/ Recently Commented
Canada Finishes its Spam Task Force, Result is Pretty Good
Industry Canada, the part of the Canadian government roughly equivalent to the U.S. Commerce Department, has had a task force on spam working for the past year or so. I was invited to participate as an unofficial member, since I'm not a Canadian. Yesterday, it wrapped up its work and published its report (aussi disponsible en francais) to the government. It's quite good, and has a set of 22 recommendations. more
- John Levine
- Comments: 2
- Views: 20,690
New Study Revealing Behind the Scenes of Phishing Attacks
The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..." more
- David Watson
- Comments: 0
- Views: 17,593
Port 25 Blocking, or Fix SMTP and Leave Port 25 Alone for the Sake of Spam?
Larry Seltzer wrote an interesting article for eWeek, on port 25 blocking, the reasons why it was being advocated, and how it would stop spam. This quoted an excellent paper by Joe St.Sauver, that raised several technically valid and true corollaries that have to be kept in mind when blocking port 25 -- "cough syrup for lung cancer" would be a key phrase... Now, George Ou has just posted an article on ZDNET that disagrees with Larry's article, makes several points that are commonly cited when criticizing port 25 blocking, but then puts forward the astonishing, and completely wrong, suggestion, that worldwide SPF records are going to be a cure all for this problem. Here is my reply to him... more
- Suresh Ramasubramanian
- Comments: 31
- Views: 177,071
Morgan Freeman Wins Transfer of morganfreeman.com from Cybersquatter
Perhaps Morgan Freeman never learned about the high profile domain name disputes involving celebrity names (e.g., Madonna, Bruce Springsteen and Julia Roberts), because he didn't register morganfreeman.com before it was snatched up by Mighty LLC in April 2003. After learning about Mighty LLC's (no stranger to domain name disputes) cybersquatting, Freeman filed a complaint before a WIPO arbitration panel under the Uniform Domain Name Dispute Resolution Policy... more
- Evan D. Brown
- Comments: 1
- Views: 20,326
Do We Really Need IDN?
James Seng has quoted that Korea, China and Japan must have IDN (Internationalized Domain Name) service. His statement may appear as above mentioned countries desperately need for IDN services because there are no alternative. However, there have already been well established local Internet address providers since quite some time. more
- Jason S
- Comments: 12
- Views: 25,355
So, Who Really Did Invent the Internet?
The beginnings of the Internet are shrouded in myth and misunderstandings that have led to some claims of proprietary ownership of the Internet. Where and when did the Internet begin? The only thing Internet historians seem to agree on is that it was not 1969, or the Pentagon, (or for that matter Al Gore). From there on, there is a wide divergence of views as to when, where, and by whom the Internet may have been invented... more
- Ian Peter
- Comments: 2
- Views: 16,302
The Accountable Net: Who Should Be Accountable?
Two weeks ago, the Federal Trade Commission held a summit on e-mail authentication in Washington, DC; the community of people who handle bulk mail came together and agreed on standards and processes that should help reduce the proliferation of spoofed mail and fraudulent offers. This was a big, collective step in the right direction. But e-mail sender authentication alone won't solve the Net's fraud and phishing problems - nor will any single thing. It requires a web of accountability among a broad range of players. Yet this week there's another meeting, in Cape Town, South Africa, that could make even more of a difference...but it probably won't. more
- Esther Dyson
- Comments: 6
- Views: 15,364
Phish-Proofing URLs in Email?
For those who've been living in an e-mail free cave for the past year, phishing has become a huge problem for banks. Every day I get dozens of urgent messages from a wide variety of banks telling me that I'd better confirm my account info pronto. ...Several people have been floating proposals to extend authentication schemes to the URLs in a mail message. A sender might declare that all of links in it are to its own domain, e.g., if the sender is bigbank.com, all of the links have to be to bigbank.com or maybe www.bigbank.com. Current path authentication schemes don't handle this, but it wouldn't be too hard to retrofit into SPF. ...So the question is, is it worth the effort to make all of the senders and URLs match up? more
- John Levine
- Comments: 11
- Views: 26,403
Wal-Mart on the Domain Name War Path
Wal-Mart seems to have been particularly vigilant lately about protecting itself from third parties setting up websites critiquing Wal-Mart and its practices. ...Wal-Mart recently scored a victory in an arbitration proceeding under the Uniform Domain Name Dispute Resolution Policy ("UDRP") before the World Intellectual Property Organization ("WIPO") against Jeff Milchen, a self-proclaimed critic of Wal-Mart from Bozeman, Montana who registered the domain name "walmartfacts.biz". more
- Evan D. Brown
- Comments: 0
- Views: 27,617
Could IP Addressing Benefit from the Introduction of Competitive Suppliers?
An article written by Paul Wilson, Director General of Asia Pacific Network Information Centre (APNIC), and Geoff Huston, Senior Internet Research Scientist at APNIC. "In recent months proposals have been made for the introduction of competition into the system of allocation of IP addresses. In particular, calls have been made for new IP address registries to be established which would compete with the existing Regional Internet address Registries (RIRs). Specific proposals have been made by Houlin Zhao of the ITU-T and by Milton Mueller of the Internet Governance Project, both of which propose that the ITU itself could establish such a registry group, operating as a collection of national registries." ...It would appear that part of the rationale for these proposals lies in the expectation that the introduction of competition would naturally lead to outcomes of "better" or "more efficient" services the address distribution function. This article is a commentary on this expectation, looking at the relationship between a competitive supply framework and the role of address distribution, and offering some perspective on the potential outcomes that may be associated with such a scenario for IP addresses, or indeed for network addresses in general. more
- Geoff Huston
- Comments: 11
- Views: 33,759
ACPA Applies to Noncommercial Use of Domain Name
A recent decision by the Ninth Circuit confirms that "commercial use" by the defendant is required for a Lanham Act trademark or dilution claim, but is not required in a cybersquatting claim under the Anticybersquatting Consumer Protection Act (ACPA). Michael Kremer, a dissatisfied hair transplant patient, used the domain name www.BosleyMedical.com as a site critical to the Bosley Medical Institute, a hair transplant clinic. Bosley sued. The district court entered summary judgment for Kremer on the grounds that his conduct was not commercial... more
- Mark Partridge
- Comments: 3
- Views: 21,409
Study Finds Spammers Use P2P Harvesting to Spam Millions
A recent study conducted by Blue Security reports how Internet users can unknowingly expose their contacts' emails addresses to Spammers while sharing files, music, games and DVDs over Peer-to-Peer (P2P) networks. The study has uncovered hundreds of incidents where files containing email addresses were made accessible in P2P networks. more
- Eran Aloni
- Comments: 3
- Views: 20,534
More on Story Behind .ASIA
James Seng, my good colleague in APEET, said: "...Chiao called .ASIA 'more or less like a joint venture among APxx organizations'. I say nonsense!" When I say more or less, I mean more or less... On this .ASIA entry, I've intended to use the language carefully at this moment 'cos I know someone will be watching... more
- Chiao
- Comments: 4
- Views: 14,686
In Pursuit of IDN Perfection?
Many of the problems of IDNs come from trying to do multiple languages at the same time or languages one can't read. The biggest difficulty is implementing them in gTLDs like .com or .org. I think that if we focus on helping the country level TLDs (ccTLDs) get going with IDNs in their own native languages, we would be solving the problem for 80% or so of the people. My concern is holding up the ability for these people to use IDNs because we can find the perfect solution for the edge cases. more
- Joi Ito
- Comments: 11
- Views: 22,029
Story Behind .ASIA
After releasing .travel and .jobs (hey, steve.jobs up for bidding!), ICANN said they will look at .xxx and .asia next. (via Chiao) "Vint Cerf: ...of those, we have had fairly extensive discussion about .asia and .xxx. We continue to evaluate those. The others will be attended to as we can get to them. But i want to say for the record that we will attempt within the next 30 days to come to a conclusion one way or the other about .asia and .xxx so these will be on a board call sometime within that period." Chiao called .ASIA "more or less like a joint venture among APxx organizations". I say nonsense! Don't let appearance fool you. more
- James Seng
- Comments: 4
- Views: 38,474