Rulemaking is a slow process

Road sign: Accessible Routesimple announcement from the US Access Board today marks a rather large step in the process of re-writing the rules associated with Section 508 of the Rehabilitation Act. The “refresh,” as it has become known, is the first major change in the federal regulations that cover information technology purchases by US Government agencies, as well as the accessibility guidelines for websites.

The process of establishing a set of accessibility guidelines for website developers began in February of 1998 with the publication of the original Telecommunications Act Accessibility Guidelines. These were followed in December of 2000 with the Section 508 Standards themselves. The Standards, originally intended to affect only federal agencies, were quickly interpreted by many web accessibility advocates as the “law of the land.” Although controversial, the rules are generally thought to be applicable to any organization that accepts federal dollars meaning all states and many nonprofits are subject to them. The issue of whether all commercial websites in the United States need to be accessible has been debated for some time. In recent history, various court decisions dealing with commercial websites have determined some websites to be “public accommodations” and thus needing to be accessible to all.

By the mid-2000s it was becoming evident that the Section 508 Standards needed to be updated as technology was advancing greatly and the Standards were not. Efforts to update the rules began in 2006 when the Access Board created the Telecommunications and Electronic and Information Technology Advisory Committee and gave them the unenviable task of coming up with a new set of standards that everyone could agree upon. It took two years for the Advisory Committee to issue a report and another two years before the first draft of the “refresh” were published.

Those of you who have ever been involved in the creation of legislation know that “rulemaking” is a slow, deliberate task. On the federal level there are a set of extensive hearings and points for public input. The current revised draft of proposed rules were released in December of 2011 and are only now moving to the next step in the process.

According to today’s (March 10th) news release from the US Access Board:

The U.S. Access Board is in the process of jointly updating its Section 508 Standards for Electronic and Information Technology and its Telecommunications Act (Section 255) Accessibility Guidelines. On February 23, 2014, the Board submitted a proposed rule to update these standards and guidelines to the Office of Management and Budget (OMB) for review. OMB has 90 days to review the rule under Executive Order 12866. Once cleared by OMB, the proposed rule will be published in the Federal Register and will be available for public comment for a specified period of time.

Stay tuned!

See also:

Posted in Accessibility, General Information, News | Tagged , , , , | Leave a comment

We’re Under Attack

Alien Attach by Mike CoghlanIf you are a website owner and you haven’t had your website hacked or defaced by some nefarious “bad actors,” it is just a matter of time. But just because it hasn’t happened (yet), it doesn’t mean someone out there isn’t trying.

After a couple of close calls last fall where some of my own websites and those of some of my clients experienced “an incident,” I began to pay a lot more attention to this issue and learn as much as I could about what I can do as a website owner to “harden” my sites and prevent future exploitation. Here is some of what I learned:

  • Websites built with WordPress are increasingly the focus of attention of the bad actors. I am not sure why. Perhaps it is the fact that, according to some marketing reports, WordPress installations currently makes of 40% of the total number of content management systems on the web. When you are popular, you are…popular.
  • Many of these hack attempts are in the form of what is called a “brute force” attack. This involves repeated attempts at trying to enter your website’s login by “guessing” your password. The method uses special “robots” (knows as “bots”) to submit a user name and password guess many times per minute in hopes that you are using a rather common, easy-to-guess password. There are a number of things you can do (see below), but at the very least you need to have a strong password on all of your website logins – more about this later.
  • If you are using plain old FTP access to log in to your website you are treading in dangerous waters. If you must use FTP, make sure to use a “secure” version of FTP (either SFTP or FTPS) and work with your hosting company to make sure it is utilizing the best security protocols. Note: All hosted plans through jebswebs and Maine Hosting Solutions utilize FTPS as well as other security features.
  • Many of the “hackers” these days are politically motivated – so called “hacktivists” (see Wikipedia’s article about this). Recently, several of my clients’ sites, including my own were attacked and “defaced” (the homepage replaced) by some group supporting Syrian independence. The damage was repaired easily enough, but it does give you that same sense of vulnerability that comes when someone breaks into your house.

What you can do

Let’s begin by talking about passwords. You have probably heard it before, but on the chance that you have been living under a mushroom for the past 10 years – the strongest defense in internet security is a strong password. If you are like many and have been using the four letter name of your pooch as the password, you are at risk!

A recent security article about the hacking of Adobe.com last year revealed that nearly two million of the accounts used the password “123456” – talk about easy pickings! The best passwords are long, do not resemble any known word or phrase, and use a combination of many symbols and characters in addition to numbers and letters. This generally makes the password almost impossible to remember, so therefore they are not very popular.

Some other thoughts about passwords:

  • Change them often – at least twice per year, more frequent if you have an indication that you may have been compromised. Put it on your to-do list. Maybe schedule to do this when you turn your clocks in the fall and spring at the same time you replace the batteries in your smoke detector.
  • Don’t use the same password on every site. Once you password is compromised, the bad guys will be able to get into all of your accounts.
  • Your most important password is the one for your primary e-mail address. If someone gets a hold of you e-mail account just about all of your other accounts can be easily compromised.
  • Read some ideas about Secure Passwords from Google.

At a recent Maine WordPress Meetup in Portland, Sam Hotchkiss of Hotchkiss Computing, and the developer of a new brute force security plugin for WordPress called BruteProtect, presented on website security. Here is just a small sample of some of what Sam told us:

  • There are several free plugins available for WordPress installations that can impede brute force bots. The first is Sam’s aforementioned BruteProtect which sends all login attempts through an API running on another server that tracks the IP address from where the login attempt is coming. If the pattern of behavior mimics a brute force login attack, the API will block that IP address from proceeding further thus neutralizing that attack.
  • Another fine WordPress security plugin is called WordFence which in addition to the brute force protection, offers a number of additional features and services that monitor and your site watching for signs of nefarious activities and alerting you via e-mail when it has a concern.

BTW, brute force attacks are not limited to WordPress installations. Recent attacks on Joomla sites have prompted us to utilize some additional security methods. Contact jebswebs if you have questions about your website.

If you are experiencing security issues with your website, or just have noticed that things appear to be running slower than usual, you should contact your website developer and or your hosting company for advice and help.

And after you finish reading this, get busy and change those passwords!

———-
Credits:

Special thanks to Sam Hotchkiss for his insights into web site security. Read and download Sam’s PowerPoint presentation on website security.

Photo licensed through Creative Commons by Mike Coghlan

Posted in General Information, Security, Software | Tagged , , | Leave a comment

How to protect yourself from “Phishing” expeditions

During this season of giving, you don’t want to give “too much”…

UPDATE: January 7, 2014 – Another good article has just been published, by Tech Republic, which discusses the issue of “phishing.” Worth a read as well: “Technology can’t stop phishing perhaps common sense can.”

Boy fishingHaving been around for nearly 50 years, electronic mail – commonly known as e-mail - is the probably the oldest of all protocols used on the internet. And, it is still something nearly every “connected” person uses on a daily basis. Some folks, like me, live on e-mail, conduct business, share information and data, as well as general correspondence. In my case, my “inbox” often gets very full. With frequent use, comes complacency.

We all know about SPAM, that unfortunate, ubiquitous scourge of modern times. Most of us can effectively spot SPAM and many of us deploy some form of “spam-filtering” which automatically parses out the most egregious junk. Personally, I love Cloudmark DesktopOne for Outlook. This is an inexpensive paid service that maintains a “cloud-based” database of bad stuff that has been identified as SPAM. When installed as an e-mail client plugin, Cloudmark DesktopOne scans all of your incoming mail comparing it against this database. When I spot SPAM that has slipped through the filter, I click a “Block” button on my screen which moves the errant message to a special spam folder but also adds this information to the Cloudmark database so other subscribers benefit from my largess.

Most people also know about “phishing” – also known as e-mail spoofing. Unfortunately, this nasty newer threat is a harder security problem to resolve because, as all good magicians know, all of us can be tricked.

To quote from Wikipedia:

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware.

It is the last two parts of this description that are most troubling. First, phishing e-mails can LOOK very real. Very often the bad guys will use the real logos of popular and well-regarded companies and even use phony e-mail addresses that look like the real thing. They can sometimes be VERY real looking (and sounding) and trick even the most conscientious user. I know, it has happened to me!

A new article on ZD Net describes research that provides some chilling news.

Websense says that while the percentage of phishing attempts within all email traffic dropped to 0.5 percent in 2013 — down from 1.12 percent in 2012 — this is not necessarily good news. We may be receiving less of them, but campaigns are now far more sophisticated and targeted as criminals use additional resources in making campaigns more successful.

The article goes on to point to the five most commonly used e-mail “Subject:” lines used by scammers:

But what subject lines are most likely to dupe an individual or business in to falling for a phishing campaign? Based on the researchers’ findings, the top five which are most likely to be clicked upon are:

  1. Invitation to connect on LinkedIn

  2. Mail delivery failed: returning message to sender

  3. Dear Customer

  4. Comunicazione importante

  5. Undelivered Mail Returned to Sender

And most importantly the article ends with this recommendation that I totally agree with:

To combat phishing attacks, installing a strong security solution can alert you before malicious files are downloaded to a system or if you visit a website that is not legitimate. However, common sense is also key — for example, if you are not a member of a particular bank or haven’t recently conducted a transaction online, be extra careful before you open any emails. If in doubt, call the company in question.

Read the whole article “The five most dangerous email subjects to watch for” on ZDNet.

Read the original study published by Websense Security. There is also a link for a free white paper, “Defending against Today’s Targeted Phishing Attacks.”

——

Photo credit: Image licensed through Creative Commons by U. S. Fish and Wildlife Service – Northeast Region

Posted in General Information, Software | Tagged , , | Leave a comment

Shopping for New Laptop?

My New HP LaptopAfter nine years, I recently purchased a new PC laptop to replace the HP Pavilion that has served me well. I also have access to a relatively new MacBookPro and an Apple iPad (both on loan from Maine CITE), so there is no shortage of mobile devices at my fingertips.

There has been a lot of discussion of late as to whether the “PC is dead” and whether there is any longer a need for laptops or even desktop. You can make you your own mind on that. For this blog, I am taking this time to express my rationalization for making this recent purchase and what to look for if you are also so inclined.

1: Do I need a personal computer anymore, or can I get by with a mobile device like a tablet or smart phone?

Good question. For many the answer is no, you don’t need a personal computer and may be able to get by with a handheld device like a tablet or even something smaller like an iPod Touch.

First, you need to ask yourself what it is that you use the computer for. If you are simply cruising the web, sending/reading e-mails, the occasional online purchase, and maybe social media, you probably do NOT need a bigger device. Even if you need to do the occasional spreadsheet or presentation, you can probably get by just fine with one of the many tablet devices on the market. But if you do any activities that require computing POWER – you WILL need a laptop or desktop computer.

Examples of activities that require computing POWER are:

  • Any kind of serious media editing (video, audio or even graphics),
  • Heavy number crunching (spreadsheets with lots of data, accounting, and database development), and
  • Any serious content creation (writing, imagery, and media).

No one who is engaged in extensive writing (even if it means doing research papers for a college class) probably will want/need the flexibility and features of a “full-size” word processor and these features are simply not available in the apps or even in “cloud” based services like Google Docs.

Yes, there are many “apps” – even free ones – that will do many amazing things on a small tablet device – but there are limits on what these apps can do and you will be pretty frustrated when you discover at two o’clock in the morning when you are trying to get your term paper finished you can’t do something that you need to do. Note: recent changes in the popular and inexpensive iWork program from Apple reduced some features on the Mac OSX version to make it more compatible with the iOS version. This removal of valued features has made many Apple users furious.

So the short answer to this question is: if there is ANY chance that you will need to do some heavy lifting with your personal technology – err on the side of getting a bigger device – a desktop or laptop personal computer.

2: Laptop…what kind…?

If you are a bona fide Apple person, there is no question that you will be buying a new MacBook. Your choices are a MacBookAir or a MacBookPro. Both are solid devices and the differences – apart from the cost – have to do with portability and features. Have fun shopping.

If you are a traditional PC/Windows user, I have to say this time you have a big choice to make. Stay with the Windows operating system or possibly considering switching to a Mac. I’ve never said this before, but my reasoning is this.

The differences between Windows 7 and Windows 8 are significant. This is a completely new operating system and you will need to learn a whole bunch of new ways to do things. You will find yourself clicking on the help button and searching for support on-line. You certainly will be able to get it to work and eventually you will get more comfortable with Windows 8, but there will be a measureable learning curve as it is a very different operating system from what you are used to.

If you have been using Windows Vista or Windows XP (like me), the change to Windows 8 is enormous and your learning time will be very significant.

Since you will be needing to learn to use a new operating system, you really need to consider if you want to take the time to learn Windows 8 or take the plunge and learn the Mac OSX operating system. Surprisingly, in my mind, the Mac OSX is actually closer to the old Win XP operating system and it will be a quicker learn.

3: Okay, I’ve decided on a PC/Windows laptop with Windows 8…what now?

This was the position I was in a few weeks ago, so I will speak specifically about my experience.

I was replacing a nine year old HP laptop that has served me well over the year. In recent times it has been relegated to second-backup and almost never used anymore as a portable machine. The battery pack had long-ago lost its ability to hold a charge and the unit needed to remain plugged in to be used and so it would not lose its BIOS memory. This old critter was running Windows XP and had Office 2010 on it (Office 2013 would not run on it). It was used almost entirely for e-mail and browser use. Very rarely I would use it for some word processing. Ironic given the fact that nine years ago this was a top of the line laptop costing nearly $2,000.

Currently, my primary laptop to take to meetings and on the road is the MacBookPro loaded with Office 2011 for Mac and little else. On the road it is primarily used for note taking, e-mail, browsing and the occasional PowerPoint presentation. The new laptop replaces this one as the primary road-machine, but will spend most of its time on one of my office desks as a back-up and as a way to learn Windows 8 (and 8.1).

For these reasons, I chose a relatively inexpensive device. I was able to find a great deal at Best Buy on this HP 2000 Notebook running on an Intel i3 chip with 4GB of RAM and 450GB hard drive. It came with Windows 8.0, and with some effort, I upgraded almost immediately to Windows 8.1 (as far as I can tell there is very little difference between the two versions). This device cost about $350 plus tax … a VERY good deal.

I had already purchased/owned MS-Office 2013 with Office 365 and with a password and the click of a button, the new device installed the new Office very quickly. I had my laptop e-mail set up in minutes and quickly downloaded and installed the Google Chrome and Firefox browsers. That was the easy part.

This device is very nice. It has excellent screen resolution and brightness, runs very quickly and is about the same weight as the MacBookPro. It does have a CD-player/recorder, three USB ports (not USB 3.0), a standard external monitor port (also used for connecting to LCD projectors) and a HDMI port for connecting to a HD TV or monitor.

Sadly, the only downside is Windows 8.

Okay, my take on Windows 8.

This was Microsoft’s attempt at developing one operating system that would work on all devices (desktops, laptops and tablets). They wanted to get ahead of Apple, with its great success with the iPads and iPhones, and create an environment where folks will use “hybrid machines” – machines that are both a laptop and a tablet. All you have to do is watch all the ads on TV this Christmas season and see this is the method of their madness. But if you are like me and just need a laptop, Windows 8 will drive you crazy. I would almost recommend – if you can find one – buy a laptop that has Window 7 on it. Sorry, Redmond, you blew it.

My new laptop device DOES NOT have a touch screen so to use any of the Windows 8 apps requires clicking them with the pointing device (mouse or touch pad). Unfortunately, the “Start” screen of Windows 8 OS is designed for a touch screen just like the iOS environment. Many of the Windows 8 “apps” open with information that is project across the screen horizontally and requires moving across the screen to see things scrolled to the right. It is simply maddening with a pointing device. Arrgggh!

I could go on an extended rant about Windows 8, but there are many who have already done that (see one of many examples). Maybe Microsoft will get smart and create a Windows 8 desktop that works like the old Windows 7. But don’t count on it.

Happy Holidays!

Posted in General Information, Hardware | Tagged , | Leave a comment

Approaching Accessibility

I prepared this article at the request of folks at AT Program News where it will also appear. Thank you to Eliza Anderson for editorial services!

About twenty years ago I sat in the basement of the library on the campus of Indiana University of Pennsylvania (IUP) staring at the one of the two IBM PC computers with enough RAM (2 MB – yes, MB not GB) to run a new application called a “browser.” The application, Mosaic, was one of the first of its kind and the room quickly filled with excitement as we marveled at this new, soon-to-be-called, “World Wide Web” (WWW).

Two years later I was the “Webmaster” for the University of New England, knee-deep in creating Web content and layout. There were no courses then as we taught ourselves the intricacies of HTML and the other assorted computer code needed to fill the WWW with content. In those early years we drooled over the graphic user interface (GUI) and “colorfulness” of the WWW (some of us still remember the world of DOS and monochrome monitors) as well as the ability to use hypertext (i.e. “links) to navigate from “page” to “page; and we never considered the needs of individuals with disabilities. Little did we know we were closing doors for many users.

We have come a long way in those twenty years and perhaps the biggest change in the workings of the WWW over that time has been the movement from static content to dynamic/interactive content. As the UNE Webmaster, I was the only person who could make changes to published Web content, hence the “master” part of the title. But now anyone and everyone who can log into the Internet can be a content producer. It is this evolution that presents the biggest challenge to Web accessibility.

There is plenty of information available detailing accessibility guidelines/standards and equally many tutorials to help designers and developers (the Webmasters of today) to begin the process of ensuring that the “core” Web presence is accessible to all. But ensuring the accessibility of all content created by all users is a monumental task.

Contributing to this dilemma is the fact that today’s Web content is no longer simply HTML. Better we should use the term “digital documents” to describe this content, as nearly all that is communicated via the Internet starts as some form of digital document. Perhaps we need to recognize the fact that with so many content producers, achieving full Internet accessibility will always be just beyond our grasp. Perhaps our goal should be to “approach” accessibility, similar to the Mathematical construct of “approaching infinity.” We know we will never get there, but in the process, we maintain continuous improvement.

With these thoughts in mind, below are some practical objectives and recommendations for how to accomplish them.

Objectives:

  1. Create, and widely distribute, quick, easy-to-understand information “packets” describing how to create accessible digital documents.
  2. Develop smart, intuitive, easy to use accessibility tools that check and assist users to make their digital documents more accessible.
  3. For public accommodations (businesses and organizations that legally must ensure access), develop easy-to-understand policies and procedures for checking and re-checking content and allocating and assigning the resources to monitor and respond as necessary.

Recommendations:

  1. The first objective is not too difficult. For at least three or four years, our friends at the National Center on Disabilities and Access to Education (NCDAE) – Goals Project have been developing and publishing sets of free easy-to-use “cheat sheets” to help individuals in the quest to create accessible digital documents. GOALS currently has eleven cheat sheets ranging from how to make accessible digital documents using the leading products from Microsoft and Adobe to how to caption YouTube videos. All of the materials are free and come in easy to print PDF one-pagers that may be distributed to all your content producers. Note, these resources are continually updated as the technologies change and upgrades are released. NCDAE cheat sheets
  2. Since its release of Office 2010, Microsoft has included the Microsoft Office – Accessibility Checker (MSO-AC) in Word, Excel, and PowerPoint. Here is an article about how to use the MSO-AC that we wrote for Maine CITE a few years ago and here is an on-line tutorial from Microsoft for the latest version of Office. Note that the MSO-AC does more than simply check for errors, it provides specific directions to the user on how to mitigate errors and problems. Unfortunately, the MSO-AC is currently only available for MSO for Windows.A similar accessibility checker is also built into current versions of Adobe Acrobat and Adobe InDesign CS5.5. Use this link to see quick tutorial as well as cheat sheets for Acrobat and InDesign from NCDAE-GOALS.
  3. This is the hardest of the three objectives to accomplish, but there has been progress. Many state agencies and educational organizations have already developed and instituted policies detailing the necessity of ensuring content accessibility. Unfortunately, often times this is being driven by fear – no one wants to see the name of their institution on the front page of the New York Times because their web site failed to meet the needs of one or more of their constituents.Sadly, some organizations have interpreted the term “accommodation,” detailed in Section 504 of the Rehabilitation Act, as meaning they don’t have to do anything until a constituent asks for it. However, the proactive approach (not reactive) is much more likely to achieve positive results. It is not only good policy to be forward thinking, but more economical to institute the proactive practice of ensuring all your organization’s materials are accessible rather than to wait for the day when you “have to” accommodate.For those who don’t see the value of proactive thinking, here’s a simple example using the notion of Search Engine Optimization (SEO). Uncaptioned video content posted on the web is not indexed by search engines like Google or Bing. Yes, they will “see” you have a video file and will add the name of the file to their index, but the search engine will never “know” anything about the content inside the video. On the other hand, if you caption your video and post the caption file along with the video, the search engines will index the caption file and, as a result, increase the probability that people will find your web content (optimization). This simple step might result in more traffic to your Web site, more constituents being able to find the content on your site, and greater exposure of your organization’s mission to the entire world.

I have often said that accessibility is a “moving target.” Technologies change, methodologies change, and even the users/content creators change. Design standards and guidelines will never be able to keep up with all of these changes, so simply relying on some automated means of checking files against some written accessibility standard may bring a false sense of security.

Accessibility requires training and vigilance. Identifying someone (or preferably a team) in the organization to keep up on the changes and training is essential. Good communication between team members and the larger organization, fostering a climate of teamwork, and supporting and encouraging folks to change their behavior because they will achieve better outcomes should become your organization’s goal as you continue in your effort to “approach accessibility.”

 

Posted in Accessibility, education, General Information, universal design | Tagged , , , | Leave a comment
Skip to top