The European Commission is apparently considering the promulgation and adoption of a directive that would, at least in part, criminalize botnets. As I understand it, the premise behind adopting such a directive is that since botnets are capable of inflicting "harm" on a large scale, we need to separately criminalize them. I decided to examine the need for and utility of such legislation in this post. more
The Internet Governance Forum is winding down today in Sharm El Sheikh, Egypt. There have been a lot of very constructive conversations in workshops and panels over the past four days about how to advance security, privacy, child protection, AND human rights and free expression on the Internet. Unfortunately, the biggest headline coming out of the forum so far has been an incident on Sunday... more
As we all know by now, last week, on Thursday, August 7, Twitter was hit with a denial-of-service attack that took it down for several hours. Other social networking sites like Facebook, LiveJournal, Youtube and Blogger were also hit. They managed to repel the attack although Facebook was not quite as successful as the other larger players. The theory floating about at the moment is that this was a politically oriented play designed to target one guy: a blogger. We are nearing the 1-year anniversary of a the Russian/Georgian 2008 war. There is a pro-Georgian blogger by the username of "Cyxymu" who had accounts on all of these services. more
We've talked about the conflicts between our ICANN contract and privacy law in the past. Not once, not twice, but multiple times. We refused to sign the 2013 Registrar Accreditation Agreement (RAA) with ICANN until we'd received a data retention waiver. That decision probably cost us money, but if we have to choose between operating legally or illegally our path is clear. more
I read with interest that ICANN opened up yet another comment period on new TLDs. I believe that I speak for many when I question whether ICANN is opening up these comment periods in good faith, or instead whether these are smokescreens, mere distractions to pretend that ICANN is "listening" to the public while staff and insiders proceed with predetermined outcomes. more
The Denver edition of Security BSides took place a few weeks ago in a garage turned art gallery on the far end of Denver's emerging Santa Fe Arts District, right on the border between historic working-class neighborhoods and a rambling wasteland of building supply warehouses. ... The presentation I enjoyed most was "Top 10 Ways IT is Enabling Cybercrime," presented by Daniel J. Molina from Kaspersky Labs. He described how quickly threats are evolving, how many new threats are appearing every day, and explained that the targets aren't always who you'd expect. more
Who would have thought that typewriters and handwritten letters would ever be back in fashion? But back in 2013 it was reported that Russia was buying large quantities of typewriters. When this was further investigated the country denied that this was for security reasons. Since the Snowden revelations there has been a further rush on typewriters, both by government officials and by a range of, mainly corporate, businesses. more
Naming is the first imperative. It precedes the launching of new lives as much as it does new businesses. Names secure a presence, and for businesses in the marketplace names can grow into trademarks, if they function like one. Are we not sometimes made aware that not all names are equally distinctive, and that some of them are distinctly commonplace? more
Responding to recent controversies over Google-Verizon deal, Richard Whitt, Google's Washington Telecom and Media Counsel writes: "Over the past few days there's been a lot of discussion surrounding our announcement of a policy proposal on network neutrality we put together with Verizon. On balance, we believe this proposal represents real progress on what has become a very contentious issue, and we think it could help move the network neutrality debate forward constructively. We don't expect everyone to agree with every aspect of our proposal, but there has been a number of inaccuracies about it, and we do want to separate fact from fiction." more
As part of a larger effort to make the internet more private, the IETF defined two protocols to encrypt DNS queries between clients (stub resolvers) and resolvers: DNS over TLS in RFC 7858 (DoT) and DNS over HTTPS in RFC 8484 (DoH). As with all new internet protocols, DoT and DoH will continue to evolve as deployment experience is gained, and they're applied to more use cases. more
When I last wrote about the NETmundial Initiative (NMI) project developed by the World Economic Forum (WEF) in conjunction with ICANN it was noted that its August 28th announcement event "ended with significant dissent from the broad groups comprising "civil society", and only lukewarm support from the business sector". Indeed, during the concluding session on that late summer day, "NTIA head Larry Strickling appeared to startle the participants when he intervened to observe that perhaps the event was over-engineered... more
CENTR, the body which represent of European domain registries, will be holding its annual awards again this year. What's different for 2017 however is that they've added a new category: "Registry of the Year Award" ... And unlike with the other award categories, this one is open for voting to the registrar channel. The online voting or ranking is open now and is open to registrars who have a direct relationship with the registries. more
A paper published by researchers from the Chinese Academy of Sciences, reports a successful demonstration of satellite-based entanglement distribution to receiver stations separated by more than 1200 km -- the results illustrate the possibility of a future global quantum communication network. more
The antivirus industry has been trying to deal with false positive detection issues for a long, long time - and it's not going to be fixed anytime soon. To better understand why, the physicist in me draws an analogy with Heisenberg's Uncertainty Principle - where, in its simplest distillation, the better you know where an atom is, the less likely you'll know it's momentum (and vice versa) - aka the "observer effect". more
As I read through multiple postings covering the proposed Computer Fraud and Misuse Act, such as the ever-insightful writing of Rob Graham in his Obama's War on Hackers or the EFF's analysis, and the deluge of Facebook discussion threads where dozens of my security-minded friends shriek at the damage passing such an act would bring to our industry, I can't but help myself think that surely it's an early April Fools joke. more
A World-Renowned Source for Internet Developments. Serving Since 2002.