Featured Blogs

Latest

How Spammers Get Around SPF

Sender Policy Framework (SPF) stops novice spammers but not the professionals, says Spammer-X, a retired spammer who has gone into a lot of the details in his book, "Inside the Spam Cartel". The best way to beat SPF is to join it... First, Joe Spammer rents a dedicated spam host in a spammer-friendly location, like China. Next, he registers 100 domain names, and each domain is registered under a fake name and address. Next, DNS entries for each of the hosts are set up, including a valid pointer record (PTR), an MX record and reverse DNS entries for each domain... more

Understanding the Skype Outage

Skype's official explanation. Phil Wolff has a good set of interpolated comments on the official explanation. There are two things to add... As the Register points out, last Tuesday was Microsoft's monthly patch day and those patches required a re-boot. If we believe Skype that their problem started with excessive login attempts, this is the only plausible explanation on the table... more

Spamford Wallace Gets Sued Yet Again

If there were a lifetime achievement award for losing lawsuits for being annoying, Sanford Wallace would be a shoo-in. Fifteen years ago, his junk faxing was a major impetus for the TCPA, the law outlawing junk faxes. Later in the 1990s, his Cyber Promotions set important legal precedents about spam in cases where he lost to Compuserve and AOL. Two years ago, he lost a suit to FTC who sued his Smartbot.net for stuffing spyware onto people's computers. And now, lest anyone think that he's run out of bad ideas, he's back, on the receiving end of a lawsuit from MySpace... more

P2P: Boon, Boondoggle, or Bandwidth Hog? (The Dark Side)

Yesterday's post explained how peer-to-peer (P2P) applications use the processing power, bandwidth, and storage capacity of participants in a service rather than centralized resources. This makes such applications generally less subject to catastrophic failure, much less subject to running out of resources (since each new user brings new capacity as well as new demand), and much cheaper FOR THE PROVIDER of the application in terms of hardware and bandwidth required. It's the FOR THE PROVIDER part that's the rub. Let's consider the case of BBC's iPlayer service... more

CALEA Roundup: 2005-2007

The wrangling around the Communications Assistance to Law Enforcement Act (CALEA) is one of those issues that creeps inexorably forward and is hard to follow unless you're really focusing. So here is a quick, if longish, overview: CALEA is a 1994 statute that requires telephone companies to design their services so that they are easily tappable by law enforcement in need of "call-identifying information." Back in August 2005, following a request from the Dept. of Justice, the Commission moved swiftly to impose CALEA obligations on providers of broadband access services and "interconnected VoIP" services... more

P2P: Boon, Boondoggle, or Bandwidth Hog?

Depending on whom you ask, peer-to-peer (P2P) services may be the best thing that ever happened to the Internet or a diabolical arbitrage scheme which will ruin all ISPs and bring an end to the Internet as we think we know it. Some famous P2P services include ICQ, Skype, Napster, and BitTorrent. Currently a new P2P service called iPlayer from BBC is causing some consternation and eliciting some threatening growls from British ISPs... more

The Case Against DNSSEC

I was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said "I don't think we need DNSSEC". Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let's take them one at a time... more

ICANN Investigating Domain Tasting

ICANN has announced that it is seeking input and feedback on the topic of domain tasting. (See their announcement for full details) Interestingly enough Michael Gilmour published an article a couple of days ago covering the same topic - "Why domain tasting is great!", which will probably raise a few hackles! One point that in particular caught my eye... more

Defending Networks Against DNS Rebinding Attacks

DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more

Phishers Now Targeting Domain Registrars

This is an issue of some concern and should be watched carefully: phishers are now trying to get passwords of domain registrants (domain owners). Currently, correspondents inform me that GoDaddy is the target, but there's no reason to think the phishers won't expand to other registrars. Normally, phishers go after bank accounts or other financial information, or sometimes the online accounts of users so that they may send spam. It's not known precisely why phishers are after domain registration information, but the possibilities are chilling... more

Prediction: Google WILL Bid for 700MHz Spectrum and WILL Win

There is an excellent business case for Google bidding megabucks in the upcoming 700MHz auction and investing even more to get a network up and running. I think Google is well aware of the value to them if they win and the harm they'd suffer if the duopoly wins instead. Google can make big bucks with a nationwide third network AND make things better for all Internet users AND improve the United States' pathetic competitive position in the contest for broadband access. Hope this post doesn't end up post-tagged "wishful thinking"... more

Greater Transparency in Domain Name Pricing

Tucows issued a press release today wherein they announced lower domain name pricing and enhanced services. The bigger change, which might set a trend for other registrars, is the greater transparency of the registry and ICANN fees relative to the fees charged by Tucows... If all registrars were to quote domain name prices in this manner (I had called it "Asterisk Prices" when I had suggested the idea to various registrars last December, for lack of a better term), it would shift the blame to ICANN and the monopoly registry operators (e.g. VeriSign) every time they raised their fees. more

CAN-SPAM Defendant Awarded $111k in Fees/Costs: Gordon v. Virtumundo

I believe this ruling represents the first time that a CAN-SPAM plaintiff has been ordered to pay attorneys' fees and costs to a defendant. As a result, it's a leading example that courts can and do grow tired of bogus anti-marketing lawsuits, and perhaps it will serve as an expensive warning to CAN-SPAM plaintiffs to ensure the merits of their lawsuit. Gordon is an uber anti-spam plaintiff, leading countless CAN-SPAM lawsuits. As the court describes, Gordon runs a "spam business"--basically, a for-profit plaintiff litigation shop to go after spammers (the court also calls it a "litigation factory")... more

Bringing a New Top-Level Domain to Life

One of the key elements in any domain space is usage. It doesn't matter how potentially "cool" or "interesting" a Top-Level Domain (TLD) is if nobody is actually using it to provide content. It may be overused and totally abused, but "content is king"! The guys in dotMobi posted yesterday about some of the more interesting domains that they had come across recently. What did that lead to? Well I actually got out my phone and browsed the sites to see what all the fuss was about and I was truly impressed. more

Social Operating System: Connecting Domains and Social Media

Wired Magazine (Aug 2007 print issue, page 50) defines "social operating system" as a platform for online living; a social network such as MySpace that seamlessly integrates activities including entertainment and shopping. But Jon Udell points out that MySpace is not Your Space. He envisions a future in which each child would receive his or her own chunk of managed storage at birth.. Of course, we'd want the ability for Bob's Space to connect with Jane's Space - suppose they are siblings starring in the same family vacation video, or co-authors of a research report? more

Topics

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days