Cybersecurity |
Sponsored by |
|
Today we received one of the first phish attempts to be made as a web spam (comment spam/blog spam) attempt. I wasn't convinced, and thought that perhaps it was a way to gather and verify RELEVANT online identities. Someone put me straight. It's phishing. I've often in the past had run-ins with the good folks in the anti virus realm back between 1996 and 2005 who thought Trojan horses and then spyware were not part of their business. Years later the AV business people ruled it is part of their business and ran to catch up. Same with botnets. more
I got a letter the other day from AOL postmaster Carl Hutzler, about how the Internet community could get rid of spam, if it really wanted to. With his permission, here are some excerpts. "Spam is a completely solvable problem. And it does not take finding every Richter, Jaynes, Bridger, etc to do it (although it certainly is part of the solution). In fact it does not take email identity technologies either (although these are certainly needed and part of the solution)." more
Several people emailed me about the actual things the senator said and why he is off-base. I decided to listen to his speech again, and write down the points I believe are critical. Senator Stevens who everyone is dissing on for his speech on Net Neutrality in my book spoke nothing less than brilliant. I will also tell you, in my opinion, exactly why... He nailed down the subject into the point that matters: Business. It's about profit. more
The following provides and introduction to a study by Venugopalan Ramasubramanian and Emin Gun Sirer, called "Perils of Transitive Trust in the Domain Name System". The paper presents results from a large scale survey of DNS, illustrating how complex and subtle dependencies between names and nameservers lead to a highly insecure naming system... "It is well-known that nameservers in the Domain Name System are vulnerable to a wide range of attacks. We recently performed a large scale survey to answer some basic questions about the legacy DNS." more
By now, you should have read elsewhere that the ICANN board has rejected the ICM application to create a .XXX TLD. It still comes as a surprise to some. Frankly, this was the prognosis I made to Stuart Lawley two years ago, for the very reasons mentioned by the European Commission. I mentioned in a previous blog entry that 6000 complaints from US citizens would have more weight on the conservative US administration than any other consideration... more
One of the best sources of information about sites on the web is the Whois database. A trio of patent applications from Go Daddy, published last week at the US Patent and Trademark Office, explores whether adding additional information to the Whois database might help reduce spam, phishing, and other fraudulent practices and improve search engine results. The patent filings from Go Daddy would add reputation information to the published Whois data to let others use it for a number of reasons, including enabling search engines incorporate it into their ranking mechanisms. ...The patent application from Google focuses upon fighting web spam using a wide range of data, including that associated with domain names. ...We can't really be certain that Google is presently using this information, but there are some indications that they may be... more
Black Frog -- a new effort to continue the SO-CALLED Blue Security fight against spammers. A botnet, a crime, a stupid idea that I wish would have worked -- News items on Black Frog. Blue Frog by Blue Security was a good effort. Why? Because they wanted to "get spammers back". They withstood tremendous DDoS attacks and abuse reports, getting kicked from ISP after ISP. ...The road to hell is filled with good intentions. Theirs was golden, but they got to hell, quite literally, non-the-less. ...When Blue Security went down, some of us made a bet as to when two bored guys sitting and planning their millions in some café would show up, with Blue Security's business plan minus the DDoS factor. Well -- they just did. more
In the late summer of 2006, the ICANN Nominating Committee will convene to select three members to the ICANN Board of Directors, and four members to various councils. Depending on the global visibility of the nominees, and the current political and technical currents pulling at the Internet community, these nominations will be both pilloried and lauded in different circles. This process of selecting a good ICANN board member is astonishingly complex; I should know, having served on the founding NomCom in 2003, and the succeeding NomComs in 2004 and 2005. By far the biggest challenge is finding good candidates... more
In follow-up to recent announcement on the release of the latest edition of the very popular DNS and BIND book -- often referred to as the bible of DNS -- CircleID has caught up with Cricket Liu, co-author and a world renowned authority on the Domain Name System. In this interview, Cricket Liu talks about emerging issues around DNS such as security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework). "Cricket Liu: We're now seeing more frequent attacks against DNS infrastructure. ...Turns out that name servers are terrific amplifiers -- you can get an amplification factor of nearly 100x. These attacks have raised awareness of the vulnerability of Internet name servers, which is possibly the only positive result..." more
So-called domain tasting is one of the more unpleasant developments in the domain business in the past year. Domain speculators are registering millions of domains without paying for them, in a business model not unlike running a condiment business by visiting every fast food restaurant in town and scooping up all of the ketchup packets. Since 2003, the contract between ICANN and each unsponsored TLD registry (.biz, .com, .info, .net, .org, and .pro) has added an Add Grace Period (AGP) of five days during which a registrant can delete a newly registered domain and get a full refund. Although this provision was clearly intended to allow registrars to correct the occasional typo and spelling error in registrations, speculators realized that this allows them to try out any domain for five days for free... more
Cities are among the largest regional authorities and natural human communities we know. Of course there are countries like China, India or the USA which count some hundred million or even a billion inhabitants. But there are also countries with far less than 100,000 inhabitants, like Tuvalu, Andorra or Barbados. If city communities are ranked by the number of inhabitants as independent entities among country communities, cities like Tokyo, New York, Shanghai or London head the ranking because they have more citizens than many countries. London for instance has more inhabitants than the Netherlands, and Tokyo outpaces Canada in that respect. Interestingly, there are only around 400 cities worldwide with more than 1 million inhabitants... The following post will give an overview of how cities are being identified on the Internet via Top-Level Domains and the opportunities that lay ahead. more
It seems like spam is in the news every day lately, and frankly, some of the proposed solutions seem either completely hare-brained or worse than the problem itself. I'd like to reiterate a relatively modest proposal I first made over a year ago: Require legitimate DNS MX records for all outbound email servers.
MX records are one component of a domain's Domain Name System (DNS) information. They identify IP addresses that accept inbound email for a particular domain name. To get mail to, say, linux.com, a mail server picks an MX record from linux.com's DNS information and attempts to deliver the mail to that IP address. If the delivery fails because a server is out of action, the delivering server may work through the domain's MX records until it finds a server that can accept the mail. Without at least one MX record, mail cannot be delivered to a domain.
more
I had the pleasure of eating breakfast with Vint Cerf, chairman of ICANN's board and Chief Internet Evangelist at Google, prior to his keynote address this morning. It was great to discuss some of the issues domainers are facing with regards to registrar practices, expiring domains, etc. directly with Cerf. Cerf's keynote kept the crowd engaged. I've summarized the topics he covered... Some people have misunderstood Cerf's position with regards to adding new domains. He said he is not opposed to adding new TLDs. What he advocates, however, is having a solid rationale for adding new TLDs. Cerf believes the processes and outcomes of the first two rounds of TLD adds were not satisfactory... more
On August 23rd, the Internet Governance Project posted a letter Opposing Political Intervention in the Internet's Core Technical Administrative Functions. I disagree. ICANN and Governments should get involved when it comes to protecting children online. Every effort should be made to make it SIMPLE for average parents to let their children run free online without the risk of running across pornography and adult material while doing so. Why continue to let pornographers run free and unchecked on the most exciting tool created in the history of mankind just because they got there first? more
On Monday the 3rd, California state Senator Dean Flores held a hearing of the E-Commerce, Wireless Technology, and Consumer Driven Programming committee grandly titled AOL: You Have Certified Mail, Will Paid E-mail Lead to Separate, Unequal Systems or is it the Foolproof Answer to Spam?. The senator's office said they were very eager to have me there, to the extent they offered to fly me out from New York, so since I happened to be on the way home from ICANN in New Zealand that weekend, I took a detour through Sacramento. Sen. Florez conducted the hearing, with Sens. Escutia and Torlakson sitting in briefly. Unfortunately, Sen. Bowen, who is very well informed on these topics, wasn't there. There were five panels of speakers, and I got to lead off... more
A World-Renowned Source for Internet Developments. Serving Since 2002.