UK Government Releases New Cyber Security Standard for Self-Driving Vehicles

UK government today announced the release of a new cyber security standard for self-driving vehicles. Funded by the Department for Transport, the British Standards Institute has developed the guidance to set a marker for those developing self-driving car technologies. more

Death of the PKI Dragons?

The recent attack on the Comodo Certification Authority has not only shown how vulnerable the current public key infrastructure is, but also that the protocols (e.g., OSCP) used to mitigate these vulnerabilities once exploited, are not in use, not implemented correctly or not even implemented at all. Is this the beginning of the death of the PKI dragons and what alternatives do we have? more

Biggest Deal in Telecom Policy Since the AT&T Divestiture

The biggest communications policy moment since the AT&T divestiture has just happened: The $100 million-dollar-march (or more -- what Comcast spent to make sure this happened) has ponderously, self-evidently reached its conclusion with the FCC's approval of the merger between Comcast and NBCU. It wasn't the subtlest campaign; it didn't need to be; it was effective in its discipline and heavy persistence. The tweets are flying and the journalists are already weighing in. more

Capping Broadband Internet by Design

FIOS by Verizon, is a bundled Internet access, telephone, and television service that operates over a fiber-optic communications network with over 5 million customers in nine U.S. states -- providing Fiber to the Home (FTTH). One of the first service areas was a Northern Virginia community known as Ashburn -- which is also is the cloud data center capital of the world. It literally sits on top of the most massive mesh of high bandwidth, low latency fiber in existence. more

Protecting an Enterprise from Cyber Catastrophe

We are suffering an epidemic of cyberattacks while in a viral pandemic. This post is for those who have responsibility for assuring that the IT-based services offered by their enterprise can quickly recover in the case of successful cyber-attack or other disaster. University of Vermont Medical Center (UVMMC) is an excellent hospital. I owe my life to treatment there and am grateful for both the skill and the kindness of UVMMC staff. They have been devastated by a cyber-attack. more

What Does Trump’s Cuba Policy Memorandum Say About the Internet?

I recently reviewed Trump's Cuban policy speech and its implications for the Internet. The speech was accompanied by a national security memorandum on strengthening US-Cuba policy, which was sent to the Vice President, Cabinet Secretaries, and heads of various departments. The first thing that struck me about the memorandum was that it was a "national security" memorandum. Does Trump think Cuba poses a threat to our national security? more

Another Letter Filed Against .sucks TLD for Extortion

Kevin Murphy reporting in DomainIncite: "ICANN's Business Constituency wants US and Canadian regulators to intervene to prevent Vox Populi Registry, which runs .sucks, 'extorting' businesses with its high sunrise fees. The BC wrote to ICANN, the US Federal Trade Commission and the Canadian Office for Consumer Affairs on Friday, saying .sucks has employed 'exploitive [sic] pricing and unfair marketing practices'." more

Transfers of Domain Names Contemporaneous with Complaint: Cyberflight?

Cyberflight (defined as strategically transferring accused domain names to another registrar or registrant upon receipt of a complaint) was a sufficient irritant by 2013 for the ICANN to adopt recommendations to amend the Rules of the Uniform Domain Name Dispute Resolution Policy (UDRP). Effective July 1, 2015 the Rules now include a requirement for locking the domain as well as a change in the timing of transmitting the complaint to respondents. Before the amendment there had been no uniform approach to locking. more

SIP Revolution, Massively Delayed - But There’s Hope

The SIP Center asked for an article which I finally wrote the weekend before last. My article was actually rather negative, but they published it anyway. Now I'm feeling a little guilty as there is an optimistic note I could have used as my conclusion. So let me try again... First let me summarize my problem. When SIP emerged in 1996, it's support for direct connections from one user to another was extremely compelling. This was the VoIP protocol which would lead to a complete revolution in communications... more

Questions Raised by the Takeover of SNET, Havana’s Community Network

Last May, Cuba's Ministry of Communication (MINCOM) announced resolutions 98 and 99 limiting wireles stransmission power and outdoor cables that made community networks like Havana's SNET, illegal. Since SNET was the world's largest community network that did not have Internet access, implementation of the resolutions was postponed for 60 days for negotiations between SNET administrators and MINCOM. more

Two Romanians Charged for Hacking Washington DC Police Computers Linked to Surveillance Cameras

US prosecutors have charged two Romanians with hacking Washington DC police computers linked to surveillance cameras just days before President Donald Trump's inauguration. more

How Many of the New gTLDs Will Fail?

I was just asked the question: How many of the new Top-Level Domains (TLDs) will fail? This poor listener might have hoped for one sentence as response, but that subject is too interesting to be brief. In this scenario you can't look to historical data to measure or predict the success rate of the new TLDs because past new TLDs have been largely managed by big businesses who have strong revenue streams from other business lines that they could use to support a slacking TLD. more

ICANN To Publish New gTLD Applicants On April 30th

In a recent press release ICANN has stated that they will publish the list of applicants for new generic Top-Level Domains (gTLDs) on April 30th. Previously many had spoken of a "big reveal" on May 1st, though that would have coincided with a public holiday in many countries and might have been "missed". However ICANN CEO, Rod Beckstrom, claims that the organisation had always planned to publish the list two weeks after the application window closed. more

Deploying DNSSEC: Lessons from Domain Registrar Implementation

As a registrar at the front end of the DNSSEC deployment effort, our technical team has made a sustained investment in DNSSEC deployment so that our customers don't get overwhelmed by this wave of changes to the core infrastructure of the Domain Name System. Along the way, we've learnt a lot about how to implement DNSSEC which might hold useful lessons for other organizations that plan to deploy DNSSEC in their networks. more

What Your ISP (Probably) Knows About You

Earlier this week, I came across a working paper from Professor Peter Swire - a highly respected attorney, professor, and policy expert. Swire's paper, entitled "Online Privacy and ISPs", argues that ISPs have limited capability to monitor users' online activity. The paper argues that ISPs have limited visibility into users' online activity for three reasons: (1) users are increasingly using many devices and connections, so any single ISP is the conduit of only a fraction of a typical user's activity; (2) end-to-end encryption is becoming more pervasive, which limits ISPs' ability to glean information about user activity; and (3) users are increasingly shifting to VPNs to send traffic. more