Security, authentication, authorization

Alexa, please open the door

More than twenty years ago, as the Internet became more common, some prognosticators began talking about the "smart house," where lots of household devices would be interconnected and make our lives one of ease.

At that time, I wrote a somewhat tongue in cheek article for a professional newsletter about a "smart house" gone wild, somewhat in the fashion of the Hall 9000 problem in the movie 2001: A Space Odyssey.

Technology News:

Microsoft: The company that hates its customers

I had some hope that Microsoft, once Steve Ballmer departed, might become more customer friendly. And in the past couple of years, Microsoft has made steady improvements to products like the Surface tablet/laptop--I see a lot of them in my travels.

Here at the office, we've actually seriously discussed moving away from Apple for office productivity software because Apple, since Tim Scott took over, has apparently just decided quality software is not particularly important.

Internet of Things, Part III: Encryption slows down HomeKit use

Vendors who want to roll out home security devices using Apple's HomeKit are complaining. Using the HomeKit API allows customers to control the devices (with many more applications than home security) from their iPhone or iPad.

Apple is requiring a very high level of encryption for HomeKit-enabled devices to prevent hackers from taking over these devices. If the HomeKit-enabled device controls your front door lock or the entire house alarm system, a complex encryption algorithm is a good idea.

Technology News:

Internet of Things, Part II: Hacked vehicles

The Internet of Things (IoT) continues to roll along merrily, with manufacturers sticking a WiFi chip and a poorly designed single purpose Web server into anything with electricity. That is not so bad. What is bad is the complete and utter disregard for testing for security.

Google Glass: pushback on privacy issues

The U.K. MailOnline has an excellent article about privacy concerns swirling around Google's new spectacles with a built in camera and screen. While the ability to get information in real time about where you and what you are doing is interesting and possibly quite useful, the problem many see with Google Glass is the fact that you cannot tell if someone is taking pictures of you and/or recording you on video.

Frankenstorm and the voting booth

The storm of the century may have blown over by November 6th, but if power is still out in some places in the northeast, I wonder what the Plan B is for voting if all the local governments have are coal-powered (i.e. electric) voting machines? If all the old manual voting machines have been recycled for scrap, how will they handle the power outage? If they still have the old manual voting machines in storage somewhere, do they have a well-designed contingency plan to haul all those machines to each voting precinct and train the poll tenders to set them up and use them on short notice?

Technology News:

Don't take your laptop overseas

The FBI says that you might want to leave your laptop home when traveling overseas. The latest scam is from criminals who set up bogus WiFi networks that look just like the real hotel network. When you fire up your laptop, you get what looks like the real hotel login page, but it is a fake one that immediately loads zombie malware onto your computer. Another trick they use is to have a fake "software update needed" window pop up.

Community news and projects:

Apple is not tracking your every move

I have waited a bit to write about the hoo-ha surrounding the accusation that Apple and Google were tracking user locations via GPS information stored in iPhones and Android phones. I suspected there was more to the story than was being cited in the news. And I was right. Apple has released a Q&A that explains what is going on, and it is indeed benign. Note that this applies only to Apple--I have not seen a similar statement from Google, although it is likely to appear soon.

Technology News:

"Don't worry about the cloud..."

Just last night, at the opening of the Broadband Properties conference in Dallas, I had a discussion about cloud computing with a gentleman who assured me in soothing tones that from a security perspective, there was "nothing to worry about" because IT folks would be very careful and make sure cloud-based data was secure from hackers.

Technology News:

E-voting machine plays college fight song

The city of Washington, D.C. challenged hackers to try to break into one of their secure Internet-based electronic voting system. It was part of a test for the software before deploying it in the city--letting D.C. voters skip going to the polls and voting online instead. Well, students from the University of Michigan hacked into the system and re-programmed the software to play the Michigan fight song after each vote.

Technology News:

Cloud computing: The bad and the ugly

What do the following things have in common?

  • Minicomputers
  • Relational databases
  • Client-server computing
  • Object-oriented programming
  • Web 2.0

All of the above were the latest and greatest IT buzzphrases that, over the past thirty years, were supposed to solve all the world's IT problems. Cloud computing, which by squinting only slightly, could be replaced with the word "mainframe," is the latest buzzphrase.

Technology News:

Diebold gives up on voting machines

Diebold has thrown in the towel on its troubled voting machines business. It has sold the whole division to its competitor, ES&S. Diebold electronic voting machines have been plagued with problems, and the company says it is writing off tens of millions in losses, due primarily to lawsuits from disgruntled local governments who bought the machines only to find out they are a security nightmare.

Technology News:

Verizon cracks down on spam

Verizon gets a pat on the back for cracking down on spam. The company has announced that it will finally close Port 25 on its mail servers. Port 25 allows email be sent without any authentication, making it easy for spammers to use "zombie" PCs infected with spambot software to send spam email.

Technology News:

Static magically creates 1,500 votes

In the continuing saga of voting machines that simply don't work, here is perhaps the most alarming story to date. In a Washington, D.C. voting precinct during the primaries, a "static discharge" magically created an extra 1,500 votes on the memory cartridge that stores the vote tally. The only slightly good news is that someone did notice that the manual tally of voters at the precinct was only 326, but what if it had not been caught?

Technology News:

Paper ballots getting the vote

Paper ballots will be used to collect votes in many elections this fall. There will be a drop in the use of electronic ballot equipment because of security problems, and more states are using paper ballots that are optically scanned because they are easy to use, ease to scan, and provide an auditable paper trail. The biggest shortcoming of the electronic equipment is the lack of a paper trail that can be used to verify results.

"Whaling" is newest kind of spam attack

"Whaling" is a new form of phishing attacks. It is called whaling because the spam emails are carefully targeted towards big fish, or whales. Spammers have been sending carefully crafted emails that look like an official U.S. Federal Court sub poena. Clicking on the link embedded in the email secretly installs a keystroke logger on your computer which then sends userids, passwords, and credit card numbers to the spammer.

E-voting costs 866% more

A study by a watchdog e-voting group in Maryland called SaveOurVotes found that in that state, the switch to electronic voting machines raised the cost of elections by 866%.

But wait, there's more! The counties are still paying off a $67 million dollar loan needed to purchase the machines, even though the machines were found to have serious security flaws and have had to abandoned in favor of the older and more secure optical scanning equipment--which is much less expensive.

Wireless vulnerabilities

This moderately technical article (PDF file) has an extensive discussion of the vulnerabilities of wireless systems, including WiFi, Bluetooth, and WiMax. Communities interested in investing primarily in wireless broadband should read this article first, as the data presented illustrates why most businesses do not regard wireless as a business class service.

Technology News:

Digital photo frames hold more than pictures

Those digital photo frames that are becoming popular hold more than pictures. Millions of them apparently come pre-loaded with a potent virus designed to thwart computer anti-virus programs. The virus is spread from the frame to a computer when the frame is plugged into a USB port.

The virus is difficult to remove, and the article recommends plugging a suspect picture frame into a Linux or Macintosh first to see what is stored in the frame memory (and then deleting it).

Technology News:

Colorado throws out e-voting machines

Following on the heels of Ohio, Colorado has de-certified the voting machines used in some of the most populous parts of the state. Diebold, Sequoia, and ES&S machines were among those found to have problems. The state found that the machines were easy to tamper with, and that the machines lacked any audit trail capabilities, meaning there would be no way to detect tampering if it happened.

Pages

Subscribe to RSS - Security, authentication, authorization