/ Most Commented
Not Quite Two Factor, or Is Your Phone Number Really Something You Have?
A recent article in the New York Times Dealbook column reported on phone number hijacking, in which a bad guy fraudulently takes over someone's mobile phone number and used it to reset credentials and drain the victim's account. It happens a lot, even to the chief technologist of the FTC. This reminds us that security is hard, and understanding two-factor authentication is harder than it seems. more
- John Levine
- Comments: 2
- Views: 11,102
Where to Search UDRP Decisions
Searching decisions under the Uniform Domain Name Dispute Resolution Policy (UDRP) is important - for evaluating the merits of a potential case and also, of course, for citing precedent when drafting documents (such as a complaint and a response) in an actual case. But, searching UDRP decisions is not always an easy task. It's important to know both where to search and how to search. Unfortunately, there is no longer an official, central repository of all UDRP decisions that is freely available online. more
- Doug Isenberg
- Comments: 2
- Views: 11,974
Some Whois Lookup Services Might be Broken
There are thousands of sites and services on the 'net that offer domain name whois lookup services. As of last night, many of them may have stopped working. Why? Many of them rely on fairly rudimentary software that parses the whois from Verisign (for .com and .net) and then relays the query to the registrar whois. The site or service then displays the whois output from the registrar's whois server to you. more
- Michele Neylon
- Comments: 2
- Views: 18,139
Cars.com $850 Million Valuation: Methodology Critique
Here is a critical look at a recent online essay about the methodology to estimate the value of the domain name cars.com, which was estimated to be $850 million. Not about estimation of valuation model's parameters' nor whether the estimate is too low or too high. Rather its valuation methodology... The purpose of a valuation is Important. Absolute valuation of any asset is its value when put to its best use. more
- Alex Tajirian
- Comments: 2
- Views: 12,697
Major Flaw Found in WannaCry Raises Questions on Whether it was Really a Ransomware
An extensive analysis of WannaCry seems to indicate attackers would be unable to determine which users have paid the ransom and they cannot decrypt on a per-user basis. more
- CircleID Reporter
- Comments: 2
- Views: 10,689
Hidden in Plain Sight: FCC Chairman Pai’s Strategy to Consolidate the U.S. Wireless Marketplace
While couched in noble terms of promoting competition, innovation and freedom, the FCC soon will combine two initiatives that will enhance the likelihood that Sprint and T-Mobile will stop operating as separate companies within 18 months. In the same manner at the regulatory approval of airline mergers, the FCC will make all sorts of conclusions sorely lacking empirical evidence and common sense. more
- Rob Frieden
- Comments: 2
- Views: 10,913
Patching is Hard
There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more
- Steven Bellovin
- Comments: 2
- Views: 20,105
IoT Devices Will Never Be Secure - Enter the Programmable Networks
Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action. more
- Juha Holkkola
- Comments: 2
- Views: 21,335
Domain Names Are Fading From User View
The internet has changed and evolved ever since it's ancestors first came to life in the late 1960's. Some technology fades away and is forgotten; other aspects continue but are overlaid, like geological sediments, so that they are now longer visible but are still present under the surface. The Domain Name System - both the technology of DNS and the deployed naming hierarchy we all use - are among those aspects of the internet that, although they feel solid and immutable, are slowly changing underneath our feet. more
- Karl Auerbach
- Comments: 2
- Views: 17,733
Commodifying Words and Letters in the .Com Space
Words (and by extension their constituent letters) are as free to utter and use as is the air sustaining life. No one owns them. There is no toll fee to be paid to dictionary makers who curate them. There are, however, two carve-outs from this public domain, namely words and letters businesses use as designations of origin for their marketplace presence, protected by trademark law; and words and letters arranged expressively by authors, protected by copyright law. more
- Gerald M. Levine
- Comments: 2
- Views: 11,203
SEO Secrets of Keyword-Relevant Domain Extensions
The Domain Name Association (DNA) recently commissioned Web Traffic Advisors, with supporting analysis from Kevin Rowe of Rowe Digital, to do an independent study, Hidden Advantages of Relevant Domain Names, to answer the following question: Can domain name extensions, especially meaningful or relevant domain name extensions (e.g. .Club, .Online, .Rocks, .Today), have the same opportunity as traditional or more generic ones (e.g. traditional .Biz, .Com, .Info, .Org)? more
- Chris Boggs
- Comments: 2
- Views: 19,434
Passive Holding of Domain Names and the Argument for Bad Faith or Forfeiture
There is a misconception among some trademark owners and their counsel that passive holding of domain names alone or combined with lack of rights or legitimate interests supports abusive registration. Thus, Respondent's inactive use of the disputed domain name demonstrates bad faith. Respondent also had actual knowledge of Complainant's YOU ASKED FOR IT mark as Complainant has attempted to buy the domain from Respondent... more
- Gerald M. Levine
- Comments: 2
- Views: 11,226
Universal Acceptance of New Top-Level Domains Reloaded
One challenge for all new top-level domains (TLDs) is the so-called Universal Acceptance. Universal Acceptance is a phenomenon as old as TLDs exist and may strike at many occasions... The effect when universal acceptance hits you is that you cannot send or receive email, get error messages or even worse when it looks like everything works but it does not and you do not even get a notification. more
- Dirk Krischenowski
- Comments: 2
- Views: 14,892
Wikileaks, the CIA, and the Press
As you've probably read, WikiLeaks has released a trove of purported CIA documents describing their hacking tools. There's a lot more that will be learned, as people work their way through the documents. For now, though, I want to focus on something that's being misreported, possibly because of deliberately misleading text by WikiLeaks itself. Here's the text from WikiLeaks... more
- Steven Bellovin
- Comments: 2
- Views: 8,480
A Q&A on Google’s New gTLD Solution, Nomulus
Nomulus is the code for the backend domain name registry solution offered by Google which requires the use of Google Cloud. This solution is the one used for all of Google's new gTLDs and the solution works. An announcement for this solution can look like a potentially "simple" solution for future .BRAND new gTLD applicants, but is it truly the case? more
- Jean Guillon
- Comments: 2
- Views: 9,110