Phishing: An Interesting Twist on a Common Scam

After Two Security Assessments I Must Be Secure, Right? Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. When the final report came in, your company was given a clean bill of health. At first, you felt relieved, and confident in your security measures. Shortly thereafter, your relief turned to concern. ...Given you're skepticism, you decide to get one more opinion. ...And the results were less than pleasing. more

Mitigating Harm Caused by the ICANN “Draw”

The gTLD Prioritization "Draw" was a mistake. But its negative impact can still be mitigated. The best course of action follows directly from information that can be gleaned from available data. Let us start with the latest piece of intelligence: who "played" in the "Draw"? 1766 of 1917 applications had a lottery ticket. This is much worse than expected. Very few abstained. Even the purely defensive applicants saw no other choice but to "play". more

Kudos to ccTLD Registries for Taking Measures to Improve Security

When I first wrote about Domain Registry Locking over a year and a half ago, Verisign was the only Registry offering a true Registry Lock Service. Of course, not long after, Neustar announced their Registry Lock Service too. Recently however, a number of ccTLD Registries have also adopted Registry Locking programs... more

IP And The Internet: A Growing Need to Police Online Content

The Internet and corresponding online world have radically expanded the landscape Intellectual Property professionals need to investigate when monitoring for possible infringements of their trademarks, brands and other intangible assets. With few barriers to entry, coupled with the ability to operate anonymously, the Internet has rapidly become a significant target for unscrupulous individuals hoping to take advantage of the easily accessible Intellectual Property assets of legitimate businesses. more

Considering Existing gTLDs: The .museum Top-Level Domain’s Potential

We keep talking about new gTLDs but, what about those generic Top-Level Domains which already exist and which no one talks about anymore? ...I am also familiar with the existing speech which says: "Check the .museum : it is the example why new gTLDs won't work". I think it has nothing to do with the fact that new gTLDs will or will not work. I strongly believe .museum has potential and I also think the actual situation of the .museum can change. more

Thoughts on the Open Internet - Part 1: What Is “Open Internet”

I'm sure we've all heard about "the Open Internet." The expression builds upon a rich pedigree of term "open" in various contexts. For example, "open government" is the governing doctrine which holds that citizens have the right to access the documents and proceedings of the government to allow for effective public oversight, a concept that appears to be able to trace its antecedents back to the age of enlightenment in 17th century Europe. more

The Search for Net Neutrality

My weekly Law Bytes column (Toronto Star version, freely available version) examines the growing trend toward a two-tiered Internet, which upends the longstanding principle of network neutrality under which ISPs treat all data equally. I argue that the network neutrality principle has served ISPs, Internet companies, and Internet users well. It has enabled ISPs to plausibly argue that they function much like common carriers and that they should therefore be exempt from liability for the content that passes through their systems. ...Notwithstanding its benefits, in recent months ISPs have begun to chip away at the principle. more

Jakarta Declaration Calls on Governments to Recognize Legitimacy of Encryption

Today in Indonesia, media leaders gathered at UNESCO's World Press Freedom Day event issued the "Jakarta Declaration" calling on governments of the world to recognize the importance of a free and independent media in creating "peaceful, just and inclusive societies". The declaration calls on governments to take steps to support the freedom of the press, and, in the midst of the many actions was this statement: Recognise the legitimacy of the use of encryption and anonymisation technologies more

Survey Results Expose Widespread DNS Vulnerabilities

The Measurement Factory and Infoblox have announced results of a survey of more than 1.3 million Internet-connected, authoritative domain name system (DNS) servers around the globe. The results of the survey indicate that as many as 84 percent of Internet name servers could be vulnerable to pharming attacks, and that many exhibit other security and deployment-related vulnerabilities. The surveys consisted of several queries directed at each of a large set of external DNS servers to estimate the number of systems deployed today and determine specific configuration details. more

At the ARIN Meeting

I have been attending the American Registry for Internet Numbers (ARIN) meeting in Toronto. ARIN is one of the RIRs, i.e., the Internet address registry and policy making authority for North America. Although I have observed and participated on RIR lists for some time and interacted with RIR representatives at ICANN, WSIS and IGF, this is the first time I have been able to attend a meeting. I'm glad I did. more

Researchers Use Social Graphs to Detect Spammers, Attackers

A project named S-GPS or Spammer Global Positioning System, by Microsoft researchers uses spammer identification rather than spam identification to identify zombie-based spammers. more

Addressing 2014 - And Then There Were 2!

Time for another annual roundup from the world of IP addresses. What happened in 2014 and what is likely to happen in 2015? This is an update to the reports prepared at the same time in previous years. So lets see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself. more

‘Spam King’ Sanford Wallace Sentenced to 2.5 Years In Prison

The 47 year old Las Vegas man known as the "Spam King" has been sentenced to 2.5 years in federal prison for sending over half-million spam messages to Facebook users resulting in over 27 million spam messages sent through social networking company's servers. He pleaded guilty last year to one count of fraud. more

Lessons from the O2 Network Outage: The Real Cost of Manual Processes

More than 30 million people lost their data connectivity on December 6, 2018, in the United Kingdom as O2's network suffered from a nationwide service outage. Based on several reports, the incident was caused by a human error at Ericsson, the telecoms supplier responsible for operating certain parts of the O2 network. To compensate for the downtime and tarnished reputation, the O2 management is now reportedly seeking damages of up to a hundred million pounds from Ericsson. more

Does gTLD Registration Volume Measure Success?

For some time, the measure of success of a TLD was volume of registrations, or strictly speaking, Domains Under Management (DUMs). Who better than .com to validate the truth of that metric? More recently, this same metric has been applied to new gTLDs, especially those who achieve volume quickly, by whatever means necessary. These gTLDs are fawned over, written about, and effectively set up as the standard for other gTLDs to aspire to. But I'd like to challenge that notion. more