/ Featured Blogs

Blissful Ignorance: Placement Prostituting the Press

Nov 18, 2003

Andrew McLaughlin, in his excellent dismemberment of the BBC's report on the "IPv4 address crisis", is observing not a random piece of sloppy research, but the success of settled policy. That policy, pursued by public relations companies serving information technology and telecommunications (IT&T) companies, is simple to sum up: "identify, support and encourage technically ignorant journalism". It centres around the most valuable word in the lexicon of the public relations firm: "placement"...A key characteristic of the "placement" story is its conformance to a template...With one search, I found a CNET story published in July with quite startling parallels to the BBC story... more

Court Denies Preliminary Restriction of WLS

Nov 14, 2003

In a strongly worded ruling, a U.S. Federal Court Judge has ruled in ICANN's favor and denied plaintiffs' motion for preliminary injunction. Dotster and two other ICANN accredited registrars had asked the court for an order prohibiting ICANN from finalizing approval of VeriSign's proposed new "Wait Listing Service" (WLS). Plaintiffs alleged that WLS is "anti-competitive" and that ICANN breached its obligations under the registrar accreditation agreement (RAA) when ICANN gave preliminary approval to WLS last year. The court disagreed, ruling [PDF] as follows: more

VeriSign’s New Security Seal Too Trusting?

Nov 12, 2003

On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers! more

Blacklisting Under Wrong Assumptions

Nov 12, 2003

If you analyze the relay of spam- and malware-containing email circulating on the Internet purely through your mail server logs (running the Unix command "tail"), a large proportion seem to come from Asia Pacific hosts, especially those from mainland China. Therefore, many less-experienced systems administrators have simply blocked the access from subnets of Chinese or Asian origin, effectively destroying the fabric of the Internet -- messaging. If administrators took pains to analyze these supposedly Asian spam messages by analyzing the full Internet headers, they would have realized that the Asian servers were merely used by the real spammers as open relays, or perhaps as zombie hosts previously infected with the mass mailing worms through the exploitation of operating system vulnerabilities.  more

The Future of Email

Nov 11, 2003

While people may debate the death of email, there is no question that many email servers are already overloaded with spam. Current spam solutions are beginning to address the problem, but so far they all suffer from the arms race issue - as fast as we come up with new ways to fight spam, spammers are finding new ways to deliver it to us. While the functionality of email will certainly continue, the current system must change. When the change comes, it will deliver the future of email to Microsoft. more

Bad Journalism, IPv6, and the BBC

Nov 07, 2003

Here's a good way to frighten yourself: Learn about something, and then read what the press writes about it. It's astonishing how often flatly untrue things get reported as facts. I first observed this back in 1997 when I was a Democratic lawyer in the U.S. House of Representatives working on the (rather ridiculous) campaign finance investigation. (The investigating committee's conspiracy-minded chairman was famous for shotgunning pumpkins in his backyard in order to figure out exactly how Hillary snuffed Vince Foster)...More recently, I've seen the same discouraging phenomenon in reporting on technology and, in particular, the Internet. more

An Unsanctioned Whois Database

Nov 05, 2003

Mark Jeftovic of easyDNS Technologies Inc. has posted an item on ICANN's "GNSO" registrars' mailing list titled "unsanctioned Whois concepts". In that item he suggests that the control and actual publication of contact information about a domain be put into the zone file itself, a file maintained by the registrant (purchasor) of the domain name. more

The Cyber-Sociology of Domain Names

Nov 04, 2003

Erica Wass is the editor and contributing author of the recently published book, "Addressing the World: National Identity and Internet Country Code Domains", (Rowman & Littlefield, October 2003). This book is an edited collection of original essays by domain name administrators, academics, journalists and lawyers that examine the connections between various cultures and the use and regulation of their country code domain names. CircleID recently caught up with Erica Wass to gain a better insight into the work behind this book. What follows is the first article of a three-part series where Erica shares her insight and discoveries that lead her to a sophisticated global perspective on "Addressing the world". She begins by examining cyber-sociology of ccTLDs -- the underlying theme of the book. more

Lobbying for Whois Privacy

Oct 29, 2003

Today a letter was submitted to the President of ICANN, Paul Twomey, at the ICANN Carthage meeting, "asking him to ensure that strong privacy safeguards, based on internationally accepted standards, are established for the WHOIS database." Latest reports indicated that the draft letter had been signed by about 50 nonprofit groups and represented 21 countries on six continents. "Signers of the letter included the American Library Association, the U.S. Association for Computing Machinery, the Australian Council for Civil Liberties, Electronic Frontier Finland, Privacy Ukraine, and the United Kingdom's Foundation for Information Policy Research." more

Registration And Use Of Domain Name Infringing Another’s Trademark Ruled “Advertising Injury” Covere

Oct 27, 2003

The registration and use of an Internet domain name that allegedly infringes another's trademark is an "advertising injury" within the meaning of an insurance policy, and thus requires the accused company's insurer to provide coverage, according to a recent ruling by the U.S. Court of Appeals for the Fourth Circuit. In the same ruling, the Fourth Circuit also held that the domain name, because it led customers to advertisements at the related website, constituted use of the trademark "in the course of advertising." State Auto Property and Cas. Ins. Co. v. Travelers Indemn. Co. of Am. more

Industry Updates

On the Hunt for Remnants of the Samourai Wallet Crypto Mixing Services in the DNS

A Peek at the V3B Phishing Kit Attack via the DNS Lens

NIS2 and Its Implications for Global Brands

  • By CSC
  • Jul 05, 2024

Tracking Down Fake Cryptocurrency Sellers Using DNS Intelligence

Following the DNS Trail of APT Group Newbie Unfading Sea Haze

On the DNS Trail of the Foxit PDF Bug Exploitation Attackers

Profiling a Popular DDoS Booter Service’s Ecosystem

IPv4.Global Commits to Keep Ukraine Connected

A DNS Investigation of the Phobos Ransomware 8Base Attack

Stately Taurus APT Group Targets Asian Countries: What Do the Campaign IoCs Reveal?

Managing Expanding Attack Surfaces for Growing Businesses

Subdomain Hijacking in the News Again - What is It?

  • By CSC
  • May 20, 2024

Looking for More Signs of Nitrogen in the DNS

Thoughts on RDRS for Brand Owners

  • By CSC
  • May 13, 2024

Unraveling the World of Security Data Aggregation

View More