Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
We see the problems that we are facing within an increasingly digital society and economy. We cannot go backward; the only way forward is to ensure that this new digital environment is made as safe as possible from a personal, social, political and economic perspective. We are currently struggling on these fronts. Unfortunately, we have now clearly entered a situation of cyber warfare. States now use digital technologies to impose and undermine ideologies. more
Joi Ito has an important post [also featured on CircleID] on how the internet is in danger of becoming balkanized into separate "internets". He's not the only person who's concerned. Greg Walton worries about Regime Change on the Internet. My friend Tim Wu, a law professor specializing in international trade and intellectual property, has written an article for Slate: The Filtered Future: China's bid to divide the Internet... more
The European Union's Network and Information Security Directive (NIS1), introduced in 2016, aimed to strengthen cybersecurity among Member States. However, market fragmentation and growing digital threats led to the enactment of the NIS2 Directive. more
It seems like spam is in the news every day lately, and frankly, some of the proposed solutions seem either completely hare-brained or worse than the problem itself. I'd like to reiterate a relatively modest proposal I first made over a year ago: Require legitimate DNS MX records for all outbound email servers.
MX records are one component of a domain's Domain Name System (DNS) information. They identify IP addresses that accept inbound email for a particular domain name. To get mail to, say, linux.com, a mail server picks an MX record from linux.com's DNS information and attempts to deliver the mail to that IP address. If the delivery fails because a server is out of action, the delivering server may work through the domain's MX records until it finds a server that can accept the mail. Without at least one MX record, mail cannot be delivered to a domain.
more
Yesterday the ICANN board discussed and approved ICANN staff to enter into negotiations with ICM Registry, Inc. for the .XXX Top Level Domain (TLD). I'm sure there will be a longer more complete presentation from ICANN later about this, but as an individual board member I thought I'd post a quick note before people got carried away with speculation based on a lack of information. more
So-called domain tasting is one of the more unpleasant developments in the domain business in the past year. Domain speculators are registering millions of domains without paying for them, in a business model not unlike running a condiment business by visiting every fast food restaurant in town and scooping up all of the ketchup packets. Since 2003, the contract between ICANN and each unsponsored TLD registry (.biz, .com, .info, .net, .org, and .pro) has added an Add Grace Period (AGP) of five days during which a registrant can delete a newly registered domain and get a full refund. Although this provision was clearly intended to allow registrars to correct the occasional typo and spelling error in registrations, speculators realized that this allows them to try out any domain for five days for free... more
The latest post on DearAOL's blog, by EFF activist coordinator Danny O'Brien, is titled "The Shakedown Begins". In short, Danny receives email from overstock.com on an AOL mailbox -- email that he apparently paid overstock $29.95 to receive. And that email arrives with Goodmail certification that AOL recognizes and flags as such. Danny seems to think this is not the sort of email that should be certified by Goodmail, and that AOL should not suddenly turn on Goodmail certification. Suddenly? more
The alarming rise of phishing attacks has been underscored by a recent study "Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing conducted" by the Interisle Consulting Group, revealing a tripling of such attacks since May 2020. Despite efforts by companies and policymakers to combat this cybercrime, the data suggests that the prevailing strategies are ineffective and worsening each year. more
I've been trying to avoid writing about the Internet as such. With as "At the Edge" I'm looking at larger issues but can't escape writing more directly about the Internet. It seems as if everyone wants a say in Internet policy without distinguishing between technical and social issues. Today the term "The Internet" or, for many simply "Internet" is more of brand than a term for a specific technology and its implications. It has become too easy to talk about the Internet in lieu of understanding. We also see the converse -- a failure to recognize "Internet" issues. more
The recent research highlighting the alarming practice of Secure Socket Layer (SSL) Certificate Authority (CA) vendors using the MD5 hashing algorithm (which was known to be broken since 2005) has shown a major crack in the foundation of the Web. While the latest research has shown that fake SSL certificates with MD5 hashes can be forged to perfection when the CA (such as VeriSign's RapidSSL) uses predictable certificate fields, the bigger problem is that the web has fundamentally botched secure authentication. more
Wikis have been around for a long time on the Web. It's taken a while for them to transform from geek tool to a mainstream word, but we're here now. Last week at the ICANN Meeting in Vancouver, it was fun to watch hundreds of people get introduced to Wikis and start using them, thanks to Ray King's ICANN Wiki project. In the past few days since, I've come to believe that Wikis are doomed unless they start thinking about security in a more serious way. more
Looking back at the year that just ended, here are the top ten most popular news, blogs, and industry news on CircleID in 2009 based on the overall readership of the posts. Congratulations to all the participants whose posts reached top readership in 2009 and best wishes to the entire community in 2010. more
ICM Registry announced this week it has struck a deal with McAfee for a free malware scan for every .XXX domain. The deal would include McAfee's "trustmark" and date stamp, ICM said. Every .XXX domain will be scanned for vulnerabilities such as SQL injection, browser exploits and phishing sites, reputational analysis and malware, Stuart Lawley, CEO of ICM Registry, said in a statement. more
The eighth RIPE NCC hackathon takes on the Quantum Internet! The hackathon will be held during the weekend before RIPE 77 in Amsterdam, and is co-organised by QuTech and TU Delft, along with the RIPE NCC. We're bringing together network operators, quantum networking researchers, students, hackers, software developers and artists, to imagine and build the tools for the future Internet. more
"Competitive Bidding for new gTLDs" is the focus of part three of a three-part series based on a study prepared by Karl M. Manheim, Professor of Law at Loyola Law School and Lawrence B. Solum, Professor of Law at University of San Diego. Special thanks and credit to Hastings Communications and Entertainment Law Journal, Vol. 25, p. 317, 2004. ...When new radio frequencies become available for commercial use, federal law requires that licenses be auctioned off to the highest qualified bidder. The FCC does a reasonably good job in designing and conducting spectrum auctions. They are often familiar in format, not much different than found for consumer goods on eBay. In other cases, such as with "Simultaneous Multiple-Round" or "combinatorial bidding," the auction design is fairly complex. Because of complexity in these cases, the FCC sponsors periodic conferences on auction theory and seminars on auction mechanics for potential bidders. more
A World-Renowned Source for Internet Developments. Serving Since 2002.