Doing Crypto

The recent discovery of the goto fail and heartbleed bugs has prompted some public discussion on a very important topic: what advice should cryptologists give to implementors who need to use crypto? What should they do? There are three parts to the answer: don't invent things; use ordinary care; and take special care around crypto code. more

Google License to Operate in China Renewed

Google Inc. today announced via its official blog that the Chinese government has renewed its license and that it will continue to operate in China. Google further notes: "We currently automatically redirect everyone using Google.cn to Google.com.hk, our Hong Kong search engine. This redirect, which offers unfiltered search in simplified Chinese, has been working well for our users and for Google. However, it's clear from conversations we have had with Chinese government officials that they find the redirect unacceptable -- and that if we continue redirecting users our Internet Content Provider license will not be renewed (it's up for renewal on June 30). Without an ICP license, we can't operate a commercial website like Google.cn -- so Google would effectively go dark in China." more

Wikileaks, the CIA, and the Press

As you've probably read, WikiLeaks has released a trove of purported CIA documents describing their hacking tools. There's a lot more that will be learned, as people work their way through the documents. For now, though, I want to focus on something that's being misreported, possibly because of deliberately misleading text by WikiLeaks itself. Here's the text from WikiLeaks... more

ICANN Policymaking Should Be Even More Transparent

Transparency and accountability are embedded in ICANN's core values. Indeed, ICANN's Bylaws mandate that "ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner ...". Public Interest Registry believes that a dedication to transparency is fundamental to the strength and continued effectiveness of ICANN's multistakeholder model. more

From ICANN57 Hyderabad to the 3rd WIC Wuzhen Summit: A Moment of Consensus on Internet Governance

Two events that happened last month deserve an additional note. One is the ICANN57 conference held in Hyderabad on November 3-9. The other is the 3rd World Internet Conference Wuzhen Summit held in Zhejiang Province on November 16-18. Though being completely overwhelmed by the result of President election in the United States, both events mark the victory of non-state actors and serve as good news for the community. more

ICANN, NTIA, Verisign and ANA Weighing In on ‘Name Collisions’ and the Readiness of New gTLD Program

Gregory S. Shatan of Reed Smith writes: "Last week, ICANN (the organization that oversees the domain name system of the Internet) was busy with nothing less than the security and stability of the Internet. At ICANN's recent meeting in Durban, those of us attending heard a drumbeat of studies, presentations and concerns regarding "name collisions": the conflicts that will arise when new gTLDs go live and conflict with existing top-level extensions in private networks..." more

Microsoft Launches AI-driven’ Security Copilot’ to Help Companies Fight Hacking Attempts

Microsoft continues to integrate new artificial intelligence technology into its products and today announced a cybersecurity "copilot" to help companies track and defend against hacking attempts. This tool is part of Microsoft's attempt to dominate the fast-growing field of "generative" AI. more

CENTR Reports Decreased Growth in European ccTLDs

According to the latest quarterly report from the Council of European National Top-Level Domain Registries (CENTR), the median growth in European ccTLDs during 2019 was recorded at 2.4% YOY, down from the 3.1% recorded at the same time in 2018. more

CNN.Com, Politically Motivated DDoS, and Asymmetric Warfare

Once again I find myself thinking about the nature of the asymmetric warfare threat posed by politically motivated DDoS (Estonia in 07, Korea in 02, and now China vs. CNN in 08). I keep thinking about it in terms of asymmetric warfare, a class of warfare where one side is a traditional, centrally managed military with superior uniformed numbers, weaponry, and skill. On the other we have smaller numbers, usually untrained fighters with meager weapons, and usually a smaller force. Historical examples include the North Vietnamese in the 20th century and even the American Revolution in the 18th century. Clearly this can be an effective strategy for a band of irregulars... more

ITU Becomes Trans-Sectoral

Very little was said about telecommunications during the official speeches and forums at ITU Telecom World 2009. The industry is even talking about changing its focus from telecommunications to ICT [United Nations Information and Communication Technologies Task Force], Discussions are now focusing on how ICT can be used to underpin the various socio-economic developments that are taking place. more

Can We Really Blame DNSSEC for Larger-Volume DDoS attacks?

In its security bulletin, Akamai's Security Intelligence Response Team (SIRT) reported on abuse of DNS Security Extensions (DNSSEC) when mounting a volumetric reflection-amplification attack. This is not news, but I'll use this opportunity to talk a bit about whether there is a trade-off between the increased security provided by DNSSEC and increased size of DNS responses that can be leveraged by the attackers. more

Google Rebrands Portfolio of Products and Services as ‘Google Cloud’

Google's enterprise business is officially rebranded as Google Cloud, the company announced today at a San Francisco event. more

A Record Year for Domain Name Disputes?

With just a little more than three months left in 2016, the number of domain name disputes filed at the World Intellectual Property Organization (WIPO) appears to be headed for a record year. According to public data published on the WIPO website, the current number of domain name disputes filed this year (as of this writing, September 27, 2016) is 2,228 - which would indicate that the total might reach 3,011 cases by December 31. more

MailChimp Not Quite Ready for PrimeTimeML

With perhaps the most coveted valuation in the Email Industry at close to $10B, MailChimp is considered the most forward-thinking ESP on the planet boasting 12M customers, with outstanding brand recognition and an incredible leadership suite. But when it comes to installing RealTimeML, it's lollygagging mainly because it has not justified the actual value to productionalize RealTimeML across its client base. And also, because it is a challenge to execute! more

Essential Cyber Security Steps for Your Business

Layered security is a concept that's important for anyone who wants to create a strong, successful defense strategy to understand. This is a strategy that relies on the use of multiple lines of defense in an attempt to repel any potential attacks. For this reason, it's based on the principle that says "no single form of protection is enough to stop a determined cybercriminal. more