VoIP is here to stay. In fact many incumbent telecommunication carriers have started offering VoIP service for sometime and several new VoIP service providers have emerged. Aside from issues such as quality of service, the aspect of security, or lack thereof, is misunderstood by some of the VoIP service providers. This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. more
In an RFC prepared by Donald E. Eastlake 3rd and Declan McCullagh, an analysis is offered for proposals to mandate the use of a special top level name or an IP address bit to flag "adult" or "unsafe" material or the like. This document explains why these ideas are ill considered from legal, philosophical, and technical points of view: "Besides technical impossibility, such a mandate would be an illegal forcing of speech in some jurisdictions, as well as cause severe linguistic problems for domain or other character string names." more
In our continuing review of Rogue Registrars we have stumbled upon on a very elaborate fake banking site for "Swiss Bank" or "Bank of Switzerland". To the casual Internet consumer this site probably appears legitimate, but a number of clues tip off the fraud. Phishing sites are everywhere so this does not immediately raise eyebrows until you review the Thick WHOIS record for the domain. more
In the case of Lands' End, Inc. v. Remy, the defendant website owners were accused of crafting a clever scheme to get some extra commissions from their affiliate relationship with landsend.com. It looks like the scheme has backfired, however, as Lands' End's claim against the defendants under the Anticybersquatting Consumer Protection Act, [15 U.S.C. §1125(d)] ("ACPA") has survived a summary judgment motion and the case is heading for trial. more
Many software applications rely on validation routines to check the validity of domain names. By validation, I mean here to test the string submitted by the user and see if it matches a pre-defined pattern. A typical example are web forms that need to validate e-mail addresses. This is by new means a new issue. It first appeared with the introduction of the .info Top-Level Domain (TLD). more
According to Google's 2006 Year-End Review, dubbed Zeitgeist, or the cultural climate of an era, a majority of the top-ten search terms for 2006 were trademarks. Topping the list is the registered BEBO mark which is held by Bebo.com LLC, a California company that runs a social networking website. Second on the list was MYSPACE, the registered mark associated with Newscorp's $580 million social-networking giant. Next, as a result of a majority of the world catching soccer fever over the summer, "world cup" ranked as the third most searched term... more
Here's another interesting angle on the Verisign Site Finder Web site. VeriSign has hired a company called Omniture to snoop on people who make domain name typos. I found this Omniture Web bug on a VeriSign Site Finder Web page... more
There is a published spoofing attack using homographs IDN. By using a Cyrillic SMALL LETTER A (U+430), Securnia is able to pretend to be http://www.paypal.com/. Actually this is well-documented in RFC 3490 under the Security Consideration: "To help prevent confusion between characters that are visually similar, it is suggested that implementations provide visual indications where a domain name contains multiple scripts. Such mechanisms can also be used to show when a name contains a mixture of simplified and traditional Chinese characters, or to distinguish zero and one from O and l..." more
Here's my opening remarks from Media Access Project's Innovation '08 in Santa Clara this morning. A DVD will be available shortly. This was a lively discussion, with Google and Vuze on the case. Good morning and welcome. My name is Richard Bennett and I'm a network engineer. I've built networking products for 30 years and contributed to a dozen networking standards, including Ethernet and Wi-Fi... I'm opposed to net neutrality regulations because they foreclose some engineering options that we're going to need for the Internet to become the one true general-purpose network that links all of us to each other, connects all our devices to all our information, and makes the world a better place. Let me explain. more
In a very casual and low-key footnote over the weekend, ICANN announced it would be further bypassing the Affirmation of Commitments and ignoring the WHOIS Review Team Report. There will be no enhanced validation or verification of WHOIS because unidentified people citing unknown statistics have said it would be too expensive... As a topic which has burned untold hours of community debate and development, the vague minimalist statement dismisses every ounce of work put in by stakeholders. more
After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I've been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period... To recap, DNSSEC is an approach to adding some "security" into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. more
There are now several different courts of appeals that have upheld the right of individuals to post a non-commercial website using the domain name www.company.com, and there are as yet NO appellate decisions that forbid such websites outside the context of the serial cybersquatter who tries to erect a so-called gripe site as a CYA measure after being sued. In fact, it seems to me that we are getting close to the point where companies that sue over such websites have to consider seriously the possibility that they will not only lose the suit, but face a malicious prosecution action... more
The domain industry media was abuzz last week with speculation that tech giant Apple may be gearing up to launch its .apple brand TLD. Rumours began when it was discovered that Apple registered 29 .com domain names that to the untrained eye, appear to be strangely worded. These include the likes of imovieapple.com, macbookproapple.com and ipadapple.com, providing hope to many industry pundits that they could potentially be defensive registrations designed to protect Apple from losing traffic when it begins to utilise its .apple TLD. more
A number of people, notably Viviane Reding, the European Commissioner for Information Society and Media, have been asking about how to Break The Internet. Since Mme Reding seems to have absolutely no prior experience in the Information Technology, Computing or Telecommunications industries, I have prepared this brief HOWTO. "1. Declare the creation of a new Root Zone. This is the easy bit - all you have to do is spout great volumes of hot air at a conference in Geneva, and then storm out in a huff when other people refuse to take you seriously. Then you get the PFY who services your photocopier to declare the creation of a new European Root Zone! Hooray!" more
Since the launch of the New gTLD Program in 2012, it has become evident that new gTLD registries overestimated the demand for new Top-Level Domain name extensions. Furthermore, new gTLD registries did not anticipate the hurdles in raising awareness, not to mention creating adoption for new domains. Even the most pessimistic New gTLD Program critic did not expect such uninspiring results. It was a wake up call for many in the domain industry. The New gTLD Program currently lacks credibility. No new gTLD has yet to go mainstream and capture the world's imagination. more
Sponsored byVerisign
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byDNIB.com