As a reader of this article, you are probably familiar with the DNS cache poisoning techniques discovered a few years ago. And you have most likely heard that DNSSEC is the long term cure. But you might not know exactly what challenges are involved with DNSSEC and what experience the early adopters have gathered and documented. Perhaps you waited with our own rollout until you could gather more documentation over the operational experience when rolling out DNSSEC. This article summarizes authors' experiences and learnings from implementing the technology in production environments as well as discusses associated operational issues. more
Complete DNSSEC implementation requires that domains are authenticated at the root by the Registry, and that DNS zones and records are authenticated as well. Now before I go any further, let me begin by stating that I fully support the development and deployment of DNSSEC and that the vulnerabilities presented by Cache Poisoning are very real, especially for those websites collecting login credentials or other types of sensitive information. more
You may have seen media reports a few weeks ago describing how servers behind the so-called Great Firewall of China were found delivering incorrect DNS information to users in the rest of the world, thereby redirecting users to edited Web pages. Reports indicate that this apparently occurred due to a caching error by a single Internet Service Provider. While the problem was fairly limited in scope, it could have entirely been prevented in a world where DNSSEC was fully deployed. more
Bennett Haselton, who runs the Peacefire anti-censorship site, is one of the more successful anti-spam litigants. He says he's filed about 140 suits, mostly in small claims court, and has won the majority of the suits that got far enough to be decided on the merits. But last month, in Federal court in Seattle, he lost a suit against Quicken Loans that he should have won, partly because of his own mistakes, but largely because of the pernicious effect of Gordon vs. Virtumundo. more
The impact of the changes set in motion by President Obama back in late 2008 in relation to the direction the telecommunications are slowly becoming apparent and are taking many Americans by surprise, even many of the experts and analysts in this industry. This has created a lot of noise and confusion, as people are trying to understand what is happening and how it will affect them. more
Google may have unnecessarily provoked a fight with China, but the Middle Kingdom better keep its wits, lest it repeat a sad protectionist history. Early last millennium China was the world's richest civilization and technology leader. It famously invented gunpowder, iron casting, paper, porcelain, printing, and gigantic nine-masted sailing vessels. Between 1405 and 1433, the great Muslim Chinese explorer Zheng He led seven expeditions in the South Pacific and Indian Oceans, reaching the coast of East Africa. China's naval fleet grew to 3,500 ships... more
The year 2010 is turning out to be the "year of DNSSEC" from Registry implementations, Registrar implementations, ISP support, to the Root being signed this summer. Because we are dealing with such critical infrastructure, it is important to not lose sight of careful implementations. more
Any vendor in the platform business knows that their primary product is programming interfaces -- the so-called APIs that developers depend upon in order to deliver applications. The API exposes features of the platform, and differentiate applications running on that platform from all others. Lose control of the API, and you will lose control of the developer. Developers are the leading indicator for platform success. Ergo, lose the developer, lose the platform. more
At the beginning of this year, a set of powerhouse organizations in cybersecurity (CSO Magazine, Deloitte, Carnegie Mellon's CERT program, and the U.S. Secret Service) released the results of a survey of 523 business and government executives, professionals and consultants in the ICT management field. The reaction generated by this survey provides an unusually clear illustration of how cyber-security discourse has become willfully detached from facts. more
This is a reply to Susan Crawford's circleid article "Comcast v. FCC - "Ancillary Jurisdiction" Has to Be Ancillary to Something". I started writing a reply to her article, adding some comments I had and also reminding her that she'd predicted this herself, in an earlier circleid article, but it turned out long enough that I decided to submit it as a circleid post instead. On the whole, the facts agree with this CNET article. This court decision was correct, and expected... more
Big news today - Judge Tatel has written the D.C. Circuit's opinion in Comcast v. FCC, and Comcast wins. Bottom line: The FCC didn't have regulatory authority over Comcast's unreasonable network management practices because it failed to tie that authority to any express statutory delegation by Congress... more
The fact that businesses around the world are knocking on the doors of their governments asking for spectrum is a clear indication that this telco real estate market is hotting up. The reason for this is not too hard to guess -- the enormous growth in the demand for mobile broadband. There is a large amount of pent-up demand as the mobile operators didn't want to open up this market while they were in the middle of adding new customers to their mobile voice services. more
A few weeks back I asked Where is China's IDN? ICANN not only answered my question about China, but also about a host of additional countries (and territory) that had applied for fast-track IDNs. Here are the most recent IDN (string evaluation) approvals... more
I read, with some small amount of discomfort, an article by Bill Brenner on CSO Online, wherein he interviewed several other CSOs and other "Security Execs" on their opinions on the firing of Pennsylvania CISO Robert Maley. For those who haven't heard about this, Mr. Maley was fired for talking about a security incident during the recent RSA conference without approval from his bosses. more
In my recent blog on utilities and the NBN I mentioned that the ultimate prize would be a combination of the ONT (Optical network terminal: the network interface device used in fibre-to-the-home applications, which operates as a demarcation point between the local loop of the carrier and the wiring in the user premises) and intelligent gateway the electricity company need for their smart meters and home energy networks. Perhaps I should expand on this a little... more
Sponsored byRadix
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byWhoisXML API