Cybersecurity |
Sponsored by |
The first week in July I went to an acronym-heavy World Symposium on the Internet Society Thematic Meeting on spam in Geneva. A few people have reported this as a meeting by "the UN", which it wasn't. Although the International Telecommunications Union is now part of the UN, it dates back to an 1865 treaty to manage international telegraph communication...
There are many companies in the spam-fighting business and most, if not all, claim to be hugely successful. Yet spam is exponentially more prevalent today than it was just 2 years ago. How can one conclude that today's anti spam solutions are working? This year spammers will use machine-generated programs to send trillions of unsolicited email. Thankfully, a new anti-spam technology has made its way into the market.
I have been attending the Icann conference in Malaysia this week. One of the key events was the submission of the report from the Security & Stability Advisory Committee regarding Site Finder. In reading the committee's report I discovered what I believe is an incredible breakdown in logic and as a consequence, a very mistaken, or at least confused, set of conclusions. So, why do I say that?
As an advisory committee, our focus is to give ICANN and the community our best advice regarding security and stability issues for the domain name system and the addressing system. We are not a standards, regulatory, judicial or enforcement body; those functions belong elsewhere. As we all know, VeriSign is in the process of suing ICANN on a number of matters, including ICANN's response to their registry change last September. Although VeriSign now contends that a number of us on the committee are "Site Finder co-conspirators" the next steps are really up to the ICANN board, the ICANN staff and the many members of the technical and operating community who run the domain name system. I'll be happy to interact with the members of the community here on CircleID as time permits.
The International Telecommunication Union (ITU), held an ITU WSIS Thematic Meeting on Countering Spam from 7 to 9 July 2004, in Geneva, Switzerland. The meeting was focused around various topics including: Scope of the problem, Technical solutions, Consumer protection and awareness, Legislation and enforcement, and International cooperation. The following is a report by William J. Drake, Senior Associate International Centre for Trade and Sustainable Development in Geneva.
CircleID recently interviewed Meng Weng Wong, the lead developer of Sender Policy Framework (SPF) and founder of Pobox.com. As one of the leading anti spam authentication schemes, SPF is used by companies such as AOL, Earthlink, SAP and supported by anti spam companies such as Sophos, Symantec, Brightmail, IronPort, Ciphertrust, MailArmory, MailFrontier, Roaring Penguin Software, and Communigate Pro. Last month, Microsoft announced its agreement to merge Caller ID, its own proposed anti spam authentication scheme, with SPF -- the joint standard is called 'Sender ID'. In this two-part interview, Meng Wong explains how SPF got started, where it is today and what could be expected in the future of email.
As the Internet has grown and matured, it has become obvious to everyone involved that the DNS Whois system, as it currently exists, is not a sustainable way to share contact information for resolving network problems. ICANN, in an attempt to save DNS Whois, has plunged head long into the process of developing new policies aimed at fixing it. While I respect all of the hard work that has gone into this process, the results thus far have only made it clearer that this system faces intractable problems.
Amidst the fascinating news from the SCO saga, preparing for SANS London and contributing to the Unix timeline project at Grokline my eyes caught a piece of rather distressing news on the BBC. It appears that BT (British Telecom) intends to move its current phone network to an IP-based network by 2009 thereby sending the circuit-switched technology off to the attic. The real question is: can we guarantee the same level of reliability on VoIP as we had on circuit-switched telephony when the stated aim is to carry both voice and data traffic down the same cables (or fibres more likely)?
In my roles as postmaster at CAUCE (the Coalition Against Unsolicited Commercial E-mail) and abuse.net, I get a lot of baffled and outraged mail from people who have discovered that someone is sending out spam, often pornographic spam, with their return address on the From: line. "How can they do that? How do I make them stop?'' The short answers are "easily'' and "it's nearly impossible.''
"Competitive Bidding for new gTLDs" is the focus of part three of a three-part series based on a study prepared by Karl M. Manheim, Professor of Law at Loyola Law School and Lawrence B. Solum, Professor of Law at University of San Diego. Special thanks and credit to Hastings Communications and Entertainment Law Journal, Vol. 25, p. 317, 2004. ...When new radio frequencies become available for commercial use, federal law requires that licenses be auctioned off to the highest qualified bidder. The FCC does a reasonably good job in designing and conducting spectrum auctions. They are often familiar in format, not much different than found for consumer goods on eBay. In other cases, such as with "Simultaneous Multiple-Round" or "combinatorial bidding," the auction design is fairly complex. Because of complexity in these cases, the FCC sponsors periodic conferences on auction theory and seminars on auction mechanics for potential bidders.