The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks. Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. more
Reported in the Washington Post no less: "Dell Takes Cybersquatters to Court". As reported a few weeks ago, this is a very thorough action targeting certain practices and practitioners... I'm surprised a suit this thorough didn't name Google as a co-defendant. Then again, maybe it's not that surprising because Google offers a well liked product, has a lot more money; and a search partnership with Dell that allows Dell to share in the profit when its users engage in "right of the dot" typosquatting on Dell keyboards. It's funny, because one day, Dell could find itself on the defendant's side of the courtroom... more
Total number of Business Email Compromise (BEC) related crimes have reached epidemic levels, at nearly $3.1 billion in losses and involving 22,143 victims worldwide since January 2015, according to a new FBI report. more
For people attending The Internet and Television Exchange (INTX), the redubbed Cable Show for 2015, enabling technologies are as important as always, but the transformation of business models in the video delivery industry has certainly cast a huge grip on an industry caught in the middle of a seismic change -- driven by ever-increasing broadband speeds, mobile access to content, and yes, disruptive Over-The-Top (OTT) offerings. more
Content inspection is a poor way to recognise spam, and the proliferation of image spam recently drums this home. However if one must use these unreliable techniques, one should bring mathematical rigour to the procedure. Tools like SpamAssassin combine content inspection results, with other tests, in order to tune rule-sets to give acceptable rates of false positives (mistaking genuine emails for spam), and thus end up assigning suitable weights to different content rules. If one is going to use these approaches to filtering spam, and some see it as inevitable, one better know one's statistics... more
I have written a lot about the potential of low-Earth orbit (LEO) satellites for Internet service, but have not said much about medium-Earth orbit (MEO) satellites - until now. O3b (other three billion) is an MEO-satellite Internet service provider. Greg Wyler founded the company, and it was subsequently acquired by SES, a major geostationary-orbit (GSO) satellite company. (Wyler moved on to found future LEO Internet service provider OneWeb). more
ICANN sent a 10-page letter to RegisterFly on February 21st threatening to terminate its accreditation. The letter is available here. ICANN's not exactly advertising this -- no conspicuous notice appears on its home page and, more curiously, no update has been posted by the Ombudsman despite two prior postings about RegisterFly in the past week. A member of the general public would be hard pressed to find out that any action has been threatened. more
Leading Moscow-based anti-virus software provider Kaspersky Lab is planning to open a data center in Switzerland to address Western government concerns that Russia exploits its anti-virus software to spy on customers, according to a report from Reuters on Wednesday. more
Successful companies already understand the importance and impact of brand control in domain names. No company would ever consider using hotmail.com or gmail.com email addresses for official business. A decade ago, did companies invest in Geocities or Tripod URLs, or did they promote their own domain names? Today, if a company hosts its blog with WordPress.com, do they take the default brand.wordpress.com Web address, or do they upgrade to their own branded second-level domain name? more
I got an e-mail from someone currently attending the Internet Governance Forum (IGF) meeting in Geneva. The e-mail ended up in my spam folder because the IP address used for the wireless LAN at the meeting is on a spambot/virusbot blacklist, namely cbl.abuseat.org. Apparently some guy there has his computer infected by a spambot or a virusbot... more
Post-Thanksgiving is a time of reflection where we are thankful for technological improvements that allow us to succeed. Every-so-often, technology comes along that not only improves our business but can also help the world. Cloud computing is such a technology. Transitioning to the cloud is a good choice for just about any business, for several reasons. Cloud applications offer scalability, performance, cost-effectiveness and easy mobile access. more
When a user of a large mail system such as AOL, Yahoo, or Hotmail reports a message as junk or spam, one of the things the system does is to look at the source of the message and see if the source is one that has a feedback loop (FBL) agreement with the mail system. If so, it sends a copy of the message back to the source, so they can take appropriate action, for some version of appropriate. For several years, ARF, Abuse Reporting Format, has been the de-facto standard form that large mail systems use to exchange FBL reports about user mail complaints. more
Well, it's a yearly tradition in the western hemisphere that at the end of the year, we compose a top 10 list of the 10 most
The battle to purge child abuse images from the Internet has been lost. That doesn't mean that we can't or shouldn't continue to work towards the elimination of image-based abuse. But it is widely acknowledged by law enforcement, reporting hotlines, and prevention groups alike that this can't be achieved merely by censoring images from the Internet and by criminalizing those who access or share them – which are the only strategies that society has focused on until now. more
This post examines whether the new gTLDs program is a disruptive innovation to the dominance of .com. I then use the idea of disruptive innovation to explain the relative adoption failure of previous generic Top-Level Domains (gTLDs), such as .biz, .info and .mobi. Harvard Professor Clayton Christensen's theory of disruption explains battles between market entrants and incumbents. Examples of markets transformed by disruptive innovations include classified ads (Craigslist), long-distance calls (Skype), record stores (iTunes), research libraries (Google), encyclopedias (Wikipedia), and taxis (Uber). more