ICANN and the Data Quality Act: Part VI

This is the sixth part of a multi-part series reported by ICANNfocus. This part focuses on ICANN's Strategic Plan. Read previous parts: Part I, Part II, Part III, Part IV, Part V. "The requirement that ICANN develop a Strategic Plan offers an important opportunity for achieving meaningful reform of the organization. The Strategic Plan is one of the key new ICANN duties contained in the most recent amendment to their Memorandum of Understanding (MOU) with the Department of Commerce. The MOU specifies in considerable detail the elements that ICANN is to include in the Plan including issues ranging from executive compensation to mechanisms for ICANN accountability..." more

Is it Time for a Registration Operations Industry Association? (Part 1)

Since 2001 there have been occasional conversations on technical mailing lists exploring the concept of creating an independent industry association or consortium of domain registration operators. My recent experiences with the evolution of extensions to the Extensible Provisioning Protocol (EPP) have convinced me to look at these suggestions more closely, and I'm now convinced that this is an idea worth exploring. "Registration Operations" refers to the technical tasks, such as the development, deployment, and ongoing systems administration of EPP, performed by registries and registrars to provide registration services. more

URL Shorteners

If you're a twit a Twitter user, you've likely used one or another of the URL shorteners out there. Even if you're not, you may have run across a shortened URL. The first one I encountered, several years ago, was tinyurl.com, but there plenty of them, including bit.ly, tr.im, qoiob.com, tinyarrow.ws, tweak, and many others. ... What would best practices for URL shortening services look like? Some suggestions, from others as well as from me. more

The Proxy Fight for Iranian Democracy

If you put 65 million people in a locked room, they’re going to find all the exits pretty quickly, and maybe make a few of their own. In the case of Iran’s crippled-but-still-connected Internet, that means finding a continuous supply of proxy servers that allow continued access to unfiltered international web content like Twitter, Gmail, and the BBC... more

Dell Loses Key Customer Support Domain Name for a Month, Site Exposed to Questionable Content

The website designated by Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, reports Brian Krebs in KrebsOnSecurity. more

Response to Inaccurate .travel Wild Card Assessments

Bret Fausett's recent assessment of Tralliance's ".museum-like" wild card is just dead wrong. If Tralliance is so focused on monetizing its search results, why, then, would we not capitalize on the cornerstone of our registry, directory.travel? The fact is .travel is a sponsored space on the Net that is designed to do one thing and one thing only: Serve its constituency. For years the community has heard me at the open forum microphone reminding the ICANN board of directors that the industry was anxious to have its own domain to enable it to improve business efficiency... more

Bigger, Faster, Better (and Cheaper!)

Let's take a second to look back some 50 years to the world of 1972 and the technology and telecommunications environment at that time. The world of 1972 was one populated by a relatively small collection of massive (and eye-wateringly expensive) mainframe computers that were tended by a set of computer operators working around the clock and directed by specialized programmers, trained in the obscure symbol set used by the job control systems on these computers. more

Wow! BIND9 9.10 Is out, and What a List of Features!

Today the e-mail faerie brought news of the release of BIND9 9.10.0 which can be downloaded from here. BIND9 is the most popular name server on the Internet and has been ever since taking that title away from BIND8 which had a few years earlier taken it from BIND4. I used to work on BIND, and I founded ISC, the home of BIND, and even though I left ISC in July 2013 to launch a commercial security startup company, I remain a fan of both ISC and BIND. more

Edge Computing, Fog Computing, IoT, and Securing Them All

The oft used term "the Internet of Things" (IoT) has expanded to encapsulate practically any device (or "thing") with some modicum of compute power that in turn can connect to another device that may or may not be connected to the Internet. ... The information security community -- in fact, the InfoSec industry at large -- has struggled and mostly failed to secure the "IoT". This does not bode well for the next evolutionary advancement of networked compute technology. more

How to Avoid Insider Threats Such as the Latest New York Post Hacking

New York Post has been "hacked" by an employee. To protect themselves from insider threats, companies can deploy zero trust and restrict access. On October 27, the New York Post published a string of racist and sexist articles on its website. Fabricated news about politicians, such as pieces concerning racist comments of a New York City mayor, has been headlining the publication. more

We Must Keep Track of How Countries Will Confront Cybercrime in a New UN Convention

As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet. This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others. more

Thailand has Become the World’s Leading Hotspot for Cryptocurrency Mining Malware

New research indicates Thailand as being the world's number one hotspot for cryptocurrency mining malware. more

Clarke and Knake’s “Cyberwar”

I just finished reading Richard Clarke and Robert Knake's book Cyberwar. Though the book has flaws, some of them serious, the authors make some important points. They deserve to be taken seriously. I should note that I disagree with some of my friends about whether or not "cyberwar" is a real concept. Earlier, I speculated that perhaps it might be a useful way to conduct disinformation operations, but it need not be so limited. more

Signposts in Cyberspace: An NRC Report on the DNS and Internet Navigation

In light of the recent decision by the United States government to "maintain its historic role in authorizing changes or modifications to the authoritative root zone file" and ICANN's recent decisions to add more gTLDs (including .xxx), and to renew VeriSign as the .net registry, readers may be interested in the just-published report of the National Research Council's Computer Science and Telecommunications Board, Signposts in Cyberspace: The Domain Name System and Internet Navigation. ...a comprehensive policy-oriented examination of the Domain Name System in the broader context of Internet navigation. more

The Path to DNS Privacy

The DNS is normally a relatively open protocol that smears its data (which is your data and mine too!) far and wide. Little wonder that the DNS is used in many ways, not just as a mundane name resolution protocol, but as a data channel for surveillance and as a common means of implementing various forms of content access control. But all this is poised to change. more