The Big Bang of the digital audio revolution occurred exactly 25 years ago, on the 17th of August, 1982. This was the day that a Philips factory in Langenhagen, Germany, pressed the very first commercial Compact Disc, and propelled the world forward into the digital age of music.

The idea of a Compact Disc was first conceived of in 1969, but serious research wasn’t started until almost a decade later in 1977. Another two years later, in 1979, Philips teamed up with Sony to create an ominous sounding joint task force of engineers to create a new digital audio storage disc. The result of the year long collaboration was the (somewhat) famous “Red Book,” a color-bound book containing the agreed on technical specifications for all future Compact Discs.

With everything else agreed on, it was only a matter of time before the first band agreed to have their material pressed onto Compact Discs. The very first title to be released out of the Langenhagen factory on August 17th , 1982, was ABBA’s 1981 album The Visitors.

Not too long after the introduction of Compact Discs, the industry saw a plethora of variations of the shiny optical disc: the CD-ROM (1985), the CD-Recordable (1990), the MiniDisc (1992), the CD-ReWritable (1997), to name a few. Compact Discs turned out to be the launching pad for the digital music revolution, which not only introduced easy data storage, but also brought us a dark side. Lossless copying, mindless music sharing, and poorly encoded MP3 all paved the road to the music industries’ current DRM-laden, paranoid state. Regardless of the present, however, the Compact Disc was an amazing invention, and deserves recognition as such.

Happy Birthday, Compact Disc!

Anyone who’s a Bank of America customer has probably gone through the process at one time or another. The site loads, you enter your username and state, and you hit “Sign In.” Waiting, waiting, waiting. Ok, next step: do you recognize this image? Huh, yeah, whatever; you enter your passcode and hit “Sign In” again. “Your request is being processed, Please wait…” Am I in yet? Oh, wait, what’s this. An ad? “Not now.” Ok, we’re in….

I wouldn’t have too much of a problem with the Bank of America login system, cumbersome as it might be, because it helps protect my banking information from those ruthless Nigerian phishers, right? Well, no; it doesn’t, actually. As it turns out, the implementation of the SiteKey system is nothing more than smoke and mirrors, or as Steve Gibson puts it, nothing more than a “touchy-feely sort of solution” that will look good in the papers.

According to federal law, any banking institution that wishes to provide an online service for “high-risk transactions involving access to customer information or the movement of information to other parties” must implement two-factor authentication (FDIC). So, what does all that mean? How will users be authenticated?

User authentication can be dealt with in a number of ways, but in order to have any confidence in the security of a system, multi-factor authentication is required. Multi-factor authentication deals with the notion of providing access after at least two of the following have been provided and verified:

• Something you know, like a password, a PIN, or an answer to a question. Please note that, requesting a username and a password still only counts as single-factor authentication.

• Something you have, such as an RSA security token, a credit/debit card, or some other physical device capable of providing some sort of information that only you might have access too.

• Something you are, meaning a fingerprint, a retinal scan, or some other form of biometrics.

Each of the methods mentioned above are quite easily foiled on their own—yes, even biometrics. So, in order to be the least bit sure that the connection between the client and the service is secure, a combination of factors needs to be used.

As it turns out, however, the “two-factor authentication” that Bank of America has implemented on its site is anything but secure; in fact it’s only multi-factor if you tinker with the definition a bit. The entire concept behind the Sitekey theatrics is that you provide the bank with your username and state, which is then used to look up the Sitekey image that you provided them when you set up the account. When this image is then presented to you, the site wants to know if you recognize the image and its corresponding title. If it’s the correct, you enter your passcode and you’re good to go.

The idea is that only the real Bank of America would have the correct image, and that there is no way that a phishing site could possible present you with the correct image. So, if you don’t see or recognize the image, don’t log in; it’s not the real Bank of America site.

Well, that’s not exactly true either; Bank of America might not be the only ones with access to the image. The SiteKey system can be and has been hacked, and it didn’t take MIT graduates to do it. A simple man-in-the-middle attack is all that’s needed to bypass the authentication system and gain access to users’ bank accounts.

Wanna set up your own phishing scheme? Here’s all you have to do: setup a site that looks and feels just like the real Bank of America site, and start attracting visitors; a common way of doing so would be to send out spam designed to look like it came from, say, a Bank of America representative, asking that the recipient please click on a false link (which looks valid) to the banking site to check on some critical information; maybe verify an address, or something like that. Once you get victims to the site, the hard part is already over. Just sit back and wait for the login information to roll on in. When the victim enters in his or her username and state, the fake site will head over to the real Bank of America site to enter in the exact same information, wait for the Bank of America site to present the SiteKey, so that it can be copied and presented to the victim, who will (gladly) validates it and enter the passcode. The fake site then goes back to the real site, enters the passcode and voilà, you’re in! Happy robbing!

Bank of America’s “security” measures have been seriously compromised, and, unfortunately, it doesn’t look like it’s going to change anytime soon. Not only is it broken, but most users probably wouldn’t even notice if the SiteKey image never even came up. According to a fairly recent MIT study, 97% of those tested went ahead and entered in their passcode even though the SiteKey image wasn’t present. Only two people had the presence of mind to realize that maybe, just maybe, there might be a security concern. So, if you don’t want to set up a complex system to check back and forth with the real banking site, just omit the image and simply have the victims enter the login information for your later use (and then, maybe, direct them to a page reading “OWN3D!!!” or something like that to rub it in).

With the intent of possibly saving the nation a lot of money, Congress decided in 2005 that they would extend the period of daylight savings by three weeks in the spring and another week in the autumn. The change may seem quite trivial in nature and plenty of notice seems to have been given, but for many large scale businesses the change may cause some frustration.

While the average computer user may not notice much of a problem, the early rollback might seem very reminiscent of the whole Y2K scare to many IT professionals across the country. Even though the implications of this “March Madness” are far less than those of the Year 2000 bug, there is still the possibility that mission critical IT systems might fumble, or even drop, the ball.

Many corporations have complex IT networks which consist of a wide range of equipment and operating systems, both new and old. Most of the equipment purchased after the congressional announcement should have no problem with the switch, as the developers should have already programmed the change into the systems. Unfortunately, there are still plenty of systems and software packages in use whose origins predate the announcement. Certainly, the systems that have wide userbases, like Windows 2000 and XP, will be supplied with automatic, hassle-free updates from their manufacturers, but not all software in use today enjoys that luxury.

There are plenty of companies that use software packages that many in the tech-world would consider ancient. A lot of this software, which could very well suite the needs of the client perfectly, might not be supported by the developers anymore. Similarly, there are plenty of companies that user custom written operating systems and software packages that only they use and know how to operate. In essence, this means that hordes of IT professionals will have to divert themselves from their regular tasks to tend to what should be a very trivial transition.

A lot of gadgetry, like certain smart phones, will not automatically update themselves, and the task of manually setting these and other devices to the correct time will probably fall on the IT departments of various businesses. Resetting certain systems isn’t always as simple as applying a supplied patch, due to all of the compatibility concerns that might arise. Take Microsoft Exchange, for example: Microsoft has pushed out patches for Outlook and Entourage mail clients, as well as for Windows and Exchange servers, but all of these patches need to be applied in a very specific order, and within a certain, rather narrow timeslot to avoid any potential screw-ups.

Even if a Windows machine receives the update in time, all might not be well. That little clock in the bottom right of the desktop may read the correct time, but it’s possible that users might still receive appointment notifications an hour late because the corporate server didn’t update correctly, or because the internal application clock in packages like Lotus Notes may not have updated at all.

The range of possible problems is practically endless. The early transition might not only mess with your thermostat or doctor’s appointment, but it can also wreak havoc for other time-sensitive operations: arrival and departure times in the transportation industry might be off; payments might be late because of delayed transactions; automated stock market sales and purchases might occur at inopportune times. These are only a few of the possible problems.

As noted before, the last transition that caused some trouble was Y2K, which cost the global economy an estimated $21 billion. The early day light savings transition is undeniably no where near the scale of the Y2K debacle, but the potential of lost revenue is definitely there. If a particular system were to take a drastic hit, it’s not out of the question that some companies may face slight revenue losses for a day or two.

If this day light savings transition is to be anything like the Y2K issue, then a lot of businesses and professionals will probably wake up the next morning to find that they were really making a lot of fuss about nothing, and that everything worked out as it should have. One transition down, one more to go…

The formal reign of the 109^th Congress has ended and with it the current threat to the neutrality of the Internet.

Net Neutrality has been a touchy topic on the web for the last few months, and now that the threat has died down, I believe that it’s important to recap how important this issue really is. The proposals to limit Net Neutrality are dangerous. They threaten to encroach upon the very principles that have made the Internet so great. Anyone, no matter where they are, can get access to an extremely vast assortment of information, opinions and entertainment, without any bias or censorship.

In a nutshell, the concept behind Net Neutrality is that the network operators, such as Comcast, Verizon, and AT&T, cannot discriminate against the traffic that flows across their networks. Every packet on the ‘Net should be treated the same, regardless of its origin, protocol, content, or destination. The logic behind this concept is quite simple; a provider should not have the legal right to treat data from one source with more respect and with faster service than that from another.

Here’s an example: since Comcast now also offers a VoIP service, called Digital Voice, should they have the right to allocate more network bandwidth towards their own service than to a competing VoIP service, like Skype?

The results of such traffic shaping would be especially pronounced on VoIP services, which depend on a fast and steady connection in order to work. The Internet as it’s currently offered by ISPs in America is barely fast enough for the average consumer to make decent sounding, uninterrupted calls over the Internet. So, would we want ISPs to have the power to discriminate against the traffic from a competing site or service? Such acts would result in even slower services for those who refuse to pay extra.

The problem only gets worse. If ISPs can selectively speed up and slow down traffic, they can then start to offer tiered services. Imagine having to pay the current price for your connection, only to end up with a “Basic” Internet package, and that faster and better access could cost you even more.

Access to the Internet would start to look a lot like cable TV subscriptions. For $39.99 you can get the bare basics, which isn’t that great. Now, if you wanted to add a few HD channels to the mix you’d have to pay $5.00 more. Would you like a subscription to HBO with that? Add another $9.95, and so on.

Now, imagine the same applied to your Internet access. For $39.99 you could get a “Basic” package, meaning that you might only be able to surf the Internet for, say, 14 hours a week. Of course you would also like to use Google for an unlimited amount of searches, that’ll be an extra $5.00 a month. And then there’s online shopping; why not add another $9.95 for unlimited access to Amazon and other major online stores? ISPs might then decide to charge you even more for other services, like e-mailing, chatting, file sharing, and whatever else they might come up with.

The above example may be a bit extreme, but that is ultimately what is at stake should Net Neutrality even be abolished. Luckily, the ‘Net is safe once more – or, at least until the next time major network providers manage to get some backing in the House or Senate.