NXDOMAINS, SSAC’s SAC045, and New gTLDs (Part 4 of 5)

In 2010, ICANN's Security and Stability Advisory Committee (SSAC) published SAC045 [PDF], a report calling attention to particular problems that may arise should a new gTLD applicant use a string that has been seen with measureable (and meaningful) frequency in queries for resolution by the root system. The queries to which they referred involved invalid Top-Level Domain (TLD) queries (i.e., non-delegated strings) at the root level of DNS, queries which elicit responses commonly referred to as Name Error, or NXDomain, responses from root name servers. more

The Design of the Domain Name System, Part VII - Related Names Are Not Related

In previous installments we've been looking at aspects of the design of the DNS. Today we look at the relationship of similar names in the DNS. A poorly appreciated aspect of the DNS is that there is no inherent relationship between similar looking names. more

Thinking Outside The ICANN Box: Creating A Prototype Based On Internet Experience - Part I

In research, one of the important steps is to identify the problem that needs exploration. Another step is to identify how to find a solution. Once it is possible to agree on the nature of the problem, then it begins to be a matter of how to approach the problem. more

DOTZON Study: Digital City Brands 2025

We have just released the 2025 edition of the DOTZON study "Digital City Brands." Since first presenting the study in early 2017, DOTZON has now analyzed for the ninth consecutive year how cities successfully use their Digital City Brands. The Digital City Brand represents the digital aspect of a city's brand and reflects how digitally advanced a city is. The emergence of the Internet was the reason Digital City Brands were created in the first place.  more

Storm Warning for Cloud Computing: More Like a Miasma

The approach is growing in popularity, and Google, Microsoft and Amazon are among the many large companies working on ways to attract users to their offerings, with Google Apps, Microsoft's Live Mesh and Amazon S3 all signing up customers as they try to figure out what works and what can turn a profit... In the real world national borders, commercial rivalries and political imperatives all come into play... The issue was recently highlighted by reports that the Canadian government has a policy of not allowing public sector IT projects to use US-based hosting services because of concerns over data protection. more

Study Suggests New gTLD Cybersquatting, Defensive Registrations Overestimated

According to recent study conducted by Minds + Machines, historical data analysis suggests brand owners do not necessarily register their brands when it comes to new generic Top-Level Domains. From the report: "A survey of the domain registration behavior of Fortune 100 companies reveals that they have not registered many of their trademarks in recently created generic top-level domains (gTLDs). A sample of 1043 brands were registered in less than 30% of the eight new open gTLDs created after 2001. If historical registration data is a guide, brands are unlikely to undertake many defensive domain name registrations in the proposed new gTLDs, and furthermore are unlikely to be the victims of cybersquatting." more

DEFCON 1 Status at ICANN

Defense Readiness Condition (DEFCON) is a measure of the activation and readiness of the United States armed forces. The DEFCON scale is a numerical ranking from 5 (standard peacetime protocol) to DEFCON 1 (expectation of actual imminent attack). Today ICANN should find itself at a DEFCON 1 status with the announced pending departure of Doug Brent, ICANN's Chief Operating Officer, effect at the end of July. more

A Trebuchet Defence in the Age of the Augmented Reality Cyberwarrior

I've been ruminating on this for a while, this follow-up that was a decade in the offing. My article Trench Warfare in the Age of The Laser-Guided Missile from January 2007 did pretty good in terms of views since I wrote it. Less so in terms of how well the ideas aged or didn't, but that's the nature of the beast. Everything gets worse, and simultaneously, better, and so here we are: Using embarrassingly ancient approaches to next-generation threats. Plus ça change. more

The Cock and the Goat: ICANN in the Age of Horrorism

Like everyone else, former ICANN board members have been preoccupied by the horrific November 13th, 2015 attacks on Paris, France, by a bunch of cold-blooded mass murderers. Our email list discussion of the Paris attacks covered a number of issues, including the inevitable question: what, if anything, should ICANN do in response? Some list subscribers concluded that the events had nothing to do with ICANN's mission, and that we should just sigh and move on. Others, on the other hand, said: not so fast, it would serve ICANN well to take a closer look at the matter, and its ramifications on wider world of ICANN.  more

Do We Need IPv4 at Home/SOHO Any More?

CLAT/NAT64 is utilized across many mobile networks globally, and I am only talking about Ethernet and Wi-Fi in home and small office/home office (SOHO) environments. I experimented by completely disabling IPv4 at home and established a SSID where my MacBook Pro operates without an actual IPv4 address. The MacBook supports CLAT (RFC 6877), and by implementing PREF64 (RFC 8781) and DHCP Option 108 (RFC 8925) in my network, I was able to achieve a 100% IPv6 environment. more

FTC Puts Burden Back on ICANN Concerning .Sucks Dilemma

Kieren McCarthy reporting in The Register writes: "The US Federal Trade Commission (FTC) has responded to questions over the legality of .sucks domain pricing with a three-page "I told you so" letter to domain name overseer ICANN. more

Understanding the Threat Landscape: Basic Methodologies for Tracking Attack Campaigns

The indicators of compromise (IOCs) outlined in my last blog post can be used as a baseline for developing intrusion sets and tracking attack campaigns and threat actors. When launching an attack, threat actors use a variety of vectors and infrastructure, which Verisign iDefense analysts -- as well as analysts across the cybersecurity community -- correlate to group attacks, tracking actors and determining attack methods. more

ICANN Chief Announces Departure Via Twitter

ICANN's CEO and President, Rod Beckstrom, has announced that he will be stepping down in July of next year. The announcement came via Twitter of all places, with a press release, presumably with more details, due sometime soon... With the launch of the new Top-Level Domain (TLD) program scheduled to officially launch early in 2012 maybe Beckstrom feels that his job "is done", or maybe there's another motive behind his departure. more

The CEO Is Not Who They Seem: Deepfakes Target Corporate Trust

A surge in AI-generated deepfake scams is reshaping the cybersecurity threat landscape, with fraudsters now impersonating company executives to deceive employees and siphon off millions. more

Zoom Security: The Good, the Bad, and the Business Model

Zoom - one of the hottest companies on the planet right now, as businesses, schools, and individuals switch to various forms of teleconferencing due to the pandemic - has come in for much criticism due to assorted security and privacy flaws. Some of the problems are real but easily fixable, some are due to a mismatch between what Zoom was intended for and how it's being used now - and some are worrisome. more