This week, experts sent two drafts to the Internet Engineering Task Force (IETF) proposing different ways of fixing a problem in the way that Internet Protocol version 6 (IPv6) allows the source of network data to determine its path through the network. The drafts recommend that the IPv6 feature should either be eliminated or, at the very least, disabled by default. more»
A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security... more»
International organisations should step in to prevent the "tasting," "kiting" and "spying" related to Internet domain names, say representatives from the US telecommunications and trademark industries. These new activities are dramatically altering online commerce and impacting legitimate businesses, and the United States Federal Trade Commission (FTC), World Intellectual Property Organization (WIPO) and the Internet Corporation for Assigned Names and Numbers (ICANN) should take action, they say. The US Anti-Cybersquatting Consumer Protection Act (ACPA) had too many loopholes given the actual trends in the domain name secondary market, said Sarah Deutsch, vice president and associate general counsel for Verizon, and Marilyn Cade, former AT&T lobbyist and now consultant on Internet and technology issues... more»
Starbucks chairman and founder, Mr. Schultz's venture capital firm, Seattle-based Maveron, and H. Ross Perot's investment arm last month plowed $38 million into iREIT, a Houston-based company that has been accused of typosquatting by telecom giant Verizon. But earlier this year, Maveron also invested in Aliso Viejo, California-based CitizenHawk, which makes software that helps trademark holders identify typosquatters and initiate legal action against them. more»
BusinessWeek is running a column called 'Brandjacking' on the Web. In summary, nobody likes deliberate cybersquatting or typosquatting. But if Typo domain-names did not exist, the traffic would continue to flow to Microsoft or Google via the browser's error search where those very large companies would make money in the same manner as the 'evil cybersquatters'... more»
WIPO just published a decision regarding the domain dispute over the britishmuseum.org domain name. At first glance, everything seems alright. The world famous British Museum won in a default judgment as the current registrant (the respondent) never replied). However, drill a little deeper and something is amiss. The "parties" section of the case lists the respondent as "British Museum Resources, Limited, West Bay, George Town, Kentucky, United States of America." more»
Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace.
Security experts have predicted over the last several years that botnets of hijacked PCs would pose one of the staunchest challenges faced by the IT community as criminals discovered new ways to use them to deliver attacks. more»
Microsoft is investigating attacks exploiting a vulnerability in the Windows Server Domain Name System Service, as well as two types of hacks targeting Vista's OEM BIOS activation feature... "Our investigation reveals that this vulnerability could allow a criminal to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM," a Microsoft spokesperson said. more»
Microsoft is launching a string of court actions in the United States and Europe against cybersquatters, the Financial Times reported on Wednesday.
"Cybersquatting is a growing problem for brands around the world and we hope to educate other brand holders and encourage them to take action," Aaron Kornblum, a senior Microsoft lawyer, told the business daily. more»
The U.N. copyright agency (World Intellectual Property Organization) that arbitrates more than half the world's "cybersquatting" cases saw a 25 percent increase in complaints last year. WIPO received 1,823 complaints in 2006 alleging abusive registrations of trademarks as Internet domain names. more»
ICANN has released a factsheet concerning the recent attack on the root server system on 6 February 2007. The factsheet is intended to provide an explanation of the attack for a non-technical audience and hopes to enlarge public understanding surrounding this and related issues.
Aside from covering the attack itself and the engineers' response to it, the factsheet also briefly reviews the root server system, the domain name system, Anycast technology, and what can be done in order to deal with such attacks in future. The fact sheet can be downloaded here [PDF]. more»
Cybersquatting is so 2000, or so we thought. The Uniform Dispute Resolution Policy (UDRP) at WIPO has been chugging along for several years now, methodically determining if complainants IP rights have been violated and reassigning "ownership" of domain names. Typically, the cases are fairly boring. But some recent developments in the world of 800 lb search gorillas, Google and Baidu, suggests that the regime could be faced with substantial pressure in the near future. more»
Google's PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS (Domain Name System) pinning, that could give an attacker access to any data indexed by Google Desktop, security researchers said this week.
...Anti-DNS pinning is an emerging area of security research, understood by just a handful of researchers, said Jeremiah Grossman, chief technical officer at WhiteHat Security. more»
If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code.
...In tests, the researchers were able to do things like change firmware and redirect a D-Link Systems DI-524 wireless router to look up websites from a DNS server of their choosing. more»
Phishing attacks have outnumbered emails infected with viruses and Trojan horse programs for the first time, according to security experts.
...The difference in the ratio of phishing to virus attacks is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. This includes the recent Storm Worm and Warezov attacks, according to MessageLabs. more»
