The Purple Team Pentest

It's not particularly clear whether a marketing intern thought he was being clever or a fatigued pentester thought she was being cynical when the term "Purple Team Pentest" was first thrown around like spaghetti at the fridge door, but it appears we're now stuck with the term for better or worse. Just as the definition of penetration testing has broadened to the point that we commonly label a full-scope penetration of a target's systems with the prospect of lateral compromise and social engineering as a Red Team Pentest -- delivered by a "Red Team" entity operating from a sophisticated hacker's playbook. more

Internet Governance and the Universal Declaration of Human Rights, Part 5: Article 15-17

Internet Governance, like all governance, needs to be founded in guiding principles from which all policy making is derived. There are no more fundamental principles to guide our policy making than the Universal Declaration of Human Rights, (UDHR). This article as Part 5 of the series of articles (published in installments), and we are revisiting Article 15 to look at empowered Digital Citizenship and Internet Governance, to move on to the rights to a family and property more

ICANN Africa Strategy - A View from the Inside

"Africa is rising" is a phrase we are accustomed to hearing nowadays. We Africans also seem desperate to make that positive narrative about Africa. From the vantage point of the digital Africa that I seat, it is most promising, but only if we can face some of our own self afflicted stagnation. Having been in the African Domain scene for nearly a decade now, I am always challenged to view our situation with a pinch of salt, a fact that doesn't attract many friends. But I am willing to go at it and point out the shortcomings. more

ICANN Explains “Brazil Meeting” Initiative

Given the post-Prism political climate, it should come as no surprise that the 8th edition of the UN-initiated Internet Governance Forum (IGF), currently happening in Bali (Indonesia), is showing record-braking attendance with more than 2,000 delegates. With a byline of "building bridges: enhancing multistakeholder cooperation for growth and sustainable development", the meeting's main theme is clearly the need to evolve the current model for Internet Governance. But not quite everyone has the same view on exactly how that should happen.  more

Proving and Protecting Rights to Domain Names

At their best, UDRP panelists are educators. They inform us about the ways in which parties win or lose on their claims and defenses. What to do and not do. In addressing this issue, I'm referring to less than 10% of cybersquatting disputes. For 90% or more of filed complaints, respondents have no defensible answer and generally don't even bother to respond. But within the 10%, there are serious disputes of contested rights (contested even where respondent has defaulted). more

Understand More, Fear Less: Will G20 Be Able to Contribute to an Internet Future with a Human Face?

Last week, the G20's ministers responsible for the digital economy met in Düsseldorf to prepare this year's G20 summit, scheduled for Hamburg, July 2017. Building on important strides initiated two years ago during the G20 summit in Antalya and based on the G20 Digital Economy Development and Cooperation Initiative (DEDCI), which was adopted last year under the Chinese G20 presidency, the Düsseldorf meeting adopted a "G20 Digital Economy Ministerial Declaration" which also includes a "Roadmap for Digitalisation". One day before the ministerial meeting, non-state actors were invited to discuss "Policies for a Digital Future" within a so-called Multistakeholder Conference. more

Recalibrating the DoH Debate

At the Internet Engineering Task Force (IETF) it is time we accept the wide range of drivers behind (and implications of) standards and for stakeholders to start listening to each other. A protocol recently released by the IETF, DNS over HTTPS (DoH), is at the centre of an increasingly polarised debate. This is because DoH uses encryption in the name of security and privacy and re-locates DNS resolution to the application layer of the Internet. more

Only Bad Actors Should Worry About the URS

With DNS abuse a topic of increased concern throughout the community, any controversy over adopting the Uniform Rapid Suspension System (URS) for all generic top-level domains (gTLDs) seems misplaced. The URS was designed as a narrow supplement to the Uniform Domain-Name Dispute Resolution Policy (UDRP), applicable only in certain tightly defined circumstances of clear-cut and incontrovertible trademark infringement involving the registration and use of a domain name. more

How Ignorance Can Lead Mark Owners Astray in UDRP Proceedings

The great problem with ignorance is that it leads to disaster when one acts in the belief that he (and not infrequently a corporate "it") is invulnerable to error. The Uniform Domain Name Dispute Resolution Policy (UDRP) is fundamentally a straightforward rights protection mechanism, but as in all clearly written laws, ignorance of its application and of its evidentiary demands can (and generally does) lead to disaster. more

It’s the Latency, FCC

Section 706 of the Telecommunications Act of 1996 orders the FCC to "encourage the deployment on a reasonable and timely basis of advanced telecommunications capability to all Americans." On October 25, The FCC issued a notice of inquiry (NOI) into how well we are doing and invited comments. The NOI points out that COVID and the concomitant increase in the use of interactive applications has "made it clear that broadband is no longer a luxury... more

UDRPs Filed - Brand Owners Take Note

After being in the domain industry for over 15 years, there aren't too many things that catch me by surprise, but recently a few UDRP filings have me scratching my head. Both ivi.com and ktg.com have had UDRPs filed against them, and I have to say for anyone holding a valuable domain name, it's a cautionary tale and one that should have folks paying attention to the outcome of each. more

Why Private Support of Cyber Security Initiatives May Not Work

A fledgling international cyber security alliance is continuing to gather backing from private business, according to a recent article published on ComputerWeekly.com. The International Cyber Security Protection Alliance (ICSPA) aims to support law enforcement agencies in countries that lack the resources to fight cybercrime. Commercial security organizations such as McAfee and Trend Micro are supporting the alliance. more

Industry Association: An Implementation Model

We read carefully Scott Hollenbeck's call to form a Domain Name Industry association to promote consistency in technical operations across the many moving parts of the industry and we, the Board and members of the Domain Name Association, largely agree. More formal coordination among registry operators and domain name registrars would improve the domain name registration experience for registrants and business operations for the domain name industry in general. more

Geely’s LEO Constellation for Mobile Vehicle Connectivity

The Geely Holding Group (GHG) is a private Chinese conglomerate that is highly diversified but best known as an auto manufacturer that envisions itself as a "global mobile technology group." GHG announced this week that it has begun construction of an intelligent satellite production and testing facility that will include modular satellite manufacturing, satellite testing, satellite R&D, and cloud computing centers.

Update Mar 2, 2024:

Geely launched eleven satellites in the same 50-degree inclination plane as the first nine, but there was a considerable delay between the two launches. The first nine were launched in June 2022 and the second 11 were launched in February 2024. The delay may have been caused by a satellite re-design -- The mass of these satellites is 130 kg whereas the first nine satellites had masses of 100 kg.

The launch cadence will have to speed up if they are to reach their goal of beginning service with 72 t satellites next year. more

Cloud Security Hinges on IP Addressing

In the first part of this trilogy, I discussed the importance of automatically provisioned second generation DNS in connection with Software Defined Networking (SDN) and Software Defined Data Centre (SDDC). In the second post, I talked about IP addressing, private enterprise networks, and how DHCP does not meet the requirements of multitenant Infrastructure-as-a-Service (IaaS) cloud environments. I will now wrap up this trilogy by putting these two thesis into real-life context. more