Larry Seltzer

ICANN GNSO has been studying the problem of Domain Tasting for months now in their usual thorough manner. I wrote about the study several months ago and said I expected no prompt action. They have gotten to the point of issuing an initial report. This report discusses the input received by the GNSO during the […]

As we reported earlier, Network Solutions has taken the extraordinary step of registering domains as you search for them. The company acknowledged what is obvious to anyone testing the process and states that it is doing it in order to protect users from abuse by third parties. Network Solutions has responded to criticism with some […]

The use of domain names in most phishing is relatively crude, You see a lot of names like www.somefreewebsite.com/~ingrid/www.bankofamerica.com/…. There’s no SSL, and the tricky part of the domain name is off to the right. A user would really have to ignore the domain name and focus on the body of the page, which is […]

Its as true of any operating system as it is of Windows, but Windows gets a harder time for it: Bad device drivers make for a bad computing experience. Device drivers are effectively system software. Very often its hard to tell the difference between a device driver problem and a Windows bug, and this is […]

I can remember back when anti-virus companies used to test their updates before they sent them out to customers. But then again, I can remember the Johnson administration (Lyndon, not Andrew), so I’m relatively (ahem!) experienced. Anyway, times have changed. The anti-virus business has moved to the Netscape business model of shipping products and letting […]

Security vendors like to report spam numbers, including the overall percentage of e-mail that is spam. The consensus on this number is north of 90 percent now. You’ll see some lower numbers, including about 60 percent from Symantec, but that number discounts certain classes of spam. Essentially, the percentage of e-mail that is spam is […]

The DNS is fragile they say. Not only is it another one of those old Internet protocols that was never designed to handle either the load or the level of attack to which it is subjected today, but the sheer number of DNS servers out there is immense, and many are misconfigured. Imagine then trying […]

I can imagine, back in 2000, a company taking offense at a vulnerability report and having a bad attitude about it. Back then you could forgive people for thinking that exposing such problems will make things worse. Things are different now. There’s only one way to approach such things these days: embrace the idea that […]

Look back at the security news three or four years ago and you’ll see a “worm of the week” phenomenon in action. Malware was spread, and botnets created, through e-mail messages. These e-mail messages had attachments and social engineering that attempted to trick the user into running the attachment. This approach is now comparatively rare, […]

I can sympathize with Microsoft’s Jeff Jones. We both like to throw gasoline on a fire now and then. It’s fun to see the flames that ensue. The flames last week came from Mozilla, responding to Jones’ Browser Vulnerability Analysis report. Jones, a “Security Guy” at Microsoft, has made a hobby of monitoring and reporting […]