EU’s Cyber Security Agency Identifying Five Areas as Critical IT Security

The EU's 'cyber security' Agency ENISA (The European Network and Information Security Agency) has launched a new report concluding that the EU should focus its future IT security research on five areas: cloud computing, real-time detection and diagnosis systems, future wireless networks, sensor networks, and supply chain integrity. more

Another Registrant Loses UDRP Where Trademark ‘Spans the Dot’

Here's another example of a domain name dispute where the top-level domain (TLD) was essential to the outcome of the case -- because it formed a part of the complainant's trademark: mr.green. In this decision under the Uniform Domain Name Dispute Resolution Policy (UDRP), the panel joined a short but (slowly) growing list of disputes in which the TLD plays a vital role. more

Why Do We Accept $10 Security on $1,000,000 Data?

Last week we heard of yet another egregious security breach at an online provider, as crooks made off with the names, address, and birth dates of eBay users, along with encrypted passwords. They suggest you change your password, which is likely a good idea, and you better also change every other place you used the same password. But that's not much help since you can't change your name, address, and birth date, which are ever so handy for phishing and identity theft. more

Thoughts on the Open Internet - Part 4: Locality and Interdependence

The Internet was not originally designed as a single network that serviced much of the world's digital communications requirements. Its design was sufficiently flexible that it could be used in many contexts, including that of small network domains that were not connected to any other domain, through to large diverse systems with many tens of thousands of individual network elements. If that is indeed the case, then why is it that when networks wish to isolate themselves from the Internet, or when a natural calamity effectively isolates a network, the result is that the isolated network is often non-functional. more

Keynote Speaker for Name Collisions Workshop: Bruce Schneier

There may still be a few security practitioners working in the field who didn't have a copy of Bruce Schneier's Applied Cryptography on their bookshelf the day they started their careers. Bruce's practical guide to cryptographic algorithms, key management techniques and security protocols, first published in 1993, was a landmark volume for the newly emerging field, and has been a reference to developers ever since. more

DNS Amplification Attacks: Out of Sight, Out of Mind? (Part 2)

This post follows an earlier post about DNS amplification attacks being observed around the world. DNS Amplification Attacks are occurring regularly and even though they aren't generating headlines targets have to deal with floods of traffic and ISP infrastructure is needlessly stressed -- load balancers fail, network links get saturated, and servers get overloaded. And far more intense attacks can be launched at any time. more

Lawyer-Impersonator Pleads Guilty over False C&Ds

As if there weren't enough problems with lawyers sending out improper cease-and-desists, Wired News reports that a Nevada man has pleaded guilty to impersonating a lawyer to extort domain registrants to turn over their domain names. "A Nevada man pleaded guilty Thursday to his plotting to steal domain names from their legitimate owners by impersonating a California intellectual property lawyer and send threatening letters to domain name owners in hopes of convincing them to turn over the domains to him..." more

Managing (in)Security Through Regulation: A Key Phase for Nation States

Not so long ago, the notion of introducing laws and other regulatory responses to address cyber security issues was regarded with significant hesitation by governments and policy makers. To some extent, this hesitation may well have stemmed from a general perception by those who do not work directly in the field that the world of cyber security is somewhat of a 'dark art'. More recently, however, there has been a substantial shift in this attitude, with proposals to regulate a range of cyber security related matters becoming increasingly numerous. more

NETmundial Initiative Taking Positive Steps Forward

The Net Mundial conference in Sao Paulo in April 2014 added a new element to the global Internet Governance Ecosystem. It demonstrated that the multistakeholder model for the governance of the Internet is able, not only to discuss issues of global importance, as we do it now for nearly ten years within the Internet Governance Forum (IGF), but it can also produce a concrete outcome. The Universal Declaration of Internet Governance Principle and the Sao Paulo Roadmap have enhanced the existing mechanisms. more

Wrap-up: ICANN 46 in Beijing

Earlier this April, the largest ICANN meeting ever -- more than 2,500 attendees -- kicked off in Beijing. Given the imminent addition of hundreds of "dot Brands" to the Internet, the topic of new gTLDs was at the top of the discussion list for all attendees. So far, well over 100 new gTLD applications have passed the Initial Evaluation stage, meaning they're on their way to becoming live domains. more

When Did CIRA Become the Commercial Internet Registration Authority?

Nearly ten years ago, the Government of Canada wrote a letter to the chair of the Canadian Internet Registration Authority (CIRA) that set out the framework for the management of the dot-ca domain. The government articulated a vision of the dot-ca domain as a “key public resource” and called on CIRA to act in an open and transparent manner. CIRA has long sought to live up to those standards, but in recent months the organization has shown an unmistakable shift toward prioritizing commercial gain over the public interest along with a troubling move toward secret decision making... more

Decoding Internet Governance Stakeholders, Part 1: Technical Community

The "Decoding Internet Governance Stakeholders" series of articles invites the community to ponder what underlies the labels that define our interactions, roughly 20 years after the "Tunis Agenda for the Information Society" called for the "full involvement of governments, business entities, civil society and intergovernmental organizations," as well as to "make full use of the expertise of the academic, scientific and technical communities." more

Regional Internet Registries Conducting Internet Community Consultation on ITU IPv6 CIR Proposal

The Regional Internet Registries are conducting a Internet community consultation process regarding the recent ITU IPv6 Country Internet Registry (CIR) proposal. In collaboration with the other Regional Internet Registries, APNIC hosted a special session at APNIC 29 / APRICOT 2010 to give the global Internet Community an opportunity to discuss the issues and ramifications of the alternative model proposed by the ITU. For those interested in the outcome of the recent face-to-face session, a raw transcript and session summary statement are available... more

100 Years of Monopoly Phone Service

Today is the 100th anniversary of the Kingsbury Commitment which effectively established AT&T, a.k.a. The Bell System, as a government sanctioned monopoly. It was on December 19, 1913 that AT&T agreed to an out-of-court settlement of a US Government's anti-trust challenge. In return for the government agreeing not to pursue its case, AT&T agreed to sell its controlling interest in Western Union telegraph company... more

2023 Review of the Online Brand Protection Market

Having been involved in this sector for over fifteen years now, the rate of change in the market dynamics continues to surprise me - from its early years when MarkMonitor and NetNames clearly led the space for several years, then seeing well-funded startups such as Yellow Brand Protection and Incopro challenge that, followed by a period of heavy M&A, it is now extremely diverse. more