IT Risks for Cloud Computing

As the industry-wide paradigm shift to cloud computing and software-as-a-service gradually continues to make the transition from buzz to reality, security and availability continue to emerge as the main barriers to customer adoption. A recent ISACA survey of over 1,800 US IT professionals found that only 17 percent believe the benefits of cloud computing outweigh the risks. Only one in 10 respondents said they would consider using software-as-a-service (SaaS) for mission-critical applications. more

IPv6: A Lost Decade?

A 'decade from hell', according to Times Magazine, a 'dazing decade' says Newsweek. In Copenhagen, at the Climate Change Conference, the World Meteorological Organization talked of the 'hottest decade on record'. BusinessWeek characterized the decade as one of 'innovation interrupted'. All this gloom made me wonder how to qualify our IPv6 decade? more

Think Beyond .com: From Country Codes to Internationalized Domain Names

One of the major takeaways from the Web Globalization Report Card is the importance of providing "front doors" to your localized websites. These doors begin with the addresses themselves, which may not include the .com domain. In fact, I'd recommend that most localized websites not use the .com domain, as this is an overloaded domain. This article looks at the many ways brands are creating more localized addresses, beginning with country code top-level domains (ccTLDs). more

ARF is Now an IETF Standard

When a user of a large mail system such as AOL, Yahoo, or Hotmail reports a message as junk or spam, one of the things the system does is to look at the source of the message and see if the source is one that has a feedback loop (FBL) agreement with the mail system. If so, it sends a copy of the message back to the source, so they can take appropriate action, for some version of appropriate. For several years, ARF, Abuse Reporting Format, has been the de-facto standard form that large mail systems use to exchange FBL reports about user mail complaints. more

WannaCry: Patching Dilemma from the Other Side

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma. more

Spectrum Crisis: Wireless Auctions Preferred Method

Talk, conjecture and analysis have predicted a wireless spectrum crisis for years. The official word seems to project a culmination of dropped calls, slow loading of data, downright network access denials as impending by 2015. If so, then we should look at the current argument about how that additional spectrum can be disseminated to wireless carriers in a fair and balanced fashion. more

Brand Impersonation Online is a Multidimensional Cybersecurity Threat

Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement... more

EU to ICANN: Go Back to Drawing Board on Auctions!

The European Commission is not a big fan of the David versus Goliath ICANN new gTLD auction scenario. On December 12 last year, ICANN released a set of revised public auction rules. These auctions are presented as the avenue of last resort for resolving new gTLD contentions. As is ICANN's custom, the rules were put out for public comment. The EU submitted its statement on the very last day of the comment reply period. more

More than 85% of Top 500 Most Highly-Trafficked Websites Vulnerable

Over the last 5 years, hacktivists have continued the practice of redirecting well-known domain names to politically motivated websites utilizing tactics such as SQL injection attacks and social engineering schemes to gain access to domain management accounts -- and that, in and of itself, is not surprising. But what IS surprising is the fact that less than 15% of the 500 most highly trafficked domains in the world are utilizing Registry Locking. more

A Threat to Europe’s Digital Human Rights Stewardship

In a contemporary era when the human rights, democracy, and the rule of law are under attack, Europe has asserted itself as the leading global digital steward for maintaining those values. However, doing so through its Digital Sovereignty initiatives is significantly dependent on the ability to produce timely technical standards that underpin the implementing legislation. more

U.N.‘s Global Digital Compact Faces Criticism for Overlooking Technical Experts in Internet Governance

ICANN, APNIC and ARIN recently voiced concerns about comments made by the United Nations (UN) Office of the Secretary-General's Envoy on Technology (OSET), Ambassador Amandeep Gill. These remarks seem to conflate the roles of the technical community and civil society in the Internet ecosystem. more

Congress Will Oversight ICANN: And You Can Take That to the Bank

Even though the Internet Corporation for Assigned Names and Numbers (ICANN) plays a very important role in the global Internet ecosystem, its activities are not frequently mentioned in the mainstream international media; that is, until ICANN's name is mentioned alongside that of the US Congress in a US$1.1 trillion Omnibus spending bill. Since the bill was passed by the House of Representatives, the issue of ICANN has assumed a certain topicality and has attracted commentary from many pundits. more

.Pro Asking for Second-Level Domains (Again)

In a Message from RegistryPro Advisory Board to Tina Dam on 24 October 2003, it is noted that .Pro is, again, asking ICANN to allow for the registration of 2nd level domains. I am, again, of mixed opinion on this. On the one hand, a registry should be able to do what it wants, within reason. This clearly falls into that category. On the other hand, .Pro has been denied once already on the grounds that registering 2nd level domains is not the proposal upon which they were approved in the "testbed" procedure of November 2000. more

Digital Sovereignty in a Fragmenting Internet: What Role Should WSIS+20 Play?

As the global digital order enters an era of intensifying geopolitical tension, debates over digital sovereignty have re-emerged as a defining fault line in Internet governance. At stake is not merely who controls data or infrastructure within national borders but whether the vision of a globally interoperable, open Internet, one of WSIS's founding principles, can be meaningfully sustained. more

CIRA Creates Backdoor WHOIS Exceptions for Police and IP Owners

Earlier this year, I wrote glowingly about the new CIRA whois policy, which took effect today and which I described as striking the right balance between access and privacy. The policy was to have provided new privacy protection to individual registrants - hundreds of thousands of Canadians - by removing the public disclosure of their personal contact information... Apparently I spoke too soon. more