In our continuing review of Rogue Registrars we have stumbled upon on a very elaborate fake banking site for "Swiss Bank" or "Bank of Switzerland". To the casual Internet consumer this site probably appears legitimate, but a number of clues tip off the fraud. Phishing sites are everywhere so this does not immediately raise eyebrows until you review the Thick WHOIS record for the domain. more
COICA (Combating Online Infringement and Counterfeits Act) is a legislative bill introduced in the United States Senate during 2010 that has been the topic of considerable debate. After my name was mentioned during some testimony before a Senate committee last year I dug into the details and I am alarmed. I wrote recently about interactions between DNS blocking and Secure DNS and in this article I will expand on the reasons why COICA as proposed last year should not be pursued further in any similar form. more
We have just returned from the Brussels, Belgium ICANN meeting where we released our Registrar audit, the Internet "Doomsday Book." There are many topics covered in the report, but we wanted to follow up specifically on the issue of WHOIS access and add data to our previous column Who Is Blocking WHOIS? which covered Registrar denial of their contracted obligation to support Port 43 WHOIS access. more
As security breaches increasingly make headlines, thousands of Internet security companies are chasing tens of billions of dollars in potential revenue. While we, the authors, are employees of Internet security companies and are happy for the opportunity to sell more products and services, we are alarmed at the kind of subversive untruths that vendor "spin doctors" are using to draw well-intentioned customers to their doors. Constructive criticism is sometimes necessarily harsh, and some might find the following just that, harsh. But we think it's important that organizations take a "buyers beware" approach to securing their business. more
As an alternative to the creation of the .XXX TLD, ICANN/IANA can assign special port numbers that can be used to label adult content. IANA assigns port numbers as part of its duties. For example, port 80 is reserved for the HTTP protocol (i.e. the World Wide Web). Port 443 is reserved for the HTTPS protocol (SSL-secure version of HTTP). Port 23 is for Telnet, port 25 is for SMTP, and so on. One can see the full list at here... In a real sense, the IANA port assignments are just suggestions to the world as to what to expect on certain ports, whether it be a mail server, WHOIS, FTP, POP email or any other service/protocol. more
A group of leading DNS experts have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the U.S. Senate named Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 ("PROTECT IP Act"). The group who is urging lawmakers to reconsider enacting such a mandate into law, includes leading DNS designers, operators, and researchers, responsible for numerous RFCs for DNS, publication of many peer-reviewed academic studies related to architecture and security of the DNS, and responsible for the operation of important DNS infrastructure on the Internet. more
I will first begin this post by emphasizing that this article is entirely my personal viewpoint and not to be considered as endorsed by or a viewpoint of my employer or any other organization that I am affiliated with. Neither is this to be considered an indictment of the sterling work (which I personally value very highly) that several people in Microsoft are doing against cybercrime. Microsoft's takedown of 3322.org to disrupt the Nitol botnet is partial and will, at best, have a temporary effect on the botnet itself... more
Since November of last year we have been discussing the problem of illicit and illegal online pharmacy support by ICANN-accredited Registrars. In several articles and direct contact with the Registrars we have tirelessly tried to convey the seriousness of this problem, many listened, some did not... With the background information already known, the case presented here is much more specific and concerns EvaPharmacy, which was until recently, the world's largest online criminal pharmacy network. more
One of the bigger news stories is that of 10,000 usernames and passwords of Hotmail users were posted this past week, victims of a phishing scam... It seems unlikely to me that this would be a hack where someone would break into Hotmail's servers and access the account information that way. It is much more likely that the spammers got the information by social engineering. Why is this more likely? For one, they'd have to get past all of the firewalls and security measures that Microsoft/Hotmail have to keep intruders out. more
Imagine my surprise upon reading a BBC article which identified ISC BIND as the top security vulnerability to UNIX systems. At ISC, we have striven for a decade to repair BIND's reputation, and by all accounts we have made great progress. "What could this be about," I wondered, as I scanned the BBC article for more details. It turns out that BBC was merely parroting what it had been told by SANS. OK, let's see what SANS has to say... more
Boy, this case got a lot of attention when it was first filed (which isn't surprising; YouTube lawsuits usually do). You may remember the story: the plaintiff is a dealer of used tube mills, used pipe mills and used pollforming machines. The plaintiff operated a website at utube.com. As you might expect, like most other industrial B2B vendors' websites, utube.com had a small but targeted audience. With the phenomenal and quick rise in popularity of YouTube, a lot of web users mistyped youtube.com and entered utube.com instead, causing utube.com to suddenly experience disproportionate popularity. Unfortunately for the plaintiff, few of these visitors were interested in pollforming machines... The plaintiff sued YouTube for trademark infringement... more
In response to accusations lodged yesterday in a post on the DomainState forum, NSI has issued a statement which essentially admits that it engages in a form of domain front running. No one has challenged domain Front Running by registrars in the courts, likely because the practice is new and since the loss of a single domain would not typically generate a level of damages to support litigation. But litigation over this arguably fraudulent domain practice by registrars is both viable and likely inevitable... more
DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more
"The Root Server is a Scarce Resource" is the focus of part one of a three-part series based on a study prepared by Karl M. Manheim, Professor of Law at Loyola Law School and Lawrence B. Solum, Professor of Law at University of San Diego. Special thanks and credit to Hastings Communications and Entertainment Law Journal, Vol. 25, p. 317, 2004. ...We begin our analysis of domain name policy with a brief excursion into economics. Economics cannot answer all of the questions raised by domain name policy. First, domain name policy must answer to the discipline of network engineering. A useful domain name system must work, and the functionality, scalability, reliability, and stability of the system are determined by the soundness of its engineering. Second, domain name policy must answer to public policy. The Internet is a global network of networks, and Internet policy is answerable to a variety of constituencies, including national governments, the operators of the ccTLDs, Internet Service Providers, information providers, end users of the Internet, and many others. more
Today's Wall Street Journal discusses the fight over Whois privacy. The article on the front page of the Marketplace section starts by discussing how the American Red Cross and eBay use the Whois database to track down scammers: "Last fall, in the wake of Hurricane Katrina, the American Red Cross used an Internet database called "Whois" that lists names and numbers of Web-site owners to shut down dozens of unauthorized Web sites that were soliciting money under the Red Cross logo. Online marketplace eBay Inc. says its investigators use Whois hundreds of times a day..." more
A World-Renowned Source for Internet Developments. Serving Since 2002.