In a recent talk at Black Hat, Apple's head of security engineering (Ivan Krsti?) described many security mechanisms in iOS. One in particular stood out: Apple's Cloud Key Vault, the way that Apple protects cryptographic keys stored in iCloud. A number of people have criticized Apple for this design, saying that they have effectively conceded the "Going Dark" encryption debate to the FBI. They didn't, and what they did was done for very valid business reasons -- but they're taking a serious risk... more
For those of us in the domain space, the hype and fanfare in the years leading up to new gTLDs was loud and pervasive. As early as 2010 or 2011, we saw news of their impending launch propagating through marketing and advertising publications, and even popping up on occasion in mainstream press. Yet somewhere along the way (perhaps in the confusion over procedure, dates and deadlines that seemed to plague the process), we seem to have lost the attention of a group vital to the implementation of the new extensions -- marketers. more
The following is based on my experience and interpretation of the UDRP and the relevant laws of the United Kingdom and European Union. This is not legal advice but just my own experience and interpretation. How does a UK citizen create a non-commercial trademark.tld parody criticism website and avoid harassment from the trademark holder? Here are the steps... more
On World IPv6 Day IPv6 showed a pulse! However faint that global pulse may have been, our network showed at least some form of IPv6-life occurred on that day. Long supporters of IPv6, with a significant global DNS footprint handling extremely large volumes of global traffic we, at CommunityDNS, were curious on what may result through an organized focus on the use of IPv6. more
Something has been bothering me for several months, and that usually manifests in a blog at some point. During the COVID-19 crisis, the FCC and big ISPs have repeatedly said that the only reason our networks weathered the increased traffic during the pandemic was due to the FCC's repeal of net neutrality and deregulation of the broadband industry. Nothing could be further from the truth. more
In passing the baton for combating cybersquatting to the Internet Corporation for Assigned Names and Numbers (ICANN) the World Intellectual Property Organization (WIPO) recommended that "claims under the administrative procedure [should not] be subject to a time limitation" (Final Report, Paragraph 199). ICANN agreed and the UDRP contains no limitation period for making a claim. The absence of a limitation period does not necessarily forego applying equitable defenses for delay, but the consensus of Panels appointed to decide disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP) is that they are not applicable in countering cybersquatting claims. more
I wonder how much botnets reuse IP addresses. Do they infect a system and spam, get blocked, discard the IP and move onto the next (new) one? This means that they have a nearly unlimited supply of IP addresses. Or do they infect a system and spam, get blocked, and then let it go dormant only to awaken it some time later? I decided to take a look. more
Now that ICANN has stuck to its guns and only placed 4 new gTLD's strings that look confusingly similar into contention sets, rather than those that sound identical, such as .inc and .ink or those that have the same meaning like .Law and .Lawyer or those that are singular and plurals of the same word, like .deal and .deals, we now that many new gTLD's are going to have a very a tough marketing road and face a lot of consumer confusion. more
On June 9 CircleID published an insightful article by Thomas Rickert entitled "Demystifying Art 28 NIS2." In that piece Thomas set forth two alternative interpretations of Article 28(6) of NIS2, and argued that TLD registries should not be required to maintain a separate database of the registrant data under NIS2. In my view, Thomas' approach is inconsistent with the remainder of Article 28, and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states. more
Modern travel means interminable waits, but it's a good time for reading. I finally read Wireless Pittsburgh: Sustainability of Possible Models for a Wireless Metropolitan-Area Network by Jon M. Peha, published in February as a working paper of the New America Foundation. The good news: it's full of interesting cost estimates and projected subscriber take rates based on specific demographics in Pittsburgh, Minneapolis and Philadelphia... The flaws in this study...
more
The term "reputation hijacking" continues to spread through the anti-spam community and the press. It's intended to describe when a spammer or other bad actor uses someone else's system -- usually one of the large webmail providers -- to send their spam. The idea is that in doing so, they're hijacking the reputation of the webmail provider's IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new... more
The highest court in Germany has ruled against telephone and email data retention used to track criminal networks. Melissa Eddy of the Global and Mail reports: "A law ordering data on calls made from mobile or landline telephones and e-mail exchanges be retained for six months for possible use by criminal authorities violated Germans' constitutional right to private correspondence, the Federal Constitutional Court ruled. In its ruling, the court said the law failed to sufficiently balance the need for personal privacy against that for providing security."
more
Over 75 consumer groups in U.S. and Europe have asked the US Federal Trade Commission (FTC) to investigate Google for unfairly and deceptively manipulating users of mobile phones with its Android operating system by constantly tracking location. A letter sent to the FTC by the Transatlantic Consumer Dialogue (TACD), a forum of US and EU consumer organizations, says Google manipulates users into constant location tracking. more
Neustar has sent the following letter to ICANN. Neustar sent the letter to urge caution to ICANN before launching the batching process to promote competition and choice for consumers in a fair and balanced manner... "Neustar has long been an advocate for the introduction of new generic top level domains. Given the long and sometimes arduous road the ICANN community has traveled to get to this point in the process, we are understandably anxious to avoid unnecessary delay in the launch of new gTLDS." more
There are more than just blue, black and white hat hackers. There are a few more types of folks out there that don't fit into the above categories. This article is taken from Stratfor with some commentary by myself... Many of the hackers described in my previous post are also coders, or "writers," who create viruses, worms, Trojans, bot protocols and other destructive "malware" tools used by hackers... more
A World-Renowned Source for Internet Developments. Serving Since 2002.