This month I thought I could feel smug, deploying Postfix, with greylisting (Postgrey), and the Spamhaus block list (SBL-XBL) has reduced the volume of unsolicited bulk commercial email one of our servers was delivering to our clients by 98.99%. Alas greylisting is a flawed remedy, it merely requires the spambots to act more like email servers and it will fail, and eventually they will... more
My weekly Law Bytes column (freely available hyperlinked version, Toronto Star version) focuses on the recent Canadian parliamentary discussion on domain name disputes. As discussed about ten days ago, the impetus for governmental interest in domain name disputes and Internet governance is the registration of several domain names bearing the names of sitting Members of Parliament by the Defend Marriage Coalition, an opponent of same-sex marriage legislation. The resulting websites, which include donboudria.ca and davidmcguinty.ca, include MP contact information, photos, and advocacy materials. more
There soon will be a central place for Web surfers to dwell in a forbidden cyber land of adult fantasies, sex, dark rituals and total taboos. Finally, ICANN has given in to the pressure and has tossed a big rock across the turbulent e-commerce ocean. It has approved a new suffix, .xxx, for adult-only porn sites, creating ripples and debates in ever so confusing global cyber branding times when cyber global domain name challenges are being fought in the complex earthly trademark realities. Three things are bound to happen... more
For a book project I decided to extend my interview with Milton Mueller from November 2003 (Part I | Part II). Exclusively for CircleID readers, here's part III that deals with WSIS, WGIG, US-American bias and the Internet Governance Project. "...One good result of the WGIG process is that the involved international community has already moved beyond those cliches. No one is proposing that the UN control the Internet. There is growing consensus that control of the DNS root needs to be internationalized..." more
Yesterday the ICANN board discussed and approved ICANN staff to enter into negotiations with ICM Registry, Inc. for the .XXX Top Level Domain (TLD). I'm sure there will be a longer more complete presentation from ICANN later about this, but as an individual board member I thought I'd post a quick note before people got carried away with speculation based on a lack of information. more
The Board of Directors of the Internet Corporation for Assigned Names and Numbers (ICANN) has determined that the proposal for a new top level domain submitted by ICM Registry, Inc. has met the criteria established by ICANN. Accordingly, ICM Registry will now move forward into technical and commercial contractual negotiations with ICANN to generate a voluntary .xxx top-level domain (TLD). more
The World Intellectual Property Organization (WIPO) has recommended the introduction of a uniform intellectual property (IP) protection mechanism designed to further curb unauthorized registration of domain names in all new generic Top-Level Domains (gTLDs). The report, "New Generic Top-Level Domains: Intellectual Property Considerations", which is available at WIPO Arbitration and Mediation Center, says that such a preventive mechanism would complement the curative relief provided by the existing Uniform Domain Name Dispute Resolution Policy (UDRP). more
I've mentioned before that there is something special about the .net top level domain - in particular .net is the place where the legacy root DNS servers and most of the TLD servers are to be found. Thus, if .net were to wobble there is more than a strong chance that the DNS root and other TLDs would also begin to wobble. This kind of cross-dependency is something that A) is a risk to overall internet stability and B) is something that ICANN seems utterly unable to perceive. more
After Two Security Assessments I Must Be Secure, Right? Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. When the final report came in, your company was given a clean bill of health. At first, you felt relieved, and confident in your security measures. Shortly thereafter, your relief turned to concern. ...Given you're skepticism, you decide to get one more opinion. ...And the results were less than pleasing. more
At the December 2004 ICANN meeting in Cape Town, Vint Cerf said this to the Public Forum: "I want to go on record as saying... that I am no longer sure that I have a strong understanding of why I would be motivated to create a new TLD..." Dr. Cerf posed a question that has yet to be answered or even discussed by the DNS stakeholder community. While the technical and business cases for the introduction of new TLDs have been successfully made, what is the philosophical case for adding new TLDs? What semantics are encoded in TLDs, and how could those semantics be expanded in a consistent way? more
I went to Domain Roundtable with some reservations. I was excited about meeting other domain portfolio holders, but I wasn't sure what to expect from the ICANN and Verisign people there, the corporate intellectual property people, and the corporate attorneys. I was pleasantly surprised by everyone I met. more
My OECD paper on spam problems in developing economies is now linked from the OECD Anti-Spam Toolkit page, as part of section 8 of the Anti-Spam Toolkit (Outreach). This ZDNet article provides a reasonably good summary of my paper as well. I welcome comments and suggestions from CircleID readers. "Spam is a much more serious issue in developing countries as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere..." more
I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure... more
The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..." more
Industry Canada, the part of the Canadian government roughly equivalent to the U.S. Commerce Department, has had a task force on spam working for the past year or so. I was invited to participate as an unofficial member, since I'm not a Canadian. Yesterday, it wrapped up its work and published its report (aussi disponsible en francais) to the government. It's quite good, and has a set of 22 recommendations. more
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byRadix
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byDNIB.com
Sponsored byVerisign