Rogers Looks For New Ways To Annoy Customers, Hijacks Failed DNS Lookups
http://techdirt.com/articles/20080720/1055151734.shtml
Rogers -- a Canadian telco -- has been attracting a lot of negative attention lately between deliberately disabling notifications for cellular roaming charges, setting ridiculous iPhone pricing plans and injecting its own content into Google's home page. As if that wasn't enough, Rogers has started hijacking failed DNS lookups. This means that when a user types in a web address that doesn't exist, instead of getting a "page not found" error, the user is redirected to a search page filled with banner ads and sponsored links. Michael Geist notes that there's an "opt-out" feature, but it doesn't take long to see that it's pretty pathetic. The "opt-out" sends a cookie which just redirects the user to a different Rogers page instead -- a fake "Internet Explorer" error page hosted on the same server. It does essentially the exact same thing, only pretending (poorly, for non-IE users) to revert back to expected behavior. And the option is reset whenever the browser's cookies are cleared. The comments on Geist's post are evidence that many Rogers customers are not pleased (myself included).
This isn't just annoying, it's also a security threat. It breaks how the internet was designed to work; a lot of software is written with the expectation that a DNS lookup for a non-existent domain name will return an error. For example, Kevin Dean notes in the comments on Geist's post how this has caused problems for him accessing his VPN. At first, he thought his computer had been compromised, since Rogers' new "feature" ends up resembling a hostile attempt to redirect traffic to an unknown server.
Some American ISPs already do this, such as Earthlink (which was used to demonstrate the security risk), though it seems to have a slightly better opt-out process, instructing users to configure alternate DNS servers instead of setting a browser cookie. VeriSign had originally tried to do something similar with SiteFinder back in 2003 (though not at the ISP level), but it didn't exactly go over too well. VeriSign reluctantly backed off, though it just recently obtained a patent on the concept. Rogers is the first Canadian ISP to implement the practice and it seems to think it won't meet much resistance. In another comment on Geist's post, Ian relates a telling quote from the FAQs page for Paxfire (the American company handling this for Rogers): "What feedback you do receive typically will come from a small group of highly technical users. Even that feedback tends to fall away after just a few weeks -- as they get used to the new behavior."
Rogers thinks it can just brush off complaints from its users, especially since there really isn't a lot of choice in the Canadian ISP market. However, Rogers should be careful in treading so brazenly into what some consider "net neutrality" territory. Bell Canada (one of Rogers' few competitors) has landed itself in front of a national regulatory body over its throttling practices. Rogers wants to have complete control over its network, but by continually pushing the line they only spur on the debate about net neutrality and government regulation. We haven't heard the last of this.
Monster Cable's Lawyers Realize Difference Between Salt Lick And A TV Cable
http://techdirt.com/articles/20080722/1513011763.shtml
Monster Cable has a long history of abusing trademark law to threaten and/or sue pretty much any company that uses the name "Monster" in its brand. That has included the TV show Monster Garage, a clothing store called MonsterVintage, Disney for the movie Monsters, Inc., the makers of Monster Energy drink, the Chicago Bears for having the nickname "Monsters of the Midway," and the Boston Red Sox for offering "Monster seats" on top of their famous "Green Monster" wall. We recently noted that it had also gone after Monster Mini Golf.
Of course, that's not how trademark law works. It doesn't give Monster Cable total control over the name Monster. It just gives the company the right to prevent others from using the brand in the same market in a way that is likely to confuse consumers. It's difficult to believe that anyone would think that Monsters, Inc., was somehow from Monster Cable. But, on and on it goes -- though, it appears that Monster Cable's lawyers were finally convinced to drop one suit. An anonymous reader points us to the news that Monster Cable has withdrawn its trademark challenge against the makers of Monster Deer Block, a salt and mineral lick designed to attract wild deer. Apparently, some lawyers for the makers of Monster Deer Block persuaded Monster Cable's lawyers that there was little chance of consumer confusion between the product and the makers of expensive audio/video cabling.
Jailed SF Admin Gives Up Keys to Networks
San Francisco Mayor Gavin Newsom met with jailed IT administrator Terry Childs Monday, convincing him to hand over the administrative passwords to the city's multimillion dollar wide area network.
Childs made headlines last week when he was arrested and charged with four counts of computer tampering, after he refused to give over passwords to the Cisco Systems switches and routers used on the city's FiberWAN network, which carries about 60 percent of the municipal government's network traffic. Childs, who managed the network before his arrest, has been locked up in the county jail since July 13.
On Monday afternoon, he handed the passwords over to Mayor Newsom, who was "the only person he felt he could trust," according to a declaration filed in court by his attorney, Erin Crane. Newsom is ultimately responsible for the Department of Telecommunications and Information Services (DTIS) where Childs worked for the past five years
Mayor Newsom secured the passwords without first telling DTIS about his meeting with Childs, according to DTIS chief administrative officer Ron Vinson, who added, "We're very happy the mayor embarked on his clandestine mission."
The department now has full administrative control of the network, he said in an interview Tuesday night.
It's likely that Childs had a lot to tell the mayor when the two met.
Childs' attorney has asked the judge to reduce Childs US$5 million bail bond, describing her client as a man who felt himself surrounded by incompetents and supervised by a manager who he felt was undermining his work.
"None of the persons who requested the password information from Mr. Childs ... were qualified to have it," she said in a court filing.
Childs intends to disprove the charges against him but also "expose the utter mismanagement, negligence and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger," his motion reads.
Vinson dismissed the allegations. "In Terry Childs' mind, obviously he thinks the network is his, but it's not. It's the taxpayers'," he said. "The reason he's been sitting in jail is because he denied the department and others access to the system."
The court filings help explain just how this happened.
According to an affidavit from James Ramsey, an inspector with the San Francisco Police Department, he and other investigators discovered dial-up and DSL (digital subscriber line) modems that would allow an unauthorized connection to the FiberWAN. He also found that Childs had configured several of the Cisco devices with a command that would erase critical configuration data in the event that anyone tried to restore administrative access to the devices, something Ramsey saw as dangerous because no backup configuration files could be found.
This command, called a No Service Password Recovery is often used by engineers to add an extra level of security to networks, said Mike Chase, regional director of engineering with FusionStorm, an IT services provider that supports Cisco products.
But without access to either Childs' passwords or the backup configuration files, administrators would have to essentially re-configure their entire network, an error-prone and time consuming possibility, Chase said. "It's basically like playing 3D chess," he said. "In that situation, you're stuck interviewing everybody at every site getting anecdotal stories of who's connected to what. And then you're guaranteed to miss something."
Without the passwords, the network would still continue to run, but it would be impossible to reconfigure the equipment. The only way to restore these devices to a manageable state would be to knock them offline and then reconfigure them, something that would take weeks or months to complete, disrupt service and cost the city "hundreds of thousands, if not millions of dollars," Ramsey claims.
Crane argues that these monitoring devices were installed with management's permission and were critical to the smooth functioning of the network. They would page Childs when the system went down and allow him to remotely access the network from his personal computer in case of an emergency.
In interviews, current and former DTIS staffers describe Childs as a well respected co-worker who may have gone too far under the pressure of working in a department that had been demoralized and drastically cut as the city moved forward with plans to decentralize IT operations.
About 200 of the department's 350 IT positions had been cut since 2000, mostly to be relocated to other divisions within city government, said Richard Isen, IT chapter president with Childs' union, the International Federation of Professional and Technical Engineers, Local 21.
Despite his conflict with some in the department, Childs has a lot of support there, Isen said. "There is a lot of sympathy, only because there is a basic feeling that management misunderstand what we actually do and doesn't appreciate the complexity of the work."
(Paul Venezia is Senior Contributing Editor with InfoWorld)
http://www.pcworld.com/businesscenter/article/148787/san_franciscos_mayor_gets_back_keys_to_the_network.html
Japan Hits $100 Billion in Mobile Content Sales
Martyn Williams has an interesting look at the Japanese mobile content market. He notes that for the calendar year 2007, more than $100 billion was spent on mobile content. The total was actually $107.5 billion and includes items such as ring tones, Web site subscriptions and e-commerce purchases. E-commerce made up about 65% of the total amount spent and all sorts of transactions were handled including: movie and event ticket sales, travel reservations, air and rail ticket sales, stock trading and online auctions.
The biggest percentage gain came from "high-fidelity music" which increased 42% thanks to more mobile devices handling better quality sound. Mobile gaming jumped 13% as well.
Interesting stats
Written by Allen Stern
http://www.centernetworks.com/japan-mobile-ecommerce-content
GoDaddy’s Domain Registration Totally Screws .me
http://www.techcrunch.com/2008/07/17...lly-screws-me/
Earlier this year GoDaddy won the rights to distribute domains under the extension .me, which belongs to the country of Montenegro. After a number of private distribution periods for corporations, the highly desirable extension finally went on sale this morning for $20 dollars a year (with a minimum 2 year purchase - nice). And now, things are rapidly descending into chaos.
Many users have reported getting confirmations (and credit card charges) for their domains, only to receive the following cancellation notice about an hour later:
Dear Jason Kincaid,
The following domain name has failed to be registered:
WATCH.ME
Error: WATCH.ME: cannot register - already registered
We will evaluate this error and retry the registration
if appropriate.
If we are unable to successfully register the domain
name, your account will be credited accordingly. Please
allow one business day for the refund to be processed.
Understandably, a lot of people are outraged. And, disappointment and shattered dreams aside, there’s the issue of who actually will wind up owning each domain. A Twitter search for “hug.me” shows that at least a half dozen people hold confirmation letters (myself included).
GoDaddy says that the problems are a result of a “SuperBowl -like response to the open registration” that exceeded everyone’s expectations and wound up crushing their servers. Apparently they didn’t realize that after months of pent up demand and publicity for an extremely desirable domain, they’d be seeing an onslaught of prospective buyers.
The company says that disgruntled users can expect a refund in the next 24-48 hours, and that the servers should be stable now. No word on when we’ll know if we actually own our newly-purchased domains.