Mac Pro Tower Tips

September 2008

On the new Mac Pro Tower of 8 core Power, there are two disc bay trays.
If you have the keyboard with the eject button in the top right corner,
you can push it and you have to guess to see which bay will open.

Hold down the (option) key and press the eject button to open the second
tray.

The new Sony HD cameras are really nice, but if you pull off video onto a PC
and have (.mod) files, the Mac Pro will not recognize the files.
Use the Mac Pro and the iLink cord with the Sony HD to capture the footage
directly from the camera using iMovie or Final Cut Pro.

USA is Number One, USA is Number One!!!

September 2008

Report claims bulk of cyber attacks originate from U.S. SecureWorks has published details on the originating sources of attacks aimed at its clients during 2008. The details reveal that almost all of the cyber attacks originated from sources within the United States, followed closely by the People’s Republic of China. However, there were 12.9 million more attacks originating in the U.S., suggesting that American businesses have yet to take appropriate steps to secure their systems.

Palin-Styled Hacks

September 2008

Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack. Google Inc.’s Gmail, Microsoft Corp.’s Windows Live Hotmail, and Yahoo Inc.’s Mail all rely on automated password-reset mechanisms that can be abused by anyone who knows the username associated with an account and an answer to a single security question, according to quick tests run by Computerworld. Computerworld reporters and editors were able to “break” into their own and colleagues’ accounts on all three services, then reset passwords armed only with the account’s username and the correct response to one of a limited number of common security questions, such as mother’s maiden name, the name of a favorite pet, or the make of a first car. Some of the personal information that would provide answers to the security questions may be easily found by searching social networking sites or the Internet. Hackers who know the username of an account – which is often identical to the part of the e-mail address that precedes the “@” symbol – and correctly type the distorted “CAPTCHA” characters are faced with only a security question before being allowed to change the account password.

Adobe Bowed Out!!!

September 2008

Adobe yanks speech exposing critical ‘clickjacking’ vulnerabilities. Two prominent security researchers have pulled a scheduled talk that was to demonstrate critical holes affecting anyone who uses a browser to surf the web. They say they planned to demonstrate serious “clickjacking” vulnerabilities involving every major browser during a presentation scheduled for September 24 at OWASP’s AppSec 2008 Conference in New York. They canceled their talk at the request of Adobe, one of the developers whose software is vulnerable to the weakness, they say. The pair planned to disclose flaws in the architecture of all of today’s web browsers that allow malicious websites to control the links visitors click on. Once lured to a fraudulent address, a user may think he’s clicking on a link that leads to Google – when in fact it takes him to a money transfer page, a banner add that is part of a click-fraud scheme, or any other destination the attacker chooses. The technique can also forge the address that appears on a status bar at the bottom of a web browser, so even those who are careful to check referring address before clicking can be tricked, one researcher says.

Quicktime Hacked!!!

September 2008

Hacker posts QuickTime zero-day attack code. A hacker has released attack code that exploits an unpatched vulnerability in Apple Inc.’s QuickTime, just a week after the company updated the media player to plug nine other serious vulnerabilities, a security researcher said Wednesday. The exploit, which was published on the milw0rm.com site Tuesday, takes advantage of a flaw in the ““ parameter in QuickTime, which is not prepared to handle excessively-long strings, said a researcher with Symantec Corp.’s DeepSight threat notification network. In its present form, the exploit triggers a QuickTime crash, but it may be more serious. “The exploit suggests that code execution may be possible,” the researcher added, “[and] if this flaw were to allow arbitrary code to run, it may pose a significant risk, because attackers may be able to exploit the issue by embedding a malicious file into a site.” The researcher had little advice for users beyond urging them to be wary while browsing and to consider disabling the QuickTime plug-in, which is commonly found on Windows machines and installed by default on all Macs.

Film Links

September 2008

Here is a COLLECTION OF INFO that has been accumulated throughout the years when it comes to PRODUCING A FILM from the experts. Some of this stuff is good for everyone, in all aspects of life when it comes to setting up projects.

Hope you enjoy the info that was made through practical efforts of gut, sweat and tears:

FILM PRODUCTION
http://www.wildsound-filmmaking-feedback-events.com/film_production.html

TIME MANAGEMENT
http://www.wildsound-filmmaking-feedback-events.com/time_management.html

Rules of the Trade of Hiring the best Crew you can.
http://www.wildsound-filmmaking-feedback-events.com/hiring_your_crew.html

NEGOTIATING
http://www.wildsound-filmmaking-feedback-events.com/negotiating.html Negotiating

FILM AGREEMENTS
http://www.wildsound-filmmaking-feedback-events.com/film_agreements.html

MEETINGS
http://www.wildsound-filmmaking-feedback-events.com/meetings.htmlMeetings

GOOD, CHEAP and FAST
http://www.wildsound-filmmaking-feedback-events.com/good_cheap_and_fast.html

FILM BUDGETING
href="http://www.wildsound-filmmaking-feedback-events.com/film_budget_rules.html

FILM PRODUCER QUOTES
href="http://www.wildsound-filmmaking-feedback-events.com/film_producer_quotes.html

You'll also love our http://www.wildsound-filmmaking-feedback-events.com/one_page_screenplay_competition_II.html
One Page Screenplay Competition

SUBMISSION DEADLINE APPROACHING
WILDsound Film and Screenplay Festival

Deadline approaching. Be a part of the fastest growing and most unique Film Festival in the world today:

FILM SUBMISSIONS - See the full details to submit your film
http://www.wildsound-filmmaking-feedback-events.com/film-festival-submissions.html

SCREENPLAY SUBMISSIONS - See the full details to submit your script
http://www.wildsound-filmmaking-feedback-events.com/screenplay-submissions.html

Multi-State Sharing Info about Cyber Security

September 20088

MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY

MS-ISAC ADVISORY NUMBER:
2008-030

DATE ISSUED:
09/09/2008

SUBJECT:
Multiple Vulnerabilities in Microsoft Graphics Device Interface (GDI+) Could Allow Remote Code Execution

OVERVIEW:
Five vulnerabilities have been discovered in the Microsoft Graphics Device Interface (GDI+), which could allow an attacker to take complete control of an affected system. These vulnerabilities can be exploited if a user views a malicious web page or opens an email attachment containing an image file specially designed to exploit one of the vulnerabilities. Successful exploitation will result in an attacker gaining the same privileges as the logged on user. If the user is logged on with administrator privileges, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.

SYSTEMS AFFECTED:

o Windows XP Service Pack 2 & 3

o Windows XP Professional x64 Service Pack 1 & 2

o Windows Server 2003 Service Pack 1

o Windows Server 2003 Service Pack 2

o Windows Server 2003 x64 Edition

o Windows Server 2003 x64 Edition Service Pack 2

o Windows Server 2003 with SP1 for Itanium-based Systems

o Windows Server 2003 with SP2 for Itanium-based Systems

o Windows Vista and Windows Vista Service Pack 1

o Windows Vista x64 Edition

o Windows Vista x64 Edition Service Pack 1

o Windows Server 2008 for 32-bit Systems

o Windows Server 2008 for x64-based Systems

o Windows Server 2008 for Itanium-based Systems

o Microsoft Windows 2000 Service Pack 4

o Microsoft Internet Explorer 6 Service Pack 1

o Microsoft .NET Framework 1.0 Service Pack 3

o Microsoft .NET Framework 1.1 Service Pack 1

o Microsoft .NET Framework 2.0

o Microsoft .NET Framework 2.0 Service Pack 1

o Microsoft Office XP Service Pack 3

o Microsoft Office 2003 Service Pack 2

o Microsoft Office 2003 Service Pack 3

o 2007 Microsoft Office System

o 2007 Microsoft Office System Service Pack 1

o Microsoft Visio 2002 Service Pack 2

o Microsoft Office PowerPoint Viewer 2003

o Microsoft Works 8

o Microsoft Digital Image Suite 2006

o SQL Server 2005 Service Pack 2

o SQL Server 2005 x64 Edition Service Pack 2

o SQL Server 2005 for Itanium-based Systems Service Pack 2

o Microsoft Visual Studio .NET 2002 Service Pack 1

o Microsoft Visual Studio .NET 2003 Service Pack 1

o Microsoft Visual Studio 2005 Service Pack 1

o Microsoft Visual Studio 2008

o Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package

o Microsoft Report Viewer 2008 Redistributable Package

o Microsoft Visual FoxPro 8.0 Service Pack 1

o Microsoft Visual FoxPro 9.0 Service Pack 1

o Microsoft Visual FoxPro 9.0 Service Pack 2

o Microsoft Platform SDK Redistributable: GDI+

o Microsoft Forefront Client Security 1.0

RISK:

Government:

o Large and medium government entities: High

o Small government entities: High

DESCRIPTION:
Microsoft Windows Graphic Device Interface (GDI+) fails to properly handle Windows Metafile (WMF), Windows Enhanced Metafile (EMF), Graphics Interchange Format (GIF) and Bitmap (BMP) image files. Additionally, a vulnerability has been discovered in the way GDI+ handles certain image file properties in Vector Markup Language (VML).

Microsoft Windows Graphic Device Interface (GDI+) enables various applications to access devices that render images for the user. Examples include desktop displays and printers. GDI+ is installed by default on all Microsoft Windows Operating systems.

All of the vulnerabilities mentioned in this advisory can be exploited if a user visits a malicious web site. Four of the vulnerabilities can also be exploited if a user opens or views a malicious image file, such as an attachment contained in an email message.

Successful exploitation will result in an attacker gaining the same privileges as the logged on user. If the user is logged on with administrator privileges, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.

It should be noted that custom applications created using Microsoft Graphic Device Interface (GDI+) or .NET framework which use vulnerable GDI+ libraries are affected by these vulnerabilities. Attention should also be given to build machines and developer machines which use the Microsoft Graphic Device Interface (GDI+) or .NET framework. All third party software that uses GDI+ libraries should be updated. Please contact your software vendor(s) for updates.

At this time there is no known publicly available proof of concept or exploit code.

RECOMMENDATIONS:
We recommend the following:

o Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.

o Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

o Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.

o Read all e-mail messages in plain text.

o Do not open email attachments from unknown or un-trusted sources.

o Update all custom software that uses GDI+ libraries.

REFERENCES:

Microsoft:

http://www.microsoft.com/technet/security/bulletin/MS08-052.mspx

Secunia:

http://secunia.com/advisories/31675/

CVE:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5348

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3012

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3013

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3014

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3015

iPhone and ipodTouch Users...

September 2008

Fellow Apple Users of iPhone & iPod Touch,

I've been searching for a way to add value to our iPhone and iPod Touch users at UALR on Wi-Fi.

We have the Bluesocket device that prompts users for their NetID and password. I've known this slows you down and makes your device less of a convenience.

My search has yielded a fantastic solution:

http://melloware.com/products/bluesocket/

FYI: This item is available at the App Store for $1.99

BE Aware, BE Informed, BE...

September 11, 2008

Due to a recent security breach at a state agency, I want to remind you that hackers are increasingly focusing their attention on applications rather than networks. Web sites created in an insecure manner are an easy way for hackers to access your agency’s resources. I’d like to point you to a few resources that discuss best practices for secure web page creation.

The SANS Institute offers newsletters that can let you know about current web vulnerabilities. You can subscribe to their newsletters by going to www.sans.org. Here’s a paper in the SANS Reading Room on web application security: http://www.sans.org/reading_room/whitepapers/application/2053.php

In addition, the Open Web Application Security Project (OWASP) has a website with lots of information on web application security: http://www.owasp.org/index.php/Main_Page

13 Ways to Get Your Developers on Board with Software Security

http://h71028.www7.hp.com/ERC/cache/571090-0-0-0-121.html&ERL=true

It’s a good idea to have an application security scan performed on your websites. Application security scanners look for issues such as cross-site scripting and SQL injection attacks. If you need assistance with application security scans for your agency, please contact me.
Thank you,

Kym Patterson
Chief Security Officer

How Smart They Think We Are...

September 2008

Companies continue to overlook evolved virus attacks. A recent security advisory from a messaging security company warned that service providers are placing e-mail users at risk by continuing to ignore sophisticated virus propagation techniques. Attackers are moving beyond traditional tactics, such as sending messages with virus executables attached or virus-infected documents, to employing hybrid attacks that combine elements of both spam and viruses. In these attacks, malware authors embed links in informative or advertising e-mails. Recipients are enticed to follow these links to a Website that hosts the malware, which could be a virus, worm, or Trojan. These advanced threats embed anti-spam and anti-virus (AV) evasion techniques with the objective of eluding both spam and traditional AV filters. Most spam filters are not capable of catching these highly mutable threats because they do not follow the recurrent, mass e-mail tactics commonly found in spam. Likewise, conventional AV solutions bypass these messages as they appear to be spam or phishing. As these attacks become the norm, operators are urged to re-examine their anti-virus strategies and ensure that their messaging security processes are capable of detecting these hybrid threats.

Fake YouTube Page Creators...

September 2008

New tool creates fake YouTube pages for spreading malware. Cybercriminals are getting more and more business-like. The latest examples involve a tool that automates the creation of fake YouTube Web sites that can be used to deliver malware and password-cracking services for sale. Panda Security said it has uncovered a tool circulating in underground hacking forums, dubbed YTFakeCreator, that enables anyone to easily create a fake YouTube page that surreptitiously installs a Trojan, virus, or adware on a visitor’s computer, said the chief corporate evangelist of Panda Security. The tool does not spread the video link on its own. An attacker must distribute it via e-mail, FTP, IRC channels, peer-to-peer file-sharing networks, or CD. Once a visitor arrives at the page, a fake error message appears saying that the video can not be played because an important software component, such as a codec or Flash update, is missing. The visitor is prompted to download the software and the malware is installed. YTFakeCreator makes it easy for even unskilled people to set up an attack.

Hack the Collider...

September 2008

Large Hadron Collider’s hacker infiltration highlights vulnerabilities. Though the Large Hadron Collider’s infiltration by hackers did not disrupt the historic project, experts warn that its computer systems are vulnerable. Shortly after physicists activated the Collider on Wednesday, hackers identifying themselves as Group 2600 of the Greek Security Team accessed computers connected to the Compact Muon Solenoid detector, one of four key subsystems responsible for monitoring the collisions of protons speeding around the 18-mile track near Geneva, Switzerland. A few scientists had worried that the experiment could inadvertently create a planet-swallowing black hole. Physicists called this impossible, or at least extraordinarily unlikely. But the hack raises a different sort of worst-case scenario: the largest and most complicated science experiment in history, intended to reveal basic information about the composition of matter, derailed by malevolent intruders. The LHC experiments have very complex computer systems for data recording and analysis and even more sensitive systems for experiment control, trigger and data acquisition,” said an MIT physicist and Collider collaborator. “You could imagine that penetrating the ‘real time domain’ could have catastrophic consequences.”

Carpet Bomb Google Chrome...

September 2008

Google Chrome at risk from ‘carpet bomb’ bug. Attackers can combine a months-old “carpet bomb” bug with another flaw disclosed last month to trick people running Google Inc.’s brand-new Chrome browser into downloading and launching malicious code, a security researcher said today. The attacks are possible because Google used an older version of WebKit, an open-source rendering engine that also powers Apple Inc.’s Safari, as the foundation of Chrome, said a researcher on Wednesday. He posted a proof-of-concept exploit to demonstrate how hackers could create a new “blended threat,” so-named because it relies on multiple vulnerabilities, to attack Chrome, the browser Google released this week.

USA is No. 1!!! USA is No. 1!!!

September 2008

USA is top hosting Web-based malware country. ScanSafe has issued data on the top three countries hosting Web-based malware including viruses, Trojans, root kits, password stealers, and other malicious programs. The U.S. ranked first (42 percent), China ranked second on the list (12 percent), and Germany ranked third (six percent). A large number of the malware hosts in the last month were part of the Asprox fast flux bot network–PCs that have been enlisted into the bot network and mask the true origin of the actual host. According to a ScanSafe report, Web-based malware has already increased by 278 percent in the first half of 2008. Web users should not associate malware only with suspect websites. More and more legitimate sites are being targeted by attackers and websites where the Olympic Games are streamed online by broadcasters could be a prime area for compromise.

Spam Fighters, Go!!!

September 2008

Russian spammers involved in building new botnet for more attacks. According to the University of Alabama at Birmingham (UAB) Spam Data Mine, the Russian-Georgian Cyber War reached a new height on the morning of August 17, 2008 when over 500 e-mails were received in just 90 minutes at the UAB. The university started receiving poorly crafted e-mails on August 15, 2008, and now they account for five percent of the total spam traffic. Moreover, the e-mails contain attractive headlines such as “Mikheil Saakashvili gay scam - news of the week” that lure victims into reading a phony BBC story on the Georgian President. The link provided in the e-mails takes victim to a Web server loaded with malicious content and it tries to compromise the user’s system. It seems that spammers are trying to build a botnet but the motive behind establishing this network is still unclear. It may be used for launching more attacks against computers of the Georgian government. The director of Product Management with Symantec Security Response said that the malevolent software is a new variant of Trojan.Blusod program, as reported by NetworkWorld. Earlier, spammers used this Trojan to load antivirus program on computers by making users believe that their system infected with virus and the program could clean the problem on charges.

Terrorist Computers & 911

September 2008

Terror threat system crippled by technical flaws, says Congress. A U.S. House subcommittee is charging that a $500 million IT project intended to “connect the dots” on terrorists and help prevent another 9/11 is a failure; it can’t even handle basic Boolean search terms, such as “and,” “or” and “not.” Allegations of waste and mismanagement were outlined in a staff memo and letter from the Subcommittee on Investigations and Oversight, which is part of the Committee on Science and Technology. The material was released last week in what is a usually a quiet month for Congress during its August recess. The bulk of the subcommittee’s charges come from a memo prepared by subcommittee staff about a data integration project called Railhead, which is intended to help intelligence and law enforcement agencies uncover terrorist plots. Railhead, due to be ready by year’s end, was supposed to combine and upgrade existing databases called Terrorist Identities Datamart Environment and improve terrorism-fighting capabilities. But the project is in such bad shape -- suffering from delays and cost overruns – that Subcommittee Chairman said: “There may be current efforts under way to close down Railhead completely.”

W.O.W. a Virus on ISS NASA upload me...

September 2008

Computer virus hits ISS, should NASA worry? It was confirmed yesterday by National Aeronautics and Space Administration (NASA) that they discovered a computer virus that has the ability to steal passwords on a laptop that is aboard the International Space Station (ISS). The virus was first discovered by Symantec back on August 27, 2008, with the virus being called W32.Gammima.AG. It impacts systems running Windows 2000, 95, 98, Me, NT, XP, and Windows Server 2003. At this point though, it does not seem that there is much of a threat to NASA directly from the virus. The report states that the virus is very easy to contain and remove, and can cause minimal damage.

Islam is not the nEt^DeViL...

September 2008

Defending Islam, hacker defaces thousands of Dutch websites. Over the last six weeks, a ‘hacktivist’ calling himself ‘nEt^DeViL’ has hijacked numerous Dutch sites, posting ideological statements on their home pages in retaliation for the anti-Islamic short film “Fitna” which was made and released earlier this year by a right-wing Dutch politician. Such an attack is known as website defacement. Zone-H.org, a website that tracks website defacement attacks worldwide, has documented thousands of compromised websites over the last months. Zone-H reports that ‘nEt^DeViL’ has hacked 18,157 websites as of Thursday, August 28.

Cyber Command or Skynet???

September 2008

Cyber Command plan, sought for McGuire, is suspended. The Pentagon has suspended an Air Force plan to establish a Cyber Command that would protect the United States from attacks on its electronic infrastructure, for which McGuire Air Force Base was a potential headquarters. The initiative might be falling victim to a turf battle within the federal Department of Defense. A memo circulated this week announced that budget and personnel transfers for the project have been put on hold. Meanwhile, a senior military commander told the Associated Press that computer defense and offense would be better sited within U.S. Strategic Command, which has the military responsibility for cyberspace across all services and commands. The former secretary of the Air Force, who was fired earlier this year, had been the chief patron of creating a cyber command.

Bloggers Keep in Touch through the Storm

September 2008

Social Media Proves Itself as Emergency Tool
Through Micro-Blogging, Hurricane Victims Across the South Stayed in Touch
When Robert Peyton joined the micro-blogging service Twitter ( http://twitter.com/) during its earliest days in 2006, it was just a place to rave about New Orleans' finest eateries and keep in touch with friends. But as the 39-year-old lawyer tried to keep tabs on Hurricane Gustav and the fellow New Orleanians whose lives were upended by the storm, the service turned into an invaluable source of information, he said.

Unlike blogging services that allow users to post comments only from their computers, Twitter lets posters "tweet" from cell phones, smart phones and computers. All tweets -- 140-character messages -- are sent to the user's Twitter page online, but others can sign up to receive them via their own cell phones, smartphones and computers.

When Peyton lost power in Baton Rouge, he could receive tweets from a New Orleans Twitter community that spanned the Southeastern states. In turn, from his own smartphone, Peyton sent messages to the nearly 100 people who had signed up to receive his updates.
Peyton acknowledges that the information distributed through Web sites, SMS messages, instant messages and other social networking sites is only as good as the person sending it. But as he rode out the storm in Baton Rouge, he said it was one of the only ways to get accurate local reports from New Orleans.

"The national broadcasts are just kind of silly and alarmist," he said. "It's nice to have something to balance that out."
Mark Folse, a project manager for a financial institution and another New Orleans blogger, agreed.

In the past few days, the self-proclaimed "weather geek" has funneled information he uncovered from reliable weather Web sites to his Twitter page. Twitterers with interests or expertise in other areas provided their own additions to the online conversation.

"It's been of tremendous value," he said. "People take on a role for themselves and then feed it into the larger group."

On his 12-hour trek to Memphis, Tenn., with his family, he received a constant stream of updates from other evacuees about the traffic, the weather and even a Labor Day Memphis Mark Folse, a project manager for a financial institution and another New Orleans blogger, agreed.

In the past few days, the self-proclaimed "weather geek" has funneled information he uncovered from reliable weather Web sites to his Twitter page. Twitterers with interests or expertise in other areas provided their own additions to the online conversation.

"It's been of tremendous value," he said. "People take on a role for themselves and then feed it into the larger group."

On his 12-hour trek to Memphis, Tenn., with his family, he received a constant stream of updates from other evacuees about the traffic, the weather and even a Labor Day Memphis Mark Folse, a project manager for a financial institution and another New Orleans blogger, agreed.

In the past few days, the self-proclaimed "weather geek" has funneled information he uncovered from reliable weather Web sites to his Twitter page. Twitterers with interests or expertise in other areas provided their own additions to the online conversation.

"It's been of tremendous value," he said. "People take on a role for themselves and then feed it into the larger group."

On his 12-hour trek to Memphis, Tenn., with his family, he received a constant stream of updates from other evacuees about the traffic, the weather and even a Labor Day Memphis "Embeds" -- bloggers who stayed behind in New Orleans -- provided hyper-local information about various neighborhoods, he said.

Sheila Moragas, another local blogger who evacuated to a hotel near the Louisiana State University with her husband and toddler, said one of the "embeds" offered to check out her house when the storm passed and then Twitter about it for her.

"Twitter becomes your online neighborhood," she said.

Thanks to K M Heussner for the article.

The End of the Internet is Now Upon US...

September 2008

Is the End of Unlimited Internet Near?
Comcast, Frontier and Time Warner Cable Are Moving Toward Imposing Internet Usage Caps...
Get ready to say goodbye to unlimited Internet access.
Last week, Comcast -- the second-largest Internet service provider in the country -- announced that starting Oct. 1 it would officially set a threshold for monthly Internet usage.
In an online announcement, the service provider said that although it already contacts residential customers who use excessive amounts of bandwidth, it had never provided a specific limit. Now, Comcast said it will amend its user agreement to say that users will be allowed 250 gigabytes of monthly usage.
The company emphasizes that its cap is generous and will only affect about 1 percent of its 14.4 million customers. Experts say these customers might include heavy gamers and those who use a significant amount of bandwidth for creating or uploading video.
But industry watchers note that Comcast's decision is indicative of a trend by Internet service providers to move toward usage-based service plans.
On Aug. 1, Frontier Communications changed its policy to define acceptable use for high-speed Internet as 5 GB per month. In June, Time Warner Cable launched a test program in Beaumont, Texas, that imposes monthly Internet usage limits of 5 GB to 40 GB on subscribers.
Because Comcast is a heavyweight in the industry, its announcement has drawn criticism and questions from broadband and telecommunications researchers.
"The biggest problem I have [is] they haven't given us any data. They've given us no proof," said Om Malik, author of "Broadbandits: Inside the $750 Billion Telecom Heist" and editor of GigaOM, a popular technology Web site. Malik said GigaOm and five other technology news sites managed by his online publishing company, Giga Omni Media, receive about two million visitors each month.
Comcast's limit is substantially higher that those established by other service providers, Malik acknowledges. But he maintains that the company's decision amounts to metered billing and, if that's the case, it should provide a tool so that consumers can monitor their own usage.
"[With] electricity companies -- and water companies -- you have the choice to monitor the electricity you are using," said Malik, drawing comparisons between Comcast and regulated public utilities that maintain the infrastructure for public services.
Thanks to K.M. Heussner for the article.