Comcast’s Wrong Approach

Internet Service Providers (ISPs) have to do a lot more than just provide a pipe from your residence to their facilities to assure that you have a good Internet experience. There is a raging debate, inextricable from the debate on Network Neutrality, both on what the proper responsibilities of an ISP are AND what methods are proper for carrying out those responsibilities. more

Do Spammers Change Their Tactics Based on Recipient Verification? Yes, They Do

Or, to be more precise, it sure looks like they do. I wrote on another post on a publicly available spam tool, and I mentioned that I came across a page that allowed people to verify whether or not an email address is actually live. The question naturally arises: do spammers clean up their email contact lists based upon whether or not the address is legitimate? Spammers would have an incentive to do this... Do we actually observe spammers changing their sending patterns? I believe that we have evidence that they do. more

The Third Stage of the VoIP Rocket Never Fired

Ten years ago was the dawn of Voice over IP (VoIP). The pioneering Israeli company VocalTec had just released its VoIP software for PCs (it was named iPhone, BTW). Industry guru Jeff Pulver (whom I now partner with in FWD) had begun to hold his Voice on the Net (VON) shows. As the founder of VoIP startup ITXC, I was invited to give a keynote at VON in Boston. The evolution of VoIP, I opined with the requisite PowerPoint slides, will be like a three stage rocket. I was right about the first two stages and dead wrong about the third... more

New Map Illustrates All 245 Country Code Top-Level Domains

Byte Level Research has published a map that illustrates not only all 245 country codes but the size of each country and territory. The map is quite up to date and comprehensive including country codes for such places as Svalbard (.sj), Southern Georgia (.gs), and Bouvet Island (.bv), which is uninhabited. "Today, companies must register as many as a hundred country codes to be competitive globally -- and protect their intellectual property. This map helps professionals keep track of all these country codes -- and see where the Internet is headed. For example, China is on pace to have the most popular country code on the planet by 2012," said Yunker," said John Yunker, president of Byte Level Research and developer of the map. more

Walks Like a Telco, Yalks Like a Telco… Must be a Telco

Vonage's latest woes are written up by Om Malik in Vonage: How Low Can You Go. More interesting than Om's reportage (Sprint wins case, Vonage ordered to pay damages, stock drops to $1.30) is the commentary afterward, in which one reader takes Om to task for the "gleeful" way in which he reports the demise of the VoIP companies... Boosters made the argument that VoIP was fundamentally cheaper than the TDM systems that phone companies deploy, and so therefore they enjoyed a price advantage in the market place. Anyone in the business of supplying telecom equipment, however, will tell you that the argument is flawed... more

Ameritrade Leaks User Information Yet Again, Blames Hacker X

OK, you know things are getting bad when Ameritrade leaks its customer information yet again, and I don't even bother to report it because it's not news anymore. Well, recent updates to the story have prompted me to correct that omission. Yes, it happened again. Roughly a month ago, correspondents began to receive pump-n-dump spam to tagged email addresses which they had given only to Ameritrade... This now marks the third major confirmed leak of customer information from Ameritrade. In addition, the Inquirer reported the loss of 200,000 Ameritrade client files in February 2005. One correspondent informs me that this has happened to him on four or five previous occasions. more

Radio Interview Discusses Domainers and Domaining

Damien Allen of VTalk Radio recently interviewed Professor Eric Goldman of the Santa Clara University School of Law on the topic of "Domaining". The interview covers the nature of domaining as a business and how it differs from cybersquatting. From the interview: "Often times the domainers are not particularly interested in profitable resale and, in fact, in my experience many times when domainers get complaints about domains, they'll just hand the domain name back, no questions asked and no money charged. They're not looking to make money from the resale of the domain names..." more

Microsoft Files Three More Cybersquatting Cases

Microsoft has filed 3 cybersquatting cases at the beginning of September 2007, as reported in an Inside Indiana Business article. I took the liberty of accessing the cases via the PACER system, and posted the major documents... It looks like they're stepping up efforts to defend their trademarks, and seeking big damages in court, rather than go the way of the UDRP. These cases demonstrate that new TLDs should not be a priority with ICANN until the problems in existing TLDs are addressed. more

EURid Suspends More Domains

EURid, the entity charged with managing the .eu namespace, is reported to have taken action against an alleged cybersquatter based in China, Zheng Qingying... The last suspension "en masse" was directed against Ovidio when over 74 thousand domains were suspended. This time round the number is much lower -- a paltry ten thousand! In this instance there seems to have been a pattern of cybersquatting, with over a dozen ADR proceedings against the registrant in question. more

P2P: Boon, Boondoggle, or Bandwidth Hog?

Depending on whom you ask, peer-to-peer (P2P) services may be the best thing that ever happened to the Internet or a diabolical arbitrage scheme which will ruin all ISPs and bring an end to the Internet as we think we know it. Some famous P2P services include ICQ, Skype, Napster, and BitTorrent. Currently a new P2P service called iPlayer from BBC is causing some consternation and eliciting some threatening growls from British ISPs... more

The Case Against DNSSEC

I was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said "I don't think we need DNSSEC". Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let's take them one at a time... more

Defending Networks Against DNS Rebinding Attacks

DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more

Transition to IPv6 Address

Last month's column looked at the exhaustion of the IPv4 unallocated address pool and the state of preparedness in the Internet to grapple with this issue... There has been a considerable volume of discussion in various IPv6 and address policy forums across the world about how we should respond to this situation in terms of development of address distribution policies. Is it possible to devise address management policies that might both lessen some of the more harmful potential impacts of this forthcoming hiatus in IPv4 address supply, and also provide some impetus to industry to move in the originally intended direction to transition into an IPv6 network? more

Neustar Losing .us Could Be Good for .com Registrants

Neustar is facing a potential loss of the Dot-US franchise as competitors bid against them. Why might this be of interest to .com registrants? ...The issue of antitrust with regards to the .com agreement has never really been properly settled, as a well-funded complainant hasn't brought forward a case to full fruition in the courts. ICANN sold out the public by agreeing to a settlement that would see its own coffers swell, at the expense of registrants, so they do not count. more

Spam: You’ve Come a Long Way, Baby

According to the majority of the testimony at this month's "Spam Summit," held by the U.S. Federal Trade Commission (FTC), the state of the fight against spam is pretty much the same as it has been for the last several years. The two days of presentations can largely be boiled down to the following bullets: Spam volumes continue to increase, being driven by the growth of "botnets"... Oh, and the spam wars are a lot less exciting than they used to be. Case in point: unlike last time, there were no fist-fights at this year's shindig. more