Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Security firm chokes sprawling spam botnet

The efforts of a research firm took down a botnet responsible for 33% of the world’s spam.

The attack was multipronged. First the security firm reported abuses to ISPs regarding certain IP addresses. Secondly, the firm worked with registrars to deactivate registered names. Third, the firm registered backup domains that were not used, and fourth, the botnet was able to generate random domains based on a specific algorithm. The firm understood the algorithm and registered names possibly generated by this algorithm.

The effect was a botnet that had no where to turn. Now the individual bots have been orphaned and the security firm is working with the ISPs to notify the computer owners whose computers were once members of the botnet.

Click here for more information.

MassMutual Warns of Data Breach

Employee and customer data for MassMutual could have been compromised. Data handled by a third party provider was breached.

Click here for more information.

Majority of Web Apps Have Severe Vulnerabilities

A recent report indicates that close to 9 out of 10 web applications could lead to information exposure due to flaws as 87% of the Web applications analyzed had serious vulnerabilities.

60% of Internet-based attacks targeted Web applications. 90% of web vulnerabilities rested with commercial Web applications while 8% rested with browser-run applications.

25% of the attacks were SQL Injection-based with 17% of the attacks being attributed to Cross Site Scripting

Click here for more information.

No Rush to Adopt Domain Names Written in Chinese in China

While ICANN has opened the gates for IDNs to begin in certain countries, China being one of them, it appears there is no great rush to acquire the Chinese equivalent of the currently used Latin character set.

In many cases Chinese organizations have reduced the number of characters to make it easier for Chinese to type in the URL. For example “Tenchnt” is known as “qq.com” for its users. Another company has used “163.com” as the URL for its brand name as companies often associate numbers with their brands.

In one case where someone has already grabbed the Chinese equivalent to one company’s name, the head of the company would like to purchase the name, but feels having it owned by another party would not create any harm to their existing brand.

While the Chinese character sets will aid Internet usage for the older population, the majority of China’s Internet population is already used to the current method of using the Internet.

Click here for more information.

By Arlene Paredes

Seoul, South Korea – ICANN meeting participants from all over the world, notably from Asian countries, gathered on Thursday to offer and listen to public comments on different issues that ICANN has been discussing in its 36^th meeting.

The public forum, traditionally done on Thursdays, is ICANN’s way of reaching out to the community and providing an opportunity for both the stakeholders and the ICANN board to sit down together and have an interactive discussion.

The international community raised comments on the fast track process for IDNs, in which some countries and territories may have their own IDN ccTLD operational even before the guidelines for IDNs are fully laid out. Chairman Peter Dengate Thrush explained, “(The process) is called a fast track, because a very small number of countries, proportionately, in relation to the total number of countries have been put into a fast track (providing that) they have been able to satisfy us that there is no doubt about the name of the country, the representation of the name of that country in a script used in that country. And those are being allowed to go forward before the full policy development for IDN ccTLDs has been finalized.” He added, “(The) current predictions are, from the survey that’s been done, that less than 30 of the approximately 240 country codes will be going down that fast track.” This
means
that some countries will be using non-English characters in their full Internet addresses soon.

Meanwhile, the limelight also shone on IDN gTLDs as a participant from China, Zhen Cai, spoke up. “Most of the netizens in China cannot remember the frequent Web sites such as dot gov, dot info.  This somehow affected our popularizing of these Web sites, though there are many long domain names, it’s hard to remember.” More on IDN gTLDs from Dongbum Lee from the host city, Seoul, Korea: I’m the CEO of a small business here in Seoul.  While our site is in Hangul, our address on the Internet is not.  We look forward to the day when our customers do not need to switch to English to find us on the Internet. We also want potential customers to find us using other languages and scripts such as Chinese and Japanese.”

It is worth mentioning that Netpia, a Seoul-based company has been making it possible for non-English users to type Internet addresses in their own language, one country or one territory at a time, through a service called the Native Language Internet Address (NLIA). Another Asian, Hiro Katsu Ohigashi, from Japan, pointed out: “I kept hearing from people in many countries about interest in new gTLD program.  I’d like to inform you that there are a lot of people in Asia who is interested in this opportunity. And they are looking at this opportunity to introduce culture and business and build their identities in the entire world through Internet.”

As the entire Internet community watches ICANN move forward from its ties with the US government, and on to its new gTLD and IDNs plans, it cannot be denied that there will be more changes in the coming months and the Internet will keep evolving with its users’ choices.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Net set for ‘language shake-up’

Since 2008 ICANN approved the allowance of names written in non-Latin/ASCII character sets. If approved by the body on October 30 the first applications for Internationalized Domain Names (IDNs) will be accepted by November 16. The first IDNs could therefore be up and running by mid 2010.

Click here for more information.

Mobile Broadband Operators Heading for Capacity Crisis

A recent study states that Internet traffic via mobile Internet devices will rise 25 times by 2012, yet for the same time period revenue for operators is expected to increase by a factor of 2. This illustrates that the cost for providing mobile broadband capacity is still high.

Comment: This illustrates the strong arguments providers are making towards the US’ FCC regarding Net neutrality. Providers are saying Net neutrality is OK for traditional ISP networks, but argue strongly against Net neutrality rules being levied upon wireless networks.

Click here for more information.

Developing countries must boost broadband: UN

Lack of broadband infrastructure means developing countries are missing out on information technology benefits. Missing, or limited broadband infrastructure means loss of the development of offshore companies that may be used to help with the respective country’s economy.

Also lost are advantages people may have with the use of mobile phones. With lower access to broadband people are working to take advantage of what applications can be accessed via cell phones as in Africa the number of mobile subscribers outpaces fixed line subscribers by a factor of 20.

In developed countries people are 200% times more likely to have broadband access than in lesser developed countries. Also, in lesser develop countries broadband can be very expensive. For example, in Africa’s Burkina Faso, Central African Republic and Swaziland, broadband runs $1,300 per month while the monthly charge in Egypt and Tunisia is only $13.

The report came from the UN conference on Trade and Development.

Click here for more information.

Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

Researchers have been studying the vulnerability of Internet accessible devices where default passwords have not been changed and are still in place.

Out of 130,000,000 IP addresses scanned, nearly 300,000 devices had administrative interfaces that could be remotely accessed via the Internet. Of those 300,000 devices 21,000 still used default passwords. Even if default passwords had been changed cyber criminals could still determine passwords through brute force of cracking passwords. With that said, through extrapolation it is believed that 6,000,000 devices on the Internet are vulnerable.

Cybercriminals could access such devices to conduct click fraud, DNS cache poisoning or launch attacks on other systems.

Click here for more information.

500,000 job hunter details exposed in Guardian hack

Hackers launched an attack on The Guardian’s Jobs website and made off with information from 500,000 people who had posted their resumes on the organization’s jobs website. The hack was stopped midway through, but what was exposed on the various resumes or CVs were names, email addresses, cover letters and the resumes themselves.

Click here for more information.

Gift Cards Convenient And Easy To Hack

As with credit and debit cards, gift cards are a form of currency and are thus subject to cybercrime, as noted in recent research.

Cybercriminals can “sniff” the information through a scanner directly in the checkout line and then cloned and used against the retailer’s hacked web-based gift card application.

Cybercriminals can also clone unused gift cards. This occurs by cybercriminals taking unactivated cards, cloning the cards and placing the cards back on the rack for display. Once the card is purchased and activated the cybercriminal has access to the account.

The SQL injection flaw is also another method cybercriminals may use to hack web-based gift card applications to obtain information.

Recommendation is to begin utilizing same encryption standards being studied for the credit and debit card providers and processors.

Click here for more information.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Scaling the Root

An independent, third party organization was selected to analyze the impact of scaling the root in order to meet future needs currently on the horizon.

Currently the root zone is relatively small and changes slowly. This is expected to change with the support of DNSSEC, the addition of IDNs, support for IPv6 and the addition of new TLDs.

As a result of the study it is found DNSSEC will have the largest impact to the root zone and is suggested that DNSSEC be added prior to the addition of IDNs, IPv6 and new TLDs. While the addition of new TLDs will have an increased entry of 1 per new TLD, the implementation of DNSSEC results in a increase of the root zone data by 4.

Another way of looking at impact of changes is:

• New TLDs and IDNs will increase the number of TLD entries in the root zone.

• New TLDs, DNSSEC, IPv6 and IDNs will, in their own right, will increase the size of the root file.

• DNSSEC, IDNs and IPv6 will increase the amount of data required for each TLD.

• DNSSEC and IPv6 will increase the number of variables per TLD.

• DNSSEC and IPv6 will increase the number of changes per TLD per year.

Click here for more information.

Security Just Got A Lot More Complicated

Remaining undiscovered for more than a year, security researchers stumbled across an new form of malicious software. Known as Induc, this innovative piece of malware performs its nasty business through the use of a compiler. Induc infects compiled code while leaving a program’s source code alone. So while the source code looks fine the malware resides in the unreadable compiled code. Induc currently operates upon Delphi, versions 4.0 to 7.0. What makes this harmful is the malicious code can reside in complied code that has been digitally signed since the source code has remained untouched.

Click here for more information.

Facebook app flaws create Trojan download risk

A Romanian hacker has discovered Facebook applications that have cross-site scripting vulnerabilities. Five applications developed by Newscloud have been discovered to have the vulnerability. At this point access to the five applications have been blocked by Newscloud.

Click here for more information.

FCC chairman proposes Net neutrality rules

Net neutrality is, “…not about government regulation of the Internet. It’s about fair rules of the road for companies that control access to the Internet” says FCC Chairman, Julius Genachowski.

October is the expected timeframe for when an FCC panel will vote on adopting general guidelines into official commission rules.

The six principles that may be turned into official commission rules are:

1. “Accessing content. The first rule states that consumers should not be limited in the content they choose to view online, as long as it’s legal.”
2. “Using applications. Internet users should be able to run any application they want as long as they don’t exceed service plan limitations or harm the provider’s network. ”
3. “Attaching personal devices. Consumers should be permitted to connect products they buy to their Internet connection, as long as the devices operate within the service plan and do not harm the network or enable theft of service. ”
4. “Obtaining service plan information. Customers should be able to easily review their options when buying Internet service plans and learn about how those plans protect against spyware and other invasions of privacy. ”
5. “New rule: Non-discrimination. Internet providers would be prohibited from selectively blocking or slowing Web content or applications. ”
6. “New rule: Transparency. Providers would be required to make their network management practices clear and available to consumers. ”

Click here for more information.

Tech Insight: How To Make Business Partner Security Work

In a study of 500 data breaches over the last 4 years, 57% involved partner networks used by an external attacker. Understanding what data partners need to have access to and at what times can allow access to be tightened, thus mitigating damage due to data breaches.

Click here for more information.

Following on the Network Solutions story about domain stealing or “front running“, I’d like to share a recent story of my own. I am currently learning to speak Russian, so I decided to check out a few Russian IDNs under the .com extension for availability. I found one which I was amazed to learn that was available: невест.com (google translation: Brides.com)

I began the process to register it at GoDaddy, but decided to come back to it later after I had asked a Russian friend of mine if it was the correct and most popular translation for “brides”. Today, I went back to check the availability and невест.com was registered on December 27th, 2007 to a person who’s name doesn’t appear even once under a Google search. I called the listed phone and it is “Temporarily Disconnected”.

Coincidentally, the address listed for the domain registration is 26 minutes from GoDaddy’s headquarters.

It was best not to register the name, because as my Russian friend clarified, the correct translation is невеста, ending “a” and невесты is the plural form. Both of the correct translations were registered a few years ago.

To continue with the tradition of those who like to make predictions for the New Year, I have recovered an old crystal ball which has shown me the following Internet changes coming for the year 2008:

1. Big search engines will update their algorithm to favor country code top level domains (ccTLDs) in local search related queries.
2. As a result, in part,  of number 1 prices and liquidity of ccTLDs will rise.
3. .mobi will continue to gain momentum, even though I have opposing feelings about this extension.
4. People will learn to understand the importance of IDNs and the value of these will rise – specifically for one word IDNs under the corresponding ccTLD or under the .com and .org.
5. Thousands of wannabe land rushers will flock to try and get a piece of China’s Internet population – and like in the West, most will fail.
6. General Internet users will be more knowledgeable of the Internet and search – reducing Type-in traffic for common words under the .com extension.
7. Many successful Internet ventures will start as tools built for users within Social networks, and no longer start from a single proprietary website.
8. A top Internet executive will be arrested.

Hey, don’t argue with me. This is what the crystal ball showed me, and it was very dusty.

May this New Year bring much love and happiness to all.

HAPPY NEW YEAR!

Les noms de domaines internationaux proposant des caractères spéciaux dans l’URL ont eu un bon succès sur le Net. voir des exemples sur Google

L’intérêt de l’utilisation de ces domaines a promis un bon positionnement sur des mots clés qui comportent des caractères complexes mais elle n’était pas assez convaincante.

Suite à une audience récente, on a bien appris que la plupart des internautes se posent des ennuis en saisissant une URL contenant un accent ou un Umlaut.

De plus, une autre audience explique bien que même sur les moteurs de recherche la plupart des internautes n’utilisent pas des mots clés accentués.

Sur Google par exemple :

Ils ne profitent pas d’un bon positionnement et c’est rare de tomber sur un site pareil !!! Pourquoi ? Parce que Google traite les caractères accentués comme similaires à ceux qui ne le sont pas (essayez référencement et faites attentions aux termes en gras).

L’ICANN vient de mettre en disposition de nouvelles formes internationales, pour quelques langues à caractères complexes, qui nous permetteront de choisir un nom de domaine du type :

Pourque ça devienne bénéfique, il faut que les moteurs de recherche tiennent en compte des nouvelles redirections et que les nouveaux navigateurs soient capables de lire ces nouvelles formes !

ICANN Marrakech There will be much to discuss at ICANN's Marrakech meeting which kicks off this Saturday, but one question rises about all others: what will happen to the internet on 30 September 2006?

ICANN has its own agenda to discuss, but that agenda and what people actually want to discuss are a little different. As is the fundamental issue that everyone at that meeting should be talking about. This is our account of what is likely to happen, why, and what it all means.

Will the internet die in September?

Recently got up some Japanese and Korean IDN websites up and running. Nothing special but a start. These are adult in nature so don’t visit if you’re under 18 or you’re at work .

ヌード – Japanese Nude.net
エロ – Japanese Ero.tv (Erotic.tv)
エロアニメ – Japanese EroAnime.tv or Hentai.tv
アダルト ビデオ – Japanese AdultVideo.tv

섹스 – Korean Sex.tv
성인 – Korean Adult.tv

Hebrew IDN Website
מבוגרים – Adults.com
דומינה – Domina.com

English Websites (just for completeness)
xxxrated
videoporn
Naked
Hybrid Cars

401kIf your interested, check them out. If you have a website of your own and would like to do a link exchange with any of my sites. Please send me an email