Google Engineer Ben McIlwain on Why HSTS Could Be a Perfect Fit for .Brands Security

The Google-run .app TLD was always destined to draw attention and scrutiny, from the moment it fetched a then-record ICANN auction price of $25 million. Since it reached General Availability in May it has gained more than 250,000 registrations making it one of the world's most successful TLDs. However perhaps more interesting was Google's choice to add the .app TLD and its widely used .google extension to the HTTP Strict Transport Security (HSTS) Top-Level Domain preload list, offering an unprecedented level of security for all domains under .google and .app. more

Inter Mundos: ICANN’s Accountability is a Matter of Human Rights

The debate over the IANA Functions transitions has captivated the minds of all stakeholders. The U.S. Commerce Department's National Telecommunications and Information Administration (NTIA) has announced that they intend to transition key Internet domain name functions to the global multistakeholder community. Thus, we find ourselves in the midst of a transition between worlds. All stakeholders are pondering the following questions: what should be the appropriate transition? What should be our goal? more

Broadband Giants Stay Neutral on Network Funding

It looks as if the big boys like AT&T, Verizon and Comcast are passing on the stimulus money. The official reason is that they don't need it, that they enough cash on hand to build out their networks on their own. Fair enough. Perhaps the funding should be reserved for those more in need, those that just need a boost to fund a new business model or expand service. But there are probably other reasons. more

Types of Attack

A lot of pixels have been spilled in the last few years about "advanced persistent threats" (APT); if nothing else, any high-end company that has been penetrated wants to blame the attack on an APT. But what is an APT, other than (as best I can tell) an apparent codename for China? Do they exist? After thinking about it for a while, I came up with the following representation... more

The Early History of Usenet, Part VII: Usenet Growth and B-News

For quite a while, it looked like my prediction – one to two articles per day – was overly optimistic. By summer, there were only four new sites: Reed College, University of Oklahoma (at least, I think that that's what uucp node uok is), vax135, another Bell Labs machine – and, cruciallyy, U.C. Berkeley, which had a uucp connection to Bell Labs Research and was on the ARPANET. more

Internet Society Seeks Nominations for Board of Trustees

Are you passionate about preserving the global, open Internet? Do you have experience in Internet standards, development or public policy? If so, please consider applying for one of the open seats on the Internet Society Board of Trustees. The Internet Society serves a pivotal role in the world as a leader on Internet policy, technical, economic, and social matters, and as the organizational home of the Internet Engineering Task Force (IETF). more

Proposed Changes to Australia’s Data Retention Laws Likely to Be Costly

Australians may lose their right to privacy online if the attorney-general has her way. Nicola Roxon's discussion paper is before a parliamentary inquiry. Proposals include storing the social media and other online and telecommunications data of Australians for two years, under a major overhaul of Australia's surveillance laws. The government passed a toned down version of these proposals last week, giving police the power to force telcos to store data on customers for a specific period while a warrant is sought. more

The Next Green Initiative is Internet Sustainability

We are all aware of the pollution caused by burning coal and combusting oil. The results are obvious: exhaust spewing from vehicles, factories, and power plants. Many of us don't realize we are actively contributing to the unnecessary burning of energy (natural gas and coal in the US) to power the Internet. We wag our fingers at Internet Service Providers (ISPs) and data centers, but the fact is that our own organizations are wasting electricity every single hour out of ignorance or apathy. more

A Bigger Boat: Application Security Outgrows Capacity for CIOs

There is a classic scene in the movie, "Jaws," when Roy Scheider gets a look at the size of the shark circling his fishing vessel and says, "We're going to need a bigger boat." The same case can be made for CIOs dealing today with application security. Hackers from all over the world are circling business and government like great whites looking for vulnerabilities in Internet-facing applications. The growth of applications is great for doing business but they have become chum in the water for predators. more

IPv6’s Long March

With the thousands of IPv6 controlled lights dimming over the 2008 Olympics, the long march on the road to IPv6 continues as the Olympic IPv6 Workout enters history. The early objective of full commercial deployment for 2008 proved elusive and more realistic goals were set and met with success. Not wasting any time, the starting shot toward commercial deployment followed on the heels of the closing ceremony with the august 25th announcement... more

Meeting Report: ICANN’s Registration Data Request Service Requestor Experiences

During CSG Open Working Session at ICANN79, Members from the ICANN Community were invited to an open meeting to share their experiences with Registration Data Request System (RDRS) from the Requestor side. As President of the Edgemoor Research Institute (ERI), I had the honor to present the keynote address and I am pleased to be able to provide you with ERI's report of the meeting. more

Addressing 2015 - Last One Standing!

Time for another annual roundup from the world of IP addresses. What happened in 2015 and what is likely to happen in 2016? This is an update to the reports prepared at the same time in previous years, so let's see what has changed in the past 12 months in addressing the Internet, and look at how IP address allocation information can inform us of the changing nature of the network itself. more

Why are *.edu’s Compromised so Much?

When it comes to the problem of outbound spam, one of the experiences that I have, and this was reaffirmed at TechEd, is that the number one source of compromised accounts are educational institutions. That is to say, whenever we have an outbound spam problem and have to hunt down where it is coming from, the highest number of these accounts are phished accounts/credentials from users at an educational institution. Why is this? Why does so much spam originate from universities? more

Public and Private Infrastructure Investment Alternatives

Eric Yuan, CEO of the Zoom teleconferencing service, stated that the average number of daily meeting recipients increased from 10 million in December 2019 to 200 million in March 2020 in a webinar last month. I've been teaching 21 students using Zoom as a result of the COVID-19 pandemic, and the audio and video are smooth, and switching between speakers is seamless. Offhand, I cannot think of any technology that has scaled so well so fast. more

Real. Or. Phish?

After Epsilon lost a bunch of customer lists, I've been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen -- not least because it'll be interesting to see where this data ends up. Recently I got mail from Marriott, telling me that "unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list."... more