Tag Archive for YouTube

RB | January 24, 2011
No comments

Social Media Sites Implement SSL

In the wake of the October 2010 release of Firesheep many social media websites are stepping up their security. Firesheep is a simple-to-use user account hijacking tool which can give attackers temporary full access to accounts from many of the most popular social media websites.  Social media sites like Facebook, Twitter, Gmail, Hotmail Flickr and WordPress,  have begun to add full end-to-end encryption.

George Ou at Digital Society tracks SSL implementations on web-sites and has created an online services report card. The report card grades the way that social media sites  implement full end-to-end encryption, and what generic protocols are deemed safe. The latest report card looks like this:

The table from Digital Society indicated that only Gmail.com and WordPress free hosting site  get an “A” and are fully impervious to partial and full sidejacking and full hijacking of HTTP sessions. The report card gives Facebook, Twitter and Microsoft’s Hotmail failing grades. The bottom part of the table refers to generic protocols that are commonly used by computers and smartphones.  The majority of devices use unsafe versions of protocols according to Digital Society.

Microsoft (MSFT) has announced the general availability of the full-session SSL (HTTPS). The security upgrade has also been applied to other Live services,  including SkyDrive, Photos and Devices. MSFT says to activate full session SSL (I recommend you do, especially if you ever access these services on public or shared computers), head on over to https://account.live.com/ManageSSL. After completing their form SSL is activated and  all future Web connections will be protected.  It’s important to note, however, that flipping the SSL switch means you won’t be able to reach your Hotmail via Windows Live Mail (desktop), the Outlook Hotmail connector, or the Windows Live app for Windows Mobile 6.5 and Symbian.

The latest Google (GOOG) site to support  SSL-encrypted connections is Google’s Picasa Web. As with many other sites, though, not everything displayed on Picasa Web is encrypted. While the home page and upload form are fully encrypted, gallery pages report as being only partly encrypted. The Google Operating System blog says that many Google services now support HTTPS connections: Gmail (enabled by default), Google Reader, Google Groups, Picasa Web Albums, Google Search, Google Finance, YouTube (partly encrypted). Other services only support encrypted connections: Google Calendar, Google Docs, Google Sites, Google Health, Google Analytics, Google AdSense and AdWords, Google Web History, Google Bookmarks, Google Voice, Google Latitude, Google Checkout.

rb-

Even average users are a bit more in-tune when it comes to security and privacy on the Web today (thanks in part to the recent Firesheep threats). There’s a simple solution: browse using HTTPS when possible. The easiest way to do that is to use Mozilla Firefox and the HTTPS Everywhere from the EFF, which I use and wrote about here.

Related articles
Category: Security, Social Networking | Tags: , , , , , ,
RB | August 7, 2010
No comments

Zombie Cookies

If are a frequent visitor to YouTube or just stopped by Scribid to check it out just once, or any other Flash site the odds are you have zombie cookies lurking on computer that you thought were long gone according to Helium. The following sites have recently been named in a lawsuit for installing zombie cookies on computers.

  • ABC
  • ESPN
  • HULU
  • MySpace
  • MTV
  • NBC
  • Scribid
  • YouTube
  • Most other site utilizing Flash

When you visit a web-site they generally place a cookie on your computer, which you can delete. But you delete a zombie cookie it comes back to life in sense – hence the cool name.  The problem was first identified at UC Berkley. They noticed that they were deleting cookies, but they kept coming back over and over again. No amount of deleting them would kill the nasty little buggers off. After tracking down their location the only fix that was easily available at that time was deleting the cookies and Adobe Flash Player (NASDAQ: ADBE). It is reported that Flash is installed  on about 98% of all personal computers and the odds are almost all of those computers have visited a site that planted a zombie cookie. Quantcast created zombie cookies and the firms calls them  “unintended consequence.”

Wired reports the lawsuit (PDF), filed in U.S. district court in Central California, asks the court to find that the Quantcast Zombie Cookie practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws. The lawsuit alleges a “pattern of covert online surveillance” and seeks status as a class action lawsuit. Privacy activist lawyer Joseph Malley filed the lawsuit. Maller also played key roles in other high-profile privacy lawsuits with Facebook and Netflix. “The objective of this scheme was the online harvesting of consumers’ personal information for Defendants’ use in online marketing activities,” wrote Malley, who called the technique “as simple as it was deceptive and devious.”

Zombie cookies are bad if you care about maintaining your privacy. Zombie cookies are forced upon your system and cannot be deleted by normal means. Zombie cookies are made pretty simply. When a zombie cookies from Quantcast is deleted, the QuantCast program goes back to the storage bin and retrieves your user id in HTML format. It then re-applies that user id, but hides it in the Flash  application where you can do almost nothing about it. It really is that simple. Getting rid of zombie cookies is a pain, but definitely can be done. Helium suggest that short of ditching Adobe completely, you can go to Adobe’s webpage and set controls on the Global Privacy Settings page. If you use Firefox you can get rid of Flash cookies – including zombie cookies by using the BetterPrivacy add-on.

rb-

No wonder there is a growing chorus to abandon Adobe for security reasons. What other surprises does Adobe have coming?

Related articles
Category: Malware, Security | Tags: , , , , ,
RB | February 2, 2010
No comments

YouTube Goes IPv6

YouTube. one of the most popular,biggest time-wasters and bandwidth hogs on the web is now IPv6 too. Hurricane Electric,whose IPv6 backbone. the largest in the world reports a 30x increase in  IPv6 traffic originating from YouTube.

“On Thursday, midday California time, we saw a large amount of inbound IPv6 traffic, which we knew came from Google,” Martin Levy, Director of IPv6 Strategy at Hurricane Electric told PCWorld in a recent article. “IPv6 traffic came into ISPs from all over the world when Google turned up its IPv6 traffic on YouTube,” Levy says. “IPv6 is being supported at many different Google data centers. We’re talking about a traffic spike that is 30-to-1 type ratios. In other words, 30 times more IPv6 traffic is coming out of Google’s data centers than before.”

The YouTube IPv6 traffic appears to be production, as opposed to a test because it has remained steady since it started and is following normal usage patterns, Levy told PCWorld, “This IPv6 traffic is mimicking classic end-user bandwidth shaping,”  “It’s not machine driven; it’s human eyeball driven.”

Industry observers hailed the YouTube upgrade as a sign of the growing momentum for the next generation Internet protocol, “This is not some IPv6-enabled scientific site…This is the mainstream media” Levy observes.

NetworkWorld reports that Google is anticipating IPv6 traffic growth as more devices such as LTE handsets and set-top boxes ship with IPv6 support. Google already supports IPv6 with its Search, Alerts, Docs, Finance, Gmail, Health, iGoogle, News, Reader, Picasa, Maps, Wave, Chrome and Android products.

Category: IPv6, Networking | Tags: ,
RB | April 18, 2009
No comments

DRP’s Must Include Social Media Threats

Domino’s Pizza is the latest firm to realizie that  social media has the reach and speed to turn tiny incidents into marketing crises.  Domino’s Vice President of Communications Tim McIntyre told AdAge.com: “Any idiot with a webcam and an internet connection can attempt to undo all that’s right about the brand” in reaction to several vidoes posted on YouTube (and now elsewhere) on Monday (04-13-09) by two Dominio’s Pizza employees in North Carolina which showed them allegedly tampering with food to be served to customers.

On Tuesday (04-14-09), the Domino’s franchise owner brought in the local health department, which advised him to discard all open containers of food, which cost hundreds of dollars and fired the employees, identified  as  Kristy Lynn Hammonds, 31, of Taylorsville, N.C., who was convicted of sexual battery last June  and was convicted of possession of stolen goods and damaging a vending machine in 1995 accrding to media reports and Michael Anthony Setzer, 32, of Conover N.C. are each charged with felony distributing prohibited foods Setzer was released from the Catawba County jail on $7,500 bond, while Hammonds remained in custody.

Domino’s McIntyre said, ” We’re re-examining all of our hiring practices to make sure that people like this don’t make it into our stores,” McIntyre continues, “We got blindsided by two idiots with a video camera and an awful idea.”

In just a few days, Ann Arbor, MI based Domino’s reputation was damaged. The perception of its quality among consumers went from positive to negative since Monday (04-13-09), according to the research firm YouGov. “It’s graphic enough in the video, and it’s created enough of a stir, that it gives people a little bit of pause,” said Ted Marzilli, global managing director for YouGov’s BrandIndex in a NYT article.

The company considers each viewing of the video to be damaging to the Domino’s Pizza brand, McIntyre said. “We are absolutely 100 percent going after these people,” McIntyre said. “Our brand is far too valuable to let these guys try to ruin it all in the guise of a hoax.”

This incidnet is further proof that companies cannot afford to ignore social media. The Domino’s incident proves that responding to social-media incidents have to be added to disaster recovery plans. Firms need to pay close attention to what is being said about them online. In this case, Domino’s only found out about the videos because a blogger told them, according to the New York Times.

Firms need to add situations including negative stories that appear in social media to their DRP’s. Th benefit of a DRP is that a plan of action is in place. During a social-media crisis, there is no time to figure out the technology.  Domino’s response was  not to respond aggressively, hoping the controversy would quiet down. “What we missed was the perpetual mushroom effect of viral sensations,” McIntyre said. It is reported that the Domino’s videos were viewed more that 1 million times on YoutTube, references to it were in five of the 12 results on the first page of Google search for “Dominos,” and discussions about Domino’s had spread throughout Twitter before they were taken down by the poster.

In the heat of a crisis there is little time to open accounts on YouTube, Twitter or the Web 2.0 de-jure, get up to speed on how to use the technology and formulate the response to the problem while that problem is unfolding.

Firms that are not involved in social media should establish a web 2.0 presence for a defensive position. Firms can use their existing online channel to immediately get their message out to inerested readers. The firms larger larger follow-up resonse should match the offending social-media vector, be it Twitter and YouTube.

Like other elements of the firms disaster recovery plan,  firms should stage mock social-media crisis and figure out what to do if an employee or a customer posts harmful social-media information online.

Of course all good security policies and DRP’s require strong enforceable policies. The DRP should describe how to respond. in this case,  the company “decided not to respond aggressively, hoping the controversy would quiet down. “What we missed was the perpetual mushroom effect of viral sensations,” Domino’s spokesman, Tim McIntyre, told the Times Before a crisis strikes, the firms must develop a company policy that explains the impact of social media and outlines what employees can and cannot do on social media sites when they are identifiable as members of your value-chain.

rb-

Category: Business, Business Continuity, Michigan | Tags: , , ,
RB | July 12, 2008
No comments

Another Bubble

Updated 07-15-08

Over at Technology Review they have also noted the up-tick in global fiber construction. In the July/August 2008 issue, David Talbot has a brief article New Oceans of Data A transoceanic building boom is fueling Internet growth with some really cool graphics of new construction.

rb-

The Financial Times reported that seven years after the first boom in undersea cable construction flooded the market with excess capacity and triggered a telecoms meltdown, new data from TeleGeography reveals that the business is in the midst of a new investment boom. TeleGeography projects that at least 25 new cables, costing about $6.4 billion, will be built between 2008 and 2010 or more.

Alan Mauldin, research director at TeleGeography, says the increasing capacity requirements on under sea cable systems connecting the continents has been driven by the emergence of content-rich network applications and the growth of the internet, which, “are warranting upgrades to existing routes, as well as construction of new cables on the less served routes”.

Driving the new demand for new fiber is the growth of broadband connectivity. In 2001, only 30 million households worldwide had access to broadband internet connections. By the end of 2007, that figure had grown to more than 337 million households. At the same time, growing broadband penetration and increased end-user access speeds have enabled a host of new applications and services to thrive, “Video is now the primary driver of internet traffic growth,” notes TeleGeography. Applications such as YouTube, the iTunes online store, and peer-to-peer applications such as BitTorrent, are helping internet users consume huge amounts of bandwidth.”

Demand is also being driven by fast-growing telecom and internet markets in some developing countries. TeleGeography estimates that the demand for international bandwidth grew on average by 52 per cent a year between 2002 and 2007.

Global Crossing‘s recent announcement of expanded capacity of more than a terabit of capacity on its mid-Atlantic crossing fiber-optic cable system demonstrates the trend. Global Crossing said it had added capacity to meet rapidly growing demand for Internet Protocol and Ethernet transport among customers to enhance connectivity between North America, Latin America and Europe. “… Global Crossing has experienced annual increases of more than 60 percent in demand between 2004 and 2008,” says Gary Breauninger, Global Crossing’s chief marketing officer.”We are increasing capacity to handle … the huge demand for IP connectivity and broadband services, including emerging services such as IPTV and mobile broadband.” John Legere, Global Crossing’s chief executive. “We are reaching the point where demand is outstripping supply,” allowing Global Crossing to raise prices on some routes for the first time since the telecoms meltdown.

Nevertheless, TeleGeography cautions investors that these boom conditions do not necessarily translate into more general price increases or higher profits. While carriers are selling much more bandwidth each year, analysts note that more of their customers are opting for high-speed circuits, which carry a lower price per Mbps (megabits per second) of capacity. As such, the effective price of network capacity (the price per Mbps of capacity sold) is falling more rapidly than actual circuit prices.

“Despite the improving market conditions, it is not yet clear that carriers have learned from the lessons of the last bandwidth bubble, and its subsequent bust,” noted the TeleGeography report. “Demand for bandwidth remains strong, but profits remain elusive.

TeleGeography also points out that there is still substantial excess capacity on many older subsea cables. “In light of the tremendous untapped potential capacity on many submarine cables, it may seem surprising that a new submarine cable-building boom is under way,” the company says in its report.

Related articles
Category: Broadband | Tags: , , , , ,
  Recent Entries »

Switch to our mobile site