Tag Archives: firefox

Congress, the Courts and Net Neutrality

The war for net neutrality has moved to the halls of Congress and the courtroom. Attorneys generals from 21 states and the District of Columbia have filed suit to overturn the FCC‘s new rules on net neutrality. But the battle is not just the states against the FCC. Technology companies and public interest groups have also filed law suits. Firefox browser maker Mozilla, the public-interest group Free Press and New America’s Open Technology Institute have all taken up the battle for net neutrality. Other major tech-industry companies including Facebook, Google and Netflix are getting in the fight along with other lobbying groups. 

The lawsuit, led by New York Attorney General Eric Schneiderman was kicked off in the U.S. Court of Appeals for the DC Circuit. The petition asks the court to overturn the the FCC’s decision claiming the rule is “arbitrary, capricious, and an abuse of discretion” under the law. The suit also argues that the the FCC improperly reclassified broadband as a Title I information service, rather than a Title II service, because of  “an erroneous and unreasonable interpretation” of communications law. Title II services, also known as common carriers, are subject to greater regulation.

An example of a Title II service would be the U.S. Postal Service. The post office can’t deny service to people sending letters it disagrees with. Another example is the phone company. The phone company can’t refuse service to people based on their religious views. Everyone has the same right to pay to use the service. Until now ISPs were considered common carriers.

The lawsuits are a multi-faceted battle to preserve net-neutrality. In congress Democrats are working to undo the new rule. Democrats in the Senate announced that they were just one vote shy of winning a vote to restore Obama era net neutrality rules. All 49 Democrats have agreed to vote for the repeal of the new Internet regulations. On the Republican side Senator Susan Collins of Maine supports the action.  That leaves Democrats searching for the final Republican to cross the party line and join them. The idea is not so far fetched since the net neutrality issue is a hot button issue for young people and the mid-term elections are approaching.

“Given how quickly we have gotten 50, we have a real chance of succeeding,” said Senator minority leader Chuck Schumer of New York in a statement.

Even if the Democrats succeed in getting the votes the rules does not automatically change. The same bill would have to be introduced and passed in the House of Representatives. That body is controlled by the Republicans and House Speaker Paul Ryan could simply refuse to bring it to the floor for a vote.

Finally, there is Donald Trump. He has to sign the bill to reverse the FCC action. Although the White House has publicly said it supports the the FCC move Trump has never been sure what he wants to do about net neutrality.

According to his own tweets Trump was all in for net neutrality in 2014. Trump criticized Obama for attacking the Internet, and defended net neutrality as “the Fairness Doctrine.” Now that has changed and he is all for the new rules.

 

 

 

 

 

 

 

 

ALERT! – Specter and Meltdown Security Flaw – ALERT!

Regardless of what computer you own, Apple or Windows, Spectre and Meltdown security flaws affect you. Security researchers recently revealed the details of these two microprocessor security flaws. Chips made by Intel, Advanced Micro Devices (AMD) and others are in billions of devices making them sitting ducks for hackers.

Devices with these chips include phones, tablets, PCs, and computer servers. Exploiting the vulnerability opens the door for hackers to steal personal data, passwords, cryptographic keys, and other supposedly inaccessible information from device owners. While the average consumer should exercise caution the impact on business could be devastating. 

The Meltdown flaw only runs on Intel chips while the Spectre flaw can affect devices with virtually any modern processor.

Computer microprocessors handle data like a passwords or encryption keys. Normally these are kept from other apps. But both Intel and AMD pride themselves on the speed of their chips. To do this the chips use whats known as “speculative execution” to try to guess answers that may be needed if a chain of calculations came out a certain way. Since the delay in calculations can be predictable researchers found that a rogue app could guess where confidential data was located in a chip’s memory and steal it.

Regardless of your web browser, Google Chrome, Apple Safari, or any version of the Windows family, they all use Javascript code.  Hackers could introduce a data stealing Javascript program and post it on any chosen web site. Your browser app would automatically run the rogue code like it was an ordinary part of the site’s features resulting in your data becoming vulnerable or stolen. As you can see this is an extremely grave threat to business computing.

Although this vulnerability is now known there is no evidence anyone has used it…yet. And that is where the danger lies. The danger of these flaws is so great that tech companies  swung into action quickly to fix the problem. Perhaps too quickly.

According to various news sources the Microsoft patch to fix the flaw has been damaging some devices.  In some instances the computers are suffering performance problems while others have been bricked. A bricked computer is frozen and unusable. The problem has become so bad that Microsoft has halted issuing the patch for both Spectre and Meltdown for AMD equipped computers and devices.

Intel’s CEO Brian Krzanich addressed the Meltdown and Spectre issue as the keynote speaker at the Consumer Electronics Show in Las Vegas. “I want to thank the industry for coming together to address the recent security research findings reported as Meltdown and Spectre,”  said Krzanich. He called the response to the issues a “collaboration among so many companies.” Krzanich promised that “for our processors and products introduced in the past five years, Intel expects to issue updates for more than 90 percent within a week, and the remaining by the end of January.”

Browser makers have swung into action to combat the flaw. Users of Google Chrome should turn on a feature calledsite isolation.”  The feature prevents malicious Javascript from accessing sensitive data. Google will soon release an update to Chrome’s Javascript feature that will improve protection against Spectre attacks, however, browser performance may suffer.

Microsoft has already issued a Windows security update for its Internet Explorer and Edge browser apps labeled “KB4056890” to protect against Spectre. According to Microsoft the update will change the browser’s features to protect confidential information in a device’s CPU. But make sure you check if your device has an AMD chip before using this patch.

Firefox maker Mozilla said its newest apps changed several features to make Spectre attacks more difficult. Released on January 4th, Firefox version 57.0.4 includes the new protections. Mozilla said in a blog post that it is studying additional ways to strengthen security against the attacks. “In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers. This project requires time to understand, implement and test.”

Apple is planning to release an update to Safari in “coming days” to protect against Spectre. Early tests of the Apple updates showed a minimal impact on browser performance. For additional information on Apple products click here.

 

 

 

 

 

 

 

Online Price Discrimination

ID-100188375African-American people are extremely sensitive to discrimination. No matter what form it takes it is ugly and wrong. Unfortunately discrimination has found a home on the Internet. Its called price discrimination.

We have all had it happen to us. You search for a product or service and find it at one price but then later, sometimes only minutes, the price will change. We have all heard that you should search for flights on certain days and at certain hours to get the best deal. But Internet pricing is discriminatory, even predatory, according to factors that will surprise you.

Research from Northeastern University analyzed how online stores customize prices according to a shoppers digital habits and demographics such as their ZIP code.  The study revealed  major e-commerce sites including Home Depot, Wal-mart, and Hotels.com list online prices that are all over the map. Not only that but in some situations prices are customized based on the behavior of a particular shopper. This behavior includes whether you are shopping on a  smartphone or desktop. The report was presented this at the Internet Measurement Conference in Vancouver, Canada.

“Going into this, we assumed the project would be risky—that we might not find anything,” says Christo Wilson, an assistant professor of computer science at Northeastern and one of the study’s authors. “There have been incidents in the past where companies have been caught doing this, and the PR was very bad. We thought that sites wouldn’t be doing anything. We were more surprised that we found something.”

Some companies whose sites were studied complained that the study methodology was flawed. Northeastern researchers did admit to one mistake but believe that the study provides insight into how your shopping experience can change depending on personal factors.

The actual searching and shopping was performed by 300 people recruited through the crowd sourcing site Mechanical Turk. Researchers had them shop online and perform product searches on 16 top e-commerce sites. The study tested these sites for personalization based on the browser a web shopper might use such as Chrome, Internet Explorer, Firefox or Safari.  Also tested were operating systems; Windows, OS X, iOS, Android, and whether or not a user was logged into the site as a regular customer with an online account.

What the research is looking at is the ability of e-commerce sites to tailor what you pay based on what they know about you. That’s discriminatory. For example does you zip code indicate an certain income level?  Does that mean you can or will pay more? That’s predatory.  Are you paying more for a plane ticket based on your profile on a travel website. That’s predatory. Or what you post on Facebook? That’s discriminatory.

How true is this? We already know that online advertising is targeted at you based on your web searches and other online activity. We also know that Facebook will follow your activity and travels on the Internet even after you log off the website. Merchants use cookies to monitor your activity on websites as well. Another fact to consider is that African-Americans and people of color are more likely to use mobile technology for banking and shopping than white Americans. Your digital profile is out there. Could prices be set based on that? It seems so.

What the test revealed was that if you shop using your smartphone some online stores actually pay attention to what kind of smartphone you use. Home Depot and Travelocity.com websites were the target of the research but they both deny this activity. Researchers admitted to a flaw in the study methodology pointed out by Travelocity.

However, Travelocity admitted to offering a handful of mobile-only offerings on smartphones and tablets that don’t appear on searches performed on desktop computers. Why? Its a tactic used to encourage the download of the the mobile app. A Travelocity spokesperson told Wired.com that results aren’t cheaper by design but sometimes are since Travelocity smartphone users might be looking for a place to stay at the last minute. Results that appear on mobile devices appear to bring down the average price the spokesperson explains. But Travelocity claims the pricing for the same specific properties remain constant across platforms.

Wilson and his team of researchers were able to highlight other forms of price discrimination on some websites but were unable to determine the root cause of the price variations. Among those most notable are Sears and rental car websites. “We tried different browsers and different platforms. We tried logging in and logging out,” Wilson says. “But it looks like there’s something else in there that we haven’t figured out yet.”

Northeastern researchers don’t believe that cookies are all bad. According to Wilson on sites like Cheaptickets.com or Orbitz.com, users who are logged in will often be shown “members only” pricing that, on average,  saves the member $12 on hotels. But if buyers cleared their cookies before conducting the search, they wouldn’t be logged in and wouldn’t see that discount.

Wilson and the Northeastern team avoided Amazon.com and eBay.com. These online marketplaces, explains Wilson, allow sellers to list their own products and used items making things too complicated.

Considering the discriminatory pricing found by this research how does the consumer get the best offer for your money? Wilson points out that there’s no one-size-fits-all solution. “Every site we looked at was doing something different—changing different things based on different information,” he says.

There are some guidelines for searching and shopping online;

  • Perform searches on all platforms you have access to. That means your regular browser, an incognito or anonymous browser, and your smartphone or tablet.
  • Plan ahead and take your time to observe price fluctuations.
  • Be extra thorough asking a friend or relative in a different zip code to do the same thing and see what results turn up.
  • Incorporate every money saving tool you can. That includes coupons, credit card discounts, adjusting time and date of travel. Use frequent flyer miles and credits. Ask about credit union or employer discounts.

This way of shopping may be tedious and much different from your mall stores with clearly marked prices, coupons and discounts but it’s an unavoidable part of our digital lives. If you shop online in any form you might as well get used to it. “All online retailers are watching each other, and it’s a race to the bottom,” says Wilson. “The only thing that changes between online stores and brick-and-mortar stores is the pace at which that happens. It’s faster online.”

Now you know.

 

 

 

 

Microsoft Internet Explorer Most Vulnerable Browser

Microsoft‘s Internet Explorer is leaving users vulnerable to hackers and other cyber criminals. A recent study conducted by Bromium Labs revealed that Internet Explorer was highly vulnerable when targeted by hackers.  Adobe Flash was indicated as a major weakness for Internet Explorer and another prime target for hackers.

Bromium Labs’ report also stated that“The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers.” 

Microsoft’s Internet Explorer was the target of hacker and cyber criminals far more frequently than other popular browsers like Firefox and Google Chrome. Microsoft acknowledged this fact and has released fixes for as many as 24 vulnerabilities within Internet Explorer.

Bromium Labs reported that hackers are targeting Internet Explorer by deploying a new ‘Zero Day’ attack trend known as  “Action Script Spray.” This technique is used to attack Adobe’s Flash application which in turn makes Internet Explorer vulnerable to hacking.

Reportedly Microsoft is well aware of the long list of Internet Explorer flaws.

“We’re aware of the reported issues, one of which has been addressed in newer versions of Internet Explorer,” said a Microsoft spokesperson to The Guardian.

“Each version of Internet Explorer is more secure than the last and contains new and improved security features that help protect customers,” the spokesperson added.

Microsoft Windows is the dominant operating system on computers worldwide. The result is that most people use Internet Explorer almost by default.

Breaking It Down

Most black people use Windows products because it comes pre-loaded on their computer. Apple is popular but lets face it; you’re probably reading this using Microsoft Internet Explorer. You’re also probably using Windows Office at work and home. All these products have security flaws that are very inviting to hackers. So make sure you keep your stuff updated.

Microsoft has struggled to secure its product offerings and Internet Explorer is just another failure that they refuse to acknowledge. Using a browser to get online is a necessity. You can’t use the Internet without it. So the intelligent choice is to switch. Google and Firefox are excellent products and they are somewhat more secure. I say somewhat because none are hack proof. But the fact still remains that Microsoft is too big and too smart to be constantly issuing fixes and patches for its product. The problem is that they are not focused on security. With its power and market share Microsoft can create seismic shifts in Internet security beginning with its browser. Its almost their responsibility to do so. But alas I feel that the mighty Microsoft has struck out again. They should take a lesson from GM, they used to the the biggest car maker. Then look what happened.

 

 

ALERT! UPDATE: Microsoft Internet Explorer Bug Found How to protect yourself ALERT!

Internet-Explorer61 MAY 2014 – Since the news broke about the Microsoft Internet Explorer bug various websites and news services have published ways to protect yourself. My first recommendation is that you immediately switch to another web browser. If you don’t have another browser on your computer go to Google.com or Firefox.com to download one or both of those browsers. Both are free. The Department of  Homeland Security has recommended you do this and stay with an alternative browser until Microsoft issues a patch to correct the issue. Another suggestion, if you are using Windows XP you need to update your operating system. XP is no longer supported by Microsoft and no security patches will be issued for that OS. Here are a few of the recommendations from other sites.

From ABCNews.com; Bill Carey, Vice President of marketing at Siber Systems suggests,

Update Your Software

Make sure you’re current on your software updates so any security loopholes are closed. People using the 12-year-old Windows XP operating system are especially vulnerable since Microsoft announced earlier this month it would no long provide technical assistance and automatic updates to protect users’ PCs. Consider upgrading your operating system.

Close Your Browser

When you’re done with using a website, log off and close your browser. This will help prevent others from gaining access to your account.

Control Your E-Mail

Have a disposable e-mail address. Only give your actual e-mail address out to who people who need it. Carey said this will help you avoid mass spam and keep your inbox clean.

Have A Strong Password

Carey advises using a “keystroke” method for making passwords and creating a “keyboard mapping system.” One key to the left and one up would make the password “tinmen” change to “47gh2g.”

Disable E-Mail Photos

Disable pictures on your email and read it in plain text. The sender will not be able to identify if you have opened the e-mail.

Other sources:

Mashable.com

CNET.com

PCWorld.com

ORIGINAL POST : A report by FireEye indicates that a serious bug in the Microsoft Internet Explorer could allow your computer to be taken over by hackers. Researchers have discovered that hackers have exploited the bug and created a new type of attack.

How does it work? Hackers have set up a website that installs malware when you visit it; commonly known as a drive by download. (See terminology) If you visit the website while using the Internet Explorer browser malware downloads into your computer and gives a stranger total control.  Your computer may become a bot or part of a botnet  and you would never know it.  That means a hacker has total control of your computer and can access your files, steal passwords and spy on you. If you are at work then the hacker has access to everything you have access to do. How serious is this? The U.S. Department of Homeland Security has recommended that people ditch Internet Explorer until there’s a patch.

But  that is not the only problem. This bug is everywhere. A lot of computers use Windows including your bank’s ATM and point of sales systems in stores everywhere. This bug is dangerous because it affects every version of the web browser from IE6 through IE11. That’s more than half of the browsers in use right now, according to the analysis website NetMarketShare. People still using Windows XP are especially vulnerable since Microsoft no longer supports that OS and does not issue security patches for it.

Microsoft issued a security bulletin stating, “On completion of this investigation, Microsoft will take the appropriate action to protect our customers.”

This attack relies on a few of Internet Explorer’s extra features. So you will need to disable them until Microsoft issues a patch.  FireEye advises users to disable the Adobe Flash plugin. Microsoft engineers also suggest running your browser in the “Enhanced Protect Mode.” However experts say that will likely ruin your online experience. So the next logical move would be to use an alternate browser such as Google Chrome, Firefox or Apple Safari. But you need more knowledge than just switching browsers . Try the excellent article from Time.com  to protect yourself.

Breaking It Down

Here is why you should always have an alternative browser on your computer. Nearly black person I know uses Internet Explorer, except me. Its the default browser on so many computers that its almost impossible to avoid.  As matter of fact I’ll bet not many black people know of any other browser by name. Now is the time to correct that.  I use Google Chrome and I am very happy with it.

These bugs are ubiquitous. There is not a piece of software made that a hacker will not discover some way to crack into and use for their own purposes. This bug is serious because every computer in the world use Microsoft software. Almost every ATM uses Windows XP and very few banks have switched over to something else even though Microsoft says they’re on their own with it.  I suggest you call your bank and ask them what they plan to do about this. It is your money you know. But when was the last time the Department of Homeland Security urged you to dump a browser? I don’t remember ever. So now you know you how serious this is.