Thinking about the www.kerryedwards.com auction reminds one of the uneasy relationship between personal names, politics and cybersquatting. When reporters learned that the domain name was taken by Kerry Edwards, the Indiana bail bondsman, at least some headlines were quick to brand Mr. Edwards' conduct as cybersquatting. The Chicago Sun-Times, for example, ran the headline "Kerry Edwards is the Name, Cybersquatting is the Game." Mr. Edwards, of course, had registered his own name as a domain name long before Kerry picked Edwards as a running mate. more
During ISOI 4 (hosted by Yahoo! in Sunnyvale, California) whenever someone made mention of RBN (the notoriously malicious and illegal bulletproof hosting operation, the Russian Business Network) folks would immediately point out that an operation just as bad was just "next door" (40 miles down the road?), working undisturbed for years. They spoke of Atrivo (also known as Intercage). The American RBN, if you like... more
In 2008 KnujOn published a report indicating that 70 ICANN accredited Registrars had no publicly disclosed business location. The fundamental problem was one of community trust and consumer faith. Registrars extend their legitimacy to their domain customers who then transact and communicate with the public. more
Nearly $64m in bitcoin has been stolen by hackers who broke into Slovenian-based bitcoin mining marketplace NiceHash. more
The purpose of the Uniform Dispute Resolution Policy, known as the UDRP (hereafter the Policy), is to determine disputes relating to the registration or acquisition of domain names in bad faith. Under the Policy, the complainant must establish that (i) the disputed domain name is identical with or confusingly similar to a trademark or service mark in which the complainant has rights; (ii) the domain name registrant has no right or legitimate interest in respect of the domain name; and (iii) the domain name was registered and is being used in bad faith.
Whilst requirements (i) and (ii), at first glance, do not appear difficult to meet, it is not the same with requirement (iii). In fact, a serious problem arises for the complainant when a registrant has registered domain names in bulk, but has not used them i.e. they have not been resolved to any active website. more
Like measuring COVID's impact, so too measuring the impact of COVID-related abuse on the Internet is difficult, there are those that would foolishly dismiss the danger entirely, others over-state the problem, perhaps to prompt sales of tools and services. The amount and type of abuse varies from network to network, and to declare everything is fine based on one world-view you believe to be ubiquitous, or that the sky is falling based upon another, extrapolated to 'everybody else' is simply poor analysis. more
In Part I of this article I set the stage for our discussion and overviewed the October 21st DDoS attacks on the Internet's 13 root name servers. In particular, I highlighted that the attacks were different this time, both in size and scope, because the root servers were attacked at the same time. I also highlighted some of the problems associated with the Domain Name System and the vulnerabilities inherent in BIND. Part II of this article takes our discussion to another level by critically looking at alternatives and best practices that can help solve the security problems we've raised. more
In Taking Back The DNS I described new technology in ISC BIND as of Version 9.8.0 that allows a recursive server operator to import DNS filtering rules in what ISC hopes will become the standard interchange format for DNS policy information. Later I had to decry the possible use of this technology for mandated content blocking such as might soon be the law of the land in my country. I'm a guest at MAAWG this week in San Francisco and one of the most useful hallway discussions I've been in so far was about the Spamhaus DROP list. more
This morning I was forwarded a link to the Business2.0 article on domainer Kevin Ham about a half-dozen times and one sent the reddit comment thread on it (titled "This guy is a piece of s**t") and I had to chuckle and replied "I see Techno-Pinkos are out in full force". Some of the comments are just classicly clueless: "He's just a parasite. Someone gaming the system for their own financial ends without providing a useful service to anyone, and making it worse for many." ...Newsflash: Speculation is any time you choose one path, good or service over another in the hopes that you will do better... more
A colleague was recently commenting on an article by Michele Neylon "European Data Protection Authorities Send Clear Message to ICANN" citing the EU Data Commissioners of the Article 29 Working Party, the grouping a determinate factor In the impending death of WHOIS. He is on point when he said: What the European Data Protection authorities have not yet put together is that the protection of people's mental integrity on the Internet is not solely due to the action of law enforcement... more
As part of my job, I manage an incident response team that was engaged by a significant organization in Georgia whose network was infected by the QBOT (a.k.a. QAKBOT) malware. The customer had been infected for over a year, several teams before ours had failed to solve the problem, and they continued to get reinfected by the malware when they thought they had eradicated it. Over time it had spread to more than 1,000 computers in their ecosystem stealing user credentials along the way. more
Recently, I entered my domain name in a "WHOIS" database query to test the results of the database by using WHOIS on a number of domain name registrar websites. WHOIS is a database service that allows Internet users to look up a number of matters associated with domain names, including the full name of the owner of a domain name, the name of the domain name hosting service, the Internet Protocol or I.P. number(s) corresponding to the domain name, as well as personally identifying information on those who have registered domain names. I was astonished to find... more
In a report released today, the World Intellectual Property Organization (WIPO) has announced a 20% increase in the number of cybersquatting (abusive registration of trademarks as domain names) cases filed in 2005 as compared to 2004. The report further indicates that "in 2005, a total of 1,456 cybersquatting cases were filed with WIPO's Arbitration and Mediation Center. This increase represents the highest number of cybersquatting cases handled by the WIPO Center since 2001." more
Cybercrime is costing businesses close to $600 billion, or 0.8 percent of global GDP, according to a report released today by McAfee, in partnership with the Center for Strategic and International Studies (CSIS). more
A recent decision by a federal court in Virginia illustrates some interesting legal issues that arise from the global nature of the domain name system. It also highlights a powerful mechanism under the Anticybersquatting Consumer Protection Act ("ACPA") by which a plaintiff can proceed with a legal action to recover a domain name without regard to the court's personal jurisdiction over the registrant. more
A World-Renowned Source for Internet Developments. Serving Since 2002.