Friday, April 25, 2014

INTERNET - FCC Goes For Non-Neutrality

Consumers, bend over and spread cheeks.

"F.C.C., in a Shift, Backs Fast Lanes for Web Traffic" by EDWARD WYATT, New York Times 4/23/2014

Excerpt

The principle that all Internet content should be treated equally as it flows through cables and pipes to consumers looks all but dead.

The Federal Communications Commission said on Wednesday that it would propose new rules that allow companies like Disney, Google or Netflix to pay Internet service providers like Comcast and Verizon for special, faster lanes to send video and other content to their customers.

The proposed changes would affect what is known as net neutrality — the idea that no providers of legal Internet content should face discrimination in providing offerings to consumers, and that users should have equal access to see any legal content they choose.

The proposal comes three months after a federal appeals court struck down, for the second time, agency rules intended to guarantee a free and open Internet.

Tom Wheeler, the F.C.C. chairman, defended the agency’s plans late Wednesday, saying speculation that the F.C.C. was “gutting the open Internet rule” is “flat out wrong.”  Rather, he said, the new rules will provide for net neutrality along the lines of the appeals court’s decision.

Still, the regulations could radically reshape how Internet content is delivered to consumers.  For example, if a gaming company cannot afford the fast track to players, customers could lose interest and its product could fail.

The rules are also likely to eventually raise prices as the likes of Disney and Netflix pass on to customers whatever they pay for the speedier lanes, which are the digital equivalent of an uncongested car pool lane on a busy freeway.

Consumer groups immediately attacked the proposal, saying that not only would costs rise, but also that big, rich companies with the money to pay large fees to Internet service providers would be favored over small start-ups with innovative business models — stifling the birth of the next Facebook or Twitter.

“If it goes forward, this capitulation will represent Washington at its worst,” said Todd O’Boyle, program director of Common Cause’s Media and Democracy Reform Initiative.  “Americans were promised, and deserve, an Internet that is free of toll roads, fast lanes and censorship — corporate or governmental.”

If the new rules deliver anything less, he added, “that would be a betrayal.”

Mr. Wheeler rebuffed such criticism.  “There is no ‘turnaround in policy,’ ” he said in a statement.  “The same rules will apply to all Internet content.  As with the original open Internet rules, and consistent with the court’s decision, behavior that harms consumers or competition will not be permitted.”

Broadband companies have pushed for the right to build special lanes.  Verizon said during appeals court arguments that if it could make those kinds of deals, it would.

Under the proposal, broadband providers would have to disclose how they treat all Internet traffic and on what terms they offer more rapid lanes, and would be required to act “in a commercially reasonable manner,” agency officials said.  That standard would be fleshed out as the agency seeks public comment.


"Consumer groups warn dismantling net neutrality could stymie startup innovation" PBS NewsHour 4/24/2014

Excerpt

SUMMARY:  The Federal Communications Commission is on the brink of changing the longstanding net neutrality principle, which allows consumers unfettered access to web content, and limits the ability of Internet service providers to block or filter material.  New guidelines would allow some companies to charge more (to the content provider, like YouTube) for faster service.  Gwen Ifill talks to Cecilia Kang of The Washington Post about what’s at stake.

Monday, April 21, 2014

INTERNET - Comments as Venues For Rudeness or Insults

"Taming the ‘Wild West’ of online comments" PBS NewsHour 4/20/2014

Excerpt

SUMMARY:  More and more websites are including online commenting as a feature for their visitors.  But sometimes the comment boards become venues for rudeness and insults.  These comments can influence how a reader perceives the story.  Hari Sreenivasan speaks with web experts who help manage online communities and comments in different ways.

Thursday, April 10, 2014

SECURITY - Heartbleed Hacks SSL Security Servers

Heartbleed hacks into the SSL protocol that protects HTTPS sites.

"Security bug Heartbleed could have provided key that unlocks personal online data" PBS NewsHour 4/9/2014

Excerpt

GWEN IFILL (NewsHour):  You may have heard headlines today about a major lapse in Internet security and the possibility that millions of passwords, credit card numbers, bank information, and commonly used Web sites could have been exposed.

It involves a bug or security leak called Heartbleed, which can be used to read encrypted information.

Hari Sreenivasan gets a breakdown on what you need to know.

HARI SREENIVASAN (NewsHour):  Essentially, Heartbleed can be used to read the memory of computer servers, the places behind a Web site that store your information, including the lock and key system which protects your usernames and passwords.

You probably see this encryption in the form of a green lock when you conduct a transaction and exchange information.  The breach was revealed this week, but apparently has existed for a long time.

Russell Brandom of The Verge, an online site covering tech news, is here to help explain.

Wednesday, April 9, 2014

WINDOWS XP - The Enhanced Mitigation Experience Toolkit (EMET)

Now that SECURITY support for ordinary users of Windows XP is ended, here's an alternative way to protect WinXP.

Note that Microsoft Updates (which you should be using instead of Windows Updates) will still update some Microsoft software, like the "Malicious Software Removal Tool."  What stops is security updates to WinXP itself.

The alternative protection is Microsoft's The Enhanced Mitigation Experience Toolkit (EMET)

WARNING:  The EMET is NOT for amateurs.  If used incorrectly it can cause problems with WinXP.  But if you use Recommended Settings on installation, and the Quick Profile Name [Recommended Security settings] it should be safe.

Note that EMET is for all versions of Windows and some features are not available in WinXP.

Here's a screenshot of my EMET GUI:



With WinXP SEHOP & ASLR are not available.


There Software Profiles you can [Import].  I imported Popular Software.



From the support page in above link:

What is the Enhanced Mitigation Experience Toolkit?

The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited.  EMET achieves this goal by using security mitigation technologies.  These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities.  These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited.  However, they work to make exploitation as difficult as possible to perform.

EMET 4.0 and newer versions also provide a configurable SSL/TLS certificate pinning feature that is called Certificate Trust.  This feature is intended to detect man-in-the-middle attacks that are leveraging the public key infrastructure (PKI).

Are there restrictions as to the software that EMET can protect?

EMET can work together with any software, regardless of when it was written or by whom it was written.  This includes software that is developed by Microsoft and software that is developed by other vendors.  However, you should be aware that some software may not be compatible with EMET.  For more information about compatibility, see the "Are there any risks in using EMET?" section.

What are the requirements for using EMET?

EMET 3.0 requires the Microsoft .NET Framework 2.0.
EMET 4.0 and 4.1 require the Microsoft .NET Framework 4.0. Additionally, for EMET to work with Internet Explorer 10 on Windows 8, KB2790907 must be installed.

The Microsoft Download page for EMET.  You should download both the Setup and Guide.

Note that EMET is just a GUI that makes setting various Windows options easier.

Also, I did try with DEP [Always On] (Maximum protection settings) but that prevented 2 of my boot-time apps from running, like MiniMinder.  So I changed back to the settings you see in my GUI screenshot.