Last month ICANN began soliciting comments on Stuart Lynn's A Plan for Action Regarding New gTLDs, which will be one of the Internet governance organization's primary discussion topics at its December meeting in Amsterdam. more
The primary means of authentication on the Internet is the password -- a half-century old, shared secret mechanism that is difficult to use (especially on mobile devices) and has acknowledged security flaws including attacks at scale. Even so, passwords remain the most prevalent form of authentication with efforts to enhance security typically relying on "bolt on" solutions that increase user friction. more
The Internet Governance Forum in Bali is not without excitement as usual. There is a rumour about a power grab by the technical community. If the "power grab" is true, then I am assuming that this is a response to threats of institutional frameworks governing or interfering with the current status quo. Personally, I feel that this is anti thesis to "enhanced cooperation". If for some reason, ICANN or the US Government is behind the scenes in instigating this move, then I would suggest that it is very bad strategy and will cause more damage than harm to the current status quo. more
Mike Hammer's thoughtful article, A Few Thoughts on the Future of Email Authentication, should trigger thoughtfulness in the rest of us. Email abuse has been around a long time. Anti-abuse efforts have too. Yet global abuse traffic has grown into the 90+% range, with no hint of trending downward. The best we hear about current effectiveness is for last-hop filtering, if you have the money, staff and skills to apply to the problem... more
A team of researchers from Princeton University and the University of California has developed a machine-learning algorithm named PREDATOR that can accurately establish domain reputation at the time of domain registration. more
Solutions to cybersquatting and phishing must target brand customers instead of the trademark infringers, who are in effect liars. This post outlines why online-based traditional solutions fail, and it offers solutions to two types of lying (cybersquatting and phishing). more
Internet Security is a topic that has drawn a lot of attention over the past year. As awareness grows that cooperation is necessary, it dawns on people that there are many and very different stakeholders involved, stakeholders that may never have met before. Let alone have cooperated. An example of an approach is the National Cyber Security Council (NCSC) that was installed in The Netherlands on 30 June. This is a high level council that will give advice to public as well as private entities on how to better secure themselves and society at large against cyber attacks and how to become more resilient. However, without the right approach it is doomed to become a talking shop. more
The EU's 'cyber security' Agency ENISA (The European Network and Information Security Agency) has launched a new report concluding that the EU should focus its future IT security research on five areas: cloud computing, real-time detection and diagnosis systems, future wireless networks, sensor networks, and supply chain integrity. more
Eugene Kaspersky has warned global leaders that the world needs international agreements about cyber-weapons in the same way as it needs agreements about nuclear or biological weaponry. The chairman and chief executive officer of Kaspersky Lab, warned delegates at CeBIT Australia that cyber-warfare and terrorism was the number one internet threat facing the world today. He said the Stuxnet industrial virus had demonstrated that cyber-weapons were capable of damaging physical infrastructure, and were "a thousand times cheaper" to develop than conventional weaponry. more
In her blog EU Commissioner Neelie Kroes blogs on her stance on cloud computing. In short: this is a good development which the EU will embrace and advocate, but may need regulation in order to ensure a safe environment for industry and individuals in the cloud. Here's some thoughts on that. more
According to recent news reports, the administration wants new laws to require that all communications systems contain "back doors" in their cryptosystems, ways for law enforcement and intelligence agencies to be able to read messages even though they're encrypted. By chance, there have also been articles on the Stuxnet computer worm, a very sophisticated piece of malware that many people are attributing to an arm of some government. The latter story shows why cryptographic back doors, known generically as "key escrow", are a bad idea. more
Every now and again a report flies across the network about the police breaking down someone's door and attempting to arrest the home owner for bad things online - assuming that whatever happened from that person's Internet connection is their fault. Now there are lots of problems with this - lots of problems. But one of the big ones is that anyone can access an open access point... more
A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing infringements frequently use a domain name that's deceptively similar to that of the official site of the target brand. This allows a variety of attacks to be executed, including phishing attacks... more
For an organization where people argue for hours over arcane minutiae, it's remarkable that virtually everyone agrees that ICANN should serve the "global public interest" and build "consumer trust" in the Internet. Although it's only three pages long, ICANN's Affirmation of Commitments (AoC) cites "public interest" five times and "consumer trust" eight times. So at the ICANN meeting today in Cartagena, Colombia, a group of participants explored ways to "institutionalize" these concepts within the organization. more
Crime, fraud, scams etc., they're all very bad things. They're also not going to go away anytime soon. As a domain name registrar and hosting provider we're constantly "at risk", as we sell a lot of services that are both cost-effective and also give criminals the tools they need to attack 3rd parties. Again, this isn't exactly news. We've always taken a very pro-active approach to dealing with criminal activity and network abuse... But recently I've been losing sleep. more
A World-Renowned Source for Internet Developments. Serving Since 2002.