How Much Money Do Spammers Make?

News reports say that high profile Ryan Pitylak was fined $10 million by the Texas Attorney General. A few days ago, he paid a $1M settlement to Microsoft. Since it had been widely reported that he'd made between $3M and $4M during his spamming career, that seemed like a pretty good deal for him. As I commented to the San Antonio Express, this new fine is more in line with what he did, and at least relieves him of all his ill-gotten gains... more

Royal Cat Loses ICANN UDRP Action

This is serious. I'm not joking. You can look it up. Morgan Stanley brought a UDRP action involving the domain name 'mymorganstaleyplatinum.com' against a registrant identified as "Meow ("Respondent"), Baroness Penelope Cat of Nash DCB, Ashbed Barn, Boraston Track, Tenbury Wells, Worcestershire WR15 8LQ, GB." The decision summarizes the response... more

Jefferson Rebuffed: The United States and the Future of Internet Governance

A paper by Viktor Mayer-Schoenberger and Malte Ziewitz was recently published at John F. Kennedy School of Government, Harvard University titled, "Jefferson Rebuffed: The United States and the Future of Internet Governance". The following excerpt provides an overview of the paper: "Over the last several years, many have called for an internationalization of Internet governance in general, and Internet naming and numbering in particular. The multi-year WSIS process that culminated in November 2005 was intended to create momentum in such direction. The United States has long resisted such internationalization, fearing in particular the growing influence of China and similar nations..." more

Black Frog: Next Generation Botnet, No Generation Spam Fighting

Black Frog -- a new effort to continue the SO-CALLED Blue Security fight against spammers. A botnet, a crime, a stupid idea that I wish would have worked -- News items on Black Frog. Blue Frog by Blue Security was a good effort. Why? Because they wanted to "get spammers back". They withstood tremendous DDoS attacks and abuse reports, getting kicked from ISP after ISP. ...The road to hell is filled with good intentions. Theirs was golden, but they got to hell, quite literally, non-the-less. ...When Blue Security went down, some of us made a bet as to when two bored guys sitting and planning their millions in some café would show up, with Blue Security's business plan minus the DDoS factor. Well -- they just did. more

A Survey of DNS Security: Most Vulnerable and Valuable Assets

The following provides and introduction to a study by Venugopalan Ramasubramanian and Emin Gun Sirer, called "Perils of Transitive Trust in the Domain Name System". The paper presents results from a large scale survey of DNS, illustrating how complex and subtle dependencies between names and nameservers lead to a highly insecure naming system... "It is well-known that nameservers in the Domain Name System are vulnerable to a wide range of attacks. We recently performed a large scale survey to answer some basic questions about the legacy DNS." more

California Frets about Goodmail Email

On Monday the 3rd, California state Senator Dean Flores held a hearing of the E-Commerce, Wireless Technology, and Consumer Driven Programming committee grandly titled AOL: You Have Certified Mail, Will Paid E-mail Lead to Separate, Unequal Systems or is it the Foolproof Answer to Spam?. The senator's office said they were very eager to have me there, to the extent they offered to fly me out from New York, so since I happened to be on the way home from ICANN in New Zealand that weekend, I took a detour through Sacramento. Sen. Florez conducted the hearing, with Sens. Escutia and Torlakson sitting in briefly. Unfortunately, Sen. Bowen, who is very well informed on these topics, wasn't there. There were five panels of speakers, and I got to lead off... more

MicroID: A Microformat for Claiming Ownership

This morning I learned about MicroIDs from Doc Searls. Jeremy Miller has proposed MicroIDs as a microformat that "allows anyone to simply claim verifiable ownership over their own pages and content hosted anywhere." A MicroID is a hash of two hashed values. The first is a verified communication ID. The second is the URI of the site that the content will be published on. You end up with a unique, long string of gibberish that can be put in the header of a Web page or even wrapped around one part of a page... more

Latest Turn of Events on .XXX, from ICANN Wellington

As the ICANN's week-long meeting in Wellington, New Zealand is now fully underway, the approval of the proposed .XXX top-level domain (TLD) continues to remain a key topic of discussion and its eventual approval yet uncertain. The .XXX TLD was widely expected to receive its final approval at the ICANN's last meeting held in Vancouver about 4 months earlier but the discussion was unexpectedly delayed as the organization and governments requested more time to review the merits of setting up such a domain. Stuart Lawley, president of the would-be .XXX operator ICM Registry LLC offers his comments from Wellington. more

ICANN Meeting: The Road to Wellington

What would it take for this upcoming meeting to be a success? I am a big believer in ICANN's core principles, and in the forum it provides for private self-governance of domain names and numbers. I think the ICANN model continues to have great potential as a form of governance. For this meeting to be a success for me, personally, I'd like to see those core principles made more visibly operational -- or at least see a start made on this effort. I'm putting a stake in the ground with these posts, and we'll see whether progress happens or not. more

Behind the Smoke Screen of Internet and International Infrastructure

In my recent write-up I start by discussing some recent threats network operators should be aware of, such as recursive DNS attacks. Then, a bit on the state of the Internet, cooperation across different fields and how these latest threats with DDoS also relate to worms and bots, as well as spam, phishing and the immense ROI organized crime sees. I try and bring some suggestions on what can be done better, and where we as a community, as well as specifically where us, the "secret hand-shake clubs" of Internet security fail and succeed. Over-secrecy, lack of cooperation, lack of public information, and not being secret enough about what really matters. more

Worm Propagation Strategies in an Ipv6 Internet

A recent paper called "Worm Propagation Strategies in an IPv6 Internet", written by Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick, examines whether or not the deployment of IPv6 will in fact provide a substantial level of barrier against worms. Shared below are the introductory paragraphs from this paper. "In recent years, the internet has been plagued by a number of worms. One popular mechanism that worms use to detect vulnerable targets is random IP address-space probing..." more

How to Build an Internet Governance Forum

Public consultations on the new "Internet Governance Forum" being created by the United Nations will be held in Geneva February 16-17. The Internet Governance Project has released a new discussion paper explaining how the Forum could work. The Forum must be as open as possible and give all stakeholders equal participation rights. Its deliberations must be wide-ranging and resist politically motivated barriers to discussion. And its products must feed into other, more authoritative Internet governance forums. more

Internet Wars

A couple of days ago the BBC reported that a document called the Information Operations Roadmap (PDF) had been declassified and that it contained some pretty interesting stuff. The American dominance over the Internet, recently manifested by its unwillingness to hand over some of the critical control to UN-organizations, may have another side to it. more

The First French Judicial Decision Over .EU

Over at VoxPI, Alexandre Nappey reports that, a few days ago, the first French judicial decision over a .eu domain name was released -- or more specifically the first decision over an application for a .eu name. The two parties own a trademark "EUROSTAR". They agreed on the coexistence of their respective marks in September 2004. Both applied for the same name 'eurostar.eu', on the same day. more

The Search for Net Neutrality

My weekly Law Bytes column (Toronto Star version, freely available version) examines the growing trend toward a two-tiered Internet, which upends the longstanding principle of network neutrality under which ISPs treat all data equally. I argue that the network neutrality principle has served ISPs, Internet companies, and Internet users well. It has enabled ISPs to plausibly argue that they function much like common carriers and that they should therefore be exempt from liability for the content that passes through their systems. ...Notwithstanding its benefits, in recent months ISPs have begun to chip away at the principle. more