Cybersecurity |
Sponsored by |
|
In his article titled, "End of Life Announcement", John Walker (author of the Speak Freely application) makes a few arguments about Network Address Translation (NAT) that are simply not true: "There are powerful forces, including government, large media organisations, and music publishers who think this situation is just fine. In essence, every time a user--they love the word "consumer"--goes behind a NAT box, a site which was formerly a peer to their own sites goes dark, no longer accessible to others on the Internet, while their privileged sites remain. The lights are going out all over the Internet. ...It is irresponsible to encourage people to buy into a technology which will soon cease to work." more
Ah yes, 'Security by obscurity': "Many people believe that 'security through obscurity' is flawed because... secrets are hard to keep." I'm glad the guys guarding the A Root Servers are up on the latest security trends. Of course, you could hide the A Root Servers at the heart of the Minotaur's maze, but they're still going to be "right over there" in cyberspace, at 198.41.0.29 more
In an article by MSNBC called "Fort N.O.C.'s" [Network Operating Center] Brock N. Meeks reports: "The unassuming building that houses the "A" root sits in a cluster of three others; the architecture looks as if it were lifted directly from a free clip art library. No signs or markers give a hint that the Internet's most precious computer is inside humming happily away in a hermetically sealed room. This building complex could be any of a 100,000 mini office parks littering middle class America." ...It is hardly the "most precious computer"!!! more
Please do sit down. Should the shock cause you to suddenly lose consciousness, I hereby disclaim all responsibility for any subsequent loss or injury. I'm about to defend the anthrax of the Internet: NAT. Network Address Translation is a hack to enable private IP addresses on one side of a router (inside your network) to talk to public IP addresses on the other side (on the Internet, outside your network). It really doesn't matter how it works. The consequence is that unless the router is specifically configured, outsiders can't get in uninvited. So those on the inside can't, by default, act as servers of any service to the outside world. more
ICANN's Security and Stability Advisory Committee (SECSAC) recently released some recommendations regarding the DNS infrastructure, specifying among other things, that sub-zone delegation be kept up-to-date. ...The SECSAC report doesn't mention, but I believe is trying to address, is the alarming fact that nearly 10% of the name servers listed in the root zone are lame, either they aren't authoritative for the zones they are supposed to be, or they are unreachable much of the time.
more
In the second part of this two-part series article (part one here), Andrew McLaughlin concludes his critical look at the recently reported study, Public Participation in ICANN, by John Palfrey, Clifford Chen, Sam Hwang, and Noah Eisenkraft at the Berkman Center for Internet & Society at Harvard Law School... "ICANN has never attempted to be -- and was never designed to be -- 'representative' of the worldwide Internet community in any mathematically precise way. In view of the vast size of the global population of Internet users, and the specialized technical focus of ICANN's policy-making responsibilities, it would be a hopeless task to try to achieve truly representative statistical proportionality among ICANN's participants, committees, task forces, or Board members. Rather, here's how the U.S. government's foundational 1998 DNS policy statement described the core principle of 'representation'." more
In a Red Herring Conference held last week in California, Mitch Ratcliffe's offers an analytical overview of an interview held with Stratton Scalovs, VerisSign's CEO..."He then goes on to say that we need to move the complexity back into the center of the Net! He says the edge can't be so complex. Get David Isenberg in here! Ross Mayfield, sitting in front of me, laughs out loud. I am dumbfounded. According to VeriSign, the Net should not be open to any type of application, only applications that rely on single providers of services, like VeriSign. This is troglodyte talk." more
This is the second part of a two-part series interview by Geert Lovink with Milton Mueller discussing ICANN, World Summit on the Information Society, and the escalating debates over Internet Governance. Read the first part of this Interview here. Geert Lovink: "Confronted with Internet governance many cyber activists find themselves in a catch 22 situation. On the one hand they do not trust government bureaucrats to run the Internet, out of a justified fear that regulation through multilateral negotiations might lead to censorship and stifle innovation. On the other hand they criticize the corporate agendas of the engineering class that is anything but representative. What models should activists propose in the light of the World Summit on the Information Society (WSIS)? There seems to be no way back to a nation state 'federalist' solution. Should they buy into the 'global civil society' solution?" more
On Saturday, November 29, 2003 a post on the GNSO mailing list indicated that the .name registry website had been hacked. As reported by George Kirikos, "The .name registry's main website www.nic.name has been hacked, as of Saturday evening in North America. According to Netcraft, they're running Linux. They must not have kept up to date with all security updates, or someone cracked a password. Hopefully offsite backups were made, to ensure data integrity." Although, due to this emergency, the .name web servers have been pulled down as of this writing, just a short few hours ago, visitors to the .name registry home page would find a mysterious black screen upon visiting the site, including the following text... more
On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers! more
A World-Renowned Source for Internet Developments. Serving Since 2002.