Significant Uptick Reported in Targeted Internet Traffic Misdirection

Jim Cowie of Renesys reports: Traffic interception has certainly been a hot topic in 2013. The world has been focused on interception carried out the old fashioned way, by getting into the right buildings and listening to the right cables. But there's actually been a significant uptick this year in a completely different kind of attack. more

Back to the Future Part IV: The Price-Fixing Paradox of the DNS

GenX-ers may remember spending a summer afternoon at the movie theater and seeing the somewhat corny but beloved antics of Marty McFly and Doc as they used a souped-up Delorean to travel the space-time continuum. In Back to the Future Part II, Doc and Marty travel into the future, where the bullying, boorish Biff causes a time-travel paradox when he steals the Delorean and takes a joyride into the past to give his younger self a sports almanac containing the final scores of decades worth of sporting events. more

Justice Department Recommends That the FCC Deny the Proposed ARCOS Cable Segment Connecting Florida and Cuba

In September 2020, I wrote a post on a proposed 56-kilometer link between the ARCOS undersea cable and the north coast of Cuba, near Havana. The Trump-appointed Justice Department Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector was to conduct a 120-day security review of the proposal. more

The Domain Name System: A Cryptographer’s Perspective

As one of the earliest protocols in the internet, the DNS emerged in an era in which today's global network was still an experiment. Security was not a primary consideration then, and the design of the DNS, like other parts of the internet of the day, did not have cryptography built in. Today, cryptography is part of almost every protocol, including the DNS. And from a cryptographer's perspective, as I described in my talk at last year's International Cryptographic Module Conference (ICMC20), there's so much more to the story than just encryption. more

Finding the Holes in Your Application Security Blanket

Last month, application security provider Veracode came out with a study that stated that more than half of all enterprise applications aren't secure. The company tested approximately 2,900 applications over an 18-month period, and 57 percent failed to meet Veracode's "acceptable levels" of security. While this study gained a tremendous amount of traction in the media... it does not focus on the bigger issue... more

Open Access for Apartment Buildings

San Francisco recently passed an interesting ordinance that requires that landlords of apartments and multi-tenant business buildings allow access to multiple ISPs to bring broadband. This ordinance raises all sorts of regulatory and legal questions. At the most recent FCC monthly meeting, the FCC jumped into the fray and voted on language that is intended to kill or weaken the ordinance. more

Twitter Reschedules Critical Maintenance to Avoid Down Time for Demonstrators in Iran

cores of Twitter users around the world thanked the social networking site, Twitter, today for its decision to postpone a scheduled maintenance which would take the service down for 90 minutes tonight at around 9:45 pm PST. Twitter has become a lifeline for Iranian demonstrators as the microblogging service is providing a vital means of communication amongst protesters as well as the outside world. In response to a large number of users on Twitter pleading the company to reconsider the timing of its scheduled maintenance -- given the sensitive timing in the Iran -- Twitter decided to reschedule the maintenance to a later time. more

ICANN Planning to Set Up Hubs in Singapore and Istanbul

ICANN is looking to set up two new hubs in Singapore and Istanbul to serve the Asia-Pacific, and Europe, Middle East and Africa (EMEA) markets. "Asia has not been well-embraced by ICANN in the past. We owe Asia a big apology," Fadi Chehade, CEO of the organization responsible for administrating the world's Web traffic, said in an interview with ZDNet. more

Reaching Google via Asia?

Across the Internet, yesterday, Google users twittered, blogged and emailed that Google search and mail were not usable. And, yesterday afternoon, on Google’s official blog, Urs Hoelzle reported that Google “direct[ed] some […] web traffic through Asia”... Even though Google is very well-connected to a diverse set of other networks, two of these relationships predominate. It is through these relationships that much of the Internet reaches Google... more

Eugene Kaspersky: We Need Interpol for Internet, Law Enforcement Agencies Have Jurisdictional Limits

Eugene Kaspersky, co-founder of Internet security software Kaspersky Lab, was recently interviewed PC World where he talked about his views regarding cybersecurity and the evolution of malware. In response to fixing the problems with malware on the Internet, Kapersky says: "The Internet was never designed with security in mind. If I was God, and wanted to fix the Internet, I would start by ensuring that every user has a sort of Internet passport: basically, a means of verifying identity, just like in the real world, with driver's licenses and passports and so on. The second problem is one of jurisdiction. The Internet has no borders, and neither do the criminals who operate on the Internet. However, law enforcement agencies have jurisdictional limits, and are unable to conduct investigations across the globe. ... There is no such thing as anonymity on the Internet, for the average user." more

So Many Nonprofits Have Trusted Dot Org for So Long

ICANN's Board will meet soon, perhaps even tomorrow, to discuss the dot-org domain sale. It is a pivotal inflection point in the history of Internet governance. When Internet Society (ISOC) was awarded the dot-org domain over ten other bids in 2002, evaluators voiced concerns about their ability to steward it. The report explains: Some on the Committee expressed concern, however, that ISOC's associations extend only to the networking/connectivity community and not to a broader base... more

The geoTLD GDPR Survey 2018

The application of the European General Data Protection Regulation (GDPR) to the DNS is a hot topic within the ICANN community. However, since the implementation of the GDPR on May 25th, 2018, there has been little public data on: how many WHOIS data requests have been made at the registry level, and; how the registries are handling them. To further the factual and evidence-based discussion within the ICANN community, we gathered quantitative data about WHOIS access post-GDPR... more

My Telecom Predictions for 2021

It's that time of the year for me to get out the crystal ball and peer into 2021... The FCC Will Have Egg on its Face from the RDOF Grants. The reverse auction was a disaster in many ways, with a lot of the money going to companies that can't possibly do what they promised or companies that largely intend to make a profit by pocketing a lot of the grants. The FCC will have a chance to rectify some of the problems during the review of the long forms... more

Gas Pipeline Firms Under Targeted Phishing Attacks

The United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a warning about an active "spear phishing" campaign targeting companies in the natural gas pipeline sector. In an advisory issued last week, ICS-CERT said it has received information about targeted attacks and intrusions into multiple organizations over the past several months. more

ICANN Begins Accepting Applications for New gTLDs

ICANN announced today that after over seven years of planning, the organization has initiated the process for accepting applications for new generic top-level domains (gTLDs). "We believe this program will do what it's designed to do, which is open up the Internet domain-name system to further innovation," said Rod Beckstrom, ICANN chairman, during an event at the National Press Club in Washington today. More information on the Applicant Support program can be found on the ICANN New gTLD page. more