Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
NameSmash has interviewed Garth Bruen, Internet security expert and creator of Knujon, on some key issues under discussion during the recent ICANN meetings in San Francisco. Topics include Whois, DNS Security Extensions (DNSSEC) and generic Top-Level Domains (gTLDs) -- issues of critical importance particularly with ICANN's expected roll-out of thousands of new gTLDs in the coming years. more
The CAN SPAM Act of 2003 went into effect a year ago on Jan 1, 2004. As of that date, spam suddenly stopped, e-mail was once again easy and pleasant to use, and Internet users had one less problem to worry about. Oh, that didn't happen? What went wrong? more
The Securities and Exchange Commission has issued an updated guidance for public companies in preparing disclosures about cybersecurity risks and incidents. more
I will try and take a different approach with this post. There are two elements of WLS that I think are most material and are not discussed often enough. They are i) the scope of the original NSI-ICANN contract and ii) the use of multiple accreditations.
...Verisign is paid a sum of money to perform a service. They own neither the primary nor the secondary data. I will not bore you with a recitation of various sections of the agreement nor with long-winded legal arguments. They are for another forum. The implication of this conclusion as it relates to WLS is that any re-registration market service is outside the scope of the original contract and should be treated as any new service should. more
The Estonians have a public version of their cyber security strategy translated into English (currently available offline only). The concept of a national strategy for cyber security is one which I am particularly fond of... The following is the Summary section from the document which might be of interest... more
Timothy D. Morgan's recent paper titled, "IPv6 Address Cookies", seeks to apply the fundamental shift in resource availability brought about by the vastly increased Internet address space in IPv6 to develop a novel, lower cost solution to mitigating spoofed attacks. "Spoofed denial of service attacks have plagued the Internet for a number of years, and show no signs of abating. Research into mitigation techniques has apparently not led to a financially viable solution, and new attacks have been discovered in the wild without being widely anticipated". The following provides an introduction to this paper. more
Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement... more
I've been watching at the excitement build in the domain community, where a lot of people seem to believe that at next month's Singapore meeting, by golly, this time ICANN will really truly open the floodgates and start adding lots of new Top-Level Domains (TLDs). I have my doubts, because there's still significant issues with the Governmental Advisory Committee (GAC) and the US Government and ICANN hasn't yet grasped the fact that governments do not defer to NGOs, but let's back up a little and ask is this a good idea. more
As an applicant in this new gTLD round with quite a few overlapping strings, I've had a keen interest in the various proposed auction platforms. In the past six months the ideas behind private auction have matured significantly and I now see it as a strong mechanism for resolving contention. Following are my observations. more
According to an article in the October 15, 2004 INTA Bulletin, several new "Policies Applicable to ICANN-Accredited Registrars" will be implemented by the end of 2004. The new Restored Names Accuracy Policy tales effect November 12 and requires that a domain name that was deleted due to the submission of false contact data or lack of response to a registrar's inquiries... more
ICANN, APNIC and ARIN recently voiced concerns about comments made by the United Nations (UN) Office of the Secretary-General's Envoy on Technology (OSET), Ambassador Amandeep Gill. These remarks seem to conflate the roles of the technical community and civil society in the Internet ecosystem. more
Earlier this year, I wrote glowingly about the new CIRA whois policy, which took effect today and which I described as striking the right balance between access and privacy. The policy was to have provided new privacy protection to individual registrants - hundreds of thousands of Canadians - by removing the public disclosure of their personal contact information... Apparently I spoke too soon. more
Many news sources are reporting on how Google and other corporations were hacked by China. The reports, depending on vendor, blame either PDF files via email as the original perpetrator, or lay most of the blame on an Internet Explorer 0day. more
When a user of a large mail system such as AOL, Yahoo, or Hotmail reports a message as junk or spam, one of the things the system does is to look at the source of the message and see if the source is one that has a feedback loop (FBL) agreement with the mail system. If so, it sends a copy of the message back to the source, so they can take appropriate action, for some version of appropriate. For several years, ARF, Abuse Reporting Format, has been the de-facto standard form that large mail systems use to exchange FBL reports about user mail complaints. more
Despite widespread concern about the security of mobile and Internet of Things (IoT) applications, organizations are ill-prepared for the risks they pose, according to a research report issued today from Ponemon Institute, IBM Security, and Arxan Technologies. more
A World-Renowned Source for Internet Developments. Serving Since 2002.