Phishing scams are nothing new in the online security world and show no signs of subsiding. The scam starts when a fraudster sends a communication purporting to originate from a trusted provider and encourages the recipient, often with a conveyed sense of urgency, to click a link. That link leads to a fake site, usually intended to collect confidential login credentials or other personal information. In similar scams, the mail may encourage the recipient to open an attachment loaded with malicious content. more
In many respects the internet is going to hell in a hand basket. Spam, phishing, DNS poisoning, DDoS attacks, viruses, worms, and the like make the net a sick place. It is bad enough that bad folks are doing this. But it is worse that just about every user computer on the net offers a nice fertile place for such ill behavior to be secretly planted and operated as a zombie under the control of a distant and unknown zombie farmer. ...Some of us are coming to the converse point of view that the net is being endangered by the masses of ill-protected machines operated by users. more
As the year comes to a close, it is important to reflect on what has been one of the major actions in the anti-spam arena this year: the quest for email authentication. With email often called the "killer app" of the Internet, it is important to reflect on any major changes proposed, or implemented that can affect that basic tool that many of us have become to rely on in our daily lives. And, while many of the debates involved myriads of specialized mailing lists, standards organizations, conferences and even some government agencies, it is important for the free and open source software (FOSS) community as well as the Internet community at large, to analyze and learn lessons from the events surrounding email authentication in 2004. more
Developments in modern international relations have shown that traditional diplomacy is not capable of sufficiently addressing complex new issues, for example, the environment, health protection, and trade. Governance of the Information Society and the Internet is probably one of the most complex international issues facing diplomacy today. Issues surrounding the Information Society require a multi-disciplinary approach (the various concerns include technology, economy, impact on society, regulatory and legal issues, governance and more); a multi-stakeholder approach (various actors are involved, including states, international organizations, civil society, private sector, and others) and a multi-level approach (decision-making must take place on different levels: local, national, regional and global). Diplo has developed a research methodology which takes all of these approaches into account. Post includes illustration from Diplo Calendar 2004. more
The Digital Marketing & gTLD Strategy Congress has made the following announcement for the keynote, speakers, initial sponsors, partners and dates for the inaugural event taking place March 11 & 12, 2013 in New York City. more
Once in a while, one comes across a new take on history that challenges everything you thought you knew. If you're the type who engages in bar bets with geeks, then this one is a certain gem. In 2001, Equifax submitted to the USPTO a sworn application to register a curious trademark, which eventually issued in 2004 with this data... Aside from the fact that Equifax has never actually held registration of the domain name efx.com, the truly outstanding fact here is that Equifax and/or its attorney has actually sworn to the United States Government that it was using "EFX.COM" as a mark for the provision of providing educational seminars via the internet since February 1975... Until now, I had imagined that Jon Postel added .com to the root in 1985. more
Eric Schmidt, CEO of Google, was interviewed at Gartner Symposium on the future of the Web and enterprise computing. Eric said to about 5000 CIOs attending the event, that Chinese will soon be a dominant language on the net and broadband connections will be so fast that various forms of media -- such as radio and TV -- will be blurred. more
It's Apple's Developers Conference time again, and in amongst the various announcements was week, in the "Platforms Status of the Union" presentation was the mention of Apples support of IPv6. Sebastien Marineau, Apple's VP of Core OS told the conference that as far as IPv4 addresses are concerned, exhaustion "is finally here", noting that this already started in 2011 in the Asia Pacific while in North America IPv4 address exhaustion is imminent. Sebastien noted that it's really important to support IPv6 in devices and applications these days... more
In the wake of the unprecedented boom in mobile broadband, pressure is building around the world for governments and regulators to act quickly and decisively to the frantic demand for more spectrum. The telcos are leading the charge, but the broadcasters are lobbying for their case equally vigorously. The broadcasters do not necessarily need all the spectrum they currently have, but they view mobile broadband and telcos as competitors to their monopoly on video entertainment, so they will do everything to keep them out of that market for as long as possible. more
There's talk that in the battle between the USA and Europe over control of ICANN, which may come to a head at the upcoming World Summit on the Information Society in Tunis, people will seriously consider "splitting the root" of DNS. I've written a fair bit about how DNS works and how the true power over how names get looked up actually resides with hundreds of thousands of individual site administrators. However, there is a natural monopoly in the root. All those site admins really have to all do the same thing, or you get a lot of problems, which takes away most of that power. Still, this is an interesting power struggle. more
There is much talk currently about the WSIS meeting taking place in Geneva this week which means some needed attention is being paid to Internet governance. While some may view the term "Internet governance" as an oxymoron and my natural reaction is something along the lines of "I hope that they continue to view regulation as too complicated so that we Internet-folks can just keep doing what we are doing" I confess to knowing deep down that we would all be better off with a simple, effective policy framework than with the current anarchic state. more
I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach... more
On 24 May, NIST published recommendations that are a key component of the U.S. cybersecurity ecosystem -- known as vulnerability disclosure guidelines. NIST (National Institute of Standards and Technology) is an agency of the Department of Commerce whose mission includes "developing cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public." more
After roughly 19 days of its introduction, VeriSign's Site Finder service was finally shutdown on October 4, 2003 following a "Formal Deadline" issued by ICANN (previously reported here). With the plug pulled, the Internet appears to be returning to its regular status ending a historic event that can be best described as a 'Hurricane' -- a Cyber-Hurricane. What follows is a collection of commentaries and questions raised around the Net in response to this event during and after the final hours of VeriSign's deadline... more
Is the internet on the verge of a meltdown? A non-profit organization, People For Internet Responsibility (PFIR), is concerned that there is the risk of "imminent disruption, degradation, unfair manipulation, and other negative impacts on critical Internet services..." PFIR believes that the "red flag" warning signs of a potential meltdown include "attempts to manipulate key network infrastructures such as the domain name system; lawsuits over Internet regulatory issues... ever-increasing spam, virus, and related problems..." more
A World-Renowned Source for Internet Developments. Serving Since 2002.