Featured Blogs

Latest

Hiding in the Firmware?

The most interesting feature of the newly-described "Equation Group" attacks has been the ability to hide malware in disk drive firmware. The threat is ghastly: you can wipe the disk and reinstall the operating system, but the modified firmware in the disk controller can reinstall nasties. A common response has been to suggest that firmware shouldn't be modifiable, unless a physical switch is activated. more»

IPv6 Security Myth #6: IPv6 is Too New to be Attacked

Here we are, half-way through this list of the top 10 IPv6 security myths! Welcome to myth #6. Since IPv6 is just now being deployed at any real scale on true production networks, some may think that the attackers have yet to catch up. As we learned in Myth #2, IPv6 was actually designed starting 15-20 years ago. While it didn't see widespread commercial adoption until the last several years, there has been plenty of time to develop at least a couple suites of test/attack tools. more»

Internet-Native Policies

Policies such as network neutrality and minimum speeds for broadband seek to limit the ability of carriers to favor some applications over others. Well-intended though these initiatives are, they still leave users negotiating for passage while confined to the carriers' "pipes". In this scenario, end users remain limited by how the incumbents choose to build their broadband content delivery networks. more»

What Must We Trust?

My Twitter feed has exploded with the release of the Kaspersky report on the "Equation Group", an entity behind a very advanced family of malware. (Naturally, everyone is blaming the NSA. I don't know who wrote that code, so I'll just say it was beings from the Andromeda galaxy.) The Equation Group has used a variety of advanced techniques, including injecting malware into disk drive firmware, planting attack code on "photo" CDs sent to conference attendees, encrypting payloads... more»

IPv6 Security Myth #5: Privacy Addresses Fix Everything!

Internet Protocol addresses fill two unique roles. They are both identifiers and locators. They both tell us which interface is which (identity) and tell us how to find that interface (location), through routing. In the last myth, about network scanning, we focused mainly on threats to IPv6 addresses as locators. That is, how to locate IPv6 nodes for exploitation. Today's myth also deals with IPv6 addresses as identifiers. more»

Riding the Waves of the Future

Yes, that was the theme of this year's Caribbean Cable and Telecommunications Association (CCTA) conference. This annual event was held in sunny Montego Bay, Jamaica, over the first week of February... For that, one has to applaud the fine work that CCTA puts into the event, drawing together operators, vendors, programmers, solution providers, marketers, and technologists alike -- and this year, over 270 attendees and 80-some exhibitors. more»

ICANN Africa Strategy - A View from the Inside

"Africa is rising" is a phrase we are accustomed to hearing nowadays. We Africans also seem desperate to make that positive narrative about Africa. From the vantage point of the digital Africa that I seat, it is most promising, but only if we can face some of our own self afflicted stagnation. Having been in the African Domain scene for nearly a decade now, I am always challenged to view our situation with a pinch of salt, a fact that doesn't attract many friends. But I am willing to go at it and point out the shortcomings. more»

ICANN's Auction Piggy Bank Just Got Twice As Big

Kieren McCarthy reports in The Register that an obscure Panamanian company paid $30 million for .BLOG in the January 21 domain auction. ICANN's web site confirms that the domain did go to the Panamanian company. It doesn't report the amount, but Kieren's sources are usually correct. If so, the auction proceeds piggy bank just doubled from $30M to $60M dollars, and ICANN still has no idea what to do with it. more»

Notes from NANOG 63

The following is a selected summary of the recent NANOG 63 meeting, held in early February, with some personal views and opinions thrown in! ...One view of the IETF's positioning is that as a technology standardisation venue, the immediate circle of engagement in IETF activities is the producers of equipment and applications, and the common objective is interoperability. more»

The Top 25 Global Websites from the 2015 Web Globalization Report Card

I'm pleased to announce the publication of The 2015 Web Globalization Report Card. Here are the top-scoring websites from the report... You'll notice that Google is once again ranked number one. The fact is, no other company on this list invests in web and software globalization like Google. While many software companies are happy to support 40 or even 50 languages on their websites, Google is looking at 60 or more languages across its many products. more»

Ensuring Trust in Internet Governance

This week in Singapore, important decisions are being made about the future of the Internet at the Internet Corporation for Assigned Names and Numbers (ICANN) 52 conference. At stake are fundamental questions: Should the American people surrender stewardship over core technical functions that have preserved the open and neutral operation of the Internet since its inception? Should the Obama Administration cede this authority to an organization many consider to be non-transparent, unaccountable and insular? more»

The 2015 IGF Brazil Will Focus on Empowering Sustainable Development

The preparations of the Brazil Internet Governance Forum (IGF) meeting are well under way. After consulting the wider Internet community and discussing the overarching theme of the 2015 IGF meeting, the Multistakeholder Advisory Group (MAG) decided to retain the title "Evolution of Internet Governance: Empowering Sustainable Development". This theme will be supported by eight sub-themes that will frame the discussions at the Joao Pessoa meeting... more»

The Why and How of DNS Data Analysis

A network traffic analyzer can tell you what's happening in your network, while a Domain Name System (DNS) analyzer can provide context on the "why" and "how." This was the theme of the recent Verisign Labs Distinguished Speaker Series discussion led by Paul Vixie and Robert Edmonds, titled Passive DNS Collection and Analysis -- The "dnstap" Approach. more»

Phishing Costs Companies over $411 Million per Alert

Phishing blindsides businesses' best defenses and takes a toll whose price tag still hasn't been pinned down. Here's one estimate: $441 million per attack, according to a recent study of the cybercrime's effect on stock market data (market value, volume of shares traded, and stock volatility) of global firms. The authors use "event studies" techniques (i.e., analyzing the impact of specific types of events on companies' market performance) to analyze nearly 2,000 phishing alerts by 259 companies in 32 countries... more»

NETmundial Initiative Taking Positive Steps Forward

The Net Mundial conference in Sao Paulo in April 2014 added a new element to the global Internet Governance Ecosystem. It demonstrated that the multistakeholder model for the governance of the Internet is able, not only to discuss issues of global importance, as we do it now for nearly ten years within the Internet Governance Forum (IGF), but it can also produce a concrete outcome. The Universal Declaration of Internet Governance Principle and the Sao Paulo Roadmap have enhanced the existing mechanisms. more»

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Afilias

DNS Security

Sponsored by
Afilias
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi