[DNS] auDA Domain News - 14 April

[DNS] auDA Domain News - 14 April

From: David Goldstein <david>
Date: Mon, 14 Apr 2014 13:49:15 +1000
***************************************************

The domain name news is supported by auDA

***************************************************


Testimony of Assistant Secretary Strickling at Hearing on "Should the Department of Commerce Relinquish Direct Oversight Over ICANN?"
<http://www.ntia.doc.gov/speechtestimony/2014/testimony-assistant-secretary-strickling-hearing-should-department-commerce-rel>

Republicans Don?t Want America to Give Up Control of Web Addresses
<http://time.com/58277/republicans-dont-want-america-to-give-up-control-of-web-addresses/>

Training Wheels Off by Fadi Chehad?
<http://blog.icann.org/2014/04/training-wheels-off/>

GAC Advice on New gTLDs Issued During ICANN 49 Singapore
<http://newgtlds.icann.org/en/announcements-and-media/announcement-11apr14-en>

Arabic and the internet: Surfing the shabaka - The world?s fifth-most-spoken language lags online
<http://www.economist.com/news/middle-east-and-africa/21600732-worlds-fifth-most-spoken-language-lags-online-surfing-shabaka>

Geo gTLDs catch a break with new launch rules
<http://domainincite.com/16467-geo-gtlds-catch-a-break-with-new-launch-rules>

.GURU First New gTLD To Hit 50K Registrations
<http://www.domainpulse.com/2014/04/14/guru-first-gtld-50k-registrations/>

Money talks, and Verisign is doing a good job quashing new TLDs
<http://domainnamewire.com/2014/04/10/verisign-registrar-marketing/>

Majority of Phishers Targeting Chinese; Phishing Up 60 Percent: Report
<http://www.thewhir.com/web-hosting-news/majority-phishers-targeting-chinese-phishing-60-percent-report>

Domain Name Association Appoints Adrian Kinderis As Chair
<http://www.domainpulse.com/2014/04/11/domain-name-association-kinderis-chair/>


**********************
GOVERNANCE
**********************
Testimony of Assistant Secretary Strickling at Hearing on "Should the Department of Commerce Relinquish Direct Oversight Over ICANN?"
Chairman Coble, Ranking Member Nadler, and members of the Subcommittee, thank you for this opportunity to testify on behalf of the National Telecommunications and Information Administration (NTIA) regarding NTIA?s role and relationship with ICANN, in particular NTIA?s recent announcement of our intent to transition key Internet domain name functions to the global multistakeholder community.
<http://www.ntia.doc.gov/speechtestimony/2014/testimony-assistant-secretary-strickling-hearing-should-department-commerce-rel>

Keeping the Internet Free?for Now: The Commerce Department has second thoughts about surrendering America's online oversight.
Less than a month after announcing its plan to abandon U.S. protection of the open Internet in 2015, the White House has stepped back from the abyss. Following objections by Bill Clinton, a warning letter from 35 Republican senators, and critical congressional hearings, the administration now says the change won't happen for years, if ever.
<http://online.wsj.com/news/articles/SB10001424052702303603904579495960709069136>

No, Russia Isn't Going To Steal The Internet
Opposition is growing to US government plans to give up technical oversight of the internet. The Republican Party is calling for a year?s delay to the handover process, and some are suggesting that it could allow Russia or China to seize control.
<http://www.forbes.com/sites/emmawoollacott/2014/04/11/no-russia-isnt-going-to-steal-the-internet/>

Is the US giving up the keys to the internet?
The US government recently announced that it would be handing off the reins of Icann, an organisation tasked with assigning and managing domain names and IP addresses worldwide.
<http://www.bbc.com/news/blogs-echochambers-26965949>

DC Discussions: April 10th Judiciary Hearing
Some may have taken to Twitter to rib the congressmen and congresswomen at today?s Judiciary hearing entitled ??Should the Department of Commerce Relinquish Direct Oversight Over ICANN??, but members showed up prepared with thoughtful questions, support for a multistakeholder model of Internet governance, and a willingness to probe for concrete answers to questions that are needed.
<http://domainnamestrategy.com/2014/04/11/dc-discussions-april-10th-judiciary-hearing/>

Internet Governance, New Work and What?s in Store for 2014: Who should control the Internet?
In the wake of the NSA surveillance scandal, the European Commission in February proposed key reforms to the way the Internet is run. These include the globalization of ICANN, the strengthening of the Internet Governance Forum, and the establishment of a Global Internet Policy Observatory as international policy watchdog. The recent annoucement by the US Administration that they intend to give up their role as the supervisor of ICANN, now heats up the debate even more.
<http://international.eco.de/2014/news/internet-governance-new-work-and-whats-in-store-for-2014.html>

US Congress weighs in on IANA transition by Brenden Kuerbis
Washington D.C. is abuzz with activity concerning NTIA?s IANA transition announcement. Last week saw a hearing with the House Energy & Commerce Committee and a discussion at the Hudson Institute, this week brings another hearing with the Judiciary Committee as well as a NetCaucus briefing. So far, three bills have been proposed. The first is H.R. 4342 Domain Openness Through Continued Oversight Matters (DOTCOM) Act of 2014, introduced by Rep. Shimkus (R-IL).
<http://www.internetgovernance.org/2014/04/08/us-congress-weighs-in-on-iana-transition/>

Nigeria to host 3rd African Internet Governance Forum [news release]
The third African Internet Governance Forum (AfIGF) will take place in Abuja, Nigeria from 10 to 12 July 2014.
<http://www.nationaljournal.com/library/139410>

Internet chief allays fears over ICANN transition
A House panel voted to advance a bill that would halt the Obama administration's plan to transition U.S. government control over key Internet regulation to a private group.
<http://www.upi.com/Top_News/US/2014/04/10/Internet-chief-allays-fears-over-ICANN-transition/8191397140522/>

Republicans Don?t Want America to Give Up Control of Web Addresses
Democrats and Republicans both say they want keep the Internet free and open for all. They disagree about who should guard the guards
<http://time.com/58277/republicans-dont-want-america-to-give-up-control-of-web-addresses/>

Commerce Official Defends Web-Oversight Plan: Assistant Secretary Says Proposed Icann Transfer Doesn't Amount to 'Giving Away' the Internet
A top Commerce Department official on Thursday defended the Obama administration's plan to relinquish U.S. oversight of the body that manages Internet domain names and addresses, pushing back against growing Republican opposition to the move.
<http://online.wsj.com/news/articles/SB10001424052702303603904579493833240468604>

House Panel Votes to Halt Obama's Internet Power Transfer
A House panel voted along party lines on Thursday to delay the Obama administration's plan to give up oversight over certain technical Internet management functions.
<http://www.nextgov.com/cio-briefing/2014/04/house-panel-votes-halt-obamas-internet-power-transfer/82315/>

NETmundial is the World Cup of internet governance
To set the scene for a Brazilian meeting over internationalising the internet, we compare the little-known world of internet governance with the greatest spectacle in football
<http://www.wired.co.uk/news/archive/2014-04/10/netmundial-internet-governance>

Net Gain: Washington Cedes Control of ICANN
For over a decade, the United States has promoted a free and open Internet as a central tenet of its foreign policy. To date, this has most visibly involved shaming governments that limit access to online content and developing tools that help individuals circumvent censorship and surveillance. Perhaps even more important, though, have been Washington?s efforts to ensure that the Internet remains regulated by public as well as private stakeholders -- not just governments alone.
<http://www.foreignaffairs.com/articles/141122/stacie-l-pettyjohn/net-gain>

US NTIA's plan to end ICANN contract puts Internet freedom at risk, critics say
The freedom and openness of the Internet are at stake after the U.S. government announced plans to end its contractual oversight of ICANN, some critics said Thursday.
<http://www.computerworld.com/s/article/9247580/U.S._plan_to_end_ICANN_oversight_jeopardizes_Internet_freedom>
<http://www.computerworld.com.au/article/542633/us_ntia_plan_end_icann_contract_puts_internet_freedom_risk_critics_say/>
<http://www.cio.com/article/751345/US_NTIA_39_s_plan_to_end_ICANN_contract_puts_Internet_freedom_at_risk_critics_say>

Republicans advance ?embarrassing? DOTCOM Act
Republican US Congressmen today voted to advance the DOTCOM Act, which would add a delay of up to a year to the IANA transition.
<http://domainincite.com/16459-republicans-advance-embarrassing-dotcom-act>

**********************
DOMAIN NAMES
**********************
**********************
 - ICANN
**********************
Qualified Launch Program for New gTLD Registries Now Available
The Qualified Launch Program (QLP) Addendum is available for new gTLD registry operators as of today. The QLP Addendum allows a registry operator to register up to 100 domain names to third parties prior to the Sunrise Period for purposes of promoting the TLD, under certain conditions.
<http://newgtlds.icann.org/en/announcements-and-media/announcement-10apr14-en>

Training Wheels Off by Fadi Chehad?
My sons are adults now but I remember like it was yesterday teaching them how to ride their bikes. Removing the training wheels from their bicycles was an important milestone, but it didn?t mean that I was ready to leave them on their own to ride the neighborhood. As they got used to being on two wheels instead of four, I was right there beside them, ready to correct and guide. I can?t help but see the parallels when I think about the U.S. government?s announcement last month. The U.S. government came to the conclusion that the global Internet community is now ready to assume stewardship of ICANN?s performance as the administrator of the IANA functions. It feels like the moment when the multistakeholder community?s training wheels come off.
<http://blog.icann.org/2014/04/training-wheels-off/>

GAC Advice on New gTLDs Issued During ICANN 49 Singapore
The Governmental Advisory Committee (GAC) has issued further advice to the ICANN Board in the GAC Singapore Communiqu? regarding New gTLD applications. The New gTLD advice in the Singapore Communiqu? related to Section 3.1 of the Applicant Guidebook is further to the contents of the Beijing, Durban, and Buenos Aires Communiqu?s.
<http://newgtlds.icann.org/en/announcements-and-media/announcement-11apr14-en>

New Contracting Statistics Released
Below are the key Contracting statistics, as of 11 April 2014:
<http://newgtlds.icann.org/en/announcements-and-media/announcement-2-11apr14-en>

Leslie Reynolds, Executive Director | National Association of Secretaries of State, to ICANN
Community Priority Evaluation
<http://www.icann.org/en/news/correspondence/reynolds-to-icann-04apr14-en>

Morgan McLaughlin, Executive Director | Santa Barbara Vintners, to Members of the NGPC, Members of the ICANN Board, Members of the GAC, and Country Representatives of the GAC
New gTLD applications for .WINE and .VIN
<http://www.icann.org/en/news/correspondence/mclaughlin-to-icann-board-et-al-07apr14-en>

Stephen D. Crocker, Chair | ICANN Board of Directors, to Heather Dryden
Governmental Advisory Committee (GAC) Advice - .WINE and .VIN
<http://www.icann.org/en/news/correspondence/crocker-to-dryden-04apr14-en>

Cherine Chalaby, Chair | ICANN Board New gTLD Program Committee, to Mr. Jonathan Robinson
New gTLD Registry Agreement ? Specification 13
<http://www.icann.org/en/news/correspondence/chalaby-to-robinson-03apr14-en>

Wrap-up: ICANN 49 Singapore by Roland LaPlante
Given the "going live" of New gTLDs as well as the NTIA's announcement of its intent to transition Internet domain name functions to a multi-stakeholder environment, the 49th ICANN meeting in Singapore was sure to be a busy one. Here's a breakdown of some of the key happenings during the week.
<http://www.circleid.com/posts/20140410_wrap_up_icann_49_singapore/>

**********************
 - ccTLD & gTLD NEWS
**********************
EURid confirmed as the .eu registry manager
EURid has been confirmed as the registry manager of the .eu TLD for the next five years, with the European Commission Decision (2014/207/EU), published in the Official Journal of the European Union (L109).
<http://www.eurid.eu/en/news/apr-2014/eurid-confirmed-eu-registry-manager>
<http://www.domainpulse.com/2014/04/13/eurid-confirmed-as-the-eu-registry-manager/>
<http://www.domainnews.com/eurid-to-run-the-eu-registry-for-5-more-years.html>

EURid Gets 5 More Years To Run The .EU Registry
EURid which has been operating the .EU domain name extension since it was launched, has been confirmed as the registry manager of the .EU TLD for the next five years.
<http://www.thedomains.com/2014/04/12/eurid-gets-5-more-years-to-run-the-eu-registry/>

Latest EURid report shows impressive renewal rate for ?.eu? domain names [subscription]
EURid, the registry for the ?.eu? TLD, has published its latest progress report, which contains positive results for the registration and renewal of ?.eu? domain names during Q4 2013. The report shows that the number of ?.eu? domain names registered during Q4 2013 increased by 9,502 domains, and that approximately 80% of ?.eu? domain names were renewed in 2013.
<http://www.worldtrademarkreview.com/daily/Detail.aspx?g=13d7d696-a8da-4097-91eb-9fb110097746>

Norwegian domain names for everyone
The results from the public consultation are now ready. The majority supports the proposal to make .no available to private individuals. This means that starting on 17 June 2014, everyone in Norway can register their own domain name directly within .no.
<http://www.norid.no/nytt/privatpersoner-2014.en.html>

Dmitry Medvedev congratulates Russian web users on 20 years of .RU domain zone
Prime Minister Dmitry Medvedev delivered a video address at a news conference marking 20 years of the .RU domain zone. ?An average web user spends over 100 minutes per day in the .RU zone,? he said. ?Imagine that! I hope these are not wasted minutes.? He also recalled that Russia is Europe?s leader in the number of Internet users.
<http://cctld.ru/en/news/news_detail.php?ID=5626>

uk: Nominet opens London office to drive research and development
Nominet, the not-for-profit organisation best known for running the UK name space, is today announcing the opening of its London office, on Rivington Street in the heart of Tech City. Nominet London will be focused on research and development as we continue our diversification efforts.
<http://www.nominet.org.uk/news/latest/nominet-opens-london-office-drive-research-and-development>

**********************
 - NEW TLDS
**********************
Arabic and the internet: Surfing the shabaka - The world?s fifth-most-spoken language lags online
The Arab world from Rabat to Baghdad likes to surf. The proportion of Arabs online grew 30-fold between 2000 and 2012. Shaking off their stuffy image, 41% of Saudi internet users are on Twitter, the highest rate in the world. But Arabic speakers have far less content in their native language than others do. By some estimates, fewer than 1% of all web pages are in Arabic.
<http://www.economist.com/news/middle-east-and-africa/21600732-worlds-fifth-most-spoken-language-lags-online-surfing-shabaka>

Cybersquatting Toolkit : The Trademark Clearinghouse
The Trademark Clearinghouse (TMCH) is an important tool for brand owners who want to cut down on incidents of cybersquatting in new TLDs. And what brand owner doesn?t want to curb cybersquatting?
<http://cadna.org/blog/2014/4/9/cybersquatting-toolkit-the-trademark-clearinghouse>

Geo gTLDs catch a break with new launch rules
New gTLDs with a geographic or community focus have won concessions from ICANN under new rules published today.
<http://domainincite.com/16467-geo-gtlds-catch-a-break-with-new-launch-rules>

.GURU First New gTLD To Hit 50K Registrations
There are now 14 new gTLDs to have passed the 10,000 registration mark with .guru still comfortably leading the pack with 50,039 registrations as of 13 April, according to nTLDstats.com. There are also 12 registrars with over 10,000 registrations.
<http://goldsteinreport.com/article.php?article=22156>
<http://www.domainpulse.com/2014/04/14/guru-first-gtld-50k-registrations/>
<http://www.domainnews.com/guru-first-gtld-50k-registrations.html>

Money talks, and Verisign is doing a good job quashing new TLDs
New TLDs represent a growth opportunity for domain name registrars, many of which have seen domain registrations plateauing over the past year.
<http://domainnamewire.com/2014/04/10/verisign-registrar-marketing/>

Famous Four wins .party gTLD contest
Famous Four Media has won the .party new gTLD contention set after coming to a private agreement with the only other applicant for the string, Oriental Trading Company.
<http://domainincite.com/16465-famous-four-wins-party-gtld-contest>

Private Auction Update
The Directors of Minds + Machines Group Limited are pleased to announce that on 22 April 2014 the Company will be participating in a minimum of three TLD private auctions. The auctions are being held in agreement with all contending parties for each TLD and will be conducted by Applicant Auction, Inc.
<http://investors.mindsandmachines.com/2014/04/private-auction-update/>

Famous Four submits .Sport reconsideration request... with Ombudsman?s support
I haven?t written about many new TLD objection appeals (reconsideration requests) because there are so many and few have a chance of succeeding. But a recent one from Famous Four Media for .sport is unique: ICANN?s Ombudsman has supported the company?s call for a rehearing with a different panelist.
<http://domainnamewire.com/2014/04/11/famous-four-sport-ombudsman/>

More new TLD auctions on tap, and Uniregistry appears to be participating
With the start of ICANN?s ?Auctions of Last Resort? quickly approaching, some new TLD applicants are working on last minute contention set resolutions.
<http://domainnamewire.com/2014/04/11/more-new-tld-auctions-on-tap-and-uniregistry-appears-to-be-participating/>

Next week is colorful for new TLDs: 5 Schillings, Afilias colors, and a bit of buzz
Only two of Donuts? new TLDs enter their ?true? general availability phase next week. It will still be a big week for new TLDs as other applicants launch domains.
<http://domainnamewire.com/2014/04/10/new-tlds-april-2014/>

Ready to .Party: Famous Four wins contention set for .party domain
Famous Four Media has resolved its contention set with Oriental Trading Company for the .party TLD.
<http://domainnamewire.com/2014/04/10/ready-to-party-famous-four-wins-contention-set-for-party-domain/>

**********************
 - DNS SECURITY
**********************
Majority of Phishers Targeting Chinese; Phishing Up 60 Percent: Report
Of all domains registered for phishing in the second half of 2013, 85 percent were registered by Chinese phishers, according to a report by the Anti-Phishing Work Group (APWG). The overall number of phishing attacks worldwide greatly increased in the second half of 2013 over the first half, but was lower than the second half of 2012.
<http://www.thewhir.com/web-hosting-news/majority-phishers-targeting-chinese-phishing-60-percent-report>

A Bad Year for Phishing by Greg Aaron
Here at the Anti-Phishing Working Group meeting in Hong Kong, we've just released the latest APWG Global Phishing Survey. Produced by myself and my research partner Rod Rasmussen of Internet Identity, it's an in-depth look at the global phishing problem in the second half of 2013. Overall, the picture isn't pretty. There were at least 115,565 unique phishing attacks worldwide during the period. This is one of the highest semi-annual totals we've observed since we began our studies in 2007.
<http://www.circleid.com/posts/20140409_a_bad_year_for_phishing/>

Amplified DDoS Attacks: The current Biggest Threat Against the Internet by Carlos Alvarez
About a year ago, The Spamhaus Project was victim to what was then considered the worst to date DDoS attack. It directed DNS response traffic at a rate of nearly 300 gigabytes per second against Spamhaus?s name servers flooding them, making them unable to resolve requests for spamhaus.org and making spamhaus.org appear down to anyone unable to resolve the name.
<http://blog.icann.org/2014/04/amplified-ddos-attacks-the-current-biggest-threat-against-the-internet/>

**********************
 - MISCELLANEOUS
**********************
Adrian Kinderis appointed as Chair of Domain Name Association
ARI Registry Services is pleased to announce that CEO Adrian Kinderis has this week been appointed as Chair of the Board of Directors of the Domain Name Association (DNA), the domain name industry's global trade body.
<http://ariservices.com/news-Adrian-Kinderis-appointed-as-Chair-of-Domain-Name-Association.php>

Domain Name Association Officers Elected by Board
The newly constituted Board of Directors of the Domain Name Association (DNA), the Internet domain industry's only global trade association, has elected its officers, the organization today announced. With its leaders in place and a full 12-person board, the DNA will now work to deliver programs that advance its dual mission to educate the public about the expansion of domain names and to serve as the voice of the industry.
<http://www.thedna.org/pr_20140410.html>

Domain Name Association Appoints Adrian Kinderis As Chair
The Domain Name Association, the only trade association to represent the interests of the domain name industry, has appointed ARI Registry Services' CEO Adrian Kinderis as its Chair of the Board.
<http://goldsteinreport.com/article.php?article=22140>
<http://www.domainpulse.com/2014/04/11/domain-name-association-kinderis-chair/>
<http://www.domainnews.com/domain-name-association-kinderis-chair.html>

CentralNic Purchases DomiNIC [news release]
CentralNic PLC, the global provider of registry and registrar services, announced today that it acquired the assets of DomiNIC GmbH, including the DomiNIC domain management software, the product of twenty years of development with a blue chip customer base in the German-speaking countries.
<http://www.domainpulse.com/2014/04/11/centralnic-purchases-dominic/>
<http://www.domainnews.com/centralnic-purchases-dominic.html>

Internet Hall of Fame Welcomes 2014 Inductees at Ceremony in Hong Kong
Twenty-four people who designed and advanced the Internet as the global, world-changing platform that it is today will be inducted into the Internet Hall of Fame.
<http://www.internetsociety.org/news/internet-hall-fame-welcomes-2014-inductees-ceremony-hong-kong>

Uniregistry Whois tells you why a domain isn?t available
One of the most frustrating challenges of pre-registering new TLDs is having the registrar return a search ?not available?.
<http://domainnamewire.com/2014/04/11/uniregistry-whois-tells-you-why-a-domain-isnt-available/>

IPv6 on the Agenda at WTDC 2014
The RIPE NCC, representatives of the other Regional Internet Registries, ITU Member States and Sector Members took part in the International Telecommunication Union?s World Telecommunication Development Conference (WTDC-14) this past fortnight in Dubai, UAE.
<http://www.ripe.net/internet-coordination/news/industry-developments/ipv6-on-the-agenda-at-wtdc-2014>

**********************
 - DOMAINING & AFTERMARKET
**********************
.Asia Registry Partners with NameJet & RightOfTheDot.com to Auction Premium 3-4 Character Numeric .Asia Domains
DotAsia Organisation, registry operator of the ?.Asia? top-level-domain, announced that it has partnered with NameJet.com and RightOfTheDot.com to auction a series of never-before-released premium numeric domain names.
<http://rightofthedot.com/2014/04/asia-registry-partners-with-namejet-rightofthedot-com-to-auction-premium-3-4-character-numeric-asia-domains/>

**********************
ONLINE TV, MUSIC & PIRACY
**********************
Kim Dotcom and Megaupload sued for copyright infringement by music labels
Megaupload may have shut down in January 2012 after its founder Kim Dotcom was arrested on copyright infringement charges, but the cloud storage service is now facing new civil lawsuits from the music and film industries.
<http://www.theguardian.com/technology/2014/apr/11/riaa-mpaa-megaupload-kim-dotcom-piracy-lawsuits>

au: Cinema chief defends $20 tickets, saying illegal downloads 'hurts industry'
The head of a leading cinema chain has hit back at claims that higher ticket prices justify the illegal downloading of movies.
<http://www.smh.com.au/national/movie-pirating-ticket-price-no-excuse-20140411-36ihv.html>
<http://www.theage.com.au/national/movie-pirating-ticket-price-no-excuse-20140411-36ihv.html>

**********************
SECURITY
**********************
Security Flaw Could Reach Beyond Websites to Digital Devices, Experts Say
When the Heartbleed bug was disclosed on Monday, the attention focused on the fallout for major Internet companies like Yahoo and Amazon. But security experts said the potential for harm could extend much further, to the guts of the Internet and the many devices that connect to it.
<http://www.nytimes.com/2014/04/11/business/security-flaw-could-reach-beyond-websites-to-digital-devices-experts-say.html>

'Heartbleed' computer bug threat spreads to firewalls and beyond
Hackers could crack email systems, security firewalls and possibly mobile phones through the "Heartbleed" computer bug, according to security experts who warned on Thursday that the risks extended beyond just Internet Web servers.
<http://uk.reuters.com/article/2014/04/11/uk-cybersecurity-internet-bug-idUKBREA3925Y20140411>

US government warns of Heartbleed bug danger
The US government has warned that it believes hackers are trying to make use of the Heartbleed bug.
<http://www.bbc.com/news/technology-26985818>

Heartbleed bug creates confusion on internet
Computers vulnerable to the Heartbleed bug are actively being targeted online, say security experts.
<http://www.bbc.com/news/technology-26971363>

Online business and security: A flaw in popular internet-security software could have serious consequences for all sorts of business
The Heartbleed bug sounds like a nasty coronary condition. But it is in fact a software flaw that has left up to two-thirds of the world?s websites vulnerable to attack by hackers. ?This is potentially the most dangerous bug that we have seen for a long, long time,? says James Beeson, the chief information security officer of GE Capital Americas, an arm of GE. Since its existence was revealed on April 7th by researchers at Codenomicon, a security outfit, and Google, countless companies around the world that rely on the internet for part or all of their business have been scrambling to fix the flaw.
<http://www.economist.com/news/business/21600691-flaw-popular-internet-security-software-could-have-serious-consequences-all-sorts>

Heartbleed Bug: What Can You Do?
In the wake of widespread media coverage of the Internet security debacle known as the Heartbleed bug, many readers are understandably anxious to know what they can do to protect themselves. Here?s a short primer.
<http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/>

Heartbleed: Don't Panic by Steven Bellovin
There's been a lot of ink and pixels spilled of late over the Heartbleed bug. Yes, it's serious. Yes, it potentially affects almost everyone. Yes, there are some precautions you should take. But there's good news, too: for many people, it's a non-event. Heartbleed allows an attacker to recover a random memory area from a web or email server running certain versions of OpenSSL. The question is what's in that memory. It may be nothing, or it may contain user passwords (this has reportedly been seen on Yahoo's mail service), cryptographic keys, etc.
<http://www.circleid.com/posts/20140412_heartbleed_dont_panic/>

Heartbleed certificate revocation tsunami yet to arrive
Only 30,000 of the 500,000+ SSL certificates affected by the Heartbleed bug have been reissued up until today, and even fewer certificates have been revoked.
<http://news.netcraft.com/archives/2014/04/11/heartbleed-certificate-revocation-tsunami-yet-to-arrive.html>

Half a million widely trusted websites vulnerable to Heartbleed bug
A serious overrun vulnerability in the OpenSSL cryptographic library affects around 17% of SSL web servers which use certificates issued by trusted certificate authorities. Already commonly known as the Heartbleed bug, a missing bounds check in the handling of the TLS heartbeat extension can allow remote attackers to view up to 64 kilobytes of memory on an affected server. This could allow attackers to retrieve private keys and ultimately decrypt the server's encrypted traffic or even impersonate the server.
<http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html>

?Heartbleed? Bug Exposes Passwords, Web Site Encryption Keys
Researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use to encrypt and decrypt sensitive data.
<http://krebsonsecurity.com/2014/04/heartbleed-bug-exposes-passwords-web-site-encryption-keys/>

Tests confirm Heartbleed bug can expose server's private key [IDG]
Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.
<http://www.computerworld.com.au/article/542793/tests_confirm_heartbleed_bug_can_expose_server_private_key/>
<http://www.networkworld.com/news/2014/041414-tests-confirm-heartbleed-bug-can-280640.html>

Fixing Heartbleed bug up to website owners
Security experts warn there is little internet users can do to protect themselves from the recently uncovered ''Heartbleed'' bug that exposes data to hackers, at least not until vulnerable websites upgrade their software.
<http://www.odt.co.nz/news/business/298503/fixing-heartbleed-bug-website-owners>

Heartbleed: A Bug With A Past and A Future
Bruce Schneier stood on the Source Boston keynote stage yesterday and used the word ?ginormous? to describe the severity of the OpenSSL heartbleed bug.
<http://threatpost.com/heartbleed-a-bug-with-a-past-and-a-future/105393>

What Have We Learned: OpenSSL Heartbleed Bug
There?s nothing the Internet loves more than a fat, juicy story that it can sink its sharpened, yellowing canines into. And for the security community, the OpenSSL heartbleed vulnerability has been the equivalent of a 72-ounce steak. But an Internet-breaking vulnerability like this one is no good unless we can learn something from it (or at least give it a clever hashtag).
<http://threatpost.com/what-have-we-learned-openssl-heartbleed-bug/105385>

Cyber Intelligence Asia 2014: CERTs and Industrial Security by Slava Borilin
In March I spoke at Cyber Intelligence Asia 2014, where CERTs from most Asians countries were presented. The fact is that only a few CERTs are now dealing in some way with industrial security, ICS and SCADA matters. One of the best of those is CERT of Japan, which is doing a great job here, and Jack YS Lin provided a nice overview of their activities and experience. Japan has a national ICS Test Bed, somewhat similar to Idaho National Lab, and is the only country besides the US that has an ISASecure certification entity. However, not all Japanese CNIs (Critical National Infrastructures) or even Industrial Automation vendors are doing enough in the security space.
<http://threatpost.com/cyber-intelligence-asia-2014-certs-and-industrial-security/105403>

Australian Attorney General Picks Surveillance Over Fair Use on U.S. Visit
"Australia is ready for, and needs, a fair use exception now." These were the unambiguous words of the Australian Law Reform Commission's report investigating how to modernize the country's copyright laws. Specifically, the Commission called for a fair use doctrine that resembles that of the U.S., with the same four-factor balancing test.
<https://www.eff.org/deeplinks/2014/04/australian-attorney-general-picks-surveillance-over-fair-use-us-visit>

Microsoft Touts Data Protection Approval in Europe; Eager for New Customers
Online privacy is heating up as a selling point, at least in Europe. Microsoft?s top lawyer on Thursday said the company?s cloud computing services had met Europe?s stringent data protection rules ? the only company so far to receive such approval ? and he used the news as a way to woo potential new customers.
<http://bits.blogs.nytimes.com/2014/04/10/microsoft-touts-data-protection-approval-in-europe-eager-for-new-customers/>

Australia depending on vulnerable "cyber" environment: DSTO
Internet security is top of the agenda in the development of a new framework for Australia's national security and technology policy.
<http://www.zdnet.com/australia-depending-on-vulnerable-cyber-environment-dsto-7000028379/>


------
David Goldstein

 email: david at goldsteinreport.com

 web:   http://goldsteinreport.com/ / http://davidgoldstein.tel/
 Twitter: &#167;GoldsteinReport
 phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home

"Every time you use fossil fuels, you're adding to the problem. Every time you forgo fossil fuels, you're being part of the solution" - Dr Tim Flannery
Received on Mon Apr 14 2014 - 03:49:15 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:11 UTC