Anonymous, LulzSec, and the Option of Internet Security

As hacking groups such as Anonymous and LulzSec continue to make headlines, many of us in the Information Security field can only sit back and shake our heads. The large number of successful system breaches, web site defacements, and the publication of confidential data is not at all surprising, and for the most part was only a matter of time. more

Authentication Methods Used in the RIPE Database

Objects in the RIPE Database can only be modified by those authorised to do so. For instance, an object representing a certain range of IP addresses assigned to an organisation by the RIPE NCC or a Local Internet Registry (LIR) can be modified by the organisation holding that address space. Each database object contains one or more attributes referencing the maintainer(s) of that object. In a maintainer (MNTNER) object, credentials are listed for those who are authorised to modify any object referencing that MNTNER object. more

Defense in Depth for DNSSEC Applications

At the time of this writing DNSSEC mostly does not work. This is not a bad thing - in fact it's expected... There is a significant last-mover advantage DNSSEC deployment (or IPv6 deployment) and that can't be helped. It's all in a good cause though - everybody knows we need this stuff and some farsighted contributors put a lot of money and other resources into DNSSEC years or decades ago to ensure that when the time comes the world will have a migration path. Sadly, this leaves current investors and application designers and developers wondering whether there's a market yet. more

FttH Is Not About High-Speed Internet Access - It Is About the Internet of Things

The future of our communications infrastructure will to a very large extent be based on the Internet of Things (IoT). What this means is that hundreds of millions of devices will be connected to the national broadband networks (NBN), gathering massive amounts of information and providing feedback in real time. In any single country, the electricity grid alone will have tens of millions of sensors and devices connected to deliver the energy efficiencies that we all so desperately need. more

Kudos to ccTLD Registries for Taking Measures to Improve Security

When I first wrote about Domain Registry Locking over a year and a half ago, Verisign was the only Registry offering a true Registry Lock Service. Of course, not long after, Neustar announced their Registry Lock Service too. Recently however, a number of ccTLD Registries have also adopted Registry Locking programs... more

ICANN Finds Its Voice

I think we are finally getting somewhere: ICANN is no longer fluttering flusteredly whenever a lobbying group sends a nastygram over the transom. Case in point: a Association of National Advertisers (ANA) that arrived a few days ago, full of bombast and muscle-flexing, demanding that ICANN immediately stop the new gTLD program until a long list of demands from the ANA were met, or else the ANA would be forced to take some Very Scary Actions... more

Integrating the GAC More Effectively

We all may have breathed a sigh of relief when the ICANN Governmental Advisory Committee (GAC) and the Board concluded their eleventh-hour negotiations on new generic Top-Level Domains (gTLDs) with some measure of success, but we can all agree that panicked policymaking is, at best, less than optimal. ICANN needs to integrate GAC input more effectively. The Final Report recently issued by the Joint Working Group (JWG) of the ICANN Board and the GAC contains several thoughtful and productive recommendations. more

DDoS Attacks: Don’t Be In Denial of the Risks

Unlike traditional attacks by hackers which breach a business's security systems, resulting in defaced websites, intellectual property theft and/or customer data theft, a DDoS attack focuses on making a business's Internet connected infrastructure (e.g. web servers, email servers, database servers, FTP servers, APIs, etc.) unavailable to legitimate users. A business's brand reputation, which can take years to establish, can be swept away in just a few hours from a single DDoS attack in the same way a natural disaster like a flood or earthquake can impact a traditional brick and mortar business. more

Survey: Public Interest Representation in the Information Society

All civil society organisations and other self-identified public interest representatives in the regime of Internet governance and related areas of information and communications policy are invited to complete a survey titled Public interest representation in the information society. This survey contributes towards the development of a map of Internet governance... more

Another Day, Another Set of Hacking Attacks. News At 11.

While reading Reuters I came across a news article indicating that a number of high profile agencies - from the United Nations to the Canadian Government to government of Taiwan - were broken into over a period of the past five years. ... I'll say it right now, even though I haven't been briefed on it. It was China. more