Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
After voting on the Comcast order today, Kevin Martin and his Democratic Party colleagues issued press releases telling us how they saved the Internet from Comcast's discriminatory practices, but they've failed to release the actual order they adopted and subsequently re-wrote. Commissioner McDowell wasn't allowed to see the revised order until 7:00 PM the night before the meeting. Rumor has it that high-level spin doctors are still trying to remove all the rough edges, inconsistencies, and factual errors. more
In an article published by the Technology Liberation Front, Cato Institute adjunct scholar Tim Lee dissects a recent argument by the American Civil Liberties Union (ACLU) regarding free speech & anti-spam laws. It's been interesting to watch the ACLU wrestle with anti-spam legislation. Their entire purpose is to work through the legal system to protect our civil rights, as defined in the First Amendment -- which is why I've been a card-carrying member since before I was old enough to vote... more
In a highly anticipated presentation, Internet security researcher Dan Kaminsky today gave details of the much talked about Domain Name System (DNS) vulnerability issue which has been intensely covered since it was publicly announced a month ago on Jul 8th. Although original plans entailed keeping the bug details undisclosed for 30 days in order to allow for necessary security patches to be implemented around the world, details of the bug were eventually leaked-and-confirmed 13 days after its public announcement. Even so, just hours ago in jam-packed ballroom during the Black Hat conference, Kaminsky delivered his 100-plus-slide presentation detailing the DNS flaw that, if exploited, could potentially "destroy the Web". more
Today the FCC is condemning Comcast's practices with respect to P2P transmissions.I'm happy for FreePress and Public Knowledge today, and I know they have achieved a substantial change in the wind. The basic idea that it's not okay for network access providers to discriminate unreasonably against particular applications is now part of the mainstream communications discourse. That has to be good news. I'm concerned on a couple of fronts. The FCC has taken the view that it can adjudicate, on a case-by-case basis, issues that have to do with "Federal Internet Policy." They used that phrase several times... more
Arstechnica had a nice article yesterday by Timothy Lee entitled 'The really long tail' following up on Derek Slater's article last week on the Google Public Policy Blog entitled 'What if you could own your Internet connection?' Both articles are about a pilot project in Ottawa.The "tail" in Timothy's article is the "last mile" (or as I prefer, "first mile") fiber connection from individual homes to a network peering point or other aggregation point where individuals can then choose from among multiple competing ISPs. The importance is, as Timothy Lee puts it... more
In a June court ruling, domainer Navigation Catalyst and registrar Basic Fusion lost a cybersquatting lawsuit to Verizon... This is an extremely interesting and potentially precedent-setting case regarding domaining and domain name tasting. The court condemns both practices, leading to a preliminary injunction against the domainer and its registrar based on the Anti-Cybersquatting Consumer Protection Act (ACPA). As far as I can recall, this is the first time that a domainer has lost an ACPA lawsuit in court, and it provides an important data point confirming that domaining can be cybersquatting (a previously unresolved issue)... more
Those wacky editorial writers at the Wall Street Journal just cannot seem to get the facts straight about network neutrality and what the FCC has done or can do on this matter. In the July 30, 2008 edition (Review and Outlook A14), the Journal vilifies FCC Chairman Kevin Martin for starting along the slippery slope of regulating Internet content. The Journal writers just seem to love hyperbole, and are not beyond ignoring the facts when they do not support a party line. Here are a few examples from the editorial... more
Each SANSFIRE, the Handlers who can make it to DC get together for a panel discussion on the state of information security. Besides discussion of the hot DNS issue, between most of us there is a large consensus into some of the biggest problems that we face. Two come to mind, the fact that "users will click anything" and that "anti-virus is no longer sufficient". These are actually both related in my mind... more
This morning's mail brought news of a 3 minute 45 second video clip of very candid and very outstanding remarks from Vint Cerf. Vint says very clearly what needs to be said and what needs to be grasped and acted on by the new president and congress next year... My observation is that in my opinion it is not the lighting that is unusual but rather the camera angle. It looks like interviewer is seated with his camera pointed up. The camera is looking at Vint's chin. Consequently I sent Vint an email: "you knew you were being recorded - surely? I hope: in any case the good deed is done... thank you sir." Vint replied with permission to quote... more
New report released today finds 75 percent of malicious websites are from legitimate, trusted sources with "Good" reputation scores. According to the report, 60 percent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. more
Note: this is an update on my earlier story, which incorrectly said that the AP reported that Chairman Martin was seeking to impose "fines" on Comcast. In fact, the story used the word "punish" rather than "fine," and a headline writer at the New York Times added "penalty" to it "F.C.C. Chairman Favors Penalty on Comcast" (I won't quote the story because I'm a blogger and the AP is the AP, so click through.) Much of the initial reaction to the story was obviously colored by the headline. more
On Tuesday July 8, CERT/CC published advisory #800113 referring to a DNS cache poisoning vulnerability discovered by Dan Kaminsky that will be fully disclosed on August 7 at the Black Hat conference. While the long term fix for this attack and all attacks like it is Secure DNS, we know we can't get the root zone signed, or the .COM zone signed, or the registrar / registry system to carry zone keys, soon enough. So, as a temporary workaround, the affected vendors are recommending that Dan Bernstein's UDP port randomization technique be universally deployed. Reactions have been mixed, but overall, negative. As the coordinator of the combined vendor response, I've heard plenty of complaints, and I've watched as Dan Kaminsky has been called an idiot for how he managed the disclosure. Let me try to respond a little here, without verging into taking any of this personally... more
In the last few weeks we've seen two very different approaches to the full disclosure of security flaws in large-scale computer systems. Problems in the domain name system have been kept quiet long enough for vendors to find and fix their software, while details of how to hack Transport for London's Oyster card will soon be available to anyone with a laptop computer and a desire to break the law. These two cases highlight a major problem facing the computing industry, one that goes back many years and is still far from being unresolved. Given that there are inevitably bugs, flaws and unexpected interactions in complex systems, how much information about them should be made public by researchers when the details could be helpful to criminals or malicious hackers? more
n 2004 Jaynes became the country's first convicted spam felon under the Virginia anti-spam law. He's been appealing his conviction ever since, most recently losing an appeal to the Virginia Supreme Court by a 4-3 decision in February. As I discussed in more detail at the time the key questions were a) whether the Virginia law had First Amendment problems and b) whether Jaynes had standing to challenge it. The court answered No to b), thereby avoiding the need to answer a), the dissent answered Yes to both. more
I've watched coverage of Microsoft's bid for Yahoo! and the related maneuvering between Google and Yahoo!. The explanations are not very convincing. Microsoft doesn't need Yahoo's search technology or their morale-impacted work force. Yahoo's search market share continues to decline and there's little of strategic relevance in the rest of their business. What's the attraction? more
A World-Renowned Source for Internet Developments. Serving Since 2002.