/ Featured Blogs

ICANN Approves New Domain for Adult Sites

The Board of Directors of the Internet Corporation for Assigned Names and Numbers (ICANN) has determined that the proposal for a new top level domain submitted by ICM Registry, Inc. has met the criteria established by ICANN. Accordingly, ICM Registry will now move forward into technical and commercial contractual negotiations with ICANN to generate a voluntary .xxx top-level domain (TLD). more

WIPO Recommends Uniform Registration for New gTLDs

The World Intellectual Property Organization (WIPO) has recommended the introduction of a uniform intellectual property (IP) protection mechanism designed to further curb unauthorized registration of domain names in all new generic Top-Level Domains (gTLDs). The report, "New Generic Top-Level Domains: Intellectual Property Considerations", which is available at WIPO Arbitration and Mediation Center, says that such a preventive mechanism would complement the curative relief provided by the existing Uniform Domain Name Dispute Resolution Policy (UDRP). more

An Infrastructure TLD: Avoiding the Side Effects of Today’s .Net

I've mentioned before that there is something special about the .net top level domain - in particular .net is the place where the legacy root DNS servers and most of the TLD servers are to be found. Thus, if .net were to wobble there is more than a strong chance that the DNS root and other TLDs would also begin to wobble. This kind of cross-dependency is something that A) is a risk to overall internet stability and B) is something that ICANN seems utterly unable to perceive. more

Phishing: An Interesting Twist on a Common Scam

After Two Security Assessments I Must Be Secure, Right? Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. When the final report came in, your company was given a clean bill of health. At first, you felt relieved, and confident in your security measures. Shortly thereafter, your relief turned to concern. ...Given you're skepticism, you decide to get one more opinion. ...And the results were less than pleasing. more

The Philosophical Case for Expanding the Domain Name Space

At the December 2004 ICANN meeting in Cape Town, Vint Cerf said this to the Public Forum: "I want to go on record as saying... that I am no longer sure that I have a strong understanding of why I would be motivated to create a new TLD..." Dr. Cerf posed a question that has yet to be answered or even discussed by the DNS stakeholder community. While the technical and business cases for the introduction of new TLDs have been successfully made, what is the philosophical case for adding new TLDs? What semantics are encoded in TLDs, and how could those semantics be expanded in a consistent way? more

Sitting Around the Domain Table

I went to Domain Roundtable with some reservations. I was excited about meeting other domain portfolio holders, but I wasn't sure what to expect from the ICANN and Verisign people there, the corporate intellectual property people, and the corporate attorneys. I was pleasantly surprised by everyone I met. more

Actions Required by Developing Economies Against Spam

My OECD paper on spam problems in developing economies is now linked from the OECD Anti-Spam Toolkit page, as part of section 8 of the Anti-Spam Toolkit (Outreach). This ZDNet article provides a reasonably good summary of my paper as well. I welcome comments and suggestions from CircleID readers. "Spam is a much more serious issue in developing countries as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere..." more

Crack the Code: That’s a Direct Challenge

I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure... more

New Study Revealing Behind the Scenes of Phishing Attacks

The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..." more

Canada Finishes its Spam Task Force, Result is Pretty Good

Industry Canada, the part of the Canadian government roughly equivalent to the U.S. Commerce Department, has had a task force on spam working for the past year or so. I was invited to participate as an unofficial member, since I'm not a Canadian. Yesterday, it wrapped up its work and published its report (aussi disponsible en francais) to the government. It's quite good, and has a set of 22 recommendations. more