ICANN's Nominating Committee (NomCom) is both a strange animal and a precious resource. Having a committee charged with first recruiting, then selecting suitable candidates to hold key positions within ICANN is something that is often little, or even mis, understood. Within the ICANN community itself. By the very nature of its recruitment role, the NomCom has to remain secretive. About who the candidates are, at any rate. But that doesn't mean the rest of the NomCom's processes must remain so. more
This week bank costumers of The Netherlands were shocked when they realised that online banking may not be as safe as they thought. Perhaps some were surprised to hear that what they think is money, is nothing but digits, something that does not exist. Their money only exist because we all act as if it exists and accept transactions between each other aided by software run by banks, if they haven't outsourced that function. more
With much fanfare last month, Uniregistry announced that proposals for dispute resolution between New TLD applicants in lieu of ICANN's so-called "Auction of Last Resort" posed significant antitrust risks. Their claim of concern was not based on any critical antitrust analysis, but rather on the fact that they had sought a "Business Review" letter from the Antitrust Division of the U.S. Department of Justice (DOJ), and, according to Uniregistry, the DOJ failed to provide them a positive response and discussed the issue with them. more
Do you agree this is a critical time for many of the original 1930 applications to ICANN to operate a gTLD Registry. How has The "Fadi Effect" contributed to those Applicants' Key Dates, Decisions, Dilemmas and their Critical Path to success or a costly Delay. The first step along the path for each applicant is the need to respond to its Clarifying Questions (CQs), particularly the Financials ones. As of today a small number of global brand applicants have already been withdrawn, reducing the number of applications to 1905. Were their applications' unprepared? more
How will the business of existing top-level domains (TLDs) be impacted by the new gTLDs? Someone asked me this simple question and I was very surprised to see that my online searches couldn't easily find many detailed articles or research related to that point. more
The Gogonet Live conference in San Jose witnessed outstanding presentations by several federal administrations including Veteran Affairs, NASA and SPAWAR, sharing their experience and progress towards IPv6 adoption. Furthermore, the NIST compliance report leaves no agency any place to hide. The report card is there for everybody to see. In spite of regular jabs and criticisms, the US Federal Government has done a remarkable job. more
Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured. more
Last year there was a "threat" by anonymous group to black out Internet by using DNS Reflection/Amplification attack against the Internet DNS Root servers. I even wrote a little article about it: "End of the world/Internet". In the article I was questioning if this was even possible and what was needed as general interest and curiosity. Well, looking at the "stophaus" attack last week, we are getting some answers. more
Culminating a year-long policy development process, ICANN today launched its new Blocking Usage Review Panel (BURP). The BURP provides long-needed oversight over services that block Internet traffic. "While everyone understands that national laws such as the U.S. CAN SPAM define what traffic is or is not elegible to block, legal processes can be slow and cumbersome," said a spokeswoman. "Since the Internet is global and traffic often traverses multiple countries, the array of different laws cause uncertainty." more
Yesterday Verisign sent ICANN a most interesting white paper called New gTLD Security and Stability Considerations. They also filed a copy with the SEC as an 8-K, a document that their stockholders should know about, It's worth reading the whole thing, but in short, their well-supported opinion is that the net isn't ready for all the new TLDs, and even if they were, ICANN's processes or lack thereof will cause other huge problems. more
If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more
Well... Maybe not the world, but the Internet it seems. According to a Pastebin letter, Anonymous announced they will black-out Internet on 31st of March. They even explained how to do it by attacking the DNS Root Servers on Internet using a reflected amplification attack. If this is successful, the root DNS servers will become unresponsive and cannot handle any other requests... more
The results of an excellent study made, for reasons that will become clear, by an anonymous author reaches this conclusion... The problem is, to make the study, the author created a botnet - that is he wrote a small program that took advantage of insecure devices to enlist additional machines to help in the study. more
As attack vectors go, very few are as significant as obtaining the ability to insert bespoke code in to an application and have it automatically execute upon "inaccessible" backend systems. In the Web application arena, SQL Injection vulnerabilities are often the scariest threat that developers and system administrators come face to face with (albeit way too regularly). more
Well it is not new that the US has always maintained that the Internet should be a tax free zone as per the US Congress's Tax Freedom Act 1998 which following expiry continued to be reauthorized and its most recent re-authorization (legal speak for extension) was in October 2007 where this has been extended till 2014. It is unclear whether there will be another extension post 2014. There is a moratorium on new taxes on e-commerce, and the taxing of internet access via the Tax Freedom Act. more
A World-Renowned Source for Internet Developments. Serving Since 2002.