This past week brought word that the first nine Latin / ASCII "new Generic Top Level Domains (newgTLDs)" were delegated by ICANN and are now found in the root of DNS. This means that the registries behind these newgTLDS can now start the process of making "second-level domains" (the ones we normally register) available in each of these TLDs. more
It's not particularly clear whether a marketing intern thought he was being clever or a fatigued pentester thought she was being cynical when the term "Purple Team Pentest" was first thrown around like spaghetti at the fridge door, but it appears we're now stuck with the term for better or worse. Just as the definition of penetration testing has broadened to the point that we commonly label a full-scope penetration of a target's systems with the prospect of lateral compromise and social engineering as a Red Team Pentest -- delivered by a "Red Team" entity operating from a sophisticated hacker's playbook. more
Not satisfied with seizing domain names, the Department of Homeland Security asked Mozilla to take down the MafiaaFire add-on for Firefox. Mozilla, through its legal counsel Harvey Anderson, refused. Mozilla deserves thanks and credit for a principled stand for its users' rights. more
The FCC recently published some tools to let consumers measure some internet characteristics. The context is the FCC's "National Broadband Plan". I guess the FCC wants to gather data about the kind of internet users receive today so that the National Broadband Plan, whatever it may turn out to be, actually improves on the status quo. The motivation is nice but the FCC's methodology is technically weak. more
The Canadian International Pharmacy Association (CIPA) recently commented on the Competition, Consumer Trust and Consumer Choice Review Team (CCTRT) Draft Report of Recommendations for New gTLDs. In particular, on the primary questions posed: The CCTRT is seeking input on its Draft Report, which assesses whether the introduction or expansion of gTLDs has promoted competition, consumer trust and consumer choice in the DNS... more
Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd. A few people have suggested that the problem is that OpenSSL is open source, and code this important should be left to trained professionals. They're wrong. more
ICANN's authority to manage top level of the DNS comes from a two-year Joint Project Agreement (JPA) signed with the US Department of Commerce in 1997, since extended seven times, most recently until September 2009. Since the DoC can unilaterally cancel the JPA which would put ICANN out of the DNS business, when DoC speaks, ICANN listens. On Thursday, the US DoC sent a scathing letter to ICANN about the proposed plan to sell large numbers of new top-level domains (TLDs). There's a long list of issues... more
The cloud computing paradigm has been making steady progress in 2016. With the DevOps model making its way from cloud to networking, the business upside of fully automated service architectures is finally beginning to materialize. The associated service agility is expected to unleash new business models that transform the ways in which applications and connectivity can be consumed. more
A report "Securing Cyberspace for the 44th Presidency" has just been released. While I don't agree with everything it says (and in fact I strongly disagree with some parts of it), I regard it as required reading for anyone interested in cybersecurity and public policy. The analysis of the threat environment is, in my opinion, superb; I don't think I've seen it explicated better. Briefly, the US is facing threats at all levels, from individual cybercriminals to actions perpetrated by nation-states. The report pulls no punches... more
A factual paper prepared in October 2009 for and endorsed by the Chief Executive Officers of ICANN and all the Regional Internet Registries that provides answers to commonly asked questions about IPv6 such as: How are allocations made, and to whom? How are IPv6 addresses actually being allocated? And why did such large IPv4 address allocations go to US organizations, including the US Government, and its Department of Defense? more
Everyone has heard of the cyber security attacks on Target (2013), Home Depot (2014), Neiman Marcus (2014), Sony Pictures (2014), and the United States' second-largest health insurer, Anthem (reported February 2015), but have you heard of the security breaches for Aaron Brothers, Evernote (denial of service attack), P.F. Chang's China Bistro, Community Health Services, Goodwill Industries, SuperValu, Bartell Hotels, Dairy Queen, U.S. Transportation Command contractors, and more. more
What do iTunes and a cooperative domain-name Intellectual Property (IP) regime have in common? They are market solutions to illegal activity: free downloading of music and free use of brands in domain names, respectively. The music industry tried to fight the free downloading of copyright-protected music by taking legal action against free downloaders under the pretext that their activity siphons industry revenue... more
The sixth annual Counter-eCrime Operations Summit (CeCOS VI) will engage questions of operational challenges and the development of common resources for the first responders and forensic professionals who protect consumers and enterprises from the ecrime threat every day. This year's meeting will focus on the shifting nature of cybercrime and the attendant challenges of managing that dynamic threatscape. more
A very good friend of mine is an archivist with the Ontario government, and we share similar views on how technology is impacting modern life. He passed a really interesting item along that ran in yesterday's Washington Post. Some of you may be following this – Google's Book Search Settlement. I can definitely see how this has a direct bearing on the archive space, but also how it touches on a few tangents of my world – emerging communications technologies. more
The latest iteration of the most expansive, omnipotential cybersecurity legal regime ever drafted appeared a few days ago. The European Union (EU) Cyber Resilience Act (CRA) is attempting to assert jurisdiction and control over all "products with digital elements" defined as "any software or hardware product and its remote data processing solutions, including software or hardware components to be placed on the market." more
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byVerisign