Public participation site

On April 16th at 11:00pm GMT, the first of two botnets began a massive spam campaign to take advantage of the recent Boston tragedy. The spam messages claim to contain news concerning the Boston Marathon bombing, reports Craig Williams from Cisco. The spam messages contain a link to a site that claims to have videos of explosions from the attack. Simultaneously, links to these sites were posted as comments to various blogs.

The link directs users to a webpage that includes iframes that load content from several YouTube videos plus content from an attacker-controlled site. Reports indicate the attacker-controlled sites host malicious .jar files that can compromise vulnerable machines.

On April 17th, a second botnet began using a similar spam campaign. Instead of simply providing a link, the spam messages contained graphical HTML content claiming to be breaking news alerts from CNN.

Cisco became aware of a range of threats forming on April 15th when hundreds of domains related to the Boston tragedy were quickly registered. Regarding the botnet spam-specific threat – from a volume perspective – peaks approach 40% of all spam being sent. (Source: Cisco)

Follow CircleID on Twitter

More under: Malware, Security, Spam

Today, more than 80 organizations, represented by The European Consumer Organization (BEUC) and European Digital Rights (EDRi), sent a letter [PDF] to the European Commission demanding the end of dangerous experimentation with the functioning of the Internet in Europe and the protection of the principles of openness and neutrality.

"The Internet's unique value is openness. The experimentation by certain European access providers with blocking, filtering and throttling of services creates borders in an online world whose key value is the absence of borders." explains Joe McNamee, Executive Director of EDRi. "This reckless experimentation will continue unless the European Commission puts a stop to it."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation

China and the United States will set up a working group on cybersecurity, U.S. Secretary of State John Kerry said on Saturday, as the two sides moved to ease months of tensions and mutual accusations of hacking and Internet theft. Speaking to reporters in Beijing during a visit to China, Kerry said the United States and China had agreed on the need to speed up action on cyber security, an area that Washington says is its top national security concern.

Read full story: Reuters

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Internet Governance, Security

Mary Iqbal writes to report that ICANN has released the fourth round of Initial Evaluation results, bringing the total number of applications that have passed the Initial Evaluation phase to 131. ICANN is targeting completing Initial Evaluation for all applicants by August 2013. To learn more, see http://www.getnewtlds.com/news/Third-Round-of-Initial-Evaluations.aspx.

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

CircleID, once again, in collaboration with the team from Dyn Inc. and ICANN Wiki, brings you video blogs and updates from the 46th ICANN meeting in Beijing, China (7-11 April 2013).

Stay tuned as we keep this page updated through out the meetings.

Comments and questions? Please post them below in the comment section of the page or send us an email.

* * *

Update / Apr 12, 2013 — Ray King of ICANNWiki talked with Ben Crawford, CEO of CentralNic.

Update / Apr 12, 2013 — Dyn's Rich Peterson talked with UNH School of Law's Mary Wong.

Update / Apr 12, 2013 — As part of our ICANN 46 coverage, Ray King of ICANNWiki chats with Chuck Gomes, a member of the Registries Stakeholder Group.

Brought to you in partnership with Dyn Inc and ICANN Wiki. Please add your feedback and suggestions using the comment form provided on this page or contact us directly.

Video Coverage of past ICANN meetings:
ICANN 44 Meetings in Toronto
ICANN 44 Meetings in Prague
ICANN 43 Meetings in Costa Rica
ICANN 42 Meetings in Dakar
ICANN 41 Meetings in Singapore
ICANN 38 Meetings in Brussels
ICANN 37 in Nairobi, Kenya
ICANN 36 in Seoul, South Korea
ICANN 35 in Sydney, Australia
ICANN 34 in Mexico City

Follow CircleID on Twitter

More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

More than six million domain names were registered in the fourth quarter of 2012, bringing the total number to more than 252 million domain names worldwide across all top-level domains (TLDs) as of Dec. 31, 2012, according to the latest Domain Name Industry Brief from Verisign. The increase of 6.1 million domain names globally equates to a growth rate of 2.5 percent over the third quarter of 2012, and marks the eighth straight quarter with greater than 2 percent growth. Worldwide registrations have grown by 26.6 million, or 11.8 percent, year over year.

Follow CircleID on Twitter

More under: Domain Names

Mary Iqbal writes to report that ICANN has released the third round of initial evaluation results, bringing the total number of applicants to pass Initial Evaluation to 93. ICANN has now completed the initial evaluation of all but 13 IDN Top Level Domains. To learn more, see http://www.getnewtlds.com/news/Third-Round-of-Initial-Evaluations.aspx.

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

The Noncommercial Users Constituency (NCUC) has organized and is holding a policy workshop, One World, One Internet? New gTLDs & Competition in a Changing Global Environment, next week in Beijing at ICANN-46. The program, which brings together top Western and Chinese experts, will explore pressures for integration versus fragmentation of the Internet and implications for ICANN, as well as different competition and regulation perspectives as they relate to new gTLDs.

Panelists include:

Tarek Kamel, Senior Advisor to President for Governmental Engagement, ICANN
Markus Kummer, Vice President of Public Policy, The Internet Society
William J. Drake, NCUC, and International Fellow and Lecturer, University of Zurich
Yongge Sun, Director, The Internet Society of China
He Baohong, MIIT China Academy of Telecommunication Research
Leonid Todorov, Deputy Director for Government and International Relations, Russian Registry for TLDs

When & Where:

The workshop will be held on Wednesday April 10, 2013 from 13:00 to 15:00 (Beijing time) in Function Room 8AB of the Beijing International Hotel. The workshop is open to everyone and is free to attend. However, for planning purposes, it is requested that you please register. Interpretation and remote participation facilities will be provided by ICANN, more details on this on ICANN's website.

More Details on the workshop provided by NCUC.

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Policy & Regulation, Top-Level Domains

INET Denver is April 17, 2013 — register today to reserve your spot!

You won't want to miss this unique opportunity to join IPv6 networking professionals from across North America, who will attend to learn the latest on IPv4 exhaustion and how to transition to IPv6. The INET Denver agenda will bring together top experts in the networking field to discuss the latest on IPv4 exhaustion in our market, and the TCO of IPv6.

The line up of speakers includes industry experts like:

John Curran, President & CEO, ARIN
Owen DeLong, IPv6 Evangelist, Hurricane Electric
Lee Howard, Director of Network Technology, Time Warner Cable
Dr. Patrick Ryan, Public Policy & Government Relations Counsel, Google

When:

April 17, 2013
Registration: 12:00 - 1:00 PM
INET Denver: 1:00 - 6:00 PM
Refreshments: 6:00 - 7:30 PM

Where:

Grand Hyatt Denver
1750 Welton Street
Denver, CO 80202

Additional Details:

http://www.internetsociety.org/events/inet-denver

Registration:

http://www.internetsociety.org/form/inet

The INET Denver will co-locate with the 2013 North American IPv6 Summit. Take part in this unique opportunity to learn from top experts in the networking field discussing the latest on IPv4 exhaustion in our market and the TCO of IPv6.

Don't delay and register today!

Follow CircleID on Twitter

More under: IP Addressing, IPv6

Mary Iqbal writes to report that ICANN has released the second round of Initial Evaluation Results on March 29. ICANN is currently reviewing new gTLD applications at a rate of 30 applications per week and has plans to increase that to 100 per week. ICANN is targeting completing Initial Evaluation for all applicants by August 2013. To learn more, visit www.GetNewTLDs.com/news.

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Neil Schwartzman writes to report that U.S. Cert issued Alert TA13-088A on Friday March 29, 2013. "It is a solid how-to guide to test for, and remediate DNS configurations that can be used for Distributed Denial of Service attacks."

From the Alert: "While the attacks are difficult to prevent, network operators can implement several possible mitigation strategies. The primary element in the attack that is the focus of an effective long-term solution is the detection and elimination of open recursive DNS resolvers. These systems are typically legitimate DNS servers that have been improperly configured to respond to recursive queries on behalf of any system, rather than restricting recursive responses only to requests from local or authorized clients. By identifying these systems, an organization or network operator can reduce the number of potential resources that the attacker can employ in an attack."

Follow CircleID on Twitter

More under: Cyberattack, DDoS, DNS, DNS Security, Security

In light of the recent submarine cable failures, Doug Madory from Renesys has a detailed report on what has happened to some of the providers in four countries along the route of the cable: Egypt, Saudi Arabia, Pakistan and India.

Madory writes: "It has been a rough few weeks for the global Internet, given numerous submarine cable failures and the largest DDOS attack ever reported. While we're hard-pressed to find evidence of the purported global Internet slowdown due to the DDOS attack, the dramatic impacts of yesterday's SMW4 submarine cable cut were profound. Recent reports that the cable break was the result of sabotage, makes the incident even more intriguing."

Read the full report here.

Follow CircleID on Twitter

More under: Access Providers, Broadband

The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history. A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet. It is having an impact on popular services like Netflix — and experts worry it could escalate to affect banking and email systems.

Read full story: BBC

Follow CircleID on Twitter

More under: Cyberattack, DDoS, Spam

ICANN today launched a database to enable trademark holders register their brands for protection against the upcoming new gTLDs. The Trademark Clearinghouse, according to ICANN, is the only officially authorised solution offering brands a one-stop-foundation for the safeguarding of their trademarks in domain names across the multiple new gTLDs that will go live from summer 2013. The cost of registering a trademark ranges between $95 and $150 a year.

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

The first round of Initial Evaluation results has been released exactly on schedule. On March 23, ICANN announced that 27 out of 30 new gTLD applications reviewed this round passed Initial Evaluation. The remaining three applicants are still marked as in Initial Evaluation. For more details see, '27 Applicants Passed Initial Evaluation in the First Round' via www.GetNewTLDs.com.

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Tallinn Manual on the International Law Applicable to Cyber Warfare
Paperback / ISBN:9781107613775
Publication date: March 2013The newly released handbook applies the practice of international law with respect to electronic warfare. The Tallinn Manual on the International Law Applicable to Cyber Warfare — named for the Estonian capital where it was compiled — was created at the behest of the NATO Co-operative Cyber Defence Centre of Excellence, a NATO think tank. It takes current rules on battlefield behaviour, such as the 1868 St Petersburg Declaration and the 1949 Geneva Convention, to the internet, occasionally in unexpected ways.

"The product of a three-year project by twenty renowned international law scholars and practitioners, the Tallinn Manual identifies the international law applicable to cyber warfare and sets out ninety-five 'black-letter rules' governing such conflicts. It addresses topics including sovereignty, State responsibility, the jus ad bellum, international humanitarian law, and the law of neutrality. An extensive commentary accompanies each rule, which sets forth the rule's basis in treaty and customary law, explains how the group of experts interpreted applicable norms in the cyber context, and outlines any disagreements within the group as to each rule's application."

Related Links:
First cyber war manual released The Age, Mar.20.2013
Tallinn Manual on the International Law Applicable to Cyber Warfare Cambridge University Press

Follow CircleID on Twitter

More under: Cyberattack, Law, Policy & Regulation

Google today announced that its "Public DNS" service is now performing DNSSEC validation. Yunhong Gu, Team Lead for Google Public DNS, in post today wrote:

"We launched Google Public DNS three years ago to help make the Internet faster and more secure.Today, we are taking a major step towards this security goal: we now fully support DNSSEC (Domain Name System Security Extensions) validation on our Google Public DNS resolvers. Previously, we accepted and forwarded DNSSEC-formatted messages but did not perform validation. With this new security feature, we can better protect people from DNS-based attacks and make DNS more secure overall by identifying and rejecting invalid responses from DNSSEC-protected domains."

Follow CircleID on Twitter

More under: DNS, DNS Security, Security

Lucian Constantin reporting from the IDG News Service: "The practice of issuing SSL certificates for internal domain names with unqualified extensions could endanger the privacy and integrity of HTTPS communications for upcoming generic top-level domains (gTLDs), according to a security advisory from the Internet Corporation for Assigned Names and Numbers (ICANN). The advisory was finalized by ICANN's Security and Stability Advisory Committee (SSAC) last week and warns that existing SSL certificates which have been issued for non-public domain names like those used to identify servers inside private networks, could be used to hijack HTTPS traffic for real domain names as new gTLDs become operational. ICANN oversees the Internet's top-level domain name space."

Read full story: Computerworld

Follow CircleID on Twitter

More under: ICANN, Security, Top-Level Domains

According to reports, North Korea has accused the United States for conducting a cyberattack that has disrupted Internet connectivity in the country. "While the details of the cause of the disruption are unknown, we can confirm that in the last two days, North Korea's sole Internet provider has, in fact, suffered from disruptions in connectivity to the global Internet," reports Doug Madory from Renesys.

"North Korea has an extremely small Internet for a country of 24 million people. Not counting the network involved in the recent Pirate Bay hoax, the four networks of North Korea are routed by a single Internet service provider, Star JV (AS131279), which has two international Internet service providers: China Unicom (AS4837) and Intelsat (AS22351). Star began service on 18 November 2010 and gained Intelsat as a provider on 8 April 2012."

UPDATE: Wed 20 Mar 2013 – South Korean authorities have reported that they have been victims of a cyber attack which impacted TV News organizations as well as banking institutions. According to Renesys, at least some of today's incidents escalated to the point of global visibility, as both South and North Koreans networks experienced actual disconnections. Also noted are similar timed outages affecting South Korea's largest natural gas company.

Other sources: (UPDATED Mar 20, 2013 12:04 PM PDT)

Follow CircleID on Twitter

More under: Cyberattack

ICANN has released a set of guidelines to explain its Coordinated Vulnerability Disclosure Reporting. The guidelines serve two purposes, says ICANN: "They define the role ICANN will perform in circumstances where vulnerabilities are reported and ICANN determines that the security, stability or resiliency of the DNS is exploited or threatened. The guidelines also explain how a party, described as a reporter, should disclose information on a vulnerability discovered in a system or network operated by ICANN."

Coordinated Vulnerability Disclosure refers to “a reporting methodology where a party (‘reporter’) privately discloses information relating to a discovered vulnerability to a product vendor or service provider (‘affected party’) and allows the affected party time to investigate the claim, and identify and test a remedy or recourse before coordinating the release of a public disclosure of the vulnerability with the reporter.”

Illustration of a Coordinated Disclosure Process – The roles and relationships of parties typically involved in a coordinated disclosure. Source: ICANN (Click to Enlarge)

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DNS, ICANN, Malware, Security