I came across an interesting article on Reuters today: "U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a rash of high-profile Internet crimes..." This is a pretty big step for the SEC. Requiring companies to disclose when they have been hacked shifts the action on corporations from something voluntary to something that they have to do. The question is do we want to hear about everything? more
Mainsleaze is nerdy slang for spam sent by large, well-known, otherwise reputable organizations. Although the volume of mainsleaze is dwarfed by the volume of spam for fake drugs, account phishes, and Nigerian 419 fraud, it causes work for mail managers far out of proportion to its volume... The problem with mainsleaze is that it is generally mixed in with mail that the recipients asked for, and there's no way to tell the difference mechanically. more
Too many techies still don't understand the concept of due process, and opportunistic law enforcement agencies, who tend to view due process constraints as an inconvenience, are very happy to take advantage of that. That's the lesson to draw from Verisign's proposal and sudden withdrawal of a new "domain name anti-abuse policy" yesterday. The proposal, which seems to have been intended as a new service to registrars, would have allowed Verisign to perform malware scans on all .com, .net, and .name domain names quarterly when registrars agreed to let them do it. more
Studies have found only limited, insufficient agency adherence with FISMA's (Federal Information Security Management Act) continuous monitoring mandates. One survey found almost half of federal IT professionals were unaware of continuous monitoring requirements. A recent GAO report found that two-thirds of agencies "did not adequately monitor networks" to protect them "from intentional or unintentional harm." more
It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns. more
Recent articles in the press have outlined how sites including MSN and Hulu are now using an advanced version of the old cookie file to track user behavior. These "supercookies" are very hard to detect and delete, and can track user behavior across multiple sites, not just one. These tricky little trackers have lawmakers pressing the FTC to investigate, and the IAB scrambling to defend industry practices. more
The US government is looking at telling ISPs how to deal with compromised customers and botnets. They're a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. more
As a new study from Citi Investment Research & Analysis make clear, the US does not have a spectrum shortage. We've just allowed a relatively small number of carriers to control the spectrum. ... Perhaps if we had an effective "use it or lose it" policy in place, or a heavy tax on unused spectrum a more vibrant market for this spectrum would emerge. more
Google is deploying fiber at its own expense in Kansas City, Kansas and Kansas City, Missouri to demonstrate the value of one gigabit (a gigabit is a billion bits -- a lot) per second residential Internet connections and perhaps to show at&t and Verizon and the cable companies how the search giant might fight back if its growth is restricted by their restrictions or limitations. ... Whoops. Google just learned the same lesson that President Obama learned in Stimulus 1 more
Here at the IGF in Kenya, we're debating how governments, private sector, and civil society can improve the multi-stakeholder model that's helped the Internet become such a vital part of life around the world. Makes me think of another kind of multi-stakeholder model I saw last week on a photo safari in Kenya's Masai Mara National Reserve. more
A World-Renowned Source for Internet Developments. Serving Since 2002.