I was reading about the Nieman Marcus lawsuit and on a phone call related to the "Working Group on Mechanisms to Protect Rights of Others", when suddenly it occurred to me that this whole rush to rid the world of typos could eventually head in a messy direction... How far can this go? Let me take you back to that phone call I was on where representatives of Yahoo indicated they would try to secure Flicker.XXX as a TYPO of Flickr.com (their made up brand name) during a potential new TLD sunrise period. How backward is that? A Typo that became a brand, trying to call the generic name a variant of their trademark! more
The Internet Commerce Association sent this letter to ICANN yesterday in regard to the RegisterFly situation: "I am writing to you in my capacity as Counsel to the Internet Commerce Association (ICA), a non-profit trade association dedicated to promoting and protecting the rights of domain name (DN) owners... It has come to our attention that an ICANN-accredited registrar is in the midst of what appears to be a near-complete operational breakdown, and that its ongoing failure to carry out its responsibilities is causing substantial economic loss to tens of thousands of DN registrants in both the United States and multiple foreign jurisdictions." more
Seems that DNSSEC is being subjected to what an old boss of mine used to call the "fatal flaw seeking missiles" which try to explain the technical reasons that DNSSEC is not being implemented. First it was zone walking, then the complexity of Proof of Non-Existence (PNE), next week ... one shudders to think. While there is still some modest technical work outstanding on DNSSEC, NSEC3 and the mechanics of key rollover being examples, that work, of itself, does not explain the stunning lack of implementation or aggressive planning being undertaken within the DNS community. more
We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more
There is a definite advantage to knowing what users look for when typing in domain names that they think should work. This article from Government Computer News shows an excellent example in .gov. "600,000 visitors a year to FirstGov try to find the federal government's Web site by typing USA.gov into their browser", so they switched from firstgov.gov to usa.gov. It wasn't mentioned in the article, but firstgov.gov redirects automatically; this is more intelligence than I normally expect from US government web sites. more
Are file inclusion vulnerabilitiess equivalent to remote code execution? Are servers (both Linux and Windows) now the lower hanging fruit rather than desktop systems? In the February edition of the Virus Bulletin magazine, we (Kfir Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security) wrote an article on cross platform web server malware and their massive use as botnets, spam bots and generally as attack platforms. Web security papers deal mostly with secure coding and application security. In this paper we describe how these are taken to the next level with live attacks and operational problems service providers deal with daily. more
What economic and social factors are shaping our future needs and expectations for communications systems? This question was the theme of a joint National Science Foundation (NSF) and Organisation for Economic Co Operation and Development (OECD) workshop, held on the 31st January of this year. The approach taken for this workshop was to assemble a group of technologists, economists, industry, regulatory and political actors and ask each of them to consider a small set of specific questions related to a future Internet. Thankfully, this exercise was not just another search for the next "Killer App", nor a design exercise for IP version 7. It was a valuable opportunity to pause and reflect on some of the sins of omission in today's Internet and ask why, and reflect on some of the unintended consequences of the Internet and ask if they were truly unavoidable consequences... more
As folks will recall, there was a big debate about tiered/differential pricing in the .biz/info/org contracts. Eventually those contracts were amended to prevent that. However, if folks read the .XXX proposed contractv [PDF], Appendix S, Part 2, under "delegated authority" (page 66 of the PDF), appears to give the Registry Operator total control to make policy regarding pricing. Thus, it would appear they are in a position to re-price domains that later become successful... more
David Pecker is the chairman of American Media, Inc., publisher of, among others, National Enquirer and Weekly World News. 'Mr. Ferris' registered the domain name DAVIDPECKER.COM, had a PPC company host it, where it was keyed to ads for porn, because, according to the registrant, the word PECKER was in the domain name. Mr. Pecker brought a UDRP. Although 'Mr. Ferris' (as he is identified in the decision) did not seem (to me) that he could establish a bona fide intent to use the name in conenction with an offering of goods or services, and altohugh there seemed to be plausible evidence of bad faith, the UDRP was denied... more
Recently, I wrote about the Spamhaus Policy Block List (PBL), suggesting senders encourage their network/connectivity service providers (whomever they lease or purchase IP addresses from) to list their illegitimate email-sending IPs as a step towards improving the overall email stream on the internet. The initial PBL was seeded with listings from the Dynablock NJABL ("Not Just Another Bogus List"), which at the time of the cut-over was at more than 1.9 million entries... more
While I was in LA last week John sent me details of the Communications Regulation (Amendment) Bill 2007. While there are some potentially positive aspects in the Bill some of the Bill's contents are, for lack of better word, simply crazy... more
It's tax time again. If you are like most domainers, you are a little hesitant about filing your tax return. This is not just because you dread paying Uncle Sam like most taxpayers. It may be because you are unsure of whether you are reporting your domain purchases and sales correctly. Despite the growth of domaining, it is still a relatively young and small industry that has not yet gained the attention of the IRS... more
I've been looking into IP address filtering by content providers. I understand that IP addresses can be attached with confidence to geographical locations (at the country level, at least) about 80% of the time. You have to make up the rest with heuristics. So there are companies that are in the business of packaging those geolocation heuristics for sites. ...How widely are these services used? ...does it now make sense to put content sites to the burden of complying with the laws applicable to the people/machines they know are visiting them? more
In my day job I run one of the largest registrars / resellers of IE domains (the IE ccTLD is the domain name for Ireland). In the course of doing that I have spent quite a lot of time becoming accustomed to the rules and regulations that govern both the naming and general registration criteria of IE domains. In some cases I can understand why rules are the way they are, whereas in others I am completely baffled... more
In a non-operational NANOG discussion about Google bandwidth uses, several statements were made. It all started from the following post by Mark Boolootian: "Cringley has a theory and it involves Google, video, and oversubscribed backbones..." The following comment has to be one of the most important comments in the entire article and its a bit disturbing... more
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byVerisign