Tag Archive for 2012

| January 15, 2012
One comment

Congress Prepares to Destroy the Internet

Congress Prepares to Destroy the InternetThe Stop Internet Piracy Act (SOPA) legislation being debated in Congress has the potential to destroy the internet as we have come to know it. If passed, SOPA would require internet providers to block access to sites in other countries hosting stolen intellectual property (IP) from the U.S. It also puts any site that has even an accidental link to a protected intellectual property (IP) at risk for legal action according to the BusinessInsider and many others.

DetroitMichigan Democratic Congressman John Conyers Jr, husband of convicted Detroit City Council bribe-taker, Monica Conyers, not only supports SOPA, but was a co-sponsor of SOPA (H.R.3261) according to ProPublica.

Conyers support of SOPA may have been purchased for $158,574 in campaign contributions in 2010 from the Computers/Internet and TV/Movies/Music industries according to ProPublica. This is an increase of nearly $14,000 from the 2008 election cycle.

Stolen IP is a very broad and vague term. Most of the leading Internet sites rely on user-generated content and links that might have protected IP on them. BI predicts that some of the web’s favorite sites may cease to exist because of the bill Conyers sponsored.

Which sites? The BusinessInsider asked anti-censorship advocacy groups like the Free Software Foundation, the Electronic Frontier Foundation, and the Participatory Politics Foundation for some answers and they projected the following (This is NOT a comprehensive list).

Reddit logoThe experts say Reddit is a forum for linking to and commenting on content, and it’s all user-generated. As a result, some users are going to post or link to content that doesn’t have the rights to. Both of those are big no-nos for SOPA according to BI. Alexa ranks Reddit #115.

The virtual artist platform deviantART attracts 45 million unique visitors per month. The site allows emerging and established artists to exhibit, promote, and share their work on the web. It makes the SOPA hit list because if an artist infringes upon a copyrighted work, both the artist and the site may be subject to legal action. deviantART will have to closely censor what is uploaded on the site says BI. Alexa ranks deviantART #131.

The virtual auction house and e-commerce site eBay (EBAY) makes this list because of sellers who use the site to distribute counterfeit merchandise. The article says the site does discourage selling these types of items with policies on IP. Alexa ranks eBay #20.

Amazon (AMZN) could also be at risk due to sellers who attempt to distribute counterfeit goods. Alexa ranks Amazon #9.

Etsy, the virtual marketplace of over 800,000 active “shops” is threatened by SOPA because it allows users to buy and sell handmade or vintage items, art, and supplies according the BI. Etsy faces risk from SOPA because it will have to monitor the handmade goods it offers. If an IP holder claims to be harmed by any activity on the site, Etsy could be forced to suspend their service. That would harm all the vendors on the site and not just those accused of IP theft. Alexa ranks Etsy #162.

The BusinessInsider says YouTube is at risk from SOPA despite its effort to keep pirated content out. If copyrighted works are found on YouTube by an IP holder, it could mean a suspension of service. SOPA will further censor the kinds of content the YouTube community can upload. Alexa ranks YouTube #3.

FacebookFacebook also makes the experts list because if one of its 800 million users shares a link to a copyrighted work or to a site that is accused of infringing IP, Facebook could be held liable as well. SOPA will likely force Facebook to further monitor and censor its users. Facebook is ranked #2 by Alexa.

Like YouTube, if copyrighted works are found on Flickr by an IP holder it could result in the suspension of service. SOPA will further censor the kinds of content the Flickr community can upload. Under SOPA, any copyright violation complaint made could suspend both the site and its revenue streams according to the article. Flickr is ranked #42 by Alexa.

Wordpress logoOver 70 million people use WordPress to publish their blogs. WordPress faces risk by SOPA because the bill could mandate the site to further monitor and censor the bloggers. If a WordPress site is accused of violating IP protected works or a commenter links to a copyrighted work, BI predicts that could potentially shut down all the blogs hosted on the site. WordPress is ranked #18 by Alexa.

Over 40 million people use Tumblr to share photos, poems, posts, and other creative content. Tumblr faces the same threat as WordPress according to BI. If a blogger or commenter uploads or links to copyrighted works, then Tumblr and its users could be at risk. Tumblr is ranked #40 by Alexa.

Vimeo logoVimeo is a video-sharing website and has a reputation for being the place where creative types in the video and film industry upload their original work. However, given the user-generated nature of the site, BI says, Vimeo still faces risk from users who include even a portion of copyrighted material in their film. Vimeo is ranked #11 by Alexa.

Internet sites at risk

Experts say these Internet site are at most risk from SOPA include:

Google (GOOG) ranked #1 by Alexa.

Yahoo (YHOO) is ranked #4 by Alexa.

Wikipedia ranked #6 by Alexa.

Twitter ranked #10 by Alexa.

Microsoft‘s (MSFT) Bing is ranked #26 by Alexa.

The BusinessInsider concludes that the real victim of SOPA would be the startups (which Conyers says SOPA will save jobs)whose innovation will be restricted by this bill. Smaller websites may not have the lawyers to fight a bill like SOPA and other sites may not consider launching at all for fear of prosecution.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| January 12, 2012
Comments Off on Congress Gets Richer While We Get Poorer

Congress Gets Richer While We Get Poorer

Congress Gets Richer While We Get PoorerA new analysis from The New York Times shows that members of Congress have gotten richer during the financial crisis, while the people they represent have seen their incomes decline according to Zeke Miller at the BusinessInsider. The median congressional net worth rose from $800,000 in 2004 to $1.2 million in 2010, while that of the general public declined from $108,000 to $100,000.

millionaires are over represented in CongressThe BI article says millionaires are also overrepresented in Congress, with at least 250 members worth at least seven figures. Lawmakers aren’t inclined to discuss their personal wealth, but they don’t even want to discuss whether family or friends have been affected by the financial crisis. The NYT asked all 534 members about how close friends and family members weathered the downturn, and just 18 responded, raising questions about whether members of Congress are out of touch with the people they represent.

Nancy Pelosi spends Christmas at the $10,000-a-night Four Seasons Resort Hualalai at Ka'upulehu on Hawaii. As further proof of how out of touch Congress is, Henry Blodget at the BusinessInsider points out a report from the Hawaii Reporter (via Drudge), that Nancy Pelosi is spending her Christmas at the Four Seasons Resort Hualalai at Historic Ka’upulehu on Hawaii. And this has become something of a tradition for her. For the last two years, she has reportedly stayed in the resort’s $10,000-a-night suite.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| January 10, 2012
Comments Off on Are You on the Pwnedlist?

Are You on the Pwnedlist?

Are You on the Pwnedlist? Pwnedlist.com will tell you if your email has compromised. The site checks emails against a collection of nearly 5 million possibly compromised accounts. Brian Krebs at Krebs on Security reports that a user can enter a username or email address into Pwnedlist.com’s search box, and it will check to see if the information was found in any suspicious public data dumps.

PwnedlistAlen Puzic and Jasiel Spelman, two security researchers from DVLabs, a division of HP/TippingPoint created Pwnedlist.com. Mr. Puzic said. “… I could create a site that would help the everyday user find if they were compromised.

Pwnedlist.com currently allows users to search through nearly five million emails and usernames found online at sites like Pastebin. The site also often receives large caches of account data that people directly submit to its database. Mr. Puzic told Krebs on Security it is growing at a rate of about 40,000 new compromised accounts each week.

EncryptionThe researcher said information contained in these data donations often makes it simple to learn which organization lost the information. “Usually, somewhere in the dump files there’s a readme.txt file or there’s some type of header made by a hacker who caused the breach, and there’s an advertisement about who did the hack and which company was compromised,” Mr. Puzic in the article. “Other times it’s really obvious because all the emails come from the same domain.

DVLabs’ Puzic said in the article that Pwnedlist.com doesn’t store the username, email address, and password data itself; instead, it records a cryptographic hash of the information and then discards the plaintext data. According to the blog, a “hit” on any searched email or username only produces a binary “yes” or “no” answer about whether any hashes matching that data were found. It won’t return the associated password, nor does it offer any clues about where the data was leaked from.

Advice from the Pwnedlist developers

If Pwnedlist says your email or user ID is in their database, they offer the following advice:

Shocked woman

  1. “Don’t panic! Just because your email was found in an account dump does not mean it has been compromised.
  2. Immediately change any passwords that might be associated with listed email accounts.
  3. Go through all your accounts and create new passwords for each of them, just in case. “Better safe than sorry.”

The two researchers plan to publish regular updates to their Twitter account (@pwnedlist) when new data dumps are discovered. Longer-term, Mr. Puzic told Krebs that he plans a longitudinal study on password security.

rb-

I have several emails, professional and personal which thankfully Pwnedlist does not have in their databases. Follow password best practices and use an 8 character or longer password with at least one letter, number, and special character. Also, change your passwords regularly.

End-user password best practices:

  1. Passwords should be something you can remember but difficult for others to guess. That means avoid information anyone can pick up from Facebook.
  2. Use at least 8 characters. Some authentication systems will ask for more, but 8 well-chosen characters is usually enough.
  3. Mix letters, numbers, uppercase, lowercase, and even symbols when possible. 1GrdDC@82 is stronger than letter22
  4. Avoid dictionary words. Many brute force attacks are designed to guess them. ”Password” is not a good password.
  5. Use a unique password for each account. Your password at work should be different from your Facebook password.
  6. Do not share your password.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| January 5, 2012
3 comments

Cisco Tries Bribing Shareholders For A Tax Cut

Cisco Tries Bribing Shareholders For A Tax CutEmbattled Cisco (CSCO) CEO John Chambers recently urged the networking giants shareholders to lobby congress for a big corporate tax break. He tried to bribe promised to increase their dividend if the tax break comes through reported the BusinessInsider.

BI explains the CEO was talking specifically about repatriation, the term for when multinational corporations bring cash from overseas back into the U.S. Today they are charged the full corporate tax rate, 35%.

Cisco logoMr. Chambers has been the poster child for multinationals like Cisco wanting to be granted another so-called “repatriation tax holiday” that would allow them to bring back more than a trillion dollars at a much lower tax rate. He even appeared on 60 Minutes arguing for the plan. (I have written about Cisco’s efforts to dodge taxes here and here)

Mr. Chambers made the case that a repatriation tax holiday would be of personal benefit to Cisco shareholders. “Repatriation at a rate of between zero and 2 percent puts us on a level playing field,” he said. If Cisco could bring its overseas funds back it would spend them on beefing up manufacturing sites, jobs and “if approved” the company would “increase dividends,” he said.

Cisco CEO promises to increase dividends if tax break passes“The current tax system was developed when Microsoft (MSFT) wasn’t even public,” the Cisco CEO said. He urged the assembled to “Take time to send a note to members of Congress and others,” he urged.

In 2004 Cisco and other multinationals were granted a tax holiday. Opponents of a tax holiday for repatriation aren’t convinced that Cisco needs the tax break now. Some say that multinationals have accumulated offshore cash through gimmicks. They also point out that corporations can borrow against their overseas stash at really low rates and will use this as an ongoing method to avoid paying U.S. taxes.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| January 3, 2012
Comments Off on Internet of Things

Internet of Things

Internet of ThingsOnce upon a time, back in 2005, there was a time when “using the Internet” always meant using a computer. Today getting on the Intertubes is an expected feature for many devices. The next digital frontier is the physical world, where the “Internet of Things.” The Internet of Things will bring an online ability to objects.

Twine Sensor Connects Household Objects to the Internet

Twine Sensor Connects Household Objects to the Internet Tested.com notes a Kickstarter project from two MIT Media Lab alums who developed a way to make the Internet of Things more available. A small, durable “Twine” sensor listens to its environment and reports back over Wi-Fi. The creators hope their new product will let regular users, even those without programming knowledge, digitally manage their surroundings.

A basic Twine unit senses temperature and motion, but other options like moisture detection, a magnetic switch, and more can be added using a breakout board. The various sensors and built-in Wi-Fi can be powered by either a mini-USB connection or two AAA batteries, which will keep it running for months. Twine readings get wirelessly loaded into the appropriately named Spool web app, where users can set simple if-then triggers that create SMS messages, tweets, emails, or specially configured HTTP requests.

For a donation of $99 or more will get you a basic unit when they ship in March.

Related articles

THE SMART FRRRIDGE. Chilly Forecast for Internet Frrridge

Internet FridgeThe Smart Frrridge is a new version of the familiar kitchen apparatus. According to Medienturn the new fridge comes with a built-in computer that can be connected to the internet. It is one of a growing class known as “Internet appliances” that include not only smartphones but also web-enabled versions of typical household appliances.

The refrigerator keeps an eye on the food in it by using RFID technology, a digital camera, and image processing. These technologies allow the fridge to keep track of what’s in it, how long has this been there, should it be trashed?

To keep in contact with the Smart Frrridge all you have to do is to pick up your mobile phone and call. It will be able to suggest a menu that uses the foods inside and generate a shopping list of the missing ingredients and place the order online.

The Smart Frrridge cab also be used to watch television, listen to music, to take a photograph, save it to an album, or post it to a website, or send it to an email recipient. The comes with a docking station you can just dock in your Apple (AAPL) iPod or iPhone and start using all your favorite cooking apps.

Related articles

SCADA: How Big a Threat?

Cyber attackerThere are reports of two recent cyber attacks on critical infrastructure in the US. Threatpost says the hacker who compromised the water infrastructure for South Houston, TX, said the district used a three-letter password, making it easy to break in.

There are also reports that a cyberattack destroyed a water pump belonging to a Springfield, IL water utility. There are mixed reports that an attacker gained unauthorized access to that company’s industrial control system.

According to DailyWireless, Supervisory Control And Data Acquisition (SCADA) software monitors and controls various industrial processes, some of which are considered critical infrastructure.

Researchers have warned about attacks on critical infrastructure for some time, but warnings became reality after a highly complicated computer worm, Stuxnet, attacked and destroyed centrifuges at a uranium enrichment facility in Iran.

German cybersecurity expert Ralph Langner found Stuxnet, the most advanced worm he had ever seen. The cybersecurity expert warns that U.S. utility companies are not ready to deal with the threat.

In a TED Talk Langner stated that “The leading force behind Stuxnet is the cyber superpower – there is only one, and that’s the United States.”

In a recent speech at the Brookings Institution, he also made the bigger point that having developed Stuxnet as a computer weapon, the United States has in effect introduced it into the world’s cyber-arsenal.

Related articles

New NIST Report Sheds Some Light On Security Of The Smart Grid

NISTDarkReading reports the National Institute of Standards and Technology (NIST) released a report (PDF) by the Cyber Security Coordination Task Group. The report from the Task Group which heads up the security strategy and architecture for the nation’s smart power grid includes risk assessment, security priorities, as well as privacy issues.

The smart grid makes the electrical power grid a two-way flow of data and electricity allows consumers to remotely monitor their power usage in real-time to help conserve energy and save money. DarkReading says researchers have raised red flags about the security of the smart grid. Some have already poked holes in the grid, including IOActive researcher Mike Davis, who found multiple vulnerabilities in smart meters, including devices that don’t use encryption nor do they authenticate users when updating software. He was able to execute buffer overflow attacks and unleash rootkits on smart meters.

Tony Flick, a smart grid expert with FYRM Associates, at Black Hat USA talked (PDF) about his worries over utilities “self-policing” their implementations of the security framework. “This is history repeating itself,” Mr. Flick said in an interview with DarkReading.

According to DarkReading, the report recommends smart grid vendors carry out some pretty basic security practices:

  • Audit personally identifiable information (PII) data access and changes;
  • Specify the purpose for collecting, using, retaining, and sharing PII;
  • Collect only PII data that’s needed;
  • Anonymize PII data where possible and keep it only as long as necessary;
  • Advanced Metering Infrastructure (AMI) must set up protections against denial-of-service (DoS) attacks;
  • Network perimeter devices should filter certain types of packets to protect devices on an organization’s internal network from being directly affected by denial-of-service attacks;
  • The AMI system should use redundancy or excess capacity to reduce the impact of a DoS;
  • AMI components accessible to the public must be in separate subnetworks with separate physical network interfaces;
  • The AMI system shall deny network traffic by default and allows network traffic by exception;
  • Consumers’ access to smart grid meters be limited. Authorization and access levels need to be carefully considered.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »