| | At Large Membership and Civil Society Participation in ICANN |
|
| |
|
|
|
 The Rise of a malicious resolution authority
posted by tbyfield on Tuesday May 13 2008, @08:34PM
Jart writes "With an interest in Internet Security the recent research paper recently by David Dagon, Niels Provos, et al., suggests we take an acute interest in ICANN[:]
“291,528 hosts on the Internet performing either incorrect or malicious DNS service. With DNS resolution behavior so trivially changed, numerous malware instances in the wild, we urge the security community to consider the corruption of the resolution path as an important problem.” [See (]http://www.citi.umich.edu/u/provos/papers/ndss08_d ns.pdf[)]
If you connect this to what now is the "auto" generation and registration of new malware and rogues domains via certain registrars. [See (]http://hostexploit.com[)]
As an emerging problem must [this] be a top priority for ICANN? However, I have not seen any particular reference, perhaps I am missing this? Or rather all of us should be paying much more attention to the who, what, and actions of ICANN?"
(
Read More... | 2768 bytes more | 1 comment
|   )
 |
|
.br Relaxes Registration Rules
posted by michael on Tuesday May 06 2008, @04:38AM
sk8master writes "On May 1, 2008, the Brazilian government organization that controls the country's domain name system, Registro.br, finally relaxed the restriction to non-corporative customers.
Previously, you needed to have a registered company in Brazil in order to complete new domain name purchases for the .COM.BR domain.
Now anyone is free to register Brazilian(.BR) domain names!"
(
Read More...
| )
|
|
Domain Sub-Letting Raises Hackles
posted by michael on Wednesday April 30 2008, @09:01AM
A Missouri college's decision to sub-let space on its .edu domain is drawing fire:
an online college in Missouri has started renting out blog space on its .edu domain to just about anyone willing to pay $50 a month. And the practice has quickly raised objections from college officials worried that such rentals undermine the .edu designation.
The college, the Pickering Institute, calls its service the "first public EDU blog community," and it touts the marketing value of having an Internet address that appears to be part of a college. "Our blogs allow you to reach an education-minded audience that is difficult to reach with mass-market blogs such as Blogger or Blogspot," says an announcement on the institute's Web site. So far, the blogs with the new .edu addresses include such noneducational offerings as "Handbags in Our Life," "Jewelry in Our Life," and "Get the Scoop." The institute is working with an Internet company called LinkAdage to offer the service.
Educase, the folks who run the .edu domain, say that this doesn't actually violate any rules, but they clearly don't like it and say they are investigating after receiving a complaint.
(
Read More...
| )
|
|
Avast, Earthlink
posted by tbyfield on Thursday April 24 2008, @08:34PM
Ryan Singel, writing for WiReD's Threat Level weblog (can we please go back to that term?), reports on yet another dubious innovation that's part typosquatting, part phishing:
[S]tarting in August 2006, Earthlink instead intercepts that Non-Existent Domain (NXDOMAIN) response and sends the IP address of ad-partner Barefruit's server as the answer. When the browser visits that page, the user sees a list of suggestions for what site the user might have actually wanted, along with a search box and Yahoo ads.
The rub comes when a user is asking for a nonexistent subdomain of a real website, such as http://webmale.google.com, where the subdomain webmale doesn't exist.... In this case, the Earthlink/Barefruit ads appear in the browser....
It gets worse:
[S]ubdomains are only as secure as Barefruit's servers, which turned out to be not very secure at all. Barefruit neglected basic web programming techniques, making its servers vulnerable to a malicious JavaScript attack. That meant hackers could have crafted special links to unused subdomains of legitimate websites that, when visited, would serve any content the attacker wanted.
The hacker could, for example, send spam e-mails to Earthlink subscribers with a link to a webpage on money.paypal.com. Visiting that link would take the victim to the hacker's site, and it would look as though they were on a real PayPal page.
Paul Vixie politely describes this as a "problem exacerbated by inappropriate monetization of certain DNS features." And if the Pentagon distorted GPS signals to bidders on a first-come, first-served basis—say, off the Somalian coast or in the Strait of Malacca—that would be "an inappropriate monetization of certain GPS features."
(
Read More... | 4 comments
| )
|
|
How many TLDs safely fit in the DNS?
posted by michael on Wednesday April 09 2008, @11:37AM
Simon Higgs writes "I recently came across the question "How many TLDs safely fit in the DNS?". It, was, not surprisingly, in the context of ICANN doing some due diligence with their $30 million budget and actually answering the same questions that the IAB have been cowering behind for over a decade. Well, here's my answer for it's 2 cents of bandwidth:
In all fairness to ICANN, the reason why I think it hasn't answered the question is because it simply DOES NOT have a calculator that can calculate a number that big. You would think that ICANN should be able to go down to the corner store in Marina Del Ray and buy one, just like all the other high speed networking physicists in the Admiralty building. But the number's so big even the mighty Google refused to calculate it until a just few days ago.
So what are these huge numbers that ICANN is hiding from us? Using the current ASCII-based character strings used in DNS we get the following big numbers:
(
Read More... | 1248 bytes more | 6 comments
| )
|
|
GoDaddy feels the heat
posted by tbyfield on Thursday March 13 2008, @03:46AM
GoDaddy pulled (but has since "pushed"?) the hosting plug on the website RateMyCop.com. According to the site's owner, Gino Sesto, GoDaddy did so without warning then later attributed it to "suspicious activity," and still later to the site's surpassing its contracted bandwidth limit. According to WiReD, GoDaddy initially claimed it couldn't comment because of its privacy policy but later saw fit to reluctantly poke its spoon around in a bowl of verbal porridge on the subject. ArsTechnica has more. Arbiters of taste pointed out that the site's owner might have less trouble if he'd called it, say, "AmICourteousProfessionalAndRespectfulOrNot.com". ICANN wasn't involved in any way; this kerfuffle just reminded me of the shining moment in ICANN's history when former ICANN President "Cap'n" Mike Roberts—no doubt grimly—typed:
When civilization takes a step backward, as it did last week, it usually means a period in which the people with the guns make the decisions. Anyone watching the American President on tv in recent days knows that's where we're at. It may be a while before the luxury of debating what constitutes consensus in a terrorist-less society returns.
It's been a while, Cap'n Mike.
(
Read More...
| )
|
|
NAF Accused of Failure to Refund
posted by michael on Monday February 18 2008, @11:05AM
A consumer complaint has been filed with the Minnesota Attorney General's office against the a major UDRP service provider for its failure to issue a $1,300 refund check as promised for canceled arbitrations.
The full text of the complaint against the National Arbitration Forum is here. Note this line:I have also contacted the Internet Corporation for Assigned Names and Numbers (ICANN), a California non-profit which confers nominal "accreditation" of the NAF to conduct these types of internet dispute resolution services. ICANN has taken no action, as the responsible ICANN official is a former employee of the NAF in charge of the identical dispute resolution service advertised by the NAF.
Has NAF ever issued a refund?
(
Read More... | 1 comment
| )
|
|
ICANN To Allow WHOIS Privacy -- But Only When Legally Required
posted by michael on Friday December 21 2007, @06:12AM
ICANN has published a notice of implementation of the revised ICANN Procedure for Handling WHOIS Conflicts with Privacy Law.
The procedure is due to be posted for 30 days, and implemented on 17 January 2008. The new draft reflects changes sought by the Governmental Advisory Committee (GAC).
Good news: after all these many years, ICANN is revising its registry/registrar contracts to reflect the fact that the default rule violates privacy law of countries that have decent privacy law.
Bad news: ICANN's default remains the same privacy-busting low it has always been. It is long past due to revise all the contracts to comply with best practices for privacy.
(
Read More...
| )
|
|
NomCom to Employ Search Firm?
posted by michael on Tuesday December 11 2007, @05:50AM
According to the Nominating Committee Call for Expressions of Interest in Assessment Team, this year's NomCom is planning to employ a search firm to help it find Board candidates.
Whether that's a good thing or a bad thing depends enormously on the implementation. Ominously, the terms of reference include this instruction, # Provide to the Nom Com a short written qualitative assessment and conclusions formed from each candidate interview, together with a numeric rating of suitability for each position considered on a scale to be jointly agreed upon initially by the organization and the Nom Com.
Based on my two terms on the NomCom, I do think it's a fair criticism that the existing practices don't do as good a job as they should in finding a deep enough pool of highly qualified developing country and non-native-English-speaking candidates from outside Europe. A search firm whose mission was to add some richness to that pool might be a very good thing.
But there are two ways to use a search firm that I think would be very harmful. The first would be to give the search firm any input, even "just" evaluating, candidates who come to the nomcom via other channels. The second, almost as bad, would be to give the search firm anything but the most limited mandate to rate the candidates it finds. There is no question that any mechanistic process to try to score candidates will work to the disadvantage of the sort of untraditional candidates that ICANN needs to be more open to. (It will also tend to favor age -- more demonstrated accomplishment -- over youth, already a perennial problem.)
A critical part of what the nomcom does is slate-making: trying to find a balance of talents. It's not a mechanistic process, and trying to reduce it to scores on some too-rigid pre-determined set of criteria would harm the process. Yet, because of the tight time-limits on which the NomCom works, there's a real danger that candidates with low scores based on whatever system emerges won't get their due. The numbers of files involved has been large but in no way unmanageable in the past; the NomCom shouldn't allow anyone to do its screening for it.
(
Read More... | 1 comment
| )
|
|
New Policies Regarding “.pe” Domain Names
posted by michael on Wednesday November 14 2007, @05:40AM
Ruddy Medina writes "Beginning December 8th 2007, the new policies regarding .pe domain names will come effective. Among the most important changes there are the chance for registration and payment on-line for the domain name, the supressing of the 10-day period for new solicitations publicity, the chance por transfering the domain to a new owner and the reduction and supressing of several previous restrictions, as were the peruvian toponymics and surnames, among others.
Also, domain names directly on the second level (.pe subdomain) will be registered, which for it has been established a 60-calendar-days sunrise period, so present domain holders in the third level can register theirs in the second. After this sunrise period, anyone will be able to register directly on the second level.
Besides, new registration opposition system has been eliminated. A new domain-trademark controversy resolving system is being implemented. This new procedure will gather principles from WIPO´s (World Intellectual Property Organization) Uniform Domain Name Dispute Resolution Policy (UDRP), which have been used by ICANN for the same goal.
Ruddy Medina
rmedina@iriartelaw.com"
(
Read More...
| )
|
|
When An Agreement Is Actually Polite Disagreement
posted by michael on Monday November 12 2007, @05:47AM
The headline on ICANN's press release says, ICANN and NRO Reach Agreement on Formalization of Relationships.
From that you would think we have a done deal. You would be right and you would be wrong.
First, let's consider the formalities. As the press release itself notes, there's supposed to be public comment before anything is final, ICANN is opening a public comment period on the formalization of its relationship with the Number Resource Organisation (NRO) and the Regional Internet Registries (RIRs) through an exchange of letters. At the ICANN meeting in Los Angeles, the negotiating teams reached agreement on the documentation of their relations and commitments under the exchange of letters, and agreed to seek approval of the arrangement from their respective Boards in accordance with the approval process of each of the parties.
Comments on the proposed letters may be submitted to nro-letters@icann.org until 23.59 UTC on 7 December 2007, and may be viewed at http://forum.icann.org/lists/nro-letters/.
So, as a formal matter, it's just a tentative deal, although if this comment period runs true to form, there will not be many and they won't matter much.
More to the point is the glaring disjunction between the views expressed in the two letters touted as "Agreement on Formalization of Relationships": The RIRs basically say that they want everything to go on as it is. Their contributions are voluntary and ICANN acknowledges their authority and autonomy. ICANN's letter does that, but qualifies it with this key language: We seek to further enhance our relationship for the mutual benefit of our organizations and respective communities. For that matter we wish and will seek to establish an appropriate legal arrangement within one (1) year from the date of this letter.
The RIRs are, however, much too smart to make legally binding commitments, either now or in the future. And it's hard to see what leverage ICANN has to make them.
(
Read More...
| )
|
|
IP Justice International Cyberlaw Clinic at IGF-Rio
posted by michael on Monday November 12 2007, @05:42AM
Robin Gross writes "On Wednesday 14 November 2007, the IP Justice International Cyberlaw Clinic will be showcased at the Internet Governance Forum (IGF) in Rio de Janeiro, Brazil. The IP Justice International Cyberlaw Clinic is a network of top law schools from different continents working together to promote the public interest in Internet law and policy matters. The IGF is an United Nations conference to facilitate cooperation and multi-stakeholder discussion on issues related to Internet governance.
The purpose of the International Cyberlaw Clinic is to give law students from around the world hands-on experience developing Internet policy and negotiating with other stakeholders in an international forum. The International Cyberlaw Clinic is led by IP Justice Executive Director Robin Gross and an international legal faculty from the law schools participating in the network. The Cyberlaw Clinic also benefits from the expertise of a distinguished Legal and Technical Advisory Board, a group of international legal scholars and technical experts, including former European Union Privacy Commissioner Stefano Rodota, Canadian cyberlaw expert Michael Geist, representatives from Amnesty International, and Brazilian cyberlaw professor Ronaldo Lemos.
“IP Justice is proud to introduce this new initiative and honored to be working with such a distinguished group of experts to promote the public interest in Internet law and policy matters,” said Robin Gross, IP Justice Executive Director who created the project. “The clinic draws from a variety of legal traditions to bring a truly unique and global perspective to Internet governance issues,” Gross explained.
The International Cyberlaw Clinic officially launched earlier this month at the annual meeting of the Internet Corporation of Assigned Names and Numbers (ICANN) in Los Angeles. The specific project for the International Cyberlaw Clinic is to represent the interests of the ICANN’s Non-Commercial Users Constituency (NCUC) in policy development at ICANN. NCUC is the only constituency out of six at ICANN that does not represent a particular industry or commercial sector in policy negotiations. NCUC’s policy objectives include the protection of civil liberties, consumer rights, and the promotion of innovation and competition in online services. ICANN is the private nonprofit corporation set up by the United States Commerce Department in 1998 to manage the assignment of Internet addresses, but ICANN’s mission has expanded in recent years to include a broad range of policy issues related to the Internet."
(
Read More... | 2342 bytes more
| )
|
|
|
|
| |
[ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]
|
|
| | |
| |
If you are logged in, you can configure what appears on this page by editing your homepage preferences. The same page allows you to choose our "light" format or exclude certain types of stories (or ICANNWatch editors!). You can decide the content and order of the items in this column, choosing from several optional headline services.
The format comments page lets you set a default for how you view comments and how comments you contribute appear. Elsewhere you can review your karma and posting history, or set what information you would like other users to know about you.
You may want to change your messaging preferences. We can send you a daily email of our headlines, or perhaps you would like a message every time someone replies to one of your comments.
|
|
| | |
|
