Why Passwords Have Never Been Weaker and Crackers Have Never Been Stronger

The past few weeks, I've been on this security kick particularly when it comes to encryption. I'm developing my own app in my spare time. So I'm trying a whole bunch of things, no doubt making plenty of mistakes in the process. Luckily, the data I am protecting is only quasi-valuable so I can afford to take a hit due to my own conscious incompetence. Anyhow, I ran across this article on Ars Technica yesterday entitled "Why Passwords have never been weaker - and crackers have never been stronger." It's a long article and it will take you a while to read it, but here is my summary. more

Do Agencies Already Have the Authority to Issue Critical Infrastructure Protection Regulations?

The President and Congress are deliberating how best to ensure appropriate cybersecurity protection for private sector critical infrastructure. Legislative action and Executive Order are both under consideration. It is possible, however, that the White House Office of Management and Budget (OMB) already has sufficient statutory authority to enact new cybersecurity regulations through the normal notice-and-comment rulemaking process. more

It’s Time to Put a Bow on the URS: Our Work is Almost Done

For years our community has struggled with the rules of the URS - the Uniform Rapid Suspension - aimed at taking down the "worst of the worst" domain name registrations in a manner faster and cheaper than its predecessor, the Uniform Domain Name Dispute Resolution Policy - the UDRP. On June 27, in Prague, a diverse group met to discuss the fate of the URS. To my surprise, it was a rare "kumbaya" moment, and that makes it worthy of comment. more

Privatizing the ITU-T: Back to the Future

The awkwardly named International Telecommunication Union Telecommunication Standardization Sector (ITU-T) by any measure is a highly unusual body. It is the only global intergovernmental organization where Nation States produce detailed technical standards for telecommunications. Even more amazing is that it produces these standards for a field that is so dynamic and globally competitive as telecommunications. What is not well known is that the ITU-T was once a private standards body... more

4 Items for Applicants to Consider in Planning, Even As You Wait

With the effective deregulation of the domain name industry through the imminent launch of up to 1,000 new gTLD's, the competitive landscape is going to get a whole lot hotter over the next 24 months. We will likely see some financially and commercially successful ventures. It is likely that we will see many unsuccessful ones as well. The gap between success and failure will be slim. more

The Federal Cybersecurity Regulation Already in Place

While Congress and the White House deliberate possible actions on FISMA reform and increased oversight of critical infrastructure, relatively little attention is being given to the government-wide cybersecurity regulation already in place, the Data Quality Act (DQA). Unlike FISMA, which primarily governs the government's internal cybersecurity processes, and contemplated legislation and/or Executive Order(s), which would likely also include a focus on critical infrastructure protection, the DQA contains a unique mandate. more

The ITRs and Cybersecurity

Cybersecurity is a top-of-mind issue with calls for individual vigilance, national legislation, and international treaties to address gaps that are exploited causing significant harm and financial loss on a daily basis. The vast majority of these calls are well-intentioned though even among the best-intentioned, some are poorly directed. Such is the case with all of the proposals that would introduce security into the International Telecommunication Regulations (ITRs) of the International Telecommunication Union (ITU). more

Similarity of gTLD Applications: Required Reading for Evaluators

ICANN's evaluators should look at data published on "gTLD application similarity analysis". This sort of data helps dramatically reduce time and expense for the evaluation of new gTLD applications while increasing quality. The principle is simple: find the similarities between the 1930 applications. It is a proof-of-concept project by Arnoldo Mueller-Molina, a young Costa Rican researcher with a doctorate in computational analytics. more

Tracking Outages

The idea of tracking data outages spawned from an early discussion on the outages forum including feedback from an outages survey about having a status page for (un)planned outages as a central resource. The purpose of such effort is to have a wider focus that one could view as opposed to having to check dozens of provider status pages. There were many ideas put forth but nothing really panned out and things kinda fell on the back burner. more

IPv6: The Summer It Finally Happened

A decade old guessing game finally came to an end during these 2012 summer months. America was supposed to be hopelessly behind while Europe had not much to show after a decade of spending lavishly EU money on IPv6 related projects. China and Japan were thought to be light years ahead of everybody else. But in the end, it was the might of the American Content Industry that tipped the scales. more