Shoppers enjoy online purchasing for a variety of reasons, but the lack of sales tax is probably highest on that list of perks. That may soon change due to a revamped Internet Tax bill re-introduced last week on the Senate floor, and one which could be voted on as early as this week. The “Marketplace Fairness Act“, penned by Sentor Mike Enzi (R., Wyoming), essentially requires any internet business with more than $1M in online sales to collect taxes on the US’s estimated 9600 state and local taxing authorities, something that brick-and-mortar businesses don’t have to do, even if sales come from across state lines (and presumably through channels other than the internet). Opponents of this bill state that this places an unfair burden on smaller internet businesses, as calculating and processing taxes for nearly ten-thousand different localities presents a logistical nightmare with which even large companies struggle. Obviously, brick-and-mortar companies back this bill, especially the big ones – Wal-Mart is a vocal backer, but even online retail giant, Amazon.com has thrown in their support. It may surprise no one that they have a dog in this race – Amazon offers a subscription-based tax-processing service to online retailers.
What this means for you:
If you sell more than $1 million in taxable goods on the internet to customers in the United States, you might need to look at some serious upgrades for your online store in the near future. On top of the huge headache this creates for your website administrator and programmers, this may also complicate your shopping cart process, and your customers may be in for a shock when they discover that their online shopping isn’t paying off like it used to. Opponents say that this bill will throw a wet-blanket on online shopping, and could be a huge damper on the struggling American economy. The bill hasn’t been made law yet – but it may behoove you to find out where your local government representative stands on this issue.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net. Note: image has been digitally altered by Chris Woo.
The controversial CISPA (Cyber Intelligence Sharing and Protection Act) proposal has passed committee review and is heading to the Senate for a vote, despite a clear warning from the Obama administration that it would VETO the proposed law. Unlike the equally controversial SOPA (Stop Online Piracy Act) backed by media companies and defeated through vigorous and coordinated protests from the technology industry, CISPA has divided the technology industry. Many large companies like IBM, AT&T, Oracle and Verizon backing it, while other, equally sizeable companies like Facebook, Microsoft, Google and dozens of activist organizations oppose the bill on the grounds that it doesn’t do enough to protect the privacy of US citizens.
What this means for you:
In case you are confused as to how CISPA might impact you or your business personally, here’s a summation of what the bill proposes: This law would allow telecommunication companies to share data with governmental agencies for the purposes of combatting terrorist or criminal activity, overriding any local laws that would prohibit such sharing. According to supporters, law-abiding citizens should have nothing to worry about, but opponents contend that on top of very weak protections for citizen privacy, there is nothing in the bill that would protect citizens from potential abuse by the various intelligence agencies who could amass an inconceivably comprehensive database from the information gained by CISPA. Regardless of which side of the privacy fight you stand on, it behooves you as a US citizen to be aware of where you stand on this issue, as well as encouraging everyone around you to participate as they can in helping our government come to terms with this problem.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Just when we were getting flight attendants to relax the electronic device restrictions on flights, a German security consultant has demonstrated a real-world hack and takeover of an airplane’s critical guidance and control systems using an app he built that runs on an Android smartphone. Hugo Teso of n.run, who is also a trained commercial pilot, demonstrated the exploit at the Hack in the Box conference in Amsterdam, and has developed a framework and app as a means to illustrate just how poor the current state of aviation security actually is. Teso designed the framework to be unusable outside his simulation environment, but he maintains that his environment mirrors technology that is currently in use throughout the aviation industry. On top of being able to completely own the Flight Management System (sometimes referred to as the “Autopilot”) of an aircraft, Teso’s app, named “PlaneSploit” demonstrated how, once complete control of the aircraft’s control systems was obtained, the actual operation of a flying aircraft could be remotely controlled from a smartphone.
Teso has carefully kept his research private, and has been working closely with the aircraft industry to help them close the gap on the many security vulnerabilities that exist in the thousands of aircraft in use today. Even still, it’s possible that other security analysts could uncover the same exploitable weaknesses in avionics platforms, and perhaps behave less altruistically than Teso. Also keep in mind that the autopilot systems can be manually overridden and the aircraft flown “by hand” using backup analog instrumentation. The trick, Teso reminds us, is that unless the pilot knows the plane has been hacked, he won’t know to take over control until the damage has already been done.
What this means for you:
Unless you are a commercial pilot, or someone of influence in the airline industry, I’m afraid there’s not much you can do about this except continue to raise awareness with everyone around you about technology security. Even though I sincerely doubt we’ll see any real-world plane hijackings via smartphone any time soon, now that this Pandora’s Box has been opened, it may never be shut again.
Security tester Phil Purviance has gone public with his findings on a popular router that widely sold to consumers and small businesses. He sums it up succinctly:
…any network with an EA2700 router on it is an insecure network!
The router in question is commonly found at big box retailers like Fry’s Electronics, Best Buy and pretty much any retailer that sells consumer electronics. Purviance reported his findings to Cisco over a month ago, but the hardware giant has yet to comment or issue any fixes to the public.
What this means for you:
If you are using a Cisco Linksys EA2700 router for your internet connection, your device and any computer connected to the EA2700 is at risk. Seeing as most folks aren’t even aware that their routers have software/firmware that can be upgraded, it’s likely that even if Cisco were to fix all the vulnerabilities outlined by Purviance, those fixes are unlikely to be applied by most consumers and small businesses. At the moment, the only true fix for the EA2700 is to replace it with something else, but with what? Researchers are still playing catch-up in this space, as there are literally hundreds models of consumer-grade routers installed in the US alone.
As a business owner, you should consider upgrading to a business-class router from a major manufacturer like Dell, Cisco, Fortinet, etc. (Cisco’s business-class equipment, ironically, is typically considered a standard choice). At the very minimum, understand what you have installed, upgrade the firmware if possible, and check with your local IT professional (C2 is always there to answer your questions!) to determine if there are any widely known exploits published about your particular router model.
Consumers looking to “cut the cord” with cable and satellite providers have often been stymied by the fact that certain programming, most notably live sports and new TV shows, are often unavailable on the traditional streaming services like Hulu and Netflix. Depending on the content and the availability of a dedicated DVR box like a Tivo unit, savvy consumers could record over-the-air broadcasts using an old-fashioned TV antennae, but depending on the device (and the content!) you might be limited to watching it only on that device.
Aereo is attempting to help consumers with this last content “mile” by setting up data centers in key markets (starting in New York City) that are basically acting as cloud DVR’s that can stream (or record) over-the-air TV content to your devices for as little as $8/month. Think of it as Netflix for your local TV programming. As a matter of course, the major networks are in an uproar about the service, as it completely disrupts their current revenue models, but to little avail as US courts, up to this point, are siding with the internet startup. Not content with the rulings, the networks are planning to appeal, and are also talking about moving their content to paid networks and away from free, over-the-air broadcasts as a means to combat Aereo’s plans.
What this means for you:
Over 50 million Americans still watch TV via good, old-fashion TV antennaes, and many millions are still without proper broadband that might enable them to stream content from providers like Aereo. The content networks are in no danger of losing those folks, but their reactions to companies like Aereo may cause them to abandon broadcast TV altogether, moving all their content to services that are suddenly out of reach for a significant portion of the population. For those of us trying to cut the cord, Aereo’s disruptive influence may bring us a little closer to the next age of entertainment where, instead of buying predetermined services filled with channels we don’t watch, we can purchase and watch content on an a la carte basis, on our schedule, and on the devices we choose.
Image courtesy of digitalart / FreeDigitalPhotos.net
In an announcement that surprised pretty much no one in the technology industry, Facebook frontman Mark Zuckerberg announced the arrival of both a Facebook application suite, dubbed “Facebook Home” as well as a phone from HTC called “First” that will have Facebook Home pre-installed. It’s not an operating system, like iOS or Android, nor is the “First” a dedicated Facebook phone. Facebook Home is really a set of apps (only for Android phones at the moment) that essentially makes your phone more like Facebook and less like Android.
What this means for you:
If you live and breathe Facebook (and millions of Americans do just that), then you’ll want to give this app a try, but only if you have an Android phone. iPhone users will be out of luck for the forseeable future, as Apple does not allow the sort of access to the base operating systen that Facebook Home requires. For those of you wondering why anyone would want such a thing on your smartphone, consider this: For many, the Android OS is overwhelming and complicated. They just want to make calls, answer email, and connect with friends. These users are looking for what’s known as a “Walled Garden” experience, very similar to the way AOL offered the “internet” to millions who weren’t interested in (or bewildered by) the unfiltered and un-curated experience of the 1990’s world wide web. You could think of Facebook Home as the new “AOL” for your smartphone.
One thing to keep in mind: Facebook’s revenue model is based upon knowing as much as they can about all of their users. By using Facebook Home, it’s conceivable that Facebook will harvest much more data about you, including location data and browsing habits above and beyond what they can collect while you are sitting at home in front of a computer. If you’ve been living your life on the internet and have nothing to hide, and you don’t mind Facebook mining your smartphone activity for marketing data, Facebook Home might just give you the Facebook phone you’ve always dreamed of.
As if you didn’t have enough to worry about, the security blogosphere has dragged another bogeyman out into the daylight, and this one is ugly. Researchers from ioActive are now positing that rather than targeting businesses and their more sophisticated technology defenses, hackers could very easily begin to target consumer-grade equipment installed by internet service providers (ISP’s e.g. Time Warner or Comcast) in your home.
Why would they do this? Aside from the much flimsier technology used throughout the home-internet industry, the IP address assigned to your device is easily discoverable because the ISP’s themselves publish information about entire blocks of internet addresses that are allocated to them. This is doubly bad because not only do hackers now have an easy-to-parse list of targets, they can make assumptions about the targets based upon the ISP that services those addresses: things like the types of equipment used by the ISP (and default passwords), geographical locations, even the types of internet service (ie. DSL, cable, satellite, etc).
As part of their investigation into the feasibility of such an attack, ioActive researchers were able to compile a list of 400,000 actual devices installed in customer homes that might be vulnerable to a simple attack that could allow hackers to “own” the device and use it as a means to gain access to any computer connected to that device, ie. all the computers in your home. The basis for the attack? The simple assumption that the default administrative password was not changed since it was installed by the ISP.
What this means for you:
Having equipment installed in your home that you don’t understand and can’t personally confirm as secure is risky and negligent. It would be akin to leaving power tools lying around within reach of a child. Sadly, most ISPs have very thin (to nonexistent) policies around governing the security of the devices they install in your home, and worse, they often rely on third-party labor to do the installs, further increasing the chances that your router was installed quickly and possibly carelessly. On top of this, how many of you after having waited multiple hours for an internet install to happen, watched the installer rush out the door before learning anything about how your new equipment works, who to call for support, or how to change the password on the newly installed router?
Do yourself a favor: familiarize yourself with your internet router, WiFi access point, or any other piece of network equipment in use in your home, figure out how to log into the device(s), and then change the password to something that is hard to guess, and written down in a safe a secure place. Don’t make it easy for the hackers by continuing to ignore the backdoor into your home network!
Matt Honan, the Wired writer who had his digital identity stolen in a harrowing cyberattack last year, is back with another chilling article about yet another technology failing to protect us: this time it’s our beloved smartphones. More specifically, it’s the ones we’ve left behind, donated or possibly even sold via eBay, when we upgraded to a newer mobile device. The problem? Even though we may “wipe” the phones, the process may still leave enough information behind for the wiped phone to reveal sensitive information about their owners, including where the phone has been (geographically), what websites have been visited, and even phone numbers, addresses and other confidential data we thought erased.
What this means for you:
Depending on the type of phone you are discarding, and how it is wiped, this may or may not be an issue for you. For example, iPhones after the 3G mentioned in the article are encrypted by default, and if “reset” properly, the encryption key is destroyed, rendering any data on the phone unreadable, even if it is recovered. Most large organizations with a savvy IT department will only allow smartphones to access corporate email and files after your phone has been configured with proper security settings, up to and including an encrypted partition to store your email and any files you might access from the corporate network. Most Android phones should be able to encrypt all data (check “Settings -> Security”) depending on version of Android your phone is running, providing the same type of protection that Apple has on its late-model iPhones.
I can hear you saying, “I don’t have any data on my phone that is sensitive,” and unless you are 100% sure of this, always assume there is something on your phone you don’t want untrustworthy eyes seeing. Even older flip-phones have phone numbers, addresses and other data you might not want to share with a stranger. If you are at all in doubt, hold on to that phone until you can talk to a professional about wiping it securely. If you don’t plan on letting the phone have a second life through eBay or donation, take it to an eWaste facility or event that offers secure destruction. This process renders the phone (and any electronic device, like a hard drive) down to its basic metallic components, completely destroying any data stored in any component. Don’t have access to such a process? Drop your phone into a bowl of water for a day or, as the Wired article suggests, take a hammer to it (wear proper safety equipment please!) before disposing of it through a proper eWaste avenue. This isn’t a guaranteed method, but it will take a dedicated effort that most data scavengers will bypass in favor of the next discarded smartphone that will be an easier mark.
Analysts are predicting that Apple will iterate on its popular smartphone in June, releasing the iPhone 5s that will have minor hardware and software upgrades to entice the bleeding edge Apple faithful. If the pattern seems familiar, it’s because Apple did the same thing with the iPhone 4s which followed its predecessor, the “4” in less than a year. It’s unclear whether the iPhone 5s launch will have the same impact as the 4s, which debuted with the popular but buggy “Siri” service. More importantly, Apple-watchers are predicting that the Cupertino company will debut a “lower cost” version of their iPhone in September, specifically to combat Android’s growing market share. An unlocked iPhone typically sells well north of $600 brand new, whereas Android devices can be bought off-contract for less than $300, which is where analysts expect the budget iPhone to land in the pricing wars.
What this means for you:
While most folks are usually more than satisfied with 2-3 year-old iPhones, if you’ve been waiting to upgrade, Apple’s pattern of hardware release usually means that the “s” version of an iPhone is a good investment. If you are still rocking an iPhone 3, the 5s will be a very nice upgrade with a noticeable improvement in speed and functionality. If you are one of the few that tries to avoid AT&T’s and Verizon’s financially-questionable 2-year contracts and you don’t want to plunk down six bills or more for an unlocked 5s, hold on to that older iPhone for a couple more months to see if Apple makes good on the low-cost iPhone in September of this year.











