Oct 172014
what do we share on social media sites

The Guardian today has a stunning expose on the Whisper social media network and its practice of tracking users.

In trying to sell its services to the Guardian, the company showed that it was betraying their promises of anonymity to its users.

Whisper’s behaviour is particularly disgraceful given the service’s promise of user confidentiality and their changing of their terms of service only shows the company’s struggle to understand ethics.

No social media service can afford to burn user trust in the way Whisper has.

If you’re going to promise users anonymity and security then you better deliver. Whisper has failed


Sep 022014

This week’s news about celebrities’ personal photos being stolen from their iCloud accounts would be irritating Apple ahead of their September 9 media event.

Unfortunately for Apple they seemed to have walked into this by making things convenient for users rather than enforcing strong security measures.

As Arik Hesseldahl in Re/Code describes, this breach was probably due to Apple not encouraging two factor authentication and not limiting the number of password guesses.

The latter is particularly irritating as it shouldn’t be hard for a system to pick when a brute force attack — a computer guessing a password millions of times a second — is being staged against a user.

It’s also trivial to limit the number of guesses as most other services do.

For users, the best protection is to have complex passwords which reduces the effectiveness of brute force attacks. It’s also worthwhile being careful with your personal nudie photos.

The consequences of having your iCloud account compromised are more than just losing your embarrassing photos, Wired’s Mat Honan had his entire digital life hijacked through this method two years ago.

With Apple aspiring to control the smarthome and smartcar markets, the consequences of accounts being breached becomes exponentially greater. These are issues Apple and the rest of the internet of things industry need to take seriously.

Hopefully at Apple’s big media event next week, some brave journalist will stand out of the assembled masses of sycophant hacks and ask CEO Tim Cook some hard questions about security on the shiny new iDevices.

Aug 052014
General Electric GEnx jet engine is social media enabled

One of the great concerns about the internet of things is what happens when older computer technology that was never designed to be connected to the net is exposed to the online world.

A presentation to the Black Hat Conference in Las Vegas this Thursday by researcher Ruben Santamarta promises to show some of the vulnerabilities in aircraft avionic systems.

Today’s aircraft are extremely smart devices with the downsides shown in the tragedy of AF447 where an Air France jet plunged into the Atlantic Ocean when two undertrained pilots didn’t understand what their plane was doing as it encountered severe ice conditions in a storm.

With aircrew increasingly dependent upon computers to help them fly planes, the risks of bugs or security weaknesses in aircraft systems is a serious issue and with the continued mystery of MH370’s fate adds an element of speculation that a glitch of some form was responsible for its disappearance.

It wouldn’t be the first time a passenger plane came to grief because of a computer error; most notably Air New Zealand flight 901 crashed into Antarctica’s Mount Erebus during a 1979 sightseeing trip due to wrong information being loaded into the navigation system.

The internet adds numerous risk factors to aircraft – Santamarta’s hack allegedly works through in plane WiFi systems – particularly given these avionics systems haven’t been designed to deal with unauthorised access into their networks.

Should Santamarta’s demonstration prove feasible, it will be an important warning to the aviation industry and the broader Internet of Things community that security is a pressing issue in a world where critical equipment is connected.

Jul 312014

Following yesterday’s posts on BlackBerry, security and the Internet of Things, HP Fortify released a report saying seventy percent of IoT devices are vulnerable to hackers.

The list of weaknesses is chilling and illustrates why IoT security is an issue that has to be resolved now.

It may well be that John Chen, BlackBerry’s CEO, has backed the right horse for his company.

Jul 242014
radio programs for techonology, web, social media, cloud computing and computer advice

Smartphones for the vision impaired, malware on portable devices and online trust were the topics of the July technology spot on  Tony Delroy’s Nightlife along with why a restaurant claims Google sent it broke and how we can’t always trust what we hear online.

If you missed the show, you can download the program from the website.

For sight impaired smartphone users both Doug and Nick called in to suggest Vision Australia’s services. The organisation has a page dedicated to smartphone and tablet resources.

Nick and Peter asked about malware protection for Android smartphones. Both Intel’s McAfee Mobile Security and Sophos’ Mobile Security for Android are free for home users.

The next spot is scheduled for 4 September, if you have any topics you’d like to discuss contact me or the Nightlife producers.

Jun 252014

The news that hackers have turned their attention to Nest thermostats raises some delicious possibilities for the Internet of Things.

Jailbreaking smartphones has been normal for years as people circumvent restrictions to add features or software and there’s no reason that this can’t be done to smart thermostats, light bulbs or kettles.

Almost all the smart devices being deployed have processors and capabilities far greater than what’s needed to carry out their designed purpose, so an imaginative hacker can do some interesting things with a jailbroken home automation system.

Using your kettle to control your lights or fridge to open your garage door is a bit of gimmick but there’s plenty of potential for doing some cool, and mischievous, things.

While hacking the smart home for kicks might be relatively harmless, tinkering with industrial devices could have unintended and disastrous consequences. It’s another example why security is one of the top concerns as the Internet of Things is rolled out.