My latest BBC column was at the end of the year, as I only seem to manage 3 weeks out of 4 at the moment because of the pressure of other things. It’s about contact lens displays and our inability to design security in from the start, and can be read on the BBC News Website as usual:
As December comes to an end journalists and pundits around the world have been telling us which devices or technologies they think are the most important from the last year.
Here on the BBC tech site Rory Cellan-Jones chooses cloud computing while Jonathan Fildes opts for smartphone applications and Maggie Shiels reveals her love for her Blackberry, to which she is clearly addicted.
Picking one innovation as the most important or as representative of a year is notoriously difficult, but it is at least retrospective.
The iTunes Application Store was one of the year’s biggest successes, whatever one might think of Apple’s arbitrary approvals process or the constraints placed on application authors, and Google really did launch Wave, albeit as an early, buggy alpha release.
Looking forward is much trickier…
[I’ve been neglecting this space for the last few weeks… this was published on the BBC News site on October 9]
If you use a web-based email service then here’s a public service announcement. Tufty the Squirrel says ‘Change your password. Now. Before you read the rest of this column. And if you use your webmail password for any other services go and change it there too.’
OK, assuming you’ve done that, we can discuss the apparent plundering of tens or even hundreds of thousands of login details from Hotmail, Yahoo! Mail, Gmail and other web-based email services, revealed last week when a partial list of ten thousand addresses was posted to – and quickly withdrawn from – the Pastebin code-sharing website and details of another 30,000 accounts were posted elsewhere.
The compromised email addresses seem to be the result of a number of phishing exercises, where fake websites are set up to harvest login credentials from those who can be tricked into visiting the phishing site instead of the authentic home page for their service provider, and not related to any security flaws in the webmail services themselves.
Continue reading “Stop. Look. Change your Password”
[As ever, you can read this on the BBC News website too]
It must be tricky to be an advocate of transparency when your job involves selling serious encryption tools to government departments, large and small companies, hospitals and people who are concerned about having their bank account details hijacked from a home PC.
After all, the point about good encryption software and the systems that surround it is that they provide a way to keep your secrets secret, while open government and the effective regulation of financial services would seem to require the widest possible dissemination of all sorts of operational data, from MPs expenses to bank investment portfolios.
And once something is on a website, in an email or available for inspection through a published program interface then it is no longer secret, however well the copy on your internal network might be protected. Continue reading “Being Open About Secrecy”
[As ever you can read this on the BBC News website. Or on any of the spamblogs that rip off my copy and use it as linkbait.]
Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight.
Over the past few weeks we’ve heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to ‘clickjacking’ and trick us into inadvertently visiting fake websites.
The longstanding fear that malicious software might start infecting our mobile phones was given a boost when the Information Security Center at US university Georgia Tech outlined how phone software could be hijacked to create ‘botnets’ and allow handsets to be remotely controlled.
And now a group of researchers at the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne in Switzerland have shown that you can read what is typed on a keyboard from twenty metres away.
Continue reading “Don’t have nightmares”
Here’s what I tagged on del.icio.us between July 23rd and July 30th:
- Web curbs for Olympic journalists – What a surprise…
- Plenty of Blame to Go Around in Yahoo Music Shutdown – Ed Felten knows who to blame, and I agree with him entirely.
- Exploit code targets Mac OS X, iTunes, Java, Winzip… – nasty little piece of software called Evilgrade that uses a man in the middle attack to exploit automatic update code.
- Consultation on legislative options to address illicit P2P file-sharing – BERR – UK government consultation opens..
- How to make our newspapers profitable again: David Aaronovitch Simulator | The Wardman Wire – ah, how entertaining…
- Google Knol is evil | Seldo.Com Blog – Hard-hitting analysis: is Knol Google's 'IE vs Netscape' moment?
- Rocque London Index Map – Useful for anyone reading Neal Stephenson's Baroque Trilogy, especially The System of the World
- AWS Service Health Dashboard – Amazon S3 Availability Event: July 20, 2008 – "With a large number of servers gossiping and failing while gossiping, Amazon S3 wasn't able to successfully process many customer requests" Excellent explanation, and good communication with customers
- xkcd – A webcomic of romance, sarcasm, math, and language – By Randall Munroe – Ah yes… 🙂
- Ofcom report into Social networking usage – some reading for us all I think
- DRM still sucks: Yahoo Music going dark, taking keys with it – And yet the music industry wants ISPs and government to sustain their broken business model…
- Announcing the Open Web Foundation – Open Web Foundation – Could be useful
- Read Giles Coren's letter to Times subs | Media | guardian.co.uk – I didn't expect to, but I agree with him
- Cuomo strong-arms Comcast over Usenet | The Iconoclast – politics, law, and technology – CNET News.com – Nice analysis of a dangerous tactic
- MySQL forks: could Drizzle be the next of the new generation of relational database? | O'Reilly News – Seeing a major system fork is like watching close friends divorce. Wish them both well…
[As ever you can read this on the BBC News website, and it’s also on CircleID]
In the last few weeks we’ve seen two very different approaches to the full disclosure of security flaws in large-scale computer systems.
Problems in the domain name system have been kept quiet long enough for vendors to find and fix their software, while details of how to hack Transport for London’s Oyster card will soon be available to anyone with a laptop computer and a desire to break the law.
These two cases highlight a major problem facing the computing industry, one that goes back many years and is still far from being resolved. Given that there are inevitably bugs, flaws and unexpected interactions in complex systems, how much information about them should be made public by researchers when the details could be helpful to criminals or malicious hackers.
Continue reading “Shouting ‘bug’ on a crowded Internet…”
Here’s what I tagged on del.icio.us between July 13th and July 17th:
Here’s what I tagged on del.icio.us between July 10th and July 11th:
Here’s what I tagged on del.icio.us between July 4th and July 5th:
Here’s what I’ve tagged on del.icio.us on %date%: