Subscribe: CircleID: Comments
http://www.circleid.com/rss/rss_cmnts/
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
charles christopher  city  domain market  domain names  domain  market  new  pdt  posted sep  posted  sep pdt  sep  service 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID: Comments

CircleID: Comments



Latest comments posted on CircleID



 



RE: Preliminary Thoughts on the Equifax Hack (Charles Christopher)

2017-09-18T19:51:08-08:00

>Were they trying hard enough, i.e., devoting enough resources to the problem?

https://www.bloomberg.com/news/articles/2017-09-18/equifax-is-said-to-suffer-a-hack-earlier-than-the-date-disclosed

"Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed"

"In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders. Either way, the revelation that the 118-year-old credit-reporting agency suffered two major incidents in the span of a few months adds to a mounting crisis at the company, which is the subject of multiple investigations and announced the retirement of two of its top security executives on Friday."

https://www.bloomberg.com/news/articles/2017-09-15/equifax-says-cio-chief-security-officer-to-leave-after-breach

"The firm’s chief information and chief security officers are retiring immediately, the Atlanta-based company said Friday in a statement that didn’t name the individuals [Susan Mauldin, music major]. "

Link | Posted on Sep 18, 2017 7:51 PM PDT by Charles Christopher




RE: Preliminary Thoughts on the Equifax Hack (Charles Christopher)

2017-09-18T09:38:54-08:00

>Equifax has a market capitalization of more than $17 billion;
>they don't really have an excuse for not running a good IT shop.

http://www.zerohedge.com/news/2017-09-15/another-equifax-coverup-did-company-scrub-its-chief-security-officer-was-music-major

"Mauldin’s original LinkedIn page was on this url before it was made completely private: linkedin.com/in/susan-mauldin-93069a (now a 404 page not found)

A few days after the news of the data hacking broke, the following page reappeared a with a different url, with the specific detail that her degrees were in Music Composition removed. Also, her surname Mauldin was replaced with the initial letter M. to complicate profile discovery."

http://www.zerohedge.com/news/2017-09-18/justice-department-begins-criminal-probe-equifax-executive-stock-sales

Link | Posted on Sep 18, 2017 9:38 AM PDT by Charles Christopher




RE: Making Sense of the Domain Name Market - and Its Future (Alex Tajirian)

2017-09-10T12:01:22-08:00

My comments are only on:

For registries, future success is dependent on grasping the changes that have already come. For registrars, it is increasingly important to identify winners and allocate resources accordingly. The question is: how?

For any business, future success requires a “grasp the changes that have already come.” Success also requires quantitative analyses of success and failure factors of the existing registries. For registrars, trying to identify winners and losers can be futile. If it were easy, there would be no losers. Thus, registrars need to adopt a portfolio management approach. Better management leads to higher profits. (Some of the registries adopted such an approach to new gTLD selection.)

Link | Posted on Sep 10, 2017 12:01 PM PDT by Alex Tajirian




RE: Making Sense of the Domain Name Market - and Its Future (Kevin Murphy)

2017-09-09T14:20:19-08:00

Lots of sense talked here. I look forward to the next in this series of articles.

Link | Posted on Sep 09, 2017 2:20 PM PDT by Kevin Murphy




RE: The One Reason Net Neutrality Can't Be Implemented (Charles Christopher)

2017-09-09T09:03:07-08:00

>Suppose for a moment that you are the victim of a wicked ISP that engages in >disallowed "throttling" under a "neutral" regime for Internet access. https://www.wired.com/2017/04/want-real-choice-broadband-make-three-things-happen/ The problem is not the "wicked iso", the problem is the lack of competition to move to another service provider. This was witnessed in my home state when the legislature was successfully lobbied by USWest and Comcast. Access to decent bandwidth in my area only occurred a few years ago. My neighborhood is very old, the telecom central office is at a distance far greater than DSL is rated for. When I had a land line during most springs the wetness got into the wires and I'd have no dial tone let alone DSL access. Comcast blocked voyage and many other activities I needed to perform as a Domain Registrar. I live in a densely populated city, not a rural area. I eventually had to obtain Comcast Business to get decent service at $150 per month. I have spoken to Century Link (was USWest) techs when I see them in the area. I ask them what the status is of their equipment is in the area. They confirm the wires in this area are next to useless and that if I went back to them they WOULD NOT be able to find a working pair of wires to provide me service. They all say this is a perfect area to update but Century Link is not interested in doing so. Recently Comcast blocked my server transactions, and my business class service allows servers. Tech came to my house, saw the problem, took it to his second level support and everybody was scratching their head with no clue as to why it was happening. Let service providers be as evil as they wish IFF there is an option to switch to another provider. Its the lack of competition and competitive forces that create this problem. "State governments that are serious about giving their citizens more options should start by making sure cities are allowed to build their own networks—something that 70 percent of the population supports, according to a recent poll by Pew, including about 67 percent of Republicans." While I generally disagree with government competing this way, I understand and support it being a need right now as it seems to be the only way left to create some competition. To have more than just two bad options for service. Katrina is another great example of this at play. Cities, with the help of volunteers, such as amateur radio operators, quickly setup a functional wifi network in the area. The local ISP we enraged that an alternative was setup so quickly while their networks were out. Local ISP force laws to be put in place REQUIRING the adhoc network be removed once their networks were back up .... Example of customers being fish in a barrel are all to plentiful, ISP have intentionally created this problems to server their own needs. http://www.nbcnews.com/id/9591546/ns/technology_and_science-wireless/t/post-katrina-landscape-turned-wireless-lab/#.WbQOyhRlky4 "Yet even the NPS team, which was sent in by the military, had early run-ins with FEMA, which had taken over jurisdiction of the hospital parking lot where the team was working. "We had to ask FEMA for permission to practically do anything, including use the outhouses," Steckler said." https://slashdot.org/story/06/04/04/198253/new-orleans-tech-chief-vows-wifi-net-here-to-stay "After Hurricane Katrina last year, New Orleans set up a city-wide wireless network to encourage businesses to return and assist in recovery. The New Orleans technology chief recently said that he intends to make the network permanent, in spite of state law and the disapproval of telecoms." Now back to my own state: http://www.heraldextra.com/news/opinion/editorial/set-utopia-free/article_c6191cae-c6f1-547a-aafe-2faf6710a8a6.html "When UTOPIA was first proposed, I was all for getting a fiber optic connection to every home and business in the at-that-time 17 cities. In my opinion,[...]



RE: The One Reason Net Neutrality Can't Be Implemented (Martin Geddes)

2017-09-08T14:03:25-08:00

Todd - that's a beautiful theory, and many make the same intuitive assumption. However, it is not technically correct.

Even if a single application or end point is targeted, you cannot prove what the intended effect was (except in extremis, like dropping every packet). For instance, if an application is over-saturating some downstream resource, "throttling" its upstream resources will actually increase its performance.

More formally, you cannot recover the intentional semantics from the operational semantics when the system has emergent operational semantics. It is impossible to reverse your way through the "labyrinth of luck" of all the interacting random processes in such a stochastic system.

The effect of any traffic management rule was contextual to that one moment in time. At a different moment, it may have a different effect. You cannot reproduce the past condition. So it is not possible to demonstrate the causal link that is widely assumed to exist.

Link | Posted on Sep 08, 2017 2:03 PM PDT by Martin Geddes




RE: The One Reason Net Neutrality Can't Be Implemented (Todd Knarr)

2017-09-08T12:25:38-08:00

It'll be easier to prove than you claim. It'd be that hard if the ISP were willing to degrade performance to a large swath of providers in addition to the service in question, but they won't be because that'd place them at a disadvantage against other ISPs. So in reality what'll happen is that the regulator will be asking the ISP to explain to the court why it is that little or none of the traffic across that route shows any performance degradation except traffic for this one service, even when that other traffic has the same profile as traffic from that service, and why it is that traffic performance seems to remain relatively stable over time except for at this one point where it suddenly changes. Questions that the ISP's going to have a hard time answering without sounding like fools or liars.

Link | Posted on Sep 08, 2017 12:25 PM PDT by Todd Knarr




RE: Making Sense of the Domain Name Market - and Its Future (Alex Tajirian)

2017-09-06T11:03:42-08:00

Besides high rates of renewal and future growth potential, you must consider future prices.

Link | Posted on Sep 06, 2017 11:03 AM PDT by Alex Tajirian




RE: Making Sense of the Domain Name Market - and Its Future (John McCormac)

2017-09-06T08:15:22-08:00

Interesting post, Kieren,
Looks like you've been reading some posts from ICANN CCT/MHI and ALAC mailing lists.
Remember that old expression that amateurs talk tactics while professionals study logistics? With the domain name industry, substitute "Usage" for "logistics". Usage plays an important part in whether a domain name is renewed. A domain name with a developed site is more likely to be renewed because the registrant has an investment greater than just the registration fee in the domain name. They may also be using it for e-mail or other services.

The ICANN CCT-RT has been trying, and failing, to understand how domain names are utilised with its "parking" paper. TLDs do not exist in isolation and this is more obvious when usage in a country level market is evaluated. The ccTLDs and the .COM tend to dominate the country level markets and the ccTLD generally becomes the first choice TLD for most registrants once the market matures.

With web usage metrics, there are two major trends in any TLD. The first applies to the characteristics of the domain names that are renewed. Thinking of them in terms of "content" and "no content" (and excluding redirects for the moment) is one way to deal with it simply. The domain names with content tend to renew at a higher rate than those without content. With the domain names that do not renew, the speculative and undeveloped domain names tend to drop at a higher rate. The highly speculative registrations, especially in new TLDs, do not renew well.

The Chinese market, especially in the new gTLDs, is quite speculative and the registrations tend to be one year wonders. This kind of speculative activity is common in an early phase market. Some of the registrations in the new gTLDs have been driven by discounting and that results in Boom and Bust registration patterns. The classic example is the XYZ 1 cent promotion where millions of domain names were registered and millions of these domain names subsequently deleted. Some of the gTLDs with significant Chinese market exposure also show similar low renewal rates. The usage patterns on Chinese dominated TLDs are also quite different to those seen in Western market TLDs.

The .EU ccTLD is more dependent on brand protection registrations than register-to-develop registrations. This is not necessarily a bad thing for a registry as those brand protection registrations are incredibly sticky in terms of renewals. However, the ccTLD has plateaued in the Western EU countries and a lot of the growth is coming from the Eastern EU countries where it is almost an alternative for .COM TLD. The mistake people make about the .EU is in looking at it as a single TLD when it is really a set of country level markets. These country level markets are dominated by the local ccTLDs and .COM TLD and .EU rarely gets more than 5% of the domain name market share in those countries.

The renewal rates in some of the new gTLDs are terrifying. Some months see rates below 10%. But there are some new gTLDs that have renewal rates approaching the ccTLD registries (Over 70% on new one year registrations.)

Link | Posted on Sep 06, 2017 8:15 AM PDT by John McCormac




RE: Making Sense of the Domain Name Market - and Its Future (Jean Guillon)

2017-09-06T00:49:16-08:00

We track them here according to categories (businesses, groups, etc...). Recently, we added a report entitled "Multiple Registries", tracking registration numbers according to group of Registries operating 5 TLDs and more. If a group is missing, we 're happy to add it.

Link | Posted on Sep 06, 2017 12:49 AM PDT by Jean Guillon




RE: Not Quite Two Factor, or Is Your Phone Number Really Something You Have? (Daniel Feenberg)

2017-09-04T05:12:52-08:00

An alternative to SMS or phone apps is for the server to make a voice call to the ptoential user and wait for a PIN. Then if the phone or phone number is stolen, security is maintained since the thief won't have the PIN. Since the PIN and the password travel over separate networks, it won't be easy to steal both.  At least one vendor (Duo Security) of 2-factor solutions offers this service, although they don't emphasize it. It has the advantage also that an ordinary desk phone can be made the target, which can be used to restrict access further.

Link | Posted on Sep 04, 2017 5:12 AM PDT by Daniel Feenberg




RE: The Internet Must Remain Open - Even for Those We Disagree With (Charles Christopher)

2017-08-31T07:39:33-08:00

>There is, however, a clear line to this open and free Internet: when laws are broken.

Sounds good, but what about administrative law? Such as a local city council and its ordinances.

https://en.wikipedia.org/wiki/Censorship_in_the_United_States

"Between the Mutual Film and the Joseph Burstyn decisions local, state, and city censorship boards had the power to edit or ban films. City and state censorship ordinances are nearly as old as the movies themselves, and such ordinances banning the public exhibition of "immoral" films proliferated."

https://en.wikipedia.org/wiki/Administrative_law

"Administrative law expanded greatly during the twentieth century, as legislative bodies worldwide created more government agencies to regulate the SOCIAL, economic and political spheres of HUMAN INTERACTION."

So when the 5 members of my city council decide they do not like a website, that means you will allow them to create and ordinance to have it dezoned?

This threat is a very real one. I sat in a city council meeting in which great deception was taking place in regards to a phantom tax increase, the city moving a cost directly to residents and off its books during a tax increase. Since the two were happening at the same time the city avoided acknowledging the cost shift as a tax increase. Some of us caught the scam. One went before the council and was very articulate as to his concern and that he'd be running against the council chair in the next election. The council chairs response was to call (scream) this individual a "terrorist" in front of everybody ... To which a number of people went to the podium and demanded the chair apologize which he eventually did.

In another meeting the city council past an ordinance to prevent its judge from being sued, that is to keep him from being held accountable for his actions.

I feel the term "law" is not as clear as you suggest, or would like it to be.

Fact is websites do not create the desire for their content.

The desire for their content creates the website, and the traffic which then causes it to grow.

Cause and effect are being flipped around. Unless root causes are addressed, dezoning a website will never eliminate the root cause (desire for its content), what it does is hide the problem so people feel good and live under the illusion that there is no problem since that can't easily see it. But the toxin remains.

When the toxin is right in front of you you can't ignore it. You have to form an opinion and make a decision what to do about it == YOU HAVE TO THINK. Its like the irritating grain of sand is to the oyster ....

Link | Posted on Aug 31, 2017 7:39 AM PDT by Charles Christopher




RE: Not Quite Two Factor, or Is Your Phone Number Really Something You Have? (Charles Christopher)

2017-08-28T07:37:08-08:00

>For accounts that have those inane recovery questions

I do that to. When calling a bank, the curious bank rep asked how to pronounce my mothers maiden name. I was surprised by the question and told them it was just a string of random characters .... The fact that they could read it made clear the data is plain text for there reps to read and thus steal, etc. Its only secure data if its between the banks computers and myself with no third party access.

>the chief technologist of the FTC

His PIN comments are incorrect as well. Skipping lots of details, some months ago I tried out Verizon phone service using a new number and phone obtained through Best Buy. The bill I soon received was three times higher than I was told it would be. Being more than a little annoyed I toss out all related account docs, called them up and canceled my account. It took MONTHS for them to close the account and stop charging me! In the finally call they asked for my PIN which I no longer had and told them so. I made clear at this point their confirmation of previous call notes, etc, should only require them to do what they promised and no challenge who I am. They finally closed the account. The moral of the story is the PIN code for Verizon is a human procedural step where they can see the PIN and thus ignore it as if the customer did provide it. In my case this was good, but if I was trying to socially engineer them this would be very bad.

So long as a human is in the loop and making all the decisions two factors authentication is meaningless.

And without naming the Domain Name Registry, many years ago I went to submit an IP update for our registrar. The form asked me for our registrars Pass Code as part of the form. Previously I always called in our IP updates to a human and thus avoided the form, but this time they demanded the form .... Which was a non-secure HTTP page!!! I then called tech support back and complained that it was totally unacceptable to request a registrar's pass code on an insecure form. I was told "You are the only one complaining, use the form". Fortunately I knew one of the higher up in the organization and immediately contacted them. The form was immediately removed (for a week as they updating the HTTPS) and I was assured that tech support person would be receiving "retraining" .... Since calling that registry that support person has never answered the phone.

So the next issue is how such information is handled between end points by the service provider. Frankly so call "anonymous" has never achieved any hacking success a privileged tech support person could not do with a packet sniffer on a major internet transit hub. The media presents the illusion that security is all about the end points, totally ignoring all the links in between where a "hacker" using a packet sniffer has trivial undetectable access to data such as ftp password, email recovering emails, and unsecured registrar update forms, and far more.

Link | Posted on Aug 28, 2017 7:37 AM PDT by Charles Christopher




RE: The IoT Needs a Paradigm Shift from Security to Safety of Connected Devices (Khaled Fattal)

2017-08-23T13:42:26-08:00

Martin,

Good piece. Your call for a change in approach is 100% correct and timely.

Actually, the threat is far scarier than that. Decision makers and stakeholders all over the world must start recognizing that the new breed of cyber terrorists (we labeled Poli-Cyber for last 4 years) are hacking for political, ideological, so called 'religious' but most critically, destruction motivation. This has caused a global paradigm change in the global cyber and non-cyber landscape.

These Poli-cyber terrorists are already finding it easy to hack poorly protected and patched targets. However, exploiting many IOT vulnerabilities that are so prevalent today will give them great new opportunities to hack, damage and destroy exponentially more targets. This is no longer a threat to profitability, it is a threat to survivability. And No one is immune.

Traditional cyber strategies are failing on daily basis while we have entered the "New Era of the Unprecedented”. Unless top decision makers start adopting new mindsets and start considering and implementing new, out of the box, innovative solutions, some of which they never considered before, many of them will be hacked, destroyed and become case studies to teach others the cost of no action.

This real threat to survivability and of being destroyed has been compelling for some to act. But still not to many Yet. 

BR

Link | Posted on Aug 23, 2017 1:42 PM PDT by Khaled Fattal




RE: The Sustained Potential and Impact of Mobile & Wireless Technologies Access for Emerging Economies (Larry Press)

2017-08-23T06:42:43-08:00

Your list of m-applications is missing the one that might be the most important, m-entertainment.

Link | Posted on Aug 23, 2017 6:42 AM PDT by Larry Press