/ Most Viewed

Donuts to Acquire Afilias

Nov 19, 2020

Donuts and Afilias announced today that Donuts is acquiring Afilias in a deal that is expected to close in December 2020 for an undisclosed amount. The combined entities will support over 25 million domain names spanning well over 400 TLDs. The deal will not include certain Afilias businesses, such as the mobile software and registrar businesses, which will remain with Afilias' original group of investors. more

VeriSign’s New Security Seal Too Trusting?

Nov 12, 2003

On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers! more

Think China Is the Highest Spamming Country? Think Again

Jul 17, 2009

In my department, we block about 92% of our total email (around 2.5 billion per day) at the network edge without accepting the message. When we do that, we don't see any traffic from that IP anymore and don't keep stats on it due to the overwhelming volume of mail. However, we do keep stats on mail that we block with our content filter. I decided to go and calculate how much spam we receive from each country by mapping the source IP back to its source country... more

RIP Don Blumenthal

Oct 03, 2019

It is with a heavy heart that we note the passing of a dear friend, colleague and member of the CAUCE board of directors, Don Blumenthal, on September 28, 2019, in Ann Arbor, Michigan. He was 67. Don was an anti-spammer for as long a there was an anti-spam community: he helped design, deploy and maintain the famous 'Spam Fridge,' the repository of junk email maintained by the Federal Trade Commission (FTC). more

New Book on Domain Name Regulation

Jun 17, 2010

My book, "The Current State of Domain Name Regulation: Domain Names as Second Class Citizens in a Mark-dominated World" is now available by Routledge. The following is an overview of the book. more

Internet Bifurcation: Will the US-China Digital Arm-Twisting Splinter the Open and Free Internet?

Sep 24, 2020

The Internet controversy between the US and China is escalating. The Trump Administration is fighting against Huawei, TikTok and We Chat. China is pushing back with new export regulations for Chinese IT technology. August 5, 2020 the US State Department launched a "Clean Network" initiative, aimed to remove Chinese digital corporations from the global supply chain in today's interconnected world. September 8, 2020 the Chinese Foreign Ministry replied with a "Data Security" initiative, aimed to enhance global cybersecurity in "Chinese colours." more

Beyond Neutrality - Enabling a World of Connected Things

Oct 24, 2014

The growing interest in the "Internet of Things" is forcing us to think beyond the web to a much larger world of connected devices. We can tolerate the many barriers to connectivity because we expect that someone can provide the necessary credentials to log in to the providers' services and to adjust Wi-Fi access keys whenever the access point changes or simply to click "agree" at a hotspot. This doesn't work for "things" which can't recognize a sign-on or "agree screen". more

IPv6 Security Myth #2: IPv6 Has Security Designed In

Jan 22, 2015

Today we continue with part 2 of the 10 part series on IPv6 Security Myths by debunking one of the myths I overhear people propagating out loud far too much: That you don't need to worry about security because IPv6 has it built into the protocol. In this post, we'll explore several of the reasons that this is in fact a myth and look at some harsh realities surrounding IPv6 security. more

New Data Reveals Phishing Attacks Are Bigger Than Reported, Exact Size of Problem Unknown

Oct 13, 2020

A group of experts from Interisle Consulting Group released a paper today, reporting a comprehensive study of the phishing landscape in 2020. The study's goal was to capture and analyze a large set of information about phishing attacks to better understand how much phishing is taking place, where it is taking place, and better ways to fight them. more

Analysis of the IDN New gTLD Applications

Jun 14, 2012

There has been a lot of excitement since ICANN revealed the list of 1930 applications for new gTLD yesterday at an event in London yesterday. Even some of the strongest opponents of the ICANN's new gTLD program have acknowledged there is a case to open up new gTLDs for Internationalized Domain Names (IDNs). I am going to focus here on the analysis of the IDN applicants. more

It’s “Verisign vs. Users”

Sep 23, 2003

But even if the collateral damage is left out of the picture, the very idea behind SiteFinder is user-unfriendly, and that's the second half of the ALAC's note: SiteFinder is, ultimately, about short-cutting other error handling methods, and redirecting any users that enter non-existing domain names into a web browser to Verisign's own service, for commercial purposes. SiteFinder is designed so it becomes difficult to deploy superior error handling services that would compete with it -- because errors aren't flagged. more

Defense Department Demonstrates Compliance with the OMB IPv6 Mandate

Jun 10, 2008

IPv6 is "critical to achieve our net-centric vision", said Kris Strance, DoD Lead for IP Policy, speaking at the Information Assurance Collaboration Forum (IACF) in Laurel, Maryland last week. The Defense Department sees the proliferation of IP-addressable devices as a key driver for IPv6 adoption, and does not believe that IPv4 can satisfy its future requirements. The imminent explosion of non-traditional IP-enabled devices that Defense intends to implement may even threaten the large IPv4 address allocations that the Department holds. more

Can We Create a Secure Caller ID For VoIP?

Jul 29, 2013

Can we create a "secure Caller ID" for IP-based communications, a.k.a. voice-over-IP (VoIP)? And specifically for VoIP based on the Session Initiation Protocol (SIP)? Can we create a way to securely identify the origin of a call that can be used to combat robocalling, phishing and telephony denial-of-service (TDOS) attacks? That is the challenge to be undertaken by the "Secure Telephone Identity Revisited (STIR)" group meeting tomorrow morning, July 30, 2013, at 9:00 am in Berlin, Germany, as part of the 87th meeting of the Internet Engineering Task Force (IETF). more

Rediscovering the Internet

Sep 01, 2003

I wrote a guest column for ZDNet last month on the importance of IPV6. I fear that the Internet has been devolving into a recreation of the old smart networks with a lot of perverse complexity in the infrastructure. The latest calls for protection from all that bad stuff only adds to my concern since the problems attributed to the "Internet" will encourage people to seek more meddling. Unfettered connectivity has been a necessary precondition for allowing innovation to thrive on the Internet. It worked because the same openness allowed those at the edges to protect themselves against the errors whether malicious or just problematic. In fact, the so-called Internet revolution was triggered by the key concept of the browser -- treating other systems with suspicion but leaving it to the end points to decide how much to trust each other. more

Survey of Global Internet Jurisdiction

Apr 08, 2004

The American Bar Association/International Chamber of Commerce (ABA/ICC) recently released a survey on global Internet jurisdiction. The survey, co-chaired by Professor Michael Geist, involved nearly 300 companies in 45 different countries. It found that U.S. companies were far more concerned and pessimistic about Internet jurisdiction risk than European and Asian companies. The study has also found that an "Internet jurisdiction risk toolkit" is emerging where companies target low risk jurisdictions and take steps to avoid doing business in perceived high risk jurisdictions. more

Industry Updates

New RomCom Variant Spotted: A Comparative and Expansion Analysis of IoCs

Global Domain Activity Trends Seen in Q3 2024

A DNS Investigation into Mamba, the Latest AitM Phishing Player

BRG to Share .Brand TLD Updates and Insights for Applicants at ICANN81 in Istanbul

A DNS Investigation of the 32 Doppelganger Websites Seized by the U.S. Government

Investigating the Proliferation of Deepfake Scams

Five Years of Domain Security Insights: CSC’s Latest Findings on Global 2000 Companies

  • By CSC
  • Nov 01, 2024

IPv4.Global Recognized with Gold Globee Business Award

Examining the DNS Underbelly of the Voldemort Campaign

2024 Domain Intelligence Study of 6 APT Groups Notorious for Targeting Europe

Stripping Down the BlackSuit Ransomware Network Aided by DNS Data

2024 .US Town Hall Registration Open: Explore Industry Trends & Policy Insights

Unstoppable and Radix Launch “.pw” Domain Extension for Public Wallets

A DNS Deep Dive into the NetSupport RAT Campaign

Radix-Owned Namify AI Ranks #1 Product of the Day on Product Hunt

View More