In Part 1 of "Bug Bounty Programs: Are You Ready?" we examined the growth of commercial bug bounty programs and what organizations need to do before investing in and launching their own bug bounty. In this part, we'll discuss why an organization needs to launch a bug bounty program, and what limits the value they will likely extract from such an investment. more
Distributed Denial of Service is a big deal -- huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack. There is no magical tool you can deploy that will allow you to go to sleep every night thinking, "tonight my network will not be impacted by a DDoS attack." more
The premise of crowdsourcing the task of uncovering new bugs and vulnerabilities in an organization's web applications or consumer products sounds compelling to many. What's not to like with the prospect of "many eyes" poking and prodding away at a corporate system for a minimal reward -- and preemptively uncovering flaws that could have been exploited by hackers with nefarious intent? more
Aida Zeki?, a student at the University of Uppsala, Sweden has published her master's thesis, "Internet in Public: an ethnographic account of the Internet in authoritarian Cuba." The thesis reports on interviews of 50 Cuban Internet users at nine WiFi hotspots in Havana during September and October 2016. She asked pre-planed, but mostly open-ended questions of 25 men and 25 women. She tried to identify people between 25 and 50 years old, but a few were a little older. more
The FAKE45 sign in the photo lower right corner appearing on the front page of today's Washington Post -- ironically in front of the Department of Justice headquarters -- captures a result of yesterday's events that may have far-reaching consequences. About 4.5 million people -- including a million in Washington DC alone -- spontaneously came together from every corner of the nation and world to question the legitimacy of a Trump Administration, express disdain for its actions, and assert the repugnancy of its positions. I was there. more
"Past performance does not necessarily predict future results." That's what the U.S. Securities and Exchange Commission requires mutual funds tell investors. But it's also true about domain name disputes. Cases in point: In four recent proceedings under the Uniform Domain Name Dispute Resolution Policy (UDRP), the operator of a large bank won two decisions but lost two others, despite a track record of having won more than 30 previous UDRP disputes. more
What will the Internet look like in the next seven to 10 years? How will things like marketplace consolidation, changes to regulation, increases in cybercrime or the widespread deployment of the Internet of Things impact the Internet, its users and society? At the Internet Society, we are always thinking about what's next for the Internet. And now we want your help! more
Last week I was at the National Slate Museum in Wales watching slate being split apart. On the wall were sample pieces of all the standard sizes. These have cute names like "princess". For each size, there were three standard qualities: the thinnest are the highest quality (at 5mm in thickness), and the thickest have the lowest quality (those of 13mm or more). Obviously, a lighter slate costs less to transport and lets you roof a wider span and with less supporting wood, hence is worth more. more
While conventional cyber attacks are evolving at breakneck speed, the world is witnessing the rise of a new generation of political, ideological, religious, terror and destruction motivated "Poli-Cyber™" threats. These are attacks perpetrated or inspired by extremists' groups such as ISIS/Daesh, rogue states, national intelligence services and their proxies. They are breaching organizations and governments daily, and no one is immune. more
A company that registers a domain name containing someone else's trademark may be engaging in the acceptable practice of "defensive registration" if (among other things) the domain name is a typographical variation of the registrant's own trademark. That's the outcome of a recent decision under the Uniform Domain Name Dispute Resolution Policy (UDRP), a case in which the domain name in dispute, idocler.com, contained the complainant's DOCLER trademark -- but also contained a typo of the respondent's DOLCER trademark. more
Zero-touch provisioning (ZTP) -- whatever does that mean? Of course, it is another marketing term. I think the term "closer to zero touch provisioning" is probably better, but CTZTP -- as opposed to ZTP -- is a bit more of a mouthful. Whenever I hear language like this that I'm not familiar with, I get struck by a bolt of curiosity. What is this new and shiny phrase that has just appeared as if from nowhere? more
I was naively optimistic in the early days of the Internet, assuming that it would enhance democracy while providing "big data" for historians. My first taste of that came during the Soviet coup attempt of 1991 when I worked with colleagues to create an archive of the network traffic in, out and within the Soviet Union. That traffic flowed through a computer called "Kremvax," operated by RELCOM, a Russian software company. The content of that archive was not generated by the government or the establishment media -- it was citizen journalism... more
The Updated Supplementary Procedures for Independent Review Process ("IRP Supplementary Procedures") are now up for review and Public Comment. Frankly, there is a lot of work to be done. If you have ever been in a String Objection, Community Objection, or negotiated a Consensus Policy, your rights are being limited by the current way the IRP Supplementary Procedures proposal is structured. With timely edits, we can ensure that all directly-impacted and materially-affected parties have actual notice of the IRP proceeding... more
Ransomware is a huge problem for small and medium businesses, and the most important question is this: should you pay the ransom? Ransomware has proven a successful revenue generator for criminals, which means the risk to businesses will grow as ransomware becomes more sophisticated and increasing numbers of ethically challenged criminals jump on the bandwagon. more
Did you know that over 50% of .CZ domains are now signed with DNS Security Extensions (DNSSEC)? Or that over 2.5 million .NL domains and almost 1 million .BR domains are now DNSSEC-signed? Were you aware that around 80% of DNS clients are now requesting DNSSEC signatures in their DNS queries? And did you know that over 100,000 email domains are using DNSSEC and DANE to enable secure email between servers? more
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byCSC
Sponsored byRadix
A World-Renowned Source for Internet Developments. Serving Since 2002.