Some Notes on the .XXX Top-Level Domain

Yesterday the ICANN board discussed and approved ICANN staff to enter into negotiations with ICM Registry, Inc. for the .XXX Top Level Domain (TLD). I'm sure there will be a longer more complete presentation from ICANN later about this, but as an individual board member I thought I'd post a quick note before people got carried away with speculation based on a lack of information.

ICANN Approves New Domain for Adult Sites

The Board of Directors of the Internet Corporation for Assigned Names and Numbers (ICANN) has determined that the proposal for a new top level domain submitted by ICM Registry, Inc. has met the criteria established by ICANN. Accordingly, ICM Registry will now move forward into technical and commercial contractual negotiations with ICANN to generate a voluntary .xxx top-level domain (TLD).

WIPO Recommends Uniform Registration for New gTLDs

The World Intellectual Property Organization (WIPO) has recommended the introduction of a uniform intellectual property (IP) protection mechanism designed to further curb unauthorized registration of domain names in all new generic Top-Level Domains (gTLDs). The report, "New Generic Top-Level Domains: Intellectual Property Considerations", which is available at WIPO Arbitration and Mediation Center, says that such a preventive mechanism would complement the curative relief provided by the existing Uniform Domain Name Dispute Resolution Policy (UDRP).

An Infrastructure TLD: Avoiding the Side Effects of Today’s .Net

I've mentioned before that there is something special about the .net top level domain - in particular .net is the place where the legacy root DNS servers and most of the TLD servers are to be found. Thus, if .net were to wobble there is more than a strong chance that the DNS root and other TLDs would also begin to wobble. This kind of cross-dependency is something that A) is a risk to overall internet stability and B) is something that ICANN seems utterly unable to perceive.

Phishing: An Interesting Twist on a Common Scam

After Two Security Assessments I Must Be Secure, Right? Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. When the final report came in, your company was given a clean bill of health. At first, you felt relieved, and confident in your security measures. Shortly thereafter, your relief turned to concern. ...Given you're skepticism, you decide to get one more opinion. ...And the results were less than pleasing.

The Philosophical Case for Expanding the Domain Name Space

At the December 2004 ICANN meeting in Cape Town, Vint Cerf said this to the Public Forum: "I want to go on record as saying... that I am no longer sure that I have a strong understanding of why I would be motivated to create a new TLD..." Dr. Cerf posed a question that has yet to be answered or even discussed by the DNS stakeholder community. While the technical and business cases for the introduction of new TLDs have been successfully made, what is the philosophical case for adding new TLDs? What semantics are encoded in TLDs, and how could those semantics be expanded in a consistent way?

Sitting Around the Domain Table

I went to Domain Roundtable with some reservations. I was excited about meeting other domain portfolio holders, but I wasn't sure what to expect from the ICANN and Verisign people there, the corporate intellectual property people, and the corporate attorneys. I was pleasantly surprised by everyone I met.

Actions Required by Developing Economies Against Spam

My OECD paper on spam problems in developing economies is now linked from the OECD Anti-Spam Toolkit page, as part of section 8 of the Anti-Spam Toolkit (Outreach). This ZDNet article provides a reasonably good summary of my paper as well. I welcome comments and suggestions from CircleID readers. "Spam is a much more serious issue in developing countries as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere..."

Crack the Code: That’s a Direct Challenge

I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure...

New Study Revealing Behind the Scenes of Phishing Attacks

The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..."