The Cost of an ISO 27001 Certification

The first question I often get when talking to IT Service providers on ISO 27001 certification is: "How much does it cost to get it?" I like to reply with a question: "how much does it cost when you don't have it?" The answer to the first question is easy, the answer to the second one is more complicated. As a financial I am interested in the business case. If the cost of not having an ISO 27001 certification is higher than the cost of getting and maintaining one, you can actually make a profitable investment by getting certified. more

Adopting IDN to Reach New Untapped Markets

An IDN is a domain name which uses a particular encoding and format to allow a wider range of scripts to represent domain names such as Gujarati, Arabic, Chinese, Cyrillic, Devanagari and many more scripts. In simple words, a domain name with non-English characters will be called an Internationalized Domain Name. Humans have a variety of languages and alphabets that are familiar to them, and domain names do too. IDN unlocks an increased familiarity and affinity for humans. more

US Government Waves the Caution Flag at ICANN

This month, ICANN is driving hard to get two of its horses to the finish line. The first is barely a year old - it's the first formal review of ICANN's accountability and transparency. The second horse is going on 4 years old: ICANN's plan to introduce hundreds of new top-level domains (TLDs) for the Internet. Just as these horses have entered the home stretch, one of the racecourse officials is vigorously waving the yellow caution flag. And ICANN would do well to pull back on the reins. more

.YourBrand Now!

The time is now to make sure your brand makes it onto the list of new top-level domain names. Brand owners should immediately start re-enforcing your brands by promoting ".Your Brand" as a top-level domain (TLD) extension. You must implement the strategy through a two-stage process: free ride on pre-launch discussions and submit your application request with ICANN during the application period. more

A Third, More Interesting Round in E360 vs. Comcast

In the past week, Comcast filed an answer, denying all of E360's charges, and attached to it a motion to file a most impressive counterclaim. The court granted the motion on Monday so the counterclaim has been filed. At about the same time, E360 filed its response to Comcast's previous motion to dismiss the suit due to its utter lack of legal merit. more

Zoom Cryptography and Authentication Problems

In my last blog post about Zoom, I noted that the company says "that critics have misunderstood how they do encryption." New research from Citizen Lab show that not only were the critics correct, Zoom's design shows that they're completely ignorant about encryption. When companies roll their own crypto, I expect it to have flaws. I don't expect those flaws to be errors I'd find unacceptable in an introductory undergraduate class, but that's what happened here. more

Trademarks and Domain Names Composed of Common Terms

The lexical material from which trademarks are formed is drawn from the same social and cultural resources available to everyone else, which includes domain name registrants. Since trademarks are essentially a form of communication, it is unsurprising that a good number of them are composed of common terms (dictionary words, descriptive phrases, and shared expressions) that others may lawfully use for their own purposes. more

Understanding the Threat Landscape: Basic Methodologies for Tracking Attack Campaigns

The indicators of compromise (IOCs) outlined in my last blog post can be used as a baseline for developing intrusion sets and tracking attack campaigns and threat actors. When launching an attack, threat actors use a variety of vectors and infrastructure, which Verisign iDefense analysts -- as well as analysts across the cybersecurity community -- correlate to group attacks, tracking actors and determining attack methods. more

Critical Data Belongs in the Cloud, Not Under It - Lessons Learned from Irene

"As flood waters from Tropical Storm Irene swamped the Waterbury state office complex, seven employees from the Vermont Agency of Human Services rushed inside to rescue computer servers that are critical for processing welfare checks and keeping track of paroled prisoners living around the state," according to a story by Shay Totten on the 7days blog Blurt. Two of the employees - network administrator Andrew Matt and deputy chief information officer Darin Prail - lost their cars in the parking lot as the river rose but kept on working to assure that our servers were not lost. "We didn't know how much time we had," Matt said, "and our job was to save the servers." more

Mobile Trumps Fixed Broadband

"80% of Web users will choose mobile broadband over fixed by 2013" is the headline of a Total Telecom interview with John Cunliffe of Ericsson. I agree with the conclusion although I think Ericsson will be unpleasantly surprised to find that LTE is NOT the technology which leads to this revolution. Mobile access at speeds at least equal to what cable offers and at a price lower than today's cable broadband will be available both in the home and on the road within a year or two at the most. more

Cybercrime and “Remote Search”

According to news reports, part of the EU's cybercrime strategy is "remote search" of suspects' computers. I'm not 100% certain what that means, but likely guesses are alarming. The most obvious interpretation is also the most alarming: that some police officer will have the right and the ability to peruse people's computers from his or her desktop. How, precisely, is this to be done? Will Microsoft and Apple – and Ubuntu and Red Hat and all the BSDs and everyone else who ships systems – have to build back doors into all operating systems? more

Questionable Impact for US House Hearing on New gTLDs

This morning, the US House Subcommittee on Intellectual Property, Competition and the Internet led by Representative Goodlatte (R - VA) conducted a hearing on New gTLDs. Kurt Pritz, Senior Vice President from ICANN did his best to alleviate concerns about the risks posed to intellectual property rights and consumers as the result of the New gTLD Program and reiterated that the process to launch new gTLDs has been underway for 7 years. more

Your Comments Front and Center in ICANN New gTLD Process

ICANN published the second version of its Application Guidebook for new generic top-level domains earlier today (late evening Los Angeles time). Alongside version two of the Guidebook – published by module and in a red-line version – are explanatory memoranda, the opening of a second public comment period (closing 13 April) and an extensive summary and analysis of the public comments made to the process so far. more

Communities of Things

When I want to go to a website, I just type in the URL, and I'm there. Sure, we had to get a subscription from a service provider and set up our devices, but that was a one-time thing. As we move into a world of many connected devices, it's no longer a one-time thing. Today, creating connected devices and services requires thinking about all the mechanics and networking and onboarding and providers. more

A Data Dumb Exposes 773 Million Unique Email Addresses, 22 Million Passwords

Close to 773 million unique email addresses and 22 million unique passwords were found to be hosted on cloud service MEGA. more