AT&T Looking at Internet Filtering

AT&T Looking at Internet Filtering
Wed Jan 23, 2008 10:18 AM EST
Article found via Newsvine / Associated Press

AT&T Inc. is still evaluating whether to examine traffic on its Internet lines to stop illegal sharing of copyright material, its chief executive said Wednesday.

CEO Randall Stephenson told a conference at the World Economic Forum that the company is looking at monitoring peer-to-peer file-sharing networks, one of the largest drivers of online traffic but also a common way to illegally exchange copyright files.

“It’s like being in a store and watching someone steal a DVD. Do you act?” Stephenson asked.

AT&T has talked about such plans since last summer. They represent a break with the current practice of U.S. Internet service providers, who are shielded by law from liability if their subscribers trade copyright files like movies.

Stephenson said he still sees value in peer-to-peer networks despite some problems. The networks are increasingly used for legally distributed files like movie trailers and software.

Comcast Corp., the second largest U.S. Internet provider after AT&T, has chosen another way to deal with the congestion caused by file-sharers, by hampering some peer-to-peer traffic regardless of whether the content is legal.

The U.S. Federal Communications Commission said earlier this month it would investigate complaints from consumer groups and legal scholars that Comcast’s practice violates the open access principles of the Internet.

Five Most Overlooked Open Source Vulnerabilities Found By Audits

Foudn via yahoo news / Techweb
Five Most Overlooked Open Source Vulnerabilities Found By Audits

By Charles Babcock
InformationWeek Tue Jan 22, 5:45 PM ET

After reviewing 300 million lines of code in 2007, Palamida, a vulnerability audit and software risk management company, says it’s identified the five vulnerabilities most frequently overlooked by users in their open source code.
ADVERTISEMENT

The five are listed in alphabetical order. Palamida did not attempt to assign a frequency ranking to the five, CEO Mark Tolliver said. Also, the Palamida list reflects known vulnerabilities that have been aired and fixed by their parent projects but are still encountered in the user base, such as businesses and government agencies. The projects named are not frequent offenders when it comes to security vulnerabilities, but their code is so widely used that unpatched vulnerabilities show up in Palamida’s enterprise and nonprofit agency software scans. In all cases, a patch is available to fix the vulnerability.

Open source code is “not any more vulnerable than commercial software” and in some cases, less so, said Tolliver. Open source projects tend to acknowledge their vulnerabilities and fix them promptly, he added.

The company conducts audits on enterprise software, spotting uses of open source and identifying origins of code. It both sells products to conduct audits and offers audit services and risk management consulting.

Palamida’s list of five frequently overlooked vulnerabilities is as follows:

Geronimo 2.0, the application server from the Apache Software Foundation, contains a vulnerability in its login module that allows remote attackers to bypass authentication requirements, deploy a substitute malware code module, and gain administrative access to the application server. The access is gained by “sending a blank user name and password with the command line deployer in [Geronimo’s] deployment module,” the Palamida report said. A blank user name and password should trigger a “FailedLoginException” response in Geronimo 2.0 but doesn’t.

A patch for the vulnerability exists at https://issues.apache.org/jira/secure/attachment/12363723/GERONIMO-3404.patch.

Geronimo competes with Red Hat’s JBoss and other open source application servers.

The JBoss Application Server has a “directory traversal vulnerability in its DeploymentFileRepository class in releases 3.2.4 through 4.0.5. It allows remote authenticated users to read or modify arbitrary files and possibly execute arbitrary code,” the Dec. 7 report concluded.

A patch is available at http://jira.jboss.com/jira/browse/ASPATCH-126.

The third frequently encountered vulnerability on the list is the LibTiff open source library for reading and writing Tagged Image File Format, or TIFF, files. The LibTiff library before release 3.8.2 contains command-line tools for manipulating TIFF images on Linux and Unix systems and is found in several Linux distributions.

Using the LibTiff library in a version before 3.8.2 allows “context-dependent attackers to pass numeric range checks and possibly execute code via large offset values in a TIFF directory,” the Palamida report states. The large values may lead to an integer overflow or other unanticipated result and constitutes an “unchecked arithmetic operation,” the report said.

A patch is available at http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz.

The fourth vulnerability on the list is found in Net-SNMP, or the programs that deploy the SNMP protocol. It’s found in version 1.0, version 2c and version 3.0. When certain versions of Net-SNMP are running in master agentx mode, the software allows “remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a freeing of an incorrect variable,” the report said.

A patch is available at http://downloads.sourceforge.net/net-snmp/net-snmp-5.4.1.zip?modtime=1185535864&big_mirror=1.

The fifth overlooked vulnerability is found in Zlib, a software library used for data compression. Zlib 1.2 and later versions allow a remote attacker to cause a denial-of-service attack. The attack designs a compressed stream with an incomplete code description of a length greater than 1, causing a buffer overflow.

The patch consists of upgrading zlib to version 1.2.3 at www.zlib.net/zlib-1.2.3.tar.gz.

The fact that the vulnerabilities exist doesn’t mean that anyone should stop using open source code. But users should adopt vulnerability patches or update to the latest, stable version of the code, said Theresa Bui, VP of marketing at Palamida. A complete description of the five vulnerabilities, along with their Common Vulnerability and Exposure number, can be found at Palamida’s Dec. 7 Web site listing. The CVE is a project of the Mitre Corp. that gives vulnerabilities a shared definition and reference number across security vendors.

See original article on InformationWeek.com

CIA Says Hackers Have Cut Power Grid

Hopefully if they are reporting this it means that we have fixed all the potential problems in this area. Just another reminded that as our society becomes more and more dependent upon technology, we also become more vulnerable to problems – be it intentional maliciousness or just breaking down.

Story found via PcWorld:
CIA Says Hackers Have Cut Power Grid
Several cities outside the U.S. have sustained attacks on utility systems and extortion demands.
Robert McMillan, IDG News Service
Saturday, January 19, 2008 6:00 AM PST

Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.

Speaking at a conference of security professionals on Wednesday, CIA analyst Tom Donahue disclosed the recently declassified attacks while offering few specifics on what actually went wrong.

Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.

“We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands,” he said in a statement posted to the Web on Friday by the conference’s organizers, the SANS Institute. “In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.”

“According to Mr. Donahue, the CIA actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure,” SANS said in the statement.

One conference attendee said the disclosure came as news to many of the government and industry security professionals in attendance. “It appeared that there were a lot of people who didn’t know this already,” said the attendee, who asked not to be identified because he is not authorized to speak with the press.

He confirmed SANS’ report of the talk. “There were apparently a couple of incidents where extortionists cut off power to several cities using some sort of attack on the power grid, and it does not appear to be a physical attack,” he said.

Hacking the power grid made front-page headlines in September when CNN aired a video showing an Idaho National Laboratory demonstration of a software attack on the computer system used to control a power generator. In the demonstration, the smoking generator was rendered inoperable.

The U.S. is taking steps to lock down the computers that manage its power systems, however.

On Thursday, the Federal Energy Regulatory Commission (FERC) approved new mandatory standards designed to improve cybersecurity.

CIA representatives could not be reached immediately for comment.

Americans more wired, new-media survey finds

Americans more wired, new-media survey finds
From yahoo news / Reuters
By Gail Schiller

NEW YORK (Hollywood Reporter) – About 38 percent of U.S. consumers are watching TV shows online, 36 percent use their cell phones as entertainment devices and 45 percent are creating online content like Web sites, music, videos and blogs for others, according to a new-media survey from Deloitte & Touche.

The findings of the online survey of 2,081 Americans, conducted October 25-31, were provided to The Hollywood Reporter before their official release next month.

The “State of the Media Democracy” notes that in Deloitte’s first edition of the survey just eight months earlier, 24 percent of consumers used their cell phones as entertainment devices, meaning that usage has soared 50 percent.

About 62 percent of “millennials” (consumers 13-to-24-years-old) are using their cell phones as entertainment devices, up from 46 percent in the previous study conducted February 23-March 6, 2007. And among Generation X consumers (25-to-41-year-olds), the number grew to 47 percent from 29 percent in the earlier survey.

About 20 percent of consumers said they are viewing video content on their cell phones daily or almost daily.

The percentage of consumers watching TV online jumped from the 23 percent figure reported in the previous study. Roughly 54 percent of those surveyed said they are making their own entertainment content through editing photos, videos or music, 45 percent said they are producing that content for others to see, and 32 percent said they consider themselves to be “broadcasters” of their own media.

“I think for advertisers one of the conclusions is you don’t make decisions to advertise either on television or the Internet when you want to hit all the demographics, but rather you need to have a multiplatform strategy,” said Ken August, vice chairman and national sector leader for Deloitte & Touche’s media and entertainment practice, which commissioned the study. “It shouldn’t be an either or proposition.”

Among the study’s other findings:

— 54 percent of consumers said they socialize via social networking sites, chat rooms or message boards, and 45 percent said they maintain a profile on a social networking site.

— 85 percent of consumers still find TV advertising to have the most impact on their buying habits, but online ads are second best, with 65 percent of consumers saying they have the most impact, beating out magazines at 63 percent.

Reuters/Hollywood Reporter

More and more Americans getting hooked on electronics. There are many good and bad things I see with this news. We can share information and entertainment quicker, and I enjoy this new era of information sharing. I believe we will see more problems with technology compatibility in several areas as well. We already have competing formats with everything from software and operating systems, to different cell phone companies having various accepted formats for multimedia messages and such. There will certainly be much more confusion among people as to what works with what, but lets hope the barriers come down in those areas in the future as well. More on this in another post later.

Pluck hooking up media outlets with social networks

from yahoo news / reuters

Pluck hooking up media outlets with social networks

By Robert MacMillan 30 minutes ago

NEW YORK (Reuters) – Online media syndication company Pluck Corp said on Wednesday it would give traditional media companies the ability to link their Web sites to online social networks like MySpace and Facebook.

The move would allow people to leave comments on news Web sites that then show up on their social network profiles, allowing the traditional media outlets to reach people where they are spending increasing amounts of time on the Internet, said Pluck Chief Executive Dave Panos.

This is important to media companies that are trying to build up their online audiences as they lose readers and advertising revenue for their print editions.

“If I comment on a story about the presidential primary, the story itself is going to be noted on my Facebook profile, and so is the comment I made,” he said.

Companies using Pluck’s technology include USA Today publisher Gannett Co Inc (GCI.N), Discovery Communications, the Canadian Broadcasting Corp, Runner’s World publisher Rodale and Better Homes & Gardens publisher Meredith Corp (MDP.N).

“People are interested in sharing experiences around news,” said Jim Brady, executive editor of The Washington Post Co’s (WPO.N) Web site, washingtonpost.com, which also is participating.

Brady said that could build up more loyal readers for the Web site while exposing the Post’s news to many of Facebook’s 55 million users worldwide. MySpace, owned by News Corp (NWSa.N), has about 110 million users worldwide.

“We’re not trying to be Facebook or MySpace,” he said. “By giving ourselves a hook into the bigger social networks, it allows us to get more pollination.”

The move allows traditional media companies to associate themselves with popular social networks whose members — typically younger than the average newspaper reader — are considered the most valuable to advertisers on- and offline.

“If you’re a media company, you’re now attracting more users to your site,” Panos said. “For them, I think it’s about reaching a broader audience, and maybe a younger demographic.”

Reuters Group (RTR.L) (RTRSY.O) which made a $7 million investment in Pluck last year and has an undisclosed ownership stake, also is a participant.

Media companies will be able to link up with Facebook starting in the first quarter of 2008, Pluck said. Networks that are part of Google Inc’s (GOOG.O) OpenSocial technology for independent software developers — which includes MySpace as a member — will be able to use Pluck’s technology by mid-2008.

(Editing by Carol Bishopric)

I am glad to see so many social network deployments these days. Competition keeps things healthy. Hopefully we will all benefit from multiple companies pushing various software for social networks and they will all keep getting better and better. We are currently testing a few social network platforms for various clients of different sizes with different needs. There is also much talk around the shop about sharing information among the social networks. You can see this similar goal being developed with google’s open social, and the openid platform. Of course avoiding end user privacy issues is always a concern, but making things easier for end users to log into and use the various social sites and choosing which information to share or keep private and semi private is going to be of paramount importance.

Colleges Create Offbeat Videos to Try to Build Web Buzz

We love to see more niche markets getting creative with public relations, and using newer media to get an unusual message out is just the kind of thing that colleges should be doing. It’s a young hip demographic, certainly viral videos will be more effective online than any amount spent on print advertising. The social aspect of college should be a focus and getting viral videos spread through social networks may get groups of students interested.

From the wired campus blog:

These days colleges’ PR offices are creating more and more videos to promote campus events and get their institution’s name out. And some have tried to adopt the lighthearted or edgy tone that seems most popular on YouTube.

The collegewebeditor blog has been tracking such efforts, and today they point out an unusual holiday video created by the University of Maryland at College Park.

Connie Chung, an alumnus of the university, makes a cameo appearance, but the star is the college’s mascot, Testudo, leading students and staff members from across campus to gather for a holiday photo. The overall feel seems something out of a Disney film, and somehow it seems long, even though it’s only two minutes. It’s too soon to tell whether it will be the next big viral video — so far the version on YouTube has only been viewed a couple hundred times.

Last month, the blog featured a roundup of quirky promotional videos featuring college presidents, highlighting various presidents jumping out of planes, answering questions on a late-night TV show, or riding a motorcycle. None of those have been blockbusters either, though.

It’s serious if you admit to your relationship on Facebook – and other social networks

From yahoo news / reuters

For college students, if it’s Facebook, it’s love

By Joanne Kenen Tue Dec 4, 7:20 PM ET

WASHINGTON (Reuters) – For the Facebook generation, love now comes with a drop-down menu.

With profiles on the Facebook social networking site (http://www.facebook.com/) almost de rigueur on college campuses, students can define their relationship status with menu choices ranging from “married” to that perennial favorite, “It’s complicated.”

“It’s complicated” could also describe the emotional calculations people in their late teens and early 20s make as they decide whether their relationships are what they call “Facebook-worthy.”

For Stephanie Endicott and Marcus Smallegan, first year students at George Washington University, announcing to the world that they had found love in a college dorm was a no-brainer.

“It was important for me to share this with my friends since I’m so far away,” Endicott, attending school 3,000 miles

away from her home in Maple Valley, Washington, said as she clasped Smallegan’s hand on a park bench on the campus.

“Neither of us had been in a really good relationship before and ours turned really good really fast,” added Smallegan, who had posted a relationship on Facebook once before, only to have that girl move out of state and break up with him via a text message on his cell phone.

Some of their friends, however, have had less harmonious Facebook experiences. Both Endicott and Smallegan know of other college students who thought they were in a relationship — only to have it all blow up when they tried to link their two Facebook profiles as a couple, an option that requires the consent of both parties.

“It was this major emotional crisis breakdown,” Smallegan said of a close friend at a Midwestern university who was heartbroken when her cyberlink was rebuffed by a young man who thought they were “just friends.”

Not all students post their relationship status. For some, it’s a matter of privacy. For others, it’s all about marketability.

“I have NEVER changed my Facebook status — it has always been single, even when I started to get involved with girls. I think it’s better this way, until you are VERY serious, because people look, people talk, etc., and unless it is super-serious it can ruin any chance with any other girl!” one young man, who asked that his name be withheld to avoid alienating his current and many ex-girlfriends, wrote in an e-mail.

But for many couples, being “Facebook-worthy” confers a status on a relationship.

When a couple was “going steady” in the 1950s, the young man might have let his girlfriend wear his Varsity team sweater or given her his fraternity pin. But the 1960s swept aside those rituals. Now the Facebook link has become a publicly-recognized symbol of a reasonably serious intent short of being engaged or moving in together.

“For those in a relationship, the theme that kept echoing was that Facebook made it official,” said Nicole Ellison, an assistant professor of telecommunication and information studies at Michigan State University who has studied social networking sites. “That was the term they used. And when the relationship fell apart, when you broke up on Facebook, that’s when the breakup was official.”

Facebook even produces a little red broken heart icon when a couple splits up.

Duke University student Adam Zell concurred. “Putting it on Facebook made it official,” said Zell, who had a “serious sit-down relationship talk” with his girlfriend last year after two or three months together. They made a joint decision to put “in a relationship” on Facebook, and link profiles.

Dave Berkman, who does mental health counseling at the University of Wisconsin clinic, finds that some students feel compelled to define themselves on a Facebook page, or to compulsively update their status over and over again.

“People are beginning to use it more than phones, more than text messages, more than instant messaging, even more than talking in person,” he said. “It speeds things up. People are prone to define where they are so they can show other people (online).”

If Facebook can certify a relationship, it can also destroy one. Ellison in her research learned of one young couple in a “Facebook-worthy” relationship. But he cheated with a young woman who naturally looked up his Facebook profile. When she saw he had an “official” Facebook girlfriend, she contacted the other woman.

“Then the two of them were in cahoots to make this guy’s life miserable,” Ellison said. “So if you are in a relationship and it’s listed on Facebook, don’t cheat.”

(Reporting by Joanne Kenen; Editing by Eddie Evans)

I know there have been many other social network dramas played out on Myspace and other social networks for similar reasons stated above. For a while there was even an internet service that would alert you to changes in a person’s relationship status. I have seen many a drama started up by comments from friends and people who change or don’t change their relationship stats to single, or dating, etc on myspace and other social networks myself.

What sort of ad agency does an entrepreneur need?

From the Tennessean Newspaper in Nashville, TN:

Sunday, 10/14/07
What sort of ad agency does an entrepreneur need?
Answer: One willing to take a few chances to help an owner score big

By RANDY MCCLAIN
Business Editor

Jeffrey Buntin Jr., the 34-year-old president of The Buntin Group, has seen the Nashville advertising agency started by his dad in the 1970s guide the accounts of some of this area’s and the nation’s most entrepreneurial companies.

The Buntin Group, marking 35 years in business this fall, has worked with Cracker Barrel, John Deere, Dollar General, golf pro Jack Nicklaus and others.

Buntin, who now heads the agency, said start-up companies in search of advertising help should look for advisers that can provide more than just flashy slogans or clever commercials.

“We say to potential clients, select someone who wants to be your business partner, not just your ad agency.”

Buntin’s take is that it makes sense to pick an agency that can weigh in on long-term strategy and help an entrepreneur better define his or her target customer.

“The idea is to establish intimacy with your audience, to understand what they want, not just to sell them a product,” Buntin said.

It’s easier to think big early: “In the early stages of a business, there’s an opportunity to think of a new company as a brand, not just as a means of delivering a product. We ask clients to think of the brand, ‘why.’

“There’s a purpose or a mission behind every brand. It’s alive and authentic and it helps when you’re able to put it into words,” Buntin said. “For an entrepreneur, the ‘why’ is what they wake up every morning thinking about as they’re brushing their teeth,” what drives them in the business world.

Companies can get it right from the outset or they can evolve.

Servpro, a clean-up and restoration franchisor, has been based in Gallatin, Tenn., since relocating there from the West Coast in the late 1980s. It started years before that as a painting company and morphed into a maintenance firm that worked with insurers to clean up after fire and water damage.

But in more recent years, the Buntin Group client evolved to work directly with homeowners in addition to the commercial insurers. Servpro now targets individual consumers who need big clean-up jobs after storms or other mishaps.

The brand — reflected in Servpro’s identifying slogan — is: “Like it never even happened.”

Reaching out to homeowners was a big change in strategy, but it helped Servpro keep growing, Buntin said. The common thread all along was “about restoring control,” he said. “That thought process allowed them to diversify and accelerate overall growth. It provided brand clarity.”

Trust your intuition or partner with someone whose intuition you trust: Entrepreneurs generally have a sixth sense about the direction their business should take, but “they’re also more willing to embrace risk,” Buntin said.

Don’t fret about starting small. You can still clobber larger competitors with deeper pockets and bigger budgets.

“Being a challenger brand is more about mindset than the dollars in someone’s budget,” Buntin said. “The key is to know your audience deeply, and to know them as people.

“It’s not enough to have a megaphone and talk loud. You want to build a three-way dialogue,” something that lets the customer talk back to the brand, while also spreading the word about the product or service to others who think, behave and spend like they do.

It’s a new world of delivering messages, Buntin said, and even more-established companies can benefit by thinking of customers differently.

One example: Goodyear hired Buntin’s agency some time ago to study women as tire buyers. Goodyear wanted to learn how to market to a customer that its brand at one time hadn’t truly embraced.

“Even established businesses can launch into a new entrepreneurial era,” Buntin said.

Business and marketing are all about thinking in win and outside the hum drum box in our opinion. Glad to see the are others out there following a similar path.