Featured Blogs

Latest

More on Broadband Router Insecurity and Being Proactive

Fergie replied on NANOG to my recent post on the subject of broadband routers insecurity: "I'll even go a step further, and say that if ISPs keep punting on the whole botnet issue, and continue to think of themselves as 'common carriers' in some sense -- and continue to disengage on the issue -- then you may eventually forced to address those issues at some point in the not-so-distant future..." He is right, but I have a comment I felt it was important - to me - to make. Not just on this particular vulnerability, but on the "war"... more»

Ailing ETO-2002 and the Demise of PKI

The only Cyber law passed in Pakistan till date is the famous ETO-2002 (Electronic Transaction Ordinance - 2002). It required Ministry of IT&T to set up a Central Repository for all digital certificates and in addition to set up a body to be named as Electronic Certification Accreditation Council (ECAC) to accredit Electronic Certification Authorities to be established in the country... In this regard, government has not only closed its eyes and has blindly trusted the only certificate authority (CA) in the country operated by a private business group, it has also mandated the citizens and business to trust it. Case in point is Central Board of Revenue (CBR) that has told all taxpayers to digitally sign the emails using the certificates issued by this private party... more»

Broadband Routers and Botnets: Being Proactive

In this post I'd like to discuss the threat widely circulated insecure broadband routers pose today. We have touched on it before. Today, yet another public report of a vulnerable DSL modem type was posted to bugtraq, this time about a potential WIRELESS flaw with broadband routers being insecure at Deutsche Telekom. I haven't verified this one myself but it refers to "Deutsche Telekom Speedport w700v broadband router"... more»

Stop! Don't Forward That E-mail!

Forwarding e-mail is so easy that it must be legal, right? Not everyone thinks so. Ned Snow at the University of Arkansas recently wrote A Copyright Conundrum: Protecting Email Privacy that argues that forwarding violates the sender's copyright rights, so it's not. The article is quite clever and is (as best I can tell, not being a legal historian) well researched, even if you agree with me that its conclusions are a bunch of codswallop... more»

Ready or Not… Here Come the IRC-Controlled SIP/VoIP Attack Bots and Botnets!

A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security... more»

Criminal Checks Needed for Domain Name Tasting, Kiting, Spying

International organisations should step in to prevent the "tasting," "kiting" and "spying" related to Internet domain names, say representatives from the US telecommunications and trademark industries. These new activities are dramatically altering online commerce and impacting legitimate businesses, and the United States Federal Trade Commission (FTC), World Intellectual Property Organization (WIPO) and the Internet Corporation for Assigned Names and Numbers (ICANN) should take action, they say. The US Anti-Cybersquatting Consumer Protection Act (ACPA) had too many loopholes given the actual trends in the domain name secondary market, said Sarah Deutsch, vice president and associate general counsel for Verizon, and Marilyn Cade, former AT&T lobbyist and now consultant on Internet and technology issues... more»

Ed Richards of Ofcom on Net Neutrality

Ed Richards, Chief Executive of Ofcom, was at Columbia today... NN (Net Neutrality) debate does give us insight into importance of disclosure to consumers -- consumers should be able to switch providers, and they should know which ISPs are making prioritization decisions. This should be an obligation of suppliers to communicate this information to consumers. In particular, he says that Ofcom is actively exploring whether network operators whose traffic shaping activities change materially should have to tell consumers -- and if these changes are significant consumers should be allowed to break their contracts with the provider without penalty... more»

Geographic Implications of DNS Infrastructure Distribution

The past several years have seen significant efforts to keep local Internet communications local in places far from the well-connected core of the Internet. Although considerable work remains to be done, Internet traffic now stays local in many places where it once would have traveled to other continents, lowering costs while improving performance and reliability. Data sent directly between users in those areas no longer leaves the region. Applications and services have become more localized as well, not only lowering costs but keeping those services available at times when the region's connectivity to the outside world has been disrupted... The recently published paper, "Geographic Implications of DNS Infrastructure Distribution" focuses on the distribution of DNS infrastructure. more»

ICANN's WDPRS Report and Plan to Clean Up Whois Records

ICANN's recently released report, ICANN's Whois Data Accuracy and Availability Program: Description of Prior Efforts and New Compliance Initiatives [PDF], is a summary of the Whois Data Problem Report System's (WDPRS) reports spanning a one-year period that concluded at the end of Fenruary 2007. In case you're not familiar with the WDPRS, it's system that tracks complaints about inaccurate or incomplete whois entries. Notable facts from the report include: There were 50,189 reports for which ICANN received follow-up responses during the year... more»

.xom, BrandJacking and Error-Search

BusinessWeek is running a column called 'Brandjacking' on the Web. In summary, nobody likes deliberate cybersquatting or typosquatting. But if Typo domain-names did not exist, the traffic would continue to flow to Microsoft or Google via the browser's error search where those very large companies would make money in the same manner as the 'evil cybersquatters'... more»

Whose Network is it Anyway?

In reading a Q&A with Verizon's Brian Whitten I found this striking Q and A: "Q. With a fiber connection being symmetric, many fiber providers such as Paxio are providing symmetric connections such as 5Mbit, 10Mbit, 30Mbit. Why is Verizon keeping this arbitrary asymmetric limit with Fiber? A. ...Indeed, our FTTP network can easily support a symmetric data service. As market dynamics change, we would re-assess the benefit to our customers of introducing a class of symmetric data services." My reaction is "No thank you, I'd rather do it myself". To understand my reaction you need to recognize the difference between wanting to build my own bridge across a stream and asking why I'm not allowed to cross it myself using my own boat. more»

Oklahoma Spammer Fighter Loses Even Worse

Last December I wrote about Mark Mumma, who runs a small web hosting company in Oklahoma City and his battle with Omega World Travel a/k/a cruise.com. Mumma lost his CAN SPAM suit agains them in December, but Omega's countersuit for defamation went to trial last week, and I hear that the jury awarded Omega $2.5 million in damages, which Mumma is not likely to be able to pay. This may be painted in some circles as a huge defeat for anti-spam activists, but it's not... more»

Chinese and Japanese IDN in .BIZ

I just got back this morning from attending the OASIS XRI TC face-to-face meeting with Bill Barnhill, Drummond Reed, Laurie Rae, Les Chasen, Markus Sabadello, Marty Schleiff. A number of good things came out of the meeting, which I'll leave for another blog because this post is about Internationalized Domain Names, not XRI. So we just opened the flood gates for Chinese and Japanese IDNs for .BIZ. This has been my brainchild for the past half a year or so, and represents a significant step forward for our registry in terms of internationalization. more»

WIPO Snafu Over britishmuseum.org Case?

WIPO just published a decision regarding the domain dispute over the britishmuseum.org domain name. At first glance, everything seems alright. The world famous British Museum won in a default judgment as the current registrant (the respondent) never replied). However, drill a little deeper and something is amiss. The "parties" section of the case lists the respondent as "British Museum Resources, Limited, West Bay, George Town, Kentucky, United States of America." more»

ICANN to RegisterFly: We Really REALLY Mean It This Time

ICANN's web site has a press release saying that the were granted a temporary restraining order on Monday requiring that Registerfly cough up all the info on their registrants, or else.

My assumption all along has been that the reason that Registerfly hasn't provided full info is because they don't have it. ICANN agrees that they got partial data last month, and it's hard to imagine a reason that Registerfly would have given them some of the data but deliberately held back the rest. I guess we'll know soon enough.

By the way, I hear that ICANN plans to implement their registrar escrow policy, the one that's been in the contracts since 2000, pretty soon. more»

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days

Sponsored Topics