Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Hurricane Katrina will lead the endless finger pointing about what should have been done to strengthen the levees before the storm. However, as a former senior FEMA official under the Clinton Administration explained, "There's only two kinds of levees. Ones that have failed and those that will fail." The same is true for cyber-levees. more
The United States is under cyber-attack. An article in Time magazine titled "The Invasion of the Chinese Cyberspies" discusses a computer-network security official for Sandia National Laboratories who had been "tirelessly pursuing a group of suspected Chinese cyberspies all over the world." The article notes that the cyberespionage ring, known to US investigators as Titan Rain, has been "penetrating secure computer networks at the country's most sensitive military bases, defense contractors and aerospace companies." more
Most people who have wireless Ethernet at home, or the office, connect to the wireless network by attaching to a wireless Access Point, or AP. This method of wireless networking is called "Infrastructure Mode". If you have a secure wireless network configured in "Infrastructure Mode" you are using MAC address filtering, some level of encryption, and have made some additional changes to your AP in order to prevent just anyone from using it or capturing data. ...However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of. more
"Regime Change on the Internet? Internet Governance after WGIG" was the first public event held in the United States on July 28, 2005 to review the UN Working Group on Internet Governance (WGIG) report. Here are my notes from the event: "Markus Kummer, Executive Coordinator, UN Working Group on Internet Governance, reminded the audience that the mandate of the WGIG was specifically articulated by the first part of the WSIS - "To investigate and make proposals for action as appropriate". It was not for sweeping regime change as the conference title would suggest." more
In light of the recent decision by the United States government to "maintain its historic role in authorizing changes or modifications to the authoritative root zone file" and ICANN's recent decisions to add more gTLDs (including .xxx), and to renew VeriSign as the .net registry, readers may be interested in the just-published report of the National Research Council's Computer Science and Telecommunications Board, Signposts in Cyberspace: The Domain Name System and Internet Navigation. ...a comprehensive policy-oriented examination of the Domain Name System in the broader context of Internet navigation. more
There is an interesting note on the ITU Strategy and Policy Unit Newslog about Root Servers, Anycast, DNSSEC, WGIG and WSIS about a presentation to ICANN's GAC. (The GAC website appears to be offline or inaccessible today.) The interesting sentence is this: Lack of formal relationship with root server operators is a public policy issue relevant to Internet governance. It is stated that this is "wrong" and "not a way to solve the issues about who edits the [root] zone file." Let's look at that lack of a formal relationship... more
When does an experiment in networking technology become a public utility? Does it happen on a single date, or is it a more gradual process of incremental change? And at what point do you change that way in which resources are managed to admit a broader of public interests? And how are such interests to be expressed in the context of the network itself, in terms of the players, their motivation and the level of common interest in one network? While many may be of the view that this has already happened some years ago in the case of the Internet, when you take a global perspective many parts of the globe are only coming to appreciate the significant role of the Internet in the broader context of enablers of national wealth. more
On June 30, 2005, the United States Department of Commerce National Telecommunications and Information Administrtation (NTIA) released the "US Statement of Principles on the Internet's Domain Name and Addressing System." The Internet Governance Project (IGP) has issued 7 points in response to the "Statement of Principles" showing the direction believed to be in the interests of the United States and the world. more
The recent announcement in eWeek titled "Feds Won't Let Go of Internet DNS" (slashdotted here) has some major internet policy implications. The short, careful wording appears to be more of a threat to ICANN than a power grab. In short, the US Department of Commerce's (DOC) National Telecommunications and Information Administration (NTIA) announced that it was not going to stop overseeing ICANN's changes to the DNS root. ...Of course, they have done next to nothing to support DNSSEC or other proposal for securing the DNS, but it sounds reassuring. The last sentence shows that the Bush administration shares the Clinton administration's lack of understanding of how the internet should evolve... more
Joi Ito has an important post [also featured on CircleID] on how the internet is in danger of becoming balkanized into separate "internets". He's not the only person who's concerned. Greg Walton worries about Regime Change on the Internet. My friend Tim Wu, a law professor specializing in international trade and intellectual property, has written an article for Slate: The Filtered Future: China's bid to divide the Internet... more
After hearing over 350 presentations on IPv6 from IPv6-related events in the US (seven of them), China, Spain, Japan, and Australia, and having had over 3,000 discussions about IPv6 with over a thousand well-informed people in the IPv6 community, I have come to the conclusion that all parties, particularly the press, have done a terrible job of informing people about the bigger picture of IPv6, over the last decade, and that we need to achieve a new consensus that doesn't include so much common wisdom that is simply mythical. There are many others in a position to do this exercise better than I can, and I invite them to make a better list than mine, which follows. more
The U.S. government has announced today that it will indefinitely retain oversight of the Internet's root servers, ignoring pervious calls by some countries to turn the function over to an international body. more
This month I thought I could feel smug, deploying Postfix, with greylisting (Postgrey), and the Spamhaus block list (SBL-XBL) has reduced the volume of unsolicited bulk commercial email one of our servers was delivering to our clients by 98.99%. Alas greylisting is a flawed remedy, it merely requires the spambots to act more like email servers and it will fail, and eventually they will... more
I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure... more
Yesterday the ICANN board discussed and approved ICANN staff to enter into negotiations with ICM Registry, Inc. for the .XXX Top Level Domain (TLD). I'm sure there will be a longer more complete presentation from ICANN later about this, but as an individual board member I thought I'd post a quick note before people got carried away with speculation based on a lack of information. more
A World-Renowned Source for Internet Developments. Serving Since 2002.