Timothy D. Morgan's recent paper titled, "IPv6 Address Cookies", seeks to apply the fundamental shift in resource availability brought about by the vastly increased Internet address space in IPv6 to develop a novel, lower cost solution to mitigating spoofed attacks. "Spoofed denial of service attacks have plagued the Internet for a number of years, and show no signs of abating. Research into mitigation techniques has apparently not led to a financially viable solution, and new attacks have been discovered in the wild without being widely anticipated". The following provides an introduction to this paper. more
VoIP is here to stay. In fact many incumbent telecommunication carriers have started offering VoIP service for sometime and several new VoIP service providers have emerged. Aside from issues such as quality of service, the aspect of security, or lack thereof, is misunderstood by some of the VoIP service providers. This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. more
A recent decision by a federal court in Virginia illustrates some interesting legal issues that arise from the global nature of the domain name system. It also highlights a powerful mechanism under the Anticybersquatting Consumer Protection Act ("ACPA") by which a plaintiff can proceed with a legal action to recover a domain name without regard to the court's personal jurisdiction over the registrant. more
The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..." more
The sky is falling! The sky is falling! ...or is it? What is this thing called "pharming"? Put simply, it's redirection of web traffic, so that the server you think you're talking to actually belongs to a criminal. For example: you think you're talking to www.examplebank.com because it says so in the browser's address bar, but actually you're connected to www.mafia-R-us.ru. This can happen in three main ways: 1. DNS Hijack: a social engineering attack on the Internet infrastructure... more
Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental... more
Former CIA Director, George J. Tenet recently called for measures to safeguard the United States against internet-enabled attacks. "I know that these actions will be controversial in this age when we still think the Internet is a free and open society with no control or accountability, but ultimately the Wild West must give way to governance and control." Mr. Tenet seems about as confused about the internet as the ITU... more
Pew Internet Project has released a report called "The Future of the Internet" based on a recently conducted survey where 1,286 internet experts are said to have looked at the future impact of the internet and assessed predictions about how technology and society will unfold. The following is and excerpt from the report predicting at least one devastating attack will occur in the next 10 years on the networked information infrastructure or the United States power grid. more
In a Press Release issued yesterday, February 26, 2004, it has been announced that Zuccarini (background here) will receive 30 months in prison for violating the Truth in Domain Names Act. At least two of the domain names mentioned in the press release, DINSEYLAND.COM and BOBTHEBIULDER.COM appear to have been registered by third parties and are pointing to pages of links... more
In response to ICANN's request for proposal (RFP) for the selection of new sponsored Top-Level Domains, Wendy Seltzer for the At-Large Advisory Committee (ALAC) urges ICANN to move quickly beyond "testing" to more open addition of a full range of new gTLDs in the near future and offers some general principles to guide that expansion. more
The Internet and corresponding online world have radically expanded the landscape Intellectual Property professionals need to investigate when monitoring for possible infringements of their trademarks, brands and other intangible assets. With few barriers to entry, coupled with the ability to operate anonymously, the Internet has rapidly become a significant target for unscrupulous individuals hoping to take advantage of the easily accessible Intellectual Property assets of legitimate businesses. more
What's at the heart of cybersquatting may also be at the heart of free speech on the Internet: the diversion of Internet users looking for plaintiff's web site to defendant's web site. Cybersquatters register domain names to accomplish this, while meta-infringers (as we will call them) use HTML code and search engine optimization techniques. Meta-infringers do this by creating keyword density by using competitor's trademarks and permutations thereof in their website in order to rank higher in the search engine results when someone searches on the competitor's trademarks. more
How are domain names dealt with in Russia? This article discusses current issues related to the registration and assignment of domain names in ".ru" zone (Russian top level country code domain) and trademark protection on Internet. more
It is time to revisit the old question regarding whether or not a domain name is actually 'property' and what this means to domain name registrants, registrations, ISPs and ICANN itself. What type of rights does a domain name confer? What responsibilities will the act of registering domain names suddenly bestow? more
John Banks is a loan officer in New York. John's supervisor recently warned John about the potential number of bad loans he may be carrying as part of his portfolio. To dump some of the bad loans he might be carrying, John came up with a scheme. He pointed his web browser to www.whois.org and entered terms denoting disease or poor health such as 'cancer' and 'illness'. This query on the Internet's WHOIS database reported results of names and addresses of domain name owners who had developed websites devoted to providing information on certain serious illnesses. John compared these names and addresses with those in his portfolio of loans. For the matches, he canceled the loans and required immediate payment-in-full. more
A World-Renowned Source for Internet Developments. Serving Since 2002.