Deep Packet Inspection: When the Man-In-The-Middle Wants Money

Say you're walking down the sidewalk having a talk with your best friend about all kinds of things. What if you found out later that the sidewalk you were using wasn't really a sidewalk -- but instead a kind of false-front giant copying machine, unobstrusively vacuuming up what you were saying and adding to its database of information about you? Or, say you send a letter to a client of yours (to the extent you still do this), and it turns out later that your letter was intercepted, steamed open, and the contents were read... more

U.S. Senators to Introduce IoT Security Bill

U.S. senators on Tuesday announced plans to introduce legislation seeking to address vulnerabilities in IoT devices. more

Anticompetitive and Predatory Misconduct by ICANN and Contracted Parties Must End

On May 26, 2021, I submitted a complaint to ICANN's Complaints Officer, Krista Papac. In a nutshell, my complaint centers on ICANN's blatant violation of its Bylaws, specifically Section 2.2, named Restrictions, which expressly prohibits ICANN from acting as a registrar. However, despite the absence of any exceptions to this unambiguous prohibition, ICANN is acting improperly as a registrar for the purposes of warehousing and cybersquatting on certain domain names in the .com and .net registries. more

ICANN and the Data Quality Act: Part V

This is the fifth part of a multi-part series reported by ICANNfocus. This part focuses on Securing the Quality of WHOIS Data. "Information for which ICANN has responsibility includes the WHOIS databases. ICANN has been given specific responsibilities for these databases under: 1) their contract with the U.S. government's Department of Commerce to perform the technical management of the Internet; and 2) their Memorandum of Understanding with the Department of Commerce." more

Spam Is Never Timely Nor Relevant

One of the ongoing recommendations to improve deliverability is to send email that is timely and relevant to the recipient. The idea being that if you send mail a recipient wants, they're more likely to interact with it in a way that signals to the mailbox provider that the message is wanted. The baseline for that, at least whenever I've talked about timely and relevant, is that the recipient asked for mail from you in the first place. more

Addressing 2012: Another One Bites the Dust

Time for another annual roundup from the world of IP addresses. What happened in 2012 and what is likely to happen in 2013? This is an update to the reports prepared at the same time in previous years, so lets see what has changed in the past 12 months in addressing the Internet, and look at how IP address allocation information can inform us of the changing nature of the network itself. more

New Domain Name Registrar Accreditation Agreement Approved by ICANN Board

ICANN Board of Directors today approved a new Domain Name Registrar Accreditation Agreement (RAA) following over a year of negotiations between ICANN and its Registrar Stakeholders Group - last RAA was approved in 2009. more

Black Helicopters for the DNS: What Happens In 2025?

When Steve delBianco from NetChoice testified (April 2, 2014) in the Subcommittee on Communications and Technology of the US House of Representatives on "Ensuring the Security, Stability, Resilience, and Freedom of the Global Internet", he proposed a stresstest for new mechanisms which could substitute the role of the NTIA in overseeing the IANA contract with ICANN. Stresstests are good. It is good for cars, it is good for banks and it is good for new mechanisms... more

Networks Announcing IPv6 - One Year Later

About a year ago, we shared some graphs that showed the percentage of IPv6 enabled networks over time. More precisely, it showed the percentage of Autonomous Systems (ASes) that announced one or more IPv6 prefixes in the global routing table. The results for the five Regional Internet Registries (RIRs) were described in an earlier CircleID post... We looked at the progress since then. more

You Just Signed a Registry Contract With ICANN. What Are Your Plans?

Back on February 4, 2013, I wrote a CircleID post entitled 'How the registrar Cash Flow Model Could Collapse with New ICANN gTLDs.' My key point back then was this: new gTLD applicants need to be mindful of how the cash flow policies of their registry (and of their back-end service provider) could impact whether their TLD is actively promoted by ICANN registrars... registries have historically assumed near-zero risk. This is going to change. more

Call Spoofing: Congress Calls on FCC, Russia and China Answer

It is both amusing and dismaying. Last year, Congress passed Ray Baum's Act telling the FCC to do something about those pesky incoming foreign SPAM calls and texts with the fake callerIDs. The FCC a couple of weeks ago responded with a chest thumping Report and Order claiming it has "extraterritorial jurisdiction" that is does not have, and promising it will do something. Don't hold your breath on that one. more

Emerging Communications Technologies

A "New IP" framework was proposed to the ITU last year. This framework envisages a resurgence of a network-centric view of communications architectures where network-managed control mechanisms moderate application behaviors. It's not the first time that we've seen proposals to rethink the underlying architecture of the Internet's technology (for example, there were the "Clean Slate" efforts in the US research community a decade or so ago) and it certainly won't be the last. more

Cryptography is Hard

In the debate about "exceptional access" to encrypted conversations, law enforcement says they need such access to prevent and solve crimes; cryptographers, on the other hand, keep saying it's too complicated to do safely. That claim is sometimes met with skepticism: what's so hard about encryption? After all, you learn someone's key and just start encrypting, right? I wish it were that simple - but it's not. more

Unlawful Targeting of Trademarks and Consumers in Registering Domain Names

Unlike trademark applications which go through a lengthy examination process before advancing to registration, anyone (anywhere in the world) can register a domain name identical or confusingly similar to a trademark - instantly and no questions asked, at least, in the traditional space (the legacy gTLDs)! With the new gTLDs registrants will receive notice of possible infringement if the brands are registered with the Trademark Mark Clearing House, but notices do not function as injunctions to block registrants from registering infringing names. more

How to Handle an Outage Like a Pro

In just the last two weeks, there were three major DNS outages between Google, Microsoft Azure, and Fonality. But only one of these companies was able to make even bigger waves with the way they handled their blunder. Fonality, who sells VoIP services and business phone systems, offered a very rare and transparent analysis of their outage. In a detailed statement from Chief Marketing Officer Jeff Valentine, readers were given crucial insight on how to prevent the same mistakes from happening to other companies. more