Cybersecurity |
Sponsored by |
|
I just wanted to call people's attention to this International Chamber of Commerce (ICC) paper on Internet governance. I don't endorse it; haven't actually read it yet, but their say will play a big role and should be widely known: "Coming barely a month after the World Summit on the Information Society (WSIS) in Geneva, and prepared by ICC's Commmission on E-Business, IT and Telecoms, the paper divides the issue of Internet governance into three main components - technical engineering, coordination of the names and numbers system and public policy matters." more
ICANN's Security and Stability Advisory Committee (SECSAC) recently released some recommendations regarding the DNS infrastructure, specifying among other things, that sub-zone delegation be kept up-to-date. ...The SECSAC report doesn't mention, but I believe is trying to address, is the alarming fact that nearly 10% of the name servers listed in the root zone are lame, either they aren't authoritative for the zones they are supposed to be, or they are unreachable much of the time.
more
Please do sit down. Should the shock cause you to suddenly lose consciousness, I hereby disclaim all responsibility for any subsequent loss or injury. I'm about to defend the anthrax of the Internet: NAT. Network Address Translation is a hack to enable private IP addresses on one side of a router (inside your network) to talk to public IP addresses on the other side (on the Internet, outside your network). It really doesn't matter how it works. The consequence is that unless the router is specifically configured, outsiders can't get in uninvited. So those on the inside can't, by default, act as servers of any service to the outside world. more
In the second part of this two-part series article (part one here), Andrew McLaughlin concludes his critical look at the recently reported study, Public Participation in ICANN, by John Palfrey, Clifford Chen, Sam Hwang, and Noah Eisenkraft at the Berkman Center for Internet & Society at Harvard Law School... "ICANN has never attempted to be -- and was never designed to be -- 'representative' of the worldwide Internet community in any mathematically precise way. In view of the vast size of the global population of Internet users, and the specialized technical focus of ICANN's policy-making responsibilities, it would be a hopeless task to try to achieve truly representative statistical proportionality among ICANN's participants, committees, task forces, or Board members. Rather, here's how the U.S. government's foundational 1998 DNS policy statement described the core principle of 'representation'." more
In a Red Herring Conference held last week in California, Mitch Ratcliffe's offers an analytical overview of an interview held with Stratton Scalovs, VerisSign's CEO..."He then goes on to say that we need to move the complexity back into the center of the Net! He says the edge can't be so complex. Get David Isenberg in here! Ross Mayfield, sitting in front of me, laughs out loud. I am dumbfounded. According to VeriSign, the Net should not be open to any type of application, only applications that rely on single providers of services, like VeriSign. This is troglodyte talk." more
This is the second part of a two-part series interview by Geert Lovink with Milton Mueller discussing ICANN, World Summit on the Information Society, and the escalating debates over Internet Governance. Read the first part of this Interview here. Geert Lovink: "Confronted with Internet governance many cyber activists find themselves in a catch 22 situation. On the one hand they do not trust government bureaucrats to run the Internet, out of a justified fear that regulation through multilateral negotiations might lead to censorship and stifle innovation. On the other hand they criticize the corporate agendas of the engineering class that is anything but representative. What models should activists propose in the light of the World Summit on the Information Society (WSIS)? There seems to be no way back to a nation state 'federalist' solution. Should they buy into the 'global civil society' solution?" more
Fueled by the lack of public IP addresses, 70% of Fortune 1000 companies have been forced to deploy NATs (Source: Center for Next Generation Internet). NATs are also found in hundreds of thousands of small business and home networks where several hosts must share a single IP address. It has been so successful in slowing the depletion of IPv4 addresses that many have questioned the need for IPv6 in the near future. However, such conclusions ignore the fact that a strategy based on avoiding a crisis can never provide the long-term benefits that solving the underlying problems that precipitated the crisis offers. more
On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers! more
CircleID recently interview Paul Vixie, Founder & Chairman of Internet Software Consortium (ISC), to discuss ISC's newly formed Operations, Analysis, and Research Center (OARC). OARC is launched in response to DDoS attacks at the Internet's core infrastructure and the vital requirement for a formal coordination system. OARC is also a part of US homeland security initiatives, such as the formation of Information Sharing and Analysis Centers (ISACs).
"Registries and registrars, ccTLD operators, large corporate NOCs, ISPs and ecommerce companies that host many domain names are all likely candidates. This is also a natural for law enforcement groups that are worried about attacks on the Internet." more
There are indications that the Internet, at least the Internet as we know it today, is dying. I am always amazed, and appalled, when I fire up a packet monitor and watch the continuous flow of useless junk that arrives at my demarcation routers' interfaces. That background traffic has increased to the point where it makes noticeable lines on my MRTG graphs. And I have little reason for optimism that this increase will cease. Quite the contrary, I find more reason to be pessimistic and believe that this background noise will become a Niagara-like roar that drowns the usability of the Internet. And the net has very long memory... more
After attending the afternoon ICANN Security & Stability Committee meeting, I realized that the issues involved fall into several related but independent dimensions. Shy person that I am *Cough*, I have opinions in all, but I think it's worthwhile simply to be able to explain the Big Picture to media and other folks that aren't immersed in our field. In these notes, I'm trying to maintain neutrality about the issues. I do have strong opinions about most, but I'll post those separately, often dealing with one issue at a time. more
ICANN today has made a formal demand stating: "Given the magnitude of the issues that have been raised, and their potential impact on the security and stability of the Internet, the DNS and the .com and .net top level domains, VeriSign must suspend the changes to the .com and .net top-level domains introduced on 15 September 2003 by 6:00 PM PDT on 4 October 2003. Failure to comply with this demand by that time will leave ICANN with no choice but to seek promptly to enforce VeriSign's contractual obligations." What follows is a collection of commentaries made around the net and by experts in response to today's announcement...
more
We Internet users, who either own domain names or have an interest in the domain name system, wish to object to the VeriSign's Site Finder system. We believe that the system: 1) Breaks technical standards, by rewriting the expected error codes to instead point to VeriSign's pay-per-click web directory, and threatens the security and stability of the Internet; 2) Breaks technical standards affecting email services, and other Internet systems... more
The Internet, ultimately, is a fragile thing, as an entity. It depends upon the consensus of those responsible for its infrastructure to operate on a daily basis. Because of the inherent robustness as a technical architecture, there is no entity that can "break the Internet" in the sense of stopping the flow of traffic, but there are several entities that can create a variety of inconveniences, some minor and some serious, for the millions who use the Internet. more
The Internet Corporation for Assigned Names and Numbers (ICANN) has released an "Advisory" concerning VeriSign's deployment of DNS wildcard (Site Finder) service: "Since the deployment, ICANN has been monitoring community reaction, including analysis of the technical effects of the wildcard, and is carefully reviewing the terms of the .com and .net Registry Agreements. In response to widespread expressions of concern from the Internet community about the effects of the introduction of the wildcard..." more
A World-Renowned Source for Internet Developments. Serving Since 2002.