In our last instalments we discussed the various ways to encode non-ASCII character sets, of which UTF-8 is the winner, and some complex approaches that tried to make UTF-8 mail backward compatible with ASCII mail. After years of experiments, the perhaps surprising consensus is that if you're going to do international mail, you just do it. more
An event titled, The Future of the Internet Ecosystem in a Post-Open Internet Order World, took place Last week organized by the Technology Policy Institute and the University of Pennsylvania Law School's Center for Technology, Innovation and Competition. more
Offensive domain-name registrations require strategic corporate decisions. Second, they require different strategic and tactical remedies when third parties register desired names. Thus, different organizational approaches are necessary to manage domain name risks and rewards. The essay identifies the strategic differences and remedies for the two types of domain names, and outlines the implications for internal work-flow organizational structures. more
Legal trademark issues related to domain names will take a long time to resolve. Meanwhile, using a statistical model to determine infringement benefits all parties. The legal system has not yet established comprehensive and easy to understand rules under which a domain name is considered to infringe on a third party's trademark. The vacuum allows trademark owners and their agents, such as the Coalition Against Domain Name Abuse (CADNA), to sue domain name owners pretty much at will, but doing so is not always in the best interest of trademark holders. more
To date, most of the discussion on net neutrality has dealt with the behaviour of conventional wireline ISPs. RCR Wireless News is carrying an opinion piece called "Paying for the bandwidth we consume" by Mark Desautels, VP -- Wireless Internet Development for CTIA -- the trade association for the US wireless industry. His article follows up on reports of Comcast cable moving to discontinue internet access service to so-called "bandwidth hogs"... more
This year could be the fifth year in a row where the goat isn't burned down. But early in the morning of Dec 17th, it was on fire by an arsonist who got caught a few minutes later. So Stephan Lagerholm, who had visited me earlier for some IPv6 site seeing in Gävle and I were lucky to get this photo. The traffic went down by 5% from last year, and I don't have any good explanation for that. The visitors with many hits in the logs are always from the same countries where North America and Europe are dominating. more
The UK government launched its 2022 Cyber Security Strategy on 15 December 2021, outlining its ambitious plans to improve the resilience of UK institutions and businesses while protecting the country's interests in cyberspace. The strategy signals a more involved approach by the government, which previously relied heavily on the private sector for leadership. The government's stated commitment to a 'whole of society' approach sounds really good on paper, but what exactly does it really mean? more
After attending the afternoon ICANN Security & Stability Committee meeting, I realized that the issues involved fall into several related but independent dimensions. Shy person that I am *Cough*, I have opinions in all, but I think it's worthwhile simply to be able to explain the Big Picture to media and other folks that aren't immersed in our field. In these notes, I'm trying to maintain neutrality about the issues. I do have strong opinions about most, but I'll post those separately, often dealing with one issue at a time. more
The Uptime Institute (UI) is an IT industry research firm best known for certifying that data centers meet industry standards. UI issues an annual report that analyzes the cause of data center outages. The causes for data center outages are relevant to the broadband industry because the same kinds of issues shut down switching hubs and Network Operations Centers. more
I'm often baffled by lawsuits over domain names and keywords because they just don't seem to make any economic sense. This lawsuit is especially perplexing given the plaintiff's delays and the seeming impossibility of the plaintiff reaching a profitable outcome, even if it won in court. What was the plaintiff thinking? more
Are file inclusion vulnerabilitiess equivalent to remote code execution? Are servers (both Linux and Windows) now the lower hanging fruit rather than desktop systems? In the February edition of the Virus Bulletin magazine, we (Kfir Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security) wrote an article on cross platform web server malware and their massive use as botnets, spam bots and generally as attack platforms. Web security papers deal mostly with secure coding and application security. In this paper we describe how these are taken to the next level with live attacks and operational problems service providers deal with daily. more
NANOG 69 was held in Washington DC in early February. Here are my notes from the meeting. It would not be Washington without a keynote opening talk about the broader political landscape, and NANOG certainly ticked this box with a talk on international politics and cyberspace. I did learn a new term, "kinetic warfare," though I'm not sure if I will ever have an opportunity to use it again! more
Following our previous article on the Euro 2020 football tournament that looked retrospectively at domain name registrations relating to the competition, this article considers activity on eCommerce marketplaces. For this study, our Discovery Engine technology was used to conduct a regular series of scans across key international online marketplaces. We monitored for listings (offers of sale) relating to Euro 2020 clothing and merchandise. more
Millions of email warnings were sent out by Marriot on Friday to warn customers about the massive data breach which has affected close to half a billion guest data. more
The broadband sector, like the wireless sector, is one of the strongest growth areas of telecommunications. Unlike most OECD countries, where DSL tends to dominate, the majority of subscribers in the US fixed broadband market are cable subscribers. During 2010 the gap continued to widen as the cable companies accounted for 70% of new broadband subscribers compared to the telcos' 30%. Although new broadband networks such as FttH and WiMAX are being widely deployed, broadband competition in each region is still generally limited to one DSL and one cable operator. more