Network Neutrality is the Wrong Fight!

We shouldn't settle for network neutrality. It's a poor substitute for what we had and much less than what we need. Let me explain. There are two topics to discuss. The first is "common carriage," a centuries old legal concept that applied to the US telecom industry throughout most of the 20th century. The second involves communications protocols. Both topics are complex, so I will cover only what's needed to understand why we shouldn't accept network neutrality and why, at a minimum, we should fight for enforcement of existing common carriage rules. more

Mitigating DNS Abuse and Safeguarding the Internet

The internet is a beacon of global connectivity and information, but it has also become a battleground where malicious actors exploit vulnerabilities for various immoral purposes. Domain Name System (DNS) abuse stands has proven a constant in the internet threat landscape, posing risk to the overall digital trust. more

Study Finds Spammers Use P2P Harvesting to Spam Millions

A recent study conducted by Blue Security reports how Internet users can unknowingly expose their contacts' emails addresses to Spammers while sharing files, music, games and DVDs over Peer-to-Peer (P2P) networks. The study has uncovered hundreds of incidents where files containing email addresses were made accessible in P2P networks. more

Donuts to Acquire Afilias

Donuts and Afilias announced today that Donuts is acquiring Afilias in a deal that is expected to close in December 2020 for an undisclosed amount. The combined entities will support over 25 million domain names spanning well over 400 TLDs. The deal will not include certain Afilias businesses, such as the mobile software and registrar businesses, which will remain with Afilias' original group of investors. more

Understanding the Threat Landscape: Indicators of Compromise (IOCs)

I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach... more

Temporary Restraining Order Issued Against Domainer’s Use of “mylennar.com”

Companies sometimes find that opportunistic purchasers of domain names (often referred to as "domainers"), will purchase a domain name quite similar to that of the company, and establish a site at the URL loaded with revenue-generating sponsored ads. To accomplish these purposes, domainers seem to prefer the services of companies like HitFarm and Domain Sponsor. A web user types in the confusingly similar URL and is bombarded with pop-up ads and sponsored links to goods and services, often competitive to the company whose name or trademark is being appropriated in the URL... more

In Rem Domain Name Proceeding: Sometimes “may” Means “must”

Investools, Inc. recently filed an in rem domain name proceeding against a Canadian entity that registered the domain names investtools.com and investtool.com. In rem domain name proceedings are provided for under the Anticybersquatting Consumer Protection Act ("ACPA"), 15 U.S.C. 1125(d), and are a handy way for a trademark owner to acquire a domain name from a cybersquatter when the cybersquatter can't be found e.g., is located outside the U.S. ...The ACPA requires that a plaintiff demonstrate four things to establish in rem jurisdiction over a domain name... more

Comparing IPv4 and IPv6 Performance

The active measurements the RIPE NCC carried out on World IPv6 Day on 8 June 2011 included ICMP (Internet Control Message Protocol) and ICMP6 (ICMP for IPv6) measurements from our vantage points to selected hostnames of World IPv6 Day participants and other dual-stacked parties. We used these measurements to determine the performance of IPv4 versus IPv6 connections. more

NIST as a Cyber Threat Actor

On 24 May, NIST published recommendations that are a key component of the U.S. cybersecurity ecosystem -- known as vulnerability disclosure guidelines. NIST (National Institute of Standards and Technology) is an agency of the Department of Commerce whose mission includes "developing cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public." more

Morgan Freeman Wins Transfer of morganfreeman.com from Cybersquatter

Perhaps Morgan Freeman never learned about the high profile domain name disputes involving celebrity names (e.g., Madonna, Bruce Springsteen and Julia Roberts), because he didn't register morganfreeman.com before it was snatched up by Mighty LLC in April 2003. After learning about Mighty LLC's (no stranger to domain name disputes) cybersquatting, Freeman filed a complaint before a WIPO arbitration panel under the Uniform Domain Name Dispute Resolution Policy... more

Valuing IP Addresses

The prospect of exhaustion of the IPv4 address space is not a surprise. We've been anticipating this situation since at least 1990. But it's a "lumpy" form of exhaustion. It's not the case that the scarcity pressures for IP addresses are evidently to the same level in every part of the Internet. It's not the case that every single address is being used by an active device. A couple of decades ago we thought that an address utilisation ratio of 10% (where, for example, a block of 256 addresses would be used in a network with some 25 addressed devices) was a great achievement.  more

ICANN Starts IPv6 Ball Rolling

IPv6 took a significant step forward this week with ICANN's decision to officially add the next generation protocol to its root server systems. The shift to IPv6 is perhaps the largest and most significant change to the structure of the Internet in decades - ICANN's move a signal that the revolution has officially begun. more

Google Buys VeriSign (not really)

No that's not really happening, Google is not buying VeriSign. But given Google's ravenous appetite for data, it might find VeriSign quite attractive. VeriSign has both root domain name servers and servers for the .com and .net top level domains (TLDs). VeriSign could data mine the queries coming into those servers and produce a very valuable real-time stream of what users on the net are doing... Google just bought Postini -- and one would have to be fairly naive to believe that Google does not intend to dredge through all... more

WSIS and the Splitting of the Root

There's talk that in the battle between the USA and Europe over control of ICANN, which may come to a head at the upcoming World Summit on the Information Society in Tunis, people will seriously consider "splitting the root" of DNS. I've written a fair bit about how DNS works and how the true power over how names get looked up actually resides with hundreds of thousands of individual site administrators. However, there is a natural monopoly in the root. All those site admins really have to all do the same thing, or you get a lot of problems, which takes away most of that power. Still, this is an interesting power struggle. more

FUD for Thought: ARIN Releases Comic Books

The American Registry for Internet Numbers (ARIN) has launched a comic book series to further help raise awareness for the adoption of IPv6 and other matters dealt by the organization. The comic books, called "Team ARIN", are fictionalized views of the organization, its processes, and the whole concept of Internet governance. "Though our heroes are fictional, the issues they face are very real," says ARIN. more