Cybersecurity is a top-of-mind issue with calls for individual vigilance, national legislation, and international treaties to address gaps that are exploited causing significant harm and financial loss on a daily basis. The vast majority of these calls are well-intentioned though even among the best-intentioned, some are poorly directed. Such is the case with all of the proposals that would introduce security into the International Telecommunication Regulations (ITRs) of the International Telecommunication Union (ITU). more
We are suffering an epidemic of cyberattacks while in a viral pandemic. This post is for those who have responsibility for assuring that the IT-based services offered by their enterprise can quickly recover in the case of successful cyber-attack or other disaster. University of Vermont Medical Center (UVMMC) is an excellent hospital. I owe my life to treatment there and am grateful for both the skill and the kindness of UVMMC staff. They have been devastated by a cyber-attack. more
Netflix has announced that they are deploying their own Content Delivery Network (CDN) for delivery of their video streams to Internet Exchange Points (IXPs) around the world. More importantly they are making the hardware and software design of their CDN servers freely available. That means any network can deploy Netflix CDN boxes deep into their network to significantly reduce traffic volumes and improve performance for users. more
Three parallel events in US communications policy today, all reported on widely - but with a common thread. ... Law enforcement and national security officials want to make sure that they have the same ability to execute warrants and surveillance orders online that they had in the switched-telephone-circuit age -- which will mean substantial government design mandates for new software, hardware, and communications facilities. more
The argument for end-to-end encryption is apparently heating up with the work moving forward on TLSv1.3 currently in progress in the IETF. The naysayers, however, are also out in force, arguing that end-to-end encryption is a net negative... The idea of end-to-end encryption is recast as a form of extremism, a radical idea that should not be supported by the network engineering community. Is end-to-end encryption really extremist? Is it really a threat to the social order? more
In the next few months, ICANN will have a concrete opportunity to improve its accountability and transparency by enacting the recommendations of the Accountability and Transparency Review Team (ATRT). Those recommendations may not be perfect, but if the history of the ICANN process is any indication, we can't afford to let the perfect be the enemy of the very good. more
The largest and most important global information infrastructure today by any measure is clearly the global mobile network and all of its gateways, services, and connected devices. That network is standardized, managed, and energized by a combination of the 3GPP and GSMA. The level of 3GPP industry involvement and collaboration today probably exceeds all other telecom, internet, and assorted other bodies put together... and then some. more
Spamfiltering blocks email. This is something we all know and understand. For most people, that is everyone who doesn't manage an email server or work in the delivery field or create spamfilters, filtering is a totally unseen process. The only time the average person notices filters is when they break. The breakage could be blocking mail they shouldn't, or not blocking mail they should. more
Domain brand squatting can be defined as the unauthorized or dishonest use of a brand or company identifiers in domain names. It is often linked to the use of look-alike domains in bad faith, and we see it all the time. The threat actors behind these domains are called different names, though a prevalent one would be “typosquatters.” The Hot on the Trail of Compulsive Brand Squatters webinar showcased how these people are infiltrating the Internet. The first page of PhishTank’s valid phish search alone as of this writing tells us that domain brand squatting is a real and present danger. more
In 2001, I published a report on website weights and their impacts on website performance. Why you might ask, was I researching website weights all the way back in 2001... At the time, in the United States and many other countries, homes and businesses were in the process of upgrading from dial-up internet connections to broadband connections. Because businesses were on the leading edge of this upgrade, many web teams designed fancy new websites that relied heavily on images and this fancy new technology known as Flash. more
It has been a very busy period in the domain of computer security. With "shellshock", "heartbleed" and NTP monlink adding to the background of open DNS resolvers, port 445 viral nasties, SYN attacks and other forms of vulnerability exploits, it's getting very hard to see the forest for the trees. We are spending large amounts of resources in reacting to various vulnerabilities and attempting to mitigate individual network attacks, but are we making overall progress? What activities would constitute "progress" anyway? more
Although ICANN is now getting a lot of ridicule for the "glitch" in its TLD application System, it deserves some praise and respect for the results of its April 10 board meeting. In that meeting, the board showed the involved community - and the rest of the world - that it is no longer going to be stampeded by extra-procedural political pressure to make yet another round of hasty amendments to its new TLD program's policies and procedures. more
Last month at the Virus Bulletin Conference in Barcelona, I took in one of the sessions on mobile malware. This type of malware is foreign to me because I mostly stay in the email space at work (and even then, I am focusing more on day-to-day issues of running a large mail provider than I am on spam and abuse). What's mobile malware like? What are the threats? How do users get infected? more
The compliance deadline for the European Union's General Data Protection Regulation (GDPR) is nearly upon us, the unveiling of a proposed model to bring WHOIS into compliance is said to come from ICANN next week, and everyone is scrambling to understand all that's involved. Implementation of a revised WHOIS model is clearly on the horizon, but what comes after may be the real story! Specifically, if WHOIS information becomes more than nominally restricted, what's the consequence to the data controllers (ICANN and the contracted parties) who implement this revised model? more
UDRP complainants prevail in the range of 85% to 90% which approximately correlates with the percentage that respondents default in responding to complaints. The annual number of complaints administered by ICANN providers has been hovering around 4,000 +. Astonishingly, the number has remained steady for a good number of years despite the phenomenal increase... Compared to the whole, there are a relatively small number of contested disputes, perhaps in the annual range of 400 to 500, and of those a larger percentage are called out as cybersquatters. more
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byVerisign
A World-Renowned Source for Internet Developments. Serving Since 2002.