On 24 May, NIST published recommendations that are a key component of the U.S. cybersecurity ecosystem -- known as vulnerability disclosure guidelines. NIST (National Institute of Standards and Technology) is an agency of the Department of Commerce whose mission includes "developing cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public." more
After roughly 19 days of its introduction, VeriSign's Site Finder service was finally shutdown on October 4, 2003 following a "Formal Deadline" issued by ICANN (previously reported here). With the plug pulled, the Internet appears to be returning to its regular status ending a historic event that can be best described as a 'Hurricane' -- a Cyber-Hurricane. What follows is a collection of commentaries and questions raised around the Net in response to this event during and after the final hours of VeriSign's deadline... more
Is the internet on the verge of a meltdown? A non-profit organization, People For Internet Responsibility (PFIR), is concerned that there is the risk of "imminent disruption, degradation, unfair manipulation, and other negative impacts on critical Internet services..." PFIR believes that the "red flag" warning signs of a potential meltdown include "attempts to manipulate key network infrastructures such as the domain name system; lawsuits over Internet regulatory issues... ever-increasing spam, virus, and related problems..." more
Businesses in the financial services sector are among the most frequent targets of cybersquatters. In this free webinar, I will be joining Craig Schwartz of fTLD Registry Services to provide important information about how domain name fraud is affecting the financial services industries, including banking and insurance, and what businesses and consumers can do to protect themselves online. more
After a quick break to catch our breath (and read all those IPv6 Security Resources), it's now time to look at our tenth and final IPv6 Security Myth. In many ways this myth is the most important myth to bust. Let's take a look at why... Myth: Deploying IPv6 Makes My Network Less Secure... I can hear you asking "But what about all those security challenges we identified in the other myths?" more
In his book "The Darkening Web: The War for Cyberspace" (Penguin Books, New York 2017), Alexander Klimburg, an Austrian-American academic, gives "Internet Dreamers" a "Wake Up Call". He tells us the background-story why people start to be "anxious about the future of the Internet", as the recent ISOC Global Internet Report "Paths to Our Digital Future" has recognized. Klimburg refers to Alphabets CEO Erich Schmidt, who once said that "the Internet is the first thing that humanity has built that humanity does not understand". more
The Internet was replaced by a dual system created in 2014: a fiber optic network called "Net2Cash". It has a speed of one hundred Petabits per second (equivalent to 100 million Gigabits per second or 100,000 million Megabits per second). We no longer talk about Megabytes or Gigabytes because that is old school. Nowadays a couple of Exabites store the content of all written by man, from books and newspapers to Sumerian clay tablets; from Inca quipus and Egyptian hieroglyphs to all homework made by kids registered in elementary school. more
There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more
The ICANN Board has itself in a pretty pickle. The Governmental Advisory Committee (GAC) Consultancy with the Board in Brussels was an apparent non-starter. After hundreds of man-hours' worth of comments provided by the Intellectual Property Constituency (IPC), the Board continues to claim that it lacks sufficient information on trademark issues in order to respond to concerns. more
In my spare time when I'm not dealing with the world of e-mail, I'm a politician so now and then I put on my cynical political hat. At the FTC Authentication Summit one of the more striking disagreements was about the merits and flaws of SPF and Microsoft's Sender-ID. Some people thought they are wonderful and the sooner we all use them the better. Others thought they are deeply flawed and pose a serious risk of long-term damage to the reliability of e-mail. Why this disagreement over what one might naively think would be a technical question? more
The DNSSEC is a security protocol for providing cryptographic assurance (i.e. using the public key cryptography digital signature technology) to the data retrieved from the DNS distributed database (RFC4033). DNSSEC deployment at the root is said to be subject to politics, but there is seldom detailed discussion about this "DNS root signing" politics. Actually, DNSSEC deployment requires more than signing the DNS root zone data; it also involves secure delegations from the root to the TLDs, and DNSSEC deployment by TLD administrations (I omit other participants involvement as my focus is policy around the DNS root). There is a dose of naivety in the idea of detailing the political aspects of the DNS root, but I volunteer! My perspective is an interested observer. more
As a daily and enthusiastic reader of The New York Times, I was disappointed to read their February 1 article on CAN-SPAM entitled, "Law Barring Junk E-Mail Allows a Flood Instead" (subscription required). The theme of the article was, as the title suggests, that enacting CAN-SPAM was worse than having no laws at all. The article really missed the point on several fronts. more
A company called PW Registry Corporation makes the following announcement regarding the .PW ccTLD originally designated for the country of Palau: "The PW Registry Corporation announced today plans for the activation of the PW top- level domain (TLD), the Internet's first and only domain extension devoted to "Communities of Shared Interests". Unlike other domain extensions, such as .com, .biz, and .info, PW is aimed at providing individuals and consumer/affinity organizations a highly-personalized, permanent and portable e-mail address and a managed platform for community and social networking." more
The ICANN Meetings are in full flow here in sunny Luxembourg. The venue is immense and located a cab, bus, or shuttle ride from the various hotels. So far, the big topics are the .Net finalization (focusing on the readjustment of the pricing verbiage), the USDOC root announcement, the shell registrar accreditations used in the batch pool for the purposes of getting dropped names, and the practice of registrars exploiting the 5 day add grace period to register in excess of 50000 names to watch how much web traffic they have, and returning the ones that do not at no cost... more
My general impression of the Task Force 3 (TF3) output was that it was a prettified way of accusing the community of internet users as being cheats and liars and demanding that the costs of trademark enforcement be offloaded from the trademark owners onto the backs of domain name registrants and the DNS registration industry. (It is amazing how often the trademark industry forgets that the purpose of trademarks is to protect the consumer's right and ability to identify goods and services and to distinguish such goods and services from one another.. The trademark industry forgets that trademarks are intended to benefit the customer, not the seller, and that any benefit to the seller is merely incidental.) more
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byVerisign
A World-Renowned Source for Internet Developments. Serving Since 2002.