New Cyberthreats: Have You Been Exposed at Home?

There are new threats that you may have already been exposed to. Here are some of the new threats and advice on how to protect yourself. During this pandemic, Zoom has emerged as a very popular teleconferencing choice for companies and educational institutions, but a new weakness for Zoom was also discovered. Some online conferences and classes that had not password protected their sessions fell victim to eavesdroppers using the screen sharing feature to "Zoom Bomb" those sessions with graphic images. more

COVID-19, WHOIS, and the Pressing Need for Help With Domain Name System Abuse

As widely reported, and not surprising, the internet is swimming in COVID-19 online scams. Criminals, accustomed to rapidly grabbing online territory during times of crisis and profiting from public fear, are working overtime in the face of the coronavirus. Unfortunately, ICANN's failure to enforce its minimal WHOIS and DNS abuse requirements has resulted in delayed mitigation efforts at a time when swift responses are needed to protect the public from COVID-19 scams. more

A New Low for the ICANN Multistakeholder Process

ICANN's dismissal of public comments submitted on the .COM Registry Amendment wasn't surprising given that it recently dismissed the public comments on the .Org Renewal Agreement, but the speed and disdain which it demonstrated was. Despite public pronouncements by ICANN President and CEO, Gören Marby and assurances from ICANN Board Chair, Maarten Botterman, that public comments were welcomed and that ICANN would take them seriously... more

Free the Fiber Now

In a previous blog post I mentioned that the FCC had taken away restrictions to allow broadband supplied by E-Rate funding to be used to provide free WiFi for the public. That's a good idea that will provide some relief for areas with little or no other broadband. But the announcement raises a more fundamental question - why was such a restriction in place to begin with? more

This COVID-19 Crisis Proves the Internet Is Indeed a Caribbean Right

The coronavirus pandemic has, in the most emphatic way, shown us all just how interconnected everything and everyone is. A worldwide race is underway to minimize human interactions in order to avoid a global catastrophe. The inescapable consequence of these initiatives is an unprecedented shut down of the local, regional and global economy. The latest cost estimate to save the global economy is now at $7 trillion and climbing. more

Recent Case in Federal Court Shows Inefficiencies of Anticybersquatting Consumer Protection Act

A recent case1 from a federal court in Kentucky shows why the Anticybersquatting Consumer Protection Act (15 U.S.C. 1125(d) - the "ACPA") can be - when compared to the Uniform Domain Name Dispute Resolution Policy ("UDRP") - a relatively inefficient way of resolving a domain name dispute. Here is a quick rundown of the facts. Defendant owned a business directly competitive to plaintiff ServPro. Plaintiff had used its mark and trade dress since the 1960's... more

The Government Needs to Address the Homework Gap

I've been at a bit of a loss over the last few days on what to write about, because suddenly newspapers, blogs, and social media are full of stories of how impossible it is for some students to work at home during the COVID-19 shutdowns. I've been writing this topic for years, and there doesn't seem to be a lot I can add right now - because the endless testimonials from students and families struggling with the issue speak louder than anything I can say. more

Trusting Zoom?

Since the world went virtual, often by using Zoom, several people have asked me if I use it, and if so, do I use their app or their web interface. If I do use it, isn't this odd, given that I've been doing security and privacy work for more than 30 years, and "everyone" knows that Zoom is a security disaster? To give too short an answer to a very complicated question: I do use it, via both Mac and iOS apps. Some of my reasons are specific to me and may not apply to you... more

Zoom Cryptography and Authentication Problems

In my last blog post about Zoom, I noted that the company says "that critics have misunderstood how they do encryption." New research from Citizen Lab show that not only were the critics correct, Zoom's design shows that they're completely ignorant about encryption. When companies roll their own crypto, I expect it to have flaws. I don't expect those flaws to be errors I'd find unacceptable in an introductory undergraduate class, but that's what happened here. more

Data Center Operators Are Essential Critical Infrastructure Workers Amid COVID-19 Pandemic

The March 19, 2020, guidance from the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) declared what global citizens appreciate more each day as the COVID-19 pandemic crisis unfolds: "Functioning critical infrastructure is imperative during the response to the COVID-19 emergency for both public health and safety as well as community well-being." more