So I wrote earlier that I though it was good stuff when ICANN released a paper on DNS Security. Yes, I think it was good this paper was released, and yes it points out correctly how important DNSSEC is. But, now when reading it in detail, I find two things that troubles me. And it has to do with management of .ARPA. A top level domain that is used for infrastructural purposes. Like IP-addresses and E.164 numbers... more
Worldwide consumer broadband connections will grow from 323 million connections in 2007 to 499 million in 2012, according to latest research by Gartner. Worldwide consumer broadband connections penetrated 18 percent of households in 2007, and by 2012, households with a broadband connection are expected to reach 25 percent. Five countries exceeded 60 percent broadband penetration into the home in 2007; and, this is expected to grow to 17 countries by 2012. The five countries with broadband penetration into the home above 60 percent are Canada, Netherlands, Switzerland, South Korea and Hong Kong. more
The United States Computer Emergency Readiness Team (US-CERT) has acknowledged that they are aware of the publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. US-CERT is re-emphasizing the urgency of patching vulnerable DNS systems. more
Today ICANN releases a paper with the title "DNSSEC @ ICANN - Signing the root zone: A way forward toward operational readiness". The paper explains in more detail than earlier documents what ICANN view on signing of the root zone is. I think the key points mentioned in this paper are true, and in general, I think this document is a good read. It is not long, and summarizes what I would call the current view is. more
A new nonprofit organization called the Open Web Foundation (OWF) launched today with a mission to be an independent non-profit dedicated to the development and protection of open, non-proprietary specifications for web technologies. "The Open Web needs Open Data, Open Date needs Open Specifications," is one of the statements used in today's opening presentation. With backing from some of the biggest companies including Google, MySpace, Facebook, and Yahoo, the foundation plans to serve as a placeholder for "all the legal dirty work that needs to happen in order for data portability to become a reality." more
As warned by Dan Kaminsky, Paul Vixie, and numerous other experts experts, it was just a matter of time before an exploit code for the now public DNS flaw would surface. An exploit code for the flaw allowing insertion of malicious DNS records into the cache of target nameservers has been posted to Metasploit, a free provider of information and tools on exploit techniques. According to reports Metasploit creator, H D Moore in collaboration with a researcher named "|)ruid" from Computer Academic Underground, created the exploit, dubbed "DNS BaliWicked Attack", along with a DNS service created to assist with the exploit. more
In what seems to have started with a blog post by reverse engineer Halvar Flake, and subsequent blog postings from other experts in the know, the details of the recently announced DNS vulnerability was quite likely made public today. The DNS flaw was found earlier this year by security researcher Dan Kaminsky and earlier this month announced publicly along with various tools and patches provided by numerous vendors... more
During the last decade, the Internet Engineering Task Force (IETF) has been designing IPv6 as a replacement for IPv4. Most of the initial benefits of IPv6 (security, QoS, autoconfiguration,...) have been ported to IPv4 and IPv6 deployment has been limited. However, thanks to the huge IPv6 addressing space, it is possible to design protocols and mechanisms that are more scalable and more powerful than with IPv4. A typical example is the multihoming problem. This problem occurs when a site is attached to several Internet Service providers... more
The Swedish morning daily Svenska Dagbladet on their editorial page yesterday writes about the EU threat to intervene at mobile roaming costs for voice, SMS and data. The editorial is pushing the point that it's wrong for the EU to try and price regulate the market, but instead the free market will prevail. They even seem to be indicating that the current pricing is fair and that an EU price regulation would hamper investments. In very general terms I would agree with the editorial... more
About 16 months ago, I heard Ed Richards of Ofcom speak at a CITI conference at Columbia, and blogged about it here. I remember thinking that Richards didn't seem to think that highspeed access to the internet was all that important. The market had to demand it, and the market wasn't being demanding. Also, he wasn't interested in government intervention to support highspeed access... more
They say (whoever "they" are) that good things come in threes, and that certainly seems true for law enforcement against spammers this week. In New York, Adam Vitale was sentenced to 30 months in prison and ordered to pay $183,000 in restitution for a week of spamming AOL back in 2005... In Illinois, an FTC settlement requires Spear Systems and company executives Bruce Parker and Lisa Kimsey to give up $29,000, stop making "false or unsubstantiated claims about health benefits" of their products, and bars them from violating CAN-SPAM ever again... And finally, in Seattle, the Robert Soloway case continues... more
Tragedies frequently result in flurries of legal activity. Last years witnessed the Myspace tragedy in which a 13 year old girl committing suicide. Unfortunately stalking laws have been clumsy tools that are difficult if not impossible for law enforcement officials to wield. Where existing laws respond poorly to tragedies, the option behind Door Number One is to enact a new law, and the option behind Door Number Two is to argue for a reinterpretation of current law that would somehow miraculously shoehorn the tragedy into the law. Unlike game shows, legal contestants can pick both doors -- which is what happened in this case. more
Wow. It's out. It's finally, finally out... So there's a bug in DNS, the name-to-address mapping system at the core of most Internet services. DNS goes bad, every website goes bad, and every email goes...somewhere. Not where it was supposed to... I'm pretty proud of what we accomplished here. We got Windows. We got Cisco IOS. We got Nominum. We got BIND 9, and when we couldn't get BIND 8, we got Yahoo, the biggest BIND 8 deployment we knew of, to publicly commit to abandoning it entirely. It was a good day... more
More than 40 years ago, the FCC was worried about telephone companies using their power over communications to control the then-nascent (and competitive) data processing marketplace. The Bell System at that point was already banned from providing services that weren't common carriage communications services (or "incidental to" those communications services)... In a 1999 article in the Texas Law Review, Steve Bickerstaff pointed out that Computer 1 meant that no one could provide a "computer utility" service... Today, we'd call the "computer utility" something different -- we'd use the term "cloud computing." more
In all the recent uproar (New York Times, "Google Told to Turn Over User Data of YouTube," Michael Helft, 4 July 2008) about the fact that Google has been forced to turn over a large pile of personally-identifiable information to Viacom as part of a copyright dispute (Opinion), there is a really interesting angle pointed out by Dan Brickley (co-creator of FOAF and general Semantic Web troublemaker)... more