Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
The basic problem posed by WSIS was the role of national governments and national sovereignty in global Internet governance. That conflict remains completely unresolved by the WSIS document. The document's thinking is still based on the fiction that there is a clear divide between "public policy" and the "day to day operation" of the Internet, and assumes that governments should be fully in control of the policy-setting function. Moreover, new organizational arrangements are being put into place which will carry on that debate for another 5 years, at least. The new Internet Governance Forum is a real victory for the civil society actors, but also fails to resolve the basic issue regarding the role of governments and sovereignty. Although called for and virtually created by civil society actors, the language authorizing its creation asks to involve all stakeholders "in their respective roles." In other words, we still don't know whether this Forum will be based on true peer-peer based interactions among governments, business and civil society, or whether it will reserve special policy making functions to governments. more
The U.S. Internet Revenue Service now says that criminals already had most of the information that credit bureau Equifax lost in a breach that revealed personal information about nearly 150 million people. The incident at Equifax and the IRS' mid-October admission of how much-stolen data was already in criminal hands may force changes in how the world handles personal information. more
Rep's Graves and Sinema recently introduced H.R. 4036, the catchily named Active Cyber Defense Certainty Act or ACDC act which creates some exceptions to criminal parts of computer crime laws. Lots of reports have decried "hack back" but if you read the bill, it's surprisingly well targeted. The first change is to what they call Attributional Technology, and says it's OK to put bait on your computer for an intruder intended to identify the intruder. more
The 2024 "To-Do-List" for all stakeholders in the global Internet Governance Ecosystem is a very long one. Not only the real world but also the virtual world is in turmoil. Vint Cerf once argued that the Internet is just a mirror of the existing world. If the existing world is in trouble, the Internet world has a problem. more
This may or may not come as a shock to some of you, but ICANN's contract with the Domain Name Registrars, in terms of WHOIS inaccuracy is not enforceable. Bear with me. The ability of ICANN to enforce against a Registrar who fails to correct or delete a domain with false WHOIS does not exist. more
The Domain Name System (DNS) offers ways to significantly strengthen the security of Internet applications via a new protocol called the DNS-based Authentication of Named Entities (DANE). One problem it helps to solve is how to easily find keys for end users and systems in a secure and scalable manner. It can also help to address well-known vulnerabilities in the public Certification Authority (CA) model. Applications today need to trust a large number of global CAs. more
The following is a report by Susan Crawford at the ICANN meeting in Cape Town where a workshop was held yesterday for increasing awareness and understanding of United Nation's World Summit on the Information Society (WSIS) and issues that directly impact ICANN. "WSIS" is defined as a process in which governments intend to address a broad range of international legal, regulatory, economic, and policy issues related to the Internet. Some governments have proposed that an intergovernmental organization be responsible for "Internet governance," a phrase that remains undefined and some consider to include and/or mean the administration and coordination of the domain name system (DNS). more
The UN's WSIS Prepcomm in Geneva has ended on a divided note. The US Government's Ambassador Gross pre-announced war-cry "The United Nations will not be in charge of the Internet. Period." had been met by a nearly unanimous global response from nations for some sort of government control of the Internet on a multilateral basis. A raft of proposals to alter the current situation are on the table -- most of them fairly benign, but none supportive of the indefinite continuance of unilateral US control of the root zone authorisation. more
I've been privately talking about the theoretical dangers of HTTPS hacking with the developers of a major web browser since 2006 and earlier last month, I published my warnings about HTTPS web hacking along with a proposed solution. A week later, Google partially implemented some of my recommendations in an early Alpha version of their Chrome 2.0 browser... This week at the Black Hat security conference in Washington DC, Moxie Marlinspike released a tool called SSL Strip... more
A group of leading domain name registries and registrars have joined forces in the fight against abuse in the Domain Name System (DNS), by developing a "Framework to Address Abuse." Each contributing company has shared its expertise and experience mitigating abusive practices with the goal of submitting the resulting Framework as a foundational document for further discussion in the multistakeholder community. more
As the world becomes more and more reliant on electronics, it's worth a periodic reminder that a large solar flare could knock out much of the electronics on earth. Such an event would be devastating to the Internet, satellite broadband, and the many electronics we use in daily life. A solar flare is the result of periodic ejections of matter from the sun into space. Scientists still aren't entirely sure what causes solar flares, but they know that it's somehow related to shifts in the sun's magnetic field. more
Although IPv6 DDoS attacks are not yet a common occurrence, there are indications that malicious actors have started testing and researching IPv6 based DDoS attack methods. more
Much of the discussion about proposed TLDs centres around domain names as a form of classification: ".mobi" for mobile device content, ".kids" for child-safe content, language codes for language-specific content, ".museum" for museum-related entities, and so on. Notoriously little activity has been forthcoming in actually implementing these proposals, and the select few that have been allowed out into the world are, shall we say, a tad arbitrary. I'd like to engage in a little thought experiment where we abandon the "few TLDs with carefully chosen meanings" paradigm, and instead consider the benefits of a cornucopia of completely meaningless TLDs. more
On May 29, I attended an AEI event on "International economics and securing next-generation 5G wireless networks," with Ambassador Robert Strayer, who heads the U.S. State Department's CIP team. But the focus of the talk was not really on 5G security, international trade or 5G development. In fact, there was no constructive agenda at all. The talk was an extended attack on China and the Chinese-based telecommunications vendor Huawei – another episode in an ongoing U.S. government campaign to shut Huawei and other Chinese firms out of the U.S. market, and to convince every other country in the world to do the same. more
In a discussion about a recent denial of service attack against Twitter, someone asked, "Some class of suppliers must be making money off of the weaknesses. Anybody out there have a prescription for the cure?" Sure, but you're not going to like it. The Internet was originally a walled garden, where its operators knew who all the users were and could eject anyone who misbehaved... more
A World-Renowned Source for Internet Developments. Serving Since 2002.