Tag Archives: Mozilla Firefox

Congress, the Courts and Net Neutrality

The war for net neutrality has moved to the halls of Congress and the courtroom. Attorneys generals from 21 states and the District of Columbia have filed suit to overturn the FCC‘s new rules on net neutrality. But the battle is not just the states against the FCC. Technology companies and public interest groups have also filed law suits. Firefox browser maker Mozilla, the public-interest group Free Press and New America’s Open Technology Institute have all taken up the battle for net neutrality. Other major tech-industry companies including Facebook, Google and Netflix are getting in the fight along with other lobbying groups. 

The lawsuit, led by New York Attorney General Eric Schneiderman was kicked off in the U.S. Court of Appeals for the DC Circuit. The petition asks the court to overturn the the FCC’s decision claiming the rule is “arbitrary, capricious, and an abuse of discretion” under the law. The suit also argues that the the FCC improperly reclassified broadband as a Title I information service, rather than a Title II service, because of  “an erroneous and unreasonable interpretation” of communications law. Title II services, also known as common carriers, are subject to greater regulation.

An example of a Title II service would be the U.S. Postal Service. The post office can’t deny service to people sending letters it disagrees with. Another example is the phone company. The phone company can’t refuse service to people based on their religious views. Everyone has the same right to pay to use the service. Until now ISPs were considered common carriers.

The lawsuits are a multi-faceted battle to preserve net-neutrality. In congress Democrats are working to undo the new rule. Democrats in the Senate announced that they were just one vote shy of winning a vote to restore Obama era net neutrality rules. All 49 Democrats have agreed to vote for the repeal of the new Internet regulations. On the Republican side Senator Susan Collins of Maine supports the action.  That leaves Democrats searching for the final Republican to cross the party line and join them. The idea is not so far fetched since the net neutrality issue is a hot button issue for young people and the mid-term elections are approaching.

“Given how quickly we have gotten 50, we have a real chance of succeeding,” said Senator minority leader Chuck Schumer of New York in a statement.

Even if the Democrats succeed in getting the votes the rules does not automatically change. The same bill would have to be introduced and passed in the House of Representatives. That body is controlled by the Republicans and House Speaker Paul Ryan could simply refuse to bring it to the floor for a vote.

Finally, there is Donald Trump. He has to sign the bill to reverse the FCC action. Although the White House has publicly said it supports the the FCC move Trump has never been sure what he wants to do about net neutrality.

According to his own tweets Trump was all in for net neutrality in 2014. Trump criticized Obama for attacking the Internet, and defended net neutrality as “the Fairness Doctrine.” Now that has changed and he is all for the new rules.

 

 

 

 

 

 

 

 

Kill Your Adobe Flash Player!

adobe-flash-playerWhether you know it or not you are probably using Adobe Flash Player. Especially if you are using a Windows PC and it’s a problem. But first let’s get a little background on exactly what Adobe Flash Player is and why some want to see it killed.

Adobe Flash Player was the default software for playing videos, games and other animations on web pages. It became really big in 2005 when YouTube began using it. But like most technology it became obsolete. Now many websites and apps are using different and better software to do the same thing. Adobe however remains in use on millions of computers. 

So why kill Adobe Flash Player? Well first of all the thing that makes the software such a great tool is also thing that makes it a serious security issue.

Adobe Flash has the ability to directly access your computer’s memory. This leaves your computer completely open to  exploits.  An exploit is a software that commands a computer to perform a task or function. Cyber security expert Chase Cunningham of FireHost says, “Anytime a site is able to access your computer’s memory, it’s able to make changes on the local machine itself , your PC. That’s when you run into exploits.”

 To make this simple, somone can take over your computer and do as they please. That includes stealing data like user names and paswords or making your computer part of a bot.

For a long time Flash has been the vulnerability of choice for cybercriminals. Many governments, especially totalitarian regimes, used the flaws in Flash to spy on its advisaries.

But last week came the proverbial straw that broke the camels back. An Italian company knowns as Hacking Team had been using previously unknown flaws in Flash. The news came out after the company itself was hacked and over 400 gigabytes of data was stolen and later published online.  What goes around comes around since this company specialized in selling hacking software tools to pretty much anybody.

Security vulnerabilities in Flash are common. So common that this month alone Adobe issued security alerts and fixes for 38 vulnerabilities in Flash Player.

As a result Mozilla has blocked all automatic activations of Flash Player on its browser. Facebook security chief Alex Stamos publicly called for the death of Adobe Flash Player. Stamos tweeted: “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day. Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.”

Will your computer work without Adobe Flash Player? Yes it will and you are probably not going to miss it. Yes, some sites will still have video content that will require Flash Player. You can set your flash player to only activate on demand. This feature is available on most browsers and you can find the instructions here.

Breaking It Down

Most African-Americans are going to ask, how does this affect me? The answer is simple; the Adobe Flash Player is a danger to your computer and data.  Whatever information you are trying to keep secure is probably wide open to a hacker if they want it. Once a hacker is inside your machine it’s likely you may never get rid of him. That is, if your ever discover he is there in the first place. Your user names and passwords to your bank account or other sensitive data can be stolen and used to rob you or steal your identity. Isn’t that enough? Your computer could become part of a botnet used to send milions of spam messages or spread viruses or malware. Another sick thing that could happen is that hackers could take over your webcam and watch you in your home. Its time to do something about that Adobe Flash Player. Here is where you can get all the patches to repair Adobe Flash Player. But you may want ot remove it completely.

Home Internet Security; Have You Been Hacked?

ID-100310547Far too many African-Americans ignore their Internet security. When we do this we are gambling with our lives. Our financial life, our professional life, our identity, our children’s identity or the identity of our husbands or wives, are all endangered if we ignore basic cyber security.  Let’s look at it this way; do you drive without a seat belt? Then why would you use the Internet without being safety and security conscious?

One of the first things you should be aware of when using the Internet is if you are browsing safely and if your browser is secure. Regardless of the browser you use, be it Internet Explorer, Google Chrome, FireFox or Opera, you have to ask, is it secure.

The reality is that it’s hard to know which browser is the safest or most secure. Why? Because there is no set standard for browser security. That makes you responsible for setting up your browser and home network to be as secure as possible. But there is a little good news. Experts at Skybox Security have looked at all the browsers mentioned above and evaluated them based on exposed vulnerabilities, most published and patched vulnerabilities, and the shortest time between security patches.

Surprise! The winner is the browser you are probably not using; Opera.  Opera is pretty much an unknown browser.  It’s market share is around one percent so there’s probably not a lot of interest in finding Opera’s vulnerabilities.  Keep in mind hackers are looking for the greatest numbers to have the greatest impact when they attack. But Opera did have the least number of vulnerabilities.

Even if Opera has the fewest vulnerabilities we have to look at how often the other browsers find and fix their own vulnerabilities. In this category Chrome wins. Chrome finds flaws and issues updates every fifteen days compared to Opera’s every 48 days. Internet Explorer and Firefox update about once a month. But again there more to it than that. Keep in mind that all these browsers are vulnerable to what is known as Zero Day Exploits. That is a flaw that the hackers finds and attack with no warning to the browser makers. It happens all the time. As for Firefox; just last year Extremetech.com named it the least secure browser.

So finally let me answer your question. Which is the safest and most secure browser? My answer would have to be Chrome. AACR does not make product endorsement. But, when looking at the overall measures we have decided that having defenses that update regularly and frequently is the best way to go. We hope that answers your question. Read more about the Best Browsers of 2015 here.

Lets take the next step in your home Internet security. Is your home router secure? Or has it been hijacked? My guess is you really don’t know. I have always said, make damn sure you have solid password protections on all your devices including your home router. Ask yourself  “Is my password stupid?” If your home router is compromised then your life is compromised. Every Internet device in your house uses the router. Think about this, your cellphones connect to your router, all your computers, laptops, tablets, game consoles, television, telephone, printers, home security system, your thermostat and any other smart appliances you have in your home all go through your router. Think long and hard about that.

So how do you now if your router is hijacked? A company named F-Secure just launched their Router Checker tool. It’s a quick, simple and free way to determine whether or not your DNS is working the way it should. OK; so you’re asking what the heck is DNS. DNS stands for Domain Name Servers. This is the the Internet address book.  If your DNS is corrupted or poisoned then you could end up on some pretty dangerous websites and not even know it.

The best thing about the Router Checker Tool is that there’s no app to download and install. It’s a website that you visit with any modern, standards-compliant browser. Any of the browsers we have talked about, Internet Explorer, Firefox, Chrome, Safari, and Opera, will work. I would suggest you check your browser immediately and then bookmark the site and do the test regularly. You can also use the tool when you’re connecting to less trustworthy access points like the airport, a coffee shop, library, or anyplace offering free WiFi. Before you do anything in these places you should fire up F-Secure’s tool and find out what it thinks about your connection.

Now let me ask you another question. Have you been pwned? First a quick definition of the word is clearly needed. Pwned comes from video-game culture. It refers to someone who’s been beaten. Pwned accounts are email addresses and user accounts that have been compromised. A hacker may have illegally obtained the data from a vulnerable system. Perhaps a breached home router? Pay attention people!

Now if your pwned account is made public it becomes a pasted account. That means it has been pasted to public sites that share information while remaining anonymous. Such a site is Pastebin.com

Now there is a site you can use to discover if you have pwned or pasted. Have I Been Pwned?  is a website built by Troy Hunt author of web security courses for PluralsightIt’s simple and free to use. You just enter your email address or account name in a text search box and the site lets you know if it’s been pwned or pasted. Do it!

Paying attention to your digital life is as important as paying attention when you drive. The slightest lapse in focus could get you killed. You know that. It’s the very same with using the Internet. I suggest to black people that you pay attention to what can happen if you lose focus. The Internet may not kill you but if something goes wrong online you may want to kill yourself.

 

 

 

 

ALERT! Superfish Contaminates Lenovo ALERT!

 

CompanyLogos_Lenovo%20LogoThe holiday season has passed and of course many African-Americans got cool new techno-gadgets for Christmas, If you purchased a Lenovo computer it’s time to pay attention.

Lenovo, the world’s largest computer maker, has been selling computers  with an adware/malware known as Superfish. Superfish is the name of a marketing company that produces software called Visual Discovery along with other products.This adware allows ads to be placed in front of the user based on the images they are looking at.

This function involves analyzing images that appear on your computer screen. It matches these pictures against a giant database of images in the cloud. It then places similar images on your computer screen.

For example, if you’re looking at an ad for a new digital camera, Superfish, going by the example in its database, presents matching cameras.

superfish_416x416The Superfish software on your new Lenovo laptop monitors which websites you visit, what you are looking at and searches for related sites. All this based on images instead of the old-fashioned keyword search we are used to.

Sounds good so far right? You probably have no objection to greater choice in shopping or cheaper prices.  But that is if you are aware that Visual Discovery was installed on your computer in the first place. And of course assuming that the software works in a way that doesn’t put your online privacy and security at risk. Sadly many people who purchased these Lenovo computers had no idea this was happening. That is why Lenovo is catching hell and you could be vulnerable.

We like to keep it simple at the AACR so lets tell it like it is. This software opens you up for what hackers call a classic man-in-the-middle attack. See Visual Discovery doesn’t just work inside your browser to see what you are looking at. This adware/malware contains a proxy. This component intercepts network traffic outside your browser so it can keep track of what you are doing, like online banking, user names and passwords. Starting to get the picture? Its an open door to hackers! I don’t think I need to go any further than that.

According to Lenovo the company only installed Superfish on consumer laptops between September and December last year. During the holiday shopping season! Do think that was an accident? Really?

Chrome and Internet Explorer browsers are affected because they use Microsoft’s Windows store of trusted certificates. If you use the Firefox browser the Electronic Frontier Foundation found as many as 44,000 Superfish certificates were run by users of Mozilla’s browser.

How do you know if your computer is infected?  Check Windows’ list of trusted certificates. Go to Control Panel and search for “certificates”.  A list of Administrative Tools will come up. Select the “manage computer certificates” option. Click on the “Trusted Root Certification Authorities” option and then “Certificates”. If you see one with Superfish Inc. attached to it then consider yourself officially infected.

This is the nasty part. Even if you do find it, uninstalling the program does not solve the problem since it does not remove the certificate. So if you believe that Superfish is floating around inside your computer back up your data and update it to a new operating system; a new more secure OS. This is probably going to cost you some money but you can get that back and then some by joining the class action lawsuit.

Lenovo will no longer be using Superfish adware in its devices and will help customers remove the malware from their computers as quickly as possible. Lenovo also issued the following statement via Twitter: “We’re sorry. We messed up. We’re owning it. And we’re making sure it never happens again.” Lenovo also issued detailed instructions for removing the adware/malware as well as how to determine if the troublesome Superfish digital certificate is installed, and how to remove it. You can also find a published list of all machines on which Superfish was installed. You may want to check your machine.