The Human Factor in DDoS Attacks

Ripped from the headlines: A recent DDoS attack lasted an entire 60 days. In other news, a single site was attacked 218 times in Q2 alone. To those of us in the business of protecting Web infrastructure, these stories are hardly surprising. What's notable, though, is where they were reported, in The Financial, whose focus is banking and financial services, not technology. The reporters used the term "DDoS" as if it were as common as "hedge fund," something everyday business people, not just techies, grasp. It's this human element that caught my interest and got me thinking a little. more

On the Success of Malware

There's often a lot of discussion about whether a piece of malware is advanced or not. To a large extent these discussions can be categorized as academic nitpicking because, at the end of the day, the malware's sophistication only needs to be at the level for which it is required to perform -- no more, no less. Perhaps the "advanced" malware label should more precisely be reattributed as "feature rich" instead. more

Recent Industry Changes: Internet Standards, ARIN WHOIS Changes, Hotmail Postmaster Pages

Signing Email is now a Draft Standard! Signing email transitioned from a proposed standard to a draft standard (RFC6376 -- one of the new RFCs) over at the IETF a few days ago. The other is RFC6377. Let's go through a brief history of DKIM RFCs to refresh our memories... more

Cloud Is the New Mainframe

Cloud computing, from a business and management perspective, has a great deal in common with mainframe computing. Mainframes are powerful, expensive and centralized pieces of computing equipment. This is in line with their role as infrastructure for mission-critical applications. For these types of applications, mainframes can be fairly efficient, even though they tend to need large teams of support specialists... Cloud computing is a new style of computing... more

Typosquatting Continues to Pose Dangers to Enterprises, Consumers

While typosquatting is not a new phenomenon, recent research highlights that it is being used to collect sensitive corporate information from employees and lure consumers to interact with dubious websites. ... Security consultancy Godai Group recently uncovered the use of a specific type of typosquat - a "doppelganger domain" - to collect sensitive enterprise information via email-based attacks. more

Russia and China Propose UN General Assembly Resolution on “Information Security”

On September 12 China, the Russian Federation, Tajikistan and Uzbekistan released a Resolution for the UN General Assembly entitled "International code of conduct for information security." The resolution proposes a voluntary 12 point code of conduct based on "the need to prevent the potential use of information and communication technologies for purposes that are inconsistent with the objectives of maintaining international stability and security and may adversely affect the integrity of the infrastructure within States..." more

The US DOJ Rogue Internet Pharmacy Settlement: Implications for Registrars

In the wake of Google's settlement with the Department of Justice for permitting advertising by illegal online pharmacies, what are the legal implications for Domain Name Registrars and ISPs in the US and elsewhere? In short, if you're a Registrar or ISP, it's a new ballgame. Here's why it's critical for you to steer clear of criminal and civil liability by making sure your registration services aren't used by rogue online pharmacy criminals. (And, here's how to do it.) more

The Association of National Advertisers Blinders on New TLDs

I read with interest the piece by the Chairman of the Association of National Advertisers (ANA), Garry Elliot, in Advertising Age, which was partly prompted by my commentary in the same publication describing why new generic Top-Level Domains (gTLDs) could be an opportunity for some brands. He says: "From all I've seen, no matter how one tries to justify ICANN's process or the benefits it speculates will occur, it is simply impossible to defend the economics of the ICANN proposal. That is the Achilles' heel of this entire exercise. To paraphrase an old saying, 'It's the economics, stupid.'" more

ICANN and Ethics

On September 2nd ICANN opened a one-month public comment period asking whether its Conflict of Interest Policy and related Bylaws should be altered. In light of recent heightened scrutiny of ICANN's policies regarding permissible employment options for departing Directors and key employees this announcement might have been welcome news. Instead, it's a narrow, cart-before-the-horse initiative that seems tone-deaf to predictable stakeholder, political and public relations fallout. more

India - The Internet’s Next Billion

Everyone seems to be talking about how the big boom is set to happen in India for domain names, and there are significant factors to ensure that this growth happens. The internet spends and E-commerce usage is fast becoming the face of modern India, a part of everyday lifestyle. Although awareness is still the biggest barrier domain name Registrars face with consumers, there are signs of significant improvement in trust, usability and the adoption of web services. more