How Do You Do Secure Bank Transactions on the Internet?

Banks love it when their customers do their transactions on line, since it is so much cheaper than when they use a bank-provided ATM, a phone call center, or, perish forbid, a live human teller. Customers like it too, since bank web sites are usually open 24/7, there's no line and no need to find a parking place. Unfortunately, crooks like on line banking too, since it offers the possibility of stealing lots of money. How can banks make their on line transactions more secure? more

ICANN, WSIS and the Making of a Global Civil Society - Part II

This is the second part of a two-part series interview by Geert Lovink with Milton Mueller discussing ICANN, World Summit on the Information Society, and the escalating debates over Internet Governance. Read the first part of this Interview here. Geert Lovink: "Confronted with Internet governance many cyber activists find themselves in a catch 22 situation. On the one hand they do not trust government bureaucrats to run the Internet, out of a justified fear that regulation through multilateral negotiations might lead to censorship and stifle innovation. On the other hand they criticize the corporate agendas of the engineering class that is anything but representative. What models should activists propose in the light of the World Summit on the Information Society (WSIS)? There seems to be no way back to a nation state 'federalist' solution. Should they buy into the 'global civil society' solution?" more

Network Protocols and Their Use

In June, I participated in a workshop, organized by the Internet Architecture Board, on the topic of protocol design and effect, looking at the differences between initial design expectations and deployment realities. These are my impressions of the discussions that took place at this workshop. ... In this first part of my report, I'll report on the case studies of two protocol efforts and their expectations and deployment experience. more

Can We Stop IP Spoofing? A New Whitepaper Explores the Issues

In March 2013, Spamhaus was hit by a significant DDoS attack that made its services unavailable. The attack traffic reportedly peaked at 300Gbps with hundreds of millions of packets hitting network equipment on their way. In Q1 2015, Arbor Networks reported a 334Gbps attack targeting a network operator Asia. In the same quarter they also saw 25 attacks larger than 100Gbps globally. What is really frightening about this is that such attacks were relatively easy to mount. more

Domain Name Containing Trademark Translation is Determined Confusingly Similar

Interesting WIPO case (D2005-1085): Complainant (Saint-Exupery estate) owns "Le Petit Prince" in EU, US, and other countries. The translation of "Le Petit Prince" is "The little prince". Respondent registered 'thelittleprince.com'. Is such a domain name confusingly similar to the trademark? more

What Does the .CO Launch Mean for New gTLDs?

The .CO top-level domain made over $10 million in just a couple of months. What do the results of the .CO re-launch mean for new gTLDs? Remember, .CO is the country-code TLD for Colombia. Until this summer, you could only register names under .com.co, .net.co, etc. You couldn't register myname.co. Now anyone in the world can register a .co name, and register it directly under the top level. more

European ccTLDs Saw a Slow Down in Domain Name Sales, Deletions and Transfers, According to CENTR’s Latest Report

The latest CENTRstats Global TLD Report has been released, covering the global status and registration trends in all top-level domains (legacy gTLDs, new gTLDs and ccTLDs), with a specific focus on the European ccTLD market. According to the report, domain name sales, deletions and registrar transfers slowed down for European ccTLDs over 2021; however, demand for new domains is still outpacing deletes, keeping growth in the positive. more

Welcome to the Root, .MOBI

mTLD's .mobi entered the root zone on Tuesday, quietly contrasted amidst all of the recent ICANN/VeriSign announcements. The .mobi mTLD is a Dublin, Ireland based joint venture between the Nokia Corporation, Vodafone Group Services Limited, and Microsoft. The .mobi domain was granted to service a sponsored community, consisting of: Individual and business consumers of mobile devices, services and applications; Content and service providers; Mobile operators; Mobile device manufacturers and vendors; IT technology and software vendors who serve the mobile community, and there are numerous benefits of .mobi to this community. more

History of SMTP

The following excerpt is from the Free Software Magazine, March 2005 Issue, written by Kirk Strauser. To read the entire article, you may download the magazine here [PDF]. Also thanks to Yakov Shafranovich for making us aware of this publication. "Spam has existed since at least 1978, when an eager DEC sales representative sent an announcement of a product demonstration to a couple hundred recipients. The resulting outcry was sufficient to dissuade most users from repeating the experiment. This changed in the late 1990s: millions of individuals discovered the internet and signed up for inexpensive personal accounts and advertisers found a large and willing audience in this new medium." more

Lessons Learned from the Namejuice/DROA/DROC Outage

Last week an ICANN registrar, Namejuice, went off the air for the better part of the day -- disappearing off the internet at approximately 8:30 am, taking all domains delegated to its nameservers with it, and did not come back online until close to 11 pm ET. That was a full business day and more of complete outage for all businesses, domains, websites, and email who were using the Namejuice nameservers -- something many of them were doing. more

A Dangerous, Norm-Destroying Attack

Kim Zetter has a new story out describing a very serious attack. In fact, the implications are about as bad as possible. The attack has been dubbed ShadowHammer by Kaspersky Lab, which discovered it. Briefly, some crew of attackers -- I suspect an intelligence agency; more on that below -- has managed to abuse ASUS' update channel and private signing key to distribute bogus patches. more

Where Did the .Root Top-Level Domain Come From?

It was pointed out to me the other day that the ICANN/NTIA/Verisign root zone file contains a previously undiscussed top level domain. The contents of this TLD suggest that it was created by Verisign, the company that actually constructs the root zone file used by the dominant set of root servers. (The same zone file is also used by at least one of the competing root systems.) That TLD is .root. It's existence is as real as any other TLD such as .com or .org... more

Internet Governance and the Universal Declaration of Human Rights, Part 9: Articles 26-30

As we work on this final CircleID essay addressing the last four Articles in the UDHR, we explore how the UDHR provides the principles on which to build the rights and responsibilities of digital citizenship and bring integrity and trust to cyberspace and the Internet ecosystem. We reflect on what we have learned. For us, the authors of this series, we are reminded that trust in the processes of government, business entities, and society is central to the wellbeing of society, our communities, our families, and ourselves. more

What Are the Connected Assets of Confirmed Fake FBI Domains?

Two months ago, the Federal Bureau of Investigation (FBI) alerted the public to a list of domains that could easily be mistaken to be part of its network. The list of artifacts contained a total of 92 domain names, 78 of which led to potentially malicious websites, while the remaining 14 have yet to be activated or are no longer active as of 23 November 2020. more

An Open Letter to NTIA, ICANN, and IANA

I am writing this note in order to express my concern about an impending change in the root of the Domain Name System (DNS) and two of the largest Top Level Domains (TLDs). I am concerned that there is a risk of disruption to the net that has not been adequately evaluated and I am concerned that this change is being deployed without adequate monitoring or safeguards. more