Aereo closes Boston offices, but reveals Plan B

in legal on (#2TYD)
story imageThe court cases (and defeats) keep coming, and to the naked eye it might look like Aereo could be folding for good. The closure of their Boston offices looks bad - but according to Aereo, it's a sign of their determination to continue, despite loss of funding. There is reason to be optimistic.

With a little help from regulators, Aereo finally has a plan B. The FCC itself is considering a redefinition of broadcasting to include internet-based companies. It's possible this may have something to do with the confusion and questions that came up as a result of the Supreme Court ruling, but it might also be an attempt to encourage competition.

This proposal appears in an official FCC blog post by chairman Tom Wheeler, and is sure to provoke discussion and dismay among media corporations, especially considering that their stocks all fell more than 3% after the proposal was announced.

POODLE: A new SSL vulnerability

in security on (#2TCV)
story imageForbes has a lovely if disjointed writeup; The Register is considerably more dramatic. The gist: your browser likely still allows the use of old SSL standards, which are now proven vulnerable to a lovely new bug which could, in the worst case, give an attacker your cookies. From there, your sessions are at risk, along with anything you'd prefer to keep to yourself online.

The makers of Chrome seem to be saying that the issue has been fixed in Chrome since February, but as of this morning, the Poodle Test still showed Chrome as vulnerable. Firefox expects to have a fix in version 34, due Nov 25. In the meantime, according to the Forbes article, you can open about:config and change the setting security.tls.version.min to 1. This does cause Firefox to pass the test. Microsoft and Apple have not addressed the issue as of this writing. Internet Explorer does have an option to disable SSL 3.0 in its more recent versions (naturally set to "enabled" by default), but IE6 users are out in the cold; Safari users are vulnerable and must wait for a fix from Apple.

Judge rejects Apple/Google/Intel/etc settlement; says parties need to pay more

in legal on (#3TZ)
In a victory for engineers and techies everywhere, Judge Lucy Koh has rejected the settlement proposed in the High-Tech Employee Antitrust Litigation case. The settlement was originally drawn up by the plaintiffs' legal counsel, Lieff Cabraser Heimann & Bernstein, a process which ordinarily would involve the participation and approval of the plaintiffs. Because the suit was class-action, however, the law firm allegedly moved forward on behalf of the plaintiffs without the approval of the class representatives, and informed them only after a settlement agreement had already been reached.

One of the plaintiffs, Michael Devine, asked the judge to reject the settlement based on the inequality of the proposed value to the amount of damage done, and it appears that Judge Koh agreed. Apple, Google, Intel, et al, and the plaintiffs' attorneys, will be required to either submit a higher offer or take the case to trial, a possibility that might lead to billions in damages considering the amount of evidence the plaintiffs have compiled.

Even if it does not go to trial, however, the judge's decision is a heads-up to businesses that this sort of behavior has consequences.

Is Hold Security on the level?

in ask on (#3TM)
Hold Security: the security company responsible for the disclosure that some Russian hackers have collected 1.2 billion email/password combinations. When the news came out, Hold Security promised to check their database on an individual level rather than just publishing the passwords. They posted a form by which one could enter a name and email address, and told visitors to wait to hear from them.

Days later, emails were sent out that looked something like this:
Dear <Name you entered>,

This is a message from Hold Security regarding your recent Hold Identity enquiry.

We can confirm that your online credentials have been compromised. However, don’t panic just yet. It is possible that the compromised password(s) associated with this email address are not critical, for example, a password might be very old or assigned to you by default by a service provider.

If you would like to know which one of your passwords has been compromised, follow the link to our website and enter your ticket number, which can be found in the subject field of this email. You can submit up to 15 passwords that will be encrypted using a very secure algorithm and sent to us for running a comparison check in our database. Please note that if you try to send us your passwords unencrypted, we will not respond and disregard your enquiry completely.

Once we check our database, we will let you know which, if any, of your (encrypted) passwords have been breached.

Thank you for your interest in our Hold Identity service and taking the time to submit your enquiry.
The email link leads to a form which invites the user to enter up to 15 of their passwords, plus their ticket number, in complete violation of all IT training and quite possibly sanity itself. It may very well be that this is the only way that the database can be logically searched, however. (Though I'm intensely wary of anything that claims to do real encryption via Javascript.)

Yeah, Betteridge's law of headlines would say "No" to this - but Brian Krebs seems to think they're real. Anyone got any experience with these people?

Aereo is still in the fight

in legal on (#3QX)
story imageSince the Aereo decision caused Aereo to shutter its service, we haven't heard much. It appears now that things are still happening with the company.

Apparently Aereo is asking that, since the Supreme Court declared it a "cable company", it should immediately receive cable company status, which the FCC has been previously reluctant to grant to internet-only companies. Deadline Hollywood has a fairly informative writeup. This would allow it to enter into negotiations for content with broadcasters, who, at least according to the law, would be required to "negotiate in good faith". Considering that many of them are not Aereo fans and some major content providers have threatened to pull their content if Aereo wins, Aereo might have an uphill battle despite that "good faith negotiation" requirement - if the FCC even permits the status change.

If this last-ditch effort fails, there are still alternatives to cable, but none of them are as simple and as cheap, and most lack the extra features of Aereo. Good luck, Aereo.

Mozilla foundation's new CEO causes concern due to anti-gay-marriage views

in legal on (#3HA)
story imageThe guy co-founded Mozilla and served as Netscape's chief architect . He invented Javascript . He's been Mozilla's chief technical officer for 9 years. On March 24th, Brendan Eich became the Mozilla Foundation's CEO - and members of Mozilla's staff promptly demanded that he step down . Why? Because Brendan Eich is anti-gay-marriage.

The BBC , CFO World , and others are reporting that online dating site OK Cupid is notifying users of Firefox of the views of the Mozilla Foundation's new CEO - and requesting that they use another browser to access the site. It's not quite a boycott - users can still click through to access the site while using Firefox - but it's definitely a statement. This isn't the first time this kind of thing has happened. Hobby Lobby , Chick-Fil-A , and Costco have all experienced similar backlashes.

Mark Surman, XO of Mozilla, says:
"I worry that we do a bad job of explaining ourselves, that people are angry and don't know who we are or where we stand. And, I worry that in the time it takes to work this through and explain ourselves the things I love about Mozilla will be deeply damaged."

At what point do a person's political, personal, or religious views outweigh their qualifications for leadership - and does using Firefox in any way imply support of these views?

Kepler finds 4 potentially habitable worlds

in space on (#3F4)
story imageKepler has found 700+ worlds, 100 of which are roughly earth-sized, and 4 of which are both earth-sized and in their sun's Goldilocks Zone, and thus are potentially habitable. The BadAstronomer enthuses eloquently.

The hypothetical rescue of the Columbia - and its effects on NASA's future missions

in space on (#3EY)
story imageArs Technica writer Lee Hutchinson , who worked for NASA during the Columbia incident , writes about the 2003 destruction of the shuttle Columbia, and the questions asked afterwards. Could the disaster have been anticipated? If so, could a rescue have been performed before the shuttle's incredibly destructive re-entry? The answers to those questions hatched an incredible plan - and changed the way NASA handles shuttle missions to this day. It's worth a read not only for the historical perspective, but also for the account of practical project planning and the immense scope of such an endeavor. He calls it the untold story of the rescue mission that could have been NASA's finest hour .