On Sunday, 24 February 2008, in what was apparently a politically directed attempt to block YouTube, Pakistan Telecom started an unauthorized announcement of the prefix 208.65.153.0/24 – a YouTube IP – to divert local traffic away from the site. One of Pakistan Telecom’s upstream providers, PCCW Global forwarded this announcement to the rest of the Internet, which resulted in the hijacking of YouTube traffic on a global scale. The RIPE NCC Routing Information Service has published a detailed study on how this came to pass. Continue reading
security
ISOC Initiatives 2008-2010
At the December 2007 Board of Trustees meeting held in Vancouver, ISOC presented plans for 2008 to 2010. Key to those plans were a series of new, longer term, more strategic activities which will replace the traditional ‘pillar’ model describing activities in Standards, Public Policy, and Education. The new initiatives will focus on ‘Enabling Access‘, ‘InterNetWorks‘, ‘Trust & Identity‘ and ‘Standards & Technology‘. Continue reading
Mozilla Labs starts new project for deeper integration with online services
Chris Beard of Mozilla Labs announced a new project for “deeper integration of the browser with online services.” The goals include:
- provide a basic set of optional Mozilla-hosted online services
- ensure that it is easy for people to set up their own services with freely available open standards-based tools
- provide users with the ability to fully control and customize their online experience, including whether and how their data should be shared with their family, their friends, and third-parties
- respect individual privacy (e.g. client-side encryption by default with the ability to delegate access rights)
- leverage existing open standards and propose new ones as needed
- build a extensible architecture like Firefox
This is an exciting and very necessary development for Mozilla. As personal data storage is moved from the desktop to the Net, client-side encryption is essential for privacy and security. It is inevitable that the companies offering web apps will suffer a shakeout and some will fold. And security breaches are a fact of online life.
I’m looking forward to integrating this into the ISubuntu project.
Fortune: Online chat ‘assistant’ may not be real
Fortune reports on chatbots used in online stores to talk potential customers out of abandoning their virtual shopping carts. “…A startup called UpSellit is … using live chat to act as a sales assistant …. but here’s UpSellit’s twist: That person on the other end of the live chat box isn’t a person at all. You’re chatting with software that’s designed to fool you into thinking it’s a person.” Clearly another step blurring the real and virtual that raises a few ethical and possibly legal questions. How would knowing that you’re talking to a bot change your attitude or behavior? What if you thought you were talking to a bot but it turned out be a real human being?
ITU botnet toolkit
The ITU botnet toolkit is an ITU-D effort to bring together different groups, different sets of best practices and different existing efforts in botnet mitigation and general spam / cybersecurity work that focuses on botnet mitigation, and create a practical implementation of these focused on developing countries. Continue reading
MPAA University ‘Toolkit’ Raises Privacy Concerns
 An Washington Post article by Brian Krebs details a new piece of spyware that the MPAA are trying to foist on universities. Krebs had the ‘University Toolkit’ tested by security experts and concludes that it is full of holes that could allow third parties to view the gathered information. Continue reading
DNS Server Survey Reveals Mixed Security Picture
A new survey on the state of DNS, commissioned by infrastructure appliance vendor Infoblox, found that the use of Windows DNS Server in Internet-facing applications has fallen off dramatically as more users act on concerns about security. BIND 9, the latest version, gained against earlier, less secure versions. Continue reading