Culminating a year-long policy development process, ICANN today launched its new Blocking Usage Review Panel (BURP). The BURP provides long-needed oversight over services that block Internet traffic. "While everyone understands that national laws such as the U.S. CAN SPAM define what traffic is or is not elegible to block, legal processes can be slow and cumbersome," said a spokeswoman. "Since the Internet is global and traffic often traverses multiple countries, the array of different laws cause uncertainty." more
Yesterday Verisign sent ICANN a most interesting white paper called New gTLD Security and Stability Considerations. They also filed a copy with the SEC as an 8-K, a document that their stockholders should know about, It's worth reading the whole thing, but in short, their well-supported opinion is that the net isn't ready for all the new TLDs, and even if they were, ICANN's processes or lack thereof will cause other huge problems. more
If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more
Well... Maybe not the world, but the Internet it seems. According to a Pastebin letter, Anonymous announced they will black-out Internet on 31st of March. They even explained how to do it by attacking the DNS Root Servers on Internet using a reflected amplification attack. If this is successful, the root DNS servers will become unresponsive and cannot handle any other requests... more
The results of an excellent study made, for reasons that will become clear, by an anonymous author reaches this conclusion... The problem is, to make the study, the author created a botnet - that is he wrote a small program that took advantage of insecure devices to enlist additional machines to help in the study. more
As attack vectors go, very few are as significant as obtaining the ability to insert bespoke code in to an application and have it automatically execute upon "inaccessible" backend systems. In the Web application arena, SQL Injection vulnerabilities are often the scariest threat that developers and system administrators come face to face with (albeit way too regularly). more
Well it is not new that the US has always maintained that the Internet should be a tax free zone as per the US Congress's Tax Freedom Act 1998 which following expiry continued to be reauthorized and its most recent re-authorization (legal speak for extension) was in October 2007 where this has been extended till 2014. It is unclear whether there will be another extension post 2014. There is a moratorium on new taxes on e-commerce, and the taxing of internet access via the Tax Freedom Act. more
Sender Address Validation and Authentication (SAVA) is the silver bullet. It will send to Cyberia all dark forces that make us shiver when we make a purchase on the internet, pose a threat to our very identities and have made DDoS a feared acronym. Some of you will remember the heated debates when Calling Line Identification (CLID) was first introduced in telephony. Libertarians of all stripes called passionately to ban such an evil tool... more
A very rare thing happened in the GNSO Council meeting this week - the ICANN community spoke with one voice. Registries, registrars, non-commercial interests, new TLD applicants, IP owners and businesses unanimously and unambiguously agreed that giving ICANN a "unilateral right to amend" the registry and registrar agreements is not compatible with ICANN's bottom-up processes and poses a fundamental threat to the multi-stakeholder model. There is true consensus that this change should be rejected. more
By publishing a draft Registrar Accreditation Agreement (RAA) for public comment before it has been agreed on by both parties, has ICANN dealt the bottom-up multi-stakeholder model a blow? ICANN Staff and the registrars have been negotiating a new version of the RAA for the past 18 months following requests by Law Enforcement Agencies (LEA) such as Interpol for greater consumer protection. With both ICANN and registrars working hard, by early this year agreement had been reached on 11.5 of the 12 LEA "asks". A deal looked close. more
(The following is an edited version of comments I submitted to ICANN regarding "closed" generic TLDs.) On February 5th, ICANN solicited comments on whether ICANN should determine the circumstances under which a generic TLD operator is permitted to adopt "open" or "closed" registration policies. Allowing gTLD operators to make these determinations, as opposed to ICANN, will promote innovation on the Internet to the benefit of consumers. more
ICANN has released a "living" graphic aimed to provide a high-level view of how the internet is run attuned for those less familiar with the inner workings of the internet infrastructure ecosystem. more
There is a very interesting video posted on YouTube.com from Matt Cutts of Google who answered the question about how ccTLD's are viewed by Google especially when they are being used as domain hacks. Here is the question: "We have a vanity domain (http://ran.ge) that unfortunately isn't one of the generic TLDs, which means we can't set our geographic target in Webmaster Tools. Is there any way to still target our proper location?" more
ICANN is currently seeking public comment on the subject of "closed generic" Top Level Domain (TLD) applications. A "Closed Generic" is a TLD that is a generic term, but domains within that TLD will not be sold to the public. There are those who object to generic terms such as .book being operated as closed registries, which means that domain names within the .book Top Level Domain as proposed by Amazon would not be sold to the public, but instead, Amazon.com would own and operate all domain names within the .Book Top Level Domain. more
Some pretty big companies are beginning to show an active interest in ICANN's new TLD project. The most recent of them is bookseller Barnes & Noble. The letter, which is available both on the ICANN website, is quite narrow and pointed in its scope and focusses on the perceived competition issues with Amazon's bids for several "closed generics". more