FCC Issues New Standards for TV Closed Captioning

fcc logoFrom the US Access Board News

The Federal Communications Commission (FCC) has issued new standards to improve the quality and accuracy of TV closed captioning. The new rules – some of which go into effect on April 30, 2014 and some on June 30, 2014 – apply to all television programming, including pre-recorded and live programs, and address caption accuracy, synchronicity, and placement. They also require full program coverage to the fullest extent possible. The standards are more comprehensive than earlier rules in establishing qualitative criteria for TV captioning and providing greater guidance to video programmers and programming distributors. In addition to the standards, the FCC included best practice recommendations for video programmers and captioning vendors in the rule.

In a related action, the FCC also issued a supplementary notice seeking public comment on ways to further enhance accessibility to television programming and to improve the FCC’s procedural rules. For more information, visit the FCC’s website.

Posted in Accessibility, General Information, Legal/Law, News | Tagged , , | Leave a comment

WordPress Update

WordPress logo v 3.9If you are hosting your WordPress site through jebswebs – and you are maintaining the content - you may notice a few new things the next time you log in.

First off, WordPress (WP), the world’s leading open-source content management system for website development just released version 3.9 call Smith in honor of Jazz legend Jimmy Smith. All of the WP sites we maintain were updated today.

Among some of the things you may notice:

Improved visual editing

“The updated visual (text) editor has improved speed, accessibility, and mobile support. You can paste into the visual editor from your word processor without wasting time to clean up messy styling. (Yeah, we’re talking about you, Microsoft Word.)”

This is a dramatic update in the sense it will really speed things up when you are copying and pasting-in content from your word processor or even from another website. Thank you WordPress!

The other thing I have noticed about the new text editor is that the layout of the content in the editor now looks closer to the way it will actually look on the webpage when it is published. No more wondering if words will wrap in weird places or if the image will be in the right spot.

Edit images easily

“With quicker access to crop and rotation tools, it’s now much easier to edit your images while editing posts. You can also scale images directly in the editor to find just the right fit.”

This too will be a big time-saver. If you have been spending time editing and re-editing your images off-site, before posting, you will now be able to do some of that editing on-the-fly in WordPress. I just tried it – very cool.

Accessibility

I know that the Make WordPress Accessible team has been working in the background to make this new update more accessible. I will be checking with them to learn about the specific changes and reporting them to you in a separate posting.

Have fun exploring the new version! And be sure to contact jebswebs if you need support with your WordPress site.

Learn more about WordPress v 3.9 on the WordPress.org website…

Posted in General Information, Software | Leave a comment

Rulemaking is a slow process

Road sign: Accessible Routesimple announcement from the US Access Board today marks a rather large step in the process of re-writing the rules associated with Section 508 of the Rehabilitation Act. The “refresh,” as it has become known, is the first major change in the federal regulations that cover information technology purchases by US Government agencies, as well as the accessibility guidelines for websites.

The process of establishing a set of accessibility guidelines for website developers began in February of 1998 with the publication of the original Telecommunications Act Accessibility Guidelines. These were followed in December of 2000 with the Section 508 Standards themselves. The Standards, originally intended to affect only federal agencies, were quickly interpreted by many web accessibility advocates as the “law of the land.” Although controversial, the rules are generally thought to be applicable to any organization that accepts federal dollars meaning all states and many nonprofits are subject to them. The issue of whether all commercial websites in the United States need to be accessible has been debated for some time. In recent history, various court decisions dealing with commercial websites have determined some websites to be “public accommodations” and thus needing to be accessible to all.

By the mid-2000s it was becoming evident that the Section 508 Standards needed to be updated as technology was advancing greatly and the Standards were not. Efforts to update the rules began in 2006 when the Access Board created the Telecommunications and Electronic and Information Technology Advisory Committee and gave them the unenviable task of coming up with a new set of standards that everyone could agree upon. It took two years for the Advisory Committee to issue a report and another two years before the first draft of the “refresh” were published.

Those of you who have ever been involved in the creation of legislation know that “rulemaking” is a slow, deliberate task. On the federal level there are a set of extensive hearings and points for public input. The current revised draft of proposed rules were released in December of 2011 and are only now moving to the next step in the process.

According to today’s (March 10th) news release from the US Access Board:

The U.S. Access Board is in the process of jointly updating its Section 508 Standards for Electronic and Information Technology and its Telecommunications Act (Section 255) Accessibility Guidelines. On February 23, 2014, the Board submitted a proposed rule to update these standards and guidelines to the Office of Management and Budget (OMB) for review. OMB has 90 days to review the rule under Executive Order 12866. Once cleared by OMB, the proposed rule will be published in the Federal Register and will be available for public comment for a specified period of time.

Stay tuned!

See also:

Posted in Accessibility, General Information, News | Tagged , , , , | Leave a comment

We’re Under Attack

Alien Attach by Mike CoghlanIf you are a website owner and you haven’t had your website hacked or defaced by some nefarious “bad actors,” it is just a matter of time. But just because it hasn’t happened (yet), it doesn’t mean someone out there isn’t trying.

After a couple of close calls last fall where some of my own websites and those of some of my clients experienced “an incident,” I began to pay a lot more attention to this issue and learn as much as I could about what I can do as a website owner to “harden” my sites and prevent future exploitation. Here is some of what I learned:

  • Websites built with WordPress are increasingly the focus of attention of the bad actors. I am not sure why. Perhaps it is the fact that, according to some marketing reports, WordPress installations currently makes of 40% of the total number of content management systems on the web. When you are popular, you are…popular.
  • Many of these hack attempts are in the form of what is called a “brute force” attack. This involves repeated attempts at trying to enter your website’s login by “guessing” your password. The method uses special “robots” (knows as “bots”) to submit a user name and password guess many times per minute in hopes that you are using a rather common, easy-to-guess password. There are a number of things you can do (see below), but at the very least you need to have a strong password on all of your website logins – more about this later.
  • If you are using plain old FTP access to log in to your website you are treading in dangerous waters. If you must use FTP, make sure to use a “secure” version of FTP (either SFTP or FTPS) and work with your hosting company to make sure it is utilizing the best security protocols. Note: All hosted plans through jebswebs and Maine Hosting Solutions utilize FTPS as well as other security features.
  • Many of the “hackers” these days are politically motivated – so called “hacktivists” (see Wikipedia’s article about this). Recently, several of my clients’ sites, including my own were attacked and “defaced” (the homepage replaced) by some group supporting Syrian independence. The damage was repaired easily enough, but it does give you that same sense of vulnerability that comes when someone breaks into your house.

What you can do

Let’s begin by talking about passwords. You have probably heard it before, but on the chance that you have been living under a mushroom for the past 10 years – the strongest defense in internet security is a strong password. If you are like many and have been using the four letter name of your pooch as the password, you are at risk!

A recent security article about the hacking of Adobe.com last year revealed that nearly two million of the accounts used the password “123456” – talk about easy pickings! The best passwords are long, do not resemble any known word or phrase, and use a combination of many symbols and characters in addition to numbers and letters. This generally makes the password almost impossible to remember, so therefore they are not very popular.

Some other thoughts about passwords:

  • Change them often – at least twice per year, more frequent if you have an indication that you may have been compromised. Put it on your to-do list. Maybe schedule to do this when you turn your clocks in the fall and spring at the same time you replace the batteries in your smoke detector.
  • Don’t use the same password on every site. Once you password is compromised, the bad guys will be able to get into all of your accounts.
  • Your most important password is the one for your primary e-mail address. If someone gets a hold of you e-mail account just about all of your other accounts can be easily compromised.
  • Read some ideas about Secure Passwords from Google.

At a recent Maine WordPress Meetup in Portland, Sam Hotchkiss of Hotchkiss Computing, and the developer of a new brute force security plugin for WordPress called BruteProtect, presented on website security. Here is just a small sample of some of what Sam told us:

  • There are several free plugins available for WordPress installations that can impede brute force bots. The first is Sam’s aforementioned BruteProtect which sends all login attempts through an API running on another server that tracks the IP address from where the login attempt is coming. If the pattern of behavior mimics a brute force login attack, the API will block that IP address from proceeding further thus neutralizing that attack.
  • Another fine WordPress security plugin is called WordFence which in addition to the brute force protection, offers a number of additional features and services that monitor and your site watching for signs of nefarious activities and alerting you via e-mail when it has a concern.

BTW, brute force attacks are not limited to WordPress installations. Recent attacks on Joomla sites have prompted us to utilize some additional security methods. Contact jebswebs if you have questions about your website.

If you are experiencing security issues with your website, or just have noticed that things appear to be running slower than usual, you should contact your website developer and or your hosting company for advice and help.

And after you finish reading this, get busy and change those passwords!

———-
Credits:

Special thanks to Sam Hotchkiss for his insights into web site security. Read and download Sam’s PowerPoint presentation on website security.

Photo licensed through Creative Commons by Mike Coghlan

Posted in General Information, Security, Software | Tagged , , | Leave a comment

How to protect yourself from “Phishing” expeditions

During this season of giving, you don’t want to give “too much”…

UPDATE: January 7, 2014 – Another good article has just been published, by Tech Republic, which discusses the issue of “phishing.” Worth a read as well: “Technology can’t stop phishing perhaps common sense can.”

Boy fishingHaving been around for nearly 50 years, electronic mail – commonly known as e-mail - is the probably the oldest of all protocols used on the internet. And, it is still something nearly every “connected” person uses on a daily basis. Some folks, like me, live on e-mail, conduct business, share information and data, as well as general correspondence. In my case, my “inbox” often gets very full. With frequent use, comes complacency.

We all know about SPAM, that unfortunate, ubiquitous scourge of modern times. Most of us can effectively spot SPAM and many of us deploy some form of “spam-filtering” which automatically parses out the most egregious junk. Personally, I love Cloudmark DesktopOne for Outlook. This is an inexpensive paid service that maintains a “cloud-based” database of bad stuff that has been identified as SPAM. When installed as an e-mail client plugin, Cloudmark DesktopOne scans all of your incoming mail comparing it against this database. When I spot SPAM that has slipped through the filter, I click a “Block” button on my screen which moves the errant message to a special spam folder but also adds this information to the Cloudmark database so other subscribers benefit from my largess.

Most people also know about “phishing” – also known as e-mail spoofing. Unfortunately, this nasty newer threat is a harder security problem to resolve because, as all good magicians know, all of us can be tricked.

To quote from Wikipedia:

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware.

It is the last two parts of this description that are most troubling. First, phishing e-mails can LOOK very real. Very often the bad guys will use the real logos of popular and well-regarded companies and even use phony e-mail addresses that look like the real thing. They can sometimes be VERY real looking (and sounding) and trick even the most conscientious user. I know, it has happened to me!

A new article on ZD Net describes research that provides some chilling news.

Websense says that while the percentage of phishing attempts within all email traffic dropped to 0.5 percent in 2013 — down from 1.12 percent in 2012 — this is not necessarily good news. We may be receiving less of them, but campaigns are now far more sophisticated and targeted as criminals use additional resources in making campaigns more successful.

The article goes on to point to the five most commonly used e-mail “Subject:” lines used by scammers:

But what subject lines are most likely to dupe an individual or business in to falling for a phishing campaign? Based on the researchers’ findings, the top five which are most likely to be clicked upon are:

  1. Invitation to connect on LinkedIn

  2. Mail delivery failed: returning message to sender

  3. Dear Customer

  4. Comunicazione importante

  5. Undelivered Mail Returned to Sender

And most importantly the article ends with this recommendation that I totally agree with:

To combat phishing attacks, installing a strong security solution can alert you before malicious files are downloaded to a system or if you visit a website that is not legitimate. However, common sense is also key — for example, if you are not a member of a particular bank or haven’t recently conducted a transaction online, be extra careful before you open any emails. If in doubt, call the company in question.

Read the whole article “The five most dangerous email subjects to watch for” on ZDNet.

Read the original study published by Websense Security. There is also a link for a free white paper, “Defending against Today’s Targeted Phishing Attacks.”

——

Photo credit: Image licensed through Creative Commons by U. S. Fish and Wildlife Service – Northeast Region

Posted in General Information, Software | Tagged , , | Leave a comment
Skip to top