ICANN participation

A couple of years ago I started a mailing list where folks not necessarily involved with the vetted, trusted, closed and snobbish circles of cyber crime fighting (some founded by me) could share information and be informed of threats.

In this post I explore some of the history behind information sharing online, and explain the concept behind the botnets mailing list. Feel free to skip ahead if you find the history boring. Also, do note the history in this post is mixed with my own opinions. As I am one of the only people who where there in the beginning though and lived through all of it, I feel free to do so (in my own blog post).

As I conclude, we may not be able to always share our resources, but it is time to change the tide of the cyber crime war, and strategize. One of the strategies we need to use, or at least try, is public information sharing of "lesser evils" already in the public domain.

History

It was my strong conviction that the bad guys (criminals!) already had access to all this data—now we know they do, and further, could test their own creations against anti virus detection (on their own to see they are not detected or using a tool such as VirusTotal). They could use honey pots and any number of other sources of public information. Then, they could also always measure success ratios—they do.

On the other hand, the Good Guys (TM) did not share. What sharing did happen was very limited and limiting. Aside to that, because it was so scarce, it was (and to a level still is) kept secret to a select group of friends. Others would not be allowed in very easily, nor should they for obvious trust issues.

System administrators and security researchers had to get their information from their own logs or public reports of limited value from vendors. This secrecy also had the consequence of the public not being aware a cyber crime problem even exists and later on, always being roughly three to six years behind the curve on accepting what is actually happening.

By extension, when after the Estonian "war" many countries and organizations became-literally-scared, they started creating tech policy, based on misconceptions and information glimpsed from the news media and vendor reports.

The black hat effect

The anti virus industry has a history of being strict on sharing. That is as it should be and quite proper. In the early 1990s there used to be roughly one virus released every month. Then someone released a study on one, and within a month 50 new variants came out. Disclosure was a bad idea. However, times, they are a-changing.

When malware can be found by anyone running a honey pot, surfing the web, opening their inbox or Googling for it, the strong restrictions on sharing made little sense as far as "aiding the bad guys" (read criminals). The strong argument remaining to be strict on sharing was "we are not black hats, we are careful with these things!"

This is fine, and acceptable. It is also burying our heads in the sand. While sympathetic, change was required as the big worms were out (circa 2003-4) and security professionals all over the world had no information. Worse, when most security vendors and therefore the media were concentrating on the big worms, exponentially bigger botnets were out there, undisturbed.

A new industry formed which would later be called "Anti Trojan", as they would detect these bots (Trojan horses) and remove them, while many anti viruses considered them:

1. Not their job to detect.
2. Not viruses.
3. "Garbage files".

Beginning 1997, I made many approaches and tried to get the anti virus industry involved, telling them they are only detecting 20 to 30 per cent of all malware, to no avail. In 2004-5 they started playing catch-up. This happened again two to three years late with spyware (new industry, two years late to the game, etc.) and two to three years late with rootkits.

At that point in time active sharing was established between vendors (not just anti virus), academia and others. Companies such as Checkpoint, Cisco or "God forbid" Microsoft had "no business" dealing with samples according to the anti virus industry, as they went elsewhere, with people such as myself driving this sharing and, yes, taking the heat.

The strict sharing policies had an extra motive (on part of the anti virus industry), which made little sense except for business sense. They had every marketing intention of maintaining an iron grip on malware samples, so that only they could sell products and control the information flow. It was brilliant for a few years, but they also self-marginalized themselves and were forced to become more generic security vendors to catch up, due to inability to change in time.

They now had massive competition and were out of touch. This reminds me of the copyright wars in the music industry.

This grip was broken as such information became readily available (which was, as mentioned, ignored by the anti virus community). I can take a very big part of the credit for breaking this iron grip, by fascilitating sharing communities where vendors, researchers, law enforcement and others not directly of the anti virus world could exchange samples as well as analysis. Being a part of the anti virus world, this made me persona-non-grata by some, but thankfully not for more than a year or so.

Still, vetting and silence were a pre-requisite in the newly formed communities. Trust was key. Some of the new mailing lists and communities formed by me were DA and MWP. Later copy-cats include malaware and II (not as vetted, but now more relevant as far as malware sharing goes).

Others still would have to create their own communities, such as the ISP world, fighting this problem on the network side. They would later on not accept the researchers much the like researchers would not accept them—for the very same reasons, and only to change their minds once these folks started working on their own (on mailing lists such as DA and MWP).

No one wants to be considered a black hat, but times change and necessities facilitate evolution.

Sharing C&C information

It was a long journey, but we kept running into the same problems. We'd be fighting malware infecting a hundred thousand to three million users a day, with hundreds such incidents every single day. Yet, the public did not know about it, and the security vendors would be behind—concentrating naturally on their own niche.

We changed the world, enabled better sharing and created new trust models. And still, we would not truly cooperate. Cooperation and resource sharing aside (after all, many in the industry have financial agendas, as they should), we could not get the bigger picture straightened out. We needed to share intelligence on millions of stolen identities every day, but still couldn't get this malware sharing out of the way.

Command and control (C&C or C2) for botnets, for example, was information barred and restricted by the security and network operations communities now newly formed. After all, sharing would cause us to help the criminals. No? More than that, we'd no longer have control.

Much like with the anti virus industry before them, the anti terrorism folks in government and any other reactive fighters, the ISPs and operations professionals—me included—were indeed doing great work. We'd be fighting malware and botnets, but the problems just got worse, even if we were more organized.

A couple of years later, getting these C&Cs off-line was no longer useful, as they had graceful degradation and backup, immediately "jumping" somewhere else, undisturbed.

New researchers and organizations were refused acceptance once again, and started working on the problem on their own, sharing their information and eventually out-growing the original communities now set in their ways. Such is the way of the world. This showed me how sometimes diversity, rather than cooperation, can be great. Repeating mistakes and seeing how they no longer are mistakes due to a changed landscape, was something I now appreciated.

My advocacy was to treat C&Cs as intelligence sources rather than targets, but the intelligence discussion is for another time in another post.

Soon, C&C information was publicly available, and yet—to the public and policy makers, the cyber crime problem did not exist.

Enter the botnets@ mailing list

It was time for a change. Facing much resistance I created a public mailing list where the public, the sysadmins and the security researchers could share information, learn and fight cyber-crime.

The response was staggering. Dozens of contributors emailed in with detailed information, and yet—we felt uncomfortable about it. We treated folks like they were doing something wrong sharing in public, and sent mixed messages.

New groups were formed, and older groups got new recruits (such as Shadowserver, which the mailing list helped). It was still a win situation, but the mailing list had to go.

Today, about two years later, the botnets mailing list has been revived and in the past day the response has once again been staggering.

Folks share their information, get informed of new threats in a language they understand (tech) and talk to each other. More over, they understand the risks and the ugly face of Internet security is out there for all to see. This time we need to be ready to accept this change.

Public fighting

Sharing information with the public has always been something I was personally attacked for, and yet, how else are you supposed to win a war if the people you fight for don't even know it is happening, or needed?

Last year, Estonia was attacked on the Internet by Russians [PDF]. It can not be proven if it was a public uprising, Internet-style, or state-sponsored action. Still, it re-affirmed some of my beliefs about affecting change and community forming.

To fight a war, you have to be involved and engaged. On the Internet that is very difficult, but the Russians found a way. It is a fact that while we made much progress in our efforts fighting cyber crime, we had nearly no effect what-so-ever on the criminals and the attackers. Non. They maintain their business and we play at writing analysis and whack-a-mole.

Using the botnets mailing list, I am borrowing a page from the apparent Russian cyber war doctrine, getting people involved, engaged. Personally aware and a part of what's going on.

It can't hurt us, and perhaps now, four years over-due and two years after the previous attempt, we may be ready to give it a go and test the concept.

Perhaps now regular malware can become something regular professionals deal with, low anti virus detection of samples can become public knowledge, and vetted communities can think strategically and respond to more problematic matters such as intelligence handling of millions of stolen identities, or criminal organizations operating—not only in Russia and China, but from the San Fracisco bay area.

We may not be able to always share our resources, but it is time to change the tide of the cyber crime war, and strategize. One of the strategies we need to use, or at least try, is public information sharing of "lesser evils" already in the public domain.

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Security

Kenneth Corbin reporting on InterneNews: "On the eve of what could be a seismic shift in government, talk has been heating up about tech policy in the United States. But it's worthwhile to remember that it is the World Wide Web, and in that spirit researchers from Elon University and the Pew Internet and American Life Project canvassed the world's leading Internet activists to get an idea of what a global tech policy should look like.

Pew today released the responses from the attendees of the second annual Internet Governance Forum (IGF), held November in Rio de Janeiro. A solid majority (66 percent) of respondents said there should be some form of global Internet bill of rights...."

We Value Your Opinion: Please participate in this quick survey

More under: Internet Governance

ICANN has recently published a number of updates to the implementation program for new gTLDs.

One of these updates is a paper by ICANN's "auction design consultant PowerAuctions LLC". The document makes a case for an auction to be held for the "resolution of contention among competing new gTLD applicants for identical or similar strings." In other words, two (or more) applicants for ".bank", or applicants for ".bank" and ".banks."

The paper acknowledges that auctions are not the perfect answer to resolving these contentions, but says that they would be used for "tie-breaking."

The problem with this argument is that, in our imperfect world, it seems unlikely that there will be real ties to be broken. Auctions lately have become popular with one of the US federal agencies, the Federal Communications Commission, to allocate portions of the frequency spectrum, and the ICANN paper relies heavily on some academic support for them. But frequency spectrum allocation is not the same as selecting from among applicants to operate a generic Top-Level Domain registry. ICANN has a fundamental obligation to "promote the global public interest in the operational stability of the Internet. . ." (see http://icann.org/general/articles.htm)

ICANN is not a commercial operation, and it should not look at the possibly substantial proceeds of auctions as a motivating factor for a quick and easy solution to "tie-breaking."

The ICANN paper treats the new gTLDs as a "scarce resource". This is not necessarily the case, but the paper goes on to say that auctions would accomplish three things:

• Applicants whose true intentions or abilities are to serve many users would be able to justify higher bids than applicants who will serve few users;
• Applicants capable of providing high-quality service at low cost would be able to justify higher bids than low-quality, high-cost applicants; and
• Applicants who intend to develop the gTLD immediately would be able to justify higher bids than applicants whose purpose is to hold the gTLD, unused, for speculative purposes."

There is no question that it will be more difficult for ICANN to make selections of operators based on these three criteria, as opposed to holding auctions.

Despite the difficulties, ICANN's public interest obligations require it to investigate carefully and make judgments about the merits of gTLD applications, whether based on the three criteria above or other criteria, such as fostering competition and recognition of prior responsible registry management.

We Value Your Opinion: Please participate in this quick survey

More under: Policy & Regulation, Top-Level Domains

Last week American Airlines launched their Aircell wireless Internet access on a limited number of flights. It didn't take long before a few folks tried to make voice and video calls (in violation of Aircell's terms-of-service according to their PR folks), and it didn't take long before someone figured a way around their voice/video blocking efforts.

It's amazing how many times this battle gets fought. Service providers must know by now that people will find a way around their efforts to block applications. And they ought to realize that going after such users is going to create some negative publicity.

I posted some thoughts at the Enterprise 2.0 Blog. Andy Abramson and Dan York have "must read" posts as well.

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Broadband, VoIP, Wireless

Kim Zetter reporting on Wired: Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Internet Protocol, Security

With the thousands of IPv6 controlled lights dimming over the 2008 Olympics, the long march on the road to IPv6 continues as the Olympic IPv6 Workout enters history. The early objective of full commercial deployment for 2008 proved elusive and more realistic goals were set and met with success. Not wasting any time, the starting shot toward commercial deployment followed on the heels of the closing ceremony with the august 25th NDRC announcement urging the vigorous promotion of a commercial trial, increasing the number of IPv6 trial users to 500,000 by 2010 and to start mass production of IPv6 equipment. A logical next phase, indeed, as the IPv6 only CNGI has a 40 city coverage and massive bandwidth, but is still underutilized, while the old commercial IPv4 internet is sometimes bursting at the seams. Even in China it takes time to see the ISP's seriously start the transition on their commercial networks.

Exactly five years ago, in august 2003, NDRC launched the bidding process for CNGI which was deployed a year later and included all major carriers and CERnet, China's Education and Research Network. It would be prudent to assume that the new objective of 500,000 trial users by 2010 will be achieved; after all, with 210 million internet users, China pole vaulted past the USA, not to mention that China also holds the number one title in mobile with 560 million subscribers.

Does this mean that the USA is hopelessly behind in IPv6 deployment as has been so often postulated? Not so sure. Prodded more than a little bit by the DoD and DoC mandates and even more so by the 20 billion dollar of Networx contracts, all major ISP's in the USA have announced full commercial support of IPv6 by 2009-2010. The well publicised Comcast cable network IPv6 deployment, the Bechtel corporate IPv6 initiative or the Archrock sensor network products extend the effort beyond the traditional ISP environment and into the whole ecosystem.

Japan who is the undisputed leader in domestic commercial IPv6 deployment and IPv6 enabled end devices, has not yet started a real effort to translate this early advantage into successful export product lines. There is also still a chance that Europe will surprise everybody as they now offer a most competitive telecom market place. A total outsider could even surprise everybody.

The IPv6 finish line could be reached in another four years in London, let the Games continue.

Any opinions, findings, conclusions or recommendations expressed in these articles are solely those of the author and are not in any way attributable to nor reflect any existing or planned official policy or position of his employer in respect thereto.

We Value Your Opinion: Please participate in this quick survey

More under: IPv6

Aircell, the company that provides the new Gogo Internet service on some American Airlines flights, is reported to be signing another airline to its service. Aircell management expects there will be some 2,000 commercial airplanes offering Gogo by the end of next year.

Mary Hayes Weier reporting on InformationWeek: "American Airlines has installed Gogo on 15 airplanes for flights between New York and Los Angeles, Miami, and San Francisco, and Delta says it'll have Gogo available across its domestic fleet of 330 commercial jets within a year. Delta is expected to expand that service to Northwest Airlines flights if the merger of those two companies goes through as planned..." Virgin America is also reported to be placing Gogo on its flights.

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Broadband, Wireless

Following last year's report on the Unity trans-Pacific submarine cable project, research company, TeleGeography reports today that "Google is working with a consortium of carriers planning to build an intra-Asian submarine cable system. The new cable, dubbed the Southeast Asia Japan Cable (SJC), would link Unity's landing station in Japan to Guam, Hong Kong, the Philippines, Thailand and Singapore." Report further indicates that the work is still in the planning phase. 'Given the current flurry of undersea cables under construction, the SJC cable will probably not be ready for service until 2011 at the earliest,' said TeleGeography analyst Alan Mauldin.

With a few exceptions, SJC consortium and Unity are reported to have the same members which include Google, Bharti, SingTel, KDDI and Global Transit.

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Broadband

I have been thinking a lot lately on the topic of the free flow of information on the internet—what kinds of tools are available now and in the future for governments (especially repressive ones) to control content, isolate their people and keep any contrary viewpoints censored.

I had an interesting conversation with a Practice Lead from IFTF.org. The Institute for the Future (IFTF) is a California based independent, nonprofit research group with 40 years of experience in identifying emerging trends that will transform global society. We were talking about another topic and eventually veered into what kinds of things are happening now to enable potentially repressive governments to have an even stronger stranglehold on the flow of thoughts and ideas into and out of their societies. Turns out they are quite concerned about the fragmentation and control of the Internet as well. But will it be an inevitability?

Some disturbing trends I see are the rise of nationalism which seeks to venerate one form of culture while potentially isolating itself or isolating others. The word "separatist" has crept into our lexicon—think "Tamil Separatists" in Sri Lanka, "French separatists" in Quebec. This can happen geographically too. In Iraq, the cradle of civilization once marked by its multi-cultural makeup, has degenerated into a patchwork of geographic "strongholds"—Sunni and Shiite and Kurdish and on and on. Yet another example is the former multi-ethnic state of Yugoslavia, which ceased to exist as of February 2003, and is now comprised of a six nation state, yes six! The breakup has been attributed in large part to ethnic tensions and nationalism. And lastly, another trend I see, which when combined with linguistic and geographic nationalism can help repressive governments get a better stranglehold of their people is the trend towards censorship and even cyber-warfare helped of course by advances in technology. Almost every week, there is something in the news about it, saying for the most part that censoring and filtering is quite rampant, thank you very much!

So what if you put all the three trends together: rise of nationalism (both geographic and linguistic) and technical advances, you see a pattern emerge: the very same governments that are often cited for repressive controls, are the very same ones who are demanding their very own internationalized Top-Level Domain (TLD), and very soon. (See this story for instance.) The repressive governments have succeeded in clamping down on traditional media, but online content is far harder to filter, if the operations running the resolution are not within your control. It is one thing to burn the books one by one, but another to control the distribution plant. In fact the above article states the following about the possible misuse of Internationalized domain names (IDNs):

"Some in the industry have though raised concerns that it could allow the state to control more of the content in a sphere that has remained a relatively free forum for dissent at a time when traditional media have become subject to tighter control."

So—what controls or questions are we—the Internet community—putting on the process? Sadly, very little. See our letter to ICANN laying our concern. In it, we express our concerns that the rights and needs of the end-users are taken into account and that we ask the question—"Is this right for the welfare of the Internet user?"

Are we willing now to ask these tough questions and think about the implications of our actions in 10 to 20 years? Let's hope so…

We Value Your Opinion: Please participate in this quick survey

More under: Censorship, Domain Names, Internet Governance, Multilinguism, Policy & Regulation, Top-Level Domains

The Sunday Herald reported on Sunday that Best Western was struck by a trojan attack that lead to the possible compromise of about 8 million victims. There is some debate as to the extent of the breach and not a small amount of rumor going around. I'm not entirely disposed to trust corporate press releases for the facts, nor am I going to blindly accept claims of security researchers whose first call is to the PR team when discovering a problem.

That said, here is what seems to be the agreed upon facts:

• A trojan was installed on one of the machines in Best Western's booking systems which lead to a compromise of credentials for the hotel's staff. These credentials were attempted to (and probably successfully) sold to organizations with links to the Russian mafia.
• Best Western is and was Payment Card Industry Data Security Standard (PCI DSS) compliant.

Of course, PCI really only helps one piece of the security equation and compliance is not the same as security. In fact, it is usually (at best) a poor substitute and more often an excuse to stop thinking about security ("We're Compliant!" followed by self-congratulatory back slapping). The same is true with relying on encryption. Encryption can be "defeated" and the ways to do it are well-known. (For instance, here is a paper I wrote almost 4 years ago on how to do it). If you can own the endpoint of a communication, encryption is irrelevant.

As another example, remember the backup tape heists a few years ago? Attackers know it takes an excessive amount of time to crack encryption, so they target ways to avoid it. Someone had the great idea of stealing backup tapes at which point few people would have even thought to have protected those. Now it is due diligence.

That said, here are 5 areas that are likely targets in the near future (or are targets now) that you may be overlooking:

• Centralized patching systems (i.e. WSUS). If you can hijack an update server and have it distribute a malicious patch, you own every desktop in an environment. The RedHat compromise should be a wake-up call in this regard.
• Centralized configuration and management systems (i.e. Configuresoft or the like). Same as above… the machine that controls all your desktops becomes the single point of pwnership.
• Payroll. Your payroll system has salary information and identification information. In short, it has everything you need to commit tax fraud. In the US, in particular, it also has your national identification number (what is falsely called a "Social Security Number") which allows an attacker to basically jack your entire identity as well.
• Web 2.0. There have been some attempts to spread malware or spear phish using Web 2.0 technology. In as far as your organization uses Web 2.0, the more "legitimate" a message looks, the more likely a user is to click it. Web 2.0 provides a great vector to compromise an organization, especially if many of your employees use it. (Think social engineering).
• Malicious insiders. Ok, this last one is not new, but still a solid majority of attacks have at least some component of an insider attack. In some cases, simply installing a keylogger and "selling" the result is simple enough for a disgruntled employee with even a token level of access to an environment.

Will put up more info on Best Western as the situation warrants. Thoughts to the top 5 lists? What would you add or take off?

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Security

Your participation in this survey is very important to us. Understanding your background and professional experience will help us make this site more useful and relevant to you and other readers of CircleID.

The survey should only take a couple of minutes of your time. Please click here to start.

If there is anything else you'd like to add, please post them below using the comment form.

Thank you.

We Value Your Opinion: Please participate in this quick survey

More under:

When Kurt Pritz briefed the Generic Names Supporting Organization (GNSO) Council (and observers) in Los Angeles April 10th and 11th, the new generic Top-Level Domain (gTLD) process model flows transition through an "auction" state in two of the three paths where two or more applications existed for the same (or similar) strings. At that time Kurt, speaking for Staff, was clear that the existence of a well-defined community was not dispositive, which surprised the Council members from the Intellectual Property Constituency present who recalled coming to the opposite position at San Juan. For Staff, a well-defined community was "a pebble" to weigh in some balance, where the name-squatting speculative bidder's claims to make "better use" might prevail. The weights of pebbles and the market-cap of the "better use" claimants were not defined.

Kurt's pebble makes a cameo in The Economic Case for Auctions, as a 25% bidding credit ... offered to community-based bidders whose community is located primarily in least-developed countries, so it seems safe to assume that Chrysler LLC will simply have to offer 1.25 times the money to ICANN as a consortium which includes the governments or institutions of the Cherokee Nation of Oklahoma, the United Keetoowah Band of Cherokee Indians, and the Eastern Band of Cherokee Indians. Of course, the ICANN lobbyists for Chrysler LLC may ask for, and may obtain, a ruling on the question of whether "Indian Country" is "located primarily in least-developed countries", and as horked as the economy is in the nine districts of the CNO/UKB and the Qualla Boundary, they could be described as "inside" the United States, which could cut Chrysler LLC's overbid by a quarter.

Obviously, as the author of the original sponsored Top Level Domain (sTLD) proposal in Working Group C, for a TLD operated by and for Indians, and as the coordinator of the Indigenous Intellectual Property Constituency, one of the three original IPC constituency proposals, that's a bean of no small size wegdged way up my nose.

But that's not all, as the narrator of the Ginzu knives promotion promises, there's more. Much more.

The Executive Summary informs us that scarce resources are efficiently allocated through auctions, a claim articulated in full at page 2, para 6, through the end of page 4, while three paragraphs above the anonymous author notes that that TLDs are not a scarce resource. This may reflect a division between the anonymous authors, or a brief moment of sobriety by a single, conflicted author. There are as many potential new gTLD bid strings as there are stars on a clear night in Marina del Rey. What is (relatively) scarce is the number of bid-capable efforts, which presently numbers in the low hundreds, and the whole point of the exercise is to intelligently deal with the subset of those bidders who chose well-known strings and chose not to encumber their application, or more importantly, the legal entity with whom ICANN might contract, with a well-defined community.

The anonymous author(s) claim that value is defined by the presence, or absence, of bids. However, the World Wide Web Consortium (W3C) may offer a community identified proposal, a dispositive bid for $0 for the most sought after of all potential candidate strings ".WEB", preventing any bids, to remove ".WEB" from ICANN's GNSO policy area. The Microsoft Corporation may offer $1 more than any bid (open ascending assumed) or a year's marketing budget (sealed bid assumed), for the same ends. The real value here is defined by the capture of the rights of others or theft of some linguistic commons, and as a corollary, value is defined by replication of the unpolicied, unsponsored, COM/NET/ORG business model. ICANN is not handing out random string sausages to queued up Soviet housewives eager to go home and get on with cooking up something filling with cabbages, it is letting VeriSign and other high-cap speculators grab at a very small cloud of marques and generics, and bid price is claimed to be a sufficient surrogate for all forms of merit, all purposes, and all policies.

Worse, Microsoft could put in an application for .ETOAIN-SHRDLU or .SHAZAM, again, a bid price of $0, and bundle "free" domain names into its products and send the entire ICANN market, VeriSign's .COM franchise included, the way of the Linotype. The anonymous author(s) have completely missed the real contours of both the real ICANN market, and the real value(s) present in this market.

The three particular claims made that form the second paragraph of the Executive Summary contain assumptions that should be identified.

The first claim assumes that unit price times volume corresponds to value.

This violates the consensus of Working Group C, which established the parity of unrestricted and restricted applicants in the 2000 round. I know, I drafted the restricted text that Jonathan Weinberg worked into the working group's Oct. 23, 1999 interim report.

The second claim assumes that marginal cost corresponds to value.

This violates the consensus of Working Group A, which established the parity of prior claims and any other allocation mechanism, and which cannot sensibly be reduced, in an intellectual property regime encompassing hundreds of jurisdictions, to simple estimates of marginal cost. I know that too, because members of Working Groups A and C exchanged notes during the pendency of our respective working groups.

This too violates the consensus of Working Group C, which established the parity of policy other than the de minimus "first come, first served", assumption of the credit card industry risk, and negligence policy that defines the "unrestricted" policy model. I know that too, because, well, see above.

The third claim restates the first claim, with the odd twist that a "scarce resource" declines in value if reserved, whether by a "speculator" or a responsible intellectual property custodian, or ICANN. Is anyone certain, certain enough to commit ICANN's and scores of registries', registrars', and other applicants' resources, eight-figures sure, that the value of .WEB is less today that it was in 2000? That the value of .SPORT is greatest before the International Olympic Committee (IOC), the professional sports associations, the broadcasters and the advertisers appreciate it, now, and not ten years from now?

The remainder of the Executive Summary (paragraphs 3 and 4) are irrelevant, other than making the mildly amusing case, years late, by a bystander, that the .ORG and .NET redelegation "technical evaluations" were utter rubbish, and that in retrospect, Paul Vixie's and Carl Malmud's groups, or SWITCH, and not Hal Lubson's and Philipp Grabensee's groups, that should be operating .ORG, or that CORE/ISC and not VGRS, should be operating .NET. The author doesn't actually say that, of course, that could cause Sudden Consultant Termination Syndrome, but if ICANN can't do comparative evaluations in the future, and will be hopelessly gamed, it was hopelessly gamed and couldn't do them in the past either.

The notion that ICANN, that the ICANN stakeholders, have no interest in the policies or practices of an applicant to operate a gTLD registry, other than the applicants ability to pay—we don't need no stinkin' rules, we've got cash—is illuminating as an evaluation of ICANN as an institution. Fortunately, it's not mine.

If there is a place in the ICANN problem's allocation arena where the resources are scarce, and the policy of the bidders, as a class, of utter disinterest, other than their ability to pay, it is the allocation of single-character domains in COM, NET, and ORG. And neither Overstock, nor Oprah, propose to operate a gTLD registry, just an Second-Level Domain (SLD) of no particular import. And that is where the unsigned note belongs, and no where else.

We Value Your Opinion: Please participate in this quick survey

More under: Domain Registries, Policy & Regulation, Top-Level Domains

An exclusive report from Scotland's Sunday Herald newspaper says that an international criminal gang has managed to steal the identities of an estimated eight million guests of the Best Western hotel chain in a hacking raid that could ultimately net billions of dollars in illegal funds.

According to the report, late on Thursday night, a previously unknown Indian hacker successfully breached the IT defenses of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia. It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007.

Update 11/25/2008: Best Western Responds to Sunday Herald Story Claiming Security Breach

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Security

Britain's Government has warned that computer networks controlling electricity supplies, telecommunications and banking are under constant attack at a rate of thousands of times a day. According to reports, the cyberwar against Britain is waged by criminals and terrorists some of whom are backed by foreign stats.

"If you take the whole gamut of threats, from state-sponsored organizations to industrial espionage, private individuals and malcontents, you're talking about a remarkable number of attempted attacks on our system—I'd say in the thousands," Lord West of Spithead, the Security Minister said. "Some are spotted instantly. Others are much, much cleverer."

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Security

The Federal Communications Commission (FCC) has proposed a ban on some wireless microphones and other low-powered devices that operate in the 700-MHz band after the digital TV transition in February, next year. This is part of an attempt to clear any potential interference with the "white spaces” spectrum which will be fully available for "public safety as well as commercial wireless services".

"So almost 7 months after the start of the 700 MHz auction that produced income of $19 billion, FCC is finally getting around to kicking the wireless microphones out of the band they have sold to others for use starting in 2/09, less than 6 months from now," says Michael Marcus, radio technology and spectrum policy consultant who formerly worked at FCC. "But don't expect immediate action. The NPRM only proposes to stop legal use of channels 52-69 for wireless microphones. But since most use is already illegal the real impact is questionable. It proposes to stop approving new models and freezes all pending applications for equipment authorization, but previously approved models can be imported and sold by the thousands pending further action."

We Value Your Opinion: Please participate in this quick survey

More under: Policy & Regulation, Wireless

The Federal Communications Commission (FCC) has proposed a ban on some wireless microphones and other low-powered devices that operate in the 700-MHz band after the digital TV transition in February, next year. This is part of an attempt to clear any potential interference with the "white spaces” spectrum which will be fully available for "public safety as well as commercial wireless services".

"So almost 7 months after the start of the 700 MHz auction that produced income of $19 billion, FCC is finally getting around to kicking the wireless microphones out of the band they have sold to others for use starting in 2/09, less than 6 months from now," says Michael Marcus, radio technology and spectrum policy consultant who formerly worked at FCC. "But don't expect immediate action. The NPRM only proposes to stop legal use of channels 52-69 for wireless microphones. But since most use is already illegal the real impact is questionable. It proposes to stop approving new models and freezes all pending applications for equipment authorization, but previously approved models can be imported and sold by the thousands pending further action."

More under: Policy & Regulation, Wireless

One of China's largest ISPs has recently fallen victim to the DNS vulnerability. The security company Websense has reported that the DNS cache on the default DNS server used by the China's Netcom customers has been poisoned. The incident was first discovered on Tuesday, Aug 19th, by Websense's Beijing lab.

Webssense researchers say they have seen other DNS vulnerability attacks however decided to publicize this particular case because of its uniqueness. According to reports, hackers have only exploited one of Netcom's DNS servers in China. When China's Netcom customers mistype and enter an invalid domain name, the poisoned DNS server directs the visitor's browser to a page that contains malicious code.

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Cyberattack, DNS, Security

One of China's largest ISPs has recently fallen victim to the DNS vulnerability. The security company Websense has reported that the DNS cache on the default DNS server used by the China's Netcom customers has been poisoned. The incident was first discovered on Tuesday, Aug 19th, by Websense's Beijing lab.

Webssense researchers say they have seen other DNS vulnerability attacks however decided to publicize this particular case because of its uniqueness. According to reports, hackers have only exploited one of Netcom's DNS servers in China. When China's Netcom customers mistype and enter an invalid domain name, the poisoned DNS server directs the visitor's browser to a page that contains malicious code.

More under: Access Providers, Cyberattack, DNS, Security

Broadband competition in the US is as good as it gets in the foreseeable future and will potentially decrease according to telecom and tech regulatory analyst, Blair Levin. "There's not that much left to be disruptive," Levin said. "White spaces could be in rural areas, and a little bit in broadband, but I don't think so. Other things that people are looking to be disruptive I don't think will happen."

According to a report by Telephony, "Levin, who is rumored to be a potential candidate for an FCC [Federal Communications Commission] appointment should Barack Obama win the presidency, also made some predictions about the telecom agenda of a Democratic administration. Ubiquitous, affordable broadband will be a priority for an Obama administration, Levin said, and Obama's FCC would likely be charged to move very quickly on that agenda."

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Broadband, Wireless

Broadband competition in the US is as good as it gets in the foreseeable future and will potentially decrease according to telecom and tech regulatory analyst, Blair Levin. "There's not that much left to be disruptive," Levin said. "White spaces could be in rural areas, and a little bit in broadband, but I don't think so. Other things that people are looking to be disruptive I don't think will happen."

According to a report by Telephony, "Levin, who is rumored to be a potential candidate for an FCC [Federal Communications Commission] appointment should Barack Obama win the presidency, also made some predictions about the telecom agenda of a Democratic administration. Ubiquitous, affordable broadband will be a priority for an Obama administration, Levin said, and Obama's FCC would likely be charged to move very quickly on that agenda."

More under: Access Providers, Broadband, Wireless