Tag Archives: Net Neutrality

Is Internet Provider’s “Zero Rating’ Really a Revenue Enhancer

The fight in the U.S. over net neutrality is far from over with each side claiming they are right.

In the meantime, the E.U. has required net neutrality since 2016 but has allowed individual countries to figure out how to implement it.  Some have implemented it by not doing anything, which gives us an opportunity to compare the effects.

In the U.S., the side against zero-rating (the opposite of net neutrality), which allows a carrier to exempt particular content from data usage fees – typically their own or from a third party that paid the carrier a lot of money – says that it is just a way for carriers to make people use a service that makes them more money, but, apparently, it is worse than that.

Non-profit Epicenter.works studied wireless data prices in 30 European countries and found that the cost of wireless data plans were significantly more expensive in countries that didn’t implement net neutrality and allowed zero-rating.

According to the study, those countries that implemented net neutrality and did not allow zero-rating saw a double digit price decline in wireless data prices over a one year period, while countries that did the opposite saw a price increase.

Again, according to the study, carriers that allowed zero-rating jacked up prices to make their content (the zero-rated content) seem cheaper by comparison.

In the U.S. the fight over net neutrality is in the courts at this point, so we probably won’t know the outcome for years.

What does seem to be the case is that U.S. consumers already pay way more for wireless data than do their European counterparts and that is not likely to improve anytime soon.  Source: Motherboard.

 

 

Facebooktwitterredditlinkedinmailby feather

Security News Bites for Week Ending Sep 21, 2018

New Web Attack Will Crash Your iPhone, iPad or Mac

A new CSS-based web attack will crash and restart your i-device with just 15 lines of code.  The code exploits a weakness in iOS’ web rendering engine WebKit, which Apple mandates all apps and browsers use. Anything that renders HTML on iOS is affected. That means anyone sending you a link on Facebook or Twitter, or if any webpage you visit includes the code, or anyone sending you an email. TechCrunch tested the exploit running on the most recent mobile software iOS 11.4.1, and confirm it crashes and restarts the phone.  Source:  Techcrunch

Ajit Pai Says California Net Neutrality Law Radical and Illegal

Ajit Pai, Chairman of the FCC and the guy who repealed the FCC net neutrality policy said that California’s new bill replacing that repealed FCC policy is illegal.   Why?  Because, he says, that it is preempted by Federal law.  This is the same guy who said the FCC didn’t have the power to regulate net neutrality.  Do they?  Don’t they?  Are you confused too?

If Pai intervenes, I am sure this will go all the way up to the Supreme Court – who may or may not hear the argument.

He said this at a talk conservative think thank in Portland.  Maine, like about 30 other states, is in the process of creating its own net neutrality law.  If he thought that the states would bow down to him when he repealed the FCC policy, apparently, he was wrong.

Also apparently, his beef is with zero rating, a practice where a carrier doesn’t charge you if you use their service or use a service that has paid them a lot of money, but does charge you to use a service who has not written them a big check.  His theory, apparently, is that if poor people must (due to financial constraints) use only those services that write a carrier a big check, that will, somehow, promote an open and innovative Internet.  Source:  Motherboard

Another Day, Another Crypto Currency Exchange Hacked

Japanese crypto currency exchange Zaif was hacked to the tune of $60 Million of Bitcoin, Bitcoin Cash and Monacoin.  About a third of that was owned by the exchange;  the rest owned by customers.

For now, withdrawals and deposits have been halted, with no specified time when it might – or might not – resume.  If ever.

The company says that they will compensate  users who lost $40 million or so and have sold the majority of the company for $5 billion yen (roughly the amount of money not owned by them that was stolen).

Assuming that deal actually closes, they figure out how the attack happened and fix the problem … and, and, and.  Japan’s financial regulator has stepped into the poop pile.

I assume that if and when customers actually get access to their money – the part that wasn’t stolen – they will find someplace else to store their crypto currency.  That likely means the end of Zaif, no matter what.

In the mean time, they will just have to hang out and wait to see what happens.  Source: Bloomberg.

3 Billion Malicious Logins Per Month This Year

According to Akamai, there were over 3 billion malicious logins per month between January and April and over 8 billion malicious logins during May and June at sites that they front end.

Many malicious login attempts come from the technique of credential stuffing where hackers take credentials exposed during hacks and try them on other web sites.  For example, try the 3 billion exposed Yahoo passwords on Facebook or online banking sites.  Even though we tell people not to reuse passwords, they do anyway.

According to Akamai, one large bank was experiencing 8,000 accounts being compromised per month.

One bank experienced over 8 million malicious login attempts in a single 48 hour period.  I bet some of these attempts worked.  A load like that will impact the bank’s ability to serve real customers.  Source:  Help Net Security.

Facebooktwitterredditlinkedinmailby feather

Security News Bites for the Week Ending September 14, 2018

How, Exactly, Would the Government Keep a Crypto Backdoor Secret?

The Five Eyes (US, Canada, Australia, New Zealand and Great Britain) countries issued a statement last week saying that if software makers did not voluntarily give them a back door into encrypted apps they may pursue forcing them to do that by law.  Australia and the UK already have bills or laws in place trying to mandate that (Source: Silicon Republic).

First, parental control/spyware app Family Orbit stored their private access key in a way that hackers were able to access 281 gigabytes of spied on photos in over 3,000 Amazon storage buckets.  This means that tens of millions of photos taken by kids and of kids are now on the loose.  All because parents wanted to keep tabs on what their kids were doing.  Now the hackers can keep tabs on their kids too (Source: Hackread).   Family Orbit shut down all services until they can fix the problem, but that won’t help recover the 281 gigabytes of data already stolen.

And, for the second time in three years, spyware maker mSpy leaked the data from a million customers including passwords, call logs, text messages, contact, notes and location data, among other information (Source: Brian Krebs).

So here, in one week, two companies who’s very existence is threatened by these leaks were hacked.  Somehow, hundreds of backdoors on major apps will be kept secret by the government.

Sure.  I believe that.  Not.

This is also a word of advice to parents who either are using spyware on their kids or are thinking about it.  The odds of that data getting hacked is higher than you might like.  Would it be a problem for you or your kids if all of their pictures, texts, contacts and passwords were made public?  Consider that before you give all of that data to ANY third party.

Popular Mac App Store App Has Been Sending User Data to China for Years

In a situation that you very rarely hear about, researchers have discovered that the 4th most popular paid app in the Mac app store, Adware Doctor, has been sending user browsing history to China for years.  Apparently, when you click on CLEAN, they take a very liberal view of the request, zip up your browsing history and send it to China. They are able to do this based on the permissions that the user gives it, reasonable permissions given the app.  In other words, they abused the trust that users gave them.

This was reported to Apple a month ago and Apple did nothing about it, but within hours of the news hitting the media, Apple yanked this very popular app from the store.  That, of course, does not protect anyone who has already downloaded it, but at least it will stop new people from becoming victims.

The power of the media!  Source: (Motherboard).

ISPs Try Hail Mary in Bid to Derail California’s Net Neutrality Bill

The California legislature is on a roll.  First the California Consumer Privacy Act (AB 375) – now law, then  the Security of Connected Devices Act (SB 327)- on the Governor’s desk and now The Internet Neutrality Act (SB 822) which would implement many of the requirements of the now repealed FCC Net Neutrality policy.  ISPs such as Frontier, have asked employees to contact the governor and tell him to veto the bill.  This was after AT&T bribed, err, technically “lobbied” an Assembly committee to gut the bill.  The industry then targeted robocalls at seniors saying the bill would cause their cell phone bill to go up by $30 a month and for their data to slow down (neither is true).  It is still on Governor Brown’s desk.  (Source: Motherboard).

Facebook is in the middle of an Apple-esque Fight Over Encryption with the Feds

While this case is under seal, a few details have surfaced.  In this case the feds are asking Facebook to comply with the wiretap act, a law passed in the 1960s, long before the Internet, which requires a phone company to tap a phone conversation after receiving a warrant.

In this case is Facebook Messenger even a phone call as defined in the Act?  Facebook, apparently, says that they do not have the means to do it;  that they do not have the keys.   Can the government force Facebook to rewrite it’s code to provide the keys to the government on request?  Even if they do, the conversations themselves do not go through Facebook’s network, so they could not capture the actual traffic, even if they wanted to.  The NSA could do that, but that is between the NSA and the FBI, not Facebook.

Can they force Facebook to completely rearchitect their system, at Facebook’s cost, to comply?  Even if they do, how long would that take?  What would be the operational impact to Facebook?

Since this is all under seal, we don’t really know and may, possibly, never know.

At this point it is not at all clear what will happen.  It is possible that the court will hold Facebook in contempt, at which point, I assume, Facebook will appeal, possibly all the way up to the Supreme Court.

Think San Bernadino all over again.  Source:  The Verge.

Facebooktwitterredditlinkedinmailby feather

OPM Breach, USA Freedom Act, Net Neutrality and Other Items

Several short items  – The battle over NSA spying is not over, the OPM breach is better or worse than we thought, The first ruling on net neutrality is here, Senator McConnell is trying to insert the cyber protection bill CISA inside the defense appropriations bill in a way that does not allow for debate.  Crazy Thursday.

First, The House voted today to defund two NSA backdoor spying programs that Rep. Thomas Massie (R-KY) said are worse than the NSA bulk data collection.  The NSA admitted that it sometimes spies on Americans communications under an authority that was intended to apply only to foreigners.  The amendment would require the NSA to get a warrant first.  The other amendment would block funds for NSA projects to build vulnerabilities INTO security products (see article).  These amendments to the NDAA are far from certain as there is a lot of mischief going on in the Capital over the NDAA.

The OPM is now saying that people’s SF-86 security questionnaires were not compromised in the breach.  However, AFGE union head David Cox wrote to the OPM saying that based on sketchy information released by the OPM, the target of the hackers was the central personnel repository database, which contains information on every federal employee, retiree and a million former employees.  Cox said that the data that the hackers stole included Social Security numbers, birthdays, addresses, military records, job and pay histories, and various insurance information, in addition to age, gender, and race data.  Since the OPM is being pretty quiet, we do not yet know the truth (see article).

The U.S. Court of Appeals for the D.C. Circuit has ruled against the telecom and cable companies to block the FCC plan to regulate Internet providers like other telecom carriers (the so called Title II classification).  The court did grant the request from both sides to expedite the hearing on the merits, but in the mean time, the rules go into effect on Friday, baring a ruling to the contrary from a higher court (see article).

Sen. Mitch McConnell is at it again.  This time he is trying to insert the long delayed cyber security bill known as CISA into the National Defense Authorization Act in a way that does not allow for debate or amendment.  The NDAA is a must pass bill, but President Obama has already said me may veto it for other reasons.  Adding other, totally unrelated bills into that bill will not improve its chances for passing.  McConnell says that because of the OPM breach, he is resorting to this strange approach.  The fact that CISA only applies to private companies, which does not include the OPM seems to make this argument misplaced (see article).  There are a number of Senators who are not happy with McConnell right now, so stay tuned.

ICANN, The organization that currently manages Internet names and numbers has been talking about giving up control, which currently rests with the Department of Commerce, to an independent international organization.  Some folks do not like the U.S. giving up power that it has over the Internet while others think it is a good idea.  In any case, ICANN said that there is no way it will be ready to do this by the September 30th target date.  September 30th is the end of the current existing contract between DoC and ICANN.  ICANN won’t even submit a proposal to the government on how this might work until mid October and who knows how long the evaluation process might take (see article).

Facebooktwitterredditlinkedinmailby feather