Jun 102014

Today I spoke about online safety to the Australian Seniors’ Computer Clubs Association about staying safe online.

Hopefully I’ll have a copy of the presentation up tomorrow but what was notable about the morning was the concern among the audience about security and safety of cloud services.

The ASCCA membership are a computer savvy bunch – anyone who disparages older peoples’ technology nous would be quickly put in their place by these folk – but it was notable just how concerned they are about online privacy. They are not happy.

Another troubling aspect were my answers to the questions, invariably I had to fall back on the lines “only do what you’re comfortable with”  and “it all comes down to a question of trust.”

The problem with the latter line is that it’s difficult to trust many online companies, particularly when their business models relies upon trading users’ data.

Resolving this trust issue is going to be difficult and it’s hard to see how some social media platforms and online businesses can survive should users flee or governments enact stringent privacy laws.

It may well be we’re seeing another transition effect happening in the online economy.

May 292014
radio programs for techonology, web, social media, cloud computing and computer advice

Paul Wallbank joins Tony Delroy on ABC Nightlife across Australia from 10pm Australian Eastern time tonight to discuss how technology affects your business and life.

For the May 2014 spot we looked at computer security, specifically Apple ransomware and The Heartbleed bug along with dropping off the grid, 4D printing and the future of design.

To protect from the Oleg Pliss ransomware – or any similar problems – have a strong password, enable the screen passkey and enable two factor authentication.

Join us

We’d love to hear your views so join the conversation with your on-air questions, ideas or comments; phone in on the night on 1300 800 222 within Australia or +61 2 8333 1000 from outside Australia.

Tune in on your local ABC radio station from 10pm Eastern Summer time or listen online at www.abc.net.au/nightlife.

You can SMS Nightlife’s talkback on 19922702, or through twitter to @paulwallbank using the #abcnightlife hashtag or visit the Nightlife Facebook page.

May 272014
understanding data with computers

For two years we were captivated by spectacular rise of the Bitcoin virtual currency. Allegations those gains were a result of market fixing raise important questions about the integrity of our data networks.

The Coin Desk website discusses how the Mt Gox Bitcoin exchange was being ramped by computer bot network nicknamed Willy.

Rampant market ramping – where stock prices are pushed up to attract suckers before those in know sell at a profit – has a proud financial market history; during the 1920s US stock boom, fortunes were made by inside players before the crash and its subsequent banning in 1934.

So it wouldn’t be a surprise that some smart players would try to ramp the Bitcoin market to make a buck and using a botnet – a network of infected computers – to run the trades is a good technological twist.

Blindly trusting data

The Willy botnet though is a worry for those of us watching the connected economy as it shows a number of weaknesses in a world where data is blindly trusted.

As Quinn Norton writes on Medium, everything in the software industry is broken and blindly trusting the data pouring into servers could be a risky move.

The internet of things is based upon the idea of sensors gathering data for smart services to make decisions – one of those decisions is buying and selling securities.

Feeding false information

It’s not too hard to see a scenario where a compromised service feeds false data such as steel shipments, pork belly consumption or energy usage to manipulate market prices or to damage a competitor’s business.

Real world ramifications of bad data could see not only honest investors out of pocket but also steel workers out work, abattoirs sitting on onsold stocks of pig carcasses or blackouts as energy companies miscalculate demand.

The latter has happened before, with Enron manipulating the Californian electricity market in the late 1990s.

When your supply chain depends upon connected devices reporting accurate information then the integrity of data becomes critical.

Like much in the computer world, the world of big data and the internet of things is based up trust, the Mt Gox Bitcoin manipulation reminds us that we can’t always trust the data we receive.

May 242014
e-commerce giant eBay head office

One of the paradoxes of the modern tech industry is that while its leaders preach openness and collaboration, their own businesses are mysterious unaccountable black boxes.

This website has often looked at how the Silicon Valley business model leaves users and partners exposed to arbitrary enforcement of vague policies and indifferent customer service.

A good example of the black box business model is eBay’s major security breach where it appears millions of users have had their personal and banking details compromised. Instead of informing customers immediately, the company’s management hid the problem and hoped stonewalling inquiries would make the problem go away.

Lacking accountability

In the black box business model, not being accountable is the key – we see it with Amazon’s bullying of book publishers, Google’s high handed identity policies and Facebook’s puritan censorship.

Those high handed attitudes to customers’ and users’ rights is born out of arrogance; all of these company’s managements, and the corporate bureaucrats who enforce the policies, believe their hundred billion dollar businesses are untouchable.

Such arrogance might though be ill-founded as each of these businesses is less than twenty years old and, while they themselves have deeply disrupted existing industry models, there is no reason why their own market dominance and huge cash flows can’t be usurped by new technologies or challengers.

In age where trust is the greatest currency, hiding beyond a block box of algorithms and impassive customer support may not turn out to be a successful management strategy.

May 102014
General Electric GEnx jet engine is social media enabled

One of the big concerns with connecting devices to the public internet is security, particularly when equipment that was never intended to be on the net is suddenly wired up.

When the world’s computers started to be connected to the Internet in the mid-1990s it became apparent very quickly that most of the operating systems then in use were hopelessly vulnerable to security problems.

The worry is the same thing will happen today with the Internet of Things, particularly with household equipment which – if the PC industry’s experience is anything to go by – will open up whole new fields of risk to homeowners.

While having your kettle or home networked hacked could be painful, it’s nothing compared to the risks of infrastructure or vital equipment being compromised.

So GE’s acquisition of security company Wurldtech is an important development as it focuses on the software aspects of its products and the Industrial Internet – GE’s own term for the internet of things.

Techcrunch’s Ron Miller has a good run down on GE’s purchase of Wurldtech where Neil McDonnell, the CEO of the acquired business, describes the company’s two pronged approach to security.

First, they do testing to discover vulnerabilities in the system and they certify sites that are secure. Secondly, they provide specific security solutions around a system such as a substation or pump.

For GE, Wurldtech will help them secure existing infrastructure and equipment that’s being connected to the net, what they learn should also help designers of the next generation of equipment build security into their products.

GE’s acquistion of Wurldtech is another example of just how seriously engineering companies are taking security in the internet of things, hopefully those building consumer systems are paying attention too.

May 052014
radio discussion on technology, social media and cloud computing

This morning from 10.20am on 702 Sydney I’m talking to Linda Mottram about the Heartbleed bug, connected kettles and dropping off the grid. It’s crowded twenty minutes and I’m not sure how much we’ll cover.

Heartbleed is the main topic of the segment and it’s a big issue that not only exposes a weakness in secure computing but also points out problems with the Internet of Things and the open source model of developing software.

One of the quirky stories of the last few weeks has been the iKettle, a connected kitchen appliance. Do we need one and what happens to your cup of tea if the internet drops out.

3D printing is changing the world of manufacturing but designers are now looking at 4D printing, what is it and how might it change the world of design.

If we get time we’ll also look at the possibilities of dropping off the all seeing grid with the story of a security researcher who tried to hide her pregnancy from the Internet.

We’d love to hear your views so join the conversation with your on-air questions, ideas or comments; phone in on 1300 222 702 or post a question on ABC702 Sydney’s Facebook page.

If you’re a social media users, you can also follow the show through twitter to @paulwallbank and @702Sydney.

Apr 112014

The big tech news story of the last two days has been the Heartbleed security flaw, that might have compromised users’ passwords and other details.

Given the nature of the bug where a server can tricked into giving away bits of what’s stored in its memory, it’s hard to say exactly what has been compromised – on most sites you’d be very unlucky to have your password on banking details in the system at the precise millisecond a malicious attacker exploited the bug – but the risks are still real.

While webmasters and system admins around the world are frantically patching their systems, for the average user the best advice is to wait before changing your passwords as if the bad guys already have your details you’d have probably used them by now and changing your logins on a vulnerable server might actually increase the risk of crooks stealing your information.

The Internet of Things

The longer term risks with Heartbleed are actually in embedded systems and the Internet of Things; many systems will have hard coded implementations of the buggy software which may never be patched and these devices may be give up much richer data than a web server would.

It’s another illustration of how difficult the task of keeping embedded technologies up to date and how to secure the Internet of Things.

Open source blues

While there’s no shortage of similar security lapses in commercial software, the Heartbleed saga is going to concentrate the minds of open source community on how to tighten peer review and audit version updates.

Most open source projects are staffed by small groups of time poor volunteers, making auditing and quality control harder. That key parts of the internet and computer industries rely on these underfunded, and often unappreciated groups is a weakness for the entire sector.

No technological change is simple or without problems and securing information is one of the great challenges of today’s tech revolution and Heartbleed is a strong reminder of that, hopefully we’ll learn some lessons about building robust systems.