Maintaining Security and Stability in the Internet Ecosystem

DDoS attacks, phishing scams and malware. We battle these dark forces every day - and every day they get more sophisticated. But what worries me isn't just keeping up with them, it is keeping up with the sheer volume of devices and data that these forces can enlist in an attack. That's why we as an industry need to come together and share best practices - at the ICANN community, at the IETF and elsewhere - so collectively we are ready for the future. more

Privacy Commissioner Finds Facebook Violating Canadian Privacy Law

The Office of the Privacy Commissioner of Canada has released its long-awaited finding in the complaint against Facebook on a variety of privacy grounds. The complaint was launched by CIPPIC in May 2008 (note that I am an advisor to CIPPIC but had no involvement in this complaint). The case marks an important step in assessing how Canadian privacy law addresses social media with the Commissioner identifying some significant concerns. Moreover, as the case potentially heads to court, it will be closely watched to see whether the findings can be enforced against a global social media power like Facebook. more

Comcast Unleashes Trial DNS Redirection in Select States

In a post today on Comcast's blog, Chris Griffiths, DNS Engineering Manger, has informed customers that they have begun to role a DNS redirection service -- a controversial service offered by several other ISPs over the years to redirect mistyped URLs to ad-based pages instead of a typical 404 error page. The service called "Domain Name Helper Service" is being launched as a market trial in Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington according to the company. more

Global Paradigms We Relied Upon Were Destroyed Overnight - How Prepared Are You for New Realities?

Unprecedented new Political and Cyber Security Threats are happening at a scale that has never been witnessed before. These threats are large and malicious enough to take down nuclear programs, render oil refineries inoperable, and take billion-dollar websites offline (not to mention smaller ones). Recent events confirm that NO ONE IS IMMUNE. Despite the obvious warning signs, Internet business stakeholders the world over continue to act as if nothing has changed, and seem unaware that global paradigms have undergone a seismic shift almost overnight. more

DNSSEC Deployment Among ISPs: The Why, How, and What

It's no secret that Comcast has been leading the charge of DNSSEC deployment among ISPs. For the past couple years, Comcast has been testing and pushing for the widespread adoption of DNSSEC. In the spirit of increasing adoption, I thought I would interview the DNS gurus at Comcast to see what they've learned and what advice they would give other ISPs considering DNSSEC deployment. more

RIPE NCC to Hold Sixth IPv6 Focused Hackathon

The Regional Internet Registry for Europe, the Middle East and parts of Central Asia (RIPE NCC) together with Comcast and Danish Network Operator's Group (DKNOG), are organizing the sixth IPv6 focused hackathon. more

Update on China SatNet’s GuoWang Broadband Constellation – Can They Do It?

In 2020, China applied to operate GuoWang, a constellation of 12,992 low-Earth orbit (LEO) broadband Internet satellites, and in 2021, it became clear that it was intended to become China’s global LEO broadband constellation. Can they do it? Maybe, but it will take a long time. China does not have the capacity to launch 12,992 satellites today. I don’t know the mass of their planned satellites, but GuoWang is informally referred to as China’s answer to Starlink. more

Multiple (Even Random or Garbled) Domain Names to Bypass Spam Filters Not a Violation

The California Supreme Court issued its opinion in Kleffman v. Vonage, a case certified from the Ninth Circuit. The California Supreme Court held that the transmission of "commercial e-mail advertisements from multiple domain names for the purpose of bypassing spam filters" does not violate California's spam statute. more

Black Frog: Next Generation Botnet, No Generation Spam Fighting

Black Frog -- a new effort to continue the SO-CALLED Blue Security fight against spammers. A botnet, a crime, a stupid idea that I wish would have worked -- News items on Black Frog. Blue Frog by Blue Security was a good effort. Why? Because they wanted to "get spammers back". They withstood tremendous DDoS attacks and abuse reports, getting kicked from ISP after ISP. ...The road to hell is filled with good intentions. Theirs was golden, but they got to hell, quite literally, non-the-less. ...When Blue Security went down, some of us made a bet as to when two bored guys sitting and planning their millions in some café would show up, with Blue Security's business plan minus the DDoS factor. Well -- they just did. more

CNN Spam Outbreak Quickly Morphing Into a New Breed

This past week we have been seeing some heavy CNN spam -- that is, spam in the form of breaking news stories from CNN.com... These all look like legitimate news stories, and indeed, they probably are taken straight from an actual CNN news bulletin (I don't subscribe so I wouldn't know). Indeed, the unsubscribe information and Terms of Use actually link to actual CNN unsubscribe pages. However, if you mouse-over all of the news links, they go to a spam web page wherein the payload is either a spam advertisement or you click on another link to download a file and flip your computer into a botnet. more

Confirmed: Bill Clinton to Address ICANN Meeting in SF

A personal source close to Bill Clinton has confirmed to us that the former president will give the keynote speech ICANN meeting in San Francisco March 14-18. The meeting promises to produce far more electricity than sleepy NGO-lawyer-techie-academic-lobbyist ICANN attendees are used to. more

You Just Signed a Registry Contract With ICANN. What Are Your Plans?

Back on February 4, 2013, I wrote a CircleID post entitled 'How the registrar Cash Flow Model Could Collapse with New ICANN gTLDs.' My key point back then was this: new gTLD applicants need to be mindful of how the cash flow policies of their registry (and of their back-end service provider) could impact whether their TLD is actively promoted by ICANN registrars... registries have historically assumed near-zero risk. This is going to change. more

New gTLDs, Last-Minute End-Arounds, and Fundamental Fairness

The ICANN community is ever closer to realization of its goal to bring long-overdue consumer choice and competition to Internet naming. Regrettably, but perhaps predictably, reliance on the Final Applicant Guidebook (AGB) is being challenged at the last minute by recent proposals from the Business and Intellectual Property Constituencies (BC/IPC), which demand "improvements" to the already extensive trademark protections that will be part of the new gTLD landscape. more

Making DKIM More Useful with Domain Assurance Email

The IETF DKIM working group has been making considerable progress, and now has a close-to-final draft. DKIM will let domains sign their mail so if you get a message from fred@furble.net, the furble.net mail system can sign it so you can be sure it really truly is from furble.net. But unless you already happen to be familiar with furble.net, this doesn't give you any help deciding whether you want the message. This is where the new Domain Assurance Council (DAC) comes in... more

Running DNSBLs in an IPv6 World

DNS blacklists for IPv4 addresses are now nearly 15 years old, and DNSBL operators have gathered a great deal of expertise running them. Over the next decade or two mail will probably move to IPv6. How will running IPv6 DNSBLs differ from IPv4? There aren't any significant IPv6 DNSBLs yet since there isn't significant unwanted IPv6 mail traffic yet (or significant wanted traffic, for that matter), but we can make some extrapolations from the IPv4 experience. more