Shouting ‘Bug’ on a Crowded Internet…

In the last few weeks we've seen two very different approaches to the full disclosure of security flaws in large-scale computer systems. Problems in the domain name system have been kept quiet long enough for vendors to find and fix their software, while details of how to hack Transport for London's Oyster card will soon be available to anyone with a laptop computer and a desire to break the law. These two cases highlight a major problem facing the computing industry, one that goes back many years and is still far from being unresolved. Given that there are inevitably bugs, flaws and unexpected interactions in complex systems, how much information about them should be made public by researchers when the details could be helpful to criminals or malicious hackers? more

That Letter to ICANN from the NTIA

A cranky letter from the NTIA to ICANN, submitted in late December during ICANN's comment period for new top-level domains, has encouraged the awkward coalition of those opposed to new TLDs. The NTIA (National Telecommunications and Information Administration), a division of the Department of Commerce, is the agency tasked with being ICANN's watchdog. So a letter from them carries some weight, though not as much as some people think... more

Sitting Around the Domain Table

I went to Domain Roundtable with some reservations. I was excited about meeting other domain portfolio holders, but I wasn't sure what to expect from the ICANN and Verisign people there, the corporate intellectual property people, and the corporate attorneys. I was pleasantly surprised by everyone I met. more

European Data Protection Supervisor Smacks ICANN Over Privacy Issues With 2013 RAA

ICANN has been sent a letter by the European Data Protection Supervisor calling them out with respect to both data collection, retention and privacy within the context of the 2013 Registrar contract (RAA). The letter is the first instance of one, to my knowledge, which makes reference to the ECJ's recent ruling that rendered the data retention directive null and void. more

Video and Broadband Demand

One of the obvious drivers of broadband usage is online video, and a study earlier this year by the Leichtman Research Group provides insight into the continuing role of video growth in broadband usage. The company conducted a nationwide poll in the US looking at how people watch video, and the results show that Americans have embraced online for-pay video services. more

UK Bans Huawei 5G Equipment, Also Orders 5G Kit to Be Removed From UK Networks by 2027

All mobile providers in the UK will be banned from buying new Huawei 5G equipment after 31 December and ordered to remove all the Chinese firm's 5G kit from their networks by 2027. more

Domain Registrars Given a Six-Month Deadline to Implement Registration Data Access Protocol (RDAP)

ICANN issued an industry-wide six-month deadline for the deployment of the Registration Data Access Protocol (RDAP) - a replacement for the WHOIS protocol. more

The Sexist Men In Tech Need to Grow Up, Now

These days, I've seen many breathless posts about how 'we' "need" to encourage girls to study math so eventually they become computer or other sorts of geeks. Personally, I don't think technology is the only valuable thing in the world; writing, music, and the rest of the arts, medicine, human relations, politics, and so on are pretty important things too, and let's face it content was, is, and will always be king. That said if men continue to act like jerks, it is no wonder women will go into anything but technology. more

Ensuring Maximum Resilience to the DNS?

Yesterday CommunityDNS noticed a sudden, heavy spike in traffic through its Anycast node in Hong Kong. While comfortably processing queries at 863,000 queries per second for close to 2 hours the occurrence was undeniable. While we can't say the increase in traffic was specifically due to DDoS, its sudden increase is suspicious and reminds us that DDoS is still a popular tool used by the malicious community. more

Bitcoin: The Andromeda Strain of Computer Science Research

Everyone knows about Bitcoin. Opinions are divided: it's either a huge bubble, best suited for buying tulip bulbs, or, as one Twitter rather hyperbolically expressed it, "the most important application of cryptography in human history". I personally am in the bubble camp, but I think there's another lesson here, on the difference between science and engineering. Bitcoin and the blockchain are interesting ideas that escaped the laboratory without proper engineering - and it shows. Let's start with the upside. more

DMA Requires Email Authentication, Do We Care?

Last week the DMA announced with considerable fanfare that their members should all use e-mail authentication. DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric. (Altria's Gevalia Kaffee is one of the few exceptions.) Their main problem is their legitimate bulk mail, sent in large quantities from fixed sources, getting caught by ISPs spam filters. That happens to be one problem for which path authentication schemes like SPF and Sender ID are useful, since they make it easier to add known fixed source mailers to a recipient ISP's whitelist, and that's just what AOL and probably other big ISPs use it for. While the DMA may be implying that this is a virtuous move, in reality it's something that their members are doing anyway for straightforward business purposes. more

51 CEOs Call on US Congress for Urgent Nationwide Data Privacy Law Overriding State-Level Laws

A letter, signed by 51 CEOs, was sent to U.S. House and Senate and leaders of other committees today urging policymakers to pass a comprehensive national data privacy law. more

Hannaford Data Breach Plaintiffs Rebuffed in Maine

A US District Judge in Maine largely granted a motion to dismiss brought by Hannaford in a big data breach case... According to the court, around March 2008, third parties stole up to 4.2 million debit and credit card numbers, expiration dates, security codes, PIN numbers, and other information relating to cardholders "who had used debit cards and credit cards to transact purchases at supermarkets owned or operated by Hannaford." more

ICANN (TBD): Why is ICANN Always to Blame and What to Do About It

With great anticipation I waited for the most recent Applicant Guidebook version 4 aka DAG4. I was looking forward to seeing gTLD program timeline. Was it possible that ICANN would give us another timeline and be firm with it? And then I saw it. Those 3 letters next to the new October 2010 launch date: tbd. So the date is October 2010 but it is "To Be Determined"? On one hand we have a set date but on the other hand it is yet to be determined. more

Does Bell Really Have a P2P Bandwidth Problem?

Bell filed its response to the Canadian Association Of Internet Providers (CAIP) submission to the Canadian Radio-television and Telecommunications Commission (CRTC) on its throttling practices yesterday, unsurprisingly arguing that its actions are justified and that there is no need to deal with the issue on an emergency basis. Several points stand out from the submission including its non-response to the privacy concerns with deep-packet inspection... and its inference that P2P usage could be deemed using a connection as a "server" and therefore outside the boundaries of "fair and proportionate use" under typical ISP terms of use. more