Archive for August, 2009

It’ll be like CCleaner for the web!

Developers of new web browsing software that flags questionable claims or outright lies on the web hope it will become a valuable tool to deal with the misinformation that litters the Internet.

But observers say Dispute Finder, an experimental browser extension developed by Intel, and the many websites that already aim to debunk online rumours and falsehoods face an enormous task. It isn’t as easy as simply telling someone they’re wrong.

Once installed, Dispute Finder highlights in red what it determines are disputed claims on websites, then offers users links to alternative points of view and evidence to back them up.

“It’s important to be aware when something you’re reading is not the only opinion, when there is another point of view worth paying attention to,” says California-based Intel researcher Rob Ennals.

“The real problem is, when you don’t realize something is disputed, you don’t realize there are other points of view and you might not be aware you’ve wandered into a dispute.”

The current version of the software relies entirely on users to identify disputed claims, provide evidence and point the software to other instances of that claim on the web, so right now there’s still not much content being highlighted.

Eventually, Ennals says users who input claims will be able to train the software to seek out examples and continue to flag new content as it’s posted. And, as the software becomes more popular, more claims will be catalogued.

He says real people are in a better position to determine whether a claim is in dispute than any computer and he brushes aside suggestions that doing so might just provide another forum for bogus assertions.

“The good thing is that if something is disputed enough that people will care, the chances are that someone is going to care enough to mark it as disputed,” says Ennals.

“I don’t think we can really be the arbiters of truth, we can’t tell you automatically what is true and what is false. All we can really hope to do is, if there’s a credible source that gives a credible point of view, let you know.”

There already are a number of websites that attempt to poke holes in fiction masquerading as fact, such as Snopes.com and FactCheck.org. Media outlets have done so-called “reality-check” stories to assess claims in the news for years.

However, Jonathan Fugelsang, an expert in cognitive psychology at the University of Waterloo, says it’s incredibly difficult to change people’s minds once they’ve decided a certain claim is a fact.

“Once you actually believe something, it takes quite a lot of data or evidence to overcome that belief and it takes a lot of attention to do that,” says Fugelsang.

“With a lot of repeat exposures, it does change.”

Source

Official Website

Advertisements

Updated A small army of security and privacy researchers has called on Google to automatically encrypt all data transmitted via its Gmail, Google Docs, and Google Calendar services.

Google already uses Hypertext Transfer Protocol Secure (https) encryption to mask login information on this trio of cloud-based web-based applications. And netizens have the option of turning on https for all transmissions. But full-fledged https protection isn’t flipped on by default.

“Google’s default settings put customers at risk unnecessarily,” reads a letter lobbed to Google CEO Eric Schmidt by 37 academics and researchers. “Google’s services protect customers’ usernames and passwords from interception and theft. However, when a user composes email, documents, spreadsheets, presentations and calendar plans, this potentially sensitive content is transferred to Google’s servers in the clear, allowing anyone with the right tools to steal that information.”

Signatories includes Harvard-based Google watcher Benjamin Edelman; Chris Hoofnagle, the director of Information Privacy Programs at Berkeley Center for Law & Technology; and Ronald L. Rivest, the R in RSA.

In the past, Google has said it doesn’t automatically enable https for performance reasons. “https can make your mail slower,” the company explained in a July 2008 blog post announcing Gmail’s https-session option. “Your computer has to do extra work to decrypt all that data, and encrypted data doesn’t travel across the internet as efficiently as unencrypted data. That’s why we leave the choice up to you.”

But 37 researchers see things a differently. “Once a user has loaded Google Mail or Docs in their browser, performance does not depend upon a low latency Internet connection,” they write. “The user’s interactions with Google’s applications typically do not depend on an immediate response from Google’s servers. This separation of the application from the Internet connection enables Google to offer ‘offline’ versions of its most popular Web applications.”

Even where low latency matters, they say, outfits such as Bank of America, American Express, and Adobe have protected their via https without a heavy performance hit. Adobe automatically encrypts Photo Express sessions.

Of course, another good example is…Google itself. The company does automatic encryption with Google Health, Google Voice, AdSense, and Adwords. “Google’s engineers have created a low-latency, enjoyable experience for users of Health, Voice, AdWords and AdSense – we are confident that these same skilled engineers can make any necessary tweaks to make Gmail, Docs, and Calendar work equally well in order to enable encryption by default,” the researchers write.

The problem, they say, is that everyday netizens don’t realize the importance of encryption – and that Google fails to properly protect them from their own ignorance. Gmail now includes a setting that lets you “always use https.” But the researchers complain that most users don’t know it’s there. And with Docs and Calendar, they point out, users can’t use session encryption unless they remember to type https into their browser address bar every time they use the services.

If Google refuses to turn on https by default, the researchers say, the company should at least make sure that users understand the risks of encryption-less transmissions. There are four things they suggest:

  • Place a link or checkbox on the login page for Gmail, Docs, and Calendar that causes that session to be conducted entirely over https. This is similar to the “remember me on this computer” option already listed on various Google login pages. As an example, the text next to the option could read “protect all my data using encryption.’
  • Increase visibility of the “always use https” configuration option in Gmail. It should not be the last option on the Settings page, and users should not need to scroll down to see it.
  • Rename this option to increase clarity, and expand the accompanying description so that its importance and functionality is understandable to the average user.
  • Make the “always use https” option universal, so that it applies to all of Google’s products. Gmail users who set this option should have their Docs and Calendar sessions equally protected.

We have asked Google for a response to the letter, and once it arrives, we’ll toss it your way. Odd are, it will be completely non-committal.

In defense of Google, the company does go farther than many other big-name web outfits. As the researchers point out in their letter, Microsoft Hotmail, Yahoo Mail, Facebook, and MySpace don’t even offer an https option. But the 37 hold Google to a higher standard. “Google has made important privacy promises to users, and users naturally and reasonably expect Google to follow through on those promises.” ®

Update

Google has responded with a blog post. “Free, always-on HTTPS is pretty unusual in the email business, particularly for a free email service, but we see it as an another way to make the web safer and more useful. It’s something we’d like to see all major webmail services provide,” the company says. “In fact, we’re currently looking into whether it would make sense to turn on HTTPS as the default for all Gmail user.”

Google is planning a trial with a small number of Gmail users to test the affect of https all-the-time. “Does it load fast enough? Is it responsive enough? Are there particular regions, or networks, or computer setups that do particularly poorly on HTTPS?” the blog continues. “Unless there are negative effects on the user experience or it’s otherwise impractical, we intend to turn on HTTPS by default more broadly, hopefully for all Gmail users.”

The company is also considering how best to make automatic https work with docs and spreadsheets.

Correction

Google has also said that the researchers were in error in saying that a cookie from Docs or Calendar also gives access to Gmail without https. We have removed this error from our story as well.

Source

I was looking for ages for a fix for this! I found it on another message board over at MacKB.com and felt I had to get this information further out into the Tech world. Now Google needs to do it’s part of the bargain! 😛

Bill Bryson – 14 Dec 2005 17:17 GMT

Is there a solution to the inability to delegate using Entourage 2004 SP2.
Some people in the past indicated that they had success but others like
myself get the “error :65486” no matter what we do. Also it does not matter
what I put in the Advanced field – nothing changes (even when I put
gibberish in this field).

If ANYONE can get delegate to work, could you post your configuration info.
Also include the version of your Exchange server. We are using Exchange
2003.

Bill Bryson

Matthew Scholz – 02 Feb 2006 23:36 GMT

Hello Everybody,

After much searching and grief (and a few hours with someone at M$ who
actually knew what they were talking about) I finally have a working
configuration that provides this functionality.

It turns out that Office for Mac 2004 SP2 is worlds apart from its
un-patched counterpart. To get to the meat of it, SP2 has a partial
implementation of RPC. As far as I can tell this is completely undocumented
but it explains the reason that you can right-click on a item in the folders
list on the left and delegate that way but not via Tools -> accounts -> edit
account -> delegate. The former method uses Webdav to delegate while the
latter uses RPC.

Since no admin I’ve talked to knew that RPC was implemented in SP2, none of
them had considered the requirements of RPC when configuring the client
machines. First of all this won’t work for anyone who doesn’t have a
connection that can route RPC. Second, the client machine must have the
exchange server’s domain listed in the Search Domains field in System
Preferences -> Network Preferences (don’t ask me why).

Assuming the network/DNS infrastructure is configured correctly for exchange
and you made the change above, you can create an exchange account with the
Account Setup Assistant and it will successfully determine your settings.
Try it first without SSL if you have problems but it should work fine either
way. Click Verify Settings and make sure everything works.

Now here’s the crazy part: edit the account you just created and under
Account Settings change the domain name from the FQDN to just the name of
the domain i.e. (exchangedomain.host.com changes to exchangedomain). Quit
and reopen Entourage and everything should work fine.

I’m running Exchange Server 2003 on Windows Server 2003 with all service
packs and critical patches installed as of 2006.02.01. My client workstation
runs Mac OS 10.4.4 with Office 11.2.1. According the the guy at M$ they are
currently testing office SP3 which has major improvements and expansion of
RPC as well as some other really cool stuff for Entourage.

The SP2 upgrade really was huge – MS keep up the good work, I’d just ask
that you update your knowledge base once in a while ;-).

– Matthew Scholz

http://www.mackb.com/Uwe/Forum.aspx/entourage/11646/Solution-to-inability-to-Delegate-error-65486

The divide in knoweldge has gone to a new level….

The Electronic Frontier Foundation (EFF) recently filed an emergency motion with the Newton District Court in Boston on behalf of a Boston College Student who was accused of criminal wrong-doing and had all of his computer and electronic equipment seized.

The warrant was issued based upon the “evidence” that the student was seen using a command line instead of the Windows GUI they teach at Boston College.

You can read the whole sad story at Boston College Campus Police: “Using Prompt Commands” May Be a Sign of Criminal Activity.

I think that anyone considering either attending Boston College or hiring a graduate of Boston College should think about how miserably low academic standards there must be if students in the Computer Science program are considered “hackers” if they have the skills necessary to use a command line.

The original article is also here….

On Friday, EFF and the law firm of Fish and Richardson filed an emergency motion to quash [pdf] and for the return of seized property on behalf of a Boston College computer science student whose computers, cell phone, and other property were seized as part of an investigation into who sent an e-mail to a school mailing list identifying another student as gay. The problem? Not only is there no indication that any crime was committed, the investigating officer argued that the computer expertise of the student itself supported a finding of probable cause to seize the student’s property.

The warrant application [pdf] cites the following allegedly suspicious behavior:



Should Boston College Linux users be looking over their shoulders?

In his application, the investigating officer asked that he be permitted to seize the student’s computers and other personal effects because they might yield evidence of the crimes of “Obtaining computer services by Fraud or Misrepresentation” and “Unauthorized access to a computer system.” Aside from the remarkable overreach by campus and state police in trying to paint a student as suspicious in part because he can navigate a non-Windows computer environment, nothing cited in the warrant application could possibly constitute the cited criminal offenses. There are no assertions that a commercial (i.e. for pay) commercial service was defrauded, a necessary element of any “Obtaining computer services by Fraud or Misrepresentation” allegation. Similarly, the investigating officer doesn’t explain how sending an e-mail to a campus mailing list might constitute “unauthorized access to a computer system.”

During its March 30th search, police seized (among other things) the computer science major’s computers, storage drives, cell phone, iPod Touch, flash drives, digital camera, and Ubuntu Linux CD. None of these items have been returned. He has been suspended from his job pending the investigation. His personal documents and information are in the hands of the state police who continue to examine it without probable cause, searching for evidence to support unsupportable criminal allegations.

Next up? An emergency court hearing as soon as the court will hear us in which we will ask that the search warrant be voided and the student’s property returned. Stay tuned…

Update I: A hearing on EFF’s motion is scheduled for 11:00 a.m. ET on Tuesday, April 21, in Newton District Court.

Update II: Some commentators have disputed the conclusion that the student’s use of an operating system other than the “regular B.C. operating system” was unfairly cited in the investigating officer’s affidavit, arguing for example that the “use of Linux … [is] simply evidence that connects Calixte to the emails at issue.” With all due respect, I think that’s missing the point.

To begin with, no “connection” is provided by the operating systems. Instead, according to the affidavit, (a) the student allegedly used a different operating system than the one used “regularly” at Boston College, and (b) the e-mails at issue were allegedly sent from a computer running Ubuntu Linux, also (apparently) “an uncommon operating system on the BC network.” There is no indication of what the informant previously saw the student using: Ubuntu Linux, some other “flavor” of Linux, or even a terminal application on a Macintosh or Windows operating system. More to the point, however, the baseless assertion that a computer science major’s use of “two different operating systems” must be “to hide his illegal activities” is absurd and was included as part of a laundry list of other unsupported accusations irrelevant to the allegedcrimes” for which the officer sought the warrant: sending e-mails to a Boston College mailing list. These claims do nothing to help establish probable cause that sending such e-mails could possibly constitute those crimes. As we argued in our brief, they can’t. (An unsupported, contextless allegation of a separate incident of “hacking the grading system,” for example, doesn’t help the police meet their burden.) The unwarranted implication — that because the student used an “uncommon” operating system and/or is technically sophisticated, he is more likely to be engaged in criminal activity — should give one considerable pause.

Here are the relevant paragraphs in full:

Update III: On May 21, 2009, the Massachusetts Supreme Judicial Court granted Mr. Calixte’s Motion to Quash and ordered that all searching of his property cease and that his property be returned immediately.

Source 1

Source 2

JDSU today introduced a set of 100 Gigabit Ethernet (100GE) test solutions that will help 100GE component developers, network equipment designers and service providers unlock the performance and revenue potential of 100GE technology. The JDSU suite evaluates and verifies components, subassemblies and network equipment. Additionally, it helps service providers ensure reliable performance on new network builds.

According to the research firm IDC, 100G solutions are poised to come to market faster than 40G. Demand for 100G is accelerated by access technologies and services converging increasingly onto the same networks. This is driving greater capacity and bandwidth requirements and also introducing greater complexity. As the number of services and applications sharing high speed networks increases, IDC believes full testing and compliance takes on greater importance.

“The current shift towards 100 Gigabit Ethernet represents a major discontinuity in network infrastructures that creates a greater importance on the value of testing to ensure quality. At the same time, testing challenges are expanded by the growing service provider focus on customer experience,” said Elisabeth Rainge, IDC’s Director of NGN Operations. “We see JDSU well positioned to meet this challenge in the earliest stages of deployment and beyond.”

Specifically, JDSU solutions support 100GE physical layer test including photonic and electrical signal testing as well as protocol testing for layers 1, 2 and 3. The full test solution includes:

  • The JDSU ONT 100G Module for testing optical and electrical interfaces from the physical layer to Ethernet/IP, protocol testing, PCS layer validation and transponder testing.
  • The JDSU Hydra for stressed receiver sensitivity on 100GE systems, including stress generation and stress sensitivity measurement.
  • The JDSU MAP-200 for multiplexing/de-multiplexing, signal conditioning and signal access of 100GE optical signals.

The range of testers covers all key requirements for the early stages of 100GE, including transponder testing/validation, network equipment development, and system verification testing (SVT). Advanced applications support developers in the challenging task of debugging and verifying highly complex 100GE multi-lane, multi-lambda products.

“100 Gigabit Ethernet will further enable manufacturers and service providers to meet the challenge of keeping pace with ever-increasing capacity requirements. It will deliver improved network flexibility and responsiveness to high-bandwidth service demand,” said Dave Holly, president of JDSU’s Communications Test and Measurement business segment. “Our 100GE solutions will help network equipment manufacturers and service providers bring reliable products and services to market quickly–and seize initial opportunities to gain market footholds.”

About JDSU 100G Solutions

The JDSU ONT 100G Module offers leading precision to measure the IP/Ethernet layer. The tool analyzes packets and provides unmatched characterization capability. In addition, it offers unique applications for per-lane and per-lambda virtual BERT using an intuitive user interface for faster analysis and debugging. The 100G Module supports generation and measurement of the skew of multi-lane signals at the full range, one of the key challenges in 100GE systems. In addition, JDSU offers a complete solution for transponder characterization.

JDSU 100GE testers provide a broad range of interface options: transponders which are compliant with the CFP Multi-Source Agreement (MSA) to cover a wide range of systems with line rates of 40 Gb/s, 100 Gb/s and 112 Gb/s, supporting both 4×25 Gb/s and 10×10 Gb/s, as well as an electrical interface for direct measurement in electronics. The MDIO control interface of the CFP transponder offers remote supervision via an external connector. OTU4 capabilities are offered.

100GE testers from JDSU draw from the company’s history of innovation and expertise. JDSU currently provides one of the industry’s most complete 40G test portfolios and was involved in some of the first 40G field turn-ups. JDSU 40G products include the ONT, TestPoint, MAP-200, Hydra, and T-BERD((R))/MTS platforms; the ONT was the first all-in-one tester for 40/43G, including jitter and wander.

About JDSU Carrier Ethernet Solutions

JDSU offers a single-source Carrier Ethernet test portfolio that facilitates analysis of all seven layers of Metro Ethernet services. The JDSU portfolio provides the industry’s deepest set of test features in an integrated, end-to-end approach to testing Metro Ethernet products and services, including lab and service verification, development and production, installation and maintenance, troubleshooting and overall service assurance. The portfolio offers NEMs and service providers worldwide the confidence to successfully build, deploy, and manage Ethernet and Business Class solutions.

About JDSU

JDSU (NASDAQ: JDSU) (TSX: JDU) enables broadband and optical innovation in the communications, commercial and consumer markets. JDSU is the leading provider of communications test and measurement solutions and optical products for telecommunications service providers, cable operators, and network equipment manufacturers. JDSU is also a leading provider of innovative optical solutions for medical/environmental instrumentation, semiconductor processing, display, brand authentication, aerospace and defense, and decorative applications. More information is available at http://www.jdsu.com.

Source

Encrypt now, for a better tomorrow….

Cyber cops want new laws to allow remote searches of seized hard drives in the hope they will help reduce long digital forensics backlogs – of up to two years for some forces.

It would mean specialised officers in London could access data held on hard drives in police evidence rooms nationally. How such information sharing would work technically hasn’t been decided.

The Association of Chief Police Officers (ACPO) is working with the Attorney General’s office on what changes to data law would be needed to allow the new Metropolitan Police Central e-Crime Unit (PCeU) to gather intelligence from around the country.

Detective Superintendent Charlie McMurdie, the head of PCeU, said at Infosec on Tuesday such powers would help the new unit get more up-to-date intelligence on online frauds. She said backlogs of unsearched seized hard drives were typically 18 to 24 months for the UK’s 43 police forces.

A spokesman for PCeU declined to provide further details of the ongoing legal work, which would require Parliamentary approval, saying it was too early to comment.

ACPO said: “ACPO e-crime committee is currently working with the Attorney-General’s Office on a range of issues; including whether changes to the law are required. As work is currently underway, we are unable to provide any further details at this time.”

At present, the proposed legislative changes don’t appear to be related to EU moves to step up hacking of PCs in homes and offices by police.

PCeU, which was formed six months ago, has 20 full time network investigators who it is hoped would carry out remote intelligence work if new legislation was brought in. The unit was set up to fill in the gap in policing e-crime when the National Hi-Tech Crime Unit was assimilated by the Serious and Organised Crime Agency in 2006.

McMurdie also appealed yesterday for volunteer help from industry, citing limited resources. PCeU has £3.5m in funding from the Home Office over the next two and a half years.

Earlier in the day, former Home Secretary David Blunkett said he hoped PCeU would receive more funding.

Source

Firms thinking of upgrading their data centers from a 1 gigabit Ethernet to a 10 gigabit Ethernet network to gain potentially 10-fold increases in data transmission speeds might be interested in Solarflare‘s new family of 10 gig E controllers. These devices fit on server motherboards and will soon be incorporated in x86 servers from manufacturers such as Dell, HP and IBM.

A major driver of of such data center network upgrades has been server virtualization, according to Mike Smith, vice president of product marketing. “There’s a huge movement toward the whole idea of virtualizing applications, abstracting the operating system and the applications from hardware, and in doing so you eliminate the one-to-one relationship between server and app and begin to consolidate apps onto fewer servers, ” he points out. “Thus, the workload on the server has increased. But while utilization of servers has increased dramatically, networking has not kept pace,” he says, noting that most data centers still run on 1 gigabit Ethernet networks.

According to Solarflare, its SFC9000 controllers provide sub-6 microsecond latency, which makes them suitable for high-performance applications such as high-frequency trading. The company also says the new controllers offer backwards compatibility with 1000 Mbps Ethernet and support for installed cabling media.

“This is the lowest latency and highest throughput controller we have ever seen,” said Gregory Lorence, head of product management and marketing at 29West, a provider of messaging software for the financial industry.

Source