Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
The historical development of spam fighting is allowing computer-aware criminals to take the upper hand in the fight against what has now evolved into a completely technologically and organizationally merged threat to public safety. If we do not change our strategic approach immediately, the battle, indeed even the war may be all but lost... Of late, much has been said in the popular and computer press about a vector that is annoying, but hardly critical in nature: 'Image spam'. Spammers have jumped on the new technology of 'image-only' payloads, which morph one pixel per message, rendering them unique, and traditional check-sum blocking strategies ineffective... Fortunately this fraudulent stock-touting scheme leaves a paper trail that has allowed for some successful prosecutions in the latter half of the year. Stock spamming, while popular at present time is likely to decline as legal actions increase... more
Black Frog -- a new effort to continue the SO-CALLED Blue Security fight against spammers. A botnet, a crime, a stupid idea that I wish would have worked -- News items on Black Frog. Blue Frog by Blue Security was a good effort. Why? Because they wanted to "get spammers back". They withstood tremendous DDoS attacks and abuse reports, getting kicked from ISP after ISP. ...The road to hell is filled with good intentions. Theirs was golden, but they got to hell, quite literally, non-the-less. ...When Blue Security went down, some of us made a bet as to when two bored guys sitting and planning their millions in some café would show up, with Blue Security's business plan minus the DDoS factor. Well -- they just did. more
The following provides and introduction to a study by Venugopalan Ramasubramanian and Emin Gun Sirer, called "Perils of Transitive Trust in the Domain Name System". The paper presents results from a large scale survey of DNS, illustrating how complex and subtle dependencies between names and nameservers lead to a highly insecure naming system... "It is well-known that nameservers in the Domain Name System are vulnerable to a wide range of attacks. We recently performed a large scale survey to answer some basic questions about the legacy DNS." more
In my recent write-up I start by discussing some recent threats network operators should be aware of, such as recursive DNS attacks. Then, a bit on the state of the Internet, cooperation across different fields and how these latest threats with DDoS also relate to worms and bots, as well as spam, phishing and the immense ROI organized crime sees. I try and bring some suggestions on what can be done better, and where we as a community, as well as specifically where us, the "secret hand-shake clubs" of Internet security fail and succeed. Over-secrecy, lack of cooperation, lack of public information, and not being secret enough about what really matters. more
A recent paper called "Worm Propagation Strategies in an IPv6 Internet", written by Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick, examines whether or not the deployment of IPv6 will in fact provide a substantial level of barrier against worms. Shared below are the introductory paragraphs from this paper. "In recent years, the internet has been plagued by a number of worms. One popular mechanism that worms use to detect vulnerable targets is random IP address-space probing..." more
Have you ever thought of how reputation is created in cyberspace? Beth Noveck wrote an article, 'Trademark Law and the Social Construction of Trust: Creating the Legal Framework for On-Line Identity' in which she argues that, to determine what rules should govern on-line identity, we should look to trademark law, which has the best set of rules to deal with the way reputation is created in cyberspace. more
The Measurement Factory and Infoblox have announced results of a survey of more than 1.3 million Internet-connected, authoritative domain name system (DNS) servers around the globe. The results of the survey indicate that as many as 84 percent of Internet name servers could be vulnerable to pharming attacks, and that many exhibit other security and deployment-related vulnerabilities. The surveys consisted of several queries directed at each of a large set of external DNS servers to estimate the number of systems deployed today and determine specific configuration details. more
I want to call your attention to a very important Internet free speech decision, perhaps the most significant of our domain name cases from the past several years. In Lamparello v. Falwell, the United States Court of Appeals for the Fourth Circuit held today that the use of the domain name www.fallwell.com for a web site devoted to denouncing the views of Rev. Jerry Falwell about homosexuality neither infringes Falwell's trademark in his name nor constitutes "cybersquatting." more
The resale of genuine products presents particular difficulties in domain name disputes, testing the application of fair use doctrine. Several domain name disputes involving the resale of event tickets illustrate the point. I served as a panelist in one such case The Orange Bowl Committee, Inc. v. Front and Center Tickets, Inc., D2004-0947 (WIPO 2005). The decision, which issued with a dissent, explored fair use in the domain name context and addressed several related ticket resale disputes. more
Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, "Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities." Following is a statement explaining the current status of the Mozilla changes to Firefox regarding IDN... more
Perhaps Morgan Freeman never learned about the high profile domain name disputes involving celebrity names (e.g., Madonna, Bruce Springsteen and Julia Roberts), because he didn't register morganfreeman.com before it was snatched up by Mighty LLC in April 2003. After learning about Mighty LLC's (no stranger to domain name disputes) cybersquatting, Freeman filed a complaint before a WIPO arbitration panel under the Uniform Domain Name Dispute Resolution Policy... more
IT security strategies invariably focus on maintaining impenetrable fortresses around computers and network systems. Firewalls, virtual private networks and anti-virus programs are the tools IT engineers use to create their digital security. Sophisticated defense systems can be very effective at keeping the obvious attackers at bay, yet they often create a false sense of security because the real attacks, the kind that inflict irreparable damage on a system or network, avoid the obvious routes into the secure fortress. more
I have no idea who wrote that wonderful piece, Time for Reformation of the Internet, posted by Susan Crawford. (It wasn't me - I never use the word "netizen".) Elliot Noss of Tucows wrote a partial rebuttal, I must be attending the wrong ICANN meetings. Elliot's company, Tucows, has been a leader in registrar innovation and competition. And Tucows has constantly been among the most imaginative, progressive, responsible, and socially engaged companies engaged in these debates. ...But the points made by Time for Reformation of the Internet go far beyond registries and registrars. more
The country's first criminal trial about spam ended in Leesburg, Virginia earlier this month with a conviction of Jeremy Jaynes, better known under his nom de spam of Gavin Stubberfield. I was an expert witness for the prosecution, the Commonwealth of Virginia. The case was brought under Virginia's state anti-spam law, not the weaker Federal CAN-SPAM act... more
When domain name conflicts between manufacturers and distributors rest on contractual disputes over the use of the trademark owners' marks, ICANN UDRP panels have frequently denied relief. See generally the cases cited and discussed in Western Holdings, LLC v. JPC Enterprise, LLC d/b/a Cutting Edge Fitness and d/b/a Strivectin SD Sales & Distribution, D2004-0426 (WIPO August 5, 2004) by Mark Partridge as sole panelist. The decision summarizes other ICANN UDRP decisions involving contractual disputes. For instance... more
A World-Renowned Source for Internet Developments. Serving Since 2002.