Techdirt. Stories filed under "hijack"

Techdirt. Stories filed under "hijack" Easily digestible tech news... http://www.techdirt.com/ en-us Techdirt. Stories filed under "hijack"http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Fri, 22 Jul 2011 13:38:03 PDT Comcast Hijacks Mac Firefox Users' Homepage; Offers Blame Game And Faux Apology In Return Tim Cushing http://www.techdirt.com/articles/20110722/02383515203/comcast-hijacks-mac-firefox-users-homepage-offers-blame-game-faux-apology-return.shtml http://www.techdirt.com/articles/20110722/02383515203/comcast-hijacks-mac-firefox-users-homepage-offers-blame-game-faux-apology-return.shtml redirecting them to Comcast's home page:

The software is unfriendly to Mac users running Firefox: It changes the browser's homepage to comcast.net, and blocks users from changing it to anything else.

I heard this from a friend who'd just signed up for Comcast's Xfinity high-speed Internet service and soon discovered some behavior on his Mac that is akin to Windows malware - something had hijacked his Internet settings. The technician who arrived to turn on the service said that a software package from Comcast was necessary to complete the installation. My friend later discovered that his homepage had been changed to comcast.net, and that Comcast software had modified his Firefox profile so that there was no way to change the homepage setting.

Trust me, nothing makes your users happier than the feeling that they no longer control their interaction with the internet. It goes further than that, though. The Xfinity software has also been spotted redirecting searches. This gives new users a chance to enjoy that "new internet smell," while simultaneously worrying that they've picked up some malware right out of the box. Not only that, but this so-called "necessary" software isn't actually necessary.

While Comcast may be concerned about Xfinity's inability to play nice with Firefox, this just seems like a bad idea all around. When your software mimics the behavior of malware, you've failed. Of course, Comcast wants to make things right, which is why they first blamed it on Mozilla:

I contacted Comcast; they initially blamed the problem on a bug in Firefox. Mozilla denies this, and says it's Comcast's doing.

"This is NOT a Firefox bug or issue," a Mozilla spokesperson wrote in an email. "It is a Comcast method that applies preference changes to Firefox."

Oh. Snap. Come on, Comcast. Level with us:

Comcast spokesman Charlie Douglas acknowledged that the Xfinity software hijacks Firefox's settings. He said the problem is limited to Mac users, and that permanency of the change was unintentional. He added that the company is in the process of correcting the installation software.

"Customers absolutely should be able to change their preferred homepage anytime," Douglas said. "We're obviously apologizing for any inconvenience we've caused Mac users."

Cool story, bro. There are several things I find dubious about this statement ("unintentional?"), but nothing is more shady than the phrase "obviously apologizing." Either you apologize or you don't, but stop acting like it's a foregone conclusion. Unless you've got your customer service team calling up affected users and apologizing for the inconvenience and offering a fix, then you're not "obviously apologizing." Obvious apologies don't need to be pointed out, especially in the past tense and even more especially after first laying the blame at the feet of Mozilla.

Not that anyone would expect anything more from Comcast. In fact, they still haven't offered an official fix, but other presumably pissed off users have already found a workaround. When you leave it to your customers to fix your purposely broken (and "necessary") software, you're just further damaging your already in-tatters reputation.

Permalink | Comments | Email This Story
]]> operators-are-standing-by-to-apologize http://www.techdirt.com/comment_rss.php?sid=20110722/02383515203 Thu, 14 Apr 2011 07:33:00 PDT FBI Hijacks Botnet, With Court Order... Then Issues Kill Signal To Millions Of Computers Mike Masnick http://www.techdirt.com/articles/20110414/01555713888/fbi-hijacks-botnet-with-court-order-then-issues-kill-signal-to-millions-computers.shtml http://www.techdirt.com/articles/20110414/01555713888/fbi-hijacks-botnet-with-court-order-then-issues-kill-signal-to-millions-computers.shtml talk about the value of "good samaritan" viruses or botnets, that would go out and try to delete or kill of "bad" viruses or botnets. Lots of computing experts have, reasonably, warned that the unintended consequences of such an action could be large and dangerous. Apparently, the FBI figures, why not test it out anyway? In a rather surprising move, the FBI was able to get a court order that allowed it to effectively hijack a large botnet, involving millions of computers, and send a "stop" command to all of those PCs that would disable the malware (called Coreflood).

While there are obviously good intentions here, and it's definitely a good thing to see a large malicious botnet go dark, there still are really serious concerns about this move, the legality of the move, and the risk of unintended consequences. Do we really want to set a precedent where the FBI can send commands remotely to millions of computers? And how confident are people that the FBI's programming skills won't cause problems, if not this time, at some point in the future? In the filing requesting the right to do this, the FBI even pointed out that a newer version of Coreflood had been released that morning "but that the FBI had tested the kill command against that variant and it had worked successfully." Of course, testing in the lab and deploying to millions of machines in the real world is entirely different. There are also concerns that this is an ongoing effort, since Coreflood apparently reruns every time a machine is rebooted, meaning that the FBI will have to keep sending this kill signal. And while the FBI swears up and down "that this would cause no harm to computers," how confident are you that this is really the case?

Again, I recognize the importance of trying to stop botnets and take them down. Additionally, there don't appear to be any early reports of trouble or unintended consequences from this move. But... when dealing with something like this, where the FBI is sending execution commands to millions of PCs, you have to assume that sooner or later, something bad is going to happen. Does the FBI have a technical support helpdesk to help your grandparents when it kills their computer?

Permalink | Comments | Email This Story
]]> good-samirtan-hacking? http://www.techdirt.com/comment_rss.php?sid=20110414/01555713888 Mon, 10 Dec 2007 20:32:04 PST ISP Inserts Its Own Messages Into Google Mike Masnick http://www.techdirt.com/articles/20071210/184436.shtml http://www.techdirt.com/articles/20071210/184436.shtml inserts its own messages into Google's home page. In the screenshot, Rogers inserts a huge message at the top of Google's homepage to let a user know that he or she is approaching the monthly bandwidth limit on the account. This is troublesome for a number of reasons. There's simply no reason to hijack a site like Google (and, in fact, I'd imagine that the folks at Google wouldn't be particularly pleased about an ISP messing with its page). If an ISP really wants to communicate with people, why not just pop up a proxy page when the browser is first opened? Most importantly, though, it shows how some ISPs feel about its position in the value stream. They feel that they are more important than the content and services you are using. This is what leads to all those network neutrality debates, where the ISPs forget that they're providing just a pipe and think that they are the most important part of the process and have the right to change how everything else works. This doesn't mean they should be regulated -- but it does mean that both users and service providers (such as Google) should make it abundantly clear to ISPs like Rogers that this will not be tolerated.

Permalink | Comments | Email This Story
]]> a-bit-intrusive http://www.techdirt.com/comment_rss.php?sid=20071210/184436