Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
How do you keep track of what new generic top-level domains (newgTLDs) are now available? Particularly when there seem to be new ones being announced weekly? Because I've written about newgTLDs here previously, someone recently asked me those questions... Now, these are the newgTLDs that have been delegated by ICANN, meaning that they now appear in the "root zone" of DNS. This does NOT mean that you can go right now and register a domain underneath one of these new TLDs. more
In a recent decision, a World Intellectual Property Organization (WIPO) domain name arbitration panel dismissed a complaint filed by the Mexican Tourist Board (MTB) against Latin America Telecom (LAT) concerning the domain name "mexico.com." The panel went so far as to find that the complaint was brought in "bad faith" and made a finding of attempted "Reverse Domain Name Hijacking" against the MTB. ...In its complaint, the MTB argued that LAT had registered the domain name in "bad faith" in order to sell it for a profit at a later date. more
On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers! more
The growth of broadband customers has looked spectacular over the past year during the pandemic. It's easy to chalk up higher broadband customers nationwide to the need for households to be connected during the pandemic. But as I look back on what's happened during the last year, I can't help but wonder if the broadband stats we are seeing are somehow overinflated. more
The European Union's cloud computing strategy couldn't come at a better time as the region lags behind the rest of the world when it comes to cloud computing usage. The EU announced its cloud computing strategy last month and is optimistic it will create new jobs and help boost a struggling economy. An information campaign is necessary if the EU is to overturn the misunderstanding and general lack of knowledge about the cloud. more
Internet security has been a primary focus this week for more than 1100 engineers and technologists from around the world gathered at the 88th meeting of the Internet Engineering Task Force (IETF). Participants are rethinking approaches to security across a wide range of technical areas. more
How prevalent is cybersquatting and typosquatting? Take a look at www.wipo.com, and then compare it with the World Intellectual Property Organization's web site www.wipo.org. Ironically, the WIPO Arbitration and Mediation Center handles a majority of the UDRP domain dispute arbitrations internationally. The very organization which is invested with the authority by ICANN to resolve cybersquatting and typosquatting disputes internationally under the UDRP is, by all appearances, being squatted. Here are two apparent typosquatters... more
After almost four years, ICANN has announced that they have adopted a new domain name transfer policy that make it much easier for domain name registrants to do business with the ICANN accredited Registrar of their choosing. Highlights from this new policy include; streamlined definition of responsibilities as it relates to the management of the domain name. Under the new policy, only the Administrative Contact or Registrant can authorize a domain name transfer to a new service provider... more
Nearly 92 percent of malware use DNS to gain command and control, exfiltrate data or redirect traffic, according to Cisco's 2016 Annual Security Report. It warns that DNS is often a security "blind spot" as security teams and DNS experts typically work in different IT groups within a company and don't interact frequently. more
As a follow up to ICANN's Special Meeting of the Board on February 18, 2004, previously reported here on CircleID, the following resolution was reached on the WLS Negotiations with VeriSign: "During this Board Meeting, the Board authorized the public posting of the 26 January 2004 letter setting forth the results of the negotiations and asked that this matter be placed on the Board's agenda for the publicly-held Board Meeting for 6 March 2004 in Rome, Italy." more
ICANN hosted a Resolver Operator Forum in mid-December, and the session had several interesting presentations that I would like to comment on here... The first presentation in this forum was from Paul Mockapetris. He pointed to the original academic published paper, Development of the Domain Name System, by Paul Mockapetris and Kevin Dunlap, published in the proceedings of ACM SIGCOMM’88. The paper noted that by 1983 it was obvious that the shared HOSTS.TXT file was not a scalable solution... more
DMARC is what one might call an emerging e-mail security scheme. It's emerging pretty fast, since many of the largest mail systems in the world have already implemented it, including Gmail, Hotmail/MSN/Outlook, Comcast, and Yahoo. DMARC lets a domain owner make assertions about mail that has their domain in the address on the 'From:' line. It lets the owner assert that mail will have a DKIM signature with the same domain, or an envelope return (bounce) address in the same domain that will pass SPF validation. more
Much has been said in recent weeks about various forms of cyber spying. The United States has accused the Chinese of cyber espionage and stealing industrial secrets. A former contractor to the United States' NSA, Edward Snowden, has accused various US intelligence agencies of systematic examination of activity on various popular social network services... These days cloud services may be all the vogue, but there is also an emerging understanding that once your data heads into one of these clouds, then it's no longer necessarily entirely your data; it may have become somebody else's data too... more
This blog post and the associated report aim to provide an overview of DNS Abuse 1related issues the Governmental Advisory Committee (GAC), part of the ICANN multi-stakeholder model, has identified. We also summarize the relevant community activity taking place to address these areas of interest and highlight remaining gaps. From 2016 to June 2023, the GAC referenced four primary categories of activity related to DNS Abuse. more
A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security... more
A World-Renowned Source for Internet Developments. Serving Since 2002.