Cybersecurity |
Sponsored by |
|
Wait and see approach on abuse attracts ICANN Stakeholder attention: A few weeks ago I made a detailed argument as to why product safety applies to domains, just like it does to cars and high chairs. I also argued that good products equal good business or "economically advantaged" in the long run. Then I really made a strong statement, I said if we don't actively engage other Internet stakeholders -- those that interact with our products, we would eventually lose the opportunity to self-regulate. more
The latest Anti-Phishing Working Group (APWG) Global Phishing Survey, which analyzed over 100,000 phishing attacks in the first half of 2014, examines the progress that top level domains (TLDs) are making in responding to phishing attacks that use their TLDs. The report finds the .INFO domain has the lowest average phishing uptimes as compared to other TLDs, such as .COM and .NET. more
Implementing security requires attention to detail. Integrating security services with applications where neither the security service nor the application consider their counterpart in their design sometimes make plain that a fundamental change in existing practices is needed. Existing "standard" registrar business practices require revision before the benefits of the secure infrastructure foundation DNSSEC offers can be realized. more
If you will be at ICANN 52 in Singapore in February 2015 (or can get there) and work with DNSSEC or the DANE protocol, we are seeking proposals for talks to be featured as part of the 6-hour DNSSEC Workshop on Wednesday, February 11, 2015. The deadline to submit proposals is Wednesday, December 10, 2015... The full Call For Participation is published online and gives many examples of the kinds of talks we'd like to include. more
Yesterday's DDoS attack against DNSimple brought to light a longstanding need for DNS nameserver operators to have an ability to unilaterally repudiate domains from their nameservers. The domains under attack started off on DNSMadeEasy, migrated off to DNSimple and took up residence there for about 12 hours, causing a lot of grief to DNSimple and their downstream customers. more
Every day comes with another digital security breach, surveillance disclosure and what not. The world seems to have grown used to it and continues its business as usual. It doesn't seem to be bad enough to really act. Every day comes with new stories about the end of the Middle Class, IT taking over jobs in places where up to very recently that was inconceivable, not in people's wildest dreams would these jobs disappear. more
There has been a lot of back and forth recently in the ICANN world on what constitutes domain abuse; how it should be identified and reported AND how it should be addressed. On one side of the camp, we have people advocating for taking down a domain that has any hint of misbehaviour about it, and on the other side we have those that still feel Registries and Registrars have no responsibility towards a clean domain space. (Although that side of the camp is in steady decline and moving toward the middle ground). more
A number of outlets have reported that the U.S. Post Service was hacked, apparently by the Chinese government. The big question, of course, is why. It probably isn't for ordinary criminal reasons: The intrusion was carried out by "a sophisticated actor that appears not to be interested in identity theft or credit card fraud," USPS spokesman David Partenheimer said. ... But no customer credit card information from post offices or online purchases at usps.com was breached, they said. more
In Internet Draft draft-lee-dnsop-scalingroot-00.txt, I described with my coauthors a method of distributing the task of providing DNS Root Name Service both globally and universally. In this article I will explain the sense of the proposal in a voice meant to be understood by a policy-making audience who may in many cases be less technically adept than the IETF DNSOP Working Group for whom the scalingroot-00 draft was crafted. I will also apologize for a controversial observation concerning the addition of new root name servers... more
For the last decade and a bit, banking customers have been relentlessly targeted by professional phishers with a never-ending barrage of deceitful emails, malicious websites and unstoppable crimeware -- each campaign seeking to relieve the victim of their online banking credentials and funds. In the battle for the high-ground, many client-side and server-side security technologies have been invented and consequently circumvented over the years. Now we're about to enter a new era of mitigation attempts... more
A World-Renowned Source for Internet Developments. Serving Since 2002.