Featured Blogs

Latest

When is a Typo Not a Typo?

I was reading about the Nieman Marcus lawsuit and on a phone call related to the "Working Group on Mechanisms to Protect Rights of Others", when suddenly it occurred to me that this whole rush to rid the world of typos could eventually head in a messy direction... How far can this go? Let me take you back to that phone call I was on where representatives of Yahoo indicated they would try to secure Flicker.XXX as a TYPO of Flickr.com (their made up brand name) during a potential new TLD sunrise period. How backward is that? A Typo that became a brand, trying to call the generic name a variant of their trademark! more

ICA Questions ICANN on RegisterFly

The Internet Commerce Association sent this letter to ICANN yesterday in regard to the RegisterFly situation: "I am writing to you in my capacity as Counsel to the Internet Commerce Association (ICA), a non-profit trade association dedicated to promoting and protecting the rights of domain name (DN) owners... It has come to our attention that an ICANN-accredited registrar is in the midst of what appears to be a near-complete operational breakdown, and that its ongoing failure to carry out its responsibilities is causing substantial economic loss to tens of thousands of DN registrants in both the United States and multiple foreign jurisdictions." more

Commercial DNSSEC?

Seems that DNSSEC is being subjected to what an old boss of mine used to call the "fatal flaw seeking missiles" which try to explain the technical reasons that DNSSEC is not being implemented. First it was zone walking, then the complexity of Proof of Non-Existence (PNE), next week ... one shudders to think. While there is still some modest technical work outstanding on DNSSEC, NSEC3 and the mechanics of key rollover being examples, that work, of itself, does not explain the stunning lack of implementation or aggressive planning being undertaken within the DNS community. more

How Many Bots? How Many Botnets?

We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more

Picking Domain Names by Search Results

There is a definite advantage to knowing what users look for when typing in domain names that they think should work. This article from Government Computer News shows an excellent example in .gov. "600,000 visitors a year to FirstGov try to find the federal government's Web site by typing USA.gov into their browser", so they switched from firstgov.gov to usa.gov. It wasn't mentioned in the article, but firstgov.gov redirects automatically; this is more intelligence than I normally expect from US government web sites. more

Web Server Botnets and Server Farms as Attack Platforms

Are file inclusion vulnerabilitiess equivalent to remote code execution? Are servers (both Linux and Windows) now the lower hanging fruit rather than desktop systems? In the February edition of the Virus Bulletin magazine, we (Kfir Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security) wrote an article on cross platform web server malware and their massive use as botnets, spam bots and generally as attack platforms. Web security papers deal mostly with secure coding and application security. In this paper we describe how these are taken to the next level with live attacks and operational problems service providers deal with daily. more

Addressing the Future Internet

What economic and social factors are shaping our future needs and expectations for communications systems? This question was the theme of a joint National Science Foundation (NSF) and Organisation for Economic Co Operation and Development (OECD) workshop, held on the 31st January of this year. The approach taken for this workshop was to assemble a group of technologists, economists, industry, regulatory and political actors and ask each of them to consider a small set of specific questions related to a future Internet. Thankfully, this exercise was not just another search for the next "Killer App", nor a design exercise for IP version 7. It was a valuable opportunity to pause and reflect on some of the sins of omission in today's Internet and ask why, and reflect on some of the unintended consequences of the Internet and ask if they were truly unavoidable consequences... more

Dot-XXX and Tiered/Differential Pricing: Permitted?

As folks will recall, there was a big debate about tiered/differential pricing in the .biz/info/org contracts. Eventually those contracts were amended to prevent that. However, if folks read the .XXX proposed contractv [PDF], Appendix S, Part 2, under "delegated authority" (page 66 of the PDF), appears to give the Registry Operator total control to make policy regarding pricing. Thus, it would appear they are in a position to re-price domains that later become successful... more

Protection of Personal Names in Domain Names

David Pecker is the chairman of American Media, Inc., publisher of, among others, National Enquirer and Weekly World News. 'Mr. Ferris' registered the domain name DAVIDPECKER.COM, had a PPC company host it, where it was keyed to ads for porn, because, according to the registrant, the word PECKER was in the domain name. Mr. Pecker brought a UDRP. Although 'Mr. Ferris' (as he is identified in the decision) did not seem (to me) that he could establish a bona fide intent to use the name in conenction with an offering of goods or services, and altohugh there seemed to be plausible evidence of bad faith, the UDRP was denied... more

Spamhaus Policy Block List Update

Recently, I wrote about the Spamhaus Policy Block List (PBL), suggesting senders encourage their network/connectivity service providers (whomever they lease or purchase IP addresses from) to list their illegitimate email-sending IPs as a step towards improving the overall email stream on the internet. The initial PBL was seeded with listings from the Dynablock NJABL ("Not Just Another Bogus List"), which at the time of the cut-over was at more than 1.9 million entries... more

Irish Government To Kill IE ccTLD?

While I was in LA last week John sent me details of the Communications Regulation (Amendment) Bill 2007. While there are some potentially positive aspects in the Bill some of the Bill's contents are, for lack of better word, simply crazy... more

Will You Need a Domain Tax Guide?

It's tax time again. If you are like most domainers, you are a little hesitant about filing your tax return. This is not just because you dread paying Uncle Sam like most taxpayers. It may be because you are unsure of whether you are reporting your domain purchases and sales correctly. Despite the growth of domaining, it is still a relatively young and small industry that has not yet gained the attention of the IRS... more

IP Address Intelligence Burdening Content Providers with Regional Laws?

I've been looking into IP address filtering by content providers. I understand that IP addresses can be attached with confidence to geographical locations (at the country level, at least) about 80% of the time. You have to make up the rest with heuristics. So there are companies that are in the business of packaging those geolocation heuristics for sites. ...How widely are these services used? ...does it now make sense to put content sites to the burden of complying with the laws applicable to the people/machines they know are visiting them? more

IE Namespace: We Need Personal Domains!

In my day job I run one of the largest registrars / resellers of IE domains (the IE ccTLD is the domain name for Ireland). In the course of doing that I have spent quite a lot of time becoming accustomed to the rules and regulations that govern both the naming and general registration criteria of IE domains. In some cases I can understand why rules are the way they are, whereas in others I am completely baffled... more

Google, Service Providers and the Future of P2P

In a non-operational NANOG discussion about Google bandwidth uses, several statements were made. It all started from the following post by Mark Boolootian: "Cringley has a theory and it involves Google, video, and oversubscribed backbones..." The following comment has to be one of the most important comments in the entire article and its a bit disturbing... more

Topics

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days