Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Now, I don't like the word "whither" any more than you do. But this Reuters article was circulating yesterday and it seemed to call for a "whither." It's a short story, so let's do a close reading. "A U.N.-sponsored panel aims to settle a long-running tug of war for control of the Internet by July and propose solutions to problems such as cyber crime and email spam, panel leaders said on Monday." We're going to decide what "internet governance" is by July? more
This morning, at 10 am in 2141 Rayburn, the Subcommittee on Courts, the Internet, and Intellectual Property is holding a hearing on "Internet Domain Name Fraud -- New Criminal and Civil Enforcement Tools." At that hearing, the Subcommittee will be considering a new Whois bill creating new penalties for people who provide false data when registering a domain name. We need to raise our collective eyebrows at this bill (which was suddenly dropped the evening before this hearing). The title of the bill is the "Fraudulent Online Identity Sanctions Act." (FOISA) more
Guilllaume Rischard setup a parody on verisign.com using the IDN spoofing trick. He managed to get one registrar to register verisign.com with a cyrillic S (U+0405) (ie xn--veriign-mog.com :-) This actually started in #joiito a couple of weeks ago after the Eric published the spoofing attack paper. A joke was made that it would be funny if someone did it to verisign.com and so he did. I suppose I could rant why VeriSign should adopt the JET Guideline (or ICANN Guidelines) but this parody would send a louder message. more
ICANN has posted its suggested .net agreement [PDF]. The new draft puts the ICANN Board and the Names Council firmly in control of the registry's future, and represents a substantial change to the existing registry contracts. No one gave ICANN the power to do this, and it is strange that no approval by anyone -- including the US Dept of Commerce -- is being sought to make this happen. ICANN is taking the occasion of the .net rebid to restructure its entire relationship to the world. more
Go Daddy Software, Inc. has filed a lawsuit in Federal District Court in Arizona against VeriSign Inc., seeking a temporary restraining order against VeriSign's new Site Finder service, a paid-advertising page VeriSign has established on the Internet to which the traffic associated with mistyped, and other, domain names will be directed. Go Daddy's lawsuit claims that VeriSign is misusing its position as the .com and .net domain registry to gain an unfair competitive advantage by intercepting (and profiting from) internet traffic resulting from the scores of invalid domain names that are typed into users' browsers on a daily basis. more
Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental... more
In the absence of any formal announcements, news of Google being accredited by ICANN as a domain name registrar, spread fast in the media today after it was first reported by Bret Fausett on Lextext -- see Google is a Registrar. The company has since mentioned that "Google became a domain name registrar to learn more about the Internet's domain name system," and that it has no plans to sell any domain names at the moment. However, speculations on what Google could do as an accredited registrar are far and wide. Here are ten, listed in no particular order... more
Many registrars have gotten complacent about reforming the Whois-Privacy relationship. After all, they can sell additional privacy protection to their subscribers for an extra $5-10. Seems like a perfect "market oriented" interim solution, as the so-called "bottom up" policy development process of ICANN figures out how to provide tiered access. Not so fast. more
ICANN is now seeking public comments regarding the .net bids. Unlike before, I am not going to offend one friend or another by siding with one proposal over another. They are all qualified and experienced registry operators. Instead, I will make some general observations. 1. None of the Revenue and Pricing Model (i.e. Section 4) about the bids are available to public... more
Yesterday was the deadline for the submissions of responses to the .NET re-bid RFP. As of my last count, there are five companies that I am aware of that submitted proposals for the .NET rebid. Three of these were quite publicly announced, Afilias, Denic, and Verisign. The other two bidders are Multi-Stakeholder groups. Sentan and Core++. Sentan appears to be a Joint Venture between .jp and Neulevel, and Core++ is ISC, Telfonica, and .br, with participation from Core, Nida (.kr), and .zaDNA (.za). more
Given the recent panix.com hijacking, I will give an outline of the current ICANN transfers process for gtlds. In the case of panix.com, evidence so far indicates that a third party that holds an account with a reseller of Melbourne IT, fraudulently initiated the transfer. The third party appears to have used stolen credit cards to establish this account and pay for the transfer. That reseller is analyzing its logs and cooperating with law enforcement. more
There's a thread on NANOG to the effect that Panix, the oldest commercial Internet provider in New York, had its domain name 'panix.com' hijacked from Dotster over to MelbourneIT and it has pretty well taken panix.com and its customers offline. Looks like this may be among the first high-profile unauthorized transfer under the new transfer policy. It begs the question, despite the existence of the dispute policy under the new system, what provisions should there be for a situation like this where every hour causes untold damage to the party in question... more
The NANOG list yesterday was the virtual equivalent of a nearby nocturnal car alarm: "panix.com has been hijacked!" (whoo-WEE, whoo-WEE); "those jerks at VeriSign!" (duhhhhh-WHEEP, duhhhh-WHEEP); "no one's home at Melbourne IT!" (HANK, HANK, HANK, HANK). Finally, on Monday morning in Australia, the always-competent and helpful Bruce Tonkin calmly fixed the situation. So the rest of us can get some sleep now. But as we nod off in the quietness, let's consider just exactly what happened here. more
A friend pointed me to the latest Internet Society budget for 2005 :- ISOC is expecting PIR (ie, .ORG) to contribute 3.4M to the society! Wow, thats 2-3x as much as what Internet Society gets from its membership! I think that's pretty neat because ISOC has been in the red for many years and could certainly use some help financially. After all, it is hosting IETF and also paying for the IANA registry and RFC-Editors, all of which is critical to the Internet standardization process... more
Ensuring federal cybersecurity is essential to protecting national security. According to some media reports, recommendations have been made to the Bush Administration to "create a distinct administrative cybersecurity position within the Homeland Security Department to oversee progress in the federal government and act as a liaison with private industry." However, before new bureaucracy is created, it is important to recognize the practical cybersecurity policies and projects that are already being undertaken by the Administration. more
A World-Renowned Source for Internet Developments. Serving Since 2002.