Thoughts on the Best Western Compromise

The Sunday Herald reported on Sunday that Best Western was struck by a trojan attack that lead to the possible compromise of about 8 million victims. There is some debate as to the extent of the breach and not a small amount of rumor going around. I'm not entirely disposed to trust corporate press releases for the facts, nor am I going to blindly accept claims of security researchers whose first call is to the PR team when discovering a problem. That said, here is what seems to be the agreed upon facts... more

Internet Watch Foundation Uses Hashes to Block Child Abuse Material

Last week during the ICANN meeting in Barcelona I attended a short presentation from the Internet Watch Foundation (IWF). Their mission is pretty simple: ...eliminate child sexual abuse imagery online. Fortunately, the presentation I was at did not include any of the actual material (which would have been illegal anyway) but even without seeing any of it the topic is one that I think most people find deeply disturbing. more

The Importance of Contributing to the ITU CWG-Internet Open Consultation by 1 August 2013

The Council Working Group on international Internet-related public policy issues (CWG-Internet) was established as a result of resolutions at the 2010 ITU Plenipotentiary to discuss a wide range of Internet issues that had public policy implications... These are all issues that concern all stakeholder groups in the Internet ecosystem. And, indeed, these are all issues being discussed in varying levels of detail by all stakeholder groups. The difference with the CWG-Internet, however, is that both its documents and meetings are closed to all non-Member State representatives. more

Searching for Truth in DKIM: Part 4 of 5

Once you've determined that you can trust the signer of a message, as we discussed in part 3, it's easy to extrapolate that various portions of the message are equally trustworthy. For example, when there's a valid DKIM signature, we might assume that the From: header isn't spoofed. But in reality, DKIM only tells us two basic things... more

Transparency Meets Sustainability: Announcing the SDIA Open Data Hub

Last month, the Sustainable Digital Infrastructure Alliance (SDIA) announced our Open Data Hub, a resource that's meant to boost transparency, trust, and data availability to help researchers, industry, and society realize a sustainable digital economy. It is essentially our answer to the challenge recognized across the sector: that the lack of reliable data is one of the most foundational issues we face in creating a sustainable ICT ecosystem. more

Google Launches Project to Track Encryption Efforts - Both Internally and at Other Popular Sites

Google launched today a new effort to track the progress of encryption efforts - both at Google and on other popular websites. Google hopes the project will hold the company and others accountable to encrypt so as to enhance web safety and security. more

INET DC, Weds, July 24: Surveillance, Cybersecurity and the Internet’s Future (Livestream available)

Are you concerned about the recent reports about government surveillance programs? Are you concerned about security and privacy online? If so, you may want to attend (in person or remotely) the INET Washington DC event happening on Wednesday, July 24, from 2:00 - 6:00 pm US Eastern time at George Washington University. Sponsored by the Internet Society and GWU's Cyber Security Policy and Research Institute, the event is free and open to the public and will also be streamed live on the Internet for those who cannot attend in person. more

How a ‘Defensive Registration’ Can Defeat a UDRP Complaint

A company that registers a domain name containing someone else's trademark may be engaging in the acceptable practice of "defensive registration" if (among other things) the domain name is a typographical variation of the registrant's own trademark. That's the outcome of a recent decision under the Uniform Domain Name Dispute Resolution Policy (UDRP), a case in which the domain name in dispute, idocler.com, contained the complainant's DOCLER trademark -- but also contained a typo of the respondent's DOLCER trademark. more

Just One Bit

I'm never surprised by the ability of an IETF Working Group to obsess over what to any outside observer would appear to be a completely trivial matter. Even so, I was impressed to see a large-scale discussion emerge over a single bit in a transport protocol being standardized by the IETF. Is this an example of a severe overload of obsessive-compulsive behaviour? Or does this single bit represent a major point of design principle... more

Internet Consolidation at EuroDIG 2019: Questions in Need of Answers

At EuroDIG 2019 a workshop was organised around the topic of consolidation on the Internet. It was organised around four angles: technique, competition, society and human rights and; future research. One thing became extremely clear: no one contested that consolidation is taking place nor that this already has and will have an impact on the Internet and consecutively on society. more

A New Frontier for the Global South

The Fund for Internet Research and Education - FIRE - is an initiative of AFRINIC that gives Grants and Awards to outstanding projects that use the Internet to provide innovative solutions to Africa's unique education, information, infrastructure, and communication needs. FIRE Africa is part of an initiative called The Seed Alliance that has LACNIC's FRIDA Program, APNIC's ISIF.Asia program, and the Internet Society as members. more

eco to Address the Impact of Brexit on the Domain Industry

eco, which is the largest internet industry association in Europe, is holding a virtual meeting later this month to discuss Brexit. The meeting, which is scheduled for July 27th at 1200 UTC, will be the first of several dialogues among industry to discuss the potential impact of the UK's exit from the EU on the domain name industry. As I mentioned in a recent post, the exit of the UK from the EU has an "unknown" impact on how domain name registries and registrars will interact with UK based registrants. more

How Will Rural Chileans Use SpaceX Starlink?

The Chilean Undersecretary of Telecommunications (SUBTEL) has begun a year-long pilot study of SpaceX's Starlink satellite Internet service. I don't know how many test locations they are planning, but the first two have been selected. Last week I discussed the first, the John F. Kennedy school in Sotomó, an isolated town at 41.6° South on a fjord in Chile's Lake Region, and the second will be in Caleta Sierra on the coast about 1,200 miles north of Sotomó. SpaceX is also considering a European pilot study in Georgia and perhaps (hopefully) others. more

NSA to Stop Collecting American Emails To and From Overseas

U.S. National Security Agency (NSA) will halt its controversial warrantless surveillance program which collects Americans' emails and texts sent to and from people overseas and that mention a foreigner under surveillance, according to a New York Times report today. more

There are Reports of Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks, NGOs

In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation's President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns. more