Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
In its latest quarterly report, McAfee Labs has reported seeing an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices. more
On the evening of Tuesday, September 9th, Congressional leaders unveiled a 1,603 page, $1.01 trillion FY 2015 appropriations bill to fund the U.S. government through the end of September 2015. One provision of the omnibus bill would delay the IANA transition until after the September 30, 2015 expiration of the current contract between the NTIA and ICANN. more
The beginnings of the Internet are shrouded in myth and misunderstandings that have led to some claims of proprietary ownership of the Internet. Where and when did the Internet begin? The only thing Internet historians seem to agree on is that it was not 1969, or the Pentagon, (or for that matter Al Gore). From there on, there is a wide divergence of views as to when, where, and by whom the Internet may have been invented... more
In my last article, I described efforts underway to standardize new cryptographic algorithms that are designed to be less vulnerable to potential future advances in quantum computing. I also reviewed operational challenges to be considered when adding new algorithms to the DNS Security Extensions (DNSSEC). In this post, I'll look at hash-based signatures, a family of post-quantum algorithms that could be a good match for DNSSEC from the perspective of infrastructure stability. more
Two weeks ago, the Federal Trade Commission held a summit on e-mail authentication in Washington, DC; the community of people who handle bulk mail came together and agreed on standards and processes that should help reduce the proliferation of spoofed mail and fraudulent offers. This was a big, collective step in the right direction. But e-mail sender authentication alone won't solve the Net's fraud and phishing problems - nor will any single thing. It requires a web of accountability among a broad range of players. Yet this week there's another meeting, in Cape Town, South Africa, that could make even more of a difference...but it probably won't. more
I first outline a brief history of free file-sharing technology, then draw some general and domain name lessons, then outline the what, how, and why that make your activism effective and necessary... The domain name industry is decentralized and atomic in that anyone from anywhere in the world can register a domain name, keep the ownershp name and address private, and host it from a country where the U.S. and European legal systems don't apply. Thus, legal action will only drive domain owners further underground. more
A recent statement released by the U.S. Federal Trade Commission emphasized that the Whois databases should be kept "open, transparent, and accessible," allowing agencies like the FTC to protect consumers and consumers to protect themselves: "In short, if ICANN restricts the use of Whois data to technical purposes only, it will greatly impair the FTC's ability to identify Internet malefactors quickly -- and ultimately stop perpetrators of fraud, spam, and spyware from infecting consumers' computers," the statement states." more
The Internet Commerce Association (ICA) has posted a position paper and analysis of S. 2661, introduced on 2/25/08 in the US Senate. While we are firmly opposed to phishing and other criminal activities that may utilize domain names we are very concerned about the provisions of the proposal that appear to provide trademark owners with a means to avoid both UDRP and ACPA actions and alternatively bring private claims against domain names with a lower burden of proof and the potential for far higher monetary damages, without even requiring an allegation that the DN was in any way being utilized in a phishing scheme... more
ICANN has released temporary specifications for gTLD registration data in order to establish temporary requirements needed for the organization and gTLD registry operators to continue to comply with existing ICANN contractual requirements and community-developed policies. more
A lot of the people are planning to attend the .nxt conference next month ask me to point out the benefits of new Top-Level Domains (TLDs), and today gave me a fantastic opportunity... If you are thinking of applying for a new TLD and haven't been paying attention to the latest happening with .JOBS, maybe you should be. Though .JOBS has been a bit of a quiet TLD, they've been a favorite of mine because of the specific focus of the extension. more
Great article by the BBC about email vs. mobile apps in China -- and why email is losing out to the most popular apps. It's important for Westerners such as myself to remember that most of the world did not first interact with the Internet via desktop computer. In most emerging markets, people leapfrogged computers altogether on their way to using mobile apps. more
The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks. Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. more
Reported in the Washington Post no less: "Dell Takes Cybersquatters to Court". As reported a few weeks ago, this is a very thorough action targeting certain practices and practitioners... I'm surprised a suit this thorough didn't name Google as a co-defendant. Then again, maybe it's not that surprising because Google offers a well liked product, has a lot more money; and a search partnership with Dell that allows Dell to share in the profit when its users engage in "right of the dot" typosquatting on Dell keyboards. It's funny, because one day, Dell could find itself on the defendant's side of the courtroom... more
Today marks the fiftieth anniversary for the Internet "Request for Comments" (RFC) series which started in April 1969 with the publication of RFC1 titled "Host Software" authored by Stephen D. Crocker. more
Isn't security as important to discuss as .XSS? The DNS has become an abuse infrastructure, it is no longer just a functional infrastructure. It is not being used by malware, phishing and other Bad Things [TM], it facilitates them. Operational needs require the policy and governance folks to start taking notice. It's high time security got where it needs to be on the agenda, not just because it is important to consider security, but rather because lack of security controls made it a necessity. more
A World-Renowned Source for Internet Developments. Serving Since 2002.