Global Paradigms We Relied Upon Were Destroyed Overnight - How Prepared Are You for New Realities?

Unprecedented new Political and Cyber Security Threats are happening at a scale that has never been witnessed before. These threats are large and malicious enough to take down nuclear programs, render oil refineries inoperable, and take billion-dollar websites offline (not to mention smaller ones). Recent events confirm that NO ONE IS IMMUNE. Despite the obvious warning signs, Internet business stakeholders the world over continue to act as if nothing has changed, and seem unaware that global paradigms have undergone a seismic shift almost overnight. more

Logjam, Openssl and Email Deliverability

RHEL6/Centos6 (and presumably RHEL7/Centos7) machines with the latest openssl packages now refuse SSL connections with DH keys shorter than 768 bits. Consider RHEL6 sendmail operating as a client, sending mail out to a target server. If the target server advertises STARTTLS, sendmail will try to negotiate a secure connection. This negotiation uses openssl, which will now refuse to connect to mail servers that have 512 bit DH keys. The maillog will contain entries with "reject=403 4.7.0 TLS handshake failed". more

Three Things TLD Registries Must Know About China’s Domain Name Regulation

Recently there have been a number of news reports/articles that are incorrect or misleading in interpreting China's domain name management policy. James has posted an article aiming to clarify what is going to in China's domain name market. Considering the potential negative impact of those reports on the participants of this market, I supplement James's post by pointing out three things, which I believe critical for any TLD registries that hope to have a better understand of China's domain name regulation and the special action based on it. more

Managing (in)Security Through Regulation: A Key Phase for Nation States

Not so long ago, the notion of introducing laws and other regulatory responses to address cyber security issues was regarded with significant hesitation by governments and policy makers. To some extent, this hesitation may well have stemmed from a general perception by those who do not work directly in the field that the world of cyber security is somewhat of a 'dark art'. More recently, however, there has been a substantial shift in this attitude, with proposals to regulate a range of cyber security related matters becoming increasingly numerous. more

Understanding the Threat Landscape: Cyber-Attack Actors and Motivations

The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks. Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. more

Is Sharing the Answer to .BRAND Top Level Domain Disputes?

In opening up for the .BRAND top level domain, ICANN has artificially created a scarce resource of great commercial value. Indeed, the values of the .BRAND TLDs may be astronomical due to the investments made by the companies that own the trademarks represented in the .BRAND TLD. While the above is interesting in its own right, I will here focus specifically on how we deal with situations where more than one company has a legitimate trademark interest in a particular .BRAND TLD. more

Dot Brands Should Not Rush to Market, but Build Effective Strategies First

Brands applied for their new gTLDs to protect their brand and ensure they didn't miss an important new opportunity, but few had a clear business case for how they would use the gTLD platform when they applied. As brands approach the July 29th contracting deadline, the inevitable question is arising: "What do we do with this?" more

Parallels Between Our Oceans and Internet Governance #WorldOceanDay

Today is June 8th and World Ocean Day. As I ponder on the threats and challenges to the world's ocean with the enormous stresses such as overfishing, pollution, ocean acidification that threatens all global standards of living, I cannot help but think about the startling similarities that global internet governance faces with its respective stresses of increasing cyber security vulnerabilities, threats, breaches of trust, growing cyber crime, breaches of privacy and data protection, identity thefts, pedophilia and many other things that threaten global public interest and our safety within an internet ecosystem. more

What’s Going on in China’s Domain Name Industry?

Recently, there has been a lot of noise about China tightening control of the new top-level domains and how it could severely damper domain name registrations in China and one should make preparation for the worst. Initially, I tried to stay out of this as I know all the players behind this. But given that at least 3 people have emailed me asking what's going on, I decided to clear the air here. more

Hacking: Users, Computers, and Systems

As many people have heard, there's been a security problem at the Internal Revenue Service. Some stories have used the word hack; other people, though, have complained that nothing was hacked, that the only problem was unauthorized access to taxpayer data but via authorized, intentionally built channels. The problem with this analysis is that it's looking at security from far too narrow a perspective... more

FIFA and the Perils of No Accountability

Forgive me if you can, but I am about to say something blindingly obvious. The arrests made by the US Government and Swiss authorities of senior FIFA officials should remind us of a deep truth. Organizations must be accountable: to members, to users, to superiors, to markets, to someone who can say "stop what you are doing and amend your ways". When we consider the transfer of authority from the USG over the IANA function, let us keep in mind... more

2017, Year of Consolidation for Domain Name Market, AFNIC Study Suggests

AFNIC, the domain name registry for .rf (France), recently conducted a study of major trends for "Legacy gTLDs" or traditional TLDs such as .biz, .com, info, etc., as well as country code TLDs corresponding to territories such as .de (Germany), .fr (France), and .uk (United Kingdom). The new TLDs have note been included in this study since they are still something of a "new development", but will be included in the future, AFNIC says. more

Vox Populi Registry Says “Enough” About .SUCKS Accusations

Vox Pop Registry, the .sucks TLD operator, broke its silence today and has sent a letter to ICANN and government agencies in response to the extortion accusations."There has been much said lately about Vox Pop Registry, the company bringing dotSucks names to the Internet, not all of it flattering, some of it outright false and defamatory," says John Berard, CEO of Vox Populi.  more

Live Streaming Apps: Piracy Trends Are-A-Changing

Until recently, digital pirates have used both P2P sites and cyberlockers to upload and share pirated content. But as Internet connection speeds have increased, the piracy landscape has changed, and the appearance of streaming content has proliferated. In fact, 38% of online sporting fans are watching live streaming of their favorite events. However, the recent introduction of live streaming apps is further compounding issues surrounding online piracy... more

ICANN Board Member and Former GAC Chair to Give Evidence in .Africa Case

The controversy over the competing .africa TLD applications has been going on for some time. A recent decision by the International Centre For Dispute Resolution (ICDR) said that ICANN had breached its own by-laws and has questioned why ICANN won't allow a current board member and the former GAC Chair to speak to them and provide evidence. A letter that was published on the ICANN site yesterday suggests that ICANN may have changed their tune... more