Looking back at 2011 with David Brin; have we built The Transparent Society?

Dec. 19th, 2011 04:44 pm
marypcbuk: (Default)

An interview I did in the aftermath of the riots that turned out to reflect many of the issues of 2011 in general.

NASA consultant, scientist and writer David Brin has long concentrated on the effects technology can have on people. In 1998, he wrote The Transparent Society, an award-winning book investigating privacy, surveillance, people's rights and the state.

Famously, he considered the solution to too much surveillance by the state was even more surveillance — but by the people, guarding their rights by checking up on the activities of the watchers.

Now we have police turning to Flickr to identify rioters, Anonymous disclosing user data, Google+ pushing users to prove their names and even Swiss banks giving up some of their famous secrecy. Given this, I asked Brin: Are we living in the transparent society now?

http://www.zdnet.co.uk/news/security-threats/2011/09/19/david-brin-state-secrecy-and-science-fiction-40093955/

Tags:
  • Add Memory
  • Share This Entry

In depth looks at smartphone technology: from security to tablets

Dec. 19th, 2011 04:39 pm
marypcbuk: (Default)
Over the last few months I've been writing a series of pieces for Recombu looking at the technology behind smartphone operating systems, looking at some key issues like security and tablet adoption in more depth. Here's a roundup of links:

Is your mobile data safe in the cloud?You expect to always be connected on your phone or your tablet, so services like Flickr, Google Docs and iCloud (when it launches) for storing your photos, music and files in the cloud makes sense. It’s easier to send your photos to Flickr and Facebook than to prise open your phone and swap to a bigger memory card. You can see your images from your PC, if you lose or break your phone your files are safe – cloud seems like the ideal partner for mobile, and most of the time it is.

But ‘in the cloud’ doesn’t always mean secure, let along private...
http://recombu.com/news/is-your-mobile-data-safe-in-the-cloud_M15026.html

What to expect from Windows 8 ARM tablets
http://recombu.com/news/windows-8-arm-tablets-what-can-we-expect_M15354.html

Does the mobile OS matter? What's technically different about the various smartphone platforms?
Just about every smartphone these days is based on an ARM chip of some kind. Many of them are built on the same combination of ARM chip, graphics chip and phone radio from Qualcomm, although Apple notoriously puts together its own custom combination of hardware. But what each phone operating system does with that hardware is very different, and that affects what apps can do on each kind of phone...
http://recombu.com/news/what-is-a-mobile-operating-system-ios-android-webos-windows-phone-and-blackberry_M15293.html

Smartphone security: How safe is your operating system?
Your smartphone isn’t just your phone; it's your address book, your personal diary, your online banking system and fairly soon it could be your wallet, your train ticket and your front door key (when NFC handsets are common). That makes it an even more tempting target for hackers than your PC. If someone takes control of your phone they could potentially make money by sending premium rate text messages and downloading expensive apps and in-app purchases, and they could get your online banking password and use your Facebook account to spam your friends with malware. How secure are you on different phones?
http://recombu.com/news/smartphone-security-how-safe-is-your-operating-system_M15489.html

How does BlackBerry Messenger work?
BBM keeps BlackBerry the best-selling phone for teenagers in the UK because of the free messaging, but is it really better than texts - or iMessage?
http://recombu.com/news/what-is-blackberry-messenger-and-how-does-it-work_M15688.html

Tags:
  • Add Memory
  • Share This Entry

Excuse me Facebook, I travel...

Jun. 6th, 2010 07:10 am
marypcbuk: (Default)
Sign in from enough new places and Facebook will lock your account. Not for anything more suspicious than travelling - just for being in one place one day and another the next. My credit card company used to be like this; they promoted a credit card designed for travellers with no extra commission charges for using it abroad - and then expected people to phone up and say they'd be travelling. Over time they invested in proper fraud evaluation technology and now I only need to phone if something goes wrong; the default is they do the job of evaluating risk rather than making the customer jump through hoops. Facebook is still laying out hoops; it's locked my account twice this trip already, once for arriving in LA and once for arriving here in New Orleans. I appreciate the concern, Facebook, but how about you switch to a more sophisticated risk evaluation system - or give me an 'I travel' checkbox so I don't to unlock my account every 10 days?
Tags:
  • Add Memory
  • Share This Entry

HP gets Cirious about cloud research

Mar. 1st, 2010 02:47 pm
marypcbuk: (Default)

HP Labs Singapore is the company's first new lab since Prith Banerjee, worldwide director of HP Labs, took control of its research in 2007 and set out a five-year strategic plan that made cloud computing one of the eight pillars of its research focus.

We asked Banerjee what the new lab will concentrate its research on, how the facility fits in with Open Cirrus and HP's other labs, and how it will feed into the company's cloud services for enterprises. he said it's about security and Singapore ("if we can make a services datacentre cost effective here, then we can do it anywhere"). Read the rest over at ZDNet

Tags:
  • Add Memory
  • Share This Entry

Dear Microsoft; leave my sodding PC alone

Feb. 26th, 2010 12:31 pm
marypcbuk: (Default)
I know there are people in the world who never apply updates. I know you think that spontaneously rebooting my PC to protect me by applying updates is a good thing - but it's not! Not when I'm working, now when I have Web pages open for research, not when I am busy. I always set Windows Update to download and notify rather than install and reboot - but when I installed Microsoft Security Essentials to check that the unsigned Adobe Flash update wasn't actually malware, you took the opportunity to change my settings without asking and my PC just rebooted. Notification? I never saw it; perhaps it was on the second screen that wasn't powered on but that you were displaying windows on anyway? And I know you think you can restore my session perfectly - but you can't. Not until Internet Explorer gets a little smarter. where are all the browser windows I had open? You;ve just opened my home page tabs - many of which are frequently updated pages so if I did have them open they've changed. How about the 18 tabs I had open and was referring to? How about the SharePoint Explorer window I had open? If you can't put it back the way you found it STOP MESSING AROUND WITH IT.

And the rest of you: stop clicking on dangerous Web links just to get free stuff or read stupid messages so security doesn't have to be enforced like this on those of us who can use the Internet safely. If I can avoid getting a virus or a botnet, so can you.
Tags:
  • Add Memory
  • Share This Entry

Adobe - sign your Flash updates or I'll agree you're lazy (and cheap)

Feb. 19th, 2010 09:55 pm
marypcbuk: (Default)

Either I've just installed malware, or the Adobe Flash security update I just installed wasn't digitally signed by Adobe; it brought up the yellow for warning, this app isn't signed dialog. That's just completely unacceptable for any program, from any publisher, let alone from someone as big as Adobe, let alone for apps that have become targets for attacks. A digital certificate costs what, $99? $25 if you're cheap. The time to sign an update is what, 15 minutes of developer time? What that costs is peanuts compared to reassuring and protecting users. I'm almost hoping that I have got malware rather than that Adobe has been this lazy and cheap...

Tags:
  • Add Memory
  • Share This Entry

Phones, facebook and cookies

Jan. 17th, 2010 12:38 pm
marypcbuk: (Default)

AP Exclusive: Alarming network glitch makes the Internet lose track of who is who on Facebook

A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with full access to troves of private information.

It's hard to tell from the AP writeup what's going wrong in the AT&T->Facebook routing; it looks like a combination of IP addresses being wrongly assigned and cookies being cached and proxied. As mobile Web use grows, that's rather a worrying thought - Internet security isn't a primary skill of most mobile carriers yet (if I'm feeling snarky I could say Internet access isn't a primary skill of most mobile carriers either)...
 

Tags:
  • Add Memory
  • Share This Entry

Which SMS gateways don't we trust, then?

Jan. 30th, 2009 09:09 pm
marypcbuk: (Default)
Just spotted on the First Direct text banking FAQ:

although you can still receive your text message service when you are abroad, we recommend that you suspend text message banking if you are taking your mobile phone outside the United Kingdom. This is because the security of any foreign telephone network through which text messages might be transmitted to your mobile phone cannot be guaranteed.


I know SMS doesn't have guaranteed delivery, return receipt or anything sophisticated like that, but I had assumed that it was a closed system. Messages leaving UK networks will go across an SMS gateway - but they'd go across an SMS gateway to get from Vodafone to O2, or from your bulk business SMS provider to any of the mobile operators anyway. So is the security issue that there are known untrusted foreign gateways, or unproven but suspect foreign gateways or that like most electronic crime it crosses jurisdictional boundaries and you can whistle for international co-operation? And if, as I presume, the latter - wouldn't it be nice if international treaties and economic accords and the like took account of these things and penalised the un-cooperative countries? 

Ranty? My day started with a cat throwing up over the back of my chair - and just missing my head - during a phone interview and went on through the threat of a tax fine to go with my continuing audit, a mobile headset that would only work if I stretched my leg out in front me on a wall (no really - that increased the volume when nothing else did), the worst touchscreen interface I have ever used (I won't name it but the same phone couldn't see a mobile network in a cellar bar when every other device in my bag connected happily) and John Lewis taking a direct debit for two statements when I'd already paid one manually because they didn't tell me that the direct debit wouldn't be re-instated in time after I suspended it because two weeks wasn't enough notice for them to take fraudulent payments off my statement (because they follow a "specific procedure" to find out how the fraud happened and who did it and how they can stop it in future and they don't credit the transactions that were made in India the same day I shopped at my local Waitrose in Putney until they have followed this because "it's not as simple as that"), then asked for a manual payment without telling me that it would be too late for the manual payment to change the direct debit they were taking the next day, leaving me overdrawn - and telling me that when I phoned that no, they couldn't do the refund now - I will have to wait until the payments show up out of the ether (which I will know because, well I'm psychic - oh no, wait, I can keep phoning back "when it's convenient") and then they will *post me a cheque*. How antiquated a payment processing system do you have to have to be able to accept electronic payments but not make electronic refunds? Oh, and instead of making me phone back every day to find out if the overpayment has arrived to request a refund, how about you put a note in your system to trigger a refund when the overpayment arrives? And then I can write to them explaining how much all of this wonderful service has cost me in overdraft fees and they will "consider" it....

If it wasn't for the Waitrose vouchers we get, I'd have cancelled this card on the spot when they didn't take the fraudulent payments off the statement; JL's financial services are significantly below the standard of their customer service. At least it no longer seems to be run by DHS, memorably described by financial journalist Stephen Pritchard as "loan sharks with offices" - who forgot to send the statutory reminder for a credit agreement with DFS, forgot to cancel the credit agreement when I paid in full - and randomly applied the overpayment they'd taken to my JL credit card "because they were both in my name".

In better news, we have tickets to go backstage at the Royal Albert Hall to see Cirque du Soleil getting ready for the afternoon show on February 9; a snip at £12 each. They are "strictly on a first come first served basis"; I'm not quite sure how that differs from any other kind of event ticket - do they usually run some kind of lottery?

Tags:
  • Add Memory
  • Share This Entry

Tracking deliveries - I wish

Dec. 3rd, 2007 01:38 pm
marypcbuk: (Default)
Last week I caught up with Jon Callas of PGP and we had a nice time agreeing violently about the HMRC data loss; it's the system that's broken, outsourced IT is a problem if it makes it more expensive to do it right than to do it wrong and why aren't we nailing up the courier company instead? You can read the conversation over at IT Pro.

But one of Jon's examples is how Amazon ships everything to you using tracked services. Yes, but, as he'd say. One of our Amazon orders - quite an urgent one as it's Zorb for dealing with Horrid Beasts - was sent by Royal Mail without any tracking. So it may or may not be the item they tried to deliver on Saturday morning - when we were in - and wouldn't give us at the sorting office this morning (they were fresh out of explanations as well; the Royal Mail complaint line, for future reference, is on 08456 112471). Could the police keep an eye out for my parcel while they hunt for the CDs?
Tags:
  • Add Memory
  • Share This Entry

Bruno Bozzetto

Jul. 18th, 2007 07:42 pm
marypcbuk: (Default)
I was very annoyed by the idiot who decided to use my favourite ever Flash animation, Yes & No by Bruno Bozzetto, as a wrapper for a Trojan. But you can safely watch it on Bozzetto's site, along with several similar shots. He specialises in episodic and alternating shorts; male/female, ecotourist/tripper or the travails of Mr Otto, a Mr-Bean stick figure for whom everything goes wrong. The Olympics short is particularly funny (though you have to click through to another site and click the Bruno Bozzetto link). Yes & No is still my favourite; what not to do on the road and what goes wrong when you follow the rules. Enjoy!
Tags:
  • Add Memory
  • Share This Entry

I had that spy in the back of my cab: he left his laptop

Nov. 29th, 2006 11:53 am
marypcbuk: (Default)
All those MI5 folk leaving notebooks in London cabs on the way home from that sushi bar (where the sake must be really good); they're not alone. I love these figures from a survey designed to make you go buy some encryption software - or possibly take the tube...

In the last six months, taxi passengers in London had reported losing 54,874 mobile phones (that's more than 2 per taxi), 4,718 PDAs, 3,179 laptops and 923 USB sticks. And I thought it was bad at Heathrow, where people leave 5 laptops and 10 mobiles a day behind at the security machines. Losing stuff in a taxi is a better bet; 96% of phones lost in taxis are returned but only 60% of what's lost at Heathrow, with the rest auctioned off locally (and do they wipe the hard drives? yeah, right).

I also like the list of other things that UK taxi drivers "admitted to finding" (was there much they were too embarrassed to admit?): a telescope, a drunken woman left as a tip by her boyfriend, a machine gun and 100,000 pounds worth of diamonds.

But was that all in the same cab?
Tags:
  • Add Memory
  • Share This Entry

Internet Explorer 7: security considered harmful?

Jun. 7th, 2006 07:32 pm
marypcbuk: (Default)
Whenever I write about Microsoft, there are always reader questions about whether a technology is being used to achieve unfair competitive advantage (because it's usually acceptable to use technology for a fair competitive advantage; that is after all what capitalism thrives on). I've recently looked at the changes in CSS and security for the Developer section of The Register (Getting your site sorted for IE 7 The Register and Getting on the right side of IE 7 security)and I had one reader question in particular.
"I just read your piece on IE 7 security. One statement that I found interesting was:
'the filter will also look for sites incorporating content or scripts from another domain'
Since most ad placement systems use scripts that point to another site, like Googles AdSense does this mean Microsoft will effectively be able to block ads from all their competitors... "

Short answer: no. But they might be able to spot redirect ad fraud scripts…

For one thing they're not actually that stupid ;-) At MIX 06, I think the two things I heard most from the IE team were 'sorry' and 'balance'. Sorry we didn't work on the browser as a new release for five years and we want to get the balance between features and security, between ease of development and security - or between just about anything and security - right. And while some search providers don't think supporting OpenSearch and highlighting every OpenSearch compatible site you visit to add as a search provider is enough (question: should the Google toolbar let me add other search sites to the drop-down so I could repeat the image search on Flickr?), the browser team are talking to too many of the ecosystem of Web sites and services to do something so obviously, cluelessly stupid.

Cue the usual distinctions between restricting the dangerous use of a legitimate thing without stopping the everyday use. What you're looking for here is scripts, content and links that divert you from what looks like a real site to the fake one – cross-site scripting attacks, scraping real images from paypal to make your phishing site look legitimate, replacing legitimate HTTP content on a mixed HTTP/HTTPS site (why that's so deprecated) so the instructions tell you to type into the insecure box rather than click the secure button.
Tags:
  • Add Memory
  • Share This Entry

Is that a Mac OS X virus - or the classic Unix joke?

Feb. 18th, 2006 05:11 pm
marypcbuk: (Default)
As Macs become more popular, they become more of a target for hackers (old-school bragging rights and new-style theft both go best with a big pool of targets), but Apple's dismissal of the Oompa Loompa trojan reminded me of the old joke about the Unix virus (read the mail, forward the instructions to a friend and then format your hard drive): they say it "requires a user to download the application and execute the resulting file".
Tags:
  • Add Memory
  • Share This Entry

Virus in da hood?

Nov. 21st, 2005 03:41 pm
marypcbuk: (Default)
Mirapoint's new Secure Messaging Centre has some useful information, although the blinking red targets on the world map make it look rather alarmist (you're going to sign up for the RSS feed if you need this kind of information). The fact that you can't scroll through the list of current attacks by hand or click to get any more details underlines that this is actually an infomercial. But what does amuse me is that along with the location, spam subject, referenced URL and estimated number of attackers is a little gauge showing the "massiveness" of each. Because 'severity' is just too severe?
  • Current Mood: busy
Tags:
  • Add Memory
  • Share This Entry

Profile

marypcbuk: (Default)
marypcbuk

March 2022

S M T W T F S
  12 34 5
6 7 89101112
13141516171819
20212223242526
2728293031  

Syndicate

RSS Atom

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 1st, 2025 06:37 am
Powered by Dreamwidth Studios