Cybersecurity |
Sponsored by |
|
As expected, VeriSign raised the price of domain names, effective in October. New prices wholesale prices (to the registrar) for .com domain names are going from $6.42 to $6.86, while .net will increase from $3.85 to $4.23. This news came a few days ago in a letter to registrars. (Hint to consumers: renew your domains now.) ...So, basically, many if not most of VeriSign's registry costs have been falling at an exponential rate. Hard disk storage, computing performance, bandwidth, RAM storage... yet the cost is going up. How is this justified? more
A few hours ago, Pakistan Telecom (AS 17557) began advertising a small part of YouTube's assigned network. This story is almost as old as BGP. Old hands will recognize this as, fundamentally, the same problem as the infamous AS 7007 from 1997, a more recent ConEd mistake of early 2006 and even TTNet's Christmas Eve gift 2005. Just before 18:48 UTC, Pakistan Telecom, in response to government order to block access to YouTube, started advertising a route for 208.65.153.0/24 to its provider... more
The debates are raging over whether or not we should migrate to IPv6. The strongest argument is the enormous address space that will allow for everyone and everything to have a unique public address, many addresses actually. It is often said that the shortage of public IPv4 addresses has limited our capabilities because it led to the pervasive use of private addressing, Network Address Translation (NAT) and Port Address Translation (PAT). Though these technologies remain critical, they are often regarded as stop-gap measures, and they sometimes create problems. In some circles, NAT has acquired a very bad name. But is that a fair perspective of the technology? Let's review the positives and negatives. more
The Internet Governance Project has unearthed a consultancy report to the U.S. Department of Homeland Security (DHS) that makes it clear that the issue of root signing and DNSSEC key management has been recognized as a political issue within the US government for long time. more
I'm writing this column in November, and that means that it is time for the traveling circus known as the Internet Governance Forum (IGF) to come down to earth, unpack its tents and sell tickets for its annual song and dance routine. The script for this year's show has been changed, and after being excluded from the main arena last year at the Athens gig, the headline act of "Critical Internet Resources" is taking a starring role this year in Rio. Some folk are even saying that it is the single most contentious issue to be scheduled at this year's IGF show. So what are "Critical Internet Resources" anyway? If folks are going to spend all this time, energy and carbon emissions traveling to Rio to talk on this topic, then wouldn't it be helpful to understand what it means in the first place? There are probably a number of ways to answer this question, so in this heavily opinionated column I'd like to look at the range of possible answers to this question. more
There are many network operator group meetings being held these days. Even in the backwater of the South Pacific where I live there is now AUSNOG, and NZNOG is just next door in New Zealand. We now have MENOG in the Middle East and AFNOG in Africa. The original NOG was the North American Network Operators Group (NANOG), and they have the T-Shirts to prove it! NANOG meets three times a year, and I attended NANOG 41 in October 2007. NANOG meetings cover a broad variety of topics, from operational tools, measurement, and peering practices through to a commentary on the state of the Internet industry. Here are my impressions of the meeting. more
OK, you know things are getting bad when Ameritrade leaks its customer information yet again, and I don't even bother to report it because it's not news anymore. Well, recent updates to the story have prompted me to correct that omission. Yes, it happened again. Roughly a month ago, correspondents began to receive pump-n-dump spam to tagged email addresses which they had given only to Ameritrade... This now marks the third major confirmed leak of customer information from Ameritrade. In addition, the Inquirer reported the loss of 200,000 Ameritrade client files in February 2005. One correspondent informs me that this has happened to him on four or five previous occasions. more
I was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said "I don't think we need DNSSEC". Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let's take them one at a time... more
DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more
Last month's column looked at the exhaustion of the IPv4 unallocated address pool and the state of preparedness in the Internet to grapple with this issue... There has been a considerable volume of discussion in various IPv6 and address policy forums across the world about how we should respond to this situation in terms of development of address distribution policies. Is it possible to devise address management policies that might both lessen some of the more harmful potential impacts of this forthcoming hiatus in IPv4 address supply, and also provide some impetus to industry to move in the originally intended direction to transition into an IPv6 network? more
According to the majority of the testimony at this month's "Spam Summit," held by the U.S. Federal Trade Commission (FTC), the state of the fight against spam is pretty much the same as it has been for the last several years. The two days of presentations can largely be boiled down to the following bullets: Spam volumes continue to increase, being driven by the growth of "botnets"... Oh, and the spam wars are a lot less exciting than they used to be. Case in point: unlike last time, there were no fist-fights at this year's shindig. more
Funny how some topics seem sit on a quiet back burner for years, and then all of a sudden become matters of relatively intense attention. Over the past few weeks we've seen a number of pronouncements on the imminent exhaustion of the IP version 4 address pools. Not only have some of the Regional Internet Registries (RIRs) and some national registry bodies made public statements on the topic, we've now seen ICANN also make its pronouncement on this topic... Why the sudden uptake of interest in this topic? I suspect that a small part of this may be my fault! more
In one of the first (if not the first) UDRP cases for .cat, the auto giant BMW appears to have filed a WIPO case over the BMW.cat domain name. Other prospective new TLD operators have tried to suggest in ICANN meetings that these new TLDs do not cause problems with cybersquatting or defensive registrations... Obviously, given the above WIPO case, that statement is false. more
Legitimate email marketers, anti-spam groups and beleaguered recipients got a bit of good news with the arrest last week of a man described as one of the world's most prolific spammers. Robert Alan Soloway, 27, dubbed "the Seattle Spammer" by federal officials, was indicted on 35 charges related to fraudulent Internet activities. Soloway pleaded not guilty to all charges at his May 30 arraignment. You can read more here. Although it's always great when a notorious spammer gets put out of business, such actions probably won't result in a drop in the amount of spam that gets sent... more
On the face of it, Kieren McCarthy's Sex.com was a book that could have written itself: a notorious, well-publicised feud over the most valuable domain name in existence, between two charismatic men -- one a serial entrepreneur with a weakness for hard drugs (Gary Kremen), the other a gifted con-man with delusions of grandeur (Stephen Cohen). It's a story replete with vicious acrimony, multi-million dollar lawsuits, and rumours of gunfights between bounty hunters in the streets of Tijuana. Thankfully, McCarthy wasn't content to just bundle together all the articles he's written about Sex.com over the years and slap a cover on the front... more
A World-Renowned Source for Internet Developments. Serving Since 2002.