Cybersecurity

Sponsored
by

Cybersecurity / Most Commented

Shambles at the .Pro Registry

Registration of .Pro domains has descended into shambles as the Registry responsible for their administration has allowed a flood of domain registrations which appear to be in breach of the strict rules restricting who can register a .pro domain and the certified credentials required before any such domain can work. more

Why Not an Interim Step Until DNSSEC is Ready?

I'm interested in CircleID community's take on NeuStar's recent announcement of Cache Defender. While only effective for domains the company is authoritative for, that does cover a large number of big Internet brands and financial institutions. Why wouldn't an ISP deploy this now, while waiting for all the myriad issues involved in DNSSEC to be resolved? more

PIR’s Anti-Abuse Policy for .ORG Offers No Due Process for Innocent Domain Registrants

PIR, the registry operator for .org, has sent notices to registrars that it is implementing an anti-abuse policy that offers no due process for innocent domain registrants... While it's good intentioned, there is great potential for innocent domain registrants to suffer harm, given the lack of appropriate safeguards, the lack of precision and open-ended definition of "abuse", the sole discretion of the registry operator to delete domains, and the general lack of due process. more

IPv6: Extinction, Evolution or Revolution?

For some years now the general uptake of IPv6 has appeared to be "just around the corner". Yet the Internet industry has so far failed to pick up and run with this message, and it continues to be strongly reluctant to make any substantial widespread commitment to deploy IPv6. Some carriers are now making some initial moves in terms of migrating their internet infrastructure over to a dual protocol network, but for many others it's a case of still watching and waiting for what they think is the optimum time to make a move. So when should we be deploying IPv6 services? At what point will the business case for IPv6 have a positive bottom line? It's a tough question to answer, and while advice of "sometime, probably sooner than later" is certainly not wrong, it's also entirely unhelpful as well! more

Whither DNS?

The Domain Name System is often though of as an integral part of the Internet. Without it, how can you ever locate anything? Well, quite easily, thank you very much. DNS is used implicitly for many services, such as web browsing. It also includes explicit extensions for a few applications such as e-mail. (I'm talking here about DNS the system, not DNS the technology that can be re-purposed to things like ENUM.) But the most notable thing about DNS is its receding importance... more

New gTLDs Are Great for Pump-and-Dumps, Phishes and More…

Yesterday, egregious financial truth-tellers (a client of ours at easyDNS) ZeroHedge broke the news that parties unknown, engineered what looks to be a textbook "pump-and-dump" on Twitter's stock by putting up a fake "Bloomberg Financial News" site on the domain bloomberg.market and proceeded to run a story on it about Twitter being acquired. The story spread and shares of Twitter stock promptly spiked on volume, Twitter finishing the day on nearly double the average daily volume. more

The Anti-Phishing Consumer Protection Act of 2008

Last week Sen. Snowe filed bill S.2661, the Anti-Phishing Consumer Protection Act of 2008, or APCPA. While its goals are laudable, I have my doubts about some of the details. The first substantive section of the bill, Section 3, makes various phishy activities more illegal than they are now in its first two subsections. It makes it specifically illegal to solicit identifying information from a computer under false pretenses, and to use a domain name that is deceptively similar to someone else's brand or name on the web in e-mail or IM to mislead people... more

DNSSEC: Once More, With Feeling!

After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I've been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period... To recap, DNSSEC is an approach to adding some "security" into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. more

OpenDNS: It’s Not SiteFinder for Obvious Reasons

The first salvo on NANOG this morning in response to the launch of OpenDNS was a predictable lambasting along the lines of "here comes SiteFinder II". Fortunately the follow-ups were quick to point out that OpenDNS was a far cry from SiteFinder for the obvious reason that people have the choice to use it, nobody had a choice with SiteFinder. ...the real magic here can come from it's use in phishing mitigation. more

Sender Address Verification: Solving the Spam Crisis

There are many companies in the spam-fighting business and most, if not all, claim to be hugely successful. Yet spam is exponentially more prevalent today than it was just 2 years ago. How can one conclude that today's anti spam solutions are working? This year spammers will use machine-generated programs to send trillions of unsolicited email. Thankfully, a new anti-spam technology has made its way into the market. more

Internet Drug Traffic, Service Providers and Intellectual Property

You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being Online Drug Traffic and Registrar Policy. There are a few facts I'd like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. more

Tiered (Variable) Pricing Compromise?

The new and proposed ICANN registry contracts contain no definite price terms, and thus permit potential tiered pricing on a per domain name basis. This has raised concern within the community that a registry operator might abuse its sole source position to engage in pricing practices detrimental to registrants. ...Notwithstanding the possibility of tiered pricing on a per domain name basis in connection with the recently executed sponsored registry contracts (.MOBI, .JOBS, .TRAVEL, .CAT, and .TEL), there have been numerous comments submitted in connection with this possibility in connection with the proposed contracts for the .BIZ, .INFO and .ORG registry contracts. There were four messages that motivate me to write this article... more

A Balkanized Internet Future?

Joi Ito has an important post [also featured on CircleID] on how the internet is in danger of becoming balkanized into separate "internets". He's not the only person who's concerned. Greg Walton worries about Regime Change on the Internet. My friend Tim Wu, a law professor specializing in international trade and intellectual property, has written an article for Slate: The Filtered Future: China's bid to divide the Internet... more

Jakarta Declaration Calls on Governments to Recognize Legitimacy of Encryption

Today in Indonesia, media leaders gathered at UNESCO's World Press Freedom Day event issued the "Jakarta Declaration" calling on governments of the world to recognize the importance of a free and independent media in creating "peaceful, just and inclusive societies". The declaration calls on governments to take steps to support the freedom of the press, and, in the midst of the many actions was this statement: Recognise the legitimacy of the use of encryption and anonymisation technologies more

AFNIC and DNS Server Redelegation

As an American, I could go for the ignorant stereotyping of the French. But being the good global citizen I try to be, I'll just see if someone can tell me if I'm missing something here, or if indeed AFNIC has lost its mind. I recently requested for one of my .FR domains to be delegated to new DNS servers. I got everything set up at my new DNS provider. But, AFNIC won't perform the transfer because of the following "fatal" reason... more