Archive for the 'Internet' Category

What are Enterprise Social Networks and Why Should I Care?

Sunday, November 1st, 2015

Social NetworkIt’s now possible to set up a closed social network, a la Facebook, for a limited group of users such as a company. Sort of like how some companies have a private internet (called an intranet), they can have a private Facebook (called an enterprise social network). You get the benefits of collaboration, networking, custom business apps, etc. It’s sort of like what Lotus Notes did back in the day.

Enterprise social netowrking is not hypothetical—the linked article discusses how the Royal Bank of Scotland is deploying Facebook at Work for 100,000 employees. And most notably, it’s an opportunity for Facebook to make money selling a product, versus selling advertisements.


Test Your Website for the Heartbleed Vulnerability

Wednesday, May 7th, 2014

Computer SecurityAstute Chad’s News readers will have already heard about the Heartbleed vulnerability, but it’s something we all need to be aware of. Fortunately, xkcd has the best explanation I’ve seen to date. If you manage or own a website that uses SSL certificates for secure HTTPS connections, the linked page will check to see if your site is vulnerable.

You can also use it to verify websites that you visit, to make sure they aren’t open to Heartbleed attacks. Major sites have already patched their systems and installed new SSL certificates, so I’m thinking the real concern is the smaller e-commerce sites. (Note: If you use this tool to verify a site, do it before you open the site in your browser.)

(via Kim Komando)

Tor Anonymity Can Be Compromised, Given Time and Resources

Tuesday, May 6th, 2014

Computer SecurityHere at Chad’s News, we’ve previously mentioned Tor, a network used for anonymous communication on the internet. Volunteers host Tor servers, and a user’s internet traffic is routed through those servers, thus disguising the actual location of the sender. (NOTE: Never, ever, ever host a Tor server on a computer that you wouldn’t want confiscated by law enforcement.) Tor has been touted as a great method for political dissidents, whistle-blowers, and others to confidentially send information via the internet without being identified. Of course, it’s also used for illegal traffic.

The linked article discusses a paper [PDF] (Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, lead author Aaron Johnson of the US Naval Research Laboratory) that comes to some startling conclusions about Tor anonymity. If someone uses Tor regularly, an adversary with significant resources (e.g., a government) has a high chance (80% to 95%) of successfully tracing that user over a period of 3 to 6 months.

(via Kim Komando)

Net Neutrality is Dead, and Why You Should Care

Sunday, February 2nd, 2014

InternetNet neutrality has been a hot topic in the internet world, but many people have no idea why it’s important. The linked article gives the best definition that I’ve seen. Essentially, without net neutrality, your ISP and other network providers can play god in regards to the content you receive. They can block certain sites or give preferential treatment to sites. They can demand that a content provider (e.g., Google) pay them in order to not have their content receive degraded performance. This is not hypothetical—I remember reading about how the CEO of a major network provider wanted to charge companies like Google for the traffic coming over its system, even though the network provider’s subscribers were already paying for that access. He saw it as a source of additional income and was upset that Google didn’t have to pay to use the company’s network.

This goes against everything the internet stands for, of course, so the FCC instituted a regulation enforcing net neutrality. The FCC, however, doesn’t have the authority to make that kind of regulation, and the courts recently struck it down. Congress could make a law enforcing net neutrality, but somewhere along the line this topic became a partisan political issue. Not sure why that’s the case, but the end result is that congress is unlikely to pass any legislation in the foreseeable future.

Only time will tell what the major ISPs and network providers do with their new freedom, but I think it’s going to be ugly.


An Astounding Number of Vulnerable Internet Devices

Saturday, April 6th, 2013

Computer SecurityA computer researcher wanted to map all 3.6 billion of the Internet’s usable IPV4 IP addresses, to see which ones are actually being used and to determine where the devices are physically located. This would be quite a task for a single computer, so he created a botnet with 420,000 zombie devices to do the task for him. What I find most interesting, however, is how he managed to compromise those devices. He simply tried to connect to each one with the following four username/password combinations:

  • admin/admin
  • root/root
  • admin/(blank)
  • root/(blank)

No kidding. That’s all it took.

For the more technically minded, the paper says that “the vast majority of all unprotected devices are consumer routers or set-top boxes.” So just for kicks, I telneted to my router and found that the admin/admin combination worked. Fortunately it’s configured such that remote telnet is disabled—so I was not part of this experiment. The paper goes on to say that the 420,000 number is for the devices they turned into zombies, and that the actual number of vulnerable machines is about four times that many.

Link #1:…

Link #2 (research paper):…

Internet Withdrawal is Real

Sunday, March 31st, 2013

InternetFrom the linked article: “The researchers found that people who habitually surf the Internet for long periods at a time suffer higher incidence of ‘negative moods’ after they stopped surfing, leading to addiction-like urge to return to the Web to alleviate or lift the negative mental states. The researchers warned that surfing the Internet for long stretches of time can result in withdrawal symptoms similar to those that drug abusers experience.”


The Lowdown on Spamhaus and the Huge Attack Against It

Saturday, March 30th, 2013

EmailYou may already have heard about the massive DDoS attack against Spamhaus—an attack so big that it may have slowed down the entire Internet. So what is Spamhaus, and what did it do to incur such wrath?

The linked article has an overview of the spam-blocking services provided by Spamhaus. It also describes the tactics used by Spamhaus that many consider to be akin to extortion or blackmail. Are their methods heavy-handed? I would have to say “yes”. Are they effective? Indeed they are. Does the end (less spam) justify the means? I’m somewhat ambivalent on that one. Let me know what you think, in the comments.


The Six Strikes System: What You Need to Know

Saturday, January 12th, 2013

InternetBack in 2009, France passed a “three strikes” law, which cuts off a person’s internet access after three documented instances of illegally downloading copyrighted material. So when I heard about the new six strikes system (officially the Copyright Alert System) being implemented in the United States, I assumed it was the same type of thing but with three extra warnings.

Fortunately, that’s not the case. First off, participation by ISPs is voluntary, unlike in France and other countries where it’s a legal requirement. And so far only a few ISPs have decided to take part: Comcast, AT&T, Time Warner, Verizon, and Cablevision.

Second, the punishment is not a total loss of internet access; rather, it’s typically a temporary reduction in connection speed or the temporary blocking of certain websites. The specific punitive measures, as well as when they take effect, are decided by each ISP. But in no case will internet service be suspended.

The system was scheduled to go live last Fall, but has been postponed until early 2013.

Update: [1/13/2013] Slashdot has the details of Verizon’s six strikes policy.

Link #1:…

Link #2:…

Link #3 (official FAQ):…

Link #4 (failure of French system):…

Why Hosting a Tor Server is a Bad Idea

Tuesday, December 25th, 2012

Computer SecurityTor is a computer network that allows people to transmit information anonymously. It is free for anyone to use. The network comprises a large number of servers (called relays) hosted by volunteers. The benefits seem to be good at first glance. Tor allows dissidents in politically oppressive regimes to anonymously get information out to the world at large. Companies and governments can use it to transmit sensitive communications. Journalists can safely connect with whistleblowers. Or it can be used by people who simply value their privacy. Anyone can configure the Tor software to make their computer into a Tor network relay. It’s quite easy for people like you and me to help promote these good causes.

The problem, however, is that criminals also use Tor—including terrorists and child pornographers. And if you’re hosting a Tor server/relay that transferred illegal material, the police can and will come after you. The linked articles give two such cases.

Link #1:…

Link #2:…

Twitter Basics

Monday, October 8th, 2012

Social NetworkFor those who haven’t made the plunge into Twitter, the linked article explains the basics in a clear and understandable manner. Once you’ve finished reading it, you’ll understand what @ChadCloman and #DenverBroncos mean.


It’s Official: No More Adobe Flash For Mobile Devices

Saturday, August 18th, 2012

Adobe LogoIn a follow-up to this recent Chad’s News post, Adobe has pulled its Flash Player from the Android store. Thanks to Steve Jobs, it appears that HTML5 will be the delivery system of choice for multimedia content. Adobe still has plans for Flash, and it’s fully supported on PCs, but this is pretty much the end of it for mobile devices.

(via Kim Komando)

Building a Supercomputer From the Cloud

Wednesday, July 18th, 2012

The CloudCancer researchers used the Amazon Elastic Compute Cloud to create a virtual, 50,000-core supercomputer that ran a complicated simulation for the low, low price of $14,486. The neat thing is that they were able to perform a more detailed and realistic simulation on the cloud-based system than they would have on the supercomputer they actually own.