Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
The term "attack surface" is often heard in cybersecurity conversations. It refers to the sum of all possible attack vectors or the vulnerabilities that threat actors can exploit to penetrate a target network or damage an organization somehow. An unused and forgotten subdomain, for instance, can become an attack vector when taken over. Certain categories of companies have very large attack surfaces. Such is the case of streaming media businesses like Netflix and HBO Max. more
This morning, at 10 am in 2141 Rayburn, the Subcommittee on Courts, the Internet, and Intellectual Property is holding a hearing on "Internet Domain Name Fraud -- New Criminal and Civil Enforcement Tools." At that hearing, the Subcommittee will be considering a new Whois bill creating new penalties for people who provide false data when registering a domain name. We need to raise our collective eyebrows at this bill (which was suddenly dropped the evening before this hearing). The title of the bill is the "Fraudulent Online Identity Sanctions Act." (FOISA) more
Wal-Mart seems to have been particularly vigilant lately about protecting itself from third parties setting up websites critiquing Wal-Mart and its practices. ...Wal-Mart recently scored a victory in an arbitration proceeding under the Uniform Domain Name Dispute Resolution Policy ("UDRP") before the World Intellectual Property Organization ("WIPO") against Jeff Milchen, a self-proclaimed critic of Wal-Mart from Bozeman, Montana who registered the domain name "walmartfacts.biz". more
Every time an individual logs on to the Internet a pornographer is able to copy the stream of digital bits created by the computer user's Internet connection. The data bits are used to compile a database of information about Internet user buying habits and sexual tastes. These pornographers use the information secretly collected from logged in computers to alter the category or type of pornographic images uploaded onto various websites. Pornographers, for example, know that as a result the pornography in Cyberspace is of an extremely disturbing sort when compared to porn found in "real-space." Internet users are primarily known fans of sexual images of incest, bestiality, and torture. Cyber porn -- as it is often called -- is bigger, badder, and more extreme. more
Over the last few years, it's become clear that abuse of the Domain Name System -- whether in the form of malware, botnets, phishing, pharming, or spam -- threatens to undermine trust in the Internet. At Public Interest Registry, we believe that every new .ORG makes the world a better place. That means anything that gets in the way of that is a threat, and that includes DNS Abuse. more
Building IoT ventures from scratch by prototyping hardware devices and their backend systems as well as working for a large company that tries to sell IoT devices itself, we learned a lot about the pitfalls and problems concerning security in the IoT. Nearly every connected device out there proved to be vulnerable to attacks. Researchers showed that it's possible to remotely take control over autonomous vehicles, implanted medical devices were manipulated, voting machines compromised and of course all sorts of other "smart" devices... more
An organization which purports to be "the voice of world business" is proposing a de facto U.N. takeover of ICANN. The proposal by a senior official of the International Chamber of Commerce (ICC) would place ICANN under the U.N. umbrella and give a strong role to U.N. agencies and to various national governments, including those that suppress free speech and free enterprise. In a move of breathtaking arrogance, the ICC refused to even invite ICANN or U.S. government representatives to the meeting at which they are presenting their proposal. more
ICANN has consistently said its intention in complying with the European Union's General Data Protection Regulation (GDPR) is to comply while at the same time maintaining access to the WHOIS domain name registration database "to greatest extent possible." On February 28, ICANN published its proposed model. Strangely, while ICANN acknowledges that some of the critical purposes for WHOIS include consumer protection, investigation of cybercrimes, mitigation of DNS abuse, and intellectual property protection, the model ICANN proposes provides no meaningful pathway to use WHOIS in those ways. more
Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse. This theme has been rising in prominence every year since 2018, and 2021 appears to be the tipping point, in which consensus has built around the idea that more can be accomplished in terms of reducing the impact of rogue actors using the Internet for malicious purposes. more
Whatever you think the answer is (typically about ten bucks), the answer is likely to change radically for the worse, based on new contracts that ICANN is planning to approve. On July 28th ICANN posted proposed new contracts for .ORG, .BIZ, and .INFO, for a public comment period that ends four days from now, on the 28th. There's a lot not to like about these proposed contracts, but I will concentrate here on two related particularly troublesome areas, pricing and data mining. more
Many registrars have gotten complacent about reforming the Whois-Privacy relationship. After all, they can sell additional privacy protection to their subscribers for an extra $5-10. Seems like a perfect "market oriented" interim solution, as the so-called "bottom up" policy development process of ICANN figures out how to provide tiered access. Not so fast. more
I just discovered that VeriSign's SiteFinder Web site is leaking data submitted in Web forms to its marketing analysis partner, Omniture. Forms can easily contain personal information such as an email address. For the problem to occur, a Web form must use the GET method. This data spill problem occurs if a Web page anywhere on the Internet submits a Web form to an action URL with a misspelled or expired domain name. Because of VeriSign's recent controversial changes to the DNS system, this form data is submitted to the SiteFinder Web site. more
The recent announcement in eWeek titled "Feds Won't Let Go of Internet DNS" (slashdotted here) has some major internet policy implications. The short, careful wording appears to be more of a threat to ICANN than a power grab. In short, the US Department of Commerce's (DOC) National Telecommunications and Information Administration (NTIA) announced that it was not going to stop overseeing ICANN's changes to the DNS root. ...Of course, they have done next to nothing to support DNSSEC or other proposal for securing the DNS, but it sounds reassuring. The last sentence shows that the Bush administration shares the Clinton administration's lack of understanding of how the internet should evolve... more
This growth is clearly unsustainable within the IPv4 address space. Not every country can have these utilization levels. The hunger for new addresses is greatest in China (currently at 1 IPv4 address per 4 inhabitants) and India (1 address per 53 inhabitants). To put these at the modest level of 1 address per inhabitant requires more than 2.2 billion addresses, where there are currently only 290 million left... Given these numbers and the overall strong growth, any hopes of being able to reuse space that is allocated but not used (i.e. pre-CIDR) are futile. This demand dwarfs the entire US allocation. more
What would duopoly providers of internet access really like to have? They'd really like to be paid for providing non-commodity services. They'd really like to be rewarded for running the network, top to bottom. "But that's not possible," you say. No provider can tell one packet from another. Providers can only block the ports used by applications they don't like, and that's a clumsy, unwinnable arms race. The applications can always switch to common and useful ports, and no provider wants to alienate its subscriber base. But what if providers could inspect the contents of packets, without using too much computational power, and discriminate among applications? "Naah," you say. "They can't possibly do that."... more
Sponsored byCSC
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byVerisign
Sponsored byDNIB.com
A World-Renowned Source for Internet Developments. Serving Since 2002.