IP address space or autnonomous system number) has legitimately been allocated by a Regional Internet Registry. It will also benefit every network operator and Internet user in the world by helping to ensure long-term routing stability. more
If there is one fundamental trend everyone can agree on in technology circles, it's the move to mobile. More and more online traffic is originating not from PCs, but from smart mobile devices. You can pick your research study to confirm -- recently I read that Tony White of Ars Logica is projecting that by next year 50% of all web traffic will be generated by mobile devices. That may be aggressive, but you get the idea. more
Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes: "There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.' In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.' In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples." more
At ThousandEyes, we've always been curious about the performance of various public DNS resolvers -- especially since Google threw their hat in the ring back in 2009. We satisfied our curiosity this week, so we thought we'd share the results. Here's how we did it. more
Over at Word to the Wise, Laura Atkins has a post up where she talks about the real problem with ESPs and their lack of internal security procedures which resulted in the breach of many thousands of email addresses (especially Epsilon). However, Atkins isn't only criticizing ESP's lack of security but also the industry's response wherein they have suggested countermeasures that are irrelevant to the problem. more
The following is a proposal for an "Early Warning" system to resolve one of the remaining impasses between the ICANN Board and the ICANN Governmental Advisory Committee (GAC) as identified in the GAC Scorecard. Based upon phased array radar technology, this proposal is designed to incorporate multiple discrete evaluation phases into the new generic Top-Level Domain (gTLD) program to provide an integrated and comprehensive early warning system for the GAC in providing advice to the ICANN Board, potential applicants, and the broader Internet community. more
One of the essential features of the social compact that makes ICANN viable in its stewardship of the Domain Name system is that the operations of the Contracted Parties, i.e. Registrars and Registries, are governed by the cooperation of the contracted parties and the non-contracted parties, i.e. the stakeholders, in the creation of policy. In ICANN, contracts and other agreements are the method by which this policy is instantiated. more
Applying for a new Top-Level Domain (TLD) is an expensive and lengthy process, costing an estimated $500K for application and various legal and professional services. Central to the application is the business case. Even though ICANN requires an albeit simple version, most applicants must have a credible business case, especially if they need to secure internal approval, or more importantly attract and secure outside investment. Given the truth to the maxim "if you fail to plan, you plan to fail," some closer scrutiny of your business plan will pay dividends in the long-term... more
A few days ago, CAUCE published a blog post entitled "Epsilon Interactive breach the Fukushima of the Email Industry" on our site, and the always-excellent CircleID. A small coterie of commenters was upset by the hyperbolic nature of the headline. Fair enough, an analogy usually has a high degree of probability that it will fail, and clearly, no one has died as a result of the release of what appears to be tens of millions of people's names and email addresses. But, the two situations are analogous in many other ways, and here's why. more
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byCSC