Cybersecurity |
Sponsored by |
|
The ICANN Board voted today 9-5, with Paul Twomey abstaining, to reject a proposal to open .xxx. This is my statement in connection with that vote. I found the resolution adopted by the Board (rejecting xxx) both weak and unprincipled... I am troubled by the path the Board has followed on this issue since I joined the Board in December of 2005. I would like to make two points. First, ICANN only creates problems for itself when it acts in an ad hoc fashion in response to political pressures. Second, ICANN should take itself seriously as a private governance institution with a limited mandate and should resist efforts by governments to veto what it does. more
Many in the technical community attribute the rapid growth and spread of the Internet to innovation that took place at the "edge" of the network, while its "core" was left largely application neutral to provide a universal and predictable building block for innovation. It is this core neutrality that provides a basis for the security and stability of the Internet as a whole. And it is this same core neutrality that is critical to the continued spread of the Internet across the Digital Divide. Unfortunately, when the politics of censorship rather than solely technical concerns drive the coordination of these "core" Internet resources, it threatens the future security and stability of the Internet. This paper proposes a paradigm upon which all the governments of the world have equal access to these core Internet resources to empower them and their citizens with the rights acknowledged in the WSIS Declaration of Principles. more
I have long been intrigued by the question of how do we turn the internet into a lifeline grade infrastructure... My hope that this will occur soon or even within decades is diminishing. Most of us observe, almost daily, how even well established infrastructures tend to crumble when stressed, even slightly... I was at the O'Reilly Etel conference last week. The content was impressive and the people there were frequently the primary actors in the creation and deployment of VOIP. However, not once during the three days did I hear a serious discussion by a speaker or in the hallways about how this evolving system would be managed, monitored, diagnosed, or repaired. more
Seems that DNSSEC is being subjected to what an old boss of mine used to call the "fatal flaw seeking missiles" which try to explain the technical reasons that DNSSEC is not being implemented. First it was zone walking, then the complexity of Proof of Non-Existence (PNE), next week ... one shudders to think. While there is still some modest technical work outstanding on DNSSEC, NSEC3 and the mechanics of key rollover being examples, that work, of itself, does not explain the stunning lack of implementation or aggressive planning being undertaken within the DNS community. more
We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more
Are file inclusion vulnerabilitiess equivalent to remote code execution? Are servers (both Linux and Windows) now the lower hanging fruit rather than desktop systems? In the February edition of the Virus Bulletin magazine, we (Kfir Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security) wrote an article on cross platform web server malware and their massive use as botnets, spam bots and generally as attack platforms. Web security papers deal mostly with secure coding and application security. In this paper we describe how these are taken to the next level with live attacks and operational problems service providers deal with daily. more
What economic and social factors are shaping our future needs and expectations for communications systems? This question was the theme of a joint National Science Foundation (NSF) and Organisation for Economic Co Operation and Development (OECD) workshop, held on the 31st January of this year. The approach taken for this workshop was to assemble a group of technologists, economists, industry, regulatory and political actors and ask each of them to consider a small set of specific questions related to a future Internet. Thankfully, this exercise was not just another search for the next "Killer App", nor a design exercise for IP version 7. It was a valuable opportunity to pause and reflect on some of the sins of omission in today's Internet and ask why, and reflect on some of the unintended consequences of the Internet and ask if they were truly unavoidable consequences... more
In my day job I run one of the largest registrars / resellers of IE domains (the IE ccTLD is the domain name for Ireland). In the course of doing that I have spent quite a lot of time becoming accustomed to the rules and regulations that govern both the naming and general registration criteria of IE domains. In some cases I can understand why rules are the way they are, whereas in others I am completely baffled... more
In a non-operational NANOG discussion about Google bandwidth uses, several statements were made. It all started from the following post by Mark Boolootian: "Cringley has a theory and it involves Google, video, and oversubscribed backbones..." The following comment has to be one of the most important comments in the entire article and its a bit disturbing... more
One of the more persistent founding myths around the internet is that it was designed to be able to withstand a nuclear war, built by the US military to ensure that even after the bombs had fallen there would still be communications between surviving military bases. It isn't true, of course. The early days of the ARPANET, the research network that predated today's internet, were dominated by the desire of computer scientists to find ways to share time on expensive mainframe computers rather than visions of Armageddon. Yet the story survives... more
A World-Renowned Source for Internet Developments. Serving Since 2002.