Cyber Security and the White House, Part 2 - Cyberwarfare

This is a follow-up to my previous post on Cybersecurity and the White House. It illustrates an actual cyberwarfare attack against Estonia in 2007 and how it can be a legitimate national security issue. Estonia is one of the most wired countries in eastern Europe. In spite of its status of being a former Soviet republic, it relies on the internet for a substantial portion of everyday life -- communications, financial transactions, news, shopping and restaurant reservations all use the Internet. Indeed, in 2000, the Estonian government declared Internet access a basic human right... more

Appeals Court Revives the CFIT Anti-Trust Suit Against VeriSign

Back in 2005 an organization called the Coalition for Internet Transparency (CFIT) burst upon the scene at the Vancouver ICANN meeting, and filed an anti-trust suit against VeriSign for their monopoly control of the .COM registry and of the market in expiring .COM domains. They didn't do very well in the trial court, which granted Verisign's motion to dismiss the case. But yesterday the Ninth Circuit reversed the trial court and put the suit back on track. more

A Clear Case for ISP Regulation: IP Address Logging

Over on the Network Neutrality Squad yesterday, I noted, without comment, the following quote from the new Time Warner Cable privacy policy bill insert: "Operator's system, in delivering and routing the ISP Services, and the systems of Operator's Affiliated ISPs, may automatically log information concerning Internet addresses you contact, and the duration of your visits to such addresses." Today I will comment, and explain why such logging by ISPs creates a clear case for regulatory intervention, on both privacy and competition grounds. more

New Top-Level Domains Emerging

With all the buzz surrounding new Top-Level Domain (nTLDs) at the last ICANN meeting in Mexico, I am sure many of you have already encountered or read information regarding the latest applications. For those who haven't been staying abreast of the latest, here is a quick review... There are two different general types of TLDs -- gTLDs and ccTLDs. ICANN is now opening the possibility of adding further TLD extensions, which can virtually be anything... more

FUD for Thought: ARIN Releases Comic Books

The American Registry for Internet Numbers (ARIN) has launched a comic book series to further help raise awareness for the adoption of IPv6 and other matters dealt by the organization. The comic books, called "Team ARIN", are fictionalized views of the organization, its processes, and the whole concept of Internet governance. "Though our heroes are fictional, the issues they face are very real," says ARIN. more

Bandwidth Buyers Face Significant Price Differences in the Global Market

According to Data from TeleGeography's Wholesale Bandwidth Pricing Database, there are stark price differences around the globe for companies with large international bandwidth requirements. "For example, the median price of a 2 Mbps E-1 circuit between London and Johannesburg in Q4 2008 was nearly $15,000. For the same price, a bandwidth buyer could lease a 10 Gbps wavelength -- 500 times the capacity of an E-1 -- between London and New York." more

Crawford Likes Aussie Utility Network

Susan Crawford, special assistant to the president for science, technology and innovation policy and a member of the National Economic Council, is reported to be favorably inclined towards a U.S. network much like Australia's recently announced $33B broadband plan. Of course, the U.S. is some 15 times bigger than Australia, and that'd make the price tag closer to $500B by straight multiplication. But the U.S. would get a fiber network done right... more

New Research Finds Over 80% of Domain Names Used by Phishers Are Legitimate Domains

New research from the Anti-Phishing Working Group (APWG) has found that up to 81% of domain names used for phishing are legitimate domains that have been hacked. More specifically, out of the 30,454 phishing domains under observation, only 5,591 domain names (18.5%) were registered by phishers according to APWG. The remaining small percentage of the domains used in phishing belonged to subdomain resellers such as ISPs and other web-based services. more

10,000 Domain Names Pre-Ordered Daily for Likely New Top-Level Domains

Last month Pool.com and Quintaris started a joint project to let consumers pre-order – without cost – domain names in new generic Top-Level Domains (gTLDs) for which ICANN will likely get an application. Latest stats released from the group is showing strong demand -- about 10,000 per day in the first month of the program... more

Satellite Broadband, Stimulus Funds and Network Neutrality

At the IP Satellite Summit in Washington this week, a panel composed of satellite service providers and product vendors discussed whether or not they would pursue the economic stimulus funds set aside for broadband development. While the service providers agreed that there are viable business models for satellite broadband service without the stimulus money – of course, they were delivering service before the current economic collapse and talk of the stimulus money – the consensus seemed to be that they would apply for the grants to further develop, deploy and perhaps even subsidize their service offerings... more

Blame Yourself, Not ICANN

Domain name owners have traditionally complained that ICANN does not listen to us, and there is indeed plenty of evidence demonstrating the group’s obliviousness to community input. Nevertheless, as domain owners, we need to begin giving ourselves a share of blame too. It’s time to reflect on our failures so we can come up with an actionable solution... more

Why DNS Is Broken, Part 2: DoS Target

Before we get into what DNSSEC is and the benefits of it, let's talk about some of the other potential pitfalls of DNS. One of the most significant issues we have to deal with are denial-of-service (DoS) attacks. While DoS attacks are not specific to DNS we have seen DNS be a frequent target of these attacks. more

Thoughts on IPv6 Security, Take Two

A few months ago, I made a post about IPv6 security. I've caught some flak for saying that IPv6 isn't a security issue. I still stand by this position. This is not to say that you should ignore security considerations when deploying IPv6. All I claim is that deploying IPv6 in and of itself does not make an organization any more or less secure. This point was made by Dr. Joe St. Sauver, of the University of Oregon... more

DNS Attack Takes Down Internet in Five Northern and Coastal Provinces of China

According to Shanghai Daily, there has been an "organized Internet attack on Tuesday night which caused serious congestion in several provinces [in China] and left millions of users unable to gain access to the Internet." This is the first time the regulator has published news about an investigation into an online attack in China within 24 hours, says Shanghai Daily. ..."It was an attack on DNS (Domain Name System) and the carriers and related firms should do more back-up to avoid similar incidents," the ministry said in a statement. more

EU Calls For Full Privatization of ICANN, Commissioner Calls Sept 30 Moment of Truth

In a video posted on her website this morning, Viviane Reding, EU Commissioner for Information Society and Media, has called for greater transparency and accountability in Internet Governance. She outlines a new Internet Governance model which includes a fully private and accountable ICANN, accompanied by an independent judicial body, as well as a "G12 for Internet Governance" -- a multilateral forum for governments to discuss general internet governance policy and security issues... more