888.4.NATNET
Facebook Twitter LinkIn Blog Instagram YouTube Google Plus
24
Sep
2015

Happy Birthday To You! Copyright Invalidated By Courts

by Bill
Judge George H. King of the United States District Court in Los Angeles, issued 43-page decision that invalidates the copyright on the ‘Happy Birthday’ song that has been enforced by music publisher Warner/Chappell and its parent company, the Warner Music Group, since 1988 for about 2 million dollars annually in licensing fees. The court decision included a deeply researched narrative of the complex history of the song and the paper trail of copyright registrations that have followed it since it was first published in 1893. The song “Happy Birthday to You” is thought by many to be the most popular tune in the English language, and if the decision withstands future appeals, “Happy Birthday to You” will finally become part of the public domain.

“Since no one else has ever claimed to own the copyright, we believe that as a practical matter, this means the song is public property,” said Mark C. Rifkin, a lawyer for the plaintiffs. The case decided was originally filed in 2013 by Jennifer Nelson, an independent filmmaker who intends to make a documentary about the song and wishes to use it royalty-free within her film.

While Judge King’ agreed that the song melody can be traced back to “Good Morning to All,” written by Mildred Hill and her sister Patty, a kindergarten teacher. The song was then registered in 1893 by the Clayton F. Summy Company and in 1935; Summy registered a version of “Happy Birthday to You.” However, Judge King also found that while Summy had published the original version of “Good Morning to All,” it never properly had rights to the birthday lyrics and “because Summy Co. never acquired the rights to the ‘Happy Birthday’ lyrics,” the judge wrote, “defendants, as Summy Co.’s purported successors-in-interest, do not own a valid copyright in the ‘Happy Birthday’ lyrics.”

The Plaintiff, Ms. Nelson, said in a statement: “This is a great victory for musicians, artists and people around the world who have waited decades for this. I am thrilled to be a part of the historic effort to set ‘Happy Birthday’ free and give it back to the public where it belongs.”

While the world continues to evolve toward an increasingly restrictive sense of what can be considered to be part of the public domain, it is refreshing to find out that an iconic song sung by hundreds of millions of people at birthday parties each year no longer requires a fee to be paid for its inclusion in commercial works as well. Singing it at your home would have been protected by fair use principles, but restaurants, movies, television shows and other new works will likely be enhanced by its availability without a century old claim requiring them to pay for the ability to wish people a happy birthday in the most common way currently established by our culture.

 

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
17
Sep
2015

Indistinguishability Obfuscation: The Future of Data Security

by Bill

Data Security is quickly becoming one of the most crucial challenges of modern life, and while current technologies offer only a patchwork of best practices and well-intentioned protocols, we are seeing reports far too often of sensitive data falling into the wrong hands. Now a glimmer of hope is getting some hype from security experts who believe, at least conceptually, that a real solution is possible.

In 2013 a couple different security experts posited a new kind of encryption that is now frequently referred to as “indistinguishability obfuscation,” or IO. It calls for the creation of a central hub of cryptography and a unified basis upon which software would reconstruct cryptographic tools like public keys and simultaneously secure their corresponding signatures. However, the pace of progress has been exceedingly slow, mostly because the process of using IO with existing technology would slow down every digital activity to a snails pace. In fact, obfuscating a program would presently add delays measured in lifetimes, not hours.

Those timelines are now being shortened rapidly by the work of leading IO experts. “As of right now it seems like there are no big limitations,” Amit Sahai, a computer scientist at the University of California, Los Angeles, told Quanta Magazine. “IO is powerful and can do almost anything we’ve ever wanted to do.” In fact, researchers believe now believe that if IO can be constructed in terms of certain simple mathematical assumptions, even a quantum computer would be unable to crack it.

How It Works:

Indistinguishability obfuscation utilizes two programs that compute the exact same output by different methods. As in the equivalent functions f(x) = x(a + b) and f(x) = ax + bx. For any set of the three inputs a, b and x each program yields the exact same result as the other, but arrives at the result by a different path. IO suggests it is possible to encrypt them both so that users cannot tell which version they are using at any moment even if given infinite resources and time to analyze the results.

The problem with the method is the time involved. “It probably takes hundreds of years to obfuscate and run a program,” Vinod Vaikuntanathan, a cryptographer at the Massachusetts Institute of Technology who has been heavily involved in IO research explained to Quanta. “When it becomes that ridiculous you stop caring about the exact numbers.”

That estimate is now evaporating thanks to work being done by computer scientists like Allison Bishop, of Columbia University, who showed IO could be segmented into a series of much smaller more practical steps. The details of IO and the progress being made are detailed exquisitely in the Quanta Magazine article, which many may find well worth the time to read.

For our purposes, the real point here is that while data security may be fundamentally flawed at the moment, so is the viewpoint that it will ‘always remain that way.’ Many of the world’s brightest minds are working to restore privacy in a suitable way during the digital age, and these are the kind of people who can calculate their odds of success with precise accuracy, so the fact that they continue to pursue IO gives us all reason to believe in the near future your data will be more secure online than it ever was offline eventually.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
09
Sep
2015

Chrysler & The FDA May Be Charting A New Path Toward Secure Data Updates

by Bill

Now that we live in a world where nearly every inanimate object is a computer of some kind and is interconnected with a nearly limitless number of other devices, safety and security is becoming increasingly important with tangible things the way most people think of digital devices. Now IT experts are also becoming increasingly concerned about the way companies fix hacks when they are discovered.

Six weeks ago hackers found vulnerabilities in a 2014 Jeep Cherokee that allowed them to remotely control its transmission and brakes. Chrysler responded by creating a patch to fix the epic exploit.  However, they distributed the patch by sending out more than one million USB thumb drives via the postal mail to drivers.

Aside from the long standing warnings of security professionals to never plug USB sticks sent via the mail into any device (because it’s far too easy for someone to send out malicious software that way as part of a malware campaign); the method also opens up the obvious possibility that someone who moved or is tech-averse will fail to update their car and will end up in potential life-threatening peril as a result or Chrysler’s new DIY approach to recalls.

A major reason for this rollout is that these cars could not be updated wirelessly by any sort of push messaging sent from Chrysler. Cars from Tesla for example routinely get service updates automatically and wirelessly. However that begs for questions about the level of encryption and security sophistication Tesla or others will be using to prevent third parties from tampering with cars. In some cases it may be greed based things like a way to unlock the doors from a mobile app used by thieves, malicious goals like disabling brakes or any other reason a crackpot might come up with the alter the way your car is intended to function.

The key lesson here is that any company creating a product or service for the modern world needs to be thinking ahead to pre-plan a safe, secure and fool-proof method of updating that product if or when it needs to be corrected in some way. The federal FDA recently launched a new set of UDI Compliance regulations that will cost the medical industry millions of dollars, for the sake of better controlling, tracking and monitoring medical devices when recalls or other alternations are needed. Companies like www.UDIcompliancesolutions.com specialize in handling those extensive filing requirements and this sort of misstep by Chrysler may lead to a similar set of mandates from the state operated Department of Motor Vehicles soon.

These days it’s not good enough to make a great product or to fix one that has a security flaw, companies are now expected to fix hacks immediately, securely and seamlessly without opening up any new opportunities for the hackers and griefers that continue to challenge the pace of progress.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
31
Aug
2015

Cyberwars May Soon Lead to Sanction Wars Between The USA and China

by Bill

According to a new report from the Washington Post, the Obama administration is developing a package of unprecedented economic sanctions against Chinese companies and individuals that benefit from ‘cybertheft’ of valuable U.S. trade secrets. Some rumors suggest the new sanctions may even become public sometime in the next couple weeks, just in time for an important visit from President Xi Jinping of China who is scheduled to arrive next month in Washington for the first state visit of his Presidency.

Officials have said that Chinese hackers may have stolen everything from nuclear power plant designs to search engine source code and confidential negotiating positions of energy companies throughout their sustained and effective campaign of cyber-warfare. A set of sanctions would be a significant increase in the intensity of the American administration’s public response to cyber espionage and economic theft that is routinely committed by Chinese hackers that are understood to be performing these tasks with authorization of their government.

If enacted, these new cyber-sanctions would mark the first use of the executive that established the authority to freeze financial and property assets of, and bar commercial transactions with, individuals and entities overseas who engage in destructive attacks or commercial espionage in cyberspaceorder which President Obama signed by President Obama in April of 2015.

A senior administration official told the Washington Post “As the president said when signing the executive order enabling the use of economic sanctions against malicious cyber actors, the administration is pursuing a comprehensive strategy to confront such actors. That strategy includes diplomatic engagement, trade policy tools, law enforcement mechanisms, and imposing sanctions on individuals or entities that engage in certain significant, malicious cyber-enabled activities. The administration has taken and continues to introduce steps to protect our networks and our citizens in cyberspace, and we are assessing all of our options to respond to these threats in a manner and timeframe of our choosing.”

Last month, the FBI said that on a global level, economic espionage cases surged 53% in the past year, and that China accounted for most of that – so the motivation for sanctions is clear, but the reactions possible still make enacting any new sanctions a difficult move at best.

If sanctions are imposed, “I’d say the chances of Chinese retaliation are high,” said Jeffrey A. Bader, Obama’s principal adviser on Asia from 2009 to 2011. But, he also added that “if a Chinese company was a beneficiary of stolen intellectual property from an American company, and the evidence is clear cut, then actions or sanctions against that Chinese company strike me as appropriate.”

With the Chinese economy faltering and so much US Debt in the hands of Chinese investors, the complexity of international relations, timing of these events and massive stakes on the line are creating a political challenge of monumental significance. It is also starting to show that the eventual solution to piracy and cyber security concerns is likely to be as political or legislative as technological.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
21
Aug
2015

Data Security Continues to Emerge As A Leading Consumer Trigger Point

by Bill

As the Internet and cloud computing become nearly ubiquitous, so do recent strains of data security malfeasance and intrusions by unscrupulous hackers. These days, data security is quickly becoming a make or break element of any online sales pitch, recurring revenue stream and more.

In just the last few months alone we have seen widely reported stories of: Lifelock being investigated by the Federal Trade Commission for failing to put proper data security protocols in place, a massive data hack of the Office of Personnel Management that may have included the personal information from as many as 18 million people, and a hack of Ashley Madison (a website advertising itself as a place to find an affair online) that may include as many as 30 Million user profiles.

Given the widespread loss of private data, in conjunction with recent credit card data hacks that have impacted the security of large retailers like Target and HomeDepot along with the government sponsored privacy intrusions made public by Edward Snowden – having any level of data privacy is becoming an increasingly significant concern for many consumers.

A recent Pew Internet report found that: “93% of adults say that being in control of who can get information about them is important; 74% feel this is “very important,” while 19% say it is “somewhat important. 90% say that controlling what information is collected about them is important—65% think it is “very important” and 25% say it is “somewhat important. At the same time, Americans also value having the ability to share confidential matters with another trusted person. Nine-in-ten (93%) adults say this ability is important to them, with 72% saying it is “very important” and 21% saying it is “somewhat important.”

In the face of so much proof that data is currently hackable, even when backed by government agencies, huge corporations, million dollar guarantees or mega-corporation IT departments – it becomes increasingly clear that consumer experience will either need to change the expectations of the marketplace, or will have a negative impact on the bottom line of many companies both online and offline as well.

Some have argued for harsher penalties against hackers, others dream of instituting new protocols that are harder to hack, and some seem resigned to the notion that the public should simple accept the fact that modern world conveniences come with an inherent loss of data security. The most likely outcome will be some combination of all three premises, with a long period of transition along the way toward any meaningful resolution.

In the meantime, companies are already taking smart steps to market their brands by adding trust seals from companies like WebsiteSecure.org, TrustE and Verisign. While adding highly visible support with live chat windows, toll free call centers and more. Now more than ever, showing your customers that their security matters to you and that you are doing all you can, even though it is confined within the limits of what is possible, is an essential part of maximizing your revenue and their satisfaction.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
13
Aug
2015

Attackers Hijacking Critical Cisco Network Gear?

by Bill

Cisco Systems is now officially warning customers about attacks that have hijacked critical networking gear by swapping out the valid ROMMON firmware image with a maliciously altered version using valid administrator credentials. The fact that the attackers use valid administrator credentials indicates that the attacks are being done by insiders or hackers who have obtained the necessary passwords required to update or change Cisco hardware.

ROMMON is the ROM Monitor, used for booting Cisco’s operating system, and it is frequently used by SysAdmins to configure tasks, recover lost passwords, download software, and alter the router settings and more.

The CISCO advisory states: “In all cases seen by Cisco, attackers accessed the devices using valid administrative credentials and then used the ROMMON field upgrade process to install a malicious ROMMON. Once the malicious ROMMON was installed and the IOS device was rebooted, the attacker was able to manipulate device behavior. Utilizing a malicious ROMMON provides attackers an additional advantage because infection will persist through a reboot.”

So, while the IT industry is buzzing over this news, in reality no product vulnerability is being used because an attacker requires valid admin credentials or physical access to the system. That essentially means that the attacker could just as easily bring these systems to their knees by pouring hot pots of coffee over the active servers or deleting all files on them because they are doing these things after gaining access via stolen passwords or physical intrusions.

For that reason, we view this news as a useful reminder of the importance of maintaining password security and properly securing all sensitive IT gear from intrusion. National Net continues to utilize state of the art password encryption methods and security best practices to limit access to all servers under our supervision to only those people who should have access, and to limit the access of each person with access to include only the functionality their tasks require. At the end of the day, server security is as much about not spilling coffee on your hardware or handing out your passwords as it is about updating firmware and heeding Cisco warnings.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
10
Aug
2015

Security Tips All 67 Million Windows 10 Users Should Know

by Bill

Windows 10Windows 10 is quickly becoming one of the most ubiquitous operating systems in computing history with 67 Million users and counting already. The OS has some privacy and user tracking functions that some security experts are concerned about and Wired Magazine recently did a feature article on the important settings changes all Windows 10 users ought to consider making immediately.

Hit Start, find Settings and then click Privacy. From the Privacy menu you can control the way your computer uses information from your location, microphone, camera, etc. You can also choose to set the Feedback & Diagnostics system to “never” and the Diagnostic and Usage Data to “basic.” Doing this will helps prevent Microsoft from gathering some information about you, though it is not yet entirely clear exactly which information is saved or discarded.

The Edge web browser included in Windows 10 sends your entire Internet browsing history to Microsoft. This is done to “help Cortana personalize your experience” according to Microsoft. To disable this feature: click on the ellipsis button in the top right corner of Edge, then go to Settings > Advanced Settings > View Advanced Settings, and in the Privacy and Services section turn off Have Cortana Assist Me in Microsoft Edge.

Another potential privacy trap is that Windows 10 prompts you by default to create a Microsoft Account. By opting not to create an account you can keep your activity and information local on your computer. Having an account creates a constant link for Microsoft to use while piecing your metadata together as it gathers it all back to assemble an image of your digital identity.

As operating systems and other software become increasingly complex and intrusive, many users are willing to give up a great deal of privacy for the many conveniences that these new services enable. Whether you choose to be open or closed to those services is all up to you, but Microsoft and others should definitely do a much better job of ensuring that the choices you make are fully informed decisions rather than breeze-through accidental or unknowing checkbox clicks that many consumers hardly notice along the way during installations or upgrades.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
30
Jul
2015

Hubris Doesn’t Make You Immune From Being Hacked

by Bill

National Net works diligently day and night to provide our collocation and dedicated server clients with the highest level of data security possible. We upgrade hardware, update software, follow industry best practices and uses more than a decade of experience to build what we believe is the most secure environment our clients can get anywhere online. However, it is vitally important to avoid resting on your laurels or allowing hubris to creep in, because doing so is often the precursor to being hacked.

Some mistakenly believe that a system can be built in a completely hack-proof way. Time and again, even the largest and most significant data stores have proven to be hackable by third-party programmers wearing either white or black hats. Recently the federal government suffered one of the most severe data losses in history, which may have included information about active US spies and covert resources. The result was that OPM Director Katherine Archuleta resigned since it happened on her watch, but that won’t make their system any more impervious to cyber-assault.

Home Depot, Target, Banks and too many other brands to mention have had credit card data stolen or other information illegally accessed by external hackers at some point in their history. Most recently, LifeLock (a company whose entire brand is built on the notion that they can secure personal information from theft) has become the target of a 2nd set of FTC allegations after paying millions of dollars in a settlement from their first go-round with Federal Trade Commission overseers.

The lesson to take from this is simple. Your data is only safe until it is not safe any longer. As a top tier hosting company we take thousands of steps each day to secure data to the limit of human and machine capability. Smart site owners also maintain backups, monitor their digital properties daily and take additional precautions when possible to keep their data safe.  There is always more to do, and always more than can be done. However, if you ever here an IT guy tell you that he can keep your 100% safe absolutely guaranteed, it’s important to remember he is either speaking from a prideful point of view or an inexperienced one.

Sensitive data should only be stored online in the most minimal way possible. Software patches and security updates should be carried out immediately. While it may feel good to sit back, relax and pretend you areunhackable, it feels even better to remain vigilant and actually not be hacked.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
21
Jul
2015

Keybase May Offer Real Cloud File Encryption With Casual User Simplicity

by Bill

Among the vast majority of Internet users, the most common way to distribute files is via email attachments. A method that is well-known for being among the simplest for nefarious third parties to hack, or for government agencies to sniff. A growing segment of the population has started using file dump services like Dropbox to handle larger files, due to their simplicity and ease of use. Now, Keybase, a company created by OK Cupid founders Chris Coyne and Max Krohn is making a serious attempt to offer a Dropbox alternative that includes built-in file encryption for every file and user the system handles.

Backed by $10.8 million in VC funding that was led by esteemed tech financiers Andreessen Horowitz, Keybase focuses on public-key encryption and seeks to solve the problem of finding the public key for someone you want to send a message to by utilizing social media and other external authentication methods including a central repository of public keys.

“[Encryption] shouldn’t be something only a hacker can do,” said Krohn in a recent interview. “It should be something that anyone using a workstation in their daily lives should be able to use effectively. You shouldn’t have to understand crypto in order to use these products.”

The Keybase plan provides end to end encryption, meaning that there would not be an entry point for sniffers or hackers, and the company’s software will invisibly encrypt all the data you store in it so even Keybase won’t be able to read it. That is a crucial part of any encryption method in a post Patriot Act world, because any company that can access your data can also be compelled to provide access to that data for any number of government snoops as well.

Keybase intends to use the well-respected open source encryption system NaCl and welcomes audits by software security firms that intend to find and notify the public of any potential risks or backdoors, and Keybase is not alone in this endeavor. Others including Boxcryptor and SpiderOak aim to offer their own versions of cloud-encrypted file sharing services for the ordinary consumer.

The one remaining question is whether or not Keybase can simplify the process down to a level comparable to attaching a file to an email. Consumers have already shown time and again that they value their convenience more than their security, often even when confronted with the dangers of doing things the ‘easy’ way – now it falls on the shoulders of tech startups to make being secure just as convenient as the outdated methods of data transfer billions of people have already become accustomed to using.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
15
Jul
2015

Real Cyber-Security Requires A Calm Properly Measured Approach

by Bill


Today there distinct failures of major computer systems set off an unduly large number of alarm bells because of opportunists and conspiracy theorists who tried to use the glitches as a rallying cry for unrelated causes.

For many outside the IT world it may have gone somewhat unnoticed that three major system failures happened today within the span of a few hours. The entire United Airlines flight schedule was grounded, the New York Stock Exchange temporarily halted all trading, and the Wall Street Journal website was down for a significant part of the day.

While these outages are undoubtedly a source of considerable inconvenience, and may even result in significant monetary losses by entities involved in each – there was no evidence, and continues to be no evidence, that they were interrelated or caused by cyberattacks of any kind.

Still, Senator Bill Nelson [D-FL] took to his Twitter account to suggest prematurely that the incidents might be some kind of ‘attack’ and used that self-initiated viewpoint as grounds to promote a Cyber-security bill that many have IT experts agree remains seriously flawed.

In fact, United Airlines has said the problem was “an automation issue”,  The New York Stock Exchange tweeted that it halted trading due to an internal technical issue that “is not the result of a cyberattack” and zero evidence has surfaced about any possible coordinated cyber-attack or other cause for alarm.

During service interruptions and periods of technological frustration, it is essential to remain calm – to identify real causes of any outage and to find solutions that remedy the matter quickly while also putting safeguards in place to prevent any recurrence of downtime. As a leader in collocation and fully managed hosting services, NationalNet understands and appreciates all the hard work these three IT teams did while restoring service and asks everyone, Senators and citizens alike, to refrain from engaging in hyperbole or conjecture during moments of uncertainty when answers need to be the focus and guesses or accusations should be set aside entirely.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
NationalNet, Inc., Internet - Web Hosting, Marietta, GA
Apache Linux MySQL Cisco CPanel Intel Wowza