From the category archives:

Web Pro News

Leadership through Advocacy and Organizing

by Bill Cullifer on April 21, 2011

Leadership through Advocacy and Organizing to Promote the Web Profession and Jobs in New Media and IT

Greetings WOW Members and Web Professionals Everywhere!

Web professionals working together can make change happen. For example, when education policies don’t meet the needs of aspiring and practicing Web professionals we work to change the system. With your support, the Webprofessionals.org has continued with its 14 year history and mission to engage education policy decision makers to encourage them to improve Web professional pathways and to change the policies that hold them back. While building leadership through advocacy and organizing we strengthen our voice to improve the overall Web experience for the communities we serve.

Why is this important?

* To continue with the mission of cultivating innovation and jobs for the Web profession.
* Industry, government and academia, together, can cultivate an environment of innovation and job creation to foster leadership in Information Technology and New Media.
* By educating customers we serve we can ensure the professions overall success.
* Facilitation of communication between business, industry and education professionals advocacy can lead to improvements in compensation and recognition for Web professionals.
* Active involvement by WOW members and individuals like you is needed. Together we make the vision of Web Standards, improvements in education and the quality of services that true Web professionals provide a reality.

2011/2012 Advocacy Plan to Promote Education and Careers

Last month, WebProfessionals.org led the third in a series of IT Innovation Summits in California. Leading Information Technology (IT) organizations, businesses, industry and education professionals came together to collaborate on several initiatives that will help support IT and Web professional education, Web standards and jobs in IT and Mew Media.

The advocacy plan is in response to U.S. government studies predicting a significant shortage of technology and creative professionals in the country within the next three to five years. The organizations 2011/2012 advocacy plan designed to address the talent shortage, the growing skills gap and to answer the questions, “Why Consider a Career in the IT and New Media Profession, why teach Career and Technical Education and Web Standards in the classroom.”

“In order for the U.S. to continue to lead the world in innovation and creativity, we must develop an advanced information technology ecosystem that is able to refresh itself with IT and New Media talent and creative thinkers with the skills that employers need the most” said Bill Cullifer, WOW Executive Director of WebProfessionals.org and chair of the WhyITNow.org and Why Web Standards initiatives.

Andy Vaughan, Director, Strategic Programs, Monster Public Sector Education supporter of the initiatives said, “I clearly understand and appreciate the efforts to promote Web professional education and Web standards and how it will serve the Web professional community in the long term. We’re happy to support your IT and New Media education pathway efforts through the WhyITNow.org initiative in collaboration with the California Department of Education. Its important work and we’re happy to play a role.”

Gary Page, California Department of Education (CDE) said, “I’d like to thank the WebProfessionals.org association and the WhyITNow.org initiative for hosting the IT Innovation Summit Sacramento. The most exciting thing is that the WhyITNow.org initiative has brought in people of from all different aspects of education and industry and we have found that we have consensus on some key issues. For example, one of the problems is that we’re not talking with each other and that we’re living in silos and we need to break away from that somehow. I think that there is a consensus that we need to get together more and work together.”

WebProfessionals.org 2011/2012 Advocacy Plan and initiatives will drive skill development that will support and increase the pipeline for technical and creative workers and those that teach. It also will:

• Convene stakeholders to establish collaboration between business, the Web profession, education and government to develop a clear, concise and consistent communication strategy regarding why innovation, information technology and New Media is good for business, commerce, competitiveness and jobs.

• Develop an effective advocacy plan and implementation strategies that support innovation, New Media and Information Technology adoption and best practices.

• Promote general awareness of Career Technical Education (CTE) and information technology (IT) and New Media through websites, workshops, conferences and award ceremonies.

• Foster relationships and linkages between business and industry, education, career technical student organizations and government agencies to insure a continual pipeline of IT and New Media professionals with skills that aligns to industry demand.

• Promote digital literacy into general education curriculum to equip all graduates with these basic skills.

• Provide online Web professional short courses and educational resources.

• Promote Web design and development contest connecting business and industry with education and students and practicing professionals.

For additional information regarding the WebProfessionals.org 2011/2012 Advocacy plans and initiatives visit:

· Web Professional Directory (http://webprofessional.org)
· Web Professional Jobs (http://webprofessional.jobs)
· Why Web Standards (http://whywebstandards.org )
· New Media Careers (http://newmediacareers.org )
· WhyITNow.org ( http://www.whyitnow.org )
· WhyCTE.org (http://whycte.org )
· Web Design Contest (http://webdesigncontest.org )
· Web Pro Training (http://webprotraining.org )

For additional information about Webprofessionals.org Advocacy efforts and history visit:

WebProfessionals.org (http://webprofessionals.org/about/advocacy

{ 0 comments }

Is the Web Becoming Less Secure?

by Bill Cullifer on December 16, 2010

Is the Web Becoming Less Secure? A PBS Analysis

In the wake of the Gawker Media hacking over the weekend, Jeffrey Brown gets a wider perspective about the vulnerability of online information and the danger of further cyberattacks from James Lewis of the Center for Strategic and International Studies and Larry Clinton of the Internet Security Alliance.

Transcript

JEFFREY BROWN: Now some wider perspective on all this from two who follow the online world closely.

James Lewis is director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies here in Washington. And Larry Clinton is president and CEO of the Internet Security Alliance, an industry trade group that represents companies and organizations focusing on Internet security.

Welcome to both you.

Jim Lewis, how — we listen to this. Now, broaden it out. How vulnerable is the system and where do you see the main problems?

JAMES LEWIS, Center for Strategic and International Studies: The main problem is that we’re using 1970s technology, or, at best, 1990s technology, and it just isn’t appropriate anymore for a global infrastructure.

And there are some things, like this Gawker website, that we’re just never going to be able to fix. Passwords are very difficult to make secure, maybe impossible. So if you’re depending on a password, chances are you’re going to be in trouble. And I know that might frighten people, but that’s the reality.

JEFFREY BROWN: Reason for being frightened? What do you see?

LARRY CLINTON, president & CEO, Internet Security Alliance: Well, there is reason for being frightened.

We have an insecure system that was designed to be open, not to be secure. And we’re expanding that system with all sorts of new devices, handheld devices, smartphones, et cetera. So, the system is becoming generally less secure.

JEFFREY BROWN: It’s interesting, because a lot of this isn’t about high technology. This is human nature, right? People want to simplify their lives, so we use the same password.

LARRY CLINTON: Well, that’s right. I mean, the problem really…

JEFFREY BROWN: They even use the password for password.

LARRY CLINTON: Exactly, or 12346, the most common password.

(LAUGHTER)

JEFFREY BROWN: Yes.

LARRY CLINTON: The problem isn’t that we couldn’t build secure systems. The problem is really more that we won’t buy secure systems. We want easy and we want cheap.

And we’re going to have to begin to look at cyber-security as much more than just a technological issue. It’s a strategic and economic issue. And we’re going to have to take a full-scale look at all these things in an integrated fashion.

JEFFREY BROWN: Well, give us a little sort of news that viewers can use here. I mean, what should consumers, what should they do? Especially, here we are in the holiday season, and a lot of people are online shopping, for example.

JAMES LEWIS: Yes. And if you pay a little attention to your password, you can make it harder, and you’re going to knock out the lower-end hackers, which is mainly what we have seen in a lot of these WikiLeaks and Gawker things. You know, don’t use your pet’s name.

If you have personal information on Facebook or a social networking site, don’t use that as your password.

And a lot people do that. And, finally, the default password on all equipment when you buy it is password. Change the default.

JEFFREY BROWN: What would you add to that for…

LARRY CLINTON: Well, that’s all good advice. And it does begin to scratch the surface of the problem.

But we need to get much deeper with the problem. Enterprises need to be much more involved in overall cyber-security. One of the least publicized facts in this field is that we know tons about how to secure these systems.

JEFFREY BROWN: We do?

LARRY CLINTON: We do.

JEFFREY BROWN: What do we know, for example?

LARRY CLINTON: Well, enterprises need to have a risk management plan. Most don’t. They need to have somebody in charge of the plan. Most don’t. We need to be beginning to fund the investment in cyber-security equal to the upside that we do invest.

Most businesses are happy to invest in online marketing and all the advantages for cyber-security. They are not investing in the cyber-security defensive structures that they need to be putting in place, many of which are highly effective. There are standards, practices, technologies that could protect many of these sites. They’re simply not investing in them.

JEFFREY BROWN: Is that correct, in your experience, that they don’t want to invest, even after we see something with Gawker? And we see it — of course, that’s just the tip of the iceberg, right?

JAMES LEWIS: Yes, it’s a question of investment. It’s a question of practices. And it is, to some extent, a question of technology.

To some extent, this technology is just not securable. And so there’s always going to be an element of risk. One of the things that’s nice about these denial of service attacks is it…

JEFFREY BROWN: Explain. Explain what that is.

JAMES LEWIS: Denial of services, as we heard, people launching hundreds or thousands, tens of thousands of messages at a company, to the point where their computer on the receiving end is overloaded and crashes.

That’s right.

And that’s an avoidable problem. That’s a problem that people have figured out how to beat. So when you see somebody falling prey to denial of service attack, it means they haven’t been paying any attention for the last five or six years.

JEFFREY BROWN: But so what do you tell — let’s focus on companies for a moment. We talked about individuals. What should companies be doing, do you think?

JAMES LEWIS: Companies have to take this a lot more seriously. And the denial of service is the low end of the threat.

The high end of the threat is espionage or sabotage. We have seen a lot of espionage. For denial of service, as for espionage, you have to say, am I doing the basic hygiene things? Am I making sure my systems are patched? Do I have a risk management plan? Have I put in place the technologies that will let me track who is trying to do what to my network?

All of this is out there. And, in fact, the whole WikiLeaks thing with DOD, with the right technologies, we could have avoided WikiLeaks. So this is a problem maybe of will, maybe of incentives. But it’s something that is fixable if we can get our act in gear.

JEFFREY BROWN: And yet you’re saying that, when you go to companies, a lot of companies just say, this is last on our list, after marketing and various other things?

LARRY CLINTON: Well, if you’re a small business, you want one thing, which is to become a big business. There are about a third of our major corporations that are investing adequately in this.

But in two-thirds of American businesses, investment in cyber-security is actually going down. And I think Jim is absolutely right. We need to put in place a 21st century partnership between government and industry, so that we get the proper incentives put in place to expand the perimeter of cyber-security, and, that way, we don’t have to be training our grandparents to update their Twitter accounts properly.

JEFFREY BROWN: What about the hackers? I mean, we refer to this phrase now hacktivists, right? Do you see them that way? Are they pranksters? Is it worse? And how organized is this all?

JAMES LEWIS: Well, one of the nice things about the Internet is it lets virtual communities spring up. And it can be virtual communities of people interested in the same kind of dog, or it can be people interested in the same kind of nutty political cause.

It empowers them both. And so what we have got now are groups that share views widely distributed around the globe and have a technology that will let them express their opinions. We have seen this in Estonia. We see it all the time in Asia.

It’s a way to — it’s a new form of politics. And it’s like those anarchists who come and demonstrate in front of the IMF, except, these times, they can hide behind the Internet. They can do — make a lot more noise, do a lot more damage.

JEFFREY BROWN: And do we know much about how organized they are as groups? I mean, we’re talking about Gawker. We’re talking about the Wikipedia — WikiLeaks. Excuse me.

LARRY CLINTON: Yes, they’re very organized. Actually, the biggest problem is organized crime.

The organized criminal syndicates, particularly in Eastern Europe and in China, are the ones who are providing the basis for a lot of this nefarious behavior. And then we get a lot of attention paid to the hacktivists, which generate attention.

But the real insidious threats are things like the advanced persistent threat, which, unlike a hacktivist attack, like we’re seeing with the WikiLeaks, is not designed to generate attention. It’s designed to get into a system, and so you don’t even know that it’s there. And it quietly steals, not only personal data, but corporate intellectual property, national secrets, et cetera.

And this is very, very organized. And it’s driven by the attempt to make money.

JEFFREY BROWN: And mostly quiet, right?

LARRY CLINTON: Very, very quiet.

JEFFREY BROWN: And that’s the kind of discussion — those are the things we don’t discuss, usually, and we don’t hear about.

LARRY CLINTON: That’s right.

JEFFREY BROWN: All right, Jim Lewis and Larry Clinton, thank you both very much.

JAMES LEWIS: Thank you.

LARRY CLINTON: Thank you, Jeff.

{ 0 comments }

Gawker Analysis

by Bill Cullifer on December 14, 2010

A Gawker Analysis On PBS

Gawker Media, one of the web’s largest publishers, was hacked over the weekend and information for about 1.3 million users was made public. Jeffrey Brown speaks with the NewsHour’s Hari Sreenivasan about the cyber attack and what it means for personal security online.

Transcript

JEFFREY BROWN: And we turn to now to the vulnerability of the Internet, after a week of very visible hacks and attacks.
ARTICLE TOOLS

In the days following the release of classified government documents by WikiLeaks, thousands of the site’s supporters, so-called hacktivists, have launched online attacks aimed at companies and groups they deem hostile to WikiLeaks and to the free flow of information.

Last week, a group calling itself Anonymous targeted the websites of Visa, MasterCard and PayPal, among others, after the companies stopped processing donations to WikiLeaks. Government websites, too, have been vulnerable. The Senate website was slowed last week after Senator Joe Lieberman criticized sites enabling WikiLeaks.

The attacks used software that chain together hundreds of computers that all request information from the same website at the same time, causing a traffic jam that makes the site inaccessible.

RYAN SINGEL, staff writer, Wired.com: This is a little bit more like what happened in the ’60s when protesters took over buildings at, you know, universities, where people couldn’t get in the building, but it’s not really them blowing up the building.

JEFFREY BROWN: While all that goes on, this weekend, there was another example of online hacking, this one affecting the popular site Gawker, an eight-year-old digital media company that hosts blogs on media, technology, and pop culture.

A group calling itself Gnosis raided Gawker, burrowing inside its databases to unlock the user names, passwords, and e-mail addresses of some 1.3 million people who had left comments on the site. Gawker was forced to stop publishing temporarily Sunday and urged its users to change their passwords.

There were signs the hackers had acted in retaliation after a war of words with Gawker. They also appeared to send a message about the vulnerability of usernames and passwords, listing several thousand accounts in which the password for the account is the word “password.”

Our own Hari Sreenivasan covers technology developments for us online, has been — and has been following the Gawker situation. He joins me now for an update.

So, Hari, first, for those who don’t know much about Gawker, tell us a little bit more. What is it?

HARI SREENIVASAN: Well, it is one of the largest publishers on the Web. And it’s really an amazing set of sites. Whether you care about cars or you care about gadgets, it’s one of the must-check sites on the Internet.

And it’s almost like a modern-day salon, because people come there for information, but they’re coming just as much for the comment threads and to leave a comment and really to be part of a conversation.

JEFFREY BROWN: All right, we talk about this group called Gnosis. How much do we know about what — who they are? And what did they do to Gawker?

HARI SREENIVASAN: Well, a lot of these sort of hacker groups are very shadowy in nature, in the sense that they — there’s no card-carrying membership that says, I’m part of this club. I’m the one who did this, and here is my address and phone number.

So, really, what they did to Gawker was come in behind the scenes in the past few weeks, past few months, figure out vulnerabilities, and essentially start to take the keys to the kingdom. Everything that Gawker held dear, most important, the user information, they took all of that out and splayed it out across the Internet.

They didn’t hide the information for themselves for some sort of kind of nefarious means. They said, here, take it, because this is really — they’re the crown jewels for a website.

JEFFREY BROWN: And you were telling me earlier today that you went online last night.

HARI SREENIVASAN: Yes.

JEFFREY BROWN: So, give us examples. What could you see there?

HARI SREENIVASAN: Well, something very minimally invasive was that I could see what the future of the Gawker website was supposed to look like, which is something pretty important that you want to try to keep secret.

If I was a real kind of a technologist, I could actually see the content management system. I could see the databases. I could see where they store their passwords. I could see the advertising information, which could be very important.

But the most important, again, the crown jewels, were the usernames, the passwords, and the e-mail addresses connected to them of some 1.3 million users. That’s really the stuff that I, as a complete novice, could see.

JEFFREY BROWN: Now, how are those people affected, in what ways?

HARI SREENIVASAN: Well, so, the thing — it kind of gets back to a little bit of social engineering.

So a lot of times people don’t make separate passwords and separate usernames for different websites. Sometimes, they use the same website or same e-mail address that I have for work on to a site like Gawker, and then maybe that’s the same password that gets me into Facebook, and then it’s also connected to Twitter.

So, as we see all of these different kind of communities that we participate in during the day, people aren’t very good at keeping these walls separate. So, that’s where the real influence is.

JEFFREY BROWN: And I heard today that — so, today, they used to that affect Twitter as well, right?

HARI SREENIVASAN: That’s right. So…

JEFFREY BROWN: And this would be people who use the same password for Gawker and Twitter.

HARI SREENIVASAN: That’s right, the same username or the password. So, basically, somebody between last night and this morning wrote a small computer program that figured out that little exploit.

And, so, while hundreds or maybe thousands of people are asleep, their Twitter accounts were automatically sending out advertisements for the acai berry or acai berry, however you say it, the super berry, right? So, while you were sleeping, you were actually a victim to somebody else’s marketing scam.

JEFFREY BROWN: Now, what if I or what if our viewers don’t go on Gawker? Should they care?

HARI SREENIVASAN: Well, they should care because this actually exploits larger vulnerabilities into their workplaces.

Not only were they’re Gmail and Yahoo! accounts. There were a lot of government accounts. There were a lot of edu, which means universities or educational institution, accounts.

So if these people don’t change their passwords, don’t get a little stronger about their own protections, those systems could also be compromised. I mean, all of those e-mail addresses are now out there for other hackers to exploit.

JEFFREY BROWN: And what of Gawker? I said they temporarily stop publishing. They’re certainly back now. But have they taken any steps that we know of to prevent this in the future?

HARI SREENIVASAN: Well, they said that they are. They apologized to their users profusely on their blog. They said, we’re really embarrassed and really we want to try to help you go ahead and change your password.

But, ironically enough, this morning, if I wanted to delete my account on Gawker, I couldn’t do that because the database that would have allowed me to do that was corrupted by the hackers last night.

JEFFREY BROWN: All right, Hari Sreenivasan, thanks a lot.

{ 0 comments }

Understanding Microformats – Interview with Jeri Hastava and Emily Lewis

by Bill Cullifer on December 9, 2010

Undestanding Microformats - Interview with Jeri Hastava and Emily Lewis Play Now | Play in Popup | Download

Practical Microformats

Microformats are HTML-based design patterns that add semantic meaning to common web content. More than semantics, though, microformats have a wide range of benefits, including findability, standards compliance and extensible data publishing. And they are used by some of the biggest sites on the web today.

In this nine minute audio podcast WOW’s roving reporter Jeri Hastava, Leap of Faith Web Design, Jeri asks Emily Lewis, Freelance Web Designer, Author, Speaker, Microformats Devotee, Usability & Accessibility Advocate about Microformats including detail about the hCard microformat for contact information and the hCalendar microformats for events. The interview also discusses benefits, tools and resources, but the focus will be on the practical application of microformats using semantic markup (POSH: Plain Old Semantic HTML).

According to Wikipedia, a microformat (sometimes abbreviated ?F) is a web-based approach to semantic markup which seeks to re-use existing HTML/XHTML tags to convey metadata and other attributes in web pages and other contexts that support (X)HTML, such as RSS. This approach allows software to process information intended for end-users (such as contact information, geographic coordinates, calendar events, and the like) automatically.

Although the content of web pages is technically already capable of “automated processing”, and has been since the inception of the web, such processing is difficult because the traditional markup tags used to display information on the web do not describe what the information means.[2] Microformats can bridge this gap by attaching semantics, and thereby obviate other, more complicated, methods of automated processing, such as natural language processing or screen scraping. The use, adoption and processing of microformats enables data items to be indexed, searched for, saved or cross-referenced, so that information can be reused or combined.

As of 2010 microformats allow the encoding and extraction of events, contact information, social relationships and so on. More are being developed.

Background

Microformats emerged as part of a grassroots movement to make recognizable data items (such as events, contact details or geographical locations) capable of automated processing by software, as well as directly readable by end-users. Link-based microformats emerged first. These include vote links that express opinions of the linked page, which search engines can tally into instant polls.

As the microformats community grew[when?], CommerceNet, a nonprofit organization that promotes electronic commerce on the Internet, helped sponsor and promote the technology and support the microformats community in various ways. CommerceNet also helped co-found the Microformats.org community site.

Neither CommerceNet nor Microformats.org operates as a standards body. The microformats community functions through an open wiki, mailing list, and Internet relay chat (IRC) channel. Most of the existing microformats were created at the Microformats.org wiki and the associated mailing list, by a process of gathering examples of web publishing behaviour, then codifying it. Some other microformats (such as rel=nofollow and unAPI) have been proposed, or developed, elsewhere.

The phrase “plain old semantic HTML” has been found online as early as 1998, but the coinage of the acronym POSH used in connection with microformats occurred in April 2007 on the microformats irc channel.{[fact}} Semantic HTML focuses on the use of tags and attributes for semantic rather than presentational purposes.

{ 0 comments }

Net Tracking- Issues and Positions

by Bill Cullifer on December 2, 2010

Net Tracking- Issues and Positions Compares How those in Favor and Those Opposed Side on this Important Issue

FTC backs “do not track” list for Web users

Reuters is reporting that U.S. regulators on Wednesday backed the creation of a “do not track” list that would limit the ability of advertisers to collect Internet users’ data and would protect consumers’ online privacy.

In a preliminary staff report, the Federal Trade Commission said that while companies generally manage consumer information responsibly, there are exceptions.

“Self-regulation in privacy has not worked adequately,” said FTC Chairman Jon Leibowitz. “A legislative solution will surely be needed if industry doesn’t step up to the plate.”

Leibowitz said he supported creation of a mechanism that allows consumers to opt out of some tracking, adding that Congress would probably need to act, which may be difficult because of legislative gridlock next year.

Senator John Kerry, a Massachusetts Democrat, said on Wednesday that he planned to introduce legislation that would require companies to secure data and inform consumers about what data is being collected.

“Consumers should be given a simple mechanism for opting out of the process,” Kerry said in a statement.

Republicans in the House of Representatives, like Representative Joe Barton, have said, without offering details, they would focus on privacy issues.

Any legislation could be two years off, at minimum, said Amy Mushahwar, a privacy expert with Reed Smith, who predicted industry would strike a deal with the government.

If consumers gain more control over their data, the biggest losers could be companies serving third-party ads, said Mushahwar. “Those are the targets,” she said.

The FTC staff report also urged that special care be taken with information about sensitive topics such as finances, health, children or an individual’s location.

“Before any of this data is collected, used or shared, staff believes that companies should seek affirmative express consent,” the report said.

The agency’s report urged the development of ways to build privacy into the design of business practices by, for example, collecting only the data that is needed and disposing of it when it is no longer being used.

The agency also proposed that company privacy policies be simpler, clearer and shorter.

“Staff also proposes providing consumers with reasonable access to the data that companies maintain about them, particularly for companies that do not interact with consumers directly, such as data brokers,” the report said.

“In addition, all entities must provide robust notice and obtain affirmative consent for material, retroactive changes to data policies.”

The report comes as the FTC is under pressure to contain the growing strength and savvy of companies collecting Internet users’ personal data and selling it to advertisers.

A recent report by a privacy group found, for example, that some websites that present themselves as a way for ill people to connect with other people with the same ailments were actually created by companies to collect and sell data on those people to market medicines to them.

A final version of the FTC report will be released next year after taking into account comments from interested parties.

Do-not-track proposal gets chilly GOP response

According to MarketWatch Today, U.S. House Republicans called into question a universal, federally sponsored do-not-track tool for the Internet saying in a hearing Thursday that it would curb profits for the Internet advertising industry.

In a report released Tuesday, the Federal Trade Commission endorsed the idea of a do-not-track system to protect consumer privacy on the Web, where advertising companies store user data in an effort to display ads targeted at their interests. Bill would outlaw web tracking of kids

Legislation is set to be introduced early next year by Rep. Edward Markey that would prohibit online companies from tracking children on the Internet without parental consent. Steve Stecklow discusses.

“I assume most customers would be interested in seeing advertising that was relevant to them,” said Rep. Ed Whitfield, a Kentucky Republican, the ranking member of the subcommittee on Commerce, Trade, and Consumer Protection. “We need to be mindful not to enact legislation that would hurt a recovering economy.”

The trade commission stopped short of calling for legislation in its report but did say that the industry’s attempts at self-regulation owing to privacy concerns had developed too slowly.

Such a tool “would allow consumers to exercise choices about online tracking in a simple, persistent and universal way,” said David Vladeck, head of the commission’s consumer protection bureau.

But a robust do-not-track option could hobble advertising, the Internet’s main revenue stream and one of the few growing sectors of a sluggish economy.

Several Democratic representatives have said they would support some form of legislation to enforce do-not-track provisions on the Internet.

Rep. Edward Markey, a Massachusetts Democrat, proposed legislation Wednesday that would seek to stop companies from tracking the online browsing habits of children. He said that some sites targeted at children employ more tracking software than their adult-focused counterparts.

It is unclear how such legislation would distinguish Internet use by children from that of their parents.

Daniel Weitzner, a telecommunications policy analyst at the Department of Commerce, noted that online transactions amounted to $3.7 trillion annually.

A growing percentage of that Internet economy is dedicated to tracking and storing information about consumers catalogued by their personal Internet protocol address, Weitzner said.

“Data collection restrictions are blunt instruments,” he said, in response to a question whether the government should allow tracking of information but not the storage and sale of it.

The do-not-track proposal follow the loose principles of do-not-call registries created in the past to thwart telemarketers, but the Internet presents a much different challenge to regulators.

The FTC report suggests that placing universal do-not-track preferences within browsers would be a logical step. The commission’s Vladeck said creating a centralized list was not an option being considered.

The major browsers, Microsoft’s Internet Explorer, Google’s Chrome, Apple’s Safari and Mozilla Firefox, all incorporate some form of anonymity options through preferences or third-party plug-ins.

The companies behind the browsers reacted coolly to the proposal, touting the privacy functions already in place and saying they would study the proposal further.

Joan Gilman, a media sales executive at Time Warner Cable, said a do-not-track list would likely dampen the healthiest revenue stream the Internet has available.

“It may also deter the provision of free online advertiser-supported content and inhibit innovation,” Gilman said according to the report.

{ 0 comments }

China’s Internet ‘Hijacking’ Creates Worries

by Bill Cullifer on November 27, 2010

Last week, a congressionally chartered commission released a report about what China’s rise means for the U.S. economy and security. Included in the findings were the details of a little-known incident involving the hijacking of online data by a firm owned by the Chinese government.

Transcript

JUDY WOODRUFF: As holiday shoppers flock to the Web to make purchases, new questions about Internet security are surfacing.

Ray Suarez tells the story.

RAY SUAREZ: At a communications company outside Washington, D.C., computer network engineers monitor Internet traffic. Normally, the Internet works by swiftly finding the shortest, most efficient trip between two computers anywhere on Earth.

An 18-minute diversion of Internet traffic through China has raised security concerns around the world — especially for governments and people in critical infrastructure — and raises new concerns for online shoppers just ahead of Cyber Monday.

Courtesy of PBS

Electronic routers direct the traffic flow, insuring the shortest path, like these green lines here. But, back in April, electronic communication looking for the shortest route was sent through China.

Watch the red line. For 18 minutes, the traffic on 35,000 to 50,000 computer networks elsewhere in the world began flowing toward China, before getting routed to their final destinations. China Telecom had created a massive detour.

But traffic didn’t stop. The affected computer connections took just a tiny fraction of a second longer. Whether someone was logging into check a bank balance, sending a child’s photo to grandma, or shopping online, the Net still worked.

However, at the computer operations center outside Washington, D.C., engineers noticed this Internet routing phenomenon immediately. Their computer screens lit up with red alerts.

RODNEY JOFFE, Neustar, Inc.: We noticed the sudden change. During the period, there were alarms that went off.

RAY SUAREZ: One of the architects of the modern Internet, Rodney Joffe, said this diversion was a very big deal. He says it was caused when computer routers in China belonging to China Telecom began signaling to other computer routers on the Internet that they could provide the quickest path between different computers.

RODNEY JOFFE: They, all of a sudden, began announcing the fact that they were an optimal path to about 15 percent of the destinations on the Internet, that, in fact, they were a way to get to a large number of destinations on the Internet, when, in fact, they were not. We have never seen that before on this scale ever.

RAY SUAREZ: Joffe is senior vice-president and senior technologist at Neustar, a global technology and communications company. He’s also a computer security expert who consults for the U.S. government and industry.

RODNEY JOFFE: In the grand scheme of things, this was a seminal event. So, this wasn’t a minor security event. This wasn’t a hiccup — 99.9 percent of the world didn’t even think this could be done. Engineers didn’t even think about it.

Every one of them is now thinking about it day and night, what the effects would be on their networks, and how they might use it, depending on whether they wear a white hat or a black hat.

RAY SUAREZ: Last week, the U.S.-China Economic and Security Review Commission, a congressionally chartered panel, issued a stinging report.

Its conclusion? That a state-owned Chinese communications firm, China Telecom — quote — “hijacked massive volumes of Internet traffic.”

The Chinese government and China Telecom deny this. A Foreign Ministry spokesman said, “This report ignores the facts and is full of Cold War thinking and political bias.”

When all the communications from tens of thousand of computer networks was routed to China, that included all the Web traffic, e-mail, and instant messages to and from dot.mil — that’s the Department of Defense — and dot.gov — those are U.S. governments departments. The U.S. Senate and NASA also had all their traffic diverted.

Companies like Dell, Yahoo!, Microsoft and IBM had their data diverted by China Telecom, too. On that day in April, officers logging into a Pentagon Web site ended up looking at an image that came to their screen via China.

It’s not clear what China did with the Internet traffic routed through its computers, and it’s not clear if the data that passed through China was saved to be examined later.

But Larry Wortzel, a member of the commission that investigated the incident, is worried.

COL. LARRY WORTZEL (RET.), United States-China Economic and Security Review Commission: The real concern is that it was intentional, and these communications were recorded, and that they will be exploited over time to create either penetrations or to create networked malicious viruses.

RODNEY JOFFE: Once traffic goes through Chinese routers or switchers, Chinese devices, it’s possible for the traffic itself to be manipulated. It could either just be filtered and dropped, or, in fact, it can be read, so that a log could be made of the content of the traffic, or changes could be made.

So, for example, I could substitute one word for another or one e-mail for another, and the — the users on both ends would have no idea that this has occurred.

RAY SUAREZ: Joffe says hijacking Internet traffic is consistent with previous Chinese activities.

RODNEY JOFFE: The Chinese government has made it clear, as early as six or seven years ago, publicly, that they can see that one of the next frontiers for conflict is going to be settled in cyberspace. This would seem to be something along the same lines.

RAY SUAREZ: Larry Wortzel came to the U.S.-China Commission after a career in Army intelligence. He served as a U.S. military attache in China.

COL. LARRY WORTZEL: I think it’s important to understand that you can do an awful lot with 18 minutes of traffic. A good intelligence officer, for instance, could get 18 minutes of traffic from the whole Department of Defense, and — and get the Internet address, let’s say, to the military assistant or the executive officer to the Joint Chiefs of Staff and everyone he communicates with on certain issues, and their Internet addresses.

And then you could socially engineer an e-mail, and make it look like it came from one of those individuals in the network to all the others, and insert an attachment that contained a very malicious virus.

RAY SUAREZ: Wortzel says he’s been the subject of these types of computer attacks.

COL. LARRY WORTZEL: About eight months ago, I got an e-mail that looked like it came from the Naval Warfare Systems Command that invited me to a meeting on a particular missile system, and asked me to open the attachment to get the agenda for the meeting.

Well, I knew very well that I had not communicated with anybody in the Navy for quite a long time on that issue. And I actually called the person that was purported to have sent the e-mail. And she said, “I didn’t send you an e-mail.”

So, we had the attachment checked, and it was a very malicious virus that it would have done exactly that. It would have permitted somebody to take over a computer.

RAY SUAREZ: Even with no evidence of mischief, tampering, or theft, Rodney Joffe says governments and business have to harden their security systems, have to make sure this so-called hijack is made harder in the future, and, just to be safe, assume this wasn’t an accident.

RODNEY JOFFE: If, in fact, the traffic was being examined and your traffic passed through the network in China, your user I.D.s and passwords may have been compromised.

If I was a large enterprise or a large organization involved in critical infrastructure, if I was in government, I would be sweating bullets currently.

RAY SUAREZ: And Joffe says the mere example of this hijacking taking place has served as an inspiration to cyber-criminals around the world.

RODNEY JOFFE: We know that the criminals already have been discussing this. We have seen it for probably the last five or six months. It was a great event for them, because it’s given them a vector that most of them had never thought of.

RAY SUAREZ: Joffe and Wortzel agree that the Internet has exploded into worldwide daily use in part because its daily operation is based on trust. Lose that trust, and home users, businesses, and governments will start to stay away, and begin the unraveling of a modern marvel.

{ 0 comments }

Online Privacy Staged for a Showdown

by Bill Cullifer on November 16, 2010

Online Privacy Staged for a Showdown Says Press Reports

The NY Times is reporting that after “do not call” lists became popular, more than 90 percent of people who signed up reported fewer annoying telemarketing calls. Now, privacy advocates are pushing for a similar “do not track” feature that would let Internet users tell Web sites to stop surreptitiously tracking their online habits and collecting clues about age, salary, health, location and leisure activities.

Jon Leibowitz said his Federal Trade Commission was studying a “do not track” rule.

David C. Vladeck, of the F.T.C., said the agency would keep its focus on enforcing the law.

That proposal and other ideas to protect online privacy are setting up a confrontation among Internet companies, federal regulators, the Obama administration and Congress over how strict any new rules should be.

In the next few weeks, both the Federal Trade Commission and the Commerce Department are planning to release independent, and possibly conflicting, reports about online privacy.

Top Commerce officials have indicated that the department favors letting the industry regulate itself, building on the common practice of user agreements where companies post their privacy policies online or consumers check a box agreeing to abide by them.

Top trade commission officials, however, have indicated they are exploring a stricter standard, one that requires a “do not track” option on a Web site or browser similar to the “do not call” lists.

The two agencies have even tangled over which will release its report first, a decision that could set the tone for the clash to follow. People close to the talks say that, at least for now, the Commerce Department has been given the nod, provided it can complete its report soon.

Consumer advocates worry that the competing agendas of economic policy makers in the Obama administration, who want uniform international standards, and federal regulators, who are trying to balance consumer protection and commercial rights, will neglect the interests of people most affected by the privacy policies. “I hope they realize that what is good for consumers is ultimately good for business,” said Susan Grant, director of consumer protection at the Consumer Federation of America.

In addition, the major online companies have the reports in their sights, worried over a raft of potential new regulations. They would prefer that the industry continue to police itself.

“Targeted ads are helpful and ad competition is helpful,” said Eric E. Schmidt, the chief executive of Google, which owns the online advertising exchange DoubleClick. In a conversation last week at The New York Times, Mr. Schmidt said that the explosion in online consumer monitoring was increasing friction about how strict the privacy limits should be. And, he added, “it’s going to get a lot worse.”

The White House, meanwhile, has broader goals. It set up its own interagency panel that will look at how to protect consumers while also making United States companies more competitive internationally. It also wants to ensure that any restrictions do not impede law enforcement and national security efforts.

Congress also is expected to intervene, and this may be one area where there is bipartisan cooperation. The House Energy and Commerce Committee, which oversees the trade commission and privacy issues, will soon have a Republican at its head, but members of both parties in the House and Senate have recently called on companies to account for intrusions or breaches of consumer privacy.

Which agency or group leads the debate could go a long way toward determining the result.

“There is going to be a lot of confusion over the competing proposals and which version Congress and the American people should pay attention to,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a consumer advocacy group. “We especially fear a policy that is designed to advance the competitive positions of U.S. companies and will undermine new pro-consumer protections at the F.T.C.”

Officially, Commerce Department and trade commission officials say they see the two reports as complementary. The commission will most likely address “privacy by design,” or how privacy features may be built into browsers or Web sites. It will also encourage greater transparency about when data is being collected and how it will be used, and the need for clearly worded privacy or user notices.

{ 0 comments }

Google Fires Employee Who Leaked Raise Info

by Bill Cullifer on November 11, 2010

Google Fires Employee Who Leaked Raise Info Says Press Reports

Google is giving all of its employees a 10 percent raise and $1,000 holiday cash bonus, but one person reportedly won’t be benefiting: the person who leaked the news to the press.

The employee who leaked the information was tracked down and immediately fired, according to CNN Money. Google staff was informed of the termination “within hours.”

“We don’t comment on personnel matters,” a Google spokesperson said Thursday.

News of the raises was first reported by Business Insider, which posted an internal e-mail that Google chief executive Eric Schmidt sent to employees announcing the good news.

“Let me say, on behalf of everyone on the management team, that we believe we have the best employees in the world,” Schmidt said in the e-mail. “We want to make sure that you feel rewarded for your hard work, and we want to continue to attract the best people to Google.”

Business Insider said Google also planned to pay the taxes on the cash bonus so that employees could keep the entire amount. Google did not confirm the raises, but a Google spokesperson said in a Wednesday e-mail that “we do believe that competitive compensation plans are important to the future of the company.”

Several sources have said that the raises are an attempt to keep Google’s employees happy at the company and to prevent them from taking their talents elsewhere in a competitive market. But a Wall Street Journal blog post speculated that the raises were connected to the end of the no-poaching agreement. In September, Google, along with Apple, Intel, Adobe, Intuit, and Disney Pixar agreed to forgo plans for secret non-poaching agreements, in order to dodge an investigation from the U.S. Department of Justice, the Journal said.

Google may have weighed the costs and decided a suit wasn’t worth it, landing on a different approach to employee retention, the Journal said. But Business Insider said it’s still costing the company a pretty penny: with 23,331 employees, the bonuses will likely cost Google about $20 million, while the raises could total $1 billion per year. Salary costs, however, could be offset by reduced bonuses and stock option grants, the report said.

{ 0 comments }

Adobe MAX 2010 – Tips and Tools from the Chris Georgeness

by Bill Cullifer on October 29, 2010

Adobe MAX 2010 – Tips and Tools from the Chris Georgeness Play Now | Play in Popup | Download

Adobe MAX 2010 – Tips and Tools and a Max Event Overview: Interview with Chris Georgeness, Director of Creative Services Game Show Network

Chris Georgenes has been using Flash professionally for more than a decade, and has gained a wide following. He is the proprietor of Mudbubble.com, a Web animation studio, and he is the Art and Animation Director for Acclaim Games. His books for Focal Press, How to Cheat at Flash CS3 and How to Cheat at Flash CS4, have been steady sellers. He presents frequently at trade shows such as Flash in the Can, Flash on Tap, FlashForward, and Adobe MAX. He’s also the author of the Animation with Scripting for Adobe Flash Professional CS5 Studio Techniques available from PeachPit Press Online.

In this eleven minute interview, I asked Chris to share his take on the Adobe MAX event, what events he likes to participate in, his thoughts on the benefits of the Adobe Flash and what he thinks aspiring Web professionals should know about Flash.

{ 0 comments }

Web Design Redefined, with Web Fonts

by Bill Cullifer on September 25, 2010

Flash Video Play Now | Play in Popup | Download

Web Design Redefined, with Web Fonts – Interview with Allan Haley, Director of Words & Letters (Monotype Imaging)

In this three minute audio podcast WOW’s roving reporter Jeri Hastava asks Allan Haley about the latest in Web Fonts and Typogaphy.

Typography has often been a thorn in the side of Web designers who have traditionally been confined to a limited number of system fonts or forced to embed type within graphics. New technologies promise to bring Web designers the same level of typographic choice and freedom that print designers enjoy. Discover more about the emerging world of Web typography how it will impact you.

{ 0 comments }

← Previous Entries

Next Entries →