Hello, Australia: Please Vote These Guys Out

So I heard about this ridiculous news the other day that now Australian customs officers have been given new powers to search incoming travelers' laptops and mobile phones for pornography, according to The Age. Really? Come on. Really? First the Internet filtering, a la porn wall, and now this? more

Trademark Holder Not Entitled to Domain Name Registered Years Before

Startups in the process of selecting a company or product name are often frustrated to see that someone else, years ago, registered the .com version of their newly thought-of name. Similarly, companies that have acquired a trademark registration wonder whether they can use their crisp new registration certificate to stomp out someone else who has been using a domain name similar to the company's new mark. A recent case arising under the UDRP shows us that the earlier domain name registration is usually going to be on solid ground against a later-arriving trademark owner. more

By the way… Your IDN is Live.

Just when you think ICANN has got it right, it shoots itself in the foot as only ICANN can. Unfortunately it seems this is yet another case of one step forward and two steps back. While we should be celebrating the fact that Internationalised Domain Names (IDN's) have finally been entered into the Root Zone, we are instead left shaking our heads at the seemingly nonexistent process lines nor communication lines between ICANN and its technical off-shoot IANA. more

Why Aren’t There More Spam Lawsuits?

The CAN SPAM act has been in place for five and a half years. Compatible state laws have been in place nearly as long. Anti-spam laws in the EU, Australia, and New Zealand were enacted years ago. But the number of significant anti-spam lawsuits is so small that individual bloggers can easily keep track of them. Considering that several billion spams a day are sent to people's inboxes, where are all the anti-spam lawsuits? more

Resources for Cleaning Your Network

The first step (but certainly not the last) towards saving the internet from spam, malware, and other abuse is to keep your own network clean. A friend of CAUCE, who wishes to remain anonymous, offers these tips and resources to help you identify problem traffic emanating from your network, and clean it up. Though primarily written for ISPs, many of the items below should apply equally well to any network owner. more

Old Dog, New Tricks: Gift Card Scams in Social Networks

In the past few months, a flurry of gift card scams leveraging such high-profile brands as Best Buy, Whole Foods and IKEA have emerged on Facebook. These scams often use the brand's logo, website URL, or general "look and feel" on Facebook "fan" pages to give the impression that these offers are legitimate. Some scams are even bold enough to include bogus, non-interactive fan comments to add a greater sense of authenticity to the gift card offer. To date, these scams have been successful at tricking tens of thousands of consumers. In just one day, for example, a fan page titled "IKEA Get a FREE $1000 IKEA Gift Card! (ONLY AVAILABLE 1 DAY)" registered 40,000 fans before being shut down. more

How To Build A Cybernuke

The Internet infrastructure has been having a bad month. Not as bad as, say, the world's aviation infrastructure, but bad enough. First, Chinese Internet censorship leaked out to a few massively unlucky users of the I root server. Then China Telecom failed to filter someone who leaked thousands of hijacked routes to other people's networks through them, probably by accident. And then, inexplicably, Forbes went where no one had gone before... more

Take That Down Right Now - and Give Me That Too

Google has released a government requests tool. It's highly illuminating and may end up being quite disruptive. That's what surprising data visualizations can do for us. ... The tool allows us to see the number of requests from different countries that Google received during the last six months of 2009. More than 3600 data requests from Brazil during those six months and more than 3500 from the US. But just 40 or so from Canada and 30 from Israel. more

DNSSEC Status Report: Signing Infrastructure Well Underway, User Experience Still Needs Work

The registries (gTLDS) are all moving towards signing in about a year. PIR and .org is going to be first with .edu, .biz, and others closely behind. The root is scheduled to be signed in the beginning of July (end of June looking at the holiday calendar) being the biggest milestone. Some of the roots already contain DNSSEC information. Other ccTLDs continue to turn DNSSEC on with countries on every continent signed. more

ClamAV and the Case of the Missing Mail

Some email discussion lists were all atwitter yesterday, as Sourcefire's open-source anti-virus engine ClamAV version 0.94.x reached its end-of-life. Rather than simply phase this geriatric version out the development team put to halt instances of V0.94 in production yesterday, April 15, 2010. In other words, the ClamAV developers caused version .94 to stop working entirely, and, depending upon the implementation, that meant email to systems using ClamAV also stopped flowing. more

Military Asserts Rights to Return Cyber Attacks

The Washington Post had a good article up yesterday capturing comments issued by the United States military that it has the right to return fire when it comes to cyber attacks... This is an interesting point of view, and it extends from the United States's policy that if it is attacked using conventional weapons, it reserves the right to counter respond in kind. This has been a long accept precept governing US foreign military policy for generations. Yet cyber attacks are different for a couple of reasons... more

DNS… Wait a SEC

Complete DNSSEC implementation requires that domains are authenticated at the root by the Registry, and that DNS zones and records are authenticated as well. Now before I go any further, let me begin by stating that I fully support the development and deployment of DNSSEC and that the vulnerabilities presented by Cache Poisoning are very real, especially for those websites collecting login credentials or other types of sensitive information. more

AFNIC Publishes New Issue Paper on “the Secondary Market in Domain Names”

Loic Damilaville writes to report: Today AFNIC is publishing its new issue paper on the secondary market in domain names. The paper -- written to inform individuals as well as businesses -- gives a detailed account of the concept of "secondary market", the valuation mechanisms used, and the main players involved. The secondary market covers over-the-counter sales of already registered domain names, as well as the market in "second-hand domain names" and the ecosystem made up of the various players involved in these matters. more

ISOC-NY Event: dot nyc - How Are We Doing? (Sat Apr 10)

Joly MacFie writes: Last October the NYC Department of Information Technology & Telecommunications (DoITT) issued a request for proposals for "services to obtain, manage, administer, maintain and market the geographic Top Domain name .nyc.". At ICANN's recent 37th meeting in Nairobi, consensus was reached on the "overarching" issue of intellectual property protection. This leaves only the issue of the final (4th) draft of the Applicants Guidebook, expected before the 38th meeting in Brussels in June 2010... more

More Provocative Reasons for a Mandatory National Breach Disclosure

I read, with some small amount of discomfort, an article by Bill Brenner on CSO Online, wherein he interviewed several other CSOs and other "Security Execs" on their opinions on the firing of Pennsylvania CISO Robert Maley. For those who haven't heard about this, Mr. Maley was fired for talking about a security incident during the recent RSA conference without approval from his bosses. more