When ICANN talks about the benefits of increasing the gTLD name space they frequently mention how these additional domains can be used by commercial enterprises to advance the marketing of their brands, or employed by cultural and religious affinity groups to better promote the ideas and agendas of those associations. Mentioned less frequently is how some of these new gTlds could also be a force to make for more secure web sites, further the protections on sensitive PII data and help reduce phishing attacks. Registrars in the .com space presently ask two questions from their customers: Is your 2nd level domain name unique and is your check good? You answer yes to those and your 2nd level is accepted. It's not the registrar's purview to conduct investigations of their customers and pass judgment on their domains' suitability. The acquirers of these new gTLDs however will have the option of reserving the new gTLD for their exclusive use or to become in effect a registrar for that domain. And it would be their prerogative as to who could have a 2nd level in that new domain. What if an entity, a trade group association in this example, secured the rights to .secureonlinebanking and wanted to open it up to only legitimate banks? In this case those banks who wish to put their firms into this new top level would have to show proof they are a legitimate lender and not a phisher. The registrar could charge a higher registration fee to cover the costs of a thorough criminal background investigation of their new members. What if the registrar also wants to mandate that their member web sites meet a high level of security? The persistent criticism of Sarbanes-Oxley and PCI-DSS compliance is that it accomplishes only checklist security. In our example the registrar could go beyond a baseline level of security and require more stringent and exacting security controls such as more frequent and thorough vulnerability scanning or pen testing. These extra secure gTLD's would function in effect as bastion enclaves for financial institutions and e-commerce sights and recognize the importance of assuaging the fears of customers whose comfort level with e-business is not particularly high right now in lieu of the recent data breaches at retailers, such as Target and Neiman Marcus. Having an e-business in one of these enclaves would bestow on it a good data security seal of approval. And that would be a marketing opportunity that they could take to the bank.

Ipad I - The Abandoned Tablet

I didn't pay much attention last year to Apple's announcement that it would cease providing IOS upgrades and updates for the Ipad 1. I use mine primarily for recreational use: the NY Times crossword puzzle, Scrabble, Neflix and personal email. I have a good number of PDF's on various infosec topics that I have collected but the odd file system in the IOS has been a bit of an irritant in storing them so I've preferred to peruse them on my laptop. But recently my most frequently used apps have become noticeably and increasingly unstable, including basic web browsing. The original Ipad has only 256 meg of memory and this is indicated as the culprit for the apps' crashing. Yet it's curious that only now has it become a chronic problem. Apple has announced that all apps for the Ipad line must be optimized for IOS 7 by February. I don't think that this augurs well for Ipad 1 owners. I paid over $800.00 back in June of 2010 for my 3G Ipad 1 with 64 Gig storage and I don't think that a device that is less than 4 years old should be rendered obsolete in this manner. In contrast, big bad Microsoft is only pulling the plug on Windows XP this coming April, almost 13 years after it first shipped in 2001.