They say (whoever "they" are) that good things come in threes, and that certainly seems true for law enforcement against spammers this week. In New York, Adam Vitale was sentenced to 30 months in prison and ordered to pay $183,000 in restitution for a week of spamming AOL back in 2005... In Illinois, an FTC settlement requires Spear Systems and company executives Bruce Parker and Lisa Kimsey to give up $29,000, stop making "false or unsubstantiated claims about health benefits" of their products, and bars them from violating CAN-SPAM ever again... And finally, in Seattle, the Robert Soloway case continues... more
On Tuesday July 8, CERT/CC published advisory #800113 referring to a DNS cache poisoning vulnerability discovered by Dan Kaminsky that will be fully disclosed on August 7 at the Black Hat conference. While the long term fix for this attack and all attacks like it is Secure DNS, we know we can't get the root zone signed, or the .COM zone signed, or the registrar / registry system to carry zone keys, soon enough. So, as a temporary workaround, the affected vendors are recommending that Dan Bernstein's UDP port randomization technique be universally deployed. Reactions have been mixed, but overall, negative. As the coordinator of the combined vendor response, I've heard plenty of complaints, and I've watched as Dan Kaminsky has been called an idiot for how he managed the disclosure. Let me try to respond a little here, without verging into taking any of this personally... more
So, the FCC will recommend that Comcast be "punished" or receive "sanctions" for its peer-to-peer throttling practice. And the network neutrality debate goes on, as does its ambiguities and vagueness. Even if you hate Comcast and agree with the net neutrality argument and the FCC's decision, one thing Comcast is correct in saying is that "reasonable network management" specified by the FCC in network neutrality policy set in 2005 is vague. Actually, the term "network management" by itself is broad before you even try to interpret what is meant by "reasonable", and it is not exactly correct in its application here... more
Planning for a short trip to Hong Kong tomorrow reminded me of Jonathan Shea, something I wanted to blog about but was waiting for the hype around the new generic Top-Level Domains (TLDs) to cool down. Jonathan Shea is an old friend who is in-charge of ".hk". I had the pleasure to catch up with him in Paris ICANN meeting. Before Jonathan, let me talk about something related that happened in Paris. At the Cross Constituency Meeting, there was a presentation by the Anti-Phishing Working Group (APWG). In summary, they were proposing working with registries to take down domain names that are suspected to be involved in phishing. more
It's fascinating to watch the Internet technical community grapple with policy economics as they face the problems creating by the growing scarcity of IPv4 addresses. The Internet Governance Project (IGP) is analyzing the innovative policies that ARIN, RIPE and APNIC are considering as a response to the depletion of IPv4 addresses. more
Note: this is an update on my earlier story, which incorrectly said that the AP reported that Chairman Martin was seeking to impose "fines" on Comcast. In fact, the story used the word "punish" rather than "fine," and a headline writer at the New York Times added "penalty" to it "F.C.C. Chairman Favors Penalty on Comcast" (I won't quote the story because I'm a blogger and the AP is the AP, so click through.) Much of the initial reaction to the story was obviously colored by the headline. more
Gartner, the well known IT consulting company, has published a report on the new top level domains that will appear some time next year. The report totally misses the mark. In a pure US centric vision, it focuses on ".com" as the must-have TLD, totally overlooking the fact that a ".com" is mostly worthless e.g. in Germany, where ".de" is the TLD one must have to succeed locally... more
Tragedies frequently result in flurries of legal activity. Last years witnessed the Myspace tragedy in which a 13 year old girl committing suicide. Unfortunately stalking laws have been clumsy tools that are difficult if not impossible for law enforcement officials to wield. Where existing laws respond poorly to tragedies, the option behind Door Number One is to enact a new law, and the option behind Door Number Two is to argue for a reinterpretation of current law that would somehow miraculously shoehorn the tragedy into the law. Unlike game shows, legal contestants can pick both doors -- which is what happened in this case. more
Wow. It's out. It's finally, finally out... So there's a bug in DNS, the name-to-address mapping system at the core of most Internet services. DNS goes bad, every website goes bad, and every email goes...somewhere. Not where it was supposed to... I'm pretty proud of what we accomplished here. We got Windows. We got Cisco IOS. We got Nominum. We got BIND 9, and when we couldn't get BIND 8, we got Yahoo, the biggest BIND 8 deployment we knew of, to publicly commit to abandoning it entirely. It was a good day... more
Doing some research on the effects of the Great Depression in the 1930s, I started wondering what happened to advertising during that period. Although I haven't turned up any detailed studies, I took a look at the various archives of advertising that allow Internet access to their exhibits, and noted the general move to less expensive, more localized advertising, and fewer adverts for more expensive goods. It made me wonder what will happen to online advertising if the current credit crunch starts to drive a worldwide recession... more
While attending the International Telecommunications Society's 17th bi-annual conference I attended yet another network neutrality session. Economists predominated at this conference and their collective read on network neutrality emphasizes the need for ISPs to "extract value" from content providers primarily by converting zero cost peering with ISPs into specific payments from individual content sources. I have no problem with offers of non-neutral, "better than best efforts" routing options to content providers who voluntarily opt in, particularly if the offer is made transparently and anyone can opt in. What troubles me is the impact of opt-in on content providers that opt out... more
More than 40 years ago, the FCC was worried about telephone companies using their power over communications to control the then-nascent (and competitive) data processing marketplace. The Bell System at that point was already banned from providing services that weren't common carriage communications services (or "incidental to" those communications services)... In a 1999 article in the Texas Law Review, Steve Bickerstaff pointed out that Computer 1 meant that no one could provide a "computer utility" service... Today, we'd call the "computer utility" something different -- we'd use the term "cloud computing." more
I've watched coverage of Microsoft's bid for Yahoo! and the related maneuvering between Google and Yahoo!. The explanations are not very convincing. Microsoft doesn't need Yahoo's search technology or their morale-impacted work force. Yahoo's search market share continues to decline and there's little of strategic relevance in the rest of their business. What's the attraction? more
Lost amid the furor about ICANN's rule change that may (or may not) lead to a flood of TLDs is the uncomfortable fact that almost without exception, the new TLDs created since 2000 have been utter failures. Other than perhaps .cat and .mobi, they've missed their estimates of the number of registrations by orders of magnitude, and they haven't gotten mindshare in the target community. So what went wrong? more
The recent decision by ICANN to start a new round of applications for new generic Top-Level Domains (gTLDs) is launching a round of questions on the IETF side about its consequences. One possible issue may be with vanity gTLDs like apple, ebay etc. Some expect that every Fortune 1,000,000 company will apply for its own TLD. My guess is rather the Fortune 1,000 for a start, but this does not change the nature of the issue, i.e. those companies may want to use email addresses like user@tld. more
Sponsored byVerisign
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byCSC
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byDNIB.com