Close to 3,000 memory cards in HTC Magic phones may be infected with malware after initial assumption by the company, Vodafone, that it was an isolated incident when first discovered by a customer. "It is unclear how the batch of memory cards became infected and an investigation is under way, said a spokesman for Vodafone in Spain. There are no problems with either the HTC Magic phone or its Android OS. The malware only affected phones sold in Spain."

Read full story: Computerworld

Follow CircleID on Twitter

More under: Malware, Security

Egypt has banned international calls via mobile internet connections in a apparent reaction to a drop in international call volumes made through country's landline monopoly Telecom Egypt. "The ban is on Skype on mobile internet, not on fixed, and this is due to the fact it is against the law since it bypasses the legal gateway," said Amr Badawy, the executive president of the National Telecommunication Regulatory Authority (NTRA).

Read full story: Reuters

Follow CircleID on Twitter

More under: Mobile, Policy & Regulation, Telecom

Federal regulators on Tuesday made public the details of their ambitious policy to encourage the spread of high-speed Internet access. But their 376-page proposal, the National Broadband Plan, was met with a chorus of questions, even from the staunchest advocates of its goals. Telecommunications companies praised the intent but worried that new regulations might impede rather than encourage their progress in expanding Internet access.

Read full story: New York Times

Follow CircleID on Twitter

More under: Broadband, Policy & Regulation

There is an old saying that "bad news comes in threes." Domain name service providers have witnessed two unsettling developments in the past few weeks. The third, still winding its way through the U.S. Congress, could have enormous ramifications. Registries and registrars, in particular, need to speak up or resign themselves to the consequences.

French Court Orders Fines for Parking

As previously reported, in mid-February 2010 a French court fined Sedo ?95,000 ($130,000) for parking a trademark infringing domain name. SafeNames reportedly was fined $5,000 in this case for being the domain registrar. The court used terms like "fraud," "counterfeiting" and "unfair competition" in its ruling. While some in the industry may dismiss this as a case of "beware the (potentially) high costs of doing domain-related business in France," the judgment could serve as a dangerous legal precedent. Furthermore, it could embolden intellectual property protection advocates seeking any and all means to expand the limits and application of trademark law.

Utah Trying to Expand Internet Regulation

Utah has a documented history of attempting to regulate various Internet-related activities. Most have been struck down in court or repealed in subsequent legislative sessions. Nevertheless, Utah's latest attempt is called the "Utah E-Commerce Integrity Act" (SB26), and includes provisions to restrict phishing, pharming, and spyware, as well as a state-level version of the U.S. Anti-Cybersquatting Consumer Protection Act (ACPA). The problem with this legislation, unlike the ACPA, is that it intends to hold liable a registrar, registry, or "other domain name authority" who "knowingly assists" a cybersquatter in a local alleged cybersquatting case. Who knows how broadly the courts will interpret this "knowingly" language. Despite advocacy efforts to convince the bill's sponsor, State Senator Stephen H. Urquhart, to exempt domain name service providers in a manner consistent with federal safe harbor provisions, the Senator refused and no such amendments were made. Consequently, the bill now awaits Governor Gary R. Herbert's likely signature. Not only will registrars and registries have to inappropriately defend themselves on cybersquatting charges in Utah courts, but the Coalition Against Domain Name Abuse (CADNA, a trademark protection association of almost two dozen global brand holders that promoted Sen. Urquhart's efforts) intends to lobby Congress for a national provision along the same lines.

FTC Rulemaking Could Be a Game Changer

Potentially the most far reaching initiative is yet to come. The U.S. Congress is currently working on a reauthorization bill for the Federal Trade Commission (FTC) which could expand the agency's rulemaking authority. An already approved House bill would give the FTC streamlined rulemaking authority over aspects of the business community, thereby allowing the Commission to pursue policy initiatives with little of the typical bureaucratic red tape. For the domain industry, this could mean, for example, that the FTC may decide to issue a new rule requiring US-based registry operators to enforce strict WHOIS accuracy requirements. A registries' failure to comply with these new rules could lead to fines or civil action. Of course, any cost of enforcing additional WHOIS requirements would be passed through to registrars, and then, of course, on to registrants—ultimately impacting over 115 million registrations worldwide. It's easy to imagine how such enforcement and monitoring costs could dramatically reshape the domain name industry as we know it.

Fortunately, the die has not been cast. The Senate is considering its own version of the reauthorization language, and this ultimately will have to be reconciled with the House bill. Although many businesses are weighing in against streamlined rulemaking, other powerful interests are lobbying for the authority. Trademark protection advocates most likely are among those proponents. While final legislation probably will be part of a broader package, thereby raising its likelihood of passage, this also increases the prospect of buried clauses and complex legal linkages that demand careful scrutiny and comment.

Now is the time for the registrars and registries to contact Congress and/or get involved with coalitions to work on a coordinated push for an ICANN-related exemption from broadened FTC authority. If domain name service providers just sit around and wait to see what happens, they'll only have themselves to blame for consequences.

Written by Statton Hammock, Sr. Director, Law & Policy

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, Domain Registries, Law, Policy & Regulation, Top-Level Domains, Whois

I have come to acceptance that the community proposal for Expressions of Interest in new gTLDs (EoI) was removed from consideration during ICANN's March 12th Board Meeting in Nairobi. It should have passed, but it got lobbied into oblivion by some in attendance at the Nairobi meeting. They deserve their say, those who oppose it, but quite frequently the arguments used fail logic once one reflects upon them, or contrast them against the facts.

The EoI did not pass, but the silver lining in it all is that it proved that the community could raise up a proposal to the board using the Bottom-Up approach.

I am grateful. I have a well honed ability to find acceptance in things that I don't agree with. I hate the outcome but I would do it all again.

The many stakeholders and applicants who had been trusting dates and time lines that they had been provided in all meetings between the Paris meeting in June 2008 and the Sydney meeting in 2009, and had been growing businesses and reaching out to communities, carrying the message of ICANN and the promise of new TLDs.

These companies, individuals, volunteers, consultants, they all planned their lives, budgets, marketing, and jobs around the time lines that had been coming from ICANN. Sure, delays and adjustments meant the embarrassment of repeatedly revising and communicating new time lines to their clients, shareholders, boards of directors, communities.

And then came the Seoul ICANN meeting. Rather than get the schedule in place and stop the sliding dates and the embarrassment that they were causing ICANN and the interested stakeholders, ICANN instead opted to clam up about dates and time lines.

This not only completely undermined their own credibility; it froze financial support for new TLD applicants of every shape and size and eliminated institutional confidence in ICANN and its new TLD program.

And in that choice to coward away from communicating dates, ICANN really created the EoI. All I did is channel the contempt, cynicism and abject frustrations of the various community members who had timelines pulled out from under them in the Seoul meeting, working to turn that passion into productive effort. So you could say ICANN was the catalyst.

I am grateful that I had the influence, respect and trust from stakeholders to have pulled so many parties together to collaborate and support an initiative which tested ICANN's 'Bottom-up Process'. And I had the privilege of presenting the concept of an expressions of interest process as a way to keep the new TLD program on pace while removing pressure from the staff and board for evaporating the foundations out from under supporters and believers in the new TLD program at the Seoul meeting.

I cannot take full credit for the Expressions of Interest, it came from a number of people in the community, from a number of various stakeholders who did not want to see the momentum die from ICANNs opting at redacting and retracting communication of dates and timelines.

I just had tenacity to be a spokesperson for a large group of stakeholders in the Seoul meeting but could not at all take all of the credit for the EoI. It was humbling to read through the transcript from the public meeting as I notice the many, many supporters who I consider to be leaders in the community who stepped up after I did in support of the proposal at the public meeting.

It was really just a sensible approach of decoupling the application process from the review, assignment and delegation stages of the new TLD program that we had seen originate from the GAC. I explained that the catalyst was the outright elimination of discussion of dates in Seoul, and that I'd chosen to do something positive and constructive rather than give in to the growing cynicism in the applicant pool.

After gathering many in diverse parts of the community and stakeholder groups to provide a draft document to ICANN that contained a number of concepts and submitting it in the comment period that followed the Seoul board resolution, ICANN staff drafted a proposal for an Expression of Interest process and put it out to the community to comment on.

The community rose up to support or not support the overall concept. Not everyone liked every aspect of it, some loved it outright, and many (especially brands who are fighting with their last breath to oppose the new TLDs but ironically are preparing applications and will apply once they can) sought to quash it.

Ultimately it came down to transparency being the root of its demise. Many brands did not want the double-standard of their position on new TLDs exposed, and fears by governments that a public morality issue would creep in with .f-bomb holding up the whole process, because all strings would be released.

It took reverse psychology and intense lobbying in Nairobi for those who wanted EoI their way or no-way, and those people got what they wanted.

I disagree with the board's decision, but the board was requested to pass or fail the EoI and they failed it opting to allegedly continue the momentum of the new TLD program. Using the Paris meeting announcements that stemmed from the board votes to open up the new TLD program in 2008, things had been progressing along until 'overarching issues' got thrown in front of the process, injecting delays.

I am getting a lot of feedback from within the community that there is deep disappointment and outrage falling out of the board decisions. And I am seeing a lot of people still bracing for the tsunami effect from the EoI being voted into oblivion in the tragic events of 3-12 (The ICANN Board decided to withdraw the Expressions of Interest among other decisions).

We'll see some startups pare down their staff and marketing budgets, other participants will close down entirely or completely move their focus. Make no mistake, jobs were lost as a result of the board's decision to fail the EoI.

I am already witnessing gloating by those interested in delaying the introduction of new TLDs who won a small victory for the status quo amidst the zebras and hippos in Narobi. These are not people who ponder the consequences or outcomes, they only relish victories.

Candidly, I was shocked the EoI did not pass. It essentially was just a time honored technique used in intelligent project management to reduce the ambiguity and theoretical concerns and operate in tandem with the solutions to some of the thorny issues that were open. It had every opportunity to thrive and provide benefit to ICANN, to the applicants, to the communities, investors, to the process itself.

There was an opportunity to make the new TLD program real again after Seoul. In Seoul the new TLD program was converted into vaporous concept with hazy, slippery deadlines that have anyone that follows them met with laughter and doubt when presenting timeline estimates.

Apparently the community had really gotten quite a bit of momentum with the Expressions of Interest concept. It looked like it had some promise. Many elements of the concept were attractive and productive.

But the takeaway and probably the most important thing that happened was that the community rose to present an idea, that the board heard that message, and that it even became something to be voted upon at all.

While I watch many of the investors and communities that were in strong support of the new TLD program wither or hibernate in a process that kills jobs during a weak global economy as a result of the March 12th board votes, I remain optimistic that the new TLD program will continue and we'll see those who had the intestinal fortitude and capable war chests ride out the storm of perpetual delay.

And I would do it all over.

I have not lost my faith in the community. I hope the community has not lost faith in ICANN, and I would encourage the community not to become stoic when their efforts appear for naught like we were shown.

My heart goes out to those who have families to feed that were impacted by the decisions the board made.

Written by Jothan Frakes, Chief Operations Officer at Minds + Machines

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Last week at the ICANN meeting in Nairobi, a plan was announced by ICANN staff to create a "CERT" for DNS. That's a Community Emergency Response Team (CERT) for the global Domain Name System (DNS). There are all kinds of CERTs in the world today, both inside and outside the Internet industry. There isn't one for DNS, and that's basically my fault, and so I have been following the developments in Nairobi this week very closely.

As the original founder of DNS-OARC (that's the Operations, Analysis, and Research Center for DNS, on the web at WWW.DNS-OARC.NET / see related CircleID interview), I've fielded a lot of questions from folks asking me what I think about all this. The original DNS-OARC plan (written in 2002 or so) called for a 24x7 monitoring and response and coordination function very similar to what's now being proposed by ICANN. Everybody I talked to in 2002 understood the need for this, based on the excellent track record of US-CERT and JP-CERT and even the IT-ISAC. We knew it had to be done by the DNS industry itself, rather than added to the remit of some existing government-supported CERT or ISAC.

Somewhere along the way we got distracted. Or to more accurately place the blame, I got distracted. DNS-OARC was a huge undertaking, and one that I significantly underestimated.  Internet Systems Consortium (ISC) started DNS-OARC using NSF research money, and I think NSF was happy with our results—but producing those results used up a lot of ISC's management bandwidth. DNS-OARC has received unprecedented participation and support from members of the DNS industry, who had never done anything quite like this—but the cycle time for bringing in new members was six to 18 months rather than the six to 18 weeks I planned on. Much has been achieved, but building the data and resources needed to develop OARC's necessary "critical mass" was something that ISC had to rely on partners and members for, and those folks have busy lives and long to-do lists even without this kind of stuff.

Eight years on, ISC has successfully spun DNS-OARC out as a separate non-profit corporation with its own board of directors. DNS-OARC has some fifty (50) members, comprising an unprecedented community of the key technical people from major DNS TLD registries, root operators, vendors and service providers. It has created a set of tools, experience and infrastructure vital for monitoring and analyzing the health of the DNS, and has accumulated an unparalleled set of DNS data captured from the live Internet.

But all this took years longer than I expected, and may have been a more dramatic time investment than DNS-OARC's elected trustees were expecting.

So the reason there is nothing like a "DNS CERT" in the world today is that I, as the founder of DNS-OARC, said that DNS-OARC would handle it, and then I didn't follow through. I plead ignorance and ambition—we got a lot of other great stuff done, including the existence and independence of DNS-OARC itself, so I'm not exactly weeping with guilt. But, when Rod Beckstrom (President of ICANN) got up at the microphone in Nairobi and said, the world needs something like this, and if nobody else is going to build it, he would, I thought, he's absolutely right, it's still 2002 in here, and it's time we—the DNS industry—got this done. We need a 24x7 monitoring and response and coordination function, with full time analysts looking at real time DNS events and participating in a global mesh of DNS NOCs.

Beckstrom's vision that some $4.5M is needed to get DNS-CERT properly off the ground is to be commended, and is one familiar to us at DNS-OARC, where our reach has regularly exceeded our grasp. But we've also learned some lessons over the years, not least that the DNS community guards its autonomy fiercely, and will react adversely to anything that smacks to them of unilaterally imposed central control. Something like a DNS-CERT can only be done at the grass roots level, which is both a constraint and a boon. This explains some of what we've been hearing in the hallways at how, despite its merits, there is some disquiet about the way the DNS-CERT proposal was presented. It is exactly why we went for an autonomous, neutral, membership governance model for DNS-OARC. We have to work cooperatively to ensure that DNS remains 100% available to serve as the Internet's map.

I call upon the world's governments, and upon the gTLD and ccTLD operators, and upon ICANN itself as well as other Internet governance organizations including CENTR, to support DNS-OARC Inc. in finishing what I started; and I call upon DNS-OARC Inc.'s trustees and members to use ICANN's excellent "gap analysis" for the "DNS-CERT" as the starting point to make this happen.

So, the next phone call all of those folks get may be from me, making this appeal personally. Let's make 2010 the year we (all) finally get this done.

Written by Paul Vixie, President, Internet Systems Consortium, Inc.

Follow CircleID on Twitter

More under: DNS, ICANN, Internet Governance, Security

Until today's announcement by Canon, no large brand had broken the "thin brand line" by revealing their plan to apply for their own new top-level domain. Now with Canon's announcement, other major companies have been challenged to either announce their TLD plans or else state that they plan to forgo the chance to brand themselves at the top level of the domain name space.

Until now, in public, large brands have marched in lock step in opposition to new top-level domains, ostensibly because of the high cost of defending and enforcing their marks in multiple new namespaces. The worst-kept secret in the industry, however, is that brands have been making private plans, and brand-service registrars have been prepping their clients for new gTLDs in anticipation of healthy fees for application submission services.

Canon, at least, has decided that the marketing benefits of their own top-level domain outweigh the costs. In the U.S., legal departments, which are good at identifying risk—though not necessarily expert at quantifying it—, exercise a much stronger presence in the corporate boardroom than they do in European and Asian companies.

Could it be that the highly defensive stance of U.S. intellectual property interests, hardened by the file-sharing wars, is not shared by the rest of the world's brands?

In Japan, Canon has decided to cast its lot with the money-makers instead of the money-hoarders. I predict we will see more brands opt for engagement with the Internet by visibly branding themselves with their own new gTLD, but that the the last ones to do so will come from the United States.

Written by Antony Van Couvering, CEO of Minds + Machines

Follow CircleID on Twitter

More under: Domain Names, ICANN, Top-Level Domains

With $72 billion invested in mobile broadband it would be hard to argue that this market is suffering from a lack of investment.

More than half of this is taking place in Asia. Over the last two years close to 300 mobile operators in 120 countries have launched mobile broadband networks (using the 3G HSPA technology) and some 70 of these are already planning the next upgrade of their networks using the LTE technology—the first $5 billion of investment money has been committed to that technology.

The two countries that are ahead of the pack in this are—where else but in Scandinavia?—Sweden and Norway.

Japan and Korea are also moving in this direction but they are using different technologies.

Within that same short time period over 200 million subscribers have embraced mobile broadband and, as reported previously, this has caught many mobile operators unprepared. They were still peddling their mobile portals while the apps available on smart phones almost instantly overtook a market that the mobile operators had been trying to build up for ten years.

Because of the success of this market mobile operators are now scrambling to keep up with an enormous demand for mobile broadband access. They are eager to get at least their share of the access market and competition is driving them to charge ever less for simple broadband access. As a result of this the margins available for mobile operators are being squeezed more and more.

Does that mean that mobile operators will be relegated to becoming pipe suppliers? Not necessarily. They have a number of very powerful tools that they can use. They know mobile customers better than anybody else and they are able to provide a very reliable and secure service—so much so that banks are using their networks to deliver financial services. This has built a powerful trust relationship between operators and some very key service providers. The mobile operators are the only ones who have a very secure identity management service on their networks that can be used by these financial institutions, and (if the mobile operators permit) by others also.

Furthermore, mobile networks are excellent for mobility applications such as GIS, location-based navigation, etc. Again, the mobile operators are currently the only ones who have access to this user information.

It then comes down to whether the mobile operators will be able this time around to also develop business plans that are going to make it attractive for other providers to utilise the network. This will require open networks, wholesale, MVNOs, etc. The question is will they indeed this time around do change their business models, or will they again wait for others to eat their lunch.

Mobile operators and their supporters all talk about a range of essential services such healthcare, education, public safety and so on. Lessons learned from the past will hopefully encourage operators to open up their networks to these public sectors. It is not too difficult to predict that, if this does not happen and consumers want to make more use of mobile broadband infrastructure for such services, regulation will be used to force the operators to open up to these new social and economic opportunities.

What might change their attitude this time is the fact that they now nearly all operate in saturated markets. There are very few new users that can be connected—certainly in the developed markets. So today there is certainly more urgency among the mobile operators to change their business models to cater for the new opportunities. Also, it will only be a matter of time before OTT providers such as Google, Facebook, Twitter, Amazon, eBay, Skype and others will have more sophisticated applications in competition with the mobile operators.

One of the main problems still being experienced by operators at the moment is a lack of sophisticated middleware that would allow them to deliver these new applications more efficiently and effectively. For instance, the many BSS/OSS systems within the mobile operators' organisations are making it very difficult to deliver real-time and on-demand services.

Who will win?

The judges are still out on this. There are the smart device operators like Apple, with their proprietary applications; companies like Google and Microsoft, with devices based on Operating System (OS) innovations; and the mobile operators, who recently formed an alliance to also develop their own apps stores. This broad level of competition will drive innovation and those who are able to deliver the best customer experience are going to be in the lead here.

Over the next few years the mobile market will pass the $1 trillion revenue mark. The stakes are high, the rewards are great, and the future looks very bright indeed. So may the best one win.

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Access Providers, Broadband, Mobile, Telecom

On March 15, 1985, symbolics.com was the first .com registered in what had yet to be labeled the "world wide web." While it took nearly a decade for the domain—and the consumer Internet—to take off, today there are over 80 million .com websites and the domain is a prominent feature of one of our culture's most iconic developments.

While its economic and social impact is undisputed, for the first time the economic impact of .com has been quantified in a new study that found that the domain serves as a platform for $400 billion in annual economic activity.

Read full story: External Source

Follow CircleID on Twitter

More under: Domain Names, Top-Level Domains

This article on cloud appeared in the Economist.com on April 12th 2001 titled "The Beast of Complexities" Stuart Feldman of IBM, mentions these examples. Quote 'Picture yourself as the product manager of a new hand-held computer whose design team has just sent him the electronic blueprint for the device. You go to your personalized web portal and order the components, book manufacturing capacity and arrange for distribution. With the click of a mouse, you create an instant supply chain that, once the job is done, will dissolve again." unquote.

Another example quote "Imagine, says the man from IBM that you are running on empty and want to know the cheapest open petrol station within a mile. You speak into your cellphone, and seconds later you get the answer on the display. This sounds simple, but it requires a combination of a multitude of electronic services, including a voice-recognition and natural-language service to figure out what you want, a location service to find the open petrol stations near you and a comparison-shopping service to pick the cheapest one." unquote.

In the same article he also lamented that so far, nobody has found a silver bullet to kill the Beast of Complexity.

The silver bullet for cloud computing 'could' be a new operating system, a cluster of applications offered like the MS Office suites supporting cloud computing, a TLN (Top Level Network) instead of TLD, to enable users to register, may it be individual, business or service 'plus' all those registered in TLDs, the new set up has to be 'all inclusive'. The magnitude is staggering, this would bring into play number analogy which could provide space for all and yet not run out of numbers, at the same time allow multiple users to have the same namespace.

Once that is in place, comes the question of common standards which Vint Cerf was talking about, it would not be easy to make people come together to set and accept common standards, it is only services like say email, which compel every body to adopt to common standards.

Stuart Feldman also mentions that Cloud computing is something big that is happening in the industry—as big as the rise of the PC in the 1980s, unquote this is even true today after a decade.

Written by Virendra Gandhi

Follow CircleID on Twitter

More under: Cloud Computing

The FCC recently published some tools to let consumers measure some internet characteristics.

The context is the FCC's "National Broadband Plan". I guess the FCC wants to gather data about the kind of internet users receive today so that the National Broadband Plan, whatever it may turn out to be, actually improves on the status quo.

The motivation is nice but the FCC's methodology is technically weak.

There are several goals to which the National Broadband Plan ought to aspire:

This note will address only the first of these goals.

The first thing that is wrong is that the FCC's tools are not well focused with regard to exactly what parts of the internet they are measuring. And second, the measurements that are taken are too vague to be of more than anecdotal value.

I've drawn up a simple diagram to illustrate.

This is a simplified diagram, it is intended to focus on that part of the net of concern to the National Broadband Plan. In particular it looks at the part of the net that represents the "internet" product sold by today's Internet Service Providers (ISPs). The arrows in this drawing are interfaces where these clouds join, they are not communications lines.

This diagram shows things as connected clouds because that more accurately represents the things that make up the way that user's connect to the internet. The basic parts of the diagram are these:

(Please note that I am using the word "peering" in a way that may be different from its use in settlement-free peering between ISPs.)

The portions of interest to the FCC's National Broadband Plan are the part between "A" and "B" and between "A" and "C". These are shown inside the yellow box.

So what does all of this have to do with the National Broadband Plan in general and the FCC's Consumer Broadband test in particular?

First of all, we must recognize that a user's perception of network quality and speed is a complex function that involves the entire path between the user and the remote service.

Many protocol stacks and applications can degrade badly even if one seemingly small aspect changes. For example, the speed with which domain name system (DNS) queries are answered is often a major, or even the dominant, component of how quickly web pages are fetched and rendered. Indeed with the increasing number of "analytics" web bugs and links to "share" content the number of DNS queries involved in a page fetch can be quite surprising.

And DNS responsivity is a matter that involves more than mere bandwidth.

Other applications degrade for other reasons. VoIP is often made incomprehensible by even small amounts of packet reordering, something that can occur quite often as a result of certain wireless technologies, load-balanced pathways, or routing behavior. And applications that use large packets, applications such as high quality video, can be badly affected by fragmentation of packets due to link MTU values of less than about 1500 bytes.

There are many characteristics that play a part. Among these are Quality of Service (QoS) handling, queuing disciplines and drop policies in routers, and congestion handling in protocol stacks. Moreover there are an increasing number of protocol "accelerators" that try to obtain better user performance by abandoning the protocol etiquette algorithms that are built into well implemented TCP stacks. Those accelerators may create local benefits to their users, as long as the number of such users is small, but they damage the experience of other users.

The National Broadband Plan tends to be involved only with the "User Access Link" part of my drawing.

Yet the FCC's tests tend to lump all the parts of the drawing into one number thus masking the contribution of each part.

A national broadband build-out that does not deal with the entire system will be a waste of time and money. A user whose ISP has a magnificent broadband User Access Link but inadequate backhaul and connectivity to the internet at large is a user who is going to be dissatisfied.

Thus for the FCC's tests to be meaningful they need to do two things:

• They need to isolate and separately report the attributes of the User Network, the User Access Link, the User's ISP Cloud, and the degree of private peering to large content providers.

• The attributes that are measured need to be much deeper than "bandwidth" and "latency" and "jitter". I would recommend that the FCC look at the way that tools like PathChar and Pchar construct a detailed hop-by-hop analysis of network paths. Those tools require many thousands of packets over many tens of minutes for each hop in a path. In my own work I began (but never completed) a project to design a protocol to enable the fast and inexpensive measure of paths characteristics for proposed packet flows. That work is visible on the net at http://www.cavebear.com/archive/fpcp/fpcp-sept-19-2000.html.

Written by Karl Auerbach, Chief Technical Officer at InterWorking Labs

Follow CircleID on Twitter

More under: Access Providers, Broadband, Policy & Regulation, Telecom

For those closely following the ICANN Meeting in Nairobi this week, the EOI (Expression of Interest) model seemed like a foregone conclusion. In fact, ICANN had scheduled a webinar on March 18th to explain the process despite the complaints of the community and large-scale disagreement amongst proponents of the EOI.

As proposed by ICANN staff, the EOI model would have required that all entities wishing to apply for a new generic Top-Level Domain (gTLD) during the first round to submit basic information including the requested string and a fee of $55,000.

However, much to the collective surprise of the ICANN community, the ICANN Board voted against the proposal, citing many of the reasons noted in the comments submitted by MarkMonitor.

Members of the ICANN Board stated that confusion regarding the purpose of the model existed, and that moving forward with such a model would have added another two to three months to the process. Furthermore, that resources were being taken away from solving the "underlying problems” was also cited as a reason to vote against the model.

While the EOI was expected to provide exact information about the number of applicants expected in the first round, one of the Board Members stated that having this "extraordinary precision" was not necessary due to the fact that the "Internet is a—as a system, exhibits enormous dynamic ranges in load in every aspect."

Interestingly enough, another Board Members stated that at the beginning of the week that he had planned to vote in favor of the EOI, but by the end of the week it had become apparent that a mandatory EOI did not have the consensus of the community.

With this result, brand rights owners and others will be able to keep their plans confidential until they are ready to apply and prepare for the application or objection process, without additional worries or early investment in the gTLD process.

So, it is without any sorrow or regret, I say RIP EOI.

Written by Elisa Cooper, Director of Product Marketing at MarkMonitor

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Following in the footsteps of Lethic, Waledac and Mariposa, yet another botnet has been taken offline. Not completely, though, it was only a partial disconnect. The Zeus botnet, also known as Zbot, is a trojan password stealer that captures passwords and sends them to the attacker. From ITWorld:

March 10, 2010, 04:10 PM — IDG News Service —

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.

Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercrime, and this was probably one of the easiest ways to do it."

Troyak is based in Kostanay, Kazakhstan, according to whois records. The company could not be reached immediately for comment.

The Zeus Tracker administrator, who asked not to be named, said that at first he thought that there had been some type of technical error in the Zeus code. On further investigation, he discovered that Troyak had been taken offline, which in turn knocked the networks hosting the botnet servers off the Internet.

Unlike the Waledac takedown, which was removed with a court order, and Mariposa takedown which was done by police authorities, or even the Lethic takedown done by Neustar which operates the .us ccTLD, this time around it was done by eastern European network providers. Thus, this takedown more closely resembles the 2008 McColo takedown which resulted in spam levels plummeting by 40% (our figures) to 70% (others' figures). According to The Register, the network providers Ukraine-based Ihome and Russia-based Oversun Mercury severed their ties to the ISPs in question (Troyak and Group 3). Unfortunately, it also meant that the legitimate customers on those ISPs also had their ties to the Internet disconnected. I bet their customer support desks had their phones ringing off the hooks. I can just imagine the conversation.

Customer: Why can't I connect to the Internet? I'm paying for your service!
Response: Well, sir, no one can. We've been disconnected.
Customer: What? Why?
Response: For engaging in cybercrime.
Customer: Oh. Well, that explains it.

Cisco issued a statement that this takedown "depeered" the botnet. What this means is that the drones that perform the actual password stealing, fast-fluxing, etc, can no longer (temporarily) make contact with command center. The drones are aimless, kind of wandering around with no direction, no purpose and no motivation (a lot like the entire population of Canada would have been had we lost the gold medal game in hockey two weeks ago at the Olympics). It's kind of like if a military unit were out in the jungle taking orders from central command, and central command is knocked out, the unit will stand around forever doing nothing. The unit is still there, but they are not going to do anything until they get their orders. Since their orders will never come, they will never do anything. It's classic bureaucracy in action.

It's important to note three points:

It remains to be seen what the impact of this take down will be on the malware world.

Written by Terry Zink, Program Manager

Follow CircleID on Twitter

More under: Cybercrime, Malware, Security, Spam

For those participants that have been working rearranged hours and participating remotely in connection with ICANN's Nairobi meeting, here is a chance to sleep in. While ICANN Board tea leaf reading is not an exact science, there is a great deal of predictability to ICANN's actions so here are my big three predictions for tomorrow.

#1 – ICANN Board Approves the EOI

Kristina Rosette, GNSO Counsel representative highlighted how ICANN had already announced a webinar on March 18th to talk about the new gTLD process and the EOI/Pre-Reservation process. Now while ICANN staff promptly edited this page after Kristina's statement in the public forum, to include the following disclaimer (SUBJECT TO BOARD DECISION), this appears to be preordained based on the additional facts listed below.

#2 – Launch of the Global Communication Plan

The Seoul meeting was interesting as it was one of the first ICANN meetings were there was an absence of artificial timelines in connection with the launch of the new gTLD process. This meeting was also largely absent of timelines, expect for those attendees that managed to sit in on the new gTLD staff briefing given by Kurt Pritz to the Registrar Stakeholder Group. While the first slides in Kurt's presentation where almost identical to the other public presentations, the last two saw the re-emergence of project times. These slides were entitled "Applicant Guidebook V4—Shortest Path" and "Expression of Interest (EOI)—Shortest Path." While this power point presentation given to the registrars is not currently available on the ICANN website, I am sure that within minutes of this article being published it will timely appear on the ICANN website much like the update to the March 18th webinar.

#3 – Approval of the ICM Application

Today on the ICANN correspondence website there appears a private and confidential communication submitted by ICM to ICANN to settle its dispute. Given that this "private and confidential" communication is now public is a reasonable indicator that ICANN will accept the offer. The only suspense is if ICANN approves the last 2007 registry contract posted for public comment, or if it re-opens contractual negotiations. Given that re-opening negotiations would subject ICANN to intense lobbying from certain stakeholder groups that feel rather passionately about this subject and how this might distract staff from its Brussels' deliverables, it is a safe bet to predict that ICANN just bites the bullet and executes the 2007 agreement.

Shock and Awe

Regardless of what actions the ICANN Board takes tomorrow it will be criticized. Therefore, given the new style leadership demonstrated by ICANN President and CEO, Rod Beckstrom and Chairman Peter Dengate Thrush, I predict ICANN goes 'all in." While it may take several years to determine whether the ICANN Board made the right decision in Nairobi, this much is guaranteed for sure, ICANN's actions represent a global economic stimulus plan for attorneys of epic portions that will be paying dividends for year to come. Let the fun begin, and let the chips fall where they may.

Written by Michael D. Palage, Adjunct Fellow at The Progress & Freedom Foundation

Follow CircleID on Twitter

More under: Domain Names, Domain Registries, ICANN, Internet Governance, Top-Level Domains

The internet is among a record 237 individuals and organizations nominated for this year's Nobel Peace Prize. The number of nominations surpasses last year's record of 205 nominations. The internet's nomination has been championed by the Italian version of Wired magazine for helping advance "dialogue, debate and consensus".

Read full story: BBC

Follow CircleID on Twitter

More under: Web