Recent Case in Federal Court Shows Inefficiencies of Anticybersquatting Consumer Protection Act

A recent case1 from a federal court in Kentucky shows why the Anticybersquatting Consumer Protection Act (15 U.S.C. 1125(d) - the "ACPA") can be - when compared to the Uniform Domain Name Dispute Resolution Policy ("UDRP") - a relatively inefficient way of resolving a domain name dispute. Here is a quick rundown of the facts. Defendant owned a business directly competitive to plaintiff ServPro. Plaintiff had used its mark and trade dress since the 1960's... more

The Government Needs to Address the Homework Gap

I've been at a bit of a loss over the last few days on what to write about, because suddenly newspapers, blogs, and social media are full of stories of how impossible it is for some students to work at home during the COVID-19 shutdowns. I've been writing this topic for years, and there doesn't seem to be a lot I can add right now - because the endless testimonials from students and families struggling with the issue speak louder than anything I can say. more

Trusting Zoom?

Since the world went virtual, often by using Zoom, several people have asked me if I use it, and if so, do I use their app or their web interface. If I do use it, isn't this odd, given that I've been doing security and privacy work for more than 30 years, and "everyone" knows that Zoom is a security disaster? To give too short an answer to a very complicated question: I do use it, via both Mac and iOS apps. Some of my reasons are specific to me and may not apply to you... more

Zoom Cryptography and Authentication Problems

In my last blog post about Zoom, I noted that the company says "that critics have misunderstood how they do encryption." New research from Citizen Lab show that not only were the critics correct, Zoom's design shows that they're completely ignorant about encryption. When companies roll their own crypto, I expect it to have flaws. I don't expect those flaws to be errors I'd find unacceptable in an introductory undergraduate class, but that's what happened here. more

Data Center Operators Are Essential Critical Infrastructure Workers Amid COVID-19 Pandemic

The March 19, 2020, guidance from the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) declared what global citizens appreciate more each day as the COVID-19 pandemic crisis unfolds: "Functioning critical infrastructure is imperative during the response to the COVID-19 emergency for both public health and safety as well as community well-being." more

Spring Clean Your House of Domains, DNS and Digital Certificates

At the start of the year, many responsible for managing domain name portfolios may be considering spring cleaning! Traditionally, such a task consists of a review to check that all domains in the portfolio serve a purpose either from a commercial or defensive perspective. The aim is to ensure budget isn't wasted on domains of little to no value. It's fair to say that for many organizations, this is a difficult process - almost as feared as actually spring cleaning our own homes. more

Zoom Security: The Good, the Bad, and the Business Model

Zoom - one of the hottest companies on the planet right now, as businesses, schools, and individuals switch to various forms of teleconferencing due to the pandemic - has come in for much criticism due to assorted security and privacy flaws. Some of the problems are real but easily fixable, some are due to a mismatch between what Zoom was intended for and how it's being used now - and some are worrisome. more

Ten Stopgap Tips for Privacy and Security Risk Management in a Pandemic

As businesses adjust to the "new normal" in the ongoing COVID-19 pandemic, it is important to quickly take stock of where your organization stands on privacy and security risk. Even in these unusual circumstances, organizations of all sizes and sophistication continue to be expected to act with reasonable care and comply with their public commitments and regulatory obligations. Enterprises may be finding different or better ways to operate, collaborate, and service customers. more

Testing, Testing, Testing for a More Secure (Internet) World

Reading up on COVID-19 and Zoom/Boris Johnson outcry yesterday, an analogy struck me between the two: the lack of testing. In both cases, to truly know how safe and secure we are, testing needs to be stepped up considerably. This post focuses on cybersecurity. Over the past days and weeks, more and more organisations have switched to digital products and services to sustain working from home, to keep productivity up and to be connected. more

At the Crossroads: The State of Domain Registration Data Services

The Internet's users rely on domain name registration information for vital purposes, including providing security, problem-solving, and legal and social accountability. The data is so important that users perform more than two billion WHOIS queries every day. ICANN has instituted new data policies over the last two years, and is also directing a migration to a new technical protocol, RDAP, that will replace WHOIS access in the near future. So at this critical juncture, how is it all going? more