M3AAWG, the Messaging, Malware, and Mobile, Anti-Abuse Working Group and APWG, the Anti-Phishing Working Group, surveyed their members about recent WHOIS changes. With over 300 results from security researchers, it's the broadest report yet on WHOIS use. The survey results confirm our concerns that WHOIS was a vital resource for security research, and its loss is a serious and ongoing problem. more
Before I go back to the beginning, let me make clear that what follows are my personal observations vis-a-vis how National Association of Boards of Pharmacy (NABP) is managing the .Pharmacy Registry relative to personal experience as founder, President and CEO of Tralliance Corporation, the original manager of the .Travel Registry. My analysis may be a little long, but I promise that if you stay with me, you will be enlightened. more
In the fall of 1998, I was present at the first meeting of the ICANN Board which was then made up of very senior, prominent parties from a broad spectrum of sources. Much to her credit, Esther Dyson accepted the position as the first Chair of the ICANN Board for the newly birthed organization. I was in attendance in support of the nomination of Michael Roberts as the first ICANN CEO. It was a time of uncertainty. more
DNS-over-TLS has recently become a welcome addition to the range of security protocols supported by DNS. It joins TSIG, SIG(0) and DNSSEC to add privacy, and, in the absence of validating stub resolvers, necessary data integrity on the link between a full-service resolver and the users' stub resolver. (The authenticated source feature of TLS may also offer some additional benefits for those of a nervous disposition.) Good stuff. What is not good stuff is... more
New Zealand's Domain Name Commission today won a motion for preliminary injunction in a US lawsuit against the company DomainTools. more
Special interests who oppose privacy are circulating draft legislation to cut short ICANN's Whois policy process, warns Milton Mueller in a post published today in Internet Governance Project. more
Recently we've seen several examples of likely state sponsored security incidents of which the appropriateness was later strongly debated. Incidents such as states impacting commercial enterprises during cyber attacks; purported sabotage of critical infrastructure, and attacks on civilian activists have all, to a greater or lesser degree, led to concerns being raised by both civilian watchdog groups, academics, technologists and governments. more
Every four years, the 168-year-old, Geneva-based treaty organization that provides the legal basis for worldwide network communications, radio spectrum management, and satellite placements holds a "plenipotentiary" conference among its 193 sovereign nation members. The next plenipotentiary begins on 29 October for three weeks. In addition to potentially altering treaty provisions and resolutions, and constituting its Council as an interim governing body, it elects 17 individuals to its five permanent bodies... more
I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more
There have been many news stories of late about potential attacks on the American electoral system. Which attacks are actually serious? As always, the answer depends on economics. There are two assertions I'll make up front. First, the attacker -- any attacker -- is resource-limited. They may have vast resources, and in particular, they may have more resources than the defenders -- but they're still limited. Why? more
As I predicted ICANN is pursuing its case against EPAG. They're now not only appealing the case to a higher court in Germany but are also trying to get the entire thing referred to the European Court of Justice. In an announcement late last night ICANN made it very clear what their intentions are. While they're pursuing the appeal in the higher court in the German region, which makes sense at some level, it's also very clear that they're not taking "no" for an answer. more
On May 25, 2018, the European General Data Protection Regulation (GDPR) came into effect, meaning that European data protection authorities (DPAs) can begin enforcing the regulation against non-compliant parties. In preparation, the ICANN Board passed a Temporary Specification for gTLD Registration Data - essentially a temporary policy amendment to its registrar and registry contracts to facilitate GDPR compliance while also preserving certain aspects of the WHOIS system of domain name registration data. more
I think we are all hoping that when ICANN meets with the DPAs (Digital Protection Authorities) a clear path forward will be illuminated. We are all hoping that the DPAs will provide definitive guidance regarding ICANN's interim model and that some special allowance will be made so that registrars and registries are provided with additional time to implement a GDPR-compliant WHOIS solution. more
The current revelations about Cambridge Analytica's use of Facebook data illustrate an important drawback to using a Facebook account as your business' online presence: Facebook knows and sells your customers! Millions of companies - especially small companies and start-ups - rely on a Facebook account for their online presence. On the surface, it seems like a great idea... more
Security for Internet-connected devices, the "Internet of Things" (IoT), is critically important. Now, more than ever, it is top of mind for device manufacturers, network operators, consumer advocates, lawmakers, and government regulators -- domestically and internationally. In the face of recent attacks, government authorities and consumer advocates have proposed legislation, frameworks, certifications, and labeling schemes. more
A World-Renowned Source for Internet Developments. Serving Since 2002.