The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks. Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. more
It's Apple's Developers Conference time again, and in amongst the various announcements was week, in the "Platforms Status of the Union" presentation was the mention of Apples support of IPv6. Sebastien Marineau, Apple's VP of Core OS told the conference that as far as IPv4 addresses are concerned, exhaustion "is finally here", noting that this already started in 2011 in the Asia Pacific while in North America IPv4 address exhaustion is imminent. Sebastien noted that it's really important to support IPv6 in devices and applications these days... more
Stepping back from the DMARC arguments, it occurs to me that there is a predictable cycle with every new e-mail security technology... Someone invents a new way to make e-mail more secure, call it SPF or DKIM or DMARC or (this month's mini-fiasco) PGP in DANE. Each scheme has a model of the way that mail works. For some subset of e-mail, the model works great, for other mail it works less great. more
In opening up for the .BRAND top level domain, ICANN has artificially created a scarce resource of great commercial value. Indeed, the values of the .BRAND TLDs may be astronomical due to the investments made by the companies that own the trademarks represented in the .BRAND TLD. While the above is interesting in its own right, I will here focus specifically on how we deal with situations where more than one company has a legitimate trademark interest in a particular .BRAND TLD. more
As the leading consulting firm to the Domain Name industry, we work with many of the existing gTLDs, ccTLDs and new gTLDs. During our engagements we do a lot of listening (as well as work) and this gives us a unique perspective on the key challenges the industry is facing. Recently, we are hearing feedback from many leading registries and registrars about their need for more dynamic pricing and promotions and their concern that there may not be enough flexibility in their billing systems to speedily handle their promotion plans. more
Brands applied for their new gTLDs to protect their brand and ensure they didn't miss an important new opportunity, but few had a clear business case for how they would use the gTLD platform when they applied. As brands approach the July 29th contracting deadline, the inevitable question is arising: "What do we do with this?" more
Barclays Bank is a .brand pioneer, having recently announced plans to migrate its primary online presence to two new gTLDs it will operate on its own behalf. But Barclays Bank has also just plead guilty to a major financial services felony and been fined $2.4 billion for that criminal activity. While the new gTLD Registry Agreement is clear that a registry operator must remove any officer or director convicted of a felony, it is ambiguous in regard to whether the Agreement can be terminated when the operator itself has been found to have operated a criminal enterprise. more
Today is June 8th and World Ocean Day. As I ponder on the threats and challenges to the world's ocean with the enormous stresses such as overfishing, pollution, ocean acidification that threatens all global standards of living, I cannot help but think about the startling similarities that global internet governance faces with its respective stresses of increasing cyber security vulnerabilities, threats, breaches of trust, growing cyber crime, breaches of privacy and data protection, identity thefts, pedophilia and many other things that threaten global public interest and our safety within an internet ecosystem. more
According to Reuters, Barclays has plead guilty to trying to manipulate foreign exchange rates, and has agreed to pay substantial fines, along with other major banks. Barclays is also the operator of the .Barclays new top-level domain name. This is not a case where it's a single rogue employee or officer has been found guilty of a financial crime. Here, it is the entire bank (and registry operator) that has plead guilty. more
Forgive me if you can, but I am about to say something blindingly obvious. The arrests made by the US Government and Swiss authorities of senior FIFA officials should remind us of a deep truth. Organizations must be accountable: to members, to users, to superiors, to markets, to someone who can say "stop what you are doing and amend your ways". When we consider the transfer of authority from the USG over the IANA function, let us keep in mind... more
Recently, there has been a lot of noise about China tightening control of the new top-level domains and how it could severely damper domain name registrations in China and one should make preparation for the worst. Initially, I tried to stay out of this as I know all the players behind this. But given that at least 3 people have emailed me asking what's going on, I decided to clear the air here. more
As many people have heard, there's been a security problem at the Internal Revenue Service. Some stories have used the word hack; other people, though, have complained that nothing was hacked, that the only problem was unauthorized access to taxpayer data but via authorized, intentionally built channels. The problem with this analysis is that it's looking at security from far too narrow a perspective... more
Would you like to learn more about what the WSIS+10 Review process is all about? How can you participate in the process if you are not with a government? What is "WSIS" all about anyway -- and why should you care? Those questions and more will be part of a luncheon briefing on Thursday, May 28, 2015, from 13:15 - 14:45 Central European Time (UTC+2). more
Have you ever found yourself blocked by a snowshoe spam filter or listed on a snowshoe blacklist? Or perhaps you've been told that one of your mailing practices makes you look like a snowshoe spammer? If so, you're probably wondering what snowshoe spam is, what you're doing to earn this reputation and what you should be doing differently. Here's a brief overview of the history of snowshoe and some suggestions on how to avoid being mistaken for a snowshoe spammer. more
The second-round new gTLD applicants have a tool they don't even know about: "crowdinvesting." That's when a venture sidesteps banks and venture capitalists and instead raises money by selling shares directly to the public. Usually this is done over the Internet, and often enough the investors can hope for a financial return that's far better than what banks and stocks offer. more