Chuck Norris Botnet and Broadband Routers

Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news... The spread of insecure broadband modems (DSL and Cable) is extremely wide-spread, with numerous ISPs, large and small, whose entire (read significant portions of) broadband population is vulnerable. more

Passive Holding of Domain Names and the Argument for Bad Faith or Forfeiture

There is a misconception among some trademark owners and their counsel that passive holding of domain names alone or combined with lack of rights or legitimate interests supports abusive registration. Thus, Respondent's inactive use of the disputed domain name demonstrates bad faith. Respondent also had actual knowledge of Complainant's YOU ASKED FOR IT mark as Complainant has attempted to buy the domain from Respondent... more

Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more

How Tiered Internet Pricing Could Actually Facilitate P2P

Time Warner Cable's planned experiment with tiered charging for Internet access has generated a flurry of coverage in the blogsphere, but no new insights (at least that I've seen). The primary problem ISP's complain about is that 5% of their customers use 90% of the available bandwidth and when they examine this traffic, it's mostly peer-to-peer file sharing... more

IPv6 Answers to Common Questions from Policy Makers, Executives and Other Non-Technical Readers

A factual paper prepared in October 2009 for and endorsed by the Chief Executive Officers of ICANN and all the Regional Internet Registries that provides answers to commonly asked questions about IPv6 such as: How are allocations made, and to whom? How are IPv6 addresses actually being allocated? And why did such large IPv4 address allocations go to US organizations, including the US Government, and its Department of Defense? more

Domain Names as Property Subject to Creditor Claims - Bosh v. Zavala

Most people take it for granted that domain names are property. As such, there shouldn't be much dispute that domain names are subject to the claims of judgment creditors. But I've seen enough resistance to this position that I thought a recent case was worth a quick mention. more

Who Are the Major New gTLD Applicants and… (Part Six: Starting Dot)

Starting Dot ("SD") is a French new gTLD applicant which applied for five strings: .ARCHI, .BIO, .DESIGN, (which has been withdrawn) .IMMO and .SKI. It is the only French applicant to have applied for several open new gTLDs. Some French brands have applied too but as closed Top-Level Domains... While Starting Dot may be one of the smaller portfolio applicants, there is a considerable difference here in the way their projects are handled when compared to some of the larger applicants. more

Minimum Disclosure: What Information Does a Name Server Need to Do Its Job?

Two principles in computer security that help bound the impact of a security compromise are the principle of least privilege and the principle of minimum disclosure or need-to-know. As described by Jerome Saltzer in a July 1974 Communications of the ACM article, Protection and the Control of Information Sharing in Multics, the principle of least privilege states, "Every program and every privileged user should operate using the least amount of privilege necessary to complete the job." more

RCC Pushes for State-Led Internet Governance Ahead of WSIS+20 Review

As we approach the WSIS+20 Review, the future of Internet governance is at a crossroads. In its January 29th submission, the Regional Commonwealth in the Field of Communications (RCC) - representing Russia, Armenia, Azerbaijan, Kyrgyzstan, Uzbekistan, Tajikistan, and Rostelecom - advocates for a state-led governance model that challenges the Western-led multistakeholder approach. The submission reflects an ongoing ideological divide between sovereignty and openness in digital governance. more

How Much Money Is There in Complaining?

Although I don't have a lot of sympathy for the trademark lawyers' argument that trademark holders need to register .sucks domains cheaply before anyone else can, there is one point at the end of their letter that's worth a look. The registry contract for .sucks, between Vox Populi and ICANN, has this sentence that appears (as far as I know) in no other registry contract, in the section on Registry-Level fees. more

Google as DNS, Wikileaks as PoC

Wikileaks is still accessible -- via Google. Does that change anything? For many Internet users IP addresses as well as domain names are completely transparent. Further, Google (and other search engines) and often the first stop when these users wants to find a service, or a web site. Thus, many of us discussed over the years the eventual viability of Google (... and other search engines) as "DNS" (note the "'s). Now, don't jump at my throat quite yet... more

This Is Not Your Father’s Traceroute Tool

Traceroute is a network tool that helps determine the path packets take as they travel from one location to another, identifying all of the "hops" along the way. I wonder why they are called hops*? Almost all operating systems have traceroute utilities built in. The command is just that "traceroute", Windows systems abbreviate the command as "tracert" to deal with the 8.3 file naming convention of old... So, let's look at what information traceroute gives you. more

Should We Make the Possession of Malware a Crime?

In the U.S., it is a federal crime to use malware to intentionally cause "damage without authorization" to a computer that is used in a manner that affects interstate or foreign commerce. Most, if not all, U.S. states outlaw the use of malware to cause damage, as do many countries. The Council of Europe's Convention on Cybercrime, which the United States ratified a few years ago, has a provision concerning the possession of malware. Article 6(1)(b) of the Convention requires parties to the treaty to criminalize the possession of malware "with intent that it be used for the purpose of committing" a crime involving damage to a computer or data... more

Chinese Internet Research Conference: Getting beyond “Iron Curtain 2.0”

At last week's Chinese Internet Research Conference, much discussion of the "myths and realities" of the Chinese Internet revolved around images, metaphors, and paradigms. In his award-winning paper titled The Great Firewall as Iron Curtain 2.0, UPenn PhD Student Lokman Tsui argued that "our use of the Great Firewall metaphor leads to blind spots that obscure and limit our understanding of internet censorship in the People's Republic." more

Senator Cotton: Extraordinary Expansion of Huawei Cloud

Huawei's Cloud is growing faster than Amazon, Microsoft, or Google, Iain Morris writes. He cites U.S. Senator Tom Cotton on growth in "Egypt, Indonesia, Malaysia, Mexico, Saudi Arabia, Turkey, and the United Arab Emirates." Cotton further says: "In addition, Huawei's cloud services revenues reportedly rose by almost 170 percent in 2020. This accelerating revenue stream threatens to undermine U.S. efforts to curtail Huawei's power, influence, and financial strength." I think Cotton is a little high on Huawei Cloud growth... more