The Broad Brush of LegitScript, Painting Inaccuracies About CIPA

The president of LegitScript recently authored an inaccurate and misleading critique of the Canadian International Pharmacy Association (CIPA) that was clearly intended to smear our reputation with a broad brush dipped in inaccuracies and scare tactics. This response paints the true picture of who we are and the benefits CIPA Members offer U.S. consumers. more

How Not to Stop Spammers

Spam Arrest is a company that sells an anti-spam service. They attempted to sue some spammers and, as has been widely reported, lost badly. This case emphasizes three points that litigious antispammers seem not to grasp: Under CAN SPAM, a lot of spam is legal; Judges hate plaintiffs who try to be too clever, and hate sloppy preparation even more; Never, ever, file a spam suit in Seattle. more

The Crimeware Infection Lifecycle

The distribution and installation of malicious and unauthorized software has evolved consistently throughout the 21st Century. The evolutionary path from annoying viruses, to destructive malware and on to financially driven crimeware, is well documented and can even be conveniently traced via the parallel evolution of technologies that were designed to counter each new aspect of the then contemporary threat. more

UK Government Releases New Cyber Security Standard for Self-Driving Vehicles

UK government today announced the release of a new cyber security standard for self-driving vehicles. Funded by the Department for Transport, the British Standards Institute has developed the guidance to set a marker for those developing self-driving car technologies. more

Taking a Closer Look at the Recent DDoS Attacks and What it Means for the DNS

The recent attacks on the DNS infrastructure operated by Dyn in October 2016 have generated a lot of comment in recent days. Indeed, it's not often that the DNS itself has been prominent in the mainstream of news commentary, and in some ways, this DNS DDOS prominence is for all the wrong reasons! I'd like to speculate a bit on what this attack means for the DNS and what we could do to mitigate the recurrence of such attacks. more

Just Make It Stop

In a recent discussion among mail system managers, we learned that one of the large spam filter providers now has an option to reject all mail from ESPs (e-mail service providers, outsourced bulk mailers) regardless of opt-in, opt-out, spam complaints, or anything else, just block it all. Some of the ESPs wondered what would drive people to do that... more

Next gTLDs: 2016 or 2019?

On September 22, 2014, ICANN published an analysis of the review and assessment work that remains to be done before a new round of gTLD (generic Top Level Domain) applications can be initiated. According to the document, 2016 is the earliest a call for the next lot of applications to operate an Internet suffix could come. To many, a subsequent application window so soon after the 2012 round seems unrealistic. more

ICANN vs EPAG: ICANN Seeks Appeal Plus Pushes for ECJ Referral

As I predicted ICANN is pursuing its case against EPAG. They're now not only appealing the case to a higher court in Germany but are also trying to get the entire thing referred to the European Court of Justice. In an announcement late last night ICANN made it very clear what their intentions are. While they're pursuing the appeal in the higher court in the German region, which makes sense at some level, it's also very clear that they're not taking "no" for an answer. more

A Report on the ICANN DNS Symposium

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top-level domains from delegation in the DNS the ensuing discussion highlighted the distinction between the domain name system as a structured space of names and the domain name system as a resolution space... more

The Internet Is Designed for Surveillance

The current implementation of the Internet is hierarchical in that we get IP addresses from providers and then use a DNS that is rooted. We go even further in requiring that we conform to conditions on our intent (AKA our use) of connectivity in order to get a temporary lease on something so fundamental as our identity in the guise of a DNS name. We go further by accepting the idea that we communicate within pipes owned by service providers who can dictate terms in order to extract a rent. more

Another Letter Filed Against .sucks TLD for Extortion

Kevin Murphy reporting in DomainIncite: "ICANN's Business Constituency wants US and Canadian regulators to intervene to prevent Vox Populi Registry, which runs .sucks, 'extorting' businesses with its high sunrise fees. The BC wrote to ICANN, the US Federal Trade Commission and the Canadian Office for Consumer Affairs on Friday, saying .sucks has employed 'exploitive [sic] pricing and unfair marketing practices'." more

What Mobile Malware Looks Like

Last month at the Virus Bulletin Conference in Barcelona, I took in one of the sessions on mobile malware. This type of malware is foreign to me because I mostly stay in the email space at work (and even then, I am focusing more on day-to-day issues of running a large mail provider than I am on spam and abuse). What's mobile malware like? What are the threats? How do users get infected? more

Multi-Stakeholderism and the ‘Coalition of the Willing’

I was part of a group of about 200 people who attended and update at the Internet Governance Forum in Bali on the Montevideo statement. I'd like to share a few of my observations, and offer some unsolicited advice. First, the de facto leader of the and champion of the multi-stakeholder model, the United States, has been sent to the penalty box in light of the NSA surveillance revelations. more

Critical Data Belongs in the Cloud, Not Under It - Lessons Learned from Irene

"As flood waters from Tropical Storm Irene swamped the Waterbury state office complex, seven employees from the Vermont Agency of Human Services rushed inside to rescue computer servers that are critical for processing welfare checks and keeping track of paroled prisoners living around the state," according to a story by Shay Totten on the 7days blog Blurt. Two of the employees - network administrator Andrew Matt and deputy chief information officer Darin Prail - lost their cars in the parking lot as the river rose but kept on working to assure that our servers were not lost. "We didn't know how much time we had," Matt said, "and our job was to save the servers." more

A Look at Nine Years of RIPE Database Objects: IPv6 Objects on the Rise

The RIPE Database is about to enter its fourth decade. It began humbly as a place to store network and contact information back when the RIPE community formed in 1989. When the RIPE Network Coordination Centre (NCC) was created three years later and started to assign and allocated IP address space, the database was expanded to include the registration of more detailed network and routing information. more