Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Everyone is probably well aware of the Kashpureff-style DNS cache- poisoning exploit (I'll call this "classic cache poisoning"). For reference, see the original US-CERT advisory prompted by this exploit. Vendors patched their code to appropriately scrub (validate) responses so that caches could not be poisoned. For the next 7-8 years, we didn't hear much about cache poisoning. However, there was still a vulnerability lurking in the code, directly related to cache poisoning. ...On April 7, 2005, the SANS ISC (not to be confused with Internet Systems Consortium) posted an update detailing how Microsoft Windows DNS servers were still being poisoned, even though the "Secure cache against pollution" option was set. The SANS ISC found that Windows DNS servers using BIND4 and BIND8 servers as forwarders were being poisoned. But how could this be? more
On August 14 at 11 AM ETECSA, Cuba's monopoly ISP, began a 9-hour, nationwide test of 3G mobile Internet access -- anyone near a 3G-equipped cell tower with a compatible phone and a prepaid mobile telephony account could get free access until 8 PM. As far as I know, the only notification was this post on the ETECSA Facebook page, but word of the test and instructions for getting online spread by word of mouth. more
It's no surprise that Google has been sued again for trademark infringement, but the basis of this lawsuit is surprising. Rather than another lawsuit over the sale of trademarked keywords to deliver ads (along the lines of the GEICO, American Blinds, Rescuecom and JTH Tax cases, or the dozens of international lawsuits), this lawsuit is based on a Blogspot blog URL. Because of its comparative novelty, this lawsuit raises some complex and unsettled legal issues. more
A lot of spam uses fake return addresses. So back around 2000 it occurred to someone that if there were a way to validate the return addresses in mail, they could reject the stuff with bad return addresses. A straightforward way to do that is a callout, doing a partial mail transaction to see if the putative sender's mail server accepts mail to that address. This approach was popular for a few years, but due to its combination of ineffectiveness and abusiveness, it's now used only by small mail systems whose managers don't know any better. What's wrong with it? more
During the 2+ weeks for which Site Finder was operational, a number of ISPs took steps to disable the service. A study just released reveals details and analysis, including specific networks disabling Site Finder during its operational period. For example, China blocked the traffic at its backbone, and Taiwan's Chunghwa Telecom and Korea's DACOM also disabled the service. US ISPs seem to have been slower to act, in general -- but US ISP Adelphia disabled the service September 20-22 before re-enabling it on September 23. more
Last week Sen. Snowe filed bill S.2661, the Anti-Phishing Consumer Protection Act of 2008, or APCPA. While its goals are laudable, I have my doubts about some of the details. The first substantive section of the bill, Section 3, makes various phishy activities more illegal than they are now in its first two subsections. It makes it specifically illegal to solicit identifying information from a computer under false pretenses, and to use a domain name that is deceptively similar to someone else's brand or name on the web in e-mail or IM to mislead people... more
For the last couple years the domain aftermarket has been hot again, we're seeing valuations not seen since bubble1.0, which saw valuations like 7 million dollars for business.com and 4 million for drugs.com. The TechWreck was induced by the NASDAQ crash of 2000 and the fun was over for awhile. What differentiates this bubble in the domain aftermarket from Bubble 1.0 is domain parking and monetization... The interesting thing is since then, the multiples on domain names have outstripped the multiples on developed websites. To me, this is the equivalent of the "inverted yield curve" that portends economic recessions. more
In early 2012, in order to promote Choice, Competition and Innovation, ICANN opened its doors to allow organizations to apply for new Top Level Domains. In spite of a complex and costly application process, ICANN received a very large number of applications: In total, 1,930 applications were received, of which 675 were brands applying for a closed new gTLD, a dot brand. more
More than 200 leaders from government, business and civil society attended the Global Forum on Internet Governance, held on 25 and 26 March 2004 and organized by the United Nations Information and Communication Technologies (ICT) Task Force. The forum, held at United Nations Headquarters in New York, was intended, according to a UN press release, "to contribute to worldwide consultations to prepare the ground to a future Working Group on Internet Governance to be established by Secretary-General Kofi Annan, which is to report to the second phase of the World Summit on the Information Society (Tunis, 2005)". more
The first salvo on NANOG this morning in response to the launch of OpenDNS was a predictable lambasting along the lines of "here comes SiteFinder II". Fortunately the follow-ups were quick to point out that OpenDNS was a far cry from SiteFinder for the obvious reason that people have the choice to use it, nobody had a choice with SiteFinder. ...the real magic here can come from it's use in phishing mitigation. more
Mobile WiMAX, with the release of 2×2 MIMO chips in 2008, gives WiMAX a lead of two or so years on its major competitor -- the 3GPP's LTE. However, 3G cellphones using 3GPP UMTS technologies, extended to higher speeds with HSPA, is widely used in handsets in many countries. In North America, 3GPP2 CDMA2000 and EV-DO are widely used, but these are likely to be replaced over time by LTE and to some extent WiMAX. more
I have discovered that VeriSign's SiteFinder service breaks Microsoft's Outlook and Microsoft's Outlook Express email readers as well as many of the standard Windows Networking Utilities by providing misleading error messages, temporary lockups, and incorrect status information. more
Registration of .Pro domains has descended into shambles as the Registry responsible for their administration has allowed a flood of domain registrations which appear to be in breach of the strict rules restricting who can register a .pro domain and the certified credentials required before any such domain can work. more
As security breaches increasingly make headlines, thousands of Internet security companies are chasing tens of billions of dollars in potential revenue. While we, the authors, are employees of Internet security companies and are happy for the opportunity to sell more products and services, we are alarmed at the kind of subversive untruths that vendor "spin doctors" are using to draw well-intentioned customers to their doors. Constructive criticism is sometimes necessarily harsh, and some might find the following just that, harsh. But we think it's important that organizations take a "buyers beware" approach to securing their business. more
Please do sit down. Should the shock cause you to suddenly lose consciousness, I hereby disclaim all responsibility for any subsequent loss or injury. I'm about to defend the anthrax of the Internet: NAT. Network Address Translation is a hack to enable private IP addresses on one side of a router (inside your network) to talk to public IP addresses on the other side (on the Internet, outside your network). It really doesn't matter how it works. The consequence is that unless the router is specifically configured, outsiders can't get in uninvited. So those on the inside can't, by default, act as servers of any service to the outside world. more
Sponsored byCSC
Sponsored byVerisign
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byIPv4.Global
A World-Renowned Source for Internet Developments. Serving Since 2002.