An Internet Security Operations Viewpoint of IGF

The Internet Governance Forum (IGF) is an annual UN conference on Internet governance which was held this year in Rio de Janeiro, Brazil. The topics discussed range from human rights online to providing Internet access in developing countries. A somewhat secondary topic of conversation is Internet security and cyber-crime mostly limited to policy and legislative efforts. Techies and Internet security industry don't have much to do there, but I have a few updates for us from the conference. more

Telecommunications Advocacy: Who’s Behind That Blog?

An assignment in a Media and Democracy course I teach at Penn State invites students to select a telecommunications advocacy web site for analysis. I want my students to decode the message and attempt to identify whether a bias exists and who financially supports the site. The exercise typically fails miserably... Most students cannot infer that a site that advertises books by Ann Coulter trends to the right and one that talks about social justice trends to the left. more

Spam Kings: Book Review (Part 2)

I'd like to continue on in my review of the book Spam Kings (read part 1) and make some more comments, particularly regarding the antispammers. One thing that I really liked about the book is learning the history of some of the spam tools. I was never a participant on NANAE (news.admin.net-abuse.email; a USENET newsgroup which discusses e-mail spamming), that was before my antispam time. But I was intrigued by its history. People would gather together and discuss spammers and tools for stopping them, and sometimes spammers would stop by and the flame wars would ensue. more

Best Approach for Appraising Domain Names

There are two types of domain name appraisers, designated here as type "1" and type "0," with the former being appraisers who rely on a scientific approach. A large number of domain owners use the services of type "0" -- the nonscientific -- or do the appraisal themselves. Approaches used by scientific appraisers include regression-type statistical modeling, discounted cash-flow analysis, and reliance on the Law of Large Numbers. This post looks at some of the typical erroneous arguments against taking a statistical approach and provides an example from law... more

Domain Management White Paper

Businesses may rely on domain names to conduct their day to day work, but that does not mean that they really understand what they are using or how important they are. Of course those of us in industry may feel tempted to either scoff at people's naivety or feel terribly frustrated with their ignorance, however neither action is particularly productive. Loic Damilaville, however, has tried to take a more practical and positive approach by publishing a white paper on domain name management. The document was published a few months ago in French and has since been made available in English. more

Three Years With ICANN

I joined the ICANN board during the December 2004 ICANN meeting in Cape Town. I served for a three year term and stepped down at this last meeting in Los Angeles and didn't run for another term... Before joining ICANN, I thought that ICANN was the only part of the Internet that wasn't really working. I knew that there must be a better way to do what ICANN does, but I couldn't be bothered to figure it out. I'd agree with people who said things like, "it should just be distributed" or "it should just be first come first serve" or "we should just get rid of it." People from ICANN would say, "it's more complicated than that" or "at this point that would be impossible." After being part of the process for three years, I find myself saying those same things... more

Whois: If You Want Privacy, Pay For It

Netchoice, a lobbying group for the e-commerce industry had a strange reaction on the failure of the GNSO working group on Whois to reach a consensus. After all, they say, "Privacy concerns with Whois that were identified years ago have already been addressed by in the marketplace"... more

Do Spammers Change Their Tactics Based on Recipient Verification? Yes, They Do

Or, to be more precise, it sure looks like they do. I wrote on another post on a publicly available spam tool, and I mentioned that I came across a page that allowed people to verify whether or not an email address is actually live. The question naturally arises: do spammers clean up their email contact lists based upon whether or not the address is legitimate? Spammers would have an incentive to do this... Do we actually observe spammers changing their sending patterns? I believe that we have evidence that they do. more

On the Hunt for “Critical Internet Resources”

I'm writing this column in November, and that means that it is time for the traveling circus known as the Internet Governance Forum (IGF) to come down to earth, unpack its tents and sell tickets for its annual song and dance routine. The script for this year's show has been changed, and after being excluded from the main arena last year at the Athens gig, the headline act of "Critical Internet Resources" is taking a starring role this year in Rio. Some folk are even saying that it is the single most contentious issue to be scheduled at this year's IGF show. So what are "Critical Internet Resources" anyway? If folks are going to spend all this time, energy and carbon emissions traveling to Rio to talk on this topic, then wouldn't it be helpful to understand what it means in the first place? There are probably a number of ways to answer this question, so in this heavily opinionated column I'd like to look at the range of possible answers to this question. more

Study Shows German Internet Users Prefer Memorable Domain Names for Cities and Regions

The majority of private Internet users in Germany favour the increased usage of local domain endings as in .city or .region in the future because the more memorable names will help them to better find the information that they are looking for. That is the core result of a representative survey that was commissioned by eco Verband der deutschen Internetwirtschaft and conducted by the market research company eResult at the beginning of October. eco is the registered association of German Internet enterprises... more

Phishers Now Targeting Domain Registrars

This is an issue of some concern and should be watched carefully: phishers are now trying to get passwords of domain registrants (domain owners). Currently, correspondents inform me that GoDaddy is the target, but there's no reason to think the phishers won't expand to other registrars. Normally, phishers go after bank accounts or other financial information, or sometimes the online accounts of users so that they may send spam. It's not known precisely why phishers are after domain registration information, but the possibilities are chilling... more

To Fight Domain Name Theft: Sex.com Gives Birth to a New Property Right

For those who are Star Wars fans, the following scene from the prequel, Attack of the Clones, will be easy to recall: a young and misinformed Jedi, known as Obi-waan Kenobi, opines about how an army of clones had been able to snatch a victory from imminent defeat. Yoda, a Jedi Master and virtual fountain of wisdom, immediately gushes forth an important correction: "Victory? Victory you say? Master Obi-waan, not victory." Yoda explains that winning a battle is not a victory, if the win merely signals that the war has just begun. Yoda's apparent perception seems particularly apt for the precedent setting federal court opinion involving the sex.com domain name. Notwithstanding that individual domain name registrants may seek comfort in the victory obtained from the Ninth Circuit's opinion in Kremen v. Cohen, that decision merely signals a beginning -- not an end -- to the controversy over the proper legal framework for resolving domain name theft.  more

iREIT Drops TM-Typo Domains?

As faithful CircleID readers will know, iREIT (Internet REIT, Inc.), a Texas domain name portfolio investment corporation, has been sued by Verizon and by Vulcan Golf for cybersquatting. It appears iREIT is taking steps to clean up its portfolio by deleting obvious typos of famous trademarks... more

ICANN: WHOIS Back to Rathole #0

ICANN's GNSO council had WHOIS on its agenda for today. The options on the table: (1) Accepting the outcome of years of policy development processes; (2) rejecting that outcome (again?), but calling for some kind of fact-gathering to feed into future policy work, in order to keep the space occupied; (3) acknowledging that there is broad dissent in the Internet community, and calling for a sunset on the WHOIS clauses in current agreements, as these clauses are not backed by community consensus any more. Not very surprisingly, motions (1) and (3) failed; (2) was accepted; all that after lengthy discussion, with lots of procedural bells and whistles. more

Gmail as an Email Honeypot

You all remember cybersquatting, a popular sport in the late 90s, right? McDonalds.com, JenniferLopez.com, Hertz.com and Avon.com thankfully all point to the right web sites today, but thaiairline.com, mcdonald.com, luftansa.com, gugle.com, barnesandnobles.com and other misspellings are fake web sites intended to trap the casual surfer with a hand that's a bit too much quicker than the eye... If you want to go to the McDonalds web site, you don't even spend the 10 seconds to look it up -- you will type McDonalds.com and expect to see the latest dollar meal menu. But the same is true for the other popular form of communication -- email... more