Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Guilllaume Rischard setup a parody on verisign.com using the IDN spoofing trick. He managed to get one registrar to register verisign.com with a cyrillic S (U+0405) (ie xn--veriign-mog.com :-) This actually started in #joiito a couple of weeks ago after the Eric published the spoofing attack paper. A joke was made that it would be funny if someone did it to verisign.com and so he did. I suppose I could rant why VeriSign should adopt the JET Guideline (or ICANN Guidelines) but this parody would send a louder message. more
OK, you know things are getting bad when Ameritrade leaks its customer information yet again, and I don't even bother to report it because it's not news anymore. Well, recent updates to the story have prompted me to correct that omission. Yes, it happened again. Roughly a month ago, correspondents began to receive pump-n-dump spam to tagged email addresses which they had given only to Ameritrade... This now marks the third major confirmed leak of customer information from Ameritrade. In addition, the Inquirer reported the loss of 200,000 Ameritrade client files in February 2005. One correspondent informs me that this has happened to him on four or five previous occasions. more
There have been a number of attacks on the root name servers over the years, and much written on the topic. (A few references are here, here and here.) Even if you don't know exactly what these servers do, you can't help but figure they're important when the US government says it is prepared to launch a military counterattack in response to cyber-attacks on them. more
A recent press release from the Internet Society reports that the IETF will shortly publish specifications of SPF and Sender-ID in the RFC series. What does this mean for the future? ...More than 4000 documents have been published in the RFC series since the first RFC in 1969, relatively few of which have evolved into Internet standards. Each RFC is characterized when published as standards-track, best current practice, informational, experimental, or historical. These four RFCs, three describing Sender ID and one describing SPF, are all experimental. more
I've always been a fan of co-ops. In New York, we shop at greenstar.coop and my wife banks at alternatives.coop, in the UK we shop at co-operative.coop. So when the .COOP domain opened, I wondered if I could get my own clever domain name, but found that chicken.coop was taken by a small producer co-op in the southern U.S. Drat. more
Netscout recently released its latest Threat Intelligence Report that documents DDoS attacks in the second half of 2024. As has been the trend for many years, the largest target of DDoS attacks has been ISP networks. There were over 8.9 million DDoS attacks documented in the second half of last year, up 12.75% over the first half of the year. more
Electronic Frontier Foundation (EFF) released a letter today stating "companies and organizations that run the Internet's domain name system shouldn't be in the business of policing the contents of websites, or enforcing laws that can impinge on free speech. more
It is time to recognize the Internet as a public good - freely available like other basic infrastructures such as roads and sidewalks. In 1989 Tim Berners-Lee created the World Wide Web by taking advantage of open connectivity available among universities and research institutions. Today we see that same open connectivity within corporations, in our homes, and on university campuses. more
I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more
Here we are, half-way through this list of the top 10 IPv6 security myths! Welcome to myth #6. Since IPv6 is just now being deployed at any real scale on true production networks, some may think that the attackers have yet to catch up. As we learned in Myth #2, IPv6 was actually designed starting 15-20 years ago. While it didn't see widespread commercial adoption until the last several years, there has been plenty of time to develop at least a couple suites of test/attack tools. more
Elon Musk packed a lot about SpaceX and Starlink into a 32-minute interview at the 2021 Mobile World Congress and ended with a discussion of his motivation and the roles of his three companies - SpaceX, Starlink, and Neuralnk. Let's start with the SpaceX and Starlink update and conclude with the philosophy and motivation. (Scroll to the end of the post for the video of the interview). more
According to a 2017 Black Hat Attendee Survey, cyberattacks on U.S. enterprise and critical infrastructure are coming soon, and in most cases defenders are not prepared. more
Five years ago today, the ICANN Board committed to opening a second application window for the New gTLD Program as expeditiously as possible. The same resolution also directed the ICANN CEO to publish a document describing the work plan required prior to initiating a second application window. Ask a Board member or ICANN staff when they expect the next application window to open, and they will inevitably suggest 2020 -- another three years away. more
25 years ago, on April 22, 1993, a software release happened that fundamentally changed the user experience of the Internet. On that day, version 1.0 of "NCSA Mosaic for the X Window System" was released. You could now have (gasp!) text MIXED WITH IMAGES on the same page! Reading the Mosaic 1.0 release notes from Marc Andreessen is a bit of fun, as it includes gems like "Fixed mysterious stupid coredump that only hits Suns." more
In the last few years there have been many discussions on how the Internet is governed, and how it should be governed. The whole World Summit on the Information Society (WSIS) ended talking about this problem. It caused exchange of letters between the US Secretary of State and the European Union presidency. And it caused a public discussion, organized by the US Department of Commerce on that issue. I saw some reflection of this discussion and here are some comments on that. My colleague Milton Mueller of the Syracuse University sent me an e-mail today in which, among other, it says, "A global email campaign by IGP generated comments from 32 countries... more
A World-Renowned Source for Internet Developments. Serving Since 2002.