The Importance of Understanding Attacker Target Selection

There's a bit of a debate going on about whether the Kaseya attack exploited a 0-day vulnerability. While that's an interesting question when discussing, say, patch management strategies, I think it's less important to understand attackers' thinking than understand their target selection. In a nutshell, the attackers have outmaneuvered defenders for almost 30 years when it comes to target selection. more

Communities of Things

When I want to go to a website, I just type in the URL, and I'm there. Sure, we had to get a subscription from a service provider and set up our devices, but that was a one-time thing. As we move into a world of many connected devices, it's no longer a one-time thing. Today, creating connected devices and services requires thinking about all the mechanics and networking and onboarding and providers. more

New Innovations in Free Space Optics

I read an article on the Finley Engineering blog that talks about new research with free-space optics. For those not familiar with the term, this means communication gear that communicates directly using light without any wires. The article talks about a Chinese team of scientists who have used light to transmit ultrahigh-definition video signals between high-rise buildings. more

NTIA’s New Broadband Map

The National Telecommunications and Information Administration surprised the broadband industry by issuing a new broadband map for the whole U.S. The map differs in dramatic ways from the FCC's broadband map, which is derived from broadband speeds that are reported by the ISPs in the country. It's commonly understood that the FCC broadband map overstates broadband coverage significantly. The NTIA map draws upon varied sources in an attempt to create a more accurate picture of the availability of broadband. more

3 Strategies for Keeping ICANN and IANA On-Mission and Out of Politics

Over the last year, the ICANN community has been raging on about two issues: the looming IANA transition away from the US government, and how to ensure the organization is accountable to all the Internet's stakeholders. While the issues have run on separate tracks, they both boil down to one question: can ICANN be trusted to be a good steward of the Internet's future? The answer to this question will go a long way in deciding ICANN's future. more

Multistakeholderism Is Working: Even in Exile

I'm happy to report (mostly) positive feedback on my last article that examined how the multistakeholder model tackled, and tackled well, Phase 1 of the review of all Rights Protection Mechanisms. While bad news may sell more clicks, a little good news from time to time also appears to be welcome. Good news also reminds us of how fortunate we are to have a private sector ICANN with a multistakeholder model of policy development... more

Phishing Scams: How to Spot Them and Stop Them

Phishing scams are nothing new in the online security world and show no signs of subsiding. The scam starts when a fraudster sends a communication purporting to originate from a trusted provider and encourages the recipient, often with a conveyed sense of urgency, to click a link. That link leads to a fake site, usually intended to collect confidential login credentials or other personal information. In similar scams, the mail may encourage the recipient to open an attachment loaded with malicious content. more

ICANN, or ICAN’T or IWON’T?

We're halfway into ICANN71, and early interactions are posing questions about ICANN Org's capability to carry out its mission to maintain an orderly domain name system (DNS). Or, if that's not the case, ICANN leadership seems bent on a hands-off approach to its oversight responsibilities to the DNS. For years now - years - the ICANN community has raised the volume level about acute issues -- a workable Whois management and access system (including clearly delineated controllership)... more

As DENIC’s CEO Jörg Schweiger Prepares to Step Down, He Speaks About His Time at DENIC

In January Jörg Schweiger, DENIC's CTO from 2007 to 2014 and CEO since 2014, announced he was stepping down from his position in December. It's been quite a ride, and the domain name industry has evolved quite a lot. So we asked Jörg a few questions about his time with DENIC and the changes he's seen... he came up with some insightful views on why he thought new TLDs missed a great opportunity to do something with "innovative new business models," the importance of security to DENIC... more

IRP Panel Dismisses Afilias’ Claims to Reverse .WEB Auction and Award .WEB to Afilias

On Thursday, May 20, a final decision was issued in the Independent Review Process (IRP) brought by Afilias against the Internet Corporation for Assigned Names and Numbers (ICANN), rejecting Afilias' petition to nullify the results of the July 27, 2016 public auction for the .WEB new generic top level domain (gTLD) and to award .WEB to Afilias at a substantially lower, non-competitive price. Nu Dotco, LLC (NDC) submitted the highest bid at the auction and was declared the winner, over Afilias' lower, losing bid. more

The Risk of Descriptive Subdomains: Are We Revealing Too Much?

Subdomains help organizations sort different sections of their websites neatly. Looking at the subdomains of some websites, for example, we usually see subdomains like shop[.]domain[.]com and blog[.]domain[.]com, which help users navigate the sites efficiently. But we couldn't help but notice subdomains that might be revealing a lot about a company's Internet infrastructure and resources. more

The IETF Evolution

The Internet Engineering Task Force (IETF) is a collaborative body that has developed internetworking specifications for more than five decades, successfully shaping the global marketplace of digital network equipment and services. Beginning as a kind of distributed think tank among network researchers in 1969, it evolved to become one of the world's most influential standards bodies. more

“It’s Always DNS!” Why DNS Is the Biggest Single Point of Failure in the New Norm

Many in the network security field may be familiar with the phrase: "It's always DNS."  This is a popular meme within the industry, often making reference to the internal domain name system (DNS), the dynamic host configuration protocol (DHCP) part of a company's online network, that whenever there is a network issue, it's always an issue with DNS. more

Transport vs. Network

One of the basic tools in network design is the so-called "stacked" protocol model. This model was developed in the late 1970s as part of a broader effort to develop general standards and methods of networking. In 1983, the efforts of the CCITT and ISO were merged to form The Basic Reference Model for Open Systems Interconnection, usually referred to as the Open Systems Interconnection Reference Model or the "OSI model." more

Mistrust of ICANN Is Fully Vindicated

Recently, I have been reporting on a highly questionable auction scheme for a single domain name, o.com, which is currently being improperly warehoused by ICANN along with a number of other .com and .net domain names. This violates ICANN's Bylaws -- but, so what? more