Today we received one of the first phish attempts to be made as a web spam (comment spam/blog spam) attempt. I wasn't convinced, and thought that perhaps it was a way to gather and verify RELEVANT online identities. Someone put me straight. It's phishing. I've often in the past had run-ins with the good folks in the anti virus realm back between 1996 and 2005 who thought Trojan horses and then spyware were not part of their business. Years later the AV business people ruled it is part of their business and ran to catch up. Same with botnets. more
If a UDRP panelist believes domainers are the same thing as cybersquatters, is he fit to arbitrate? I came across an editorial on CNET today by Doug Isenberg, an attorney in Atlanta and founder of GigaLaw.com, and a domain name panelist for the World Intellectual Property Organization. The guest editorial focuses on Whois privacy and why it's imperative to maintain open access to registrant data for intellectual property and legal purposes. That's a common opinion I've read a million times. Nothing groundbreaking there. But then I was shocked to read that Isenberg generalizes domainers as cybersquatters: "Today, cybersquatters have rebranded themselves as 'domainers.' Popular blogs and news sites track their activities..." more
If a court won't let you use your own name, you might feel like you're a mere ghost of your former self. That happened to Ed Kalis of Broward County, Florida. In a recent case, Florida's court of appeal considered whether a trial court's order against Kalis, enjoining him from using his own last name in various means of advertising and in the URL for his company's website, was proper. The appellate court held that the injunction was overkill. more
Readers of my blog may recall that the Canadian Internet Registration Authority wrote a public letter earlier this year to ICANN that expressed concern over the current lack of accountability (note that I am on the CIRA board). The letter indicated that CIRA was withholding payment of any voluntary fees to ICANN until the accountability concerns were addressed. This week CIRA followed up with a second public letter to ICANN... more
The UK today is one of the main attack targets by phishing organized crime groups, globally. Phishing damages will amount to about two billions USD in 2006 worldwide -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages. In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users... more
Timothy D. Morgan's recent paper titled, "IPv6 Address Cookies", seeks to apply the fundamental shift in resource availability brought about by the vastly increased Internet address space in IPv6 to develop a novel, lower cost solution to mitigating spoofed attacks. "Spoofed denial of service attacks have plagued the Internet for a number of years, and show no signs of abating. Research into mitigation techniques has apparently not led to a financially viable solution, and new attacks have been discovered in the wild without being widely anticipated". The following provides an introduction to this paper. more
The Internet Governance Project is is urging Internet users everywhere, but especially those outside the United States, to respond to the NTIA Notice of Inquiry with the following statement: "The Internet's value is created by the participation and cooperation of people all over the world. The Internet is global, not national. Therefore no single Government should have a pre-eminent role in Internet governance. As the US reviews its contract with ICANN, it should work cooperatively with all stakeholders to complete the transition to a Domain Name System independent of US governmental control." more
The CFIT vs. VeriSign et. al. lawsuit had another day in court today. ...The key point coming out of a hearing today (Friday, June 09, 2006) in front of U.S. District Court Judge Ronald Whyte in San Jose, California is that the arguments made by CFIT against the .com deal between ICANN and VeriSign will continue. ...There was one moment of some drama. After lawyers for VeriSign and ICANN both argued that the 7 percent price increases without the need for justification would not be a violation of anti-trust law, Judge Whyte asked the lawyer for ICANN if it would be an anti-trust violation if VeriSign had been granted an annual 100 percent increase. The lawyer said, "no." Other lawyers for other matters sitting in the audience seemed to shift uneasily... more
News reports say that high profile Ryan Pitylak was fined $10 million by the Texas Attorney General. A few days ago, he paid a $1M settlement to Microsoft. Since it had been widely reported that he'd made between $3M and $4M during his spamming career, that seemed like a pretty good deal for him. As I commented to the San Antonio Express, this new fine is more in line with what he did, and at least relieves him of all his ill-gotten gains... more
So Domain Tasting, where registrants (who may also be registrars) taste names and keep only those that have economic value, is now the target of a federal cybersquatting lawsuit, brought about by lawyers for major brand name retailers Neiman Marcus and Bergdorf Goodman against major domain name registrar Dotster. This Dotster lawsuit involves allegations of cybersquatting by registrars who use the Create Grace Period, which is mandated by ICANN for global registries... more
This is serious. I'm not joking. You can look it up. Morgan Stanley brought a UDRP action involving the domain name 'mymorganstaleyplatinum.com' against a registrant identified as "Meow ("Respondent"), Baroness Penelope Cat of Nash DCB, Ashbed Barn, Boraston Track, Tenbury Wells, Worcestershire WR15 8LQ, GB." The decision summarizes the response... more
A paper by Viktor Mayer-Schoenberger and Malte Ziewitz was recently published at John F. Kennedy School of Government, Harvard University titled, "Jefferson Rebuffed: The United States and the Future of Internet Governance". The following excerpt provides an overview of the paper: "Over the last several years, many have called for an internationalization of Internet governance in general, and Internet naming and numbering in particular. The multi-year WSIS process that culminated in November 2005 was intended to create momentum in such direction. The United States has long resisted such internationalization, fearing in particular the growing influence of China and similar nations..." more
Today, the ITU launched a new survey asking member states, ccTLDs and other ITU member organizations to provide answers to a specialized questionnaire asking for their experiences on the use of IDNs. The ITU states that it is reaching out to ccTLDs to "collect information and experiences on Internationalized Domain Names under ccTLD (country code Top Level Domain) around the globe." One of the goals of this survey is to collate information on the "needs and practices" of each ccTLD that is surveyed -- so as to compile a report from the ITU that speaks to the implementation of IDNs around the world... more
I am often asked how to get a ccTLD by folks just coming in to the domain industry. There is RFC1591 as a start for reading material on the subject matter, and then there is ICP-1. I defer them to IANA, who defers to ICANN, who in turn defers to ISO and the ISO3166-1 list being the definitive list, and then you have to factor in some of the "reserved code elements" from their decoding table to normalize 3166 against the list of IANA Country Codes for ccTLD delegations like .EU. How does one get their ccTLD into the ISO list? The ISO in turn (likely due to the masses that contact them hoping to list their country) defer the criteria for what it is to be a 'country' for being on the 3166-1 list, and partially defer to the United Nations. more
Black Frog -- a new effort to continue the SO-CALLED Blue Security fight against spammers. A botnet, a crime, a stupid idea that I wish would have worked -- News items on Black Frog. Blue Frog by Blue Security was a good effort. Why? Because they wanted to "get spammers back". They withstood tremendous DDoS attacks and abuse reports, getting kicked from ISP after ISP. ...The road to hell is filled with good intentions. Theirs was golden, but they got to hell, quite literally, non-the-less. ...When Blue Security went down, some of us made a bet as to when two bored guys sitting and planning their millions in some café would show up, with Blue Security's business plan minus the DDoS factor. Well -- they just did. more
Sponsored byVerisign
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byRadix