IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.
Cindy's piece on the EFF website seems to be a bit of a pastiche, with elements taken out of various articles (some outright wrong, some merely misinformed) that have been doing the rounds of the media for quite a while now about Goodmail. She started off comparing AOL and Goodmail with the old email hoax about congress taxing email. That same line was used in a CircleID post by Matt Blumberg, CEO & Chairman of Returnpath... Various other quotes from different places - Richard Cox from Spamhaus on CNN for example. However a lot of the quotes in those articles are being based on wrong or out of context assumptions, starting with one that goes "AOL is going to remove all its existing whitelists and force people to use Goodmail". more»
A new company called Blue Security purports to have an innovative approach to getting rid of spam. I don't think much of it. As I said to an Associated Press reporter: "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal." more»
Today, the ITU launched a new survey asking member states, ccTLDs and other ITU member organizations to provide answers to a specialized questionnaire asking for their experiences on the use of IDNs. The ITU states that it is reaching out to ccTLDs to "collect information and experiences on Internationalized Domain Names under ccTLD (country code Top Level Domain) around the globe." One of the goals of this survey is to collate information on the "needs and practices" of each ccTLD that is surveyed -- so as to compile a report from the ITU that speaks to the implementation of IDNs around the world... more»
As I blogged about several months ago, as did numerous other anti-spam bloggers, David Ritz was sued by Jeffrey Reynolds and a judge in North Dakota agreed with Reynolds. At the heart of the case was that Ritz engaged in anti-spam activities using techniques known only to a small subset of advanced computer users, and used these techniques maliciously against Reynolds... Back in the olden days of spam fighting, some anti-spammers used to use malicious techniques against spammers in order to shut them down... more»
I got an e-mail from someone currently attending the Internet Governance Forum (IGF) meeting in Geneva. The e-mail ended up in my spam folder because the IP address used for the wireless LAN at the meeting is on a spambot/virusbot blacklist, namely cbl.abuseat.org. Apparently some guy there has his computer infected by a spambot or a virusbot... more»
The Internet Governance Forum (IGF) is an annual UN conference on Internet governance which was held this year in Rio de Janeiro, Brazil. The topics discussed range from human rights online to providing Internet access in developing countries. A somewhat secondary topic of conversation is Internet security and cyber-crime mostly limited to policy and legislative efforts. Techies and Internet security industry don't have much to do there, but I have a few updates for us from the conference. more»
Wikis have been around for a long time on the Web. It's taken a while for them to transform from geek tool to a mainstream word, but we're here now. Last week at the ICANN Meeting in Vancouver, it was fun to watch hundreds of people get introduced to Wikis and start using them, thanks to Ray King's ICANN Wiki project. In the past few days since, I've come to believe that Wikis are doomed unless they start thinking about security in a more serious way. more»
James Seng has quoted that Korea, China and Japan must have IDN (Internationalized Domain Name) service. His statement may appear as above mentioned countries desperately need for IDN services because there are no alternative. However, there have already been well established local Internet address providers since quite some time. more»
I have been attending the Icann conference in Malaysia this week. One of the key events was the submission of the report from the Security & Stability Advisory Committee regarding Site Finder. In reading the committee's report I discovered what I believe is an incredible breakdown in logic and as a consequence, a very mistaken, or at least confused, set of conclusions. So, why do I say that? more»
Email is a complex service and email abuse adds confusing deceptions. Worse, like postal mail and even telephone service, Internet mail is inherently open, flexible and even anonymous, making things much easier for abusers. Bad actors hide their true identity and their true purpose. Most other communication tools for users also are also quite open, and problems with email are being replicated elsewhere, such as instant messaging and social media. more»
I'm not even sure how to begin this post, but let me tell you -- my head explodes when I try to contact WHOIS "contacts" about criminal activity - FAIL. I think ICANN wants to do the right thing here, and has stated on multiple occasions that inaccurate WHOIS data is reason for registrar termination. That's a Good Thing... more»
Phishing, stealing personal information by impersonating a trusted organization, is a big problem that's not going away. Most antiphishing techniques to date have attempted to recognize fake e-mail and fake web sites, but this hasn't been particularly effective. A more promising approach is to brand the real mail and real web sites. more»
By now, you should have read elsewhere that the ICANN board has rejected the ICM application to create a .XXX TLD. It still comes as a surprise to some. Frankly, this was the prognosis I made to Stuart Lawley two years ago, for the very reasons mentioned by the European Commission. I mentioned in a previous blog entry that 6000 complaints from US citizens would have more weight on the conservative US administration than any other consideration... more»
So-called domain tasting is one of the more unpleasant developments in the domain business in the past year. Domain speculators are registering millions of domains without paying for them, in a business model not unlike running a condiment business by visiting every fast food restaurant in town and scooping up all of the ketchup packets. Since 2003, the contract between ICANN and each unsponsored TLD registry (.biz, .com, .info, .net, .org, and .pro) has added an Add Grace Period (AGP) of five days during which a registrant can delete a newly registered domain and get a full refund. Although this provision was clearly intended to allow registrars to correct the occasional typo and spelling error in registrations, speculators realized that this allows them to try out any domain for five days for free... more»
Back in the days of dial-up modems and transfer speeds measured in hundreds of bits per second, unwanted email messages were actually felt as a significant dent in our personal pocketbooks. As increases in transfer speeds outpaced increases in spam traffic, the hundreds of unwanted emails we received per week became more of a nuisance than a serious financial threat. Today sophisticated spam filters offered by all major email providers keep us from seeing hundreds of unwanted emails on a daily basis, and relatively infrequently allow unwanted messages to reach our coveted Inboxes. So, to some degree, the spam problem has been mitigated. But this "mitigation" requires multiple layers of protection and enormous amounts of continually-applied effort. more»
