Websites that have been up and running for a while tend to get tinkered with by well-intentioned marketing and technical staffs. Although businesses should encourage innovation, many common website practices can, if implemented in the wrong way, invite legal problems. Here’s a rundown on five common website mistakes. 1. “Guiding” user comments on social networking pages Websites generally have immunity under Section 230 of the Communications Decency Act for liability for defamatory statements posted by users on social networking pages of a site. However, recent cases have begun to chip away at that immunity in cases where the website has gotten too involved in “shaping” the user-generated content. Too much shaping and a website risks becoming the publisher itself, thereby losing the Section 230 immunity. 2. Testimonials in blogs Many bloggers are unaware that the Federal Trade Commission (FTC) has guidelines regarding endorsements and testimonials in blogs. In general, the guidelines require that bloggers disclose any material connections between themselves and the products that they are reviewing or discussing. Similarly, if a blog offers a testimonial, it should state whether its results are “representative” of what consumers will experience from using the product. This area is particularly perilous because the FTC has brought very few enforcement actions and, therefore, it is unclear where the agency may seek to draw lines. 3. Not updating the privacy policy When was the last time your website’s privacy policy was updated? How many changes has the site implemented since then? A website’s privacy policy should never be set in stone; it should evolve as practices change. Did the site review its privacy policy when it introduced that exciting new data-sharing tool? Did it make changes when implementing a new “just-in-time” notice? Not all changes on the site require revising the privacy policy. But if evolving website practices turn out to conflict with what the privacy policy states, the site could face charges that it is misleading or deceptive. 4. Offering a mobile application without thinking through the data flows Everyone wants to offer a mobile application these days, often linking to a website. However, questions are beginning to arise about the information that apps collect and the devices on which they appear, who handles it and what happens to that data. Knotty legal problems can emerge where these issues have not been vetted. 5. Copyright infringements Copyright infringement is as old as the Internet. Federal law governing online copyright violations – the Digital Millennium Copyright Act – has been in place for a decade and the rules are fairly well understood. Nonetheless, pirated material still often appears on websites, posted by users. Websites must maintain their procedures in order to earn the protections of the DMCA “safe harbour”. A website that loses its DMCA safe harbour protection due to inattentiveness may face substantial losses.
Archive for June, 2011
Virtual private networks, or VPNs, extend the reach of LANs without requiring owned or leased private lines. Companies can use VPNs to provide remote and mobile users with network access, connect geographically separated branches into a unified network and enable the remote use of applications that rely on internal servers. VPNs can use one or both of two mechanisms. One is to use private circuits leased from a trusted communications provider: alone, this is called a trusted VPN. The other is to send encrypted traffic over the public Internet: alone, this is called a secure VPN. Using a secure VPN over a trusted VPN is called a hybrid VPN. Combining two kinds of secure VPN into one gateway, for instance IPsec and Secure Sockets Layer (SSL), is also called a hybrid VPN. Trusted VPNs Over the years, implementations of trusted VPNs have moved from raw private circuits leased from telecommunications vendors to private IP network circuits leased from Internet providers. The major technologies used for implementing trusted VPNs over IP networks are ATM circuits, frame-relay circuits and Multiprotocol Label Switching (MPLS). ATM and frame relay operate at the data link layer, which is Layer 2 of the OSI model. (Layer 1 is the physical layer; Layer 3 is the network layer.) MPLS emulates some properties of a circuit-switched network over a packet-switched network, and operates at a layer often referred to as “2.5″ that is intermediate between the data link and the network. MPLS is beginning to replace ATM and frame relay to implement trusted VPNs for large corporations and service providers. Secure VPNs Secure VPNs can use IPsec with encryption, IPsec inside of Layer 2 Tunnelling Protocol (L2TP), SSL 3.0 or Transport Layer Security (TLS) with encryption, Layer Two Forwarding (L2F) or Point-to-Point Tunnelling Protocol (PPTP). Let’s go over each of these briefly. IPsec, or IP security, is a standard for encrypting and/or authenticating IP packets at the network layer. IPsec has a set of cryptographic protocols for two purposes: securing network packets and exchanging encryption keys. Some security experts, for instance, Bruce Schneier of Counterpane Internet Security, have considered IPsec the preferred protocol for VPNs since the late 1990s. IPsec is supported in Windows XP, 2000, 2003 and Vista; in Linux 2.6 and later; in Mac OS X, NetBSD, FreeBSD and OpenBSD; in Solaris, AIX and HP-UX; and in VxWorks. Many vendors supply IPsec VPN servers and clients. Microsoft has included PPTP clients in all versions of Windows since Windows 95 OSR2; PPTP clients are in Linux, Mac OS X, Palm PDA devices and Window Mobile 2003 devices. The company has also included PPTP servers in all its server products since Windows NT 4.0. PPTP has been very popular, especially on Windows systems, because it is widely available, free and easy to set up. However, as implemented by Microsoft, it has not always been the most secure of the secure VPNs. Schneier, with “Mudge” of L0pht Heavy Industries, found and published security flaws in Microsoft PPTP in 1998; Microsoft quickly fixed these issues with MS-CHAPv2 and MPPE, and Schneier and Mudge published an analysis confirming the improvements in 1999, but they pointed out that the security of Microsoft PPTP still depended on the security of each user’s password. Microsoft has addressed this issue by enforcing password strength policies in its operating systems, but Schneier and Mudge still recommend IPsec rather than PPTP for secure VPNs as inherently safer. An older protocol developed by Cisco, L2TP combines ideas from L2F and PPTP to create a data link layer protocol. This provides a tunnel, but no security or authentication. L2TP can carry PPP sessions within its tunnel. Cisco implements L2TP in its routers. There are several open-source implementations of L2TP for Linux. L2TP/IPsec combines L2TP’s tunnel with IPsec’s secure channel, which allows for easier secure Internet Key Exchange than pure IPsec. Microsoft has provided a free L2TP/IPsec VPN client for Windows 98, ME and NT since 2002, and ships an L2TP/IPsec VPN client with Windows XP, 2000, 2003 and Vista. Windows Server 2003 and Windows 2000 Server include L2TP/IPsec servers. SSL and TLS are protocols for securing data flows at Layer 4 of the OSI model. SSL 3.0 and TLS 1.0, its successor, are commonly used with HTTP to enable secure Web browsing, called HTTPS. However, SSL/TLS can also be used to create a VPN tunnel. For example, OpenVPN is an open-source VPN package for Linux, xBSD, Mac OS X, Pocket PCs and Windows 2000, XP, 2003 and Vista, which uses SSL to provide encryption of both the data and control channels. Several vendors supply SSL VPN servers and clients. Benefits and security risks of VPNs A VPN can erase geographical barriers for a company, enable employees to work efficiently from home and allow a business to connect securely with its vendors and partners. A VPN is usually much cheaper to own and operate than private lines. On the other hand, the use of a VPN can expose a company to potential security risks. While most VPNs in use are now fairly secure in and of themselves, a VPN can make it more difficult to secure the perimeter of a network properly. It is incumbent upon network administrators to apply the same security standards to computers connecting to the network via VPN as computers directly connected to the LAN. Combining the use of two VPNs simultaneously can potentially expose one company’s network to another’s. In addition, using remote control software such as PC Anywhere, GoToMyPC or VNC in combination with a VPN can expose the company’s network to the malware present on a remote computer that is not itself connection to the VPN. Reliability, scalability and performance of VPNs Because secure VPNs rely on encryption and some of the cryptographic functions used are computationally expensive, a heavily used VPN can load down its server. Administrators typically manage the server load by limiting the number of simultaneous connections to what the server can handle. When the number of people attempting to connect to the VPN suddenly peaks, for example, during a storm that disrupts transportation, employees may find themselves unable to connect because all VPN ports are busy. That gives administrators motivation to make key applications work without requiring the VPN, for instance, by setting up proxy servers or Internet Message Access Protocol servers to enable employees to access e-mail from home or from the road. Deciding between IPsec and SSL/TLS for a given scenario can be complicated. One consideration is that SSL/TLS can work through a NAT-based firewall; IPsec cannot, but both protocols work through firewalls that do not translate addresses. IPsec encrypts all IP traffic that flows between two computers. SSL/TLS is specific to an application. SSL/TLS uses expensive asymmetric encryption functions to establish a connection, and more efficient symmetric encryption functions to secure a running session. In a real-world remote application, administrators may decide to mix and match protocols for the optimum balance of performance and security. For example, clients might connect to a Web-based front end through a firewall using a browser secured by SSL/TLS; the Web server might connect to an application server using IPsec; and the application server might connect to a database server across another firewall using SSL. The scalability of VPNs can sometimes be improved by the use of dedicated server hardware. To cover that, however, we’d have to wade through the competing claims of VPN vendors: perhaps a subject for another day. VPN resources The Virtual Private Network Consortium maintains a list of its members, a table of IPsec VPN features supported by each vendor, and a table of SSL VPN features supported by each vendor. VPNC also supplies SimpleCA, a free, open-source certificate authority package for VPN administrators.
The past several years have been an amazing journey for Magento, as we’ve grown from a new open source platform into an eCommerce leader. Along the way, we’ve built not only a platform, but a company and a worldwide community. Together, we’ve identified opportunities, taken risks, innovated, struggled, succeeded, and changed the face of eCommerce. Today marks a milestone on this journey as we announce the most exciting news in our company’s history. Magento has reached an agreement to be acquired by eBay Inc. We believe this move will open incredible opportunities for the entire Magento ecosystem. The Big Picture Why is this acquisition so exciting for all of us? eBay is evolving to become a strategic commerce partner focused on delivering new ways for merchants of all sizes to drive innovation. As a centerpiece of this strategy, they are building a global, open commerce platform that leverages the worldwide developer community. And Magento will be at the core of this new, open commerce platform, called “X.Commerce.” Magento & eBay As many of you know, Magento has had a relationship with eBay for some time. In March 2010, eBay became our first outside investor. Over the past year, eBay has gotten to know our platform, our culture, and our community. They have experienced the passion of the Magento ecosystem, and they are eager to harness the power of this ecosystem to create the next generation of eCommerce innovation. Moving forward: the details How will this acquisition impact our organization, customers and partners? It’s too soon to know all the details, but there are a few things we know. Following the closing, Magento will continue to operate out of Los Angeles, with Yoav Kutner and me as its leaders. We’ll continue building our team and enhancing our product line, including the Magento Community, Enterprise, and Mobile Editions, as well as Magento Go and the Magento Go Platform. And we’ll continue strengthening our training, education, packaged consulting services and support efforts around the world. Through it all, we’ll be collaborating with our colleagues at eBay on developing the X.Commerce platform and defining the next generation of eCommerce innovation. Yoav and I recorded a short video about the acquisition – I hope you’ll take a few minutes to watch it. We have also prepared an FAQ with answers to many of your questions about this announcement. Creating the future together To all the members the Magento family: we thank you for all the passion, expertise and hard work that you’ve invested in Magento. Thanks to you, Magento finds itself exactly where we’ve always aimed to be: at the core of eCommerce. We are thrilled about becoming part of a larger organization that recognizes – as we always have – that the future of eCommerce is global, innovative and open. We look forward to creating that future with all of you.
What is a VPN? VPN is a virtual private network or tunnel over the Internet. Each VPN connection is totally anonymous on the internet and it helps to keep your activities anonymous and safe. VPN internet access is an attractive option for people worried about their security and privacy. Benefits of using VPN: * Anonymous Surfing * Protect your Privacy so that ISP not able to spy on you * Secure Encrypted connection * Bypass and use Skype freely! * Stay annonymous at work or at school ! * Unrestricted access to the Internet from countries that block you from accessing some sites. * Bypass all blocked web sites, such as adult, poker, sensitive sites! * Watch your favourite TV program, youtube as freely as you want! I still don’t understand.. Maybe a picture will explain more clearly. Without a VPN: With a VPN As you can see, with a vpn, your data go through a secure tunnel in encrypted format. ‘Middleman’ like your ISP or hacker will not be able to steal your data. Your data are protected and your privacy is secure.
