Picture this: the still state-owned (51% of shares) Belgian incumbent telecom and Internet operator, Belgacom, is not a dominant player on the ISP market, according to the Brussels appeals court... It is obvious to every inhabitant of Belgium that the incumbent is everywhere. It owns all the copper pairs to homes and a good deal of the fibre. No single Internet or telephony operator can get into the business without transiting through the Belgacom network at some stage. more
A US District Judge in Maine largely granted a motion to dismiss brought by Hannaford in a big data breach case... According to the court, around March 2008, third parties stole up to 4.2 million debit and credit card numbers, expiration dates, security codes, PIN numbers, and other information relating to cardholders "who had used debit cards and credit cards to transact purchases at supermarkets owned or operated by Hannaford." more
George Reese (author of the new book Cloud Application Architectures: Building Applications and Infrastructure in the Cloud) is talking at Gluecon about securing cloud infrastructures. Two recent surveys found "security" was the number one concern of companies considering a move to the cloud. George says the key to making customers comfortable with cloud security is transparency... more
As you may know, there are two laws currently being discussed in Canadian legislative assemblies: Senate Bill S-220, a private member’s bill with private right of action and criminal remedies; Parliamentary Bill C-27, tabled by the government, with private right of action, coordination between various enforcement agencies... more
The term "reputation hijacking" continues to spread through the anti-spam community and the press. It's intended to describe when a spammer or other bad actor uses someone else's system -- usually one of the large webmail providers -- to send their spam. The idea is that in doing so, they're hijacking the reputation of the webmail provider's IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new... more
FttH networks had begun to arrive well before the financial crisis hit, but surprisingly it is the crisis itself that is now driving fibre beyond its first stage. This first stage was basically a continuation of the 100-year-old vertically-integrated telephone business model. This saw more of the same delivered at higher speeds and higher costs, and there was only a limited market that was willing to pay a premium for such a FttH service... more
Using the purchase by Toys "R" Us of Toys.com as an example, I outline the problems that come with using the popular ascending auction design and point out some of the potential strategic uses and signals of the domain name acquisition. Toys “R” Us paid $5.1 million in February 2009 for Toys.com. It outbid five others, including National A-1 Advertising and Frank Schilling... more
In 2001, I published an article on "virtual crime." It analyzed the extent to which we needed to create a new vocabulary -- and a new law -- of "cybercrimes." The article consequently focused on whether there is a difference between "crime" and "cybercrime." It's been a long time, and cybercrime has come a long way, since I wrote that article. I thought I'd use this post to look at what I said then and see how it's held up, i.e., see if we have any additional perspective on the relationship between crime and cybercrime... more
A few months ago, an article appeared on arstechnica.com asking the question "Should cybersecurity be managed from the White House?" During the recent presidential elections in the United States and the federal elections in Canada, the two major players in both parties had differing views that crossed borders. In the US, the McCain campaign tended to favor free market solutions to the problem of cybersecurity, and the Conservatives in Canada took a similar position... more
The Netherlands, a country with just 16 million people, accounts for more than 3 million ccTLDs. That's an impressive ratio of people to domains -- one ccTLD per 5.3 people -- and it the highest ratio of any country with more than five million residents. Germany comes in a close second, with a ratio of roughly one ccTLD per 6.5 people... more
ICANN realized during the Mexico City public meeting that its draft proposals for new generic Top-Level Domains (gTLDs) did not take sufficient account of the trademark problems that might arise if the new top level domains become havens for cybersquatters. ICANN sensibly asked the trademark and brand owners to propose rules and procedures that might address these problems... more
The Intellectual Property Constituency's draft report on trademark issues is now available for comment. The draft report was put together behind closed doors, which would appear to go against the normal policy development process at ICANN, which is quite worrying. Its contents, however, are even more disturbing... more
The NTIA has published a Notice of Inquiry, Assessment of the Transition of the Technical Coordination and Management of the Internet's Domain Name and Addressing System, in advance of the expiration of the Joint Project Agreement in September 2009. The document outlines the history and evolution of the Memorandum of Understanding (MOU) between the Department of Commerce (DoC) and ICANN, and the questions posed cover fairly standard territory. However, the following might be worth paying attention to... more
A recent study suggests Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period. "Over the past few years, botnets have revolutionized the spam industry and pushed spam volumes to epidemic proportions despite the best efforts of law enforcement and the computer security industry. Our intention was to better understand the origins of spam, and the malware that drives it," said Phil Hay, senior threat analyst, TRACElabs (a research arm of security company Marshal8e6)... more
This past February, around 100 DNS industry experts met in Atlanta, GA for the "The Global DNS Security, Stability, & Resiliency Symposium." Organized by ICANN and hosted by Georgia Tech, this event was to strengthen personal relationships between operators and review what we know about the DNS infrastructure... The content included three breakout groups over two days: Enterprise Use of DNS, DNS in Resource Constrained Environments, and Combating Malicious Use of DNS... more
A World-Renowned Source for Internet Developments. Serving Since 2002.