In the aviation world safety is paramount. Commercial airlines go to major lengths to make sure that their planes are fully up to code and can fly safely in the air. The risks - loss of human lives - are far too extreme to take any chances. One result of this diligence is the fact that travel by plane is far safer than any other method - nearly 40 times safer per mile than travel by car. While application security risks are not as dire, research shows CSOs fail to use the same stringent level of safety to secure their Internet-facing applications. more
Andrew McLaughlin reporting in the White House website: "Last week marked a significant advance in the security of the Internet. After years of intensive design, testing, and implementation work, the Internet's domain name system now has a new security upgrade that allows Internet service providers and end users alike to protect against an important online vulnerability: the clandestine redirecting of online communications to unwanted destinations." more
The abuse of well-known seal of approvals seems to be the latest ruse used by online fraudsters. Leveraging reputable names that existed long before anyone heard of the Internet is a blaring reminder that even trustworthy seals are not off limits to scammers. In fact, linking to reliable sources of reviews and certification is proving to be an essential part of any fraud strategy today. more
ICANN has taken another crack at the question of the economics of launching new top-level domains (TLDs). The first report that the group commissioned on the subject was greeted by a loud and unhappy uproar. Now we have the preliminary draft of a new report, this one by professors Katz, Rosston, and Sullivan. It is insightful and analytic, but the final version needs to consider the theoretical and empirical issues... more
Making a telephone call in London has become more difficult for early adopters of the new iPhone 4. First of all the reception is rather poor. And it is not just that it is not showing the bars correctly; many users in congested mobile areas such as London receive the message 'server not available'. (As a matter of fact, this doesn't apply only to the iPhone -- it is also experienced with other smart phones.) more
Craig Moffett sees this as I do: "If LTE networks are going to be usage-capped, then the last pretense that LTE can be positioned as a substitute for terrestrial broadband would seem to be gone." The heart of the U.S. broadband plan is to release more spectrum - enough for 10-20 networks like Verizon's LTE now building - and pray that will be enough competition in five to seven years to check price increases. more
Dialogue is the only way to end cybersquatting. Distrust between brand owners and domain owners (with an assist from some cockeyed business incentives) has turned a problem into a very expensive vicious cycle. Now that ICANN is about to launch new top-level domains (TLDs), negotiations must start immediately or both sides will pile up further loses. Here's how the problem plays out now. more
While jogging along LacLeman in Geneva I caught up with Dr. Kim Seang-Tae, the President of the National Information Society Agency of South Korea. He is also one of the Commissioners of the ITU/UNESCO Broadband Commission for Digital Development. Dr. Seang-Tae is the chief architect of the FttH miracle that is transforming South Korea. His broadband journey began in 1994, when he developed the country's first broadband plan. more
Kevin Shatzkamer, Chief Architect for Cisco Mobility, speaks to the mobile research Cisco has developed in helping Mobile Service Providers reach their ROI goals and objectives in projecting an increasingly demand driven market. ... There has been speculation for years that increased demand for mobile video would tax and possibly crash current networks and infrastructures of mobile operators. A predictor may be The World Cup games held in South Africa. more
July 15, 2010 (yesterday) marked the end of the beginning for DNSSEC, as the DNS root was cryptographically signed. For nearly two decades, security researchers, academics and Internet leaders have worked to develop and deploy Domain Name System Security Extensions (DNSSEC). DNSSEC was developed to improve the overall security of the DNS, a need which was dramatized by the discovery of the Kaminsky bug a few years ago. more
Every time I see a federal appellate opinion on domain names, I'm vaguely reminded of the Country Joe song I-Feel-Like-I'm-Fixin'-To-Die Rag, whose course goes "And it's one, two, three, what are we fighting for?" Fortunately, domain name disputes do not lead to the senseless loss of life we experienced from the Vietnam War. Unfortunately, lengthy domain name litigation usually has little more strategic value. more
J. Nicholas Hoover reporting in InformationWeek: "The White House on Wednesday issued an update of the Obama administration's ongoing cybersecurity work, detailing some of the steps being taken in an effort to secure the nation's networks against cyber attacks and in the process offering some new insight into the administration's future plans. The progress report, issued immediately after a meeting held by White House cybersecurity coordinator Howard Schmidt with agency secretaries, cybersecurity experts..." more
In a perfect world, consumers recognize authentic emails from fake, update their operating system, browser and anti-virus software, and have a healthy skepticism about the safety of the Internet. The bad guys hate perfect, so we should be working with consumers to stop them. ... Organizations like mine are joining forces to recruit consumers -- who are also your customers and employees -- in the fight against cybercrime. more
M86 Security today released it's bi-annual security report for the first half of 2010, highlighting the evolution of obfuscation through combined attacks. From the report: "This threat trend is the latest to emerge as cybercriminals seek new ways to limit the effectiveness of many proactive security controls. Because existing techniques for 'covering their tracks' are becoming less effective, cybercriminals have begun using combined attacks, which are more complex and difficult to detect. By splitting the malicious code between Adobe ActionScript language - built into Adobe flash - and JavaScript components on the webpage, they limit the effectiveness of many of the the proactive security detection mechanisms in place today." more
I just finished reading Richard Clarke and Robert Knake's book Cyberwar. Though the book has flaws, some of them serious, the authors make some important points. They deserve to be taken seriously. I should note that I disagree with some of my friends about whether or not "cyberwar" is a real concept. Earlier, I speculated that perhaps it might be a useful way to conduct disinformation operations, but it need not be so limited. more
A World-Renowned Source for Internet Developments. Serving Since 2002.