Brand Impersonation Online is a Multidimensional Cybersecurity Threat

Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement... more

FiberHome: China’s Next Multinational Giant

Wuhan in 1911 led the revolt that overthrew the Qing Dynasty and now hopes to dethrone the world's fiber leaders. China this year or next will surpass Japan as world fiber leader, with estimates as high as 30M homes connected. Wuhan's FiberHome is now #2 in the world according to Infonetics, ahead of Alcatel, Motorola, and Tellabs. more

I Spoke to a Club Manager

We, domain name and Trademark professionals, think end-users know about domain names. The truth is that few of them have ever heard of what a domain name is and worth; very few have heard about new descriptive domain names so I asked a Club manager my questions... Representatives of a famous French sports club were there and I bumped into them to ask my question: "any plan to change to a .club domain name?" more

Kudos to ccTLD Registries for Taking Measures to Improve Security

When I first wrote about Domain Registry Locking over a year and a half ago, Verisign was the only Registry offering a true Registry Lock Service. Of course, not long after, Neustar announced their Registry Lock Service too. Recently however, a number of ccTLD Registries have also adopted Registry Locking programs... more

URL Shorteners

If you're a twit a Twitter user, you've likely used one or another of the URL shorteners out there. Even if you're not, you may have run across a shortened URL. The first one I encountered, several years ago, was tinyurl.com, but there plenty of them, including bit.ly, tr.im, qoiob.com, tinyarrow.ws, tweak, and many others. ... What would best practices for URL shortening services look like? Some suggestions, from others as well as from me. more

The Internet and the Cloud Are Going Into Space

Unlike Bezos and Branson, they're going to stay there. Today we have space-based internet access and a terrestrial internet; within ten years, we'll have a space-based internet. Internet traffic will travel more miles in space than on terrestrial fiber. By that time, the great cloud data centers of Google, Amazon, Microsoft, and their competitors and successors will mostly be in orbit as well. Five years from now, this transition will be obvious, accepted, and well underway... more

CNN Spam Outbreak Quickly Morphing Into a New Breed

This past week we have been seeing some heavy CNN spam -- that is, spam in the form of breaking news stories from CNN.com... These all look like legitimate news stories, and indeed, they probably are taken straight from an actual CNN news bulletin (I don't subscribe so I wouldn't know). Indeed, the unsubscribe information and Terms of Use actually link to actual CNN unsubscribe pages. However, if you mouse-over all of the news links, they go to a spam web page wherein the payload is either a spam advertisement or you click on another link to download a file and flip your computer into a botnet. more

The Growing Threat of Cybersquatting in the Banking and Finance Sector

The apparent cyber heist of of $81 million from the Bangladesh central bank's U.S. account may cause some people to question the security of online banking. While the online theft prompted SWIFT - a cooperative owned by 3,000 financial institutions around the world -- to make sure banks are following recommended security practices, the incident also could have ramifications for banking customers worldwide. more

How Can Managers Support Their Engineers Deploy IPv6?

After interacting with over 1000 network engineers during training sessions about what they think could help drive IPv6 deployment in Africa, I have come to the realisation that a three prong approach is required... Many training courses focus on the first issue, and quite logically, that's where the real work lies. I've developed such a course that has been delivered in over 45 countries, and there are lots of other great training available, both free and paid. more

Clarke and Knake’s “Cyberwar”

I just finished reading Richard Clarke and Robert Knake's book Cyberwar. Though the book has flaws, some of them serious, the authors make some important points. They deserve to be taken seriously. I should note that I disagree with some of my friends about whether or not "cyberwar" is a real concept. Earlier, I speculated that perhaps it might be a useful way to conduct disinformation operations, but it need not be so limited. more

Confirmed: Bill Clinton to Address ICANN Meeting in SF

A personal source close to Bill Clinton has confirmed to us that the former president will give the keynote speech ICANN meeting in San Francisco March 14-18. The meeting promises to produce far more electricity than sleepy NGO-lawyer-techie-academic-lobbyist ICANN attendees are used to. more

ICANN Asks U.S. Federal Trade Commission Whether .SUCK is Violating Any Laws

Allen Grogan, ICANN's Chief Contract Compliance Officer, has written a blog post today concerning a formal letter it has received asking the agency to halt the rollout of .SUCKS, a new gTLD operated by Vox Populi Registry Inc. As it stands, a ruling against Vox Populi by ICANN could result in federal prosecution or other legal action, according to ICANN officials. more

Nitol and 3322.org Takedown by Microsoft

Reading this morning's blog from Microsoft about "Operation b70" left me wondering a lot of things. Most analysts within the botnet field are more than familiar with 3322.org - a free dynamic DNS provider based in China known to be unresponsive to abuse notifications and a popular home to domain names used extensively for malicious purposes - and its links to several botnets around the world. more

Trademark Owners’ Rights to Corresponding Earlier Registered Domain Names

As I pointed out in last week's essay, having trademark rights that come into existence later than registrations of corresponding domain names only gets complainants to first base; they have standing but no actionable claim. I also noted a nuance (not a difference in substance) in standing requirements between the Uniform Dispute Resolution Policy (UDRP) and the Anti-Cybersquatting Consumer Protection Act (ACPA). However, standing depends upon the specific facts of the case... more

Blocking a DDoS Upstream

In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post considered some of the ways you can scrub DDoS traffic. This post is going to complete the basic lineup of reacting to DDoS attacks by considering how to block an attack before it hits your network -- upstream. more