[AxisOfEasy] Never Use The Word “WishList” When Dealing With ICANN


Weekly Axis Of Easy #92


Last Week’s Quote was  “I will fight for your right to be weird, as I know you will fight for mine ”  by Hunter S. Thompson, baby. Winner was Jennifer.

This week’s quote: “Mankind is governed more by their feelings than by reason” by…. ?

THE RULES: No searching up the answer, must be posted in the comments below:

The Prize: First person to post, gets their next domain or hosting renewal on us.


This week my adopted homeland of Barbados (someday, anyway), will be hosting ARIN 43 and CaribNOG events. The same week my wife’s book is hitting the stores in B’Dos, so we’re headed down. If you’ll be at CaribNOG come find me and say hello (I’ll be the guy in the easyDNS t-shirt and I’ll be packing swag).

In This Issue:
  • Apache web server bug grants remote root under shared hosting environments
  • No, your social security number has NOT been suspended
  • ICANN bans domain policy luminary from WG participation
  • Zuck calls for more regulation while millions more F-Book user records found wide open online 
  • AirBnB has a problem with homeowners concealing hidden cameras in awkward places 
  • Genealogy company: We have a moral duty to share your DNA data with the FBI
  • easyDNS enters TLD space as DNS provider for .BB

Apache web server bug grants remote root under shared hosting environments

The Apache Foundation released updated server version 2.4.39 which fixes a weakness in Unix versions 2.4.17 thru 2.4.38. The vulnerability allows an attacker to escalate privileges within a shared environment (cPanel, Plesk) and execute commands with the userid of the parent process (which is often enough, root). This bug has been assigned CVE-2019-0211.

Read: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

No, your social security number has NOT been suspended

I would guess most people who read #AxisOfEasy would know that a robocall coming in that tells you your social security number has been suspended and to talk to a call agent would be a scam. The FTC issued an advisory on this, noting these calls started up about a year ago. A similar scam I saw recently was a screen pop from a hostile script on a web page you might visit flashes a “computer infected, call for support” – that one looked like an Apple alert which came up on my mom’s computer.

What you can do is forward the following article to your colleagues and relations (parents? Most of our kids are more savvy than we are at this stuff) because it describes the general nature of these vectors:

ICANN bans domain policy luminary from WG participation

George Kirikos is a Toronto-based domain investor who operates properties like math.com. He is also an undisputed expert in all matters relating to domain policy, ICANN and naming governance. He proof read and advised me on the domain policy sections for my book and is an all around voice-of-reason in the endless litany of policy initiatives to come out of ICANN. For that reason, he’s a gadfly and a source of vexation to certain constituents within it.

He was also an active participant in the ICANN Working Group ecosystem, where he was participating in a Policy Development Proposal (PDP) around domain name dispute mechanisms. All that is now over, ICANN claiming George has “elected to not accept and agree to abide by ICANN’s Expected Standards of Behavior (ESOB)” and has been ejected from the WG and has had his status revoked. Purported deviant behaviour includes use of the word ….. (wait for it) “wishlist”, a word used in the same proceedings by other participants.

George has set up a new website (here at easyDNS, of course!) aptly called freespeech.com to document and timeline his struggles with ICANN on this.

Zuck calls for more regulation while millions more F-Book user records found wide open online

Last week Bloomberg reported on the security research firm Upguard had found yet another trove of F-book user data sitting wide open and accessible in Amazon S3 buckets. Once again, a third-party app developer, this time Mexican firm Cultura Coletiva left 146 GB, > 540 million record data stash containing: comments, likes, reactions, account names, F-book ID’s “and more”.

This happened in the same week Zuck called for more government regulation to govern how social media networks operate.

I don’t think Zuck really cares about end user privacy or election integrity. He’s following a well worn playbook that de facto monopolies work out of: increase the regulatory burden on all players so that only the large ones, the ones with the quasi monopolies and fat government contracts can afford to comply with. This was quite literally explained to me once by a an entrepreneur-in-residence to a legal consultancy who was advising one of the big-4 Canadian banks with respect to Bitcoin. He called it “pulling the ladder up behind you”.

Readhttps://www.upguard.com/breaches/facebook-user-data-leak

AirBnB has a problem with homeowners concealing hidden cameras in awkward places

I’ve never used AirBnB, so this never even occurred to me. When I travel I won’t even stay with relatives or friends. I like to pick a hotel, settle in and then be free to run around in my underwear with a lampshade on my head in relative privacy and seclusion.

But according to the The Atlantic, AirBnB has a problem with undisclosed cameras in the rental units. The ToS allows owners to place cameras to monitor the exterior and common areas.  It is understandably verboten to put cameras in sleeping areas, and of course, the bathrooms.

Apparently, that’s not always how it works out.

 

Genealogy company: We have a moral duty to share your DNA data with the FBI

The home testing DNA and genealogy company FamilyTreeDNA has taken the position that it has a “moral responsibility” to share customer DNA data with the FBI. This is the outcome after the company (as reported in #AxisOfEasy 84) faced a backlash over revelations that after helping the FBI solve a cold-case in a one-off event, they had entered into an ongoing data sharing arrangement.

Nobody has a moral duty to be customers of FamilyTreeDNA so I guess it all evens out.

easyDNS enters TLD space as DNS provider for .BB

No nepotism involved, I swear. But when your wife is from an island paradise, and every time you visit the place you loiter at the local telecom and schmooze with the registry operators, after a few years of this, they’ll move the TLD onto your nameservers just to shut you up. That’s pretty much how it happened. Anyway, like I said, this week, Barbados, ARIN and CaribNOG – if you’re there come say hi.

Read: https://www.caribnog.org/

8 thoughts on “[AxisOfEasy] Never Use The Word “WishList” When Dealing With ICANN

  1. This week’s quote is from Samuel Adams… known for the Boston Tea Party and for having a lager crafted in his name 😉 I knew my US education would come in handy one day…

  2. On the topic of ICANN and their direction of allowing pricing free for all on some of the traditional TLDs
    I believe that it should become the standard that after a new gTLD has become well-established (such 10+ years in operation or past so many registrants) that it starts to be restrained from wild price increases well beyond inflation. This is a key thing required to help those new gTLDs to become acceptable as a primary domain for an organization. My current recommendation to clients about the new gTLDs is to not use them as a primary identifier (what a domain name essentially is after all) until we can be sure we don’t have any issues of volatility of that name space, including pricing.

Leave a Reply

Your email address will not be published. Required fields are marked *