Emergency Patch Issued for Samba, WannaCry-type Bug Exploitable with One Line of Code

The team behind the free networking software Samba has issued and emergency patch for a remote code execution vulnerability. more

The 3 Biggest Challenges Facing New gTLDs

When ICANN announced the nTLD program, thousands of applicants threw their hats in the ring. It seemed pretty straight forward; the existing TLDs were running out of short meaningful options, all that was needed was to create newer options that would be more relevant for specific sets of customers. Years later, the process is well underway; hundreds of nTLDs have hit the market, yet less than 10% of those that have gone live seem to have found success. more

gTLD.club, New Site Focused on New gTLDs

Participant Jean Guillon submits the following text about a new website gTLD.club which is focused on new generic Top-Level Domains. more

NTIA Asks New gTLD Applicants to Submit Public Interest Commitments

Kevin Murphy reporting in Domain Incite: The National Telecommunications and Information Administration said today that all new gTLD applicants, even those that have not already been hit by government warnings, should submit Public Interest Commitments to ICANN. In a rare comment sent to an ICANN public forum today, the NTIA suggested that applicants should use the process to help combat counterfeiting and piracy. ... NTIA said that applicants should pay special attention in their PICs to helping out the "creative sector". more

Study Reveals 76% of Internet Users Vulnerable to Browser History Detection

A recent study reveals a browser history detection method, largely dismissed as an issue with minimal impact, can in fact be used against a vast majority of Internet users with significant malicious potential. Researchers, Artur Janc and Lukasz Olejnik, analyzed real-world results obtained from 271,576 Internet users and have reported the results in a paper titled, "Feasibility and Real-World Implications of Web Browser History Detection". more

BGP Security: A Gentle Reminder that Networking is Business

At NANOG on the Road (NotR) in September of 2018, I participated in a panel on BGP security -- specifically the deployment of Route Origin Authentication (ROA), with some hints and overtones of path validation by carrying signatures in BGP updates (BGPsec). This is an area I have been working in for... 20 years? ... at this point, so I have seen the argument develop across these years many times, and in many ways. more

Fear of Disaster: 5 Tips to Help Enterprises Cope

IT disasters can strike anywhere, anytime. In 1983, a faulty Soviet warning system nearly precipitated World War III -- the system claimed five missiles were en route from the U.S. Only quick thinking by Lt. Col. Stanislav Petrov saved the day when he realized the United States would never launch so few warheads. And in 2004, a private contractor working with the British Child Support Agency (CSA) suffered a glitch that overpaid 1.9 million people and underpaid 700,000. more

Identify DDoS Attacks with External Performance Monitoring (Part 2 of 3)

In Part One of this series, we examined internal server, network and infrastructure monitoring applications. Now let's take a look at another way to capture DDoS information: external performance monitoring... Unlike network/infrastructure tools - which are usually installed inside a customer's network - external performance monitoring solutions are typically provided by a third party and leverage monitoring locations from around the world. more

Trust, but Verify

We are at an inflection point in our lifetimes. The Internet is broken, seriously broken... Almost all of the systems currently in use on the Internet are based on implicit trust. This has to change. The problem is that these systems are so embedded in our everyday lives that it would be, sort of like, changing gravity, very difficult. more

Dot Brand Trends and Recent Launches

Our latest research shows that dot brand domains continue their qualitative and quantitative growth. We carried out a complete cycle of analysis in April 2017, and found that brands had registered 6,505 domains in their Top Level Domains, which represents a progression of 3% compared to February 2017. 761 actual websites are published on these domains, which represents an increase of 6% form February 2017. more

Facebook Outage Possibly Global

Craig Labovitz reporting from Arbor Networks: "We use ATLAS data to graph Facebook (AS32934) traffic with 80 ISPs around the world between 5pm September 22 and 5pm EDT today. You can see Facebook traffic plummet around 1:30pm and return shortly after 4pm. From a quick glance at the data, the outage appears to be global (impacting most of the 80 ISPs)." more

Greatest Internet Landgrab in History

Paul Sloan reporting in CNET: "ICANN tomorrow will reveal who is going after what new domain extensions, paving the way for a very different looking Web. Prepare for dot-madness... It's not just the hard-core denizens of the domain world that are going after new TLDs, which are also known as 'strings.' Others are jumping into the fray. The most intriguing is Google, which in late May revealed that it's applying for an undisclosed number of strings, including .Google, .YouTube, .docs, and .lol..." more

Why Don’t We Have Peak and Off-Peak Pricing for Broadband?

I saw a poster on the London Underground yesterday, and as is often the case it got me thinking about the parallels with telecoms. The poster explains the peak and off-peak fare structure for tube travel. The purpose of this pricing system is to manage the relationship between supply and demand in a system that is capacity constrained. Over short and medium timescales the supply is essentially fixed, and demand can oversaturate that supply. more

Is the U.S. Dancing to a Different Drummer?

Is the United States in full retreat from internationally recognized regulatory best practice? Or is it instead headed toward some different destination -- "dancing to the beat of a different drummer"? Where is this likely to lead? The following is an introduction to a paper, published by IDATE, from J. Scott Marcus, a Senior Consultant for WIK-Consult GmbH: "...What has radically changed is telecoms regulatory practice in the United States. The U.S., in a long series of regulatory decisions, has largely abandoned its long-standing regulatory principles and moved in an entirely new direction." more

ICANN Appoints IID’s Rod Rasmussen to Its Security and Stability Advisory Committee

ICANN has appointed IID President and CTO Rod Rasmussen to its Security and Stability Advisory Committee (SSAC). An area that Rasmussen's work and recent SSAC reports have both covered in-depth is domain name hijacking. Recent hijackings against UFC.com and Coach.com, and similar past attacks against CheckFree, Comcast and Twitter have heightened awareness about the security dangers with the Internet's infrastructure. more