Anti-Spoofing, BCP 38, and the Tragedy of the Commons

In the seminal 1968 paper "The Tragedy of the Commons" , Garrett Hardin introduced the world to an idea which eventually grew into a household phrase. In this blog article I will explore whether Hardin's tragedy applies to anti-spoofing and Distributed Denial of Service (DDoS) attacks in the Internet, or not... Hardin was a biologist and ecologist by trade, so he explains "The Tragedy of the Commons" using a field, cattle and herdsmen. more

The Longevity of the Three-Napkin Protocol

It is not often I go out to my driveway to pick up the Washington Post -- yes, I still enjoy reading a real physical paper, perhaps a sign of age -- and the headline is NOT about how the (insert DC sports team here) lost last night but is instead is about an IT technology. That technology is the Border Gateway Protocol (BGP), a major Internet protocol that has been around for more than a quarter century, before the Internet was commercialized and before most people even knew what the Internet was. more

DotSpam? Certain New gTLDs Rapidly Outpacing Legacy TLDs in Terms of Abuse

Would you like to hear about how to treat your psoriasis? Where to get a cheap oil change? How to flatten your belly? Achieve a stronger sexual life? Cheap toner? Annuities? Herpes? Bed bugs? Free energy? Varicose-Veins? Herpes? Saggy skin? Arthritis? Overactive bladder? Drug addiction? Herpes? No? Well, that's too bad, because that you are going to hear about it whether you like it or not. Many of the messages about these and other subjects are being carried to you via new gTLDs. more

Major Regulatory Changes Needed as Safety and Security Merge, Warns European Commission Report

As we increasingly move towards an IoT world, vendors of safety-critical devices will be patching their systems just as regularly as phone and computer vendors do now. Researchers warn that many regulators who previously thought only in terms of safety will have to start thinking of security as well. more

ICANN’s GDPR Compliance Model for Whois Unlikely to Be Implemented in Time for May 25 Deadline

Domain name registries and registrars will not be able to implement ICANN's proposed overhaul of the Whois system in time for the EU's General Data Protection Regulation according to an estimated timetable from ICANN. more

Securing the DNS in a Post-Quantum World: New DNSSEC Algorithms on the Horizon

One of the "key" questions cryptographers have been asking for the past decade or more is what to do about the potential future development of a large-scale quantum computer. If theory holds, a quantum computer could break established public-key algorithms including RSA and elliptic curve cryptography (ECC), building on Peter Shor's groundbreaking result from 1994. more

Frequency of DDoS Attacks Risen by 40% While Duration of Attacks Decrease

The frequency of DDoS attacks has risen by 40% year on year while the duration of attacks decreased with 77% lasting ten minutes or less, according to a new report released by Corero Network Security. more

Digital Economy + Sharing Economy = Networked Economy

A great deal of discussion is taking place about topics such as the digital economy, sharing economy and networked economy. Obviously these are concepts rather than being well-defined, but they are being used by the various players in the market to argue for or against certain developments. For example, in some of the broadband debates around the world, the digital economy is the key reason why national broadband infrastructure gets developed. more

What Due Diligence Satisfies Domain Name Registrant’s Representations (UDRP)?

Not infrequently mark owners in disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP) claim that respondents should have been aware that the domain names they registered corresponded to their marks; and from this, urge panelists to draw the inference that the registrations were designed to take advantage of their goodwill and reputation. To test this premise, we need to take a step back for a quick look at UDRP provisions. All it takes to acquire a domain name is to sign a registrar’s registration agreement. more

Virtual Banishment and the First Amendment: Estavillo v. Sony Computer Entertainment of America

I saw this case in the excellent National Association of Attorneys General publication Cyber Crime e-newsletter. Many of us host or sponsor online communities of one form or another. On occasion, this means we must engage in moderation of the discourse in that community, and, as chance may arise, on occasion, we must give some chap the boot from the community for violating the AUP or the TOS. Inevitable, the booted chap screams "First Amendment Violation," to which we must respond, "The First Amendment restrains government actors -- we are not government actors." more

Digging Through the Problem of IPv6 and Email - Part 1

Recently, a couple of anti-spam (or at least email security related) bloggers have written some articles about IPv6 and the challenges that the email industry faces regarding it. John Levine, who has written numerous RFCs and a couple of books about spam fighting, writes the following in his article "A Politically Incorrect Guide to IPv6, part III". more

China’s Pursuit of Public International Cybersecurity Law Leadership

There are relatively few venues today for the development of public international cybersecurity law among Nation States. One was the United Nations Group of Governmental Experts (UNGGE) at which the U.S. several months ago announced its de facto withdrawal with some concern expressed. A much older, well-established venue is newly assuming considerable significance - the Expert Group on the International Telecommunication Regulations (EG-ITRs). more

‘First True’ Native IPv6 DDoS Attack Reported

Possibly the first documented native IPv6 DDoS attack reported today suggests a DNS dictionary attack which originated from around 1,900 different native IPv6 hosts, on more than 650 different networks. more

Transparency: The Internet’s Only Currency

I don't know about you, but I am angry. I am angry with the state of the world and our incapacity to do something about it. I am angrier because, in all this, I thought that the Internet would be the place where we would see collective action at its best. But, that's not going to happen. At least, anytime soon. Is it time to admit that the Internet has turned toxic? No. But, it is time to ask ourselves the question... more

Research Firm Predicts 22.4 million IPTV Subscribers by 2013 in Asia-Pacific

New analysis from Frost & Sullivan research firm suggests that the IPTV subscriber base in Asia-Pacific -- covering 13 countries -- reached 4.1 million in 2007 and estimates this number to reach 22.4 million by the end of 2013, at a CAGR (compound annual growth rate) of 32.7 percent (2007-2013). Of the 13 countries, eight had commercial IPTV services in 2007, while the rest are conducting trials for expected deployments from 2009 onwards, according to the report. "Many service providers feel the urge to launch IPTV services as a defensive strategy to increase their 'n-play' offerings with one more service." more