Domain industry news

The US analyst community has been holding a wake for RIM in the last few days. Henry Blodget has been beating the drum for some time, and now he's been joined by Colin Gillis of BCG, Adnaan Ahmad of Berenberg, and Pierre Ferragu of Bernstein. It's a pile-on that has driven the stock price down from the upper fifties to the mid forties in the last month.

And yeah, RIM's stock price is going to suffer in the short term, not just because of these analyst reports, but because their existing software technology is long-in-the-tooth, to put it politely. With each new Blackberry hitting the market, it's becoming more and more painfully obvious. Blackberry OS is a relic, and needs to be replaced. Developers see this, and are flocking in droves to modern platforms built on OS offerings delivered by Apple and Google.

I wouldn't count them out, though.

RIM's secret weapon is the man I nearly bumped into last week at the Future Shop in North Waterloo, Dan Dodge. Dan was on his way out, deeply focused on the Blackberry in his hand, and I was in a hurry so I didn't stop to chat. In April Dan Dodge sold his company QNX Software Systems to RIM, after a stint as a division of Harman Kardon. For those of you who don't know QNX, it's the bullet proof real time OS that runs high speed trains in Europe, manufacturing systems the world over, and esoteric systems like the space arm on the shuttle. It's a mission critical OS the likes of which Apple, Google, or Microsoft have never been able to produce. And soon, my bet is that it will run on your telephone. QNX is the answer to solving RIM's OS problem.

The biggest potential problem RIM could face, if QNX is the new Blackberry OS, is re-recruiting the software developers who have been faithfully supporting them all these years—corporate IT departments, and application vendors who potentially could be forced to port all of their code to the new OS. But even that's surmountable. After all, Blackberry applications are Java applications, and one ought to be able to simply run the Blackberry JVM as a virtual machine on QNX.

Gillis, Ahmad, Ferragu and Blodget are focused on short term results, which is the reason they're downgrading RIM stock. There's no doubt that RIM is going to suffer in the near future. If they can weather this storm, however, and respond quickly to the threats posed by Apple and Google, then they have a bright future ahead.

Written by Alec Saunders, CEO, iotum

Follow CircleID on Twitter

More under: Mobile

Micorsoft has released a 253 page cybersecurity ebook primarily intended for teens but also serves as a useful resource for adults interested in overall understanding of various Internet security topics. From the book:

"Braden is a typical 14-year-old. Over the past 6 months, he's grown three inches, gained four shoe sizes, and eaten his way through nearly a ton of pizza. He's also unintentionally trashed his family's computer no less than 12 times. First, he down- loaded some cool emoticons to use with his IM messages. Those smiley faces came with embedded adware that overwhelmed him with pop-up ads and slowed down the speed of virtually everything. Then Braden installed a "free" video game that contained a Trojan program that let spammers in Russia take over his computer and use it to forward junk email. A few weeks later, Braden responded to what looked like a legitimate email asking him to confirm his Facebook login information..."

The ebook can be downloaded in full or chapter by chapter: Own Your Space: Keep Yourself and Your Stuff Safe Online

Follow CircleID on Twitter

More under: Cybercrime, Malware, Security, Spam, Web

The .CO top-level domain made over $10 million in just a couple of months. What do the results of the .CO re-launch mean for new gTLDs?

Remember, .CO is the country-code TLD for Colombia. Until this summer, you could only register names under .com.co, .net.co, etc. You couldn't register myname.co. Now anyone in the world can register a .co name, and register it directly under the top level. Remember also that as a country-code TLD, .CO was not constrained by ICANN rules, which means that they were able to (re-) launch their TLD relatively quickly. Even so, their rules and regulations closely hewed to the latest ICANN rules, especially in regard to cybersquatting.

The response to the .CO launch was tremendous. Let's review:

• 11,000 names applied for during the Sunrise Period
• 28,000 names sold during the Landrush Period (closed July 15, 2010)
• Total paid by applicants for Sunrise and Landrush names: over $10 million
• Total .co names registered as of this writing: 440,000

What do these numbers mean for prospective new gTLDs? Obviously, they prove that there are lots of buyers out there if the value proposition is good, and that's a very good sign. There is no indication (quite the opposite, in fact) that people have anything against new TLDs. Quite the opposite, in fact: if it's a good one, they'll flock to it in droves.

But .CO is somewhat of a special case. There are a few things to keep in mind:

First, although cybersquatting of brand names was dealt with aggressively by the talented .CO team, we have to assume that many of the registrations were done in hopes of getting traffic from people who forgot to add the "m" to a .com URL. No new gTLDs will be able to benefit from similar fat-fingered mistakes, because ICANN is running a "similarity test" to make sure that there aren't such confusions. We won't know how much typo traffic there actually is until it comes time to renew the names. Then, speculative traffic names will either be renewed (if they received typo traffic) or will be dropped (if they didn't). So keep an eye on next July for interesting stats.

Second, the .CO team is really good, and did everything right. They hired smart veterans and spent a fair amount of time and money making sure that brand owners and registrars knew what was happening, what the rules were, how and when to apply, etc. This had the virtuous double effect of almost completely eliminating complaints about the process and also maximizing registrations. New TLD applicants, take note.

Third, .CO had the field to itself. When new gTLDs start launching, it will probably be on a rolling schedule, but nonetheless there is likely to be more than one launch at any given time.

These are the factors giving .CO an edge, but this doesn't mean that new gTLDs won't be able to duplicate or surpass their success. Many of these considerations are double-edged swords. The fact that .CO is a misspelling of .COM also means that fewer real sites will get built, fewer names will be renewed, and cybersquatting problems will be relatively larger than in most new gTLDs. The fact that .CO spent a lot of money means that their profit margin is lower.

Every new TLD launch will have specific considerations and circumstances that will both help and hinder its growth. Several new gTLDs, especially geographical names and communities, will have natural constituencies that will fuel registrations. Others will have worldwide appeal. Many will not measure their success in registrations, but instead on service to their communities.

Overall, the .CO launch should make prospective new gTLD applicants very happy indeed. It is a great proof of the market, and it shows (once again) that intelligent branding and marketing will go a long way to making a project a success.

Written by Antony Van Couvering, CEO of Minds + Machines

Follow CircleID on Twitter

More under: Domain Names, Domain Registries, ICANN, Top-Level Domains

Sam Gustin reporting in DailyFanance: "As Apple (AAPL), Amazon (AMZN), Netflix (NFLX) and Google forge ahead with highly publicized new plans to stream high-speed content like movies and TV shows to your living room, smartphone, telecom and cable giants like AT&T, Verizon and Comcast (CMSCA) have been intensely lobbying to maintain control over the broadband pipes they spent billions to build. Comcast is going so far as to buy a rich content factory, NBC Universal, a deal that would create a $35 billion media and delivery juggernaut."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation, Telecom, White Space, Wireless

The National Institute of Standards and Technology (NIST) issued today its first Guidelines for Smart Grid Cyber Security, which includes high-level security requirements, a framework for assessing risks, an evaluation of privacy issues at personal residences, and additional information for businesses and organizations to use as they craft strategies to protect the modernizing power grid from attacks, malicious code, cascading errors, and other threats.

Follow CircleID on Twitter

More under: Cyberattack, Security

After the DNS root zone was finally signed and a number of Top-Level Domains (TLDs) began signing their zones, we were curious to see how many clients actually request DNSSEC information. We looked at the RIPE NCC server that provides secondary service to several country code top-level domains (ccTLDs).

This server answers around 5,000 queries per second on average. In the image below you can see the percentage of those queries that requested DNSSEC information during August 2010:

More than 50% of all queries request DNSSEC information from this server. This is very encouraging and shows that DNSSEC is being deployed.

Here are some guidelines for configuring your caching resolvers to use the root zone DNSSEC key:

BIND: https://dnssec.surfnet.nl/?p=402
Unbound: https://dnssec.surfnet.nl/?p=212

For more details on this topic, please refer to RIPE Labs:
https://labs.ripe.net/Members/dfk/dns-clients-do-request-dnssec-today

Written by Daniel Karrenberg, Chief Scientist at the RIPE NCC

Follow CircleID on Twitter

More under: DNS, DNSSEC, Regional Registries, Security, Top-Level Domains

IPv6 a major catalyst for billions of dollars worth of deals? The Intel announcement of their McAfee purchase for 7.7 billion seems to indicate as much when Dave DeWalt , McAfee CEO is quoted as saying during a conference call; "If we look at the transition from IPv4 to IPv6, we're seeing an explosion of billions of devices and they all need to be secured." Then he continues by saying "The embedded market is a very specific and high-opportunity market for us." His estimate is that the number of connected devices will grow from one billion to 50 billion within 10 years.

In the meantime Baltimore Gas and Electricity (BGE) signed a contract for the provision of IPv6 based smart readers to equip their 1.2 million customers using a 'secure, end-to-end IPv6 platform for BGE to deliver on operational benefits today while also ensuring tomorrow's energy challenges can be met with a scalable and open platform'.

The same day , September 1st, we see Cisco and Itron sign a strategic agreement to 'develop a standards-based, highly secure technology for full IPv6 implementation of field area communications to support smart metering, intelligent distribution automation and interfaces to the customer premise '.

One day later, september 2nd, Cisco announces the purchase of Archrock, a pioneer of IPv6 implementation for sensor network and smart grids , cofounder of IPSO , the alliance promoting IP for small objects, and strong proponent of the IETF 6lowpan recommendation which defines the use of IPv6 for low powered objects.

There is definitely an IPv6 smell in the air these late summer days. 

Written by Yves Poppe, Director, Business Development IP Strategy

Follow CircleID on Twitter

More under: IPv6, Mobile

"The countdown to the saturation of the IPv4 address supply is now down to a matter of months: and along with the vast address space of the next-generation IPv6 architecture comes more built-in network security as well as some new potential security threats. ...its adoption also poses new security issues, everything from distributed denial-of-service (DDoS) attacks to new vulnerabilities in IPv6 to misconfigurations that expose security holes."

Read full story: Dark Reading

Follow CircleID on Twitter

More under: DNSSEC, IP Addressing, IPv6, Security

When a user of a large mail system such as AOL, Yahoo, or Hotmail reports a message as junk or spam, one of the things the system does is to look at the source of the message and see if the source is one that has a feedback loop (FBL) agreement with the mail system. If so, it sends a copy of the message back to the source, so they can take appropriate action, for some version of appropriate. For several years, ARF, Abuse Reporting Format, has been the de-facto standard form that large mail systems use to exchange FBL reports about user mail complaints.

Until now, the only documentation for ARF was a draft spec originally written Yakov Shafranovich (CircleID) in 2005, and occasionally updated originally by him and later by other people including myself. Earlier this year, the IETF chartered a working group called MARF which took that draft, brought the references up to date, stripped out a lot of options that seemed useful five years ago but in practice nobody ever used, and this week it was finally published as RFC 5965.

ARF (or now MARF) is quite simple, a version of the existing Multipart/Report message format that includes information about the report, such as the address of the recipient, descriptive text for a human reader, and a copy of the offending message. Having a standard format for reports, simple though it is, makes them much easier to process. For my tiny system, for example, nearly all of the trickle of reports are about mailing list messages. When a FBL report arrives, an automated script looks at the report and the message, and in the usual case that it's from a mailing list, it creates an unsubscribe request to remove the person from the list. Otherwise, it passes the message along to the human manager so I can decide what, if anything, to do about it. Larger mail systems also use them to collect statistics about their mail-sending customers.

The IETF process works particularly well when it standardizes existing practice, and ARF/MARF is an excellent example of that. The differences between the earlier drafts and the final version make it clearer and more precise, and it's now a proper standard we can cite:

Abuse Reporting Format! Ask for it by name: RFC 5965!

Written by John Levine, Author, Consultant & Speaker

Follow CircleID on Twitter

More under: Email, Spam

Just when you thought making phone calls couldn't get any cheaper, along comes last week's news from Google about their latest iteration of Google Voice. There have been several steps along the way for Google to get to this point, and there are a host of reasons why this news is of interest to service providers of all stripes. I often write about how certain technologies and disruptive forces change the business of being a service provider, and this is but the latest example.

Ever since Vonage came to market, residential carriers have been faced with declining revenues for landline service, which itself is quickly losing ground to wireless substitution. Then Skype came along and brought desktop VoIP to a whole new level of adoption. Along with that came a new value proposition for voice. Whereas Vonage was offering a lower cost monthly plan, Skype was offering free or near free voice, driving the price down to levels that no conventional service provider could sustain.

Google has its own take on voice, which is why this story should be of interest to service providers. Vonage is marketed primarily as a replacement service for POTS, making it a direct competitor to telcos. Nothing complicated there—it's really just a price game, but telcos do have more options to bundle telephony with other things—and of course, even more so for cable operators.

Skype is primarily a Web-based IM/chat service, on top of which they do voice very well, and at low cost to subscribers. As popular as Skype is, their proprietary technology keeps them a bit inside their own sphere. They are still a major threat to telcos, but when positioned a bit differently, they can be a very good complement.

The latest news with Google, though, is something entirely different. Their calling service—Google Voice—is mainly an add-on to Gmail, and works a lot like Skype. As such, it's not a pure telephony service like Vonage, and it's not really built off IM/chat like Skype; it's built around email. Of course, Google has all these other tools, but email is ubiquitous, and Google has been successful building a strong user base here. Gmail binds the user more deeply than IM/chat, making it a great platform for both business and personal usage. I'm not alone in noticing these days that when you get a personal email address as a backup for someone you're working with, more often than not it's a Gmail address.

Google already has GTalk, which supports free online calls between Google users—and is comparable to the free calling Skype users have among themselves. Google Voice is much bolder and is their answer to Skype Out/In, and gives Gmail users a PSTN interface to make calls to the rest of the world. In the short term, this may take a bite out of Skype in that Google Voice calls within the U.S. and Canada will be free until year end (but maybe longer). Longer term - along with Skype - Google Voice is more of a threat to telcos as they accelerate the race to the bottom, bringing the value of a voice call pretty much down to where email is.

Why are they doing this?

In my view, it's not to put the telcos out of business. They're offering domestic PSTN calls for free, in the hopes of subsidizing them by charging two cents a minute for international calls. Fair enough, but I don't see that happening, and Google really doesn't need to make money with this service. Of course, free beats paid any day—so long as the quality is comparable—and I see them making the voice pie bigger, much the way Skype has. The key for me is more about how Google Voice interacts with Gmail. By escalating an email message to a free phone call, users will stay longer in the Google environment, and the ability to transcribe voicemail will certainly appeal to some.

However, I think there's more to the story. Am mentioned, Google is coming from a different place than Skype, who depends almost solely on those Skype In/Out minutes for revenues. VoIP service is not expensive to provide, and Google has spent relatively little to get in the game. I would contend that the vast majority of their Google Voice capability comes from three small acquisitions that cost them maybe $150 million. When you think about the annual Capex budget of any incumbent, this really is pocket change. Going back to 2007, they acquired GrandCentral; last year they acquired Gizmo5, and a few months ago, they added Global IP Solutions. Collectively these companies have given them the pieces to offer a very appealing VoIP-to-PSTN service globally, and if they never make a penny from it, so be it.

As mentioned, free beats paid, and there's no better incentive to get people to use your service. Look how long Vonage has been around, and they barely have two million subscribers. Unlike Skype, Google doesn't have to build its user base from scratch, and it won't take long for them to start logging millions of calls. Just consider what happens when school resumes next month, and students will be falling over each other to make free calls home from those super-retro red UK phone booths that will be popping up on college campuses (and solar powered to boot).

As such, Google Voice will be one more reason to cut the cord, and the race to zero just picked up some speed. Thanks to Gizmo5, Google Voice is SIP-based and works nicely on both softphones and hand-held endpoints. Short term, there will be some cannibalization with Android by competing with voice from data plans, but Google will figure out how to make all these pieces fit. This is actually where the GIPS acquisition comes in, with their ability to support both voice and video over mobile devices, which in turn can make Google Voice a great add-on for businesses.

While Google Voice is primarily an outbound telephony service, I think they'll be able to take free calling beyond the desktop, and that's really what service providers need to be thinking about. Free on the desktop is one thing, but when you push out to mobile devices, things get more complicated. If this isn't enough, I think there's a separate agenda at work here, and it's something I've commented about elsewhere for quite some time.

Google is really interested in the voice business, not to make life difficult to telcos, but as a source of raw material—snippets from voicemail and live calls, if you will—that can be harvested for search. I'm not sure about the regulatory issues around this—and apparently Google has been vague here—but certainly for voicemail, free calls will generate a huge cache of "content" that they can apply speech recognition algorithms to and build an archive of audio-based search prompts. Once those audio cues are transcribed into text, they can become hugely valuable for the next frontier—mobile search. This sounds a bit on the dark side ("do no evil" as we're told), but it's a far better way to monetize voice than charging a few cents a minute or a few dollars a month. When viewed from this lens, Google Voice is a very different business than Skype, Vonage, or any telco for that matter. Disruption comes in many forms, and we're seeing a new one with Google Voice. Don't let the race to zero fool you; I think it's just a side-show compared to what Google really has in mind.

This article of mine originally ran today on my Service Provider Views column on TMCnet.

Written by Jon Arnold, Principal, J Arnold & Associates

Follow CircleID on Twitter

More under: Email, Telecom, VoIP, Web

Reading through Brian Kreb's blog last week, he has an interesting post up on the White House's call upon the industry on how to formulate a plan to stem the flow of illegal pharmaceuticals:

The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.

According to the World Health Organization, approximately 8 percent of the bulk drugs imported into the United States are counterfeit, unapproved, or substandard, and 10 percent of global pharmaceutical commerce—or $21 billion—involves counterfeit drugs. LegitScript.com, a verification service for online pharmacies, is currently tracking more than 45,000 rogue Internet pharmacies.

It is unclear to me whether or not the goal of this initiative is to stem the flow of online crime in general or to reduce the flow of illegal pharmaceuticals flowing into the United States (since presumably this cuts into the profits of large pharmaceutical companies… who would naturally want to see their profit margins increased in return for pledging their support for health care reform that was passed earlier this year). Assuming that the target of this are the online pharmaceuticals, there are a few things I can think of. Unfortunately, a three hour meeting really isn't enough to get this off the ground because it is a series of interconnected events that would need to take place. Anyhow, here's a list of things I'd do:

1. Stopping illegal pharmaceuticals piggy-backs onto stopping illegal <anything> on the 'net. Spammers who advertise illegal software, or fake degrees, or fake enlargement pills, or fake mortgages are all basically doing the same thing. So, any strategy that is aimed at stopping those other things will extend to stopping fake pharmas as well. My point here is that concentrating only on fake pharmaceuticals may exclude strategies that scale to others.
2. Registrars need to get their act in gear. When a website advertising cheap Viagra goes up, somebody somewhere needs to register that site. Whoever registers is needs to do a better job of verification of the identity who registered it. The problem here is that so many of these sites are registered by registrars in foreign countries which is outside the jurisdiction of the US. However, just like in the Wizard of Oz, there's no place like home and the government can pressure domestic ones to do better proactive abuse mitigation.
3. WHOIS protected services are questionable. I don't deny the need for WHOIS-protected services in some cases. However, any time I am looking up a suspicious site and the WHOIS registration is protected, that's pretty much all I need to make the determination that the site is abusive. It doesn't cost much to shield your WHOIS information. If you want to do it, that's fine but there should probably be a stricter set of criteria who shielding your information like this requiring you to jump through a couple of more manual hoops.
4. Crack downs on spammers will go a long ways. One of the chief mechanisms of advertising illegal pharmaceuticals is through the use of spam. We all get it in our inboxes. Of course, there are other avenues of advertisement such as black search engine optimization. However, because it is not particularly difficult to send out a lot of spam and make money off of it, and because there is little chance of repercussion, spammers continue to do it. If law enforcement had more resources dedicated to prosecuting spammers such that it became more de-incentivized, then the supply part of the equation would start to dry up. In other words, putting spammers in prison will help in this regards, and this requires a prioritization of law enforcement resources. Whether or not they are willing to divert resources from one area of law enforcement to another is an open question.
5. Perhaps walled gardens are a good idea. In Australia, some ISPs kick infected computers off of their network if the ISP can detect that the machine connecting to it is infected with malware. Or, they redirect them to a sandbox and alert the user that they cannot continue until they clean their system. If more ISPs made this a policy, then maybe we'd have less malware abuse flowing back and forth in cyber space. I don't think I'd want government to enforce this, but perhaps ISPs might be willing to voluntarily comply with this.

This is a small list of things that could be done but by no means it is exhaustive. Running up-to-date software is a good idea, and so is running the latest patched version of one's software. What other ideas do you have to cut down on the flow of illegal online pharmaceuticals?

Written by Terry Zink, Program Manager

Follow CircleID on Twitter

More under: Cybercrime, Domain Names, Domain Registries, ICANN, Internet Governance, Spam, Whois

Time flies. Although it was over 18 months ago, it seems just like yesterday that a small Czech provider, SuproNet, caused global Internet mayhem by making a perfectly valid (but extremely long) routing announcement. Since Internet routing is trust-based, within seconds every router in the world saw this announcement and tried to pass it on. Unfortunately, due to the size of this single message, quite a few routers choked—resulting in widespread Internet instability. Today, over a year later, we were treated to a somewhat different version of the exact same story.

First, let's review the Czech incident from February 2009. There were many positives to take away.

• It was precipitated by an honest mistake.
• It was an extremely unlikely event, as many stars had to be in exact alignment.
• Most of the Internet's core survived.
• The response from operators was fast and efficient, with the damage largely contained within an hour.

The complete technical details can be found here.

Deja vu all over again

Fast forward to today: Friday, 27 August 2010. What do you think would happen if another large and unusual routing announcement was made on the Internet? Do you think all the router vendors have perfected their code in the past 18 months? Do you think the entire planet has upgraded to this new, improved and perfect code base? Do you think it makes sense to use the Internet as your testbed? I doubt you answered "yes" to any of these questions.

We'll begin to describe what happened today with a snippet from a private mailing list. We'll purposely leave out the technical details so that we don't inadvertently contribute to the building of a Cybernuke.

On Friday 27 August, from 08:41 to 09:08 UTC, the RIPE NCC Routing Information Service (RIS) announced a route with an experimental BGP attribute. During this announcement, some Internet Service Providers reported problems with their networking infrastructure.

Immediately after discovering this, we stopped the announcement and started investigating the problem. Our investigation has shown that the problem was likely to have been caused by certain router types incorrectly modifying the experimental attribute and then further announcing the malformed route to their peers. The announcements sent out by the RIS were correct and complied to all standards.

Um, while standards compliance is nice, it is foolhardy to assume that all BGP implementations are perfectly compliant, especially given recent history. Over 3,500 prefixes (announced blocks of IP addresses) became unstable at the exact moment this "experiment" started. Not surprisingly, they were located all over the world: 832 in the US, 336 in Russia, 277 in Argentina, 256 in Romania and so forth. We saw over 60 countries impacted by a "correct" announcement that "complied with all standards". The following graph shows the timeline of the event, followed by a map of the impacted countries by prefix count. Notice that it takes a bit for the Internet to stabilize after RIPE claims to have withdrawn the announcement at 09:08 UTC.

Conclusions

On the positive side, the incident was very brief, the damage was limited to under 2% of the Internet and the responsible parties quickly fessed up, aborting their "experiment". On the negative side, the Internet remains a very fragile place, even if that fragility is highly localized and different in different places. Standards aren't followed, code isn't tested and people make mistakes. That's life with any complex system and, while we can certainly do a better job, we will continue to see these types of events no matter what safeguards we might take. What puzzles me is how anyone thought it might be a good idea to test fate in this way. The end result was completely predictable.

Written by Earl Zmijewski, VP and General Manager, Internet Data Services

Follow CircleID on Twitter

More under: Internet Protocol, Security

Time flies. Although it was over 18 months ago, it seems just like yesterday that a small Czech provider, SuproNet, caused global Internet mayhem by making a perfectly valid (but extremely long) routing announcement. Since Internet routing is trust-based, within seconds every router in the world saw this announcement and tried to pass it on. Unfortunately, due to the size of this single message, quite a few routers choked—resulting in widespread Internet instability. Today, over a year later, we were treated to a somewhat different version of the exact same story.

First, let's review the Czech incident from February 2009. There were many positives to take away.

• It was precipitated by an honest mistake.
• It was an extremely unlikely event, as many stars had to be in exact alignment.
• Most of the Internet's core survived.
• The response from operators was fast and efficient, with the damage largely contained within an hour.

The complete technical details can be found here.

Deja vu all over again

Fast forward to today: Friday, 27 August 2010. What do you think would happen if another large and unusual routing announcement was made on the Internet? Do you think all the router vendors have perfected their code in the past 18 months? Do you think the entire planet has upgraded to this new, improved and perfect code base? Do you think it makes sense to use the Internet as your testbed? I doubt you answered "yes" to any of these questions.

We'll begin to describe what happened today with a snippet from a private mailing list. We'll purposely leave out the technical details so that we don't inadvertently contribute to the building of a Cybernuke.

On Friday 27 August, from 08:41 to 09:08 UTC, the RIPE NCC Routing Information Service (RIS) announced a route with an experimental BGP attribute. During this announcement, some Internet Service Providers reported problems with their networking infrastructure.

Immediately after discovering this, we stopped the announcement and started investigating the problem. Our investigation has shown that the problem was likely to have been caused by certain router types incorrectly modifying the experimental attribute and then further announcing the malformed route to their peers. The announcements sent out by the RIS were correct and complied to all standards.

Um, while standards compliance is nice, it is foolhardy to assume that all BGP implementations are perfectly compliant, especially given recent history. Over 3,500 prefixes (announced blocks of IP addresses) became unstable at the exact moment this "experiment" started. Not surprisingly, they were located all over the world: 832 in the US, 336 in Russia, 277 in Argentina, 256 in Romania and so forth. We saw over 60 countries impacted by a "correct" announcement that "complied with all standards". The following graph shows the timeline of the event, followed by a map of the impacted countries by prefix count. Notice that it takes a bit for the Internet to stabilize after RIPE claims to have withdrawn the announcement at 09:08 UTC.

Conclusions

On the positive side, the incident was very brief, the damage was limited to under 2% of the Internet and the responsible parties quickly fessed up, aborting their "experiment". On the negative side, the Internet remains a very fragile place, even if that fragility is highly localized and different in different places. Standards aren't followed, code isn't tested and people make mistakes. That's life with any complex system and, while we can certainly do a better job, we will continue to see these types of events no matter what safeguards we might take. What puzzles me is how anyone thought it might be a good idea to test fate in this way. The end result was completely predictable.

Written by Earl Zmijewski, VP and General Manager, Internet Data Services

Follow CircleID on Twitter

More under: Internet Protocol, Security

Brian Krebs reporting in Krebs on Secruity: "The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications..."

Follow CircleID on Twitter

More under: Cybercrime, Domain Names, Domain Registries, ICANN, Internet Governance

Brian Krebs reporting in Krebs on Secruity: "The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications..."

Follow CircleID on Twitter

More under: Cybercrime, Domain Names, Domain Registries, ICANN, Internet Governance

New gTLDs continue to be a major topic of discussion within ICANN circles, and the regional meeting currently underway in Tokyo has revealed some interesting updates for potential applicants.

ICANN's Chief gTLD Registry Liaison, Craig Schwartz, delivered a great presentation on the progress being made behind closed doors at ICANN and provided the attendees with an insight into a couple of key changes that are likely to be seen in the Final Applicant Guidebook. As many of our readers would be aware, we have been waiting in anticipation for the new gTLD Final Applicant Guidebook to be approved at a previously unconfirmed meeting of the ICANN Board. The date for this meeting was today announced as September 10th.

Like many others in the industry, we'll be actively watching for the outcomes of this Board retreat where the focus will be on the new gTLD program's remaining unresolved issues. In particular, the Board's willingness to address the complicated Vertical Integration topic (given the inability of the VI Working Group to reach consensus) will be of interest to the many applicants likely to be affected by the outcome.

On another interesting note, one very important topic that has been flying under the radar is Registry Transition, namely the current requirement for new gTLD applicants to provide both a backup Registry Services organisation and a financial instrument sufficient to guarantee a minimum of three years of Registry operations in the event of the TLD owner being unable to operate it.

Obtaining a backup Registry Services provider is not particularly difficult. However, for many potential applicants (in particular smaller community-based applicants) the requirement to obtain a letter of credit from a financial organisation is an enormous burden and a significant additional cost.

Acknowledging this today and noting that the protection of the Registrant is paramount to this process, Schwartz said that ICANN had invested significant time and will further expand the recent concept of Emergency Backend Registry Operator (and yet another acronym, EBERO) whereby qualified applicants (i.e. Existing Registry Operators) could tender to ICANN to provide 'temporary' Registry Services in the event of critical failure of the Registry Operator to operate the gTLD.

This is a great initiative and should be welcomed by the community for two key reasons:

a) It has the potential to remove the requirement to name a pre-organised backup Registry Service.

b) It has the potential to reduce the level of financial guarantee to ICANN from applicants.

Other interesting points worthy of note from yesterday's session:

• Communications Plan – This is being worked on by ICANN currently but won't be rolled out until the Final Applicant Guidebook is approved, almost guaranteeing that the earliest date for applications will be March or April 2011
• DAGv4 Summary of Analysis – This won't be released to the public until after the Board's retreat, which is a surprise given that the public comment finished quite some time ago
• IDN ccTLD Fast Track – ICANN have 33 applicants, representing 22 languages, currently under review as this program continues to drive the expansion of the internet across the globe

All in all, these small yet important pieces of information represent yet another positive step forward in the new gTLD process. I for one can't wait to see what the next few months will bring.

Click here if you want to see the presentations from the Tokyo meeting as provided by ICANN.

Written by Tony Kirsch, Senior Manager - International Business Development, AusRegistry International

Follow CircleID on Twitter

More under: Domain Names, Domain Registries, ICANN, Multilinguism, Top-Level Domains

New gTLDs continue to be a major topic of discussion within ICANN circles, and the regional meeting currently underway in Tokyo has revealed some interesting updates for potential applicants.

ICANN's Chief gTLD Registry Liaison, Craig Schwartz, delivered a great presentation on the progress being made behind closed doors at ICANN and provided the attendees with an insight into a couple of key changes that are likely to be seen in the Final Applicant Guidebook. As many of our readers would be aware, we have been waiting in anticipation for the new gTLD Final Applicant Guidebook to be approved at a previously unconfirmed meeting of the ICANN Board. The date for this meeting was today announced as September 10th.

Like many others in the industry, we'll be actively watching for the outcomes of this Board retreat where the focus will be on the new gTLD program's remaining unresolved issues. In particular, the Board's willingness to address the complicated Vertical Integration topic (given the inability of the VI Working Group to reach consensus) will be of interest to the many applicants likely to be affected by the outcome.

On another interesting note, one very important topic that has been flying under the radar is Registry Transition, namely the current requirement for new gTLD applicants to provide both a backup Registry Services organisation and a financial instrument sufficient to guarantee a minimum of three years of Registry operations in the event of the TLD owner being unable to operate it.

Obtaining a backup Registry Services provider is not particularly difficult. However, for many potential applicants (in particular smaller community-based applicants) the requirement to obtain a letter of credit from a financial organisation is an enormous burden and a significant additional cost.

Acknowledging this today and noting that the protection of the Registrant is paramount to this process, Schwartz said that ICANN had invested significant time and will further expand the recent concept of Emergency Backend Registry Operator (and yet another acronym, EBERO) whereby qualified applicants (i.e. Existing Registry Operators) could tender to ICANN to provide 'temporary' Registry Services in the event of critical failure of the Registry Operator to operate the gTLD.

This is a great initiative and should be welcomed by the community for two key reasons:

a) It has the potential to remove the requirement to name a pre-organised backup Registry Service.

b) It has the potential to reduce the level of financial guarantee to ICANN from applicants.

Other interesting points worthy of note from yesterday's session:

• Communications Plan – This is being worked on by ICANN currently but won't be rolled out until the Final Applicant Guidebook is approved, almost guaranteeing that the earliest date for applications will be March or April 2011
• DAGv4 Summary of Analysis – This won't be released to the public until after the Board's retreat, which is a surprise given that the public comment finished quite some time ago
• IDN ccTLD Fast Track – ICANN have 33 applicants, representing 22 languages, currently under review as this program continues to drive the expansion of the internet across the globe

All in all, these small yet important pieces of information represent yet another positive step forward in the new gTLD process. I for one can't wait to see what the next few months will bring.

Click here if you want to see the presentations from the Tokyo meeting as provided by ICANN.

Written by Tony Kirsch, Senior Manager - International Business Development, AusRegistry International

Follow CircleID on Twitter

More under: Domain Names, Domain Registries, ICANN, Multilinguism, Top-Level Domains

Eric Vyncke reporting in the NetworkWorld: "IPv6 exists for more than 15 years and it is rumored to be deployed extensively in Asia and especially in Japan and China with Africa being the last continent to deploy IPv6. Another place where there should be a lot of deployments is of course in the USA with the US Government IPv6 mandates. But, when it comes to measure where web sites are actually deployed over IPv6, the rumor proves to be just a myth..."

Follow CircleID on Twitter

More under: IPv6

Eric Vyncke reporting in the NetworkWorld: "IPv6 exists for more than 15 years and it is rumored to be deployed extensively in Asia and especially in Japan and China with Africa being the last continent to deploy IPv6. Another place where there should be a lot of deployments is of course in the USA with the US Government IPv6 mandates. But, when it comes to measure where web sites are actually deployed over IPv6, the rumor proves to be just a myth..."

Follow CircleID on Twitter

More under: IPv6

Yesterday CommunityDNS noticed a sudden, heavy spike in traffic through its Anycast node in Hong Kong. While comfortably processing queries at 863,000 queries per second for close to 2 hours the occurrence was undeniable. While we can't say the increase in traffic was specifically due to DDoS, its sudden increase is suspicious and reminds us that DDoS is still a popular tool used by the malicious community.

DoS and DDoS attacks are happening throughout each day. Just as UltraDNS was twice regionally impacted in 2009 by DDoS traffic, Register.com with close to a 3 day outage in 2009, and DNS Made Easy, the recent target creating close to a 1.5 hour outage for its users earlier this month, we (enterprise, ISPs, hosting firms, registrars and DNS providers) are not all immune to such malicious antics. While all queries appeared legitimate in yesterday's spike, there is no reason to believe CommunityDNS was the intended target for the sudden increase in traffic. However, it still raises the issue of the impact such malicious activity can have on the general user base as well as online economy.

Last year and earlier this year CommunityDNS worked on a study developed for the EU Commission's office of Directorate-General for Justice, Freedom and Security, regarding the resilience of the DNS for the EU and its member states. The study pointed out the affects such malicious activity has on the confidence of legitimate Internet users. Such affects erode confidence, thus the EU's online economy not able to reach its full potential. The same concept would apply to any online economy. The study also noted how "suspicious" traffic appeared more elevated in some European cities over others. A recent Forrester survey indicated organizations experienced more than 350,000 DDoS attacks in 2009. Another study, from Arbor Networks, yielded a statistic of approximately 3% of the Internet's traffic is tied to DDoS, or roughly 1,300 attacks each day.

So as the Internet marches on with the needed ramp up of DNSSEC, the rollout of IDNs and eventually the addition of new gTLDs, the malicious community continues their global activity. Such activity should make us all question, "Are we doing the best we can to ensure maximum resilience for Internet users and online economies?" The best way to ensure maximum resilience for users, businesses and the general online economy is through platform diversity. Where one has an open source-based DNS platform, a non-open source-based platform should be used. A mix of hardware platforms, upon which the open source and non-open source DNS software operates, is also necessary as the hacker community has more tricks up their sleeve than DDoS attacks. Adding hardware and software diversity into an infrastructure with strong security, ample capacity and scalability is the strongest method for ensuring maximum resilience to the DNS.

Written by Chuck Kisselburg, Director, Strategic Partnerships

Follow CircleID on Twitter

More under: Cybercrime, DNS, DNSSEC, Security