Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
The fallout from the failure of RegisterFly has been largely addressed as an issue of regulation and enforcement. ...ICANN has not historically enforced the escrow obligation, and in any case, if a company has failed, who exactly is going to take responsibility for updating the escrowed data? It seems to me that the problems that have arisen as a result of RegisterFly's collapse have more to do with the design of the "shared registry system" for the .COM and .NET TLDs than they do with ICANN's failure to enforce the RAA. more
There is a current ongoing Internet emergency: a critical 0day vulnerability currently exploited in the wild threatens numerous desktop systems which are being compromised and turned into bots, and the domain names hosting it are a significant part of the reason why this attack has not yet been mitigated. This incident is currently being handled by several operational groups. This past February, I sent an email to the Reg-Ops (Registrar Operations) mailing list. The email, which is quoted below, states how DNS abuse (not the DNS infrastructure) is the biggest unmitigated current vulnerability in day-to-day Internet security operations, not to mention abuse. more
Today, the ITU launched a new survey asking member states, ccTLDs and other ITU member organizations to provide answers to a specialized questionnaire asking for their experiences on the use of IDNs. The ITU states that it is reaching out to ccTLDs to "collect information and experiences on Internationalized Domain Names under ccTLD (country code Top Level Domain) around the globe." One of the goals of this survey is to collate information on the "needs and practices" of each ccTLD that is surveyed -- so as to compile a report from the ITU that speaks to the implementation of IDNs around the world... more
I have long been intrigued by the question of how do we turn the internet into a lifeline grade infrastructure... My hope that this will occur soon or even within decades is diminishing. Most of us observe, almost daily, how even well established infrastructures tend to crumble when stressed, even slightly... I was at the O'Reilly Etel conference last week. The content was impressive and the people there were frequently the primary actors in the creation and deployment of VOIP. However, not once during the three days did I hear a serious discussion by a speaker or in the hallways about how this evolving system would be managed, monitored, diagnosed, or repaired. more
We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more
As Antonios Broumas has correctly observed, the Internet Governance Forum (IGF) begins life in Athens next week without the means for its participants to agree upon any substantive documents such as resolutions or declarations. Indeed, according to Nitin Desai, the Chairman of its Advisory Group, it is impossible for the IGF to make any decisions, as it "is not a decision-making body. We have no members so we have no power to make decision."... more
Internet domain names are truly bizarre. There is nothing especially remarkable about them from a technical perspective, but from a social and political perspective they are all sorts of fun. We can have arguments over control of the DNS root, arguments over whether names are property, arguments over innate rights to specific names, arguments over a registrar's right (or lack thereof) to exploit unregistered names for private gain, and many more arguments besides. In this article, I'd like to explore the argument-space rather than defend any particular position in it. In so doing, I hope to illuminate some novel (or under-emphasised) perspectives on the matter. more
Are file inclusion vulnerabilitiess equivalent to remote code execution? Are servers (both Linux and Windows) now the lower hanging fruit rather than desktop systems? In the February edition of the Virus Bulletin magazine, we (Kfir Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security) wrote an article on cross platform web server malware and their massive use as botnets, spam bots and generally as attack platforms. Web security papers deal mostly with secure coding and application security. In this paper we describe how these are taken to the next level with live attacks and operational problems service providers deal with daily. more
What economic and social factors are shaping our future needs and expectations for communications systems? This question was the theme of a joint National Science Foundation (NSF) and Organisation for Economic Co Operation and Development (OECD) workshop, held on the 31st January of this year. The approach taken for this workshop was to assemble a group of technologists, economists, industry, regulatory and political actors and ask each of them to consider a small set of specific questions related to a future Internet. Thankfully, this exercise was not just another search for the next "Killer App", nor a design exercise for IP version 7. It was a valuable opportunity to pause and reflect on some of the sins of omission in today's Internet and ask why, and reflect on some of the unintended consequences of the Internet and ask if they were truly unavoidable consequences... more
One of the more persistent founding myths around the internet is that it was designed to be able to withstand a nuclear war, built by the US military to ensure that even after the bombs had fallen there would still be communications between surviving military bases. It isn't true, of course. The early days of the ARPANET, the research network that predated today's internet, were dominated by the desire of computer scientists to find ways to share time on expensive mainframe computers rather than visions of Armageddon. Yet the story survives... more
In a non-operational NANOG discussion about Google bandwidth uses, several statements were made. It all started from the following post by Mark Boolootian: "Cringley has a theory and it involves Google, video, and oversubscribed backbones..." The following comment has to be one of the most important comments in the entire article and its a bit disturbing... more
As an American, I could go for the ignorant stereotyping of the French. But being the good global citizen I try to be, I'll just see if someone can tell me if I'm missing something here, or if indeed AFNIC has lost its mind. I recently requested for one of my .FR domains to be delegated to new DNS servers. I got everything set up at my new DNS provider. But, AFNIC won't perform the transfer because of the following "fatal" reason... more
The historical development of spam fighting is allowing computer-aware criminals to take the upper hand in the fight against what has now evolved into a completely technologically and organizationally merged threat to public safety. If we do not change our strategic approach immediately, the battle, indeed even the war may be all but lost... Of late, much has been said in the popular and computer press about a vector that is annoying, but hardly critical in nature: 'Image spam'. Spammers have jumped on the new technology of 'image-only' payloads, which morph one pixel per message, rendering them unique, and traditional check-sum blocking strategies ineffective... Fortunately this fraudulent stock-touting scheme leaves a paper trail that has allowed for some successful prosecutions in the latter half of the year. Stock spamming, while popular at present time is likely to decline as legal actions increase... more
In my day job I run one of the largest registrars / resellers of IE domains (the IE ccTLD is the domain name for Ireland). In the course of doing that I have spent quite a lot of time becoming accustomed to the rules and regulations that govern both the naming and general registration criteria of IE domains. In some cases I can understand why rules are the way they are, whereas in others I am completely baffled... more
In a follow up to Microsoft's Strider URL Tracer tool released a few months ago, SecurityFocus is running an article which takes a closer look at how Microsoft's free Strider URL Tracer with Typo-Patrol is aimed at fighting typo-squatters and domain parking abuse. From the article: "In most cases, the typo domain is not even selling a product or service itself. The typo domain makes its money from syndicated advertising such as Google's AdSense program. The typo-squatter simply parks the domain and the only content on the site ends up being the ads served from a syndicated advertising program..." more
A World-Renowned Source for Internet Developments. Serving Since 2002.