At ICANN San Juan, I found out from Tina Dam, ICANN's IDN Program Director, that she was putting together a live IDN TLD test bed plan which includes translations of the string .test into eleven written languages (Arabic, Chinese-simplified, Chinese-traditional, Greek, Hindi, Japanese, Korean, Persian, Russian, Tamil and Yiddish) and ten scripts (Arabic, Cyrillic, Devanagari, Greek, Han, Hangul, Hebrew, Hiragana, Katakana, Tamil)... Two days ago, ICANN provided an update on this project... more
The Globe and Mail published an embarrassing feature story on the weekend focusing on terror groups' use of the Internet and a "Canadian connection." A story on terror group use of the Internet would have made for an interesting (albeit unoriginal) story, so it appears that the Globe tried to generate greater interest in the story by adding a Canadian connection. The article begins with "Welcome to Yarmouth, Nova Scotia - pivotal battleground in the global jihad."... more
"The Internet's impact on cities grows daily as it electronically enables the meeting, movement, and exchange of people, ideas, products, and cultures at a range and frequency never before possible, creating what Marshall McLuhan called the 'global village'." So begins a paper in which Dr. Michael Gurstein and I present a short review of the history of TLDs and the negative effects their omission from the Internet's naming schema is having on cities. We then identify 12 areas where city-TLDs will benefit Global Cities if planned and developed in the public interest. more
The report of the Whois Working Group was published today. The Working Group could not achieve agreement on how to reconcile privacy and data protection rights with the interests of intellectual property holders and law enforcement agencies. So the Working Group Chair redefined the meaning of "agreement." See the full story at the Internet Governance Project site. more
Companies sometimes find that opportunistic purchasers of domain names (often referred to as "domainers"), will purchase a domain name quite similar to that of the company, and establish a site at the URL loaded with revenue-generating sponsored ads. To accomplish these purposes, domainers seem to prefer the services of companies like HitFarm and Domain Sponsor. A web user types in the confusingly similar URL and is bombarded with pop-up ads and sponsored links to goods and services, often competitive to the company whose name or trademark is being appropriated in the URL... more
Sender Policy Framework (SPF) stops novice spammers but not the professionals, says Spammer-X, a retired spammer who has gone into a lot of the details in his book, "Inside the Spam Cartel". The best way to beat SPF is to join it... First, Joe Spammer rents a dedicated spam host in a spammer-friendly location, like China. Next, he registers 100 domain names, and each domain is registered under a fake name and address. Next, DNS entries for each of the hosts are set up, including a valid pointer record (PTR), an MX record and reverse DNS entries for each domain... more
Skype's official explanation. Phil Wolff has a good set of interpolated comments on the official explanation. There are two things to add... As the Register points out, last Tuesday was Microsoft's monthly patch day and those patches required a re-boot. If we believe Skype that their problem started with excessive login attempts, this is the only plausible explanation on the table... more
If there were a lifetime achievement award for losing lawsuits for being annoying, Sanford Wallace would be a shoo-in. Fifteen years ago, his junk faxing was a major impetus for the TCPA, the law outlawing junk faxes. Later in the 1990s, his Cyber Promotions set important legal precedents about spam in cases where he lost to Compuserve and AOL. Two years ago, he lost a suit to FTC who sued his Smartbot.net for stuffing spyware onto people's computers. And now, lest anyone think that he's run out of bad ideas, he's back, on the receiving end of a lawsuit from MySpace... more
Yesterday's post explained how peer-to-peer (P2P) applications use the processing power, bandwidth, and storage capacity of participants in a service rather than centralized resources. This makes such applications generally less subject to catastrophic failure, much less subject to running out of resources (since each new user brings new capacity as well as new demand), and much cheaper FOR THE PROVIDER of the application in terms of hardware and bandwidth required. It's the FOR THE PROVIDER part that's the rub. Let's consider the case of BBC's iPlayer service... more
The wrangling around the Communications Assistance to Law Enforcement Act (CALEA) is one of those issues that creeps inexorably forward and is hard to follow unless you're really focusing. So here is a quick, if longish, overview: CALEA is a 1994 statute that requires telephone companies to design their services so that they are easily tappable by law enforcement in need of "call-identifying information." Back in August 2005, following a request from the Dept. of Justice, the Commission moved swiftly to impose CALEA obligations on providers of broadband access services and "interconnected VoIP" services... more
Depending on whom you ask, peer-to-peer (P2P) services may be the best thing that ever happened to the Internet or a diabolical arbitrage scheme which will ruin all ISPs and bring an end to the Internet as we think we know it. Some famous P2P services include ICQ, Skype, Napster, and BitTorrent. Currently a new P2P service called iPlayer from BBC is causing some consternation and eliciting some threatening growls from British ISPs... more
I was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said "I don't think we need DNSSEC". Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let's take them one at a time... more
ICANN has announced that it is seeking input and feedback on the topic of domain tasting. (See their announcement for full details) Interestingly enough Michael Gilmour published an article a couple of days ago covering the same topic - "Why domain tasting is great!", which will probably raise a few hackles! One point that in particular caught my eye... more
DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more
This is an issue of some concern and should be watched carefully: phishers are now trying to get passwords of domain registrants (domain owners). Currently, correspondents inform me that GoDaddy is the target, but there's no reason to think the phishers won't expand to other registrars. Normally, phishers go after bank accounts or other financial information, or sometimes the online accounts of users so that they may send spam. It's not known precisely why phishers are after domain registration information, but the possibilities are chilling... more
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byCSC
Sponsored byVerisign