In case you missed the news a Federal Appeals Court ruled this week on if the FCC has the authority to dictate to Internet Providers how the manage the data being sent through their networks. In 2007 the FCC judged that Comcast could not throttle or delay certain types of traffic such as Bit Torrent, a type of file transfer, however Comcast argued the FCC did not have the authority to make such a ruling or issue any fines. This week a D.C. Appeals Court agreed with Comcast that the FCC’s statutory authority does not extend into how ISP’s manage their network traffic or content.

Now on to why this has any bearing on your day to day life or business.

The term Net Neutrality in it’s basic form means all traffic on a public network (Internet) must be treat equally. This means your video watching of YouTube and your neighbors online gaming both must travel across the Internet unencumbered by traffic management which places one type of web use above another. Sounds simple and basic enough right? Well ISP’s argue that for one they need to manage their networks to provide quality service to all customers and if one customer or type of use is putting a strain on the system they need to be allowed to adjust that traffic so all users get acceptable access. Well that also sounds reasonable enough doesn’t it? Thus the problem, should all access be equal or should an ISP be able to control the bandwidth so all users get reasonable performance.

Now for the Dark Side. Let’s say ISPs such as Comcast and Time Warner have certain content on the web. As a Road Runner customer I find I can access that Time Warner content extremely fast but when I try to watch something Comcast is providing I find it’s horribly slow, hmm, is it fair for Road Runner to slow down access to competitive services or product? Better yet let’s say a Road Runner calls up Google who owns YouTube and says, “we need you to start paying for the amount of data people are using to view your content or we will start slowing that content delivery down. Don’t forget Google is saying they want to drop fiber in a couple of cities and those cities are bending over backwards to get Google’s money but what if Google did lay fiber in say Winston-Salem then turned around and only allowed high speed access to Google services and slowed down access to everything else? Well I think it would be easy to argue none of us think either of those situations would be a good idea.

So should we be upset that the courts ruled the FCC doesn’t have the right to say no to either of the above thus giving the FCC carte blanche to be the sole authority on how network bandwidth is provided? To steal a movie line from a great movie , “I Think NOT!” and the reason is simple, the so called Fairness Doctrine and it’s new Obama appointed Czar, The Chief Diversity Officer. Now I’m not going to get all political in this however it should be noted that if the court had let the FCC’s argument stand then there is absolutely nothing to stop the FCC from saying there has to be not only equal access to the networks but the content on the web must also be equal in it’s “diversity”. Now this is a very scary thought that a group of unelected officials could in fact determine if you get to listen to Rush Limbaugh online because there would have to be an equal liberal voice so as to keep the Internet “diverse”.  Let’s bring it even further down to the local level let’s say you run a website where you share your political views but to keep things “diverse” you would be forced to have an equal amount of opposing content. Okay you think that’s absurd the FCC could not ever do that however if the ruling had stood they could have in fact done just that. Your church website could have been ordered to put up links to gay websites, local bars, Las Vegas casinos or anything else because everything had to be equal and “diverse”.

Sure, sure the above would have hopefully never happened however by allowing a commission to expand it’s powers beyond what our elected officials have given them we have to assume the worse since who knows what could happen and we would have had no recourse. By the courts stepping in the concept of Net Neutrality is now tossed back to Congress where hopefully we will have public and well as industry input to come up with rules which are fair but more importantly have a system of checks and balances. Should Road Runner be able to slow down Skype because Road Runner sells VOIP or should you be able to watch MSNBC or FOX at equal speeds and who is to be the judge and jury of that is not something we want a few beltway insiders to determine.

Malicious Office Documents Cause Security Woes

Exposure:

Today, Microsoft released two security bulletins describing seven vulnerabilities found in components that ship with Microsoft Office XP and 2003 for Windows, and Office 2004 for Mac. These bulletins do not affect the more current versions of Office, such as 2007 Microsoft Office System or Microsoft Office 2008 for Mac.

The vulnerabilities affect different versions of Office to varying degrees. Though the seven vulnerabilities differ technically, and affect two different Office components, they share the same scope and impact. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

According to Microsoft’s bulletins, an attacker can exploit these flaws using many different types of Office documents. In one bulletin, Microsoft specifically states PowerPoint documents are vulnerable. However, they also mention any "Office file" in their other alert. Therefore, we recommend you beware of all unexpected Office documents.

If you’d like to learn more about each individual flaw, drill into the "Vulnerability Details" section of the security bulletins listed below:

•  MS10-003: Multiple PowerPoint Code Execution Vulnerabilities, rated Important
•  MS10-004: Microsoft Office MSO.DLL Code Execution Vulnerability, rated Important

Solution Path

Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately, or let the Microsoft Automatic Update feature do it for you.

MS10-003:

•  Office XP w/SP3
•  Office 2004 for Mac

MS10-004:

PowerPoint update for:

•  Office XP w/SP3
•  Office 2003 w/SP3
•  Office 2004 for Mac

Verizon is putting the final touches on it’s new plans and for the most part if you want any type of phone that does more than dial a number you WILL buy a data plan. Overall Verizon says this will average out for most users so the monthly cost are about the same yet they also admit they see the revenue per user continuing to rise.

Reports and rumors are coming out that Verizon will be releasing multiple new phones in the upcoming months. From the much anticipated iPhone to more Android based phones it looks like Verizon has finally decided it’s time to upgrade their less than unique phone lineup.

The latest rumor to show up is all about a new Android phone from Motorola called the Devour. Basically it appears to be a slightly less advance version of the Motorola Droid so expect to see pricing be slightly lower although it will run Android 2.1.

It also appears HTC will be releasing an update for the Eris to push it to Android 2.0 or 2.1. Of course how quickly Verizon will make the update available is anyone’s guess. If your wondering why running Android 2.x is such a big deal it has several major updates such as supporting multiple Exchange accounts as well as a browser update.

Of course with CES coming up there’s always a lot of news and rumors about new products and not to be outdone Palm is rumored to have a new Palm Pre Plus ready for Verizon. This will be a slightly larger and newer version of the Palm Pre.

Lastly will there be an iPhone for Verizon? It was a given last year but as the year ended most had cast doubts on Verizon’s iPhone plans. There are those however that still see an iPhone in Verizon’s future probably sometime in the summer as Apples releases it’s newest version of the huge successful iPhone. With little to go on the belief is the new iPhones will be smaller, have a 5MP camera, be built by AsusTek vs. Hon Hai which makes the current models, use a Qualcomm hybrid CDMA/WCDMA chip that allows multiple cell carrier signal types  and show up mid year.

Of course let’s not forget to warn anyone looking at Verizon for a new phone they have enacted a new $350 cancellation fee on their “Smartphone” line so if your thinking of buying now and switching if and when they release an iPhone you may want to change those plans.

Word is Dell will keep the Winston-Salem plant open for a few more months allowing around 400 workers a little more breathing room. No further information is out there as of yet but I’m sure we will see local leaders take all the credit somehow.

Adobe Corrects At Least Seven Vulnerabilities in Flash Player and Air

They also warn of a zero day flaw in Illustrator CS3 and CS4

Severity: High

9 December, 2009

Summary:

§ This vulnerability affects: Adobe Flash Player 10.0.32.18 and earlier, running on all platforms. Some flaws also affect Adobe AIR 1.5.2

§ How an attacker exploits it: By enticing your users to visit a website containing malicious Flash content

§ Impact: In the worst case, an attacker can execute code on your computer, potentially gaining control of it

§ What to do: Download and install the latest version of Adobe Flash Player and Air

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash, often formatted as a Shockwave (.SWF) file. Adobe’s Flash Player ships by default with many web browsers, including Internet Explorer (IE). It also runs on many operating systems.

In a security bulletin released on the same day as Microsoft Patch Day, Adobe warned of at least seven critical vulnerabilities that affect Adobe Flash Player 10.0.32.18 for Windows and Macintosh (as well as all earlier versions). Some of the flaws also affect Adobe Air 1.5.2 as well. Adobe’s bulletin refers to seven CVE numbers, which suggests that their update fixes seven security vulnerabilities. The bulletin doesn’t describe the flaws in much technical detail. However, it does warn that if an attacker can entice one of your users to visit a malicious website containing specially crafted Flash content, he could exploit many of these unspecified vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC. If you use Adobe Flash Player in your network, we recommend you download and deploy the latest version throughout your network as soon as possible.
On a related note, the day before releasing the Flash update, Adobe also released an advisory about a critical buffer overflow vulnerability in Illustrator CS3 and CS4. The flaw has to do with Illustrator’s inability to properly parse specially crafted .EPS files. If an attacker can entice one of your Illustrator users into opening a malicious .EPS file, he can also exploit this flaw to execute code on that user’s computer, with the user’s privileges. There is no patch for this flaw yet. Adobe plans to release one in January.

Solution Path

Adobe has released a new version of Flash Player and Air. Specifically:

§ Flash Player 10.0.42.34

§ Air 1.5.3

If you use these products in your network, we recommend you download and deploy their updates as soon as possible.

I am seeing around a two dozen or more virus laden emails a day right now all with the same general subject lines such as:

“payment request from "Qualcomm" or “payment request from "Google"” or “Your Credit Balance is over its limit”

These all contain a backdoor Trojan in the attachment so again and again I remind everyone to not click those attachments you get in email. I like that “transaction inspector module”, they are always looking for something that will just make people click away, well DON’T!

When you leave messages on your e-mail server, you can choose from several options to delete your messages. To make your choice, you need to consider several factors about your e-mail usage, such as how long you want the messages to be accessible from multiple computers and the storage limits imposed by your e-mail server administrator. If you exceed your storage limit, you might be unable to receive new messages or might be charged additional fees.