Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Program; Plans Own Dissolution Lauren Weinstein's Blog Update: ICANN Announces Surprise Termination of Domain Name Expansion Program; Plans Own Dissolution, March 31, 2012 http://lauren.vortex.com/archive/000945.html Sunday, 1 April 2012 MARINA DEL REY, California (ZAP)—In a stunning and unexpected announcement, the Internet Corporation for Assigned Names and Numbers (ICANN) has announced the immediate termination of its controversial and much criticized plan for a vast expansion of generic top-level Internet domain names (gTLDs), and has set an aggressive timetable for the dissolution of ICANN itself. ICANN has been increasingly condemned for what many observers have called erratic and inappropriate decision-making processes, leading to the U.S. Department of Commerce refusing to renew a key ICANN function last month, and ICANN's own outgoing CEO publicly implying that conflicts of interest on the ICANN board of directors have allowed ICANN to be co-opted by moneyed "domainer" speculation interests. ICANN spokesman Seymour Murdochian discussed his organization's drastic change of course as he snacked on Beluga caviar spread over Wonder Bread, while watching his Rolls-Royce Silver Shadow being washed and detailed in Beverly Hills. "I realize that there are many serious allegations outstanding against ICANN these days," said Mr. Murdochian. "We're blamed for ignoring the best interests of the global Internet community. We're accused of implementing an extortionist protection racket via an enormous domain name expansion program, that would ultimately suck billions of dollars out of the Internet economy and would only serve to enrich the "domain-industrial complex" operating those domains. People claim that we arrogantly ignore legitimate concerns of trademark holders, are complicit in helping the U.S. government disable domains around the world without due process, waste money on unnecessary global travel to exotic locales, have become totally owned by a "gold rush" mentality via wealthy powers at the top of the DNS food chain, and even that we use overly expensive hand soap in our office restrooms," added Mr. Murdochian. "I want to be absolutely clear that the ICANN board of directors takes firm and uncompromising exception to such a characterization. Our hand soap is not outrageously expensive, and given the amount of hand washing we do around here, having quality soap available is a necessity, not a luxury," Murdochian noted. Murdochian then explained ICANN's recent change of heart. "After extensive discussions internally, with our travel agents, and with our personal portfolio managers, we've decided that the time is ripe for us to bow out of formal Internet affairs. We want to make way for the creation of new Internet governance models that can be purpose-built to better serve the entire Internet community around the world, will reduce the risk of Internet fragmentation that has been rising as domestic governments increasingly threaten not to play along with our current schemes, and will help reduce the risk of a potentially disastrous Internet takeover by politically-encumbered organizations such as the United Nations or International Telecommunication Union." "Therefore, we've announced that effective immediately, all ICANN activities related to new Internet top-level domains are permanently ended. We will be refunding all associated fees already paid by applicants, and as a token of our appreciation for past support will be including with each refund an approximately 1.5 carat, 'H' color, 'SI' quality diamond from our vaults." "We have filed appropriate notifications with the Department of Commerce and foreign governments expressing our intention to cease all ICANN operations no later than a year from now on 1 April 2013." "I'll be reachable for additional comments at my summer home on the Riviera if there are any other questions," said Mr. Murdochian, just before his chauffeur whisked him away. Asked about these unexpected, dramatic developments, Lauren Weinstein, a long-time Internet technologist and vocal critic of ICANN's domain name plans, said that, "It's indeed encouraging to see ICANN finally doing what's really right for the entire global Internet community, and abandoning their plans to fleece the Internet at large for the benefit of domain speculators and associated opportunists. A new alternative to ICANN and to existing organizations like the ITU and UN is definitely the way that we need to proceed to make the Internet better for everyone around the world. It's a shame though that this process has taken so long, and that this entire article is only an April Fools' Day posting." ZAP/NYC 20120401 0916
It's occasionally appropriate to reflect on the beneficial effects of some unsung piece of technology, for example, Unicode. Unicode extends the original Western-alphabet-based encoding of the digital representation of characters to almost any language--it provides a unique number for every character, regardless of the language. This has had a major effect on digital communications. A little over 4 years ago (February 2008), analog cellphone service was turned off in the U.S. Thereafter all cell service (CDMA or GSM) was based on digital protocols. And while previously, all languages could be spoken on a cellphone, after the demise of analog, only Western languages (all letters fit within an octet) plus non-Western languages represented by Unicode could be transmitted due to the new digitization. Unicode is now up to version 6.1 and covers almost every language spoken in the world, making digital cell service near universal from a technical point of view. Some languages are still not supported, see http://tinyurl.com/m979dh for a list. This includes archaic forms such as Linear A as well as. Klingon. But unless you want to speak Klingon on a cellphone, most currently-spoken languages are covered, making digital cellphone communications a reality for linking the peoples of the world.
In his own list, Steve Greenwald noted the following item from RFC 6593 at https://tools.ietf.org/html/rfc6593 : Inherently, services not discovered are more secure than those discovered, due to their obscurity. However, the discoverability or undiscoverability of a given service is largely independent of its security characteristics. Instead, an implementor is guided to [RFC3514] to denote evilness (and associated security) status. Since [RFC3514] only defines evil and non-evil intent of packets, this document suggests assigning an "I am not sure" additional value for the evil bit. The intentional ambiguity of this additional state makes it a perfect third value for a binary bit. Perhaps the fools are winning, and April Fools Day cannot keep up with the irrationality of the fools. In RISKS-22.66 on 1 Apr 2003, Steve Bellovin's Evil Bit (the first item on RFC 3514) and Drew Dean's Angelic Bit (the second item)—along with Tony Bartoletti's crimeFree bit—were wonderfool contributions. The idea of fuzzy logic being applied thereto with the "I am not sure" value of a ternary Evil bit (sic) is delicious. PGN
Arizona Internet censorship bill on Gov's desk (not a April Fool's joke) http://j.mp/H8lReN (Media Coalition) "Arizona House Bill 2549 would update the state's telephone harassment law to apply to the Internet and other electronic communications. It would make it a crime to communicate via electronic means speech that is intended to "annoy," "offend," "harass" or "terrify," as well as certain sexual speech. However, because the bill is not limited to one-to-one communications, H.B. 2549 would apply to the Internet as a whole, thus criminalizing all manner of writing, cartoons, and other protected material the state finds offensive or annoying."
Our heating/air condition serviceman just pointed me to news about the NYC school system's newest attempt to eschew vocabulary and concepts that could adversely affect test performance by minority or disadvantaged students. I don't read the *New York Post*, but found their online article. At first, I thought this to be a satirical piece on their part, but there was substantiation from CBS and ABC news. I'm, frankly distraught over this and have difficulty imagining which topics other than some aspects of the hard sciences can still be in the curriculum. I find it particularly jarring given recent anti-higher-education statements by a leading presidential candidate and numerous anti-reason/anti-science statements being made by other politicians at a time of such need for an educated populace in the face of unemployment.. Anyway, the *NYPost* ran a story with the headline "PC student tests forbid dance, dinos & lots more", these words representing topics that are to be banned from future NYC exams. The article, found at http://nyp.st/H8soqi , reads in Part: "In a bizarre case of political correctness run wild, educrats have banned references to dinosaurs, birthdays, Halloween, and dozens of other topics on city-issued tests. That's because they fear such topics “could evoke unpleasant emotions in the students.'' Dinosaurs, for example, call to mind evolution, which might upset fundamentalists; birthdays aren't celebrated by Jehovah's Witnesses; and Halloween suggests paganism. Even dancing is taboo, because some sects object. But the city did make an exception for ballet." Their list, pulled from the website, is this: Full list of topics banned on NYC school exams Last Updated: 2:36 PM, 30 Mar 2012 Here's the full list of topics that if included on city exams would probably cause a selection to be deemed unacceptable by the New York City Department of Education: Abuse (physical, sexual, emotional, or psychological) Alcohol (beer and liquor), tobacco, or drugs Birthdays Bodily functions Cancer (and other diseases) Catastrophes/disasters (tsunamis and hurricanes) Celebrities Children dealing with serious issues Cigarettes (and other smoking paraphernalia) Computers in the home (acceptable in a school or public library setting) Crime Creatures from outer space Dancing (ballet is acceptable) Death and disease Dinosaurs and prehistoric times Divorce Evolution Expensive gifts, vacations, and prizes Gambling involving money Geological history Halloween Homelessness Holidays Homes with swimming pools Hunting In-depth discussions of sports that require prior knowledge Junk food Loss of employment Movies Nuclear weapons Occult topics (i.e. fortune-telling) Parapsychology Politics Pornography Poverty Rap music Religion Religious holidays and festivals (including but not limited to Christmas, Yom Kippur, and Ramadan) Rock-and-Roll music Running away Sex Slavery Terrorism Television and video games (excessive use) Traumatic material (including material that may be particularly upsetting such as animal shelters) Vermin (rats and roaches) Violence War and bloodshed Weapons (guns, knives, etc.) Witchcraft, sorcery, etc. Source: NYC Department of Education Request for Proposals
In Canada's federal elections last May, the New Democratic Party (NDP) under leader Jack Layton rose from their usual third-place finish to reach second place for the first time. But in August Layton died. So on March 23-24, the NDP held a convention to choose a new leader, who would therefore become the Leader of the Opposition in Parliament. To maximize turnout, about 130,000 party members were eligible to vote online, either in advance (using a preferential ballot) or during the convention. http://www.cbc.ca/news/politics/story/2012/03/01/pol-cp-ndp-leadership-voting.html In fact some 58,000 advance votes were received. But despite the relatively small number of in-person votes at the actual convention, ballot results were badly delayed and voting was completely shut down for a while. The total delays amounted to hours. http://www.cbc.ca/news/politics/story/2012/03/24/ndp-leadership-voting-problems.html Subsequently it was reported that this was a the result of a distributed denial-of-service attack (DDoS), with spurious connection attempts made from over 10,000 IP addresses. http://www.cbc.ca/news/politics/story/2012/03/27/pol-ndp-voting-disruption-deliberate.html The company that ran the voting, Scytl [http://www.scytl.com], says that an audit showed that the voting itself, which elected Thomas Mulcair to the leadership, was not compromised, and that "Obviously, this has now allowed us to capture additional data to incorporate into the security measures of our system." Mark Brader, Toronto, msb@vex.net | "Fast, cheap, good: choose any two." [The Scytl press release is online, but much too long to include here. http://www.newswire.ca/en/story/944715/ndp-leadership-vote-result-not-compromised-by-malicious-orchestrated-effort-to-clog-online-balloting-system-at-weekend-convention-says-scytl-canada PGN]
The security of the vote casting and tallying processes have nothing to do with whether or not your vote will count. Even with the most secure electoral system possible and imaginable, your vote won't necessarily count. The problem is inherent in the Constitution. In order to ensure that those who owned the country would always run the country, and to prevent ordinary voters from ever being able to use the electoral system to bring about a more democratic form of government where public opinion was able to influence policy decisions, the framers wrote the Constitution in such a way as to ensure that the popular vote would not be the final say in US elections. There is no Constitutional guarantee that the popular vote be counted at all, no less that it be counted in a way that is verifiable and subject to public oversight. The popular vote can be overridden by fraudulent vote counts, the Electoral College, Congress, or the Supreme Court. The risk to the public is not in the way that votes are or are not counted, or even in the fact that more than 90% of US ballots are counted by central tabulators that cannot be verified in a timely manner, it is in the false belief that voting constitutes a voice in government rather than consent to be governed by, and a blank check along with full power of attorney, to whoever wins. No matter how much money and effort is devoted to suppressing the vote or trying to take away the vote, a vote is of no value whatsoever unless 1) it has to be counted, 2) it must be counted in a way that is verifiable in a timely manner, and 3) it can influence policy decisions rather than just delegating such decisions to people who cannot be held accountable. Would anyone take American Idol seriously if they announced that they didn't have to count the votes, the vote count could not be verified until after the winners had been chosen, and that the judges could ignore the votes and select the winners without regard to the votes? A reminder that votes don't have to be counted: http://fubarandgrill.org/node/1353 Why voting isn't a solution: http://fubarandgrill.org/node/1360 Some reasons to boycott elections: http://fubarandgrill.org/node/1172
"Recently released software makes communications sent through Tor appear almost identical to a Skype video chat to anyone monitoring the connection." http://j.mp/HIzfIO (ars technica) Memo to Ministry of Communications Suppression: Block all Skype traffic effective immediately.
This situation again illustrates the dangers of relying on Google (and Wikipedia in other cases) without digging any deeper. The article says it all, really: Kazakhstan's shooting team has been left stunned after a comedy national anthem from the film Borat was played at a medal ceremony at championships in Kuwait instead of the real one. The team's coach told Kazakh media the organisers had downloaded the parody from the internet by mistake. People still fail to realize that Google's ranking algorithms do not always rank for correctness. They frequently favor popularity over correctness. http://www.bbc.co.uk/news/world-middle-east-17491344
[From NNSquad] At issue are sponsored links that show up in search results. "Google's conduct involved the use by an advertiser of a competitors name as a keyword triggering an advertisement for the advertiser with a matching headline," ACCC chairman Rod Sims said in a statement. "As the Full Court said this was likely to mislead or deceive a consumer searching for information on the competitor." http://j.mp/HbTq12 (PC Mag) I can't emphasize enough how potentially dangerous this sort of reasoning is to free speech on the Net generally. If courts are going to hold search engines responsible for the content of materials that they do not themselves generate but that their algorithms select and display, the negative impacts could ultimately go far beyond ads, directly to other forms of content broadly. These are just the sort of perverse restrictions that various repressive individuals, organizations, and governments would love to impose on us all to control and dictate information availability. - Network Neutrality Squad: http://www.nnsquad.org - People For Internet Responsibility: http://www.pfir.org - Data Wisdom Explorers League: http://www.dwel.org - Global Coalition for Transparent Internet Performance: http://www.gctip.org - PRIVACY Forum: http://www.vortex.com Tel: +1 (818) 225-2800 / Skype: vortex.com
Some GPS devices by the Dutch company Tom Tom had been hit by a leap-year bug. The interesting point was that the devices had failed not on Feb. 29 or March 1, but on March 31. Full story at: http://www.bbc.com/news/technology-17599701
http://www.guardian.co.uk/media/2012/mar/26/news-corp-ondigital-paytv-panorama Snippet: "The witnesses allege a software company NDS, owned by News Corp, cracked the smart card codes of rival company ONdigital. ONdigital, owned by the ITV companies Granada and Carlton, eventually went under amid a welter of counterfeiting by pirates, leaving the immensely lucrative pay-TV field clear for Sky." Unlike the "phone-hacking" scandal, which mainly involved reporters listening to answering machines whose owners hadn't bothered to set their passwords, this (if it pans out) seems to feature actual computer malfeasance. Charles C. Mann, P.O. Box 66, Amherst, MA 01004-0066 www.charlesmann.org
(via Dave Farber's IP) The guarantee of landline telephone service at almost any address, a legal right many Americans may not even know they have, is quietly being legislated away in our U.S. state capitals. AT&T and Verizon, the dominant telephone companies, want to end their 99-year-old universal service obligation known as "provider of last resort." They say universal landline service is a costly and unfair anachronism that is no longer justified because of a competitive market for voice services. http://www.reuters.com/article/2012/03/28/column-dcjohnston-phone-idUSL2E8EROHD20120328
security, privacy (Chris Foresman) Ars recently attempted to delve into the inner workings of the security built into Apple's iCloud service. Though we came away reasonably certain that iCloud uses industry best practices that Apple claims it uses to protect data and privacy, we warned that your information isn't entirely protected from prying eyes. At the heart of the issue is the fact that Apple can, at any time, review the data synced with iCloud, and under certain circumstances might share that information with legal authorities. We consulted several sources to understand the implications of iCloud's security and encryption model, and to understand what types of best practices could maximize the security and privacy of user data stored in increasingly popular cloud services like iCloud. In short, Apple is taking measures to prevent access to user data from unauthorized third parties or hackers. However, iCloud isn't recommended for the more stringent security requirements of enterprise users, or those paranoid about their data being accessed by authorities. ... Chris Foresman, Ars Technica, http://arstechnica.com/apple/news/2012/04/apple-holds-the-master-key-when-it-comes-to-icloud-security-privacy.ars
Outage of Visa network kept people from using credit, debit cards for a time Sunday afternoon, Associated Press, 1 Apr 2012 A technical problem affecting the Visa network barred some people around the United States from using their credit and debit cards for about 45 minutes on Sunday. The outage was caused by a recent update Visa has made to its system, said Visa Inc. spokeswoman Sandra Chu. She said Visa had trouble processing some transactions as a result, but the system is operating normally now. ... http://www.washingtonpost.com/politics/outage-of-visa-network-kept-people-from-using-credit-debit-cards-for-a-time-sunday-afternoon/2012/04/01/gIQAZlodpS_story.html
> The text, saying "gunman be at west hall today," was received and reported > to police around 11:30 a.m. But after police tracked the number, they > learned the auto correct feature on the new cellphone changed "gunna" to > "gunman." It might well still have auto-corrected to "gunman". Or not. Trying this on my oldish android phone, I see "gunman" as the fourth correction offered for "gunna". "Gonna" comes earlier in the list (it's in the phone's dictionary) and is of course recognized when typed. But there are alternate input methods such as swype (recognizes a finger track rather than individual presses) that could do all kinds of things. My phone seemed to want to turn both "gonna" and "gunna" into "funds", although "guns" and "bombs" were available further down the correction list. (I do wonder whether this might eventually lead to a new version of the old O Henry cipher—or, alternately, cockney rhyming slang—in which the plaintext is given by some set of alternate spellings of the ciphertext on a particular virtual keyboard.)
(Pfeiffer, RISKS-26.71) An obvious problem with this - a few weeks ago I bought a motorbike that had been off the road for several months and was not insured. Although I arranged insurance by phone before I left the dealer, I very much doubt that it went through the system (which is already used to make sure that people can't get road tax [equivalent to US license plate fees] for an uninsured vehicle) and was on line by the time I stopped to fill the tank with petrol, approximately five minutes later.
Please report problems with the web pages to the maintainer