Congress sides with consumers over telecos

unlocked iphone
Standard

unlocked iphoneAlmost eight years ago, the U.S. Copyright Office gave cellphone owners the right to unlock their cellphones. It had been illegal since the 1998 Digital Millennium Copyright Act (DMCA), which banned the “circumvention” of any copy protection mechanisms (Section 1201).

This did not, however, mean that carriers honored the ruling.

AT&T, for example, has been a notable laggard with regards to the iPhone. From April 2012 :

In a statement to Phone Scoop, AT&T said that it will [finally] offer customers the option to unlock their iPhone so long as they’re not currently under contract and have an account that’s in good standing.

Last January, the rule changed: If you bought your cellphone after January 26, 2013, you could unlock it only with approval from your carrier. Even if your contract has expired, ostensibly after the phone is “yours.”

On July 25, the U.S. House of Representatives passed S517 on a voice vote; the bill is designed to “promote consumer choice and wireless competition by permitting consumers to unlock mobile wireless devices.” The bill had passed the Senate on July 15 by unanimous consent.

President Obama has indicated that he will sign the bill. He gave public support to a WhiteHouse.gov petition in 2013.

However, the term of the bill is limited until the next scheduled review by the Copyright Office in 2016.

As I pointed out last year, unlocking and jailbreaking are not the same thing. An unlocked phone can be used on a network other than the original carrier. Jailbreak your iPhone if you want to install third party apps.

 

 

Heartbleed bug: what to do, who’s affected, who’s done what?

heartbleed
Standard

UPDATED: By now, you should have heard about the Heartbleed bug that decimated encryption for web servers that were using a version of OpenSSL dated December 31, 2011 or later.

The latest news on this ongoing story is on my Storify.

What to do?

Change your passwords on accounts where you would be upset if someone were to steal into a digital trove of personal information — like credit card numbers, for example.

Generally speaking, if you change your passwords before a site implements a patch, you’ll need to change it again afterwards. Tumblr, for example, advised its members to change passwords after it installed the patch. Ditto LastPass, which explained its encryption scheme, one that includes something called perfect forward secrecy.

Check to see if the site has already taken the first step towards correction. And be prepared to change those passwords again after web site admins have completed all steps necessary to plug the hole.

If you use Chrome, install the Chromebleed checker, which “[d]isplays a warning if the site you are browsing is affected by the Heartbleed bug.” But no major site should still have flawed SSL software on Wednesday.

Who’s affected and who’s done what?

According to Netcraft, which monitors the web technology, more than a half million sites are currently vulnerable.

I’ve not found a central location that catalogs which sites have publicly announced their status. So I’m going to link to announcements in a list here.

Prominent sites that were vulnerable

Sites that appear to have been free of the vulnerability

  • 1Password
  • Apple : was not running affected software
  • Bank of America
  • Capital One
  • Chase
  • CNET
  • Craigslist
  • eBay : was not running affected software
  • Evernote
  • LinkedIn
  • Microsoft (Bing, Hotmail, Live.com) : was not running affected software
  • NewEgg
  • NYTimes
  • PayPal
  • Slideshare (owned by LinkedIn)
  • Target
  • Twitter
  • Walmart
  • Wells Fargo
  • Zillow

 

Mashable is now maintaining a list as well.

Web encryption 101

Netscape introduced SSL (secure socket layer) encryption in 1994. Websites that are sharing information securely show that in two ways: the protocol is https instead of http, and you’ll see a lock alongside the URL in the browser.

SSL Lock

On an encrypted site, if someone is “listening in” to the transaction between your computer and the web server, they’ll hear (read) only noise, not plain talk (text).

Today OpenSSL is the dominant form of web encryption, and no one knows how many sites are at risk. However, Apache and nginx run about two-thirds of the sites on the web; both use OpenSSL. “The code library is also used to protect email servers, chat servers, virtual private networks and other networking appliances,” according to PC World. Note: not all passwords are encrypted with SSL.

 

 

 

Updated: 11:00 pm Pacific, April 9
Updated: 9:10 am Pacific, April 10
Updated: 12:30 pm Pacific, April 11

Anti-trust and telecom/cable: the problem of excessive infrastructure competition

South Park capture
Standard
South Park capture

That’s right. There isn’t another cable company.
Southpark/ComedyCentral/Viacom

We really don’t like our cable company, whether it’s for television programming or Internet service.

The proposed Comcast/Time Warner Cable venture has put our misery in the spotlight, along with arguments that market concentration is good for us.

More than 10 years ago, we had a similar national dialog about consolidation in the television programming delivery business. First, Dish Network and DirecTV announced a proposed $26 billion merger. That was followed quickly by a Comcast/AT&T merger announcement.

What derailed the Hughes Electronics and EchoStar Communications merger, and why don’t those arguments apply to cable mergers?

And what’s best for consumers?

Bear with me. It’s a long(ish) story.

Continue reading