/ Featured Blogs

When is a Typo Not a Typo?

Feb 22, 2007

I was reading about the Nieman Marcus lawsuit and on a phone call related to the "Working Group on Mechanisms to Protect Rights of Others", when suddenly it occurred to me that this whole rush to rid the world of typos could eventually head in a messy direction... How far can this go? Let me take you back to that phone call I was on where representatives of Yahoo indicated they would try to secure Flicker.XXX as a TYPO of Flickr.com (their made up brand name) during a potential new TLD sunrise period. How backward is that? A Typo that became a brand, trying to call the generic name a variant of their trademark! more

ICA Questions ICANN on RegisterFly

Feb 22, 2007

The Internet Commerce Association sent this letter to ICANN yesterday in regard to the RegisterFly situation: "I am writing to you in my capacity as Counsel to the Internet Commerce Association (ICA), a non-profit trade association dedicated to promoting and protecting the rights of domain name (DN) owners... It has come to our attention that an ICANN-accredited registrar is in the midst of what appears to be a near-complete operational breakdown, and that its ongoing failure to carry out its responsibilities is causing substantial economic loss to tens of thousands of DN registrants in both the United States and multiple foreign jurisdictions." more

Commercial DNSSEC?

Feb 21, 2007

Seems that DNSSEC is being subjected to what an old boss of mine used to call the "fatal flaw seeking missiles" which try to explain the technical reasons that DNSSEC is not being implemented. First it was zone walking, then the complexity of Proof of Non-Existence (PNE), next week ... one shudders to think. While there is still some modest technical work outstanding on DNSSEC, NSEC3 and the mechanics of key rollover being examples, that work, of itself, does not explain the stunning lack of implementation or aggressive planning being undertaken within the DNS community. more

How Many Bots? How Many Botnets?

Feb 20, 2007

We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more

Picking Domain Names by Search Results

Feb 14, 2007

There is a definite advantage to knowing what users look for when typing in domain names that they think should work. This article from Government Computer News shows an excellent example in .gov. "600,000 visitors a year to FirstGov try to find the federal government's Web site by typing USA.gov into their browser", so they switched from firstgov.gov to usa.gov. It wasn't mentioned in the article, but firstgov.gov redirects automatically; this is more intelligence than I normally expect from US government web sites. more

Web Server Botnets and Server Farms as Attack Platforms

Feb 13, 2007

Are file inclusion vulnerabilitiess equivalent to remote code execution? Are servers (both Linux and Windows) now the lower hanging fruit rather than desktop systems? In the February edition of the Virus Bulletin magazine, we (Kfir Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security) wrote an article on cross platform web server malware and their massive use as botnets, spam bots and generally as attack platforms. Web security papers deal mostly with secure coding and application security. In this paper we describe how these are taken to the next level with live attacks and operational problems service providers deal with daily. more

Addressing the Future Internet

Feb 09, 2007

What economic and social factors are shaping our future needs and expectations for communications systems? This question was the theme of a joint National Science Foundation (NSF) and Organisation for Economic Co Operation and Development (OECD) workshop, held on the 31st January of this year. The approach taken for this workshop was to assemble a group of technologists, economists, industry, regulatory and political actors and ask each of them to consider a small set of specific questions related to a future Internet. Thankfully, this exercise was not just another search for the next "Killer App", nor a design exercise for IP version 7. It was a valuable opportunity to pause and reflect on some of the sins of omission in today's Internet and ask why, and reflect on some of the unintended consequences of the Internet and ask if they were truly unavoidable consequences... more

Dot-XXX and Tiered/Differential Pricing: Permitted?

Feb 08, 2007

As folks will recall, there was a big debate about tiered/differential pricing in the .biz/info/org contracts. Eventually those contracts were amended to prevent that. However, if folks read the .XXX proposed contractv [PDF], Appendix S, Part 2, under "delegated authority" (page 66 of the PDF), appears to give the Registry Operator total control to make policy regarding pricing. Thus, it would appear they are in a position to re-price domains that later become successful... more

Protection of Personal Names in Domain Names

Feb 08, 2007

David Pecker is the chairman of American Media, Inc., publisher of, among others, National Enquirer and Weekly World News. 'Mr. Ferris' registered the domain name DAVIDPECKER.COM, had a PPC company host it, where it was keyed to ads for porn, because, according to the registrant, the word PECKER was in the domain name. Mr. Pecker brought a UDRP. Although 'Mr. Ferris' (as he is identified in the decision) did not seem (to me) that he could establish a bona fide intent to use the name in conenction with an offering of goods or services, and altohugh there seemed to be plausible evidence of bad faith, the UDRP was denied... more

Spamhaus Policy Block List Update

Feb 07, 2007

Recently, I wrote about the Spamhaus Policy Block List (PBL), suggesting senders encourage their network/connectivity service providers (whomever they lease or purchase IP addresses from) to list their illegitimate email-sending IPs as a step towards improving the overall email stream on the internet. The initial PBL was seeded with listings from the Dynablock NJABL ("Not Just Another Bogus List"), which at the time of the cut-over was at more than 1.9 million entries... more

Industry Updates

On the Hunt for Remnants of the Samourai Wallet Crypto Mixing Services in the DNS

A Peek at the V3B Phishing Kit Attack via the DNS Lens

NIS2 and Its Implications for Global Brands

  • By CSC
  • Jul 05, 2024

Tracking Down Fake Cryptocurrency Sellers Using DNS Intelligence

Following the DNS Trail of APT Group Newbie Unfading Sea Haze

On the DNS Trail of the Foxit PDF Bug Exploitation Attackers

Profiling a Popular DDoS Booter Service’s Ecosystem

IPv4.Global Commits to Keep Ukraine Connected

A DNS Investigation of the Phobos Ransomware 8Base Attack

Stately Taurus APT Group Targets Asian Countries: What Do the Campaign IoCs Reveal?

Managing Expanding Attack Surfaces for Growing Businesses

Subdomain Hijacking in the News Again - What is It?

  • By CSC
  • May 20, 2024

Looking for More Signs of Nitrogen in the DNS

Thoughts on RDRS for Brand Owners

  • By CSC
  • May 13, 2024

Unraveling the World of Security Data Aggregation

View More