It's not particularly clear whether a marketing intern thought he was being clever or a fatigued pentester thought she was being cynical when the term "Purple Team Pentest" was first thrown around like spaghetti at the fridge door, but it appears we're now stuck with the term for better or worse. Just as the definition of penetration testing has broadened to the point that we commonly label a full-scope penetration of a target's systems with the prospect of lateral compromise and social engineering as a Red Team Pentest -- delivered by a "Red Team" entity operating from a sophisticated hacker's playbook. more
U.S. Sen. Roger Wicker, chairman of the Committee on Commerce, Science, and Transportation, announced today that it will convene a hearing titled, "Policy Principles for a Federal Data Privacy Framework in the United States." more
40 years ago the Request for Comments (RFC) process for the Internet was born. The RFC process continues to be the way Internet protocols are expressed today. We have one very special man to thank for this and his name is Dr. Stephen D. Crocker. He has played a key role in shaping the modern day Internet. For this, I felt that a special tribute to him was in order as we take a look at his countless contributions from the foundation of the Internet to the Internet as we know it today. more
Earlier this year, Google quietly terminated its "Mobile Network Insights" service, which provided wireless carriers globally, information on network performance in various locations. more
Not satisfied with seizing domain names, the Department of Homeland Security asked Mozilla to take down the MafiaaFire add-on for Firefox. Mozilla, through its legal counsel Harvey Anderson, refused. Mozilla deserves thanks and credit for a principled stand for its users' rights. more
The Canadian International Pharmacy Association (CIPA) recently commented on the Competition, Consumer Trust and Consumer Choice Review Team (CCTRT) Draft Report of Recommendations for New gTLDs. In particular, on the primary questions posed: The CCTRT is seeking input on its Draft Report, which assesses whether the introduction or expansion of gTLDs has promoted competition, consumer trust and consumer choice in the DNS... more
This past week brought word that the first nine Latin / ASCII "new Generic Top Level Domains (newgTLDs)" were delegated by ICANN and are now found in the root of DNS. This means that the registries behind these newgTLDS can now start the process of making "second-level domains" (the ones we normally register) available in each of these TLDs. more
The FCC recently published some tools to let consumers measure some internet characteristics. The context is the FCC's "National Broadband Plan". I guess the FCC wants to gather data about the kind of internet users receive today so that the National Broadband Plan, whatever it may turn out to be, actually improves on the status quo. The motivation is nice but the FCC's methodology is technically weak. more
ICANN's authority to manage top level of the DNS comes from a two-year Joint Project Agreement (JPA) signed with the US Department of Commerce in 1997, since extended seven times, most recently until September 2009. Since the DoC can unilaterally cancel the JPA which would put ICANN out of the DNS business, when DoC speaks, ICANN listens. On Thursday, the US DoC sent a scathing letter to ICANN about the proposed plan to sell large numbers of new top-level domains (TLDs). There's a long list of issues... more
The cloud computing paradigm has been making steady progress in 2016. With the DevOps model making its way from cloud to networking, the business upside of fully automated service architectures is finally beginning to materialize. The associated service agility is expected to unleash new business models that transform the ways in which applications and connectivity can be consumed. more
In response to the Washington Post's December 11 article title "What's the .rush?", directed at the expansion of new TLDs, Rod Beckstrom, ICANN's President and CEO has replied in a letter to the Washington Post stating: ""The program of the Internet Corporation for Assigned Names and Numbers (ICANN) to open the Internet to new top-level domain names (TLDs) has been anything but rushed..." more
A factual paper prepared in October 2009 for and endorsed by the Chief Executive Officers of ICANN and all the Regional Internet Registries that provides answers to commonly asked questions about IPv6 such as: How are allocations made, and to whom? How are IPv6 addresses actually being allocated? And why did such large IPv4 address allocations go to US organizations, including the US Government, and its Department of Defense? more
Everyone has heard of the cyber security attacks on Target (2013), Home Depot (2014), Neiman Marcus (2014), Sony Pictures (2014), and the United States' second-largest health insurer, Anthem (reported February 2015), but have you heard of the security breaches for Aaron Brothers, Evernote (denial of service attack), P.F. Chang's China Bistro, Community Health Services, Goodwill Industries, SuperValu, Bartell Hotels, Dairy Queen, U.S. Transportation Command contractors, and more. more
Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd. A few people have suggested that the problem is that OpenSSL is open source, and code this important should be left to trained professionals. They're wrong. more
All mobile providers in the UK will be banned from buying new Huawei 5G equipment after 31 December and ordered to remove all the Chinese firm's 5G kit from their networks by 2027. more