Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
This is the first in a series of releases that tie extensive code injection campaigns directly to policy failures within the Internet architecture. In this report we detail a PHP injection found on dozens of university and non-profit websites which redirected visitor's browsers to illicit pharmacies controlled by the VIPMEDS/Rx-Partners affiliate network. This is not a unique problem, however the pharmacy shop sites in question: HEALTHCUBE[DOT]US and GETPILLS[DOT]US should not even exist under the .US Nexus Policy. more
If you work in computer security, your Twitter feed and/or Inbox has just exploded with stories about not just one but two new holes in cryptographic protcols. One affects WiFi; the other affects RSA key pair generation by certain chips. How serious are these? I'm not going to go through the technical details. For KRACK, Matthew Green did an excellent blog post; for the other, full details are not yet available. There are also good articles on each of them. What's more interesting are the implications. more
Last week at the ICANN meeting in Nairobi, a plan was announced by ICANN staff to create a "CERT" for DNS. That's a Community Emergency Response Team (CERT) for the global Domain Name System (DNS). There are all kinds of CERTs in the world today, both inside and outside the Internet industry. There isn't one for DNS, and that's basically my fault, and so I have been following the developments in Nairobi this week very closely. more
In a non-operational NANOG discussion about Google bandwidth uses, several statements were made. It all started from the following post by Mark Boolootian: "Cringley has a theory and it involves Google, video, and oversubscribed backbones..." The following comment has to be one of the most important comments in the entire article and its a bit disturbing... more
At the Internet Governance Forum (IGF) 2024 in Riyadh, the Internet Standards, Security and Safety Coalition (IS3C) released a new tool: 'To deploy or not to deploy, that's the question. How to convince your boss to deploy DNSSEC and RPKI'. In this report, IS3C advocates mass deployment of these two newer generation, security-related internet standards, as their deployment contributes significantly to the safety and security of all internet users. more
It's safe to say that with just a week to go before ICANN intended to sign the first contract for a new gTLD, the last thing anyone wanted was a 12-page document from the world's governments with 16 new "safeguards", six of which it wants to see applied to every new extension. But what the industry shouldn't overlook, especially in the face of the expected critical responses this week and next, is that the Governmental Advisory Committee's (GAC's) formal advice from the ICANN Beijing meeting represents an opportunity for the domain name industry to lock-in self-regulation at a critical point in its evolution. more
The United States Patent and Trademark Office (USPTO) has recently circulated proposed examination guidelines to allow the USPTO to begin providing Trademark Protection for Top Level Domains (TLDs). This is an important new development. TLDs today are currently ineligible for Trademark protection on the basis that they do not constitute a source-identifying mark. The USPTO is currently in the process of rectifying this situation by extending Trademark protection to Registry Service providers and has released its proposed examination procedures for that purpose. However, there are some very concerning elements to their proposed examination guidelines. more
The dream of a faster, safer, more affordable Internet in the Caribbean sometimes seems elusive. One group of Internet pioneers is taking steps to make it a reality. The Caribbean Peering and Interconnection Forum, or simply CarPIF, is an annual event that brings together the people responsible for delivering Internet services to the region, including internet service providers, internet exchange point operators, content delivery networks, data centre managers and other computer network professionals. more
A recent paper called "Worm Propagation Strategies in an IPv6 Internet", written by Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick, examines whether or not the deployment of IPv6 will in fact provide a substantial level of barrier against worms. Shared below are the introductory paragraphs from this paper. "In recent years, the internet has been plagued by a number of worms. One popular mechanism that worms use to detect vulnerable targets is random IP address-space probing..." more
As an applicant in this new gTLD round with quite a few overlapping strings, I've had a keen interest in the various proposed auction platforms. In the past six months the ideas behind private auction have matured significantly and I now see it as a strong mechanism for resolving contention. Following are my observations. more
It is time to revisit the old question regarding whether or not a domain name is actually 'property' and what this means to domain name registrants, registrations, ISPs and ICANN itself. What type of rights does a domain name confer? What responsibilities will the act of registering domain names suddenly bestow? more
The best engineers on the planet are coming to the same conclusion: a hybrid 4G/WiFi/landline network is the way to meet mobile demand. Folks like John Donovan of AT&T and Masayoshi Son of Softbank in Japan had this vision around 2007-2008. As the iPhone/iPad/Android made the coming demand clear, networks planners around the world evolved similar strategies. more
Today, in response to "It’s The Internet Stupid", Richard Bennett highlights (on the IP List) something I've noticed even among other advocates of 'Net Neutrality' (and how I've come to detest the term after its widespread and misguided overuse). Legislating against the concepts of Deep Packet Inspection (DPI) or other preferential treatment of packets is not the brightest thing to do. I've seen others draw analogies to gun control using the 'guns don't kill people' argument... more
For complainant, the second leg in determining cybersquatting under the Uniform Domain Name Dispute Resolution Policy (UDRP) is evidence respondent lacks both rights and legitimate interests in the challenged domain name (Paragraph 4(a)(ii)). I underscore "both" because proving one but not the other is not good enough. This seems obvious, so why suggest there is something to explore about "rights" and "legitimate interests" if their meanings hardly need explication? more
I have no idea who wrote that wonderful piece, Time for Reformation of the Internet, posted by Susan Crawford. (It wasn't me - I never use the word "netizen".) Elliot Noss of Tucows wrote a partial rebuttal, I must be attending the wrong ICANN meetings. Elliot's company, Tucows, has been a leader in registrar innovation and competition. And Tucows has constantly been among the most imaginative, progressive, responsible, and socially engaged companies engaged in these debates. ...But the points made by Time for Reformation of the Internet go far beyond registries and registrars. more
Sponsored byWhoisXML API
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byVerisign
A World-Renowned Source for Internet Developments. Serving Since 2002.