Today the FCC is condemning Comcast's practices with respect to P2P transmissions.I'm happy for FreePress and Public Knowledge today, and I know they have achieved a substantial change in the wind. The basic idea that it's not okay for network access providers to discriminate unreasonably against particular applications is now part of the mainstream communications discourse. That has to be good news. I'm concerned on a couple of fronts. The FCC has taken the view that it can adjudicate, on a case-by-case basis, issues that have to do with "Federal Internet Policy." They used that phrase several times... more
Arstechnica had a nice article yesterday by Timothy Lee entitled 'The really long tail' following up on Derek Slater's article last week on the Google Public Policy Blog entitled 'What if you could own your Internet connection?' Both articles are about a pilot project in Ottawa.The "tail" in Timothy's article is the "last mile" (or as I prefer, "first mile") fiber connection from individual homes to a network peering point or other aggregation point where individuals can then choose from among multiple competing ISPs. The importance is, as Timothy Lee puts it... more
In a June court ruling, domainer Navigation Catalyst and registrar Basic Fusion lost a cybersquatting lawsuit to Verizon... This is an extremely interesting and potentially precedent-setting case regarding domaining and domain name tasting. The court condemns both practices, leading to a preliminary injunction against the domainer and its registrar based on the Anti-Cybersquatting Consumer Protection Act (ACPA). As far as I can recall, this is the first time that a domainer has lost an ACPA lawsuit in court, and it provides an important data point confirming that domaining can be cybersquatting (a previously unresolved issue)... more
Those wacky editorial writers at the Wall Street Journal just cannot seem to get the facts straight about network neutrality and what the FCC has done or can do on this matter. In the July 30, 2008 edition (Review and Outlook A14), the Journal vilifies FCC Chairman Kevin Martin for starting along the slippery slope of regulating Internet content. The Journal writers just seem to love hyperbole, and are not beyond ignoring the facts when they do not support a party line. Here are a few examples from the editorial... more
Each SANSFIRE, the Handlers who can make it to DC get together for a panel discussion on the state of information security. Besides discussion of the hot DNS issue, between most of us there is a large consensus into some of the biggest problems that we face. Two come to mind, the fact that "users will click anything" and that "anti-virus is no longer sufficient". These are actually both related in my mind... more
This morning's mail brought news of a 3 minute 45 second video clip of very candid and very outstanding remarks from Vint Cerf. Vint says very clearly what needs to be said and what needs to be grasped and acted on by the new president and congress next year... My observation is that in my opinion it is not the lighting that is unusual but rather the camera angle. It looks like interviewer is seated with his camera pointed up. The camera is looking at Vint's chin. Consequently I sent Vint an email: "you knew you were being recorded - surely? I hope: in any case the good deed is done... thank you sir." Vint replied with permission to quote... more
New report released today finds 75 percent of malicious websites are from legitimate, trusted sources with "Good" reputation scores. According to the report, 60 percent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. more
Note: this is an update on my earlier story, which incorrectly said that the AP reported that Chairman Martin was seeking to impose "fines" on Comcast. In fact, the story used the word "punish" rather than "fine," and a headline writer at the New York Times added "penalty" to it "F.C.C. Chairman Favors Penalty on Comcast" (I won't quote the story because I'm a blogger and the AP is the AP, so click through.) Much of the initial reaction to the story was obviously colored by the headline. more
On Tuesday July 8, CERT/CC published advisory #800113 referring to a DNS cache poisoning vulnerability discovered by Dan Kaminsky that will be fully disclosed on August 7 at the Black Hat conference. While the long term fix for this attack and all attacks like it is Secure DNS, we know we can't get the root zone signed, or the .COM zone signed, or the registrar / registry system to carry zone keys, soon enough. So, as a temporary workaround, the affected vendors are recommending that Dan Bernstein's UDP port randomization technique be universally deployed. Reactions have been mixed, but overall, negative. As the coordinator of the combined vendor response, I've heard plenty of complaints, and I've watched as Dan Kaminsky has been called an idiot for how he managed the disclosure. Let me try to respond a little here, without verging into taking any of this personally... more
In the last few weeks we've seen two very different approaches to the full disclosure of security flaws in large-scale computer systems. Problems in the domain name system have been kept quiet long enough for vendors to find and fix their software, while details of how to hack Transport for London's Oyster card will soon be available to anyone with a laptop computer and a desire to break the law. These two cases highlight a major problem facing the computing industry, one that goes back many years and is still far from being unresolved. Given that there are inevitably bugs, flaws and unexpected interactions in complex systems, how much information about them should be made public by researchers when the details could be helpful to criminals or malicious hackers? more
n 2004 Jaynes became the country's first convicted spam felon under the Virginia anti-spam law. He's been appealing his conviction ever since, most recently losing an appeal to the Virginia Supreme Court by a 4-3 decision in February. As I discussed in more detail at the time the key questions were a) whether the Virginia law had First Amendment problems and b) whether Jaynes had standing to challenge it. The court answered No to b), thereby avoiding the need to answer a), the dissent answered Yes to both. more
I've watched coverage of Microsoft's bid for Yahoo! and the related maneuvering between Google and Yahoo!. The explanations are not very convincing. Microsoft doesn't need Yahoo's search technology or their morale-impacted work force. Yahoo's search market share continues to decline and there's little of strategic relevance in the rest of their business. What's the attraction? more
One would think that, in 2008, the significance of the Internet and information technology would be universally acknowledged. That makes the recent news from the Presidential campaign a bit shocking. After ignoring technology issues for the past year, John McCain is poised to announce his great insight: tech policy isn't worthy of attention from the President of the United States. This is what I draw from the announcement that former FCC Chairman Michael Powell is drafting a technology plan for McCain, to be released shortly... What concerns me most is what the McCain plan apparently leaves out... more
It's fascinating to watch the Internet technical community grapple with policy economics as they face the problems creating by the growing scarcity of IPv4 addresses. The Internet Governance Project (IGP) is analyzing the innovative policies that ARIN, RIPE and APNIC are considering as a response to the depletion of IPv4 addresses. more
Planning for a short trip to Hong Kong tomorrow reminded me of Jonathan Shea, something I wanted to blog about but was waiting for the hype around the new generic Top-Level Domains (TLDs) to cool down. Jonathan Shea is an old friend who is in-charge of ".hk". I had the pleasure to catch up with him in Paris ICANN meeting. Before Jonathan, let me talk about something related that happened in Paris. At the Cross Constituency Meeting, there was a presentation by the Anti-Phishing Working Group (APWG). In summary, they were proposing working with registries to take down domain names that are suspected to be involved in phishing. more