DNSSEC - Let’s Stay the Course!

I don't know about you, but I'm starting to think that DNSSEC being so hot these days is a mixed blessing. Yes, it's wonderful that after so many years there is finally broad consensus for making DNSSEC happen. But being so prominent also means the protocol is taking shots from those who don't want to make the necessary software, hardware and operational modifications needed. And DNSSEC has taken some shots from those who just want to be contrarian. more

Trump Wants to Change the Communications Decency Act

Section 230 of the Communications Decency Act (CDA), says that "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." The law was passed in 1996 in order to shield ISPs that transported content or platforms that hosted it from lability. Bloggers were not responsible for comments on their posts, YouTube and Facebook were not responsible for things users posted, etc. more

The Incredible Value of Passive DNS Data

If a scholar was to look back upon the history of the Internet in 50 years' time, they'd likely be able to construct an evolutionary timeline based upon threats and countermeasures relatively easily. Having transitioned through the ages of malware, phishing, and APT's, and the countermeasures of firewalls, anti-spam, and intrusion detection, I'm guessing those future historians would refer to the current evolutionary period as that of "mega breaches" (from a threat perspective) and "data feeds". more

Stay Current, Achieve Excellence: 4 Emerging Cloud Techniques

How do you achieve excellence in the cloud? Enterprises know it's not enough to simply locate and leverage the services of a cloud provider: using cloud resources effectively marks the difference between "adequate" and "excellence" in achieving long-term IT and revenue goals. But to maximize cloud use, you need to know what's next for this disruptive market: here are four emerging techniques. more

The NameSentry Report: Benchmarking Abuse Levels in the Domain Name Industry

On July 10th Architelos released the first NameSentry Report, benchmarking abuse levels in the domain name industry. For some time now, a debate has raged about the potential impact of new gTLDs on Internet safety and security, namely abusive registrations such as phishing, spam, malware, and so on. However, without benchmarking the current state, how can we realistically evaluate if new gTLDs have made any measureable difference in the level of abuse? more

Internet and the Telecommunication Acts of 1900

On his blog Bruce Schneier recently published a post called "Power and the Internet". An article that most people in the western world will agree with. Internet freedom against Internet safety and security, the powerful have a lot of power to wield and the rest is at best ad hoc organised or fairly powerless lobby organisations. So who is likely to win? Vested interests, he warns. more

Will We Ever End Legacy Telephone Networks?

Anybody not involved in the telephone business will probably be surprised to find that the old TDM telephone networks are still very much alive and in place. The old technologies were supposed to be phased out and replaced by digital technologies. The FCC started talking about this before 2010. In 2013, Tom Wheeler, the FCC Chairman at the time, announced an effort to force the needed changes, which was dubbed the IP Transition. more

Five Thousand SpaceX Starlink Terminals for Ukraine

On March 1, I wrote that a small number of SpaceX Starlink terminals had arrived in Ukraine, and they would be an important asset for distribution to selected government and resistance leaders and journalists. I didn't know who would get the terminals or how many there were, but it was a single truckload. A week or so later, we learned that two more shipments of terminals had arrived and fifty of them went to DTEK, a company struggling to repair Ukrainian electrical infrastructure. more

Identifying Spam: MAAWG’s Latest Documents Improve Accuracy of Reputation Systems

The Messaging Anti-Abuse Working Group (MAAWG), of which Return Path (my employer) is a very active participant, met recently in Heidelberg, Germany. Among other exciting projects, they finished two new best practices documents which have been lauded in the press as a big step towards stopping botnet spam... more

Ethical Hacking: Turning The Tables to Boost Cyber Security

Hacking remains a huge problem for businesses. As noted by MarketWatch, more than 175 data breaches have already happened this year, and in 2015 approximately 105 million adults in the United States had their personal information stolen. For companies, the stakes are huge: Compromised systems not only damage the bottom line but can severely impact public opinion. more

Balancing Rights: Mark Owners, Emergent Businesses, and Investors

Is there any act more primary than naming? It comes before all else and makes possible what follows. For the most part, names are drawn from cultural assets: collections of words, geographic locations, family names, etc. They can be valuable, which is why they are guarded, protected, and hoarded. The balancing of rights among those competing for names is a deliberate feature of the Uniform Domain Name Dispute Resolution Policy (UDRP). more

Google Reported to Be Pushing Trump Administration for Exemption on Huawei Ban, Citing Security Risk

Reports on Friday said Google has indicated that the Huawei ban poses security risks for US consumers and is asking the Trump administration for an exception. According to a report by the Financial Times, Google executives are warning the ban will force China to develop its own Android software independent from Google and thus leading to security flaws and bugs. more

Asserting but Not Proving Cybersquatting Under the UDRP

Having trademarks (registered or unregistered) is the prerequisite for maintaining a UDRP, but having one is not conclusive of either Respondent’s lack of rights or legitimate interests or that it registered and is using the domain name in bad faith. The cautionary tale in many of these cases, especially for the Complainant who has the burden of proof, is that it has to satisfy each of the elements in the three subsections... more

White House on SOPA: Protecting Intellectual Property Must Not Threaten Open, Innovative Internet

The White House today released a response to SOPA and PIPA petitions and the legislative approaches to combat online piracy. The response is prepared by Victoria Espinel, Intellectual Property Enforcement Coordinator at Office of Management and Budget, Aneesh Chopra, U.S. Chief Technology Officer, and Howard Schmidt, Special Assistant to the President and Cybersecurity Coordinator for National Security Staff. more

New Zealand’s Top-Level Domain Manager Seeking New Registry Service Provider for .nz

The manager for .nz announced today that they have launched a registry replacement process and are calling for expressions of interest from potential service providers by November 29th. more