This morning, Global Payments held a conference call with investors and analysts covering their earlier breach announcement and projected earnings. Global Payments had also released an update advisory yesterday stating that "the company believes that the affected portion of its processing system is confined to North America and less than 1,500,000 card numbers have been exported" and that only Track 2 card data may have been stolen. more
In our continuing review of Rogue Registrars we have stumbled upon on a very elaborate fake banking site for "Swiss Bank" or "Bank of Switzerland". To the casual Internet consumer this site probably appears legitimate, but a number of clues tip off the fraud. Phishing sites are everywhere so this does not immediately raise eyebrows until you review the Thick WHOIS record for the domain. more
One fine night in November 2011 I got an opportunity to get my hands dirty, working on a project for the United States Federal Bureau of Investigation (FBI). They were planning to seize a bunch of computing assets in New York City that were being used as part of a criminal empire that we called "DNS Changer" since that was the name of the software this gang used to infect a half million or so computers. more
I opined about a year ago that DNS blacklists wouldn't work for mail that runs over IPv6 rather than IPv4. The reason is that IPv6 has such a huge range of addresses that spammers can easily send every message from a unique IP address, which means that recipient systems will fire off a unique set of DNSBL queries for every message... Now I'm much less sure this will be a problem... more
On January 18, 2012, Comcast customers found they could not access the NASA.gov website. Some users assumed that Comcast was deliberately blocking the website or that NASA, like Wikipedia and Reddit, was participating in the "blackout" protests against the Stop Online Piracy Act (SOPA) going on that day. As it turned out, the truth was much less exciting, but it offers important lessons about DNSSEC. more
ICANN's policy on the special protection of the Red Cross and the International Olympic Committee (IOC) names has triggered a very lively discussion including contributions by Konstantinos Komatis, Milton Muller, Wolfgang Kleinwächter, and myself (with Avri Doria's reply). There is an agreement that the exceptions are dangerous for ICANN's gTLD policy process which is in a formative and delicate phase. more
The explosion in mobile communications in the developing world has created social and economic changes that have exceeded all expectations and predictions -- even those made as recently as five years ago. There are still countries lagging behind, but now is the time to move on to the next stage -- and that means broadband. Already the developed world is showing an enormous appetite for mobile broadband, so the demand is most certainly there. The rapid development of low cost Smartphone, projected to approach $50 soon... more
No, that title is not a typo. The WHOIS service and the underlying protocol are a relic of another Internet age and need to be replaced. At the recent ICANN 43 conference in Costa Rica, WHOIS was on just about every meeting agenda because of two reasons. First, the Security and Stability Advisory Committee put out SAC 051 which called for a replacement WHOIS protocol and at ICANN 43, there was a panel discussion on such a replacement. The second reason was the draft report from the WHOIS Policy Review Team. more
I strongly believe there is a serious "breach" in the Applicant Guidebook: I checked the scoring, I checked the possible objections, I am aware of the Governmental Advisory Committee (GAC) early warning but I really could not find how ICANN is going to avoid Community applications to be submitted as Standard ones. The role of ICANN is to offer a solution to launching new generic Top-Level Domains, it is no party in saying whether a new gTLD is a Community or not. more
"ICANN ethical conflicts are worse than they seem," says Beau Brendler, chairman of the North American Internet user advisory committee to ICANN (NARALO), in an op-ed post published today. Brendler writes: "Whatever might be said about outgoing ICANN CEO Rod Beckstrom, Internet users worldwide should be thanking him. Last week in Costa Rica, at the organization's 43rd meeting, Beckstrom blew a harsh blast of cold Arctic reality into the room about the board's conflicts of interest. more
In a blog post on the ICANN website, Joe Abley writes: "Resolvers are servers on the Internet which use the Domain Name System (DNS) protocol to retrieve information from authoritative servers and return answers to end-user applications... So, all in all, how many resolvers are there? Given that anybody can run one, it seems like a difficult thing to measure. It turns out, however, that all resolvers that talk directly to authoritative servers on the Internet leave a trail, and with a little data crunching we can come up with a number." more
The United States Patent and Trademark Office currently does not provide Trademark protection services for the Top Level Domain industry, an industry which generates almost $1 Billion in revenues annually in the United States. The Top Level Domain industry is the only legal business class in the United States that is denied constitutionally guaranteed intellectual property protections... The lack of Trademark Protection for the Top Level Domain industry has greatly increased the amount of uncertainty associated with the ICANN Application Process for new Top Level Domains. more
We know from life: There is no rule without exception. The problem is, exceptions create space for interpretations and have the risk to undermine the rule. Take Article 19 of the International Covenant on Political and Civil Rights from 1966. Article 19, paragraphs 1 and 2 define the individual right to freedom of expression. Paragraph 3 adds some exceptions where this right can be restricted to protect, inter alia, national security and public order. This is an understandable justification for a restriction, but it opens the door for misuse... more
One of many controversies surrounding the introduction of new domain names is the special protection given, though a moratorium, to the Red Cross and Red Crescent Movement (RCRC) and International Olympic Committee (IOC). Although the RCRC and the IOC are discussed together, they are very different. more
On February 16, 2012 ICANN took the new step of suspending the Registrar Alantron's ability to register new names or accept inbound domain transfers. This new compliance tool was used following Alantron's apparently inadequate response to a breach notice issued November 7, 2011. The issue in part concerns Alantron's perpetual problems with Port 43 WHOIS access which is required by the Registrar Accreditation Agreement. more
A World-Renowned Source for Internet Developments. Serving Since 2002.