Tag Archives: PC World

Kenneth Cole Steps In It

Kenneth Cole twitter

Kenneth Cole PR twitter

Katherine Noyes at PC World:

For all those who needed an illustration of how a business shouldn’t use Twitter, Kenneth Cole kindly provided it this week by using the current unrest in Egypt as a promotional tool.

“Millions are in uproar in #Cairo,” read the original tweet from Thursday morning. “Rumor is they heard our new spring collection is now available online at http://bit.ly/KCairo.”

Widespread uproar was the result, all right, but not as a result of any spring collection. Such was the magnitude of the outcry at Cole’s insensitivity, in fact, that the company hastily removed the tweet that same day and issued two retractions instead.

“Re Egypt tweet: we weren’t intending to make light of a serious situation,” read the first. “We understand the sensitivity of this historic moment -KC”

A second, posted on Facebook soon afterward, read as follows:

“I apologize to everyone who was offended by my insensitive tweet about the situation in Egypt. I’ve dedicated my life to raising awareness about serious social issues, and in hindsight my attempt at humor regarding a nation liberating themselves against oppression was poorly timed and absolutely inappropriate.”

Erik Hayden at The Atlantic:

And a snapshot of reactions:

  • The Next Web – “Oh dear, we thought that big brands might have learnt that hijacking hashtags isn’t a good idea”
  • Advertising Age – “Kenneth Cole and others in the media and marketing industries not only suffer from a lack of tact, they suffer from a lack of historical knowledge and the ability to grasp that the situation in Egypt could get a hell of lot uglier than it is even at this moment.”
  • Styleite – “Apparently Kenneth Cole knows there’s nothing like a violent political revolution to boost sales!”

Brenna Ehrlich at Mashable:

Cole made a similarly indelicate statement in the past; following 9/11, he told the New York Daily News: “Important moments like this are a time to reflect… To remind us, sometimes, that it’s not only important what you wear, but it’s also important to be aware.”

The Twitterverse, unsurprisingly, is not happy with Cole’s 140-character missive. A fake account — @KennethColePR, à la @BPGlobalPR — has even cropped up, mocking the designer with such tweets as: “Our new slingback pumps would make Anne Frank come out of hiding! #KennethColeTweets.”

Amy Odell at New York Magazine:

Since the Tweet caused mass offense around the Internet, a Kenneth Cole parody account @KennethColePR emerged. Its tweets include, “‘People from New Orleans are flooding into Kenneth Cole stores!’ #KennethColeTweets.” Also: “People of Haiti, fall into our store for earth-shattering savings! #KennethColeTweets.” Not to be outdone by: “Hey, Pope Benedict – there’s no way to fondle our spring shoes inappropriately! #KennethColeTweets.”An hour ago, the pranksters got serious, tweeting that they would turn over the fake account to the brand if they made a donation to Amnesty International or another charitable organization. And still, a quick scan of the Kenneth Cole Facebook wall reveals a lot of people thought that Cairo tweet was funny anyway.

Adam Clark Estes in Salon:

Oh, Kenneth.

Unspoken rule No. 1: Don’t make jokes about tragedies. You’ve donethis sort of thingbefore — mixing up bad puns and profundity. It’s oh-so-tempting to try to make light of grim situations, sad stories and global traumas. Don’t try to make it funny. That’s what comedians are for. Kenneth Cole is a fashion designer known for sharp-looking dress shoes, not sharp wit.

Unspoken rule No. 2: Don’t make marketing gimmicks out of tragedies. This is just like rule No. 1 but more directed at Kenneth Cole. When the world’s attention is fixated on one event, sometimes it’s not the best idea to jump up and down with the “Look at me!” routine. The unrest in Egypt isn’t the Super Bowl. It’s a troubling story with historical implications. Nobody wants to hear about your spring slacks.

Chris Morran at The Consumerist:

When you think of Kenneth Cole, you probably don’t associate the apparel brand with edgy, topical humor. And you probably won’t ever again, after the company stuck its shiny leather shoe in its mouth with a Tweet referencing the current political upheaval in Egypt.

Advertisements

Leave a comment

Filed under Fashion, Middle East, New Media

To Do List: Christmas Shopping, Shovel Snow, Change Gawker Password

Gawker:

Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords.

We’re deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us. For tips on creating strong passwords, see this post on Lifehacker.

Matt Brian at The Next Web:

As we reported earlier, it appeared that the Gawker Media organization’s social media accounts (namely Twitter) had been compromised. While Twitter specifically appears to have been fixed, there’s more to the story. We have been in touch, personally, with the a member of the party responsible for the attack and it appears that the compromised information goes far beyond just a simple Twitter account.

From the information we have been provided, it appears that some of the base infrastructure of the Gawker Media organization has landed in the hands of people completely unrelated to the site or business itself. Though we were initially under the impression that it was the 4chan-founded group of Anonymous we have since been told, via email, that the responsible party has no affiliation with Anonymous or others. In fact, here’s what we’ve seen, in whole:

It has come to our attention that you are reporting about gawker.com being hacked by Anonymous and Operation payback in the war against the wikileaks drama that is currently taking place. While we feel for Wikileaks plight, and encourage everyone to donate and mirror the site, we are not related to Operation Payback or engaged in their activities. We have compromised all their email accounts and databases, and a significant portion of the passwords have been unhashed into plaintext.

To prove the validity of our claims, here is a sample of the database: [redacted]

While we were, of course, skeptical of the information the claims were potentially huge. That said, we did ask for proof and proof was provided via screenshots of information that would typically only be available to a site administrator or owner. For example, here is a screenshot from the Campfire chat program that Gawker uses to communicate in real-time:

Interestingly, it appears that while 4chan wasn’t responsible for the breach of security, the data did end up on the site as evidenced by a later Campfire screenshot below:

Leslie Horn at PC World:

The database is home to about 1.5 million usernames, emails, and passwords. Gawker originally denied that there had been a breach.

“No evidence to suggest any Gawker Media’s user accounts were compromised, and passwords encrypted anyway,” tweeted Gawker editorial directer Scott Kidder.

However, Kidder eventually confirmed the hack.

Colby Hall at Mediaite:

Over the last 24 hours Gawker Media’s network of sites have been under attack from a group who have identified themselves “Gnosis,” a seemingly mysterious collective of hackers who has been falsely considered part of the 4chan-related group of renegade vigilantes knows as Anonymous. Via several private email exchanges with Mediaite, an individual claiming to represent “Gnosis” has explained both the reasoning and methodology of his actions, which has led to a compromised commenter database and a content management system.First and foremost, it appears that new Gawker Media passwords are secure, not available to the individual claiming responsibility for the security breach, at least according to Gnosis. As Mediaite reported earlier, when asked why Gawker was being subjected to a cyber-attack, Gnosis cited “arrogance” from management and staff with regard to the hacker community:

We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database.

We found an interesting quote in their Campfire logs:

Hamilton N.: Nick Denton Says Bring It On 4Chan, Right to My Home Address (After
The Jump)

Ryan T.: We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012

I mean if you say things like that, and attack sites like 4chan (Which we are not affiliated to) you must at least have the means to back yourself up. We considered what action we would take, and decided that the Gawkmedia “empire” needs to be brought down a peg or two. Our groups mission? We don’t have one.

We will be releasing the full source code dump along with the database at 9PM GMT today. You are the only outlet we have told the release time.

When asked about further explanation about the specific attacks, Gnosis explained:

We cannot provide any more information as to how the attack was carried out, because this could be used against us.

We have been cracking the database for about 17 hours and have managed to retrieve 273,789 passwords. If our release schedule wasn’t so tight we could get 500,000+. Included in the dump are passwords linked to accounts from Nasa, about every .gov domain you could imagine and hundreds from banks. One can only pray that they do not use the same password everywhere. The actual database size is 1,247,897 rows, which is 80+% of their database.

(Private data redacted)

We have had access to all of their emails for a long time as well as most of their infrastructure powering the site. Gawkmedia has possibly the worst security I have ever seen. It is scary how poor it is. Their servers run horribly outdated kernel versions, their site is filled with numerous exploitable code and their database is publicly accessible.

We will be releasing the full source code to their site as well as the full database dump later today or tomorrow, when we get enough press to stir up the release. We will also be releasing a text file describing Gawkers numerous security failings.

Regards,
~Gnosis

Adding later in a follow up email:

The database is for the media more than anything. Releasing the source code to a site is all very well and will cause a splash, but
only niche users will be interested in viewing it and sharing it, because the average joe won’t really care about Gawkers (rather
interesting) PHP framework. However if we release the source with 1,300,000 emails and with a portion of them cracked it will (We hope) cause a bigger stir.

On an interesting side note there are 2650 users in the database using the password “password” or “querty”. Of these users one is registered under a .gov email address, 3 are from a .mil addres and 52 are from .edu addresses.

Pascal-Emmanuel Gorby at Business Insider:

This is pretty embarrassing for them, as they’re usually the ones who expose and/or castigate others for security breaches. Gawker has often taunted 4chan, the online community which is often the source of hacking exploits (and has in the past attacked Gawker with denial of service attacks, which only make the site unusable for a little while). But the hacker responsible says he’s not connected to 4chan, or Operation Payback, the WikiLeaks-defending hackers, for that matter.

Gawker recommends changing the password you used to comment, and on any other sites where you used that password to register, as well as your email password.

The hacker says he took aim at Gawker for its “outright arrogance” — and, we would guess, because it’s a pretty good ploy for attention.

More Matt Brian at The Next Web

Leave a comment

Filed under New Media, Technology

Is Fox Mulder’s Life Work About To Get Vindicated?

Jason Kottke:

Here’s a curious press release from NASA:

NASA will hold a news conference at 2 p.m. EST on Thursday, Dec. 2, to discuss an astrobiology finding that will impact the search for evidence of extraterrestrial life. Astrobiology is the study of the origin, evolution, distribution and future of life in the universe.

I did a little research on the news conference participants and found:

1. Pamela Conrad (a geobiologist) was the primary author of a 2009 paper on geology and life on Mars

2. Felisa Wolfe-Simon (an oceanographer) has written extensively on photosynthesis using arsenic recently (she worked on the team mentioned in this article)

3. Steven Benner (a biologist) is on the “Titan Team” at the Jet Propulsion Laboratory; they’re looking at Titan (Saturn’s largest moon) as an early-Earth-like chemical environment. This is likely related to the Cassini mission.

4. James Elser (an ecologist) is involved with a NASA-funded astrobiology program called Follow the Elements, which emphasizes looking at the chemistry of environments where life evolves (and not just looking at water or carbon or oxygen).

So, if I had to guess at what NASA is going to reveal on Thursday, I’d say that they’ve discovered arsenic on Titan and maybe even detected chemical evidence of bacteria utilizing it for photosynthesis (by following the elements). Or something like that.

Vlad Savov at Engadget:

So NASA seems to have made some hot new astrobiology discovery, but just like the tech companies we’re more used to dealing with, it’s holding the saucy details under embargo until 2PM on Thursday. That’s when it’s got a press conference scheduled to discuss its findings, which we’re only told “will impact the search for evidence of extraterrestrial life.” It’s unlikely, therefore, that little green (or brown, or red, or blue) men have been captured somewhere on the dark side of the moon, but there’ll definitely be some impactful news coming within only a couple of days. NASA promises a live online stream of the event, which we’ll naturally be glued to come Thursday.

Alessondra Springmann at PCWorld:

What does that mean? Judging by the researchinterests of the scientistsinvolved in the upcoming announcement, our guess is that this astrobiological discovery will have something to do with water, evolutionary biology, and aquatic bacteria.

We’ll be covering the press conference and the discovery that’ll be announced on Thursday after 11AM PST (2PM EST), so keep an eye on GeekTech, or watch the press conference on NASA’s site. NASA will also show a video broadcast of the press conference to journalists at NASA Ames Research Center in Mountain View.

Until then, what do you think this discovery will be? Has extraterrestrial bacterial been discovered preserved in a meteorite? Have we seen evidence of life on a ocean-covered exoplanet?

Alasdair Wilkins at IO9:

Considering NASA’s claim that this will impact our search for alien life, I’d have to figure this has something to do with expanding the definition of “life as we know it”, suggesting more elements than we previously thought possible can be used as the raw materials for life. All this, of course, is just speculation – we’ll be listening in to the press conference on Thursday and have the news for you as it breaks.

Mike Wall at Space.com

Max Read at Gawker:

Of course, the announcement could be something totally different! Or, it could be that NASA has been contacted by a warlike race of space aliens and a certain-to-fail mission carried out by a ragtag bunch of scientists is our only hope of survival.

Phil Plait at Discover Magazine:

So what’s the press conference about? I don’t know, to be honest, beyond what’s in the announcement. The scientists on the panel are interesting, including noted astrobiologists and geologists who work on solar system objects like Mars and Titan. So this is most likely going to be something about conditions on another moon or planet conducive for life.

Of course, the speculation is that NASA will announce the discovery for life. Maybe. I can’t rule that out, but it seems really unlikely; I don’t think they would announce it in this way. It would’ve been under tighter wraps, or one thing. It’s more likely they’ve found a new way life can exist and that evidence for these conditions exists on other worlds. But without more info, I won’t speculate any farther than that.

As for the public reaction, well, we’ve seen this type of thing before. Just last June, JPL had a press release about a surprising lack of acetylene in Titan’s atmosphere, with the title “What Is Consuming Hydrogen & Acetylene on Titan?” That sparked vast speculation, and even though the press release was clear enough it was misleadingly reported as NASA finding signs of life on Titan. It got so silly that I wound up writing a post about it, and a NASA scientist went so far as to write an article to clear up the rumors of life on Titan.

I can’t really blame NASA, the press outlets, or the public about this. When scientists have newsworthy findings that are published in a journal, there may be a press conference about them. But some journals have embargoes; they don’t want the news released until the issue is published. Fair enough. So NASA schedules a press conference for the time the issue publishes, and sends out a notice to the press about it. I got just such an email for this one, for example. They have to say something in the email so the press can decide whether to cover it or not, and NASA doesn’t want give too much away. So they give some minimal line about findings that’ll have an impact on the search for life, and those of us who’ve dealt with it before know what that means.

But the public is naturally more inclined to interpret that line as NASA having found life, or at least solid evidence of it. That’s not surprising at all. But it can lead to “news letdown”, where the reality is something less than the speculation. And that leads to news fatigue, which is worse. If people keep expecting really exciting news and don’t get it, well, there you go.

I don’t want to blame anyone, but I do sometimes wish the press folks at NASA were more aware of what kind of cascade a line like that provokes (like the one from a few weeks ago which said it was about “an exceptional object in our cosmic neighborhood” but it turned out to be a supernova/black hole 50 million light years away). When announcements like these go public, it’s bound to be disappointing when the actual news gets out and it’s not a black hole right next door or actual life on Mars. And that’s too bad, because the news is usually pretty interesting and scientifically exciting. As soon as I got this latest announcement, my first flood of thoughts literally were: “Sounds like cool news/I bet there will be tons of over-the-top speculation/I hope people aren’t disappointed when the real news comes out/I wonder if I’ll have to make a post a couple of days before to cool off rumors?”

Leave a comment

Filed under Science

There Are No Happy Endings On Craigslist

David Murphy at PC World:

Craigslist was expected to have earned an estimated $36 million from advertising associated with its Adult Services section in 2010—at least, that was the case when we first reported the projections from Advanced Interactive Media in late April of this year.

You can now expect that number to drop significantly, as Craigslist has removed its Adult Services section for U.S. visitors. The move surely comes as a relief to the various entities that have been petitioning for Craigslist to shut down the section—including human rights groups and more than 17 attorneys general from states across the nation.

There’s no indication that Craigslist has removed its Adult Services section for good, however. Although links to the site are now eliminated when accessing the main Craigslist page from an IP addressed based in the United States, one can still pull up the page from other countries. There’s been no comment from any Craigslist spokespeople whatsoever—officially or otherwise—related to the matter.

Chris Matyszczyk at Cnet:

The section was originally entitled Erotic Services. Its name was changed to reflect a new discipline, as, under pressure from attorneys general, Craigslist declared it would manually screen every ad in its newly named Adult Services section.

It is arguable whether the content of this new section truly changed. Some would say it was adult business as usual.

(Credit: Screenshot: Chris Matyszczyk/CNET)

Recently, Craigslist founder Craig Newmark gave a troubling if spontaneous interview to CNN, in which he seemed unable to answer questions about whether the site was facilitating child prostitution. Then, instead of answering the specific charges, Craigslist CEO Jim Buckmaster took to the company’s blog to assail the CNN reporter’s methods.

Evan Hansen at Wired:

Craigslist has made numerous changes to its sex listings over the years to accommodate critics, changing its sex listings label from “erotic services” to “adult services,” imposing rules about the types of ads that can appear, and manually filtering ads using attorneys. But it has also fiercely defended its overall practices as ethical, and criticized censorship as a useless and hypocritical dodge.

When Craigslist was hit with a lawsuit by South Carolina Attorney General Henry McMaster in 2009, it struck back with a preemptive lawsuit of its own and won. In a blog post last month, Craigslist CEO Jim Buckmaster explained the company’s filtering policies in detail, pointing out its lawyers had rejected some 700,000 inappropriate ads to date, and suggested its methods could offer a model for the entire industry. He has also used the company’s blog to blast critics, most recently an “ambush” CNN video interview of Craigslist founder Craig Newmark.

Craiglist has a point: Given other sites on the web (and in print) serve the same types of ads without the same level of scrutiny, it seems politicians are making the pioneering, 15-year-old service an opportunistic scapegoat. Internet services may accelerate and exacerbate some social problems like prostitution, but they rarely cause them. The root of these issues — and their solutions — lie in the realm of public policy, not web sites and ham-handed web site filtering.

Frances Martel at Mediaite

Michael Arrington at TechCrunch:

Craigslist has fought back using little more than their blog and logic. And they’re right. Having prostitution up front and regulated, as Craigslist does, means less crime is associated with it. It’s not like prostitution, sometimes called the world’s oldest profession, was invented on the site.

The fact that eBay and others do exactly the same thing, but without human review and moderation, doesn’t seem to matter. Craigslist Sex is what scares the general population, and it’s what the press and the politicians will continue to use to get their hits and votes.

So the Craigslist Adult Section was removed. Is the world now a safer place?

Update: This only appears to affect U.S. sites, so if you’re looking for a happy ending in Saskatoon or the West Bank, have at it.

Mistermix:

After a few months of getting shit from AGs looking to make a name for themselves, Craigslist has replaced its adult services ads with a “Censored” bar.

Until they gave up, Craigslist was the only big site hosting adult ads that made a good-faith effort to keep exploitation out of their site. eBay owned a site that also posted erotic ads, made no effort to police it, and they simply blocked access from the US when the site was criticized.

Perhaps we’ll have an honest conversation about ending the prohibition of prostitution in a few more years, but this episode shows that we’re nowhere near ready to have it now.

Leave a comment

Filed under Families, Technology

Verizon And Google Sitting In A Tree, Killing Net Neutrality

Edward Wyatt at NYT:

Google and Verizon, two leading players in Internet service and content, are nearing an agreement that could allow Verizon to speed some online content to Internet users more quickly if the content’s creators are willing to pay for the privilege.

The charges could be paid by companies, like YouTube, owned by Google, for example, to Verizon, one of the nation’s leading Internet service providers, to ensure that its content received priority as it made its way to consumers. The agreement could eventually lead to higher charges for Internet users.

Such an agreement could overthrow a once-sacred tenet of Internet policy known as net neutrality, in which no form of content is favored over another. In its place, consumers could soon see a new, tiered system, which, like cable television, imposes higher costs for premium levels of service.

Any agreement between Verizon and Google could also upend the efforts of the Federal Communications Commission to assert its authority over broadband service, which was severely restricted by a federal appeals court decision in April.

Jared Newman at PC World:

If Google and Verizon really are conspiring to kill Net neutrality, as several reports suggest, both companies would bruise their reputations in the process.

Word of a deal or near-complete negotiations between Google and Verizon appeared in the Washington Post, the New York Times, Politico and Bloomberg, each publication citing anonymous sources. The stories all present slightly different versions of the facts, but they generally agree that Net neutrality — the idea that all Internet traffic is treated equally — would erode.

The New York Times’ version is the most terrifying, claiming that Internet companies, such as Google, would be able to pay a fee to Verizon for faster delivery speeds on services like YouTube. If Verizon extended these kinds of deals to other companies, consumers could choose to pay more for these faster services in a premium package, says the Times.

All the reports note that the agreement wouldn’t apply to mobile phones, meaning Verizon would be able to manage traffic as it pleases, with no intervention from Google.

A deal like this would put Google’s reputation on the line. In the past, the company has defended the idea of an equal-access Internet, and in 2006 Google chief executive Eric Schmidt slammed “phone and cable monopolies” who “want the power to choose who gets access to high-speed lanes and whose content gets seen first and fastest.”

Comments like those give the impression that Google’s commercial interests were secondary to preserving a level playing field for all Internet companies. The supposed deal between Google and Verizon would jeopardize that impression if it allowed Google to pay extra for faster delivery.

Josh Silver at Huffington Post:

The deal marks the beginning of the end of the Internet as you know it. Since its beginnings, the Net was a level playing field that allowed all content to move at the same speed, whether it’s ABC News or your uncle’s video blog. That’s all about to change, and the result couldn’t be more bleak for the future of the Internet, for television, radio and independent voices.

How did this happen? We have a Federal Communications Commission that has been denied authority by the courts to police the activities of Internet service providers like Verizon and Comcast. All because of a bad decision by the Bush-era FCC. We have a pro-industry FCC Chairman who is terrified of making a decision, conducting back room dealmaking, and willing to sit on his hands rather than reassert his agency’s authority. We have a president who promised to “take a back seat to no one on Net Neutrality” yet remains silent. We have a congress that is nearly completely captured by industry. Yes, more than half of the US congress will do pretty much whatever the phone and cable companies ask them to. Add the clout of Google, and you have near-complete control of Capitol Hill.

A non-neutral Internet means that companies like AT&T, Comcast, Verizon and Google can turn the Net into cable TV and pick winners and losers online. A problem just for Internet geeks? You wish. All video, radio, phone and other services will soon be delivered through an Internet connection. Ending Net Neutrality would end the revolutionary potential that any website can act as a television or radio network. It would spell the end of our opportunity to wrest access and distribution of media content away from the handful of massive media corporations that currently control the television and radio dial.

So the Google-Verizon deal can be summed up as this: “FCC, you have no authority over us and you’re not going to do anything about it. Congress, we own you, and we’ll get whatever legislation we want. And American people, you can’t stop us.

Jason Kincaid at Tech Crunch:

Yesterday, the New York Times published a story that detailed an agreement in the works between Verizon and Google that would effectively kill off net neutrality by allowing “Verizon to speed some online content to Internet users more quickly if the content’s creators are willing to pay for the privilege”. The news sparked outrage in the tech community, because Google has a long history of advocating net neutrality. Now both Google and Verizon are coming out to claim that the New York Times story is incorrect.A report in The Guardian cites a Google spokesperson as saying ” “The New York Times is quite simply wrong. We have not had any conversations with Verizon about paying for carriage of Google traffic. We remain as committed as we always have been to an open internet.”

Verizon’s policy blog has posted a statement as well:

“The NYT article regarding conversations between Google and Verizon is mistaken. It fundamentally misunderstands our purpose. As we said in our earlier FCC filing, our goal is an Internet policy framework that ensures openness and accountability, and incorporates specific FCC authority, while maintaining investment and innovation. To suggest this is a business arrangement between our companies is entirely incorrect.”

Google’s own public policy blog doesn’t have anything on the story yet, but its Twitter account did comment on the matter:

“@NYTimes is wrong. We’ve not had any convos with VZN about paying for carriage of our traffic. We remain committed to an open internet.”

Obviously Verizon and Google are talking to each other about how best to deal with the backlash, and Google is making it clear that it’s still an ardent supporter of net neutrality. Still, it’s a bit odd that it took so long for Google to respond to this in any way (the NYT article came out last night, and literally dozens of stories were written about it before Google tweeted about it).

Daniel Indiviglio at The Atlantic:

Today we learned that Verizon and Google were near a deal to slaughter the principle of Internet neutrality in its sleep. Shortly thereafter, however, they denied that they are planning to inflict any harm on the maxim that the Internet should be an egalitarian utopia. While it’s possible that Google will try to hold onto this philosophical ideal, it’s rather likely practicality will eventually gnaw away at their willpower and force them and others to cut deals with Internet service providers (ISPs) like Verizon. If you combine this with several other ways the world is evolving, you quickly see that ISPs will eventually take over the world, or at least be one of the biggest forces in the economy.

Net Neutrality Is Bound to Fail

Net neutrality has already been alluded to. This is a complex topic that can’t possibly be fully explored here, but net neutrality won’t likely endure. It’s simply impractical. ISPs have legitimate reasons, beyond squeezing more profit out of customers, for wanting to be able to discriminate on pricing. When they eventually do break through the current barriers that exist, their pricing power will be incredible. Eventually most Internet-driven revenue will have to pass through the hands of the ISPs, who will eagerly take a cut.

John Hudson at The Atlantic with a round-up

Rosa Golijan at Gizmodo:

Of course, even if Verizon and Google come to such an odd agreement, they’ll still have to deal with the FCC before anything can happen, so let’s not panic just yet.

UPDATE: Alan Davidson and Tom Tauke at The Google Blog

David Dayen at Firedoglake

Stacey Higginbotham at Gigaom

Erick Schonfeld at TechCrunch

UPDATE #2: Kevin Drum

David Post

1 Comment

Filed under New Media, Technology

Gawker And Apple, Yet Again

Ryan Tate at Gawker:

Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking.

The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel’s information was compromised.

It doesn’t stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed. We contacted Apple for comment but have yet to hear back. We also reached out to AT&T for comment. [Update: AT&T has confirmed the breach and the FBI has opened an investigation. Updates below.] A call to Rahm Emanuel’s office at the White House has not been returned.

Taylor Buley at Forbes:

Gawker contributor Ryan Tate set the Web ablaze on Wednesday with a blog post detailing the alleged breach of 114,000 iPad users’ email addresses. The post named names: among them, executives at News Corp, The New York Times Company and Dow Jones.

According to “Weev,” a well known Internet “activist” who we likened to Shakespeare’s Puck after a baffling Amazon.com security incident last year, the “Goatse” security group alerted various members of the mainstream press via email before granting Gawker’s Tate an exclusive on the data.

“i disclosed this to other press organizations first (ones who had ipad users affected by the breach, lol) and was ignored,” writes Weev in an email. “gawker found out and ran with it immediately.”

To prove it, Weev sent Forbes copies of emails sent to press at Reuters, News Corp, The Washington Post and The San Francisco Chronicle. The veracity of the emails has not been confirmed, but each has a timestamp dating back to Sunday night.

[…]

Asked if Gawker paid for the scoop, Weev said the publication did not provide remuneration. “we did a benefit analysis and decided they could take our story viral the fastest,” he writes in an email.

Hello Reuters!

An information leak on AT&T’s network allows severe privacy violations to iPad 3G users. Your iPad’s unique network identifiers were pulled straight out of AT&T’s database.

Every GSM device (including 3G iPads), has an ICC-ID on its SIM card. This ICC-ID is a unique identifier to the cellular network that is used by the carrier to route calls to your cellphone. If this ICC-ID is compromised an attacker could theoretically (thanks to recent cryptanalysis that cracked GSM’s hash and stream functions) clone your SIM card to act as you on the AT&T network.

Devin, the iPad you registered to your email has the ICC-ID of 8901xxxxxxxxxxxxxx94.
Shannon, yours is 8901xxxxxxxxxxxxxx73.
James, yours is 8901xxxxxxxxxxxxxx74.
Carl, yours is 8901xxxxxxxxxxxxxx72.
David, yours is 8901xxxxxxxxxxxxxx71.
Neil, yours is 8901xxxxxxxxxxxxxx05.
Rob, yours is 8901xxxxxxxxxxxxxx03.
Joseph, yours is 8901xxxxxxxxxxxxxx11.
Mike, yours is 8901xxxxxxxxxxxxxx57.

You can locate your ICC-ID number of your iPad and verify this information by using the following item from Apple’s FAQ:
http://support.apple.com/kb/HT4061
There is nothing in Apple’s SDK APIs that would allow an application to have this identifier– it is a shared secret that should indicate physical proximity to the iPad. In addition, by harvesting ICC-IDs, an attacker can build a complete list of contact information for all iPad 3G customers. All these Thomson Reuters employees were revealed in a short data harvest by my working group along with hundreds of thousands of other iPad 3G customers.

If anyone in your organization would like to discuss this particular issue for publication I would be absolutely happy to describe the method of theft in more detail.

Have a good evening.

John Hudson at The Atlantic

David Coldewey at Crunch Gear:

he hackers, a group known as Goatse Security (I’ll let you work out the reasoning for the name yourself), organized a brute-force attack in which they pummeled a public AT&T script with semirandom ICC-ID numbers, which would return nothing if invalid but an email address if valid. A few hours later, they had the ICC-IDs and email addresses of everyone from Michael Bloomberg and Diane Sawyer to a Mr. Eldredge, who commands a fleet of B-1 bombers.As is occasionally the case with grey-hat hacker actions like this, the hack seems to have been executed first and AT&T notified shortly afterward — though not before an unknown number of third parties had access to the script. AT&T closed the hole immediately (it was as simple as turning off the script), and apologized as follows:

AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.

This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.

The person or group who discovered this gap did not contact AT&T.

We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.

We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.

Impacted. Like wisdom teeth. Why not “affected?” Anyway, I notice they say they were not contacted by the group but by some business customer. The timing isn’t clear from the Gawker article, but I wonder if there’s a little more to this than anyone cares to admit. Groups like Goatse often warn their targets beforehand, but it seems like one or the other would have mentioned that if it happened. You’d think a company as exposed as AT&T would have bells on its scripts that would ring if suddenly requests increased by 1000%, but practices like that are perhaps too much to be expected.

Jason O’Grady at ZDNet:

Even worse is the potential security threat this could expose to members of the military that adopted the iPad. On the list are several devices registered to the domain of DARPA, the advanced research division of the Department of Defense, including William Eldredge, who “commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force.”

Um, yeah. It’s that bad.

Media moguls and celebrities are one thing, but I’m guessing that the government and military users are taking this one pretty seriously too.I’m guessing that Al Qaeda would pay big bucks to have access to Eldridge’s iPad 3G?

According to data furnished to Gawker by the Web security group that exploited vulnerabilities on the AT&T network at least 114,000 user accounts have been compromised, although it’s possible that confidential information about every U.S. iPad 3G owner in the U.S. has been exposed.

Tony Bradley at PC World:

In truth, there was nothing elite (or ‘l33t’ in hacker speak) about the iPad 3G data leak. In fact, according to an interview on CBS News by Larry Magid with Goatse Security analyst Jim Jeffers, the security researchers more or less stumbled upon the authentication glitch. Jeffers said the exploit “was almost discovered by accident. One of our employees is an iPad 3G subscriber, and he noticed it in the process of the normal user experience of this device. It was something he just noticed as he was using it.”

Sort of like how finding and taking a car with the driver’s door open, keys in the ignition, and engine on does not make one an elite car thief. The lesson for IT administrators is to be more vigilant about closing these holes and making sure that the car door isn’t open, with the keys in the ignition, and the engine on–especially for Web-facing servers.

There is an entire genre of hacking dedicated to finding sensitive or confidential data inadvertently exposed to the Web. The book Google Hacking by Johnny Long, and the accompanying online Google Hacking Database, list hundreds of search queries that can be used to ferret out juicy information not meant for public consumption. It is actually not unique to Google. It should be called “Web search hacking”, but Google is essentially synonymous with Web search and “Google hacking” has a better ring to it.

George Kurtz, McAfee CTO and proud owner of not one, but two iPads, provides a detailed analysis of the iPad 3G data leak in which he ponders, “why is there such a dust storm over the recent AT&T/Apple iPad disclosure of 114,000 iPad owners and is it warranted?”

Kara Swisher at All Things Digital:

Now the Federal Bureau of Investigation is looking into the AT&T breach, according to an article in The Wall Street Journal, in what seems to be an early probe.

Oooh, the Feds are involved now.

I wish I could say it will make a difference. Because it won’t.

In fact, coming on the heels of privacy controversies at Facebook and Google (GOOG), it’s just another log on the digital fire that has been burning up privacy for a very long time now.

And now more than ever, it is part of a massive confluence of trends, including:

Consumers more interested than ever in sharing information about themselves in order to make ever better social networking connections online; a plethora of innovative devices–mostly mobile–and Internet tools available to seamlessly and easily allow those consumers to do so; and, perhaps most of all, Internet companies intent on hoovering up as much information as possible, in order to garner more consumers and sell it to advertisers.

In large part, this is all well and good, creating a range of valuable and entertaining services at little or no cost and making the computing experience more personal and relevant.

Because of that, I have to admit I was less tweaked than I thought I would be, although I wish I were not.

New York City Mayor Michael Bloomberg, whose email was also compromised, expressed the feeling best.

“It shouldn’t be pretty hard to figure out my email address,” he was quoted saying in the Journal article. “To me, it wasn’t that big a deal.”

That’s because all of us are thinking less that such information is private or will remain that way for long.

Leave a comment

Filed under Technology

Broadband Across America

Grant Gross at PC World:

The U.S. Federal Communications Commission will seek to take back 120MHz of spectrum from U.S. television stations in the next five years and reallocate it to wireless broadband providers in a voluntary program that would allow the stations to share or keep spectrum auction revenues, under a national broadband plan that will be officially released Tuesday.

The FCC would seek approval from Congress to conduct “incentive auctions” of unused spectrum, including TV spectrum, and the agency could either act as a third-party auctioneer of the spectrum or share the auction proceeds with the sellers, according to the broadband plan, which the FCC released to reporters Monday.

The TV spectrum auctions are part of a goal to free up 500MHz of spectrum for wireless broadband over the next decade, one of the major goals of the 400-page broadband plan. If, however, the FCC doesn’t get enough volunteers to free up spectrum, it will look for other ways to take back the spectrum, but FCC officials said Monday they expect to get enough TV stations to give up their extra spectrum in exchange for auction proceeds.

Ryan Singel at Wired:

The FCC is set to share the nation’s first official broadband plan with Congress Tuesday, a sort of Declaration of the Internet which seeks to ensure that a fast broadband connection is just as much an unalienable right as life, liberty and the pursuit of happiness.

That’s pretty ambitious, but the FCC is as unambiguous about its intentions as the Colonists were about throwing off the yoke another form of oppression. For example, goal number three states that “Every American should have affordable access to robust broadband service, and the means and skills to subscribe if they so choose.”

Still the plan, put together by the FCC after months of hearings and public comment periods, turns out, in details, to be pragmatic and reformist, rather than revolutionary. That is, at least according to a summary (.pdf) released Monday.

The FCC is calling for more competition among broadband providers, more spectrum for wireless data services, subsidies for rural and poor citizens, and education for the digitally challenged. There’s a little bit for every constituency, from those who worry most about the digital divide to those who see a future where all health records are digital and networked.

There’s not much for those who dreamed of a drastic call for an all-fiber network to be built and subsidized by the government. There is, in fact, no government building of public networks at all. Nor is there much in the way of support for municipalities and states.

And for those itching for a confrontation between users and the big telecoms, the plan will disappoint since it steers clear of controversial topics such whether the wireless industry has to follow the same open requirements now applied to DSL and cable companies, and whether those who own the infrastructure connecting people to the net have to rent their lines to competing services at a fair price.

Though we don’t have full details of the plan yet, the insight we gain from the executive summary shows that Washington may have finally reached a “we get it” moment when it comes to technology. Broadband access isn’t just about rural America checking out YouTube videos. This is also about creating the broadband infrastructure that can drive future innovation on the homefront, update public safety, education, health care and energy to improve efficiency and grow jobs by fueling competition.

And it’s also not a policy that can be set in stone. Ten years seems like an eternity in Internet years, but it’s smart for the government to look at a long-term plan. There’s no way such ambitious goals can be rolled out in a year or two, There are a lot of moving parts and if the timeline – which we should see next – is a good one, hopefully some short-term advancements will offer a peek of what’s still to come.

Nancy Scola at Tapped:

The absence of creative thinking in this new plan is particularly worrisome because the small crew within the FCC that produced it had the chance to stir passions about what our broadband future might look like. The National Broadband Plan isn’t a set of regulations. It’s not a piece of legislation. It was meant to be an aspirational plan, but it’s not that aspirational. Blair Levin, the seemingly autonomous point-person appointed by Chairman Genachowski, talks about the FCC like Alaskans talk about the United States. It’s not clear if recommendations in the plan made to the FCC will actually be regulations made by the FCC. In other words, is the FCC prepared to actually enact the policies, like form new public-private partnerships or re-purpose the Universal Service Fund from telephones to broadband? I was told the FCC commissioners — the people with the power to turn the plan into action — had seen the report as early as a full month ago and had access to the broadband team’s staff.

Nicholas Deleon at Crunch Gear:

Up until a moment ago, this was going to be a standard “newsy” post: the FCC will announce its National Broadband Plan on Tuesday, here’s what it’s all about. Then I read the comments of a PC World article discussing that very same plan—many people are outraged that the government would muscle its way into the free market! If Americans wanted fast broadband then the market would provide it on its own terms. That, of course, is complete nonsense: plenty of Americans live in one-ISP towns, and if said ISP provides terrible service, well, though cookies, chico. This is America! Love it or leave it~!

And really, the FCC isn’t doing anything particularly controversial, at least I don’t think it’s controversial. All it’s doing is saying, by 2020, we’d like to see 100 million homes (out of an estimated 130 million homes come 2020) have access to broadband with speeds of up to 100 mbps. Some people already have access to that type of Internet connection, myself included. Other ISPs, including universally loathed Comcast, plans to roll out 100 mbps service in the coming months. So it’s not like the FCC is making some sort of unreasonable demand: the market has already decided that it’s worth its while to deploy 100 mbps service all over the country. A cynic might say that the FCC knows this, that 100 mbps service is closer than you might otherwise think, and is merely latching itself onto the ISPs so that it can be all, “See, FCC = leadership.” But don’t be cynical, don’t hold grudges: while you’re holding a grudge, the other guy is dancing.

I don’t know, I suppose it makes sense to get into this a bit more when the FCC actually makes the Plan public on Tuesday. But for now, all I have to say is: chill out. Not everything the government announces is tantamount to quartering British soldiers in your house without permission. I suppose I’m talking to people right now who actually believe, and understand, that a wired country is truly in the best interests of everyone.

So on Tuesday, Grant Gross at PC World:

The U.S. Federal Communications Commission officially released the country’s first national broadband plan Tuesday, and one of its major goals is to bring broadband service to all U.S. residents.

The FCC meeting Tuesday was a bit anticlimactic, because commission officials had conducted briefings on the major proposals in the 360-page plan in recent weeks. The FCC on Tuesday voted unanimously to approve a two-page joint statement on broadband, but did not vote on the broadband plan in its entirety.

The approximately 200 recommendations in the broadband plan will need to be approved separately, FCC officials said. The agency is planning a series of about 40 notices of proposed rulemaking (NPRMs) in coming months, and some recommendations in the plan will need action from the U.S. Congress. The FCC also makes a series of recommendations to other U.S. government agencies.

Jared Newman at PC World:

The actual implementation of the plan could change lawmakers get their hands on it, but here’s an early look at who gains and who loses from the national broadband plan:

Winner: 100 Million Patient Homes, Plus Communities

One major long-term goal of the plan is to provide 100 million homes with 100 Mbps broadband, and to install 1 Gbps broadband at community sites such as schools and government buildings, all by 2020. That’s an eternity in Internet time, but it’ll ultimately mean that most homes and communities could have blazing-fast connections.

Winner: People Who Can’t Afford or Access the Internet

Another major goal is the availability of free or cheap wireless broadband, coming from wireless spectrum that the FCC will identify for auction. The point is to provide basic Internet nationwide for people who otherwise can’t afford it.

Winner: Wireless Carriers

Companies like Verizon Wireless and AT&T are dying for more wireless spectrum to feed a growing number of data-hungry smartphones. The FCC plans to throw them a bone with 500 MHz of spectrum. Wireless industry group CTIA is thrilled.

Loser: Broadcast Television

The government is largely relying on broadcasters to voluntarily give up some of their spectrum so it can be used for broadband. Broadcasters like having the choice, but worry that the government might force them to give up spectrum if they don’t play along. Things could get ugly if broadcasters have to start sharing spectrum or use low-power cellular transmitters to broadcast. People who rely on broadcast TV may find that service is merely surviving, rather than improving.

Loser: Lawmakers

Members of Congress were the ones who mandated a national broadband plan, but now they’ve got the unenviable task of figuring out what to do with it. The total cost of the plan could range from $12 billion to $25 billion, and though the FCC hopes those costs can be recouped by auctioning spectrum, it might be a hard sell to taxpayers.

Unknown: Internet Service Providers

Companies such as Comcast are getting a hand from the FCC to build their infrastructure and offer better service to more people. But government help raises questions of how much regulation those companies will face, and whether they should continue to rely on private investment. Service providers seem happy about the proposal for now, but things could change as lawmakers and the FCC delve deeper into the issue of national broadband.

UPDATE: Farhad Manjoo in Slate

1 Comment

Filed under Legislation Pending, Technology