Protecting Intellectual Property is Good; Mandatory DNS Filtering is Bad

It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns. more

When Cyber Awareness Is Fundamentally Lacking

"Smartphones (and tablets, WdN) are invading the battlefield", reports the Economist on its website of 8 October 2011. On the same day the hacking of U.S. drones is reported on by several news sites. ("They appear friendly". Keyloggers???) Is this a coincidence? more

The Human Factor in DDoS Attacks

Ripped from the headlines: A recent DDoS attack lasted an entire 60 days. In other news, a single site was attacked 218 times in Q2 alone. To those of us in the business of protecting Web infrastructure, these stories are hardly surprising. What's notable, though, is where they were reported, in The Financial, whose focus is banking and financial services, not technology. The reporters used the term "DDoS" as if it were as common as "hedge fund," something everyday business people, not just techies, grasp. It's this human element that caught my interest and got me thinking a little. more

No Spectrum Shortage, Just an Allocation Problem

As a new study from Citi Investment Research & Analysis make clear, the US does not have a spectrum shortage. We've just allowed a relatively small number of carriers to control the spectrum. ... Perhaps if we had an effective "use it or lose it" policy in place, or a heavy tax on unused spectrum a more vibrant market for this spectrum would emerge. more

ICANN and Ethics

On September 2nd ICANN opened a one-month public comment period asking whether its Conflict of Interest Policy and related Bylaws should be altered. In light of recent heightened scrutiny of ICANN's policies regarding permissible employment options for departing Directors and key employees this announcement might have been welcome news. Instead, it's a narrow, cart-before-the-horse initiative that seems tone-deaf to predictable stakeholder, political and public relations fallout. more

Government and Botnets

The US government is looking at telling ISPs how to deal with compromised customers and botnets. They're a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. more

Governing the Internet: The Model is the Message

In 1964, Canadian scholar Marshall McLuhan famously wrote, "The medium is the message." This phrase popped into my head last week as I listened to the opening speakers at the Internet Governance Forum in Nairobi. McLuhan meant that the form in which a message is delivered - the medium - embeds itself in the meaning of the message. The medium influences how the message is perceived and understood and is therefore inseparable from the message itself. What does this have to do with the Internet? more

Limitations of Carrier Grade NAT, and Some Workarounds

Qtel, the largest carrier in Qatar (and nearly the only Internet provider) appears to connect all their users (~600K) to the Internet through just one or a very few public IPv4 addresses. 82.148.97.69 was their single public address in 2006-2007. How can network address translation (NAT) put all those users through just one IP address? more

Making Internet Faster: Google, OpenDNS and Others Announce Joint Effort

Google, OpenDNS, content delivery networks and other operators have announced a joint effort called "The Global Internet Speedup," to "make the Internet faster". According to the group, this collaboration will be executed via an open IETF proposed standard called "edns-client-subnet" in order to help better direct content to users thereby decreasing latency, decreasing congestion, increasing transfer speeds and helping the Internet to scale faster and further. more

Google Finds Nothing is Shovel Ready, Not Even for Free Fiber Build

Google is deploying fiber at its own expense in Kansas City, Kansas and Kansas City, Missouri to demonstrate the value of one gigabit (a gigabit is a billion bits -- a lot) per second residential Internet connections and perhaps to show at&t and Verizon and the cable companies how the search giant might fight back if its growth is restricted by their restrictions or limitations. ... Whoops. Google just learned the same lesson that President Obama learned in Stimulus 1 more

Multi-Stakeholder Debate at the IGF: Lessons from a Safari

Here at the IGF in Kenya, we're debating how governments, private sector, and civil society can improve the multi-stakeholder model that's helped the Internet become such a vital part of life around the world. Makes me think of another kind of multi-stakeholder model I saw last week on a photo safari in Kenya's Masai Mara National Reserve. more

Censorship, Email and Politics

Spamfiltering blocks email. This is something we all know and understand. For most people, that is everyone who doesn't manage an email server or work in the delivery field or create spamfilters, filtering is a totally unseen process. The only time the average person notices filters is when they break. The breakage could be blocking mail they shouldn't, or not blocking mail they should. more

Typosquatting Continues to Pose Dangers to Enterprises, Consumers

While typosquatting is not a new phenomenon, recent research highlights that it is being used to collect sensitive corporate information from employees and lure consumers to interact with dubious websites. ... Security consultancy Godai Group recently uncovered the use of a specific type of typosquat - a "doppelganger domain" - to collect sensitive enterprise information via email-based attacks. more

DKIM for Discussion Lists

There's a pernicious meme floating around that DomainKeys Identified Mail (DKIM) doesn't work with discussion lists, particularly those hosted on common open source software packages like MailMan. It's particularly odd to see this claim after I set it up successfully on a stock Debian server in less than half an hour, just a few weeks ago. Here's how it can, should, and does work. more

The Design of the Domain Name System, Part VIII - Names Outside the DNS

In previous installments we've been looking at aspects of the design of the DNS. In today's grand finale we look at the the subtle but very knotty issue of names inside and outside the DNS. In the early years of the DNS, domain names were typically resolved to A records which were used to identify a host running a service. With the notable exception of e-mail, once the host was identified, the name no longer mattered. more