In our continuing review of Rogue Registrars we have stumbled upon on a very elaborate fake banking site for "Swiss Bank" or "Bank of Switzerland". To the casual Internet consumer this site probably appears legitimate, but a number of clues tip off the fraud. Phishing sites are everywhere so this does not immediately raise eyebrows until you review the Thick WHOIS record for the domain. more
I wrote this history and analysis of domain tasting for the ICANN Business Constituency membership. It's by no means perfect but I thought I'd share it with those who would like a bit more color on the subject. "Present day 'Domain Tasting' has its roots in 2001 and 2002 when a small group of ambitious domain registrants persuaded two registrars to allow them to register large blocks of domain names for the purpose of establishing which names garnered type-in traffic..." more
We have just returned from the Brussels, Belgium ICANN meeting where we released our Registrar audit, the Internet "Doomsday Book." There are many topics covered in the report, but we wanted to follow up specifically on the issue of WHOIS access and add data to our previous column Who Is Blocking WHOIS? which covered Registrar denial of their contracted obligation to support Port 43 WHOIS access. more
You may have seen a new proposal for a "mobile" top-level domain name for use by something called "mobile users" whatever they are. (The domain will not actually be named .mobile, rumours are they are hoping for a coveted one-letter TLD like .m "to make it easier to type on a mobile phone.) Centuries ago, as trademark law began its evolution, we learned one pretty strong rule about building rules for a name system for commerce, and even for non-commerce.
Nobody should be given ownership of generic terms. Nobody should have ownership rights in a generic word like "apple" -- not Apple Computer, not Apple Records, not the Washington State Apple Growers, not a man named John Apple. more
COICA (Combating Online Infringement and Counterfeits Act) is a legislative bill introduced in the United States Senate during 2010 that has been the topic of considerable debate. After my name was mentioned during some testimony before a Senate committee last year I dug into the details and I am alarmed. I wrote recently about interactions between DNS blocking and Secure DNS and in this article I will expand on the reasons why COICA as proposed last year should not be pursued further in any similar form. more
Everyone is probably well aware of the Kashpureff-style DNS cache- poisoning exploit (I'll call this "classic cache poisoning"). For reference, see the original US-CERT advisory prompted by this exploit. Vendors patched their code to appropriately scrub (validate) responses so that caches could not be poisoned. For the next 7-8 years, we didn't hear much about cache poisoning. However, there was still a vulnerability lurking in the code, directly related to cache poisoning. ...On April 7, 2005, the SANS ISC (not to be confused with Internet Systems Consortium) posted an update detailing how Microsoft Windows DNS servers were still being poisoned, even though the "Secure cache against pollution" option was set. The SANS ISC found that Windows DNS servers using BIND4 and BIND8 servers as forwarders were being poisoned. But how could this be? more
The Wall Street Journal's dubious story about Iran's use of Deep Packet Inspection (DPI) for spying, censorship and disinformation appears in a highly charged atmosphere. The US Republican right wing wants the US to talk tougher to Iran, to bomb-bomb-bomb, invade, or commit "regime change." More questions than mine have surfaced about the WSJ's story... more
Fueled by the lack of public IP addresses, 70% of Fortune 1000 companies have been forced to deploy NATs (Source: Center for Next Generation Internet). NATs are also found in hundreds of thousands of small business and home networks where several hosts must share a single IP address. It has been so successful in slowing the depletion of IPv4 addresses that many have questioned the need for IPv6 in the near future. However, such conclusions ignore the fact that a strategy based on avoiding a crisis can never provide the long-term benefits that solving the underlying problems that precipitated the crisis offers. more
As some readers probably know, I spend quite a bit of my time working on Internet policy related matters. Some of it may appear incredibly boring, but it matters. (If you really want me to explain why it matters I'd be happy to do so!) Since earlier this year I've been part of a small team of people drawn from the four corners of the globe and asked to re-examine "whois". more
One topic does not appear to have a compellingly obvious localization solution in the multi-lingual world, and that is the Domain Name System (DNS). The subtle difference here is that the DNS is the glue that binds all users' language symbols together, and performing localized adaptations to suit local language use needs is not enough. What we need is a means to allow all of these language symbols to be used within the same system, or "internationalization". more
Since the launch of the New gTLD Program in 2012, it has become evident that new gTLD registries overestimated the demand for new Top-Level Domain name extensions. Furthermore, new gTLD registries did not anticipate the hurdles in raising awareness, not to mention creating adoption for new domains. Even the most pessimistic New gTLD Program critic did not expect such uninspiring results. It was a wake up call for many in the domain industry. The New gTLD Program currently lacks credibility. No new gTLD has yet to go mainstream and capture the world's imagination. more
Cell phone carriers have seen a huge growth in wireless data usage. The iPhone is selling like hotcakes, and its users generate large amounts of traffic. Not surprisingly, as cellular providers deploy faster network technologies, users generate even more data... more
During the 2+ weeks for which Site Finder was operational, a number of ISPs took steps to disable the service. A study just released reveals details and analysis, including specific networks disabling Site Finder during its operational period. For example, China blocked the traffic at its backbone, and Taiwan's Chunghwa Telecom and Korea's DACOM also disabled the service. US ISPs seem to have been slower to act, in general -- but US ISP Adelphia disabled the service September 20-22 before re-enabling it on September 23. more
For some time now we've been tracking the progress of the deployment of DNSSEC in the Internet. Its been a story of an evolution of the measurement technique... In the process we've learned perhaps more than we had wanted to about the behaviour of Flash engines, Apache web servers and FreeBSD system tuning, and also learned much more than we had anticipated about the finer details of Google's online ad presentation behaviour. But one thing we did not see in all of this was any large scale jumps in the level of client use of DNSSEC validation over this period at the start of the year. more
I have discovered that VeriSign's SiteFinder service breaks Microsoft's Outlook and Microsoft's Outlook Express email readers as well as many of the standard Windows Networking Utilities by providing misleading error messages, temporary lockups, and incorrect status information. more
A World-Renowned Source for Internet Developments. Serving Since 2002.