Usenet, Authentication, and Engineering (or: Early Design Decisions for Usenet)

A Twitter thread on trolls brought up mention of trolls on Usenet. The reason they were so hard to deal with, even then, has some lessons for today; besides, the history is interesting. (Aside: this is, I think, the first longish thing I've ever written about any of the early design decisions for Usenet. I should note that this is entirely my writing, and memory can play many tricks across nearly 40 years.) more

Spam Now Over 90% of All Email, Increasing Volumes Involve Social Networking Sites

Spam levels have increased by 5.1% since last month, reaching heights of 90.4%, according to latest report from Symantec's MessageLabs Intelligence... The majority of this increase in spam in May was comprised of messages with very little content other than a subject line and valid hyperlink, says the report. "Each hyperlink pointed to a different active profile on one of a number of major social networking environments. The profiles were likely created using random names and automated CAPTCHA-breaking tools. Moreover, the emails were sent from valid webmail hosting providers, which means they were not spoofed, as has been the case in the past for these types of domains." more

A Cynic’s View of 2015 Security Predictions - Part 3

A number of security predictions have been doing the rounds over the last few weeks, so I decided to put pen to paper and write a list of my own. However, I have a quite a few predictions so I have listed them over several blog posts. After all, I didn't want to bombard you with too much information in one go! Part three examines the threats associated with data breaches. more

Web Encryption - It’s Not Just for E-Commerce, Anymore

Last week, I re-tweeted Cloudflare's announcement that they are providing universal SSL for their customers. I believe the announcement is a valuable one for the state of the open Internet for a couple of reasons: First, there is the obvious -- they are doubling the number of websites on the Internet that support encrypted connections. And, hopefully, that will prompt even more sites/hosting providers/CDNs to get serious about supporting encryption, too. Web encryption -- it's not just for e-commerce, anymore. more

IPv6 a Case of Confirmation Bias

Is the glass half full or half empty? The human reflex of selective deafness to information or arguments countering one’s established believes lives on. The ISOC organized lunchtime IPv6 panel at IETF 74 in San Francisco illustrates the point... more

Live Webcast Thursday March 28 of ION Singapore IPv6 and DNSSEC Sessions

For those of you interested in IPv6 and/or DNSSEC, we'll have a live webcast out of the Internet Society's ION Singapore conference happening tomorrow, March 28, 2013, starting at 2:00pm Singapore time. more

WHOIS Policy at ICANN Continues to Fail

ICANN has once again acceded to the wants of contracted parties and is at risk of abdicating its duty to act in the global public interest when it comes to WHOIS policy. Its inability or unwillingness to date to reign in bad WHOIS policy, driven by contracted party interests, flies in the face of its previously-expressed policy goal “to ensure the continued availability of WHOIS to the greatest extent possible while maintaining the security and stability of the Internet’s system of unique identifiers.” more

Phishing 2020: A Concentrated Dose of Badness

How much phishing is there? Where is it occurring, and why? How can it be reduced? I and my colleagues at Interisle Consulting have just published a new study called Phishing Landscape 2020, designed to answer those questions. We assembled a deep set of data from four different, respected threat intelligence providers and enriched it with additional DNS data and investigation. The result is a look at phishing attacks that occurred in May through July 2020. more

Network Dis-Aggregation and SDN: Different, But Related

Two of the hottest trends in networking today are network dis-aggregation and SDN. This is great for many reasons. It's also confusing. The marketing hype makes it hard to understand either topic. SDN has become so vague that if you ask 10 experts what it means, you are likely to get 12 different answers. Network dis-aggregation seems straightforward enough until it gets confused with SDN. We need to take a step back. In a recent Packet Pushers blog post; I start with a simple explanation of each of these trends and then map how they interact. more

According to the Department of Homeland Security, Cybercrime Is a Bigger Threat Than Terrorism

An article in Forbes the other day reports on US Secretary of Homeland Security Janet Napolitano's comments that 'cybercrime represents the "greatest threat and actual activity that we have seen aimed at the west and at the United States" in addition to "or other than Al Qaeda and Al Qaeda-related groups."' ..."Napolitano cited a study commissioned by Symantec that put the total worldwide cost of cybercrime at $388 billion -- higher than the global market for heroin, cocaine and marijuana combined." more

What’s With the 32-Bit Numbers That the Internet Keeps Defying?

By now you might have read the news "How 'Gangnam Style' Broke YouTube?" What happened is that a YouTube video named 'Gangnam Style' by a South Korean singer Park Jae-sang, known by his stage name PSY, has been viewed so many times that it broke YouTube's view counter. YouTube's view counter is built on a 32-bit integer, which provides a view-tracking capability of nearly 2.15 billion views. more

GoDaddy Laying Off 8% of Its Workforce Amid Uncertain Macroeconomic Environment

GoDaddy has announced a plan to reduce its global team size by 8%. The move will affect multiple levels in the company, as well as its three brands -- Media Temple, Main Street Hub, and 123 Reg. more

On the Success of Malware

There's often a lot of discussion about whether a piece of malware is advanced or not. To a large extent these discussions can be categorized as academic nitpicking because, at the end of the day, the malware's sophistication only needs to be at the level for which it is required to perform -- no more, no less. Perhaps the "advanced" malware label should more precisely be reattributed as "feature rich" instead. more

DNSSEC Signed ROOT by 1 July 2010

Mehmet Akcin writes: As announced today as part of RIPE meeting in Lisbon, Portugal by Joe Abley, DNS Group Director at ICANN, and Matt Larson, Vice President of DNS Research at VeriSign, in their presentation (Page 25), DNSSEC for the root zone is proposed to be fully deployed by July 1, 2010. The Draft Timeline suggests Root zone being signed by December 1, 2009 while initially staying internal to ICANN and VeriSign. The incremental roll out of the signed root would then take place from January until July 2010. more

Who Makes the Any Apps Any Handset Call?

The Wall Street Journal today reported that FCC Chairman Kevin Martin wants to reject a Petition for Declaratory Ruling filed by Skype that would establish a wireless Carterfone policy, i.e., that wireless carriers must allow subscribers to use any compatible handset to access any application, content or software. Chairman Martin has confidence that the marketplace solutions obviate any necessary FCC intervention. Such optimism must derive in part from the apparently newfound willingness of one major wireless carrier, Verizon, to support aspects of open access. Perhaps Chairman Martin has confidence in the marketplace based on the magnanimous offer of most wireless carriers to pro-rate their early termination penalties by $5 a month. But here's the rub... more