More Top-Level Domain Wildcards

With all of the recent excitement about *.cm, the Cameroonian wildcard that someone is using to collect vast numbers of mistyped .com addresses, I wondered how many other wildcards there were at the DNS top level. There's a total of 13. Half of the wildcards are harmless. The *.museum wildcard leads to a registry page that helps guess what you might have been looking for. ...The .mp page also claims that .mp is for Mobile Phone rather than for the Marianas Islands, but they're hardly the only small poor island to try to cash in on their ccTLD, and they at least run it themselves. more

Lessons for the Internet Governance Forum from the IETF

As Antonios Broumas has correctly observed, the Internet Governance Forum (IGF) begins life in Athens next week without the means for its participants to agree upon any substantive documents such as resolutions or declarations. Indeed, according to Nitin Desai, the Chairman of its Advisory Group, it is impossible for the IGF to make any decisions, as it "is not a decision-making body. We have no members so we have no power to make decision."... more

Protection of Personal Names in Domain Names

David Pecker is the chairman of American Media, Inc., publisher of, among others, National Enquirer and Weekly World News. 'Mr. Ferris' registered the domain name DAVIDPECKER.COM, had a PPC company host it, where it was keyed to ads for porn, because, according to the registrant, the word PECKER was in the domain name. Mr. Pecker brought a UDRP. Although 'Mr. Ferris' (as he is identified in the decision) did not seem (to me) that he could establish a bona fide intent to use the name in conenction with an offering of goods or services, and altohugh there seemed to be plausible evidence of bad faith, the UDRP was denied... more

What’s in a Name?

Internet domain names are truly bizarre. There is nothing especially remarkable about them from a technical perspective, but from a social and political perspective they are all sorts of fun. We can have arguments over control of the DNS root, arguments over whether names are property, arguments over innate rights to specific names, arguments over a registrar's right (or lack thereof) to exploit unregistered names for private gain, and many more arguments besides. In this article, I'd like to explore the argument-space rather than defend any particular position in it. In so doing, I hope to illuminate some novel (or under-emphasised) perspectives on the matter. more

Nation of Cameroon Typo-Squats the Entire .com Space

The .cm (Cameroon) ccTLD operators have discovered that since their TLD is simply one omitted letter away from .com, that there is a gold mine in the typo traffic that comes their way. Accordingly, Cameroon has now wild-carded its ccTLD and is monetizing the traffic. The upshot is that, if the Neiman Marcus / Dotster lawsuit over 27 domain names was properly characterized as "massive", then the Cameroonians are now going well beyond massive... more

Web Server Botnets and Server Farms as Attack Platforms

Are file inclusion vulnerabilitiess equivalent to remote code execution? Are servers (both Linux and Windows) now the lower hanging fruit rather than desktop systems? In the February edition of the Virus Bulletin magazine, we (Kfir Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security) wrote an article on cross platform web server malware and their massive use as botnets, spam bots and generally as attack platforms. Web security papers deal mostly with secure coding and application security. In this paper we describe how these are taken to the next level with live attacks and operational problems service providers deal with daily. more

Addressing the Future Internet

What economic and social factors are shaping our future needs and expectations for communications systems? This question was the theme of a joint National Science Foundation (NSF) and Organisation for Economic Co Operation and Development (OECD) workshop, held on the 31st January of this year. The approach taken for this workshop was to assemble a group of technologists, economists, industry, regulatory and political actors and ask each of them to consider a small set of specific questions related to a future Internet. Thankfully, this exercise was not just another search for the next "Killer App", nor a design exercise for IP version 7. It was a valuable opportunity to pause and reflect on some of the sins of omission in today's Internet and ask why, and reflect on some of the unintended consequences of the Internet and ask if they were truly unavoidable consequences... more

The Fragile Network

One of the more persistent founding myths around the internet is that it was designed to be able to withstand a nuclear war, built by the US military to ensure that even after the bombs had fallen there would still be communications between surviving military bases. It isn't true, of course. The early days of the ARPANET, the research network that predated today's internet, were dominated by the desire of computer scientists to find ways to share time on expensive mainframe computers rather than visions of Armageddon. Yet the story survives... more

Google, Service Providers and the Future of P2P

In a non-operational NANOG discussion about Google bandwidth uses, several statements were made. It all started from the following post by Mark Boolootian: "Cringley has a theory and it involves Google, video, and oversubscribed backbones..." The following comment has to be one of the most important comments in the entire article and its a bit disturbing... more

AFNIC and DNS Server Redelegation

As an American, I could go for the ignorant stereotyping of the French. But being the good global citizen I try to be, I'll just see if someone can tell me if I'm missing something here, or if indeed AFNIC has lost its mind. I recently requested for one of my .FR domains to be delegated to new DNS servers. I got everything set up at my new DNS provider. But, AFNIC won't perform the transfer because of the following "fatal" reason... more

IP Address Intelligence Burdening Content Providers with Regional Laws?

I've been looking into IP address filtering by content providers. I understand that IP addresses can be attached with confidence to geographical locations (at the country level, at least) about 80% of the time. You have to make up the rest with heuristics. So there are companies that are in the business of packaging those geolocation heuristics for sites. ...How widely are these services used? ...does it now make sense to put content sites to the burden of complying with the laws applicable to the people/machines they know are visiting them? more

Trench Warfare in the Age of The Laser-Guided Missile

The historical development of spam fighting is allowing computer-aware criminals to take the upper hand in the fight against what has now evolved into a completely technologically and organizationally merged threat to public safety. If we do not change our strategic approach immediately, the battle, indeed even the war may be all but lost... Of late, much has been said in the popular and computer press about a vector that is annoying, but hardly critical in nature: 'Image spam'. Spammers have jumped on the new technology of 'image-only' payloads, which morph one pixel per message, rendering them unique, and traditional check-sum blocking strategies ineffective... Fortunately this fraudulent stock-touting scheme leaves a paper trail that has allowed for some successful prosecutions in the latter half of the year. Stock spamming, while popular at present time is likely to decline as legal actions increase... more

IE Namespace: We Need Personal Domains!

In my day job I run one of the largest registrars / resellers of IE domains (the IE ccTLD is the domain name for Ireland). In the course of doing that I have spent quite a lot of time becoming accustomed to the rules and regulations that govern both the naming and general registration criteria of IE domains. In some cases I can understand why rules are the way they are, whereas in others I am completely baffled... more

Google’s Top-10 Search Terms Dominated By Trademarks

According to Google's 2006 Year-End Review, dubbed Zeitgeist, or the cultural climate of an era, a majority of the top-ten search terms for 2006 were trademarks. Topping the list is the registered BEBO mark which is held by Bebo.com LLC, a California company that runs a social networking website. Second on the list was MYSPACE, the registered mark associated with Newscorp's $580 million social-networking giant. Next, as a result of a majority of the world catching soccer fever over the summer, "world cup" ranked as the third most searched term... more

Microsoft Choking Domain Parking Business Practices?

In a follow up to Microsoft's Strider URL Tracer tool released a few months ago, SecurityFocus is running an article which takes a closer look at how Microsoft's free Strider URL Tracer with Typo-Patrol is aimed at fighting typo-squatters and domain parking abuse. From the article: "In most cases, the typo domain is not even selling a product or service itself. The typo domain makes its money from syndicated advertising such as Google's AdSense program. The typo-squatter simply parks the domain and the only content on the site ends up being the ads served from a syndicated advertising program..." more