Open letter to US House Subcommittee for Oversight Hearing on gTLDs

This is an open letter to the United States House Subcommittee on Intellectual Property and the Internet regarding the Oversight Hearing on new Top-Level Domains to be held on Wednesday 4 May. The intention of the open letter is to highlight the imbalance of intellectual property interests on the panel and to ensure the Subcommittee is presented with some balanced facts and benefits of the new Top-Level Domain program. more

Report on Smart Grid Cyber Security

A recent report from Pike Research, "Smart Grid Cyber Security" has found if smart grids can realize their full potential, consumers, utilities, nations, and even the earth itself will benefit. As with nearly any new technology, the industry focus has been on getting smart grids up and running, often with little consideration for cyber security issues. more

Password Policies Need to Be the Same if We Want Users to Take Our Advice

The other day on Facebook, one of my friends mentioned that today (i.e., that day) was a good day to update his passwords. But he then lamented that some web sites don't allow you to create more than a 12-character password! He was incensed! Well, maybe not incensed but showed contempt for the fact these sites restricted password length. more

Defending Against the Hackers of 1995

Two factor authentication that uses an uncopyable physical device (such as a cellphone or a security token) as a second factor mitigates most of these threats very effectively. Weaker two factor authentication using digital certificates is a little easier to misuse (as the user can share the certificate with others, or have it copied without them noticing) but still a lot better than a password. Security problems solved, then? more

What Next for Email Service Providers?

It's been a very bad month for ESPs, companies that handle bulk mailings for their clients. Several of them have had internal security breaches, leaking client information, client mailing lists, or both. Many have also seen clients compromised, with the compromised credentials used to send spam. The sequence of events suggests all the ESPs whose clients were compromised were themselves compromised first. (That's how the crooks knew who to attack.) more

Court Approves Nortel’s Sale of IPv4 Addresses to Microsoft

Yesterday morning (26-April-2011), in US Bankruptcy Court for the District of Delaware, Judge Kevin Gross signed an order authorizing Nortel's sale of IPv4 addresses to Microsoft. This is an important moment for the Internet community, as it represents the beginning of a new market-based mechanism for the distribution of scarce IPv4 address resources. As the various Regional Internet Registry (RIR) organizations exhaust their supply, traditional "needs-based" distribution will become impossible. more

Really? A Hearing on New gTLDs at this Late Stage?

To the dismay of many (and the chagrin of some), it appears as though the US House Subcommittee on Intellectual Property, Competition and the Internet will be conducting a hearing on New generic Top-Level Domains (gTLDs). Meanwhile, ICANN is careening towards the finish line of the new gTLD Program with a vote by the ICANN Board scheduled for June 20th. Just what this all means remains to be seen. more

Top 3 New Requirements to the TLD Evaluation Criteria and What They Mean for Applicants

Three sections of the redlined version of the Draft Evaluation Criteria for new Top-Level Domains (TLDs) caught my attention. It seems ICANN wants to ensure it has information to not only evaluate and score responses, but to conduct a post-launch analysis of the program's success in terms of expanded competition, consumer choice and trust. That additional information means more work by both the applicant and for ICANN. But it's a good move because pre-launch preparation and thought staves off mishaps and misfortunes later. more

7 Must Have Attributes of an IP Address Management System

Exponential growth of networks combined with the complexity introduced by IT initiatives e.g. VoIP, Cloud computing, server virtualization, desktop virtualization, IPv6 and service automation has required network teams to look for tools to automate IP address management (IPAM). Automated IPAM tools allow administrators to allocate subnets, allocate/track/reclaim IP addresses and provide visibility into the networks. Here are some examples of what a typical IPAM tool can do... more

Registrar Stakeholder Group in GNSO Works Against the ICANN Multistakeholder Social Compact

One of the essential features of the social compact that makes ICANN viable in its stewardship of the Domain Name system is that the operations of the Contracted Parties, i.e. Registrars and Registries, are governed by the cooperation of the contracted parties and the non-contracted parties, i.e. the stakeholders, in the creation of policy. In ICANN, contracts and other agreements are the method by which this policy is instantiated. more

Why the Fukushima Analogy Was Apt

A few days ago, CAUCE published a blog post entitled "Epsilon Interactive breach the Fukushima of the Email Industry" on our site, and the always-excellent CircleID. A small coterie of commenters was upset by the hyperbolic nature of the headline. Fair enough, an analogy usually has a high degree of probability that it will fail, and clearly, no one has died as a result of the release of what appears to be tens of millions of people's names and email addresses. But, the two situations are analogous in many other ways, and here's why. more

Epsilon Interactive Breach the Fukushima of the Email Industry

A series of attacks on the Email Service Provider (ESP) community began in late 2009. The criminals spear-phish their way into these companies that provide out-sourced mailing infrastructure to their clients, who are companies of all types and sizes. ... On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially. Email lists of at least eight financial institutions were stolen. more

.WHO Top-Level Domain Could Be a Bad Idea

Yesterday, taking a look at the "Legal Rights Objection" (3.1.2.2) I read : "An intergovernmental organization (IGO) is eligible to file a legal rights objection if it meets the criteria for registration of a .INT domain name". Taking a look at registered .INT domain names, I found Basel Convention on the Control of Transboundary Movements of Hazardous Wastes and their Disposal... more

Neelie Kroes, the EU, Cloud Computing, Regulation and Good Ears

In her blog EU Commissioner Neelie Kroes blogs on her stance on cloud computing. In short: this is a good development which the EU will embrace and advocate, but may need regulation in order to ensure a safe environment for industry and individuals in the cloud. Here's some thoughts on that. more

Mooning the Porn Stars

Steve DelBianco did a great job of discussing the rocky relationship between ICANN's Government Advisory Committee (GAC) and the Board of Directors, in his piece entitled ".XXX Exposes the Naked Truth for ICANN". I've been keeping an eye on the adult industry press to see what their reaction is to the .XXX debacle. But before we start, let's get something out of the way. more