Cybersecurity |
Sponsored by |
|
Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, "Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities." Following is a statement explaining the current status of the Mozilla changes to Firefox regarding IDN... more
According to the company, the rollout will continue over the next few weeks to confirm that no major issues are discovered as this new protocol is enabled. more
This is an issue of some concern and should be watched carefully: phishers are now trying to get passwords of domain registrants (domain owners). Currently, correspondents inform me that GoDaddy is the target, but there's no reason to think the phishers won't expand to other registrars. Normally, phishers go after bank accounts or other financial information, or sometimes the online accounts of users so that they may send spam. It's not known precisely why phishers are after domain registration information, but the possibilities are chilling... more
I have been attending the Icann conference in Malaysia this week. One of the key events was the submission of the report from the Security & Stability Advisory Committee regarding Site Finder. In reading the committee's report I discovered what I believe is an incredible breakdown in logic and as a consequence, a very mistaken, or at least confused, set of conclusions. So, why do I say that? more
There are some real problems in DNS, related to the general absence of Source Address Validation (SAV) on many networks connected to the Internet. The core of the Internet is aware of destinations but blind to sources. If an attacker on ISP A wants to forge the source IP address of someone at University B when transmitting a packet toward Company C, that packet is likely be delivered complete and intact, including its forged IP source address. Many otherwise sensible people spend a lot of time and airline miles trying to improve this situation... The problems created for the Domain Name System (DNS) by the general lack of SAV are simply hellish. more
Markus Kummer, Executive Coordinator, Secretariat of the United Nations Working Group on Internet Governance, is a career diplomat, who has served as eEnvoy of the Swiss Foreign Ministry in Bern since April 2002. His main tasks include foreign policy coordination in the area of information and communication technologies, in general, and the World Summit on the Information Society (WSIS), in particular. He chaired the negotiating group that developed an agreed text on Internet governance for the WSIS Declaration of Principles and Plan of Action in December 2003... Mr Kummer says: "The time-frame is very short indeed. And the task ahead of us is daunting." more
The recent announcement in eWeek titled "Feds Won't Let Go of Internet DNS" (slashdotted here) has some major internet policy implications. The short, careful wording appears to be more of a threat to ICANN than a power grab. In short, the US Department of Commerce's (DOC) National Telecommunications and Information Administration (NTIA) announced that it was not going to stop overseeing ICANN's changes to the DNS root. ...Of course, they have done next to nothing to support DNSSEC or other proposal for securing the DNS, but it sounds reassuring. The last sentence shows that the Bush administration shares the Clinton administration's lack of understanding of how the internet should evolve... more
Ah yes, 'Security by obscurity': "Many people believe that 'security through obscurity' is flawed because... secrets are hard to keep." I'm glad the guys guarding the A Root Servers are up on the latest security trends. Of course, you could hide the A Root Servers at the heart of the Minotaur's maze, but they're still going to be "right over there" in cyberspace, at 198.41.0.29 more
In mid-March, the group dubbed by Wired Magazine 20 years ago as Crypto-Rebels and Anarchists - the IETF - is meeting in London. With what is likely some loud humming, the activists will likely seek to rain mayhem upon the world of network and societal security using extreme end-to-end encryption, and collaterally diminish some remaining vestiges of an "open internet." Ironically, the IETF uses what has become known as the "NRA defence": extreme encryption doesn't cause harm, criminals and terrorists do. more
Cities are among the largest regional authorities and natural human communities we know. Of course there are countries like China, India or the USA which count some hundred million or even a billion inhabitants. But there are also countries with far less than 100,000 inhabitants, like Tuvalu, Andorra or Barbados. If city communities are ranked by the number of inhabitants as independent entities among country communities, cities like Tokyo, New York, Shanghai or London head the ranking because they have more citizens than many countries. London for instance has more inhabitants than the Netherlands, and Tokyo outpaces Canada in that respect. Interestingly, there are only around 400 cities worldwide with more than 1 million inhabitants... The following post will give an overview of how cities are being identified on the Internet via Top-Level Domains and the opportunities that lay ahead. more
In the beginning there was silence; then, silence begat communication, and communication begat more communication and, ultimately, group communication formed and begat a primordial "network" of communication that gradually and inevitably increased in effectiveness and complexity: there were only signal fires at first but, then, there were cave drawings, carrier pigeons, shouting from hill-tops, smoke from fire, lines of cannon fire, the telegraph, Alexander Graham Bell, and, finally, the network of networks known as the Internet. But, is that it? Is there not something more impressive in its impact upon communication than the Internet? What more might one desire than the dynamic wonders of the Internet, you ask? Well, what about ENUM? "E-What!?" more
If you want to know the world's most dangerous country code Top-Level Domains (ccTLDs), ask an anti-virus software company. McAfee has released its list of most dangerous country codes. Here are the top five... more
In modern society, there is one fact that is unquestionable: The hyper-connectivity of the digital economy is inescapable. A financial institution without an online presence or omni-channel strategy will cease to be competitive. Universities (for-profit or non-profit) must develop and continuously evolve their online learning capabilities if they are to stay relevant. Online retailers are quickly outpacing and rendering their 'brick-and-mortar' counterparts irrelevant. more
The new and proposed ICANN registry contracts contain no definite price terms, and thus permit potential tiered pricing on a per domain name basis. This has raised concern within the community that a registry operator might abuse its sole source position to engage in pricing practices detrimental to registrants. ...Notwithstanding the possibility of tiered pricing on a per domain name basis in connection with the recently executed sponsored registry contracts (.MOBI, .JOBS, .TRAVEL, .CAT, and .TEL), there have been numerous comments submitted in connection with this possibility in connection with the proposed contracts for the .BIZ, .INFO and .ORG registry contracts. There were four messages that motivate me to write this article... more
Last week, Columbia University's School of International and Public Affairs (SIPA), in collaboration with the Global Commission on Internet Governance (GCIG), hosted a conference on Internet governance and cybersecurity. The conference gathered a variety of experts to discuss issues pertaining to Internet governance, human rights, data protection and privacy, digital trade, innovation and security. more
A World-Renowned Source for Internet Developments. Serving Since 2002.