TechImpact / it happens there first

Firefox gets an update? I asked myself as I watched my browser patch and reboot itself while I waited. I thought IE was the problem. Apparently, according to the PC World article, the Firefox crew saw that everyone was advised to switch browsers, and had an OH! moment. Now we sit at Firefox 3.0.5 -- once again safe from: two critical Firefox problems that could allow an attacker execute a cross-site scripting attack, a third that could make it crash or allow someone to remotely execute code, a partridge and a pear tree.

by Chris Gamble

After many sleepless hours of waiting for the new Internet Explorer patch to fix one of the "really" bad zero day exploits, our friends at Microsoft have release their Internet Explorer Fix.

If you have been sleeping under a rock the last week and missed the blogs, news articles, TV shows, and many full length novels about it, this patch addresses a recent exploit in Internet Explorer that would permit a bad-guy to take over your computer and steal your passwords. Before the patch was released, a reported 10,000 websites were impacted.

Not entirely sure how a problem with a browser effected 1 website, much less 10,000, but thankfully we are all safe now.

by Chris Gamble

October 1, 2008 was a dark day. Not because the stocks went on a wild ride, crashing and thrashing any thought of retirement. No, October 1 was much worse.

While we are all patiently waiting for the full disclosure some time around the 16th, the basics released are that TCP has been shown universally vulnerable to denial of service attack using as few as a handful of bots. Back in the beautifully naive days of September, a denial of service attach (DOS) required thousands to millions of computers programed to launch their assault at an unsuspecting target. This was mostly achieved by various techniques including flooding the target server with enormous amounts of initial connections (SYN), then abandoning the conversation. Back then, it took effort to take a system down.

Flash forward to black Wednesday, the new techniques discovered allows this same effect with 9 - 10 connection attempts, a small enough number that the entire attack could be carried out from a single machine. Such an effect could prove disastrous for web sites, national security, and our prized waffle recipe.

So, is this the end of the world, or just media hype? Well, since all of the attacks being discussed are theoretical, the only way to really know is wait for full disclosure at the T2 conference in Helsinki, Finland on October 16 - 17 2008.

For up to date news on this issue: see Robert Lee's blog on Sock Stress.

by Chris Gamble

A few weeks ago, I received dozen calls from customers / domain name owners, each with the same question : "Do I really loose my domain name if I don't register for this new China based name?"

In their defense, the letter to register your brand new .cn name to protect your companies brand and reputation was well enough written that anyone might believe their intellectual property was in danger. I'll admit that I had to read it twice to make sure.

That was last week. Skip to next year when ICANN puts up hundreds of top level domains for sell. A top level domain is the far right side of your domain name. Top level domains (TLD) are currently limited to country specific (including the popular .TV domain), or to define organization type. The organization domains are .COM, .ORG, .NET, and .INFO. This isn't an exhaustive list, but hopefully enough to give you an idea of what is up for sale.

The price and rules for these new domains has not been approved, but pricing is expected to be around $100,000 dollars, with a list of rules to approve a new TLD intended to prevent offending any government body. With censorship and high cost, it would be safe to expect that a limited number of new TLD's will pop up when this starts, and pre-internet ages that would be a fair expectation. Of course, we are in an age where a single domain name can auction for ten times that value. I doubt any rules will be enough to adequately deter the wave of speculators and investors that are sure to be waiting, cash and names in hand. Each with a business plan that is able to explain to every domain name owner they look up how their new internet real-estate is as valuable if not more valuable than the venerable .COM. One year and one month from now, I expect chaos, and a hundred letters a day selling me my name internet presence.

Until then, I will continue to advise clients and friends alike -- build a brand and don't sweat the imitators. Even before the new TLD's, there are too many synonyms, misspellings, and number for letter replacements that 1t's practically impossible to lock down every one. So what is building a brand in the internet age? With all these names are in existence, and so many more about to sprout, search engine optimization (seo) will become essential to the next round of internet branding.

by Chris Gamble