Detroit News November 30 1967 J L Hudson’s Thanksgiving Day Parade
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
– Updated 03-26-2017 – Vizio will pay $2.2 million to the FTC and the state of New Jersey to settle a lawsuit alleging it collected customers’ television-watching habits without their permission.
In addition to the $2.2 million in payments, Vizio will now have to get clear consent from viewers before collecting and sharing data on their viewing habits. It’ll also have to delete all data gathered by these methods before March 1st, 2016 according to the Verge.
—
Just in time for the Black Friday consumerism orgy of spending, Help Net Security reports that you are giving away more than cash when you buy a Smart Television from Best Buy or whoever. It turns out that owners of Smart TVs manufactured by California-based consumer electronics company Vizio (VZIO) viewing habits are being tracked and sold to third parties. The Vizio privacy policy says;
… VIZIO will use Viewing Data together with your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements … delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV.
Vizio’s competitors Samsung (005930) and LG Electronics (LGLD) can also track users’ viewing habits via their smart TV offerings, ProPublica‘s Julia Angwin pointed out, but the feature has to be explicitly turned on by the users. The collection of viewing data by Vizio’s Smart TVs is turned on by default, as is the Smart Interactivity feature that manages it.
According to the IEEE, Vizio smart TVs can track data related to whatever TV programming and related commercials you’re watching and link such data with the time, date, channel, and TV service provider. On most of the over 15 million Smart TVs sold, Vizio will also track whether you view TV programs live or later on. Vizio knows what you’re watching even if it’s a DVD being played on a gaming console or a show being watched via cable TV. The identification tracking technology can differentiate between 100 billion data points.
While, in theory, IP addresses are not personal information, they actually can be linked to individuals if there is enough information (specific attributes like age, profession, etc.) tied to it.
ProPublica‘s Angwin’s sources, tell her that Vizio has been working with data broker Neustar to combine viewing data with this type of information about the user.
Even though users can turn off the spy technology, which will not won’t affect the device’s performance, the problem is that many, many users won’t bother reading the privacy policy or change the default settings once they set up the TV and start using them.
TechHive reports that backlash against intrusive spying has started. Two lawsuits (Reed v. Cognitive Media Network, Inc. (PDF) and David Watts et. al. v Vizio Holdings Inc et. al. (PDF)) have been filed in California against Vizio and their partners about their data collection habits.
The suits accuse Vizio and Cognitive of secretly installing tracking software on the former’s smart TVs in a way that violates various federal and state laws.
The suits allege that Vizio violated the Video Privacy Protection Act. The Video Privacy Protection Act prohibits any company engaged in rental, sale, or delivery of audio-visual content and not necessarily just videotapes from divulging any personally identifiable information about its customer to a third party, except where the customer has clearly consented to such data sharing.
Of course, Vizio has previously argued it’s not a videotape service provider at all, and so this particular law doesn’t apply to it.
rb-
I pointed out as far back as 2011 that Smart TVs are a dumb idea for privacy.
Consumer Reports offers tips on how to stop your Smart TV from spying on you here.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
The Internet is organized into domains. Readers of Bach Seat are familiar with the .net domain since you got here. You are also probably familiar with other web neighborhoods like .com where Facebook and Google live. The folks in charge of the Intertubes have added more neighborhoods or technically Top Level Domains (TLD), and now we have over 1,000 TLDs, many of which have only been around for the past two years.
This rapid growth raises questions about how well those in charge of these new TLD’s secure their neighborhood against malware and other threats. CSO Online explains that just like any city, the Web has neighborhoods where dubious activities often take place: spam, scams, the distribution of potentially unwanted software (PUS), malware, botnets, phishing, and other suspicious activity.
Web security and WAN optimization firm Blue Coat Systems (BCSI) regularly analyzes hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to track “shady activity” on the Web. In September, it released Do Not Enter: Blue Coat Research Maps the Web’s Shadiest Neighborhoods (PDF), with a list of the 10 top-level domains (TLDs) on the Web that are home to shady sites.
Blue Coat recommends that organizations take steps to protect themselves, including blocking traffic to the riskiest TLDs and cautioning users to be careful clicking on any links that contain these TLDs. It further suggests that users who are unsure of a source hover their mouse over a link to help verify that it leads to the address displayed in the text of the link, or “press and hold” links on a mobile device to do the same verification
Blue Coat’s list of TLDs most associated with shady sites is constantly in flux but here is their September list.
.kim – The .kim TLD hosts some legitimate domains, most notably a Korean tech blog and several Turkish sites. According to Blue Coat, the TLD earned its shady online reputation due to the presence of scam networks linked to PUS, malware, and at least one domain that hosts a domain generation algorithm (DGA) used to pump out domain names that can be used with malware according to the blog.
.science – The .science TLD may be a victim of its own marketing. In trying to raise the TLD’s profile, the registry gave away free .science domains and became one of the shadiest TLD’s on the web. Blue Coat’s Larsen described their downfall in the CSO article. “Generally they tend to run into trouble when they run promotions for bulk registrations for really low prices … If you can register a domain for a buck, generally there will be bad guys there registering domains.” He says the .science domains seem to be largely associated with spam, and scam sites. The shady activity included a sizable network of ebook sites, which led to a download network that’s been associated with PUS activity in the past.
party – Mr, Larson told CSO that a number of the sites on the .party TLD may seem legitimate. However, he warns, “There are some yellow flags.” of search engine poisoning. The TLD also hosts a number of MP3 sites — probably piracy or something malicious. There’s also a site that hosts what appears to be a shady tracker.
.link – The .link TLD is rife with porn content delivery networks and piracy sites, neither of which is counted as “shady” by Blue Coat. There are apparently a handful of legit sites in .link but beyond these legitimate domains are a host of survey scam sites. “Historically, it’s been a place for spammers to live,” Larsen says.Of course, there are well-run TLD’s. The best according to Blue Coat are:
rb-
These TLD’s are why companies like BluseCoat, Websense, and OpenDNS are in business. (OK- Websense and OpenDNS are no longer stand-alone companies anymore. Websense was gobbled by defense contractor Raytheon and then spit out as ForcePoint and OpenDNS has been assimilated into Cisco (CSCO).
You can use these tools to just block almost anybody from going to these shady parts of the web for the reasons explained above.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
The sun is setting on the Cat 5e cabling standard. The long-standing standard defined how most commercial spaces around the world were cabled for nearly 20 years. Starting in 2017 Cat 5e will be considered obsolete for new installations following a decision by the ISO/IEC cabling standards body.
In a recent blog post at CommScope (COMM), the ISO cabling standards body JTC1/SC25 WG3 working group agreed to raise the minimum horizontal cabling requirement. The new standard is stated in ISO/IEC 11801-2. Office space requirements change from Class D (Category 5e) to Class E (Category 6). It includes a recommendation for Class EA (Category 6A). Cat 6A will enable a smooth migration to 2.5, 5, and ultimately 10 gigabits per second (Gbps). In the drafts of 11801-5 (data centers) and 11801-6 (distributed services), the minimum requirement is already Class EA cabling.
The original ISO/IEC 11801 standard enabled the explosive growth and mass deployment of Ethernet and IP communications everywhere. In its first edition, the author says the standard defined Class D balanced cabling based on Category 5 copper components. This standard offered an upgrade path from 10 to 100 megabits per second (Mbps) up to 100 meters. At that time, some experts and industry observers argued that 100 Mbps (100BASE-T) to the desk was overkill for the typical office user.
Today, 100BASE-T technology is in a rapid market decline. 100BASE-T is being replaced with 1000BASE-T (1 Gbps) according to the article. 1000BASE-T is commonplace for desktop and laptop PCs. It also benefits a wide range of other devices such as phones, cameras, and wireless access points (WAPs).
The 11801 standard now includes more cabling classes that were introduced to enable support of up to 10 Gbps. The new classes include Class E (Category 6), Class F (Category 7). Even more recently, Class EA (Category 6A) and Class FA (Category 7A).
According to the CommScope blog, a number of technology trends made ISO choose to upgrade the minimum recommendation for horizontal cabling in offices. Some of the trends recognized by the committee that are driving the adoption of speeds beyond one 
gigabit on the horizontal cabling include:
The rapid growth of BYOD is driving infrastructure upgrades to accommodate IEEE 802.11ac. As I have covered before, new IEEE specifications are being developed to accommodate 802.11ac wireless. 2.5GBASE-T is targeted at installed Class D cabling and 5GBASE-T is targeted at installed Class E cabling. It is expected that a sizable percentage of the installed base will be able to support the faster speeds, however, some installed Class D and Class E systems may require some mitigation steps.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Regular readers of Bach Seat know that passwords suck. The better a password is, the harder it is to remember. So most people just end up choosing passwords they think are safe, but are pretty bad (rb- I have covered crappy passwords many times). University of Southern California researchers Marjan Ghazvininejad and Kevin Knight, have come up with a new solution that they believe solves the crappy password problem.
The USC researchers’ paper “How to Memorize a Random 60-Bit String” (PDF) presents a unique solution for creating passwords that are hard to crack and relatively easy to remember: randomly generated poems.
The researchers believe that the most secure and memorable method for creating a strong password is a short rhyming poem of random words. The Washington Post explains that, even if you pick a fairly uncommon word, like “Troubadour,” and replace some of the letters with other symbols, this combination might only take a computer seconds, minutes, or hours to guess.
The idea of a short rhyming poem of random words as a password might seem a little odd, but they’re actually very, very secure according to USC’s Knight. At current speeds, he estimates that cracking these rhyming poems of random words passwords would take around 5 million years. By which point, we probably won’t be using Facebook anymore.
As part of their research, the USC team created their poems by assigning every word in a 327,868-word dictionary a distinct code. The article explains they then use a computer program to generate a very long random number, like
110111000111100100100010100010101100001100010000010010100100, and break that number up into pieces, and then translate those pieces into two short phrases of four or five words. The computer program they use ensures that the two lines end in words that rhyme and that the phrase is in iambic tetrameter, like so:
A techno salmon Benedict
performing under derelict
or:
The baby understand curtailed
a wooden synagogue prevailed
or:
The Oracle email update
equipment pinning demonstrate
rb-
While seemingly nonsensical quips like
Whereas Chanel control McQueen
accusing glamour magazine
don’t make a lot of sense to 21st-century humans, we should be able to recall 7 or 8 words to better protect our personal information. The oral record is how most information passed from human to human for generations before Guttenberg. Someone told you something and you remembered it. There are a number of oral traditions that have lasted in one form or another into the 21st century.
One big problem with the rhyming poem of random words idea is the webserver operating systems. There are a number of web servers out there that cannot take passwords longer than 12 characters. Hey, webmasters wake up – Update your operating systems.
The researchers have set up an online generator for these poem/password, which you can try here or you can enter your e-mail here, and their program will send you a poetic password.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
