FedRAMP: Critical to Cost-Effective Cloud Computing Cybersecurity

In September 2009, the Obama Administration announced the Federal Cloud Computing Initiative. As the government's CIO explained, cloud computing "has the potential to greatly reduce waste, increase data center efficiency and utilization rates, and lower operating costs." The Federal Risk and Authorization Management Program (FedRAMP) addresses the key elements of a cloud computing framework for federal agencies. more

Branded Domains Are the Focal Point of Many Phishing Attacks

As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified. more

A Framework for Selecting New TLDs

Your corporate domain names send implicit messages (signals) through their Top-Level Domains (TLDs) and their second-level words. Shape your domain names so to send the right messages and to avoid sending unintentionally confusing messages. The post focuses on a framework to help bidders determine which TLDs send messages that are potentially profit generating... Soon TLDs such as ".car," ".cars," ".green," and ".eco" will be available to any qualified body whose request is favored by the allocation system. The system being discussed is a combination of beauty contests and auctions. more

Internet Penetration in the Middle East has Tripled in the Past 8 Years, New Arabic Domains Credited

Internet penetration in the Middle East tripled in the past eight years, from 20 per cent in 2009 to 60 per cent this year as a result of the introduction of Arabic domain names. more

Addressing Anticompetitive Behavior in Internet Standards Bodies

A significant focus is emerging today on the anticompetitive behaviour of Silicon Valley companies directed at dominating critical sectors of the on-line marketplace, and a U.S. Congressional hearing is scheduled. Such practices can be pursued in many ways. One of the more elusive, but very effective anticompetitive playbooks - known legally as the "antitrust conspiracy" - can occur in internet standards bodies. more

Phishing Moving to the Web Channel

Today we received one of the first phish attempts to be made as a web spam (comment spam/blog spam) attempt. I wasn't convinced, and thought that perhaps it was a way to gather and verify RELEVANT online identities. Someone put me straight. It's phishing. I've often in the past had run-ins with the good folks in the anti virus realm back between 1996 and 2005 who thought Trojan horses and then spyware were not part of their business. Years later the AV business people ruled it is part of their business and ran to catch up. Same with botnets. more

Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more

SpaceX Starlink Is Coming to Low-Income Nations

Beta testers in the US and Canada paid $500 for a terminal and are paying $99 per month for the service. The beta tests began in high-income countries, but SpaceX is beginning to roll Starlink out and will include low-income nations, for example, India. Last September, SpaceX responded to a request for consultation on a roadmap to promote broadband connectivity and enhanced broadband speed from TRAI, the Telecommunications Regulatory Authority of India. more

New gTLD Auctions and Potential Unintended Consequences

Auctions will play a critical role in ICANN's new generic Top-Level Domain (gTLD) process, the only question is whether they reinforce ICANN's position as a steward of a global public resource, or undermine it. Auctions are one of two widely used mechanisms used in the allocation of scarce global resources, the other being a comparative analysis (aka beauty contest). ... This paper seeks to highlight those potential unintended consequences and propose a more equitable model consistent with ICANN's role as a steward of public global resource. more

ICANN-JPA Coverage

At the end of this month, September 30th, the Joint Project Agreement (JPA) between the Internet Corporation for Assigned Names and Numbers (ICANN) and the U.S. Department of Commerce (DoC) will come to an end. While ICANN has affirmed its commitment in maintaining a long-term, formal relationship with the United States, talks of new changes and a more independent ICANN is intensifying as the expiration date is quickly approaching. For the next upcoming days, this page will be frequently updated with related news and updates. more

Email in the World’s Languages - Part II

In our last installment we discussed MIME, Unicode and UTF-8, and IDNA, three things that have brought the Internet and e-mail out of the ASCII and English only era and closer to fully handling all languages. Today we'll look at the surprisingly difficult problems involved in fixing the last bit, internationalized e-mail addresses. more

Stopping Illegal Activity Online - It’s More Complicated Than It Seems

There was a compelling article in the Wall Street Journal (WSJ) the other day about ICANN and illegal online pharmacies. The result of a six-month investigation, the reporter, Jeff Elder, calls into question ICANN's effectiveness in investigating complaints of suspected illegal activity on domain names it has a contractual relationship with. Elder cites a recent incident where Interpol and the U.S. Food and Drug Administration tried to have 1,300 websites shut down because they were suspected of selling drugs without a prescription. more

WSIS Leaving More Questions Than Answers

Two things are important to stress. First, nothing was decided in this meeting, and no actions will be taken until the next meeting in 2005. Secondly, and more importantly, as with anything the devil is in the details. Given the vagueness of the documents available, there are few reliable conclusions that can be drawn from the summit...Before any judgments can be made about the effectiveness, or feasibility of the ideas outlined in the Plan of Action more concrete information is needed. The details of these plans are currently unknown to the Internet community at large, and may even be unknown to the members of the WSIS. Based on the information that is available it appears the Plan of Action needs to be thought through a little more thoroughly. more

Will the Trademark Clearinghouse Fulfill its Potential?

ICANN created the Trademark Clearinghouse (TMCH) as a way to streamline the repetitive process forced on trademark owners during the launch of new top-level-domains. With the expected tsunami of hundreds of new TLD's starting later this year, the TMCH should generate a clear benefit for trademark owners who elect to participate in Sunrise and Claims Periods. The side effect of introducing new TLDs is that the legacy TLDs will be making changes to make sure they are competitive against the new TLDs. more

Musings on Metering: An Update from ICANN’s Latest Meeting

ICANN held another update for new gTLD applicants last week, revealing that the proposal to meter the introduction of new gTLDs received many suggestions during the open comment period. This was just the first step to what I imagine will be a long process - one that will continue on September 12 when ICANN holds a public consultation that will offer more detailed discussion on the many different options for metering. more