Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
As an advisory committee, our focus is to give ICANN and the community our best advice regarding security and stability issues for the domain name system and the addressing system. We are not a standards, regulatory, judicial or enforcement body; those functions belong elsewhere. As we all know, VeriSign is in the process of suing ICANN on a number of matters, including ICANN's response to their registry change last September. Although VeriSign now contends that a number of us on the committee are "Site Finder co-conspirators" the next steps are really up to the ICANN board, the ICANN staff and the many members of the technical and operating community who run the domain name system. I'll be happy to interact with the members of the community here on CircleID as time permits. more
If you want to know the world's most dangerous country code Top-Level Domains (ccTLDs), ask an anti-virus software company. McAfee has released its list of most dangerous country codes. Here are the top five... more
This is a special two-part series article providing a distinct and critical perspective on Internet Protocol Version 6 (IPv6) and the underlying realities of its deployment. The first part gives a closer look at how IPv6 came about. This part exposes the myths.
Good as all this is, these attributes alone have not been enough so far to propel IPv6 into broad-scale deployment, and consequently there has been considerable enthusiasm to discover additional reasons to deploy IPv6. Unfortunately, most of these reasons fall into the category of myth, and in looking at IPv6 it is probably a good idea, as well as fair sport, to expose some of these myths as well. more
An ITU document entitled "Beyond Internet Governance" crossed my desk earlier this week. Given that I had absolutely nothing better to do, I decided to give it a read. The audacity of the ITU Secretariat is nothing less than shocking. It has been a long while since I read such a self-serving, narrow-minded and inaccurate document. The backbone of the ITU's contention rests on the premise that something called the Next Generation Network and the contention that this network will act as one big bug fix for all the problems created by current inter-networking technology. more
Four senators (Rockefeller, Bayh, Nelson, and Snowe) have recently introduced S.773, the Cybersecurity Act of 2009. While there are some good parts to the bill, many of the substantive provisions are poorly thought out at best. The bill attempts to solve non-problems, and to assume that research results can be commanded into being by virtue of an act of Congress. Beyond that, there are parts of the bill whose purpose is mysterious, or whose content bears no relation to its title. more
Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, "Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities." Following is a statement explaining the current status of the Mozilla changes to Firefox regarding IDN... more
The new and proposed ICANN registry contracts contain no definite price terms, and thus permit potential tiered pricing on a per domain name basis. This has raised concern within the community that a registry operator might abuse its sole source position to engage in pricing practices detrimental to registrants. ...Notwithstanding the possibility of tiered pricing on a per domain name basis in connection with the recently executed sponsored registry contracts (.MOBI, .JOBS, .TRAVEL, .CAT, and .TEL), there have been numerous comments submitted in connection with this possibility in connection with the proposed contracts for the .BIZ, .INFO and .ORG registry contracts. There were four messages that motivate me to write this article... more
In mid-March, the group dubbed by Wired Magazine 20 years ago as Crypto-Rebels and Anarchists - the IETF - is meeting in London. With what is likely some loud humming, the activists will likely seek to rain mayhem upon the world of network and societal security using extreme end-to-end encryption, and collaterally diminish some remaining vestiges of an "open internet." Ironically, the IETF uses what has become known as the "NRA defence": extreme encryption doesn't cause harm, criminals and terrorists do. more
I was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said "I don't think we need DNSSEC". Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let's take them one at a time... more
Building IoT ventures from scratch by prototyping hardware devices and their backend systems as well as working for a large company that tries to sell IoT devices itself, we learned a lot about the pitfalls and problems concerning security in the IoT. Nearly every connected device out there proved to be vulnerable to attacks. Researchers showed that it's possible to remotely take control over autonomous vehicles, implanted medical devices were manipulated, voting machines compromised and of course all sorts of other "smart" devices... more
While threat actors can use any domain across thousands of top-level domains (TLDs), they often have favorites. For instance, you may be familiar with Spamhaus's 10 most-abused TLDs for spamming. WhoisXML API researchers recently built on this list by analyzing 40,000 newly registered domains (NRDs) that sported some of the listed unreputable TLDs. We called this study "DNS Abuse Trends: Dissecting the Domains Under the Most-Abused TLDs." more
The Internet Corporation for Assigned Names and Numbers (ICANN) has released an "Advisory" concerning VeriSign's deployment of DNS wildcard (Site Finder) service: "Since the deployment, ICANN has been monitoring community reaction, including analysis of the technical effects of the wildcard, and is carefully reviewing the terms of the .com and .net Registry Agreements. In response to widespread expressions of concern from the Internet community about the effects of the introduction of the wildcard..." more
There are some real problems in DNS, related to the general absence of Source Address Validation (SAV) on many networks connected to the Internet. The core of the Internet is aware of destinations but blind to sources. If an attacker on ISP A wants to forge the source IP address of someone at University B when transmitting a packet toward Company C, that packet is likely be delivered complete and intact, including its forged IP source address. Many otherwise sensible people spend a lot of time and airline miles trying to improve this situation... The problems created for the Domain Name System (DNS) by the general lack of SAV are simply hellish. more
From time to time, a party can get out of control. Raucous celebration can become careless, even destructive. Combine a critical number of young people, a certain amount of beer and lots of music and damage often happens. Partygoers leave a mess behind them. The same thing happens to some IP addresses. Malicious actors use IP addresses properly registered to someone else. more
As we finished this article, the world was hit by another global outage by content delivery network (CDN) provider, Akamai, on June 17, 2021. The cause seems to be related to the lack of capacity to a certain "routing table" of their distributed denial of service (DDoS) mitigation. Although the technical analysis is not yet available, the central premise of this article also applies to this incident, and it serves as a timely testimony. more
A World-Renowned Source for Internet Developments. Serving Since 2002.