Tag Archives: Mozilla

Congress, the Courts and Net Neutrality

The war for net neutrality has moved to the halls of Congress and the courtroom. Attorneys generals from 21 states and the District of Columbia have filed suit to overturn the FCC‘s new rules on net neutrality. But the battle is not just the states against the FCC. Technology companies and public interest groups have also filed law suits. Firefox browser maker Mozilla, the public-interest group Free Press and New America’s Open Technology Institute have all taken up the battle for net neutrality. Other major tech-industry companies including Facebook, Google and Netflix are getting in the fight along with other lobbying groups. 

The lawsuit, led by New York Attorney General Eric Schneiderman was kicked off in the U.S. Court of Appeals for the DC Circuit. The petition asks the court to overturn the the FCC’s decision claiming the rule is “arbitrary, capricious, and an abuse of discretion” under the law. The suit also argues that the the FCC improperly reclassified broadband as a Title I information service, rather than a Title II service, because of  “an erroneous and unreasonable interpretation” of communications law. Title II services, also known as common carriers, are subject to greater regulation.

An example of a Title II service would be the U.S. Postal Service. The post office can’t deny service to people sending letters it disagrees with. Another example is the phone company. The phone company can’t refuse service to people based on their religious views. Everyone has the same right to pay to use the service. Until now ISPs were considered common carriers.

The lawsuits are a multi-faceted battle to preserve net-neutrality. In congress Democrats are working to undo the new rule. Democrats in the Senate announced that they were just one vote shy of winning a vote to restore Obama era net neutrality rules. All 49 Democrats have agreed to vote for the repeal of the new Internet regulations. On the Republican side Senator Susan Collins of Maine supports the action.  That leaves Democrats searching for the final Republican to cross the party line and join them. The idea is not so far fetched since the net neutrality issue is a hot button issue for young people and the mid-term elections are approaching.

“Given how quickly we have gotten 50, we have a real chance of succeeding,” said Senator minority leader Chuck Schumer of New York in a statement.

Even if the Democrats succeed in getting the votes the rules does not automatically change. The same bill would have to be introduced and passed in the House of Representatives. That body is controlled by the Republicans and House Speaker Paul Ryan could simply refuse to bring it to the floor for a vote.

Finally, there is Donald Trump. He has to sign the bill to reverse the FCC action. Although the White House has publicly said it supports the the FCC move Trump has never been sure what he wants to do about net neutrality.

According to his own tweets Trump was all in for net neutrality in 2014. Trump criticized Obama for attacking the Internet, and defended net neutrality as “the Fairness Doctrine.” Now that has changed and he is all for the new rules.

 

 

 

 

 

 

 

 

ALERT! – Specter and Meltdown Security Flaw – ALERT!

Regardless of what computer you own, Apple or Windows, Spectre and Meltdown security flaws affect you. Security researchers recently revealed the details of these two microprocessor security flaws. Chips made by Intel, Advanced Micro Devices (AMD) and others are in billions of devices making them sitting ducks for hackers.

Devices with these chips include phones, tablets, PCs, and computer servers. Exploiting the vulnerability opens the door for hackers to steal personal data, passwords, cryptographic keys, and other supposedly inaccessible information from device owners. While the average consumer should exercise caution the impact on business could be devastating. 

The Meltdown flaw only runs on Intel chips while the Spectre flaw can affect devices with virtually any modern processor.

Computer microprocessors handle data like a passwords or encryption keys. Normally these are kept from other apps. But both Intel and AMD pride themselves on the speed of their chips. To do this the chips use whats known as “speculative execution” to try to guess answers that may be needed if a chain of calculations came out a certain way. Since the delay in calculations can be predictable researchers found that a rogue app could guess where confidential data was located in a chip’s memory and steal it.

Regardless of your web browser, Google Chrome, Apple Safari, or any version of the Windows family, they all use Javascript code.  Hackers could introduce a data stealing Javascript program and post it on any chosen web site. Your browser app would automatically run the rogue code like it was an ordinary part of the site’s features resulting in your data becoming vulnerable or stolen. As you can see this is an extremely grave threat to business computing.

Although this vulnerability is now known there is no evidence anyone has used it…yet. And that is where the danger lies. The danger of these flaws is so great that tech companies  swung into action quickly to fix the problem. Perhaps too quickly.

According to various news sources the Microsoft patch to fix the flaw has been damaging some devices.  In some instances the computers are suffering performance problems while others have been bricked. A bricked computer is frozen and unusable. The problem has become so bad that Microsoft has halted issuing the patch for both Spectre and Meltdown for AMD equipped computers and devices.

Intel’s CEO Brian Krzanich addressed the Meltdown and Spectre issue as the keynote speaker at the Consumer Electronics Show in Las Vegas. “I want to thank the industry for coming together to address the recent security research findings reported as Meltdown and Spectre,”  said Krzanich. He called the response to the issues a “collaboration among so many companies.” Krzanich promised that “for our processors and products introduced in the past five years, Intel expects to issue updates for more than 90 percent within a week, and the remaining by the end of January.”

Browser makers have swung into action to combat the flaw. Users of Google Chrome should turn on a feature calledsite isolation.”  The feature prevents malicious Javascript from accessing sensitive data. Google will soon release an update to Chrome’s Javascript feature that will improve protection against Spectre attacks, however, browser performance may suffer.

Microsoft has already issued a Windows security update for its Internet Explorer and Edge browser apps labeled “KB4056890” to protect against Spectre. According to Microsoft the update will change the browser’s features to protect confidential information in a device’s CPU. But make sure you check if your device has an AMD chip before using this patch.

Firefox maker Mozilla said its newest apps changed several features to make Spectre attacks more difficult. Released on January 4th, Firefox version 57.0.4 includes the new protections. Mozilla said in a blog post that it is studying additional ways to strengthen security against the attacks. “In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers. This project requires time to understand, implement and test.”

Apple is planning to release an update to Safari in “coming days” to protect against Spectre. Early tests of the Apple updates showed a minimal impact on browser performance. For additional information on Apple products click here.