November 23rd, 2009

Let's get rid of usernames and passwords for good

Posted by Zack Whittaker @ 5:00 am

Categories: Discussion, Major breakthroughs, Next-generation technology, Research, Security, Web development

Tags: Password, Facebook Connect, OpenID, Zack Whittaker

Usernames and passwords annoy me. Expert advice says to have a different username and password for various services, but the amount of subscriptions, email accounts, social networks and other sites we subscribe to can run into the dozens, if not hundreds.

Password managers help, and single sign-on solutions for an array of sites are useful, and devices like smart cards and biometric devices save us remembering a whole array of combinations. But what if you’re away from your primary computer? You still need to remember all of the sequences and mishmashes of letters and numbers whether you like it or not.

Facebook Connect has helped me out greatly. On my home computer, I never sign out because there’s just no point as nobody else lives with me (thank God), and on my office computer, I always lock my screen so again, no need to log out. With this, it means I can not only sign in straight away to supporting services but it means I can cut down on the number of user names and passwords I need.

Perhaps it is time we worked on a new system. No longer should be need to push the “forgot your password?” link, or have to look up a long list of passwords in the filing cabinet, or even have to rely on a browser to take the workload for us. There needs to be a solution.

OpenID has the right idea, but it works in a similar way to university federation services and doesn’t really share any unique factor. Even CBS Interactive sites like ZDNet, TechRepublic, and BNET have a good idea by sharing the same login details across sites so you don’t need to re-register. But again, this isn’t enough.

I’d like something to change but simply don’t see a system being implemented which wouldn’t cost about a zillion dollars. For now, this thirty-year solution may have to stick with the byline of “if it ain’t broken, don’t fix it”. Then again, Google thought e-mail was broken when it brought out Wave…

How would you fix it?

November 15th, 2009

How could Twitter help in a terrorist attack?

Posted by Zack Whittaker @ 11:33 am

Categories: Discussion, Events, Major breakthroughs, Mobile computing, Security, Social networking

Tags: Network, Mumbai, Twitter Inc., London, Terrorist Attack, Corporate Insurance, Homeland Security, Business Security, Telecom & Utilities, Networking

On 7th July 2005, fifty two people were killed when four suicide bombers detonated home made explosives on the London Underground. During this time, there was panic, confusion, miscommunication and a number of issues relating to where to go and what was going on. Even law enforcement suffered making the situation even more fragile.

With experience of hindsight, with a number of events which social networking from ordinary members of the public (”citizen journalism”) from the terrorist attacks in Mumbai, the Hudson river plane crash and the death of Michael Jackson; Twitter especially has been a key point of communication.

Mumbai was a perfect example of how Twitter dominated the intelligence gathering process, using real people and human intelligence but through an unconventional, insecure medium. Photos were being uploaded to Flickr and Twitpic, and tweets were dominating the blogosphere, and being used as part of commercial news channels as their own journalists simply couldn’t be spread thinly enough.

However in the case of Mumbai, public and very widespread intelligence could have been used to the terrorists’ advantages, also. Not so much the case of the London bombers, though.

How could it have helped London?

Read the rest of this entry »

November 6th, 2009

Facebook profile privacy: Take control, student style

Posted by Zack Whittaker @ 1:25 pm

Categories: Careers, Discussion, Multimedia, Security, Social networking, University, Weird and wonderful

Tags: Facebook, Advertisement, Privacy, E-mail, Online Communications, Zack Whittaker

A question arose in one of my seminars yesterday, asking whether universities spy on students through Facebook.

Yes, they do in many cases. But then the discussion evolved into another topic and this got me thinking. I get emails all the time asking about Facebook privacy settings and those who are worried about certain things being discovered, and the employment problems for future reference.

With the multitude of settings, and more often than not rather confusing and somewhat contradictory, how do you effectively lock down your photos, notes, profile and information, to not only certain people but everyone else outside your close-knit networks?

There are articles already on how to lock down your Facebook through the in-built settings, and this one is particularly good. However there are tricks and subtleties I’ll mention here which you may not have considered before.

Feel free to leave verbal heckles, but in the meantime - are you sitting comfortably? Shall we move on?

Network hacking to avoid staff/student snoopage –>

November 4th, 2009

Google Maps and the mystery of the non-existent town

Posted by Zack Whittaker @ 12:05 pm

Categories: Google, Security, Space, University fun, Weird and wonderful

Tags: Google Inc., Google Maps, Argleton, Document Management, Internet, Blogging, Branding, Enterprise Software, Software, Finance

A small village in the north of England, Argleton, has been causing confusion with an air of mystery. The simple reason is, is that the village simply doesn’t exist except in the world of Google.

The above image is from Google Maps, displaying the village of Argleton, Lancashire, in the north of the UK.

The above image is from Bing Maps, displaying the exact same area but without any reference to Argleton in the map.

The above image is from the birds-eye view from Bing Maps, which shows an aerial, high-resolution image of the area, which I have stitched together (click to enlarge into full scale; warning: 7MB). As you can see, there is nothing but a load of fields and certainly no buildings, let alone a whole village in the area.

So why does Google display this village - which I’ll point out now, categorically does not exist - and other mapping services don’t?

Some believe that the added name is due to a measure to prevent copyright violations, but Tele Atlas provide the imaging and name data and have said they provide accurate information and Google deny that they have altered it in any way. It seems in this area, Google Maps is the looking glass to external information.

The local blogosphere is already taking advantage of this “Internet sensation” with this spoof site. Yet even after months of knowing about it plus users reporting it as an error, it still hasn’t disappeared — branding Google’s mapping service as potentially inaccurate.

Mike Nolan, head of web services at Edge Hill University, wrote:

“I grew up in the area and spotted on the map one day that it said ‘Argleton’,” he says. “But it’s just a farmer’s field close to the village hall and playing fields. I think a footpath goes across the field, but that’s all. The name ‘Argleton’ is similar to ‘Aughton’. Maybe someone made a mistake when keying in the name?”

Yet the president of the Society of Cartographers, Prof. Danny Dorling, suggested that perhaps this was an additional element to a map to hide secret locations, as some may well be forced to do.

The only thing I can think of, and after trying out the name in an anagram solver which provided little except slight amusement, is that it’s a tiny Easter egg which has taken all this time to discover.

What’s your theory? Surely it can’t be as crazy as, say, a fictional village existing only within the realms of Google, can it?

October 28th, 2009

Facebook freezes deceased person's profiles

Posted by Zack Whittaker @ 5:03 am

Categories: Breaking news, Security, Social networking, Weird and wonderful

Tags: Facebook, Page, Person, Zack Whittaker

Facebook for some time adopted a policy which allows profiles of the deceased to stay as they are. With the importance of online identities and many more people than before using the online space as a communications tool, when people pass away, the impact can be more obvious than a few years ago.

But now as the world’s largest community and social network, the company recognises that a number of users will die each and every day and that their online identities and pages should be memorialised - primarily for others to preserve their memory. Read the rest of this entry »

October 19th, 2009

Windows 7 puts Vista into perspective: Only a 'failure' in retrospect

Posted by Zack Whittaker @ 4:53 am

Categories: Discussion, Events, Microsoft, Next-generation technology, Productivity, Security, Skills development, Windows 7

Tags: Operating System, Microsoft Windows Vista, Microsoft Corp., Computer, Microsoft Windows 7, Microsoft Windows, Microsoft Windows Vista (Longhorn), Operating Systems, Software, Zack Whittaker

For my 400th post on ZDNet, this is one mass response in reply to a barrage of emails I have had to suffer over the course of the last couple of weeks.

It seems as though I, and the just-over ten thousand students on my university campus, are not the only ones complaining even still about the abomination that their respective university IT department, hand in hand with the devil itself, Microsoft, have bestowed upon us: forced through product lifecycle periods to upgrade our campus to “the latest and greatest”. Feel free to detect any element of sarcasm in the last sentence.

Only short two weeks ago, I had high hopes for the upgrade. I genuinely thought that a new lease of life could be drawn through the lungs of Microsoft’. I was not only wrong, but overly optimistic.

For those who have been reading since day one, I started with a touch of empathy towards the then-new operating system. Over time, and predominantly over the course of Windows 7’s beta cycles, I became more attached to the lack of resource hogging, sluggishness and a general freshness which could only be rivalled by that of a gentle breeze on a summer’s day in the countryside.

But I did start off with a very good point. Vista back in the day was perfectly fine. Only in comparison to a better benchmark of Windows 7 do we start slating the former operating system. Something that widely popular blogger, Long Zheng, mentioned earlier on this morning on Twitter was this:

To begin, I start with the question as mentioned in the title. From there I hypothesise the potential failure of Windows 7 and look into the few people we can blame for the potentially epic failure of Microsoft’s next operating system.

Who do we blame for Vista, and Windows 7’s potential failure? –>

October 12th, 2009

Cloud storage vs. flash storage: Security vs. simplicity

Posted by Zack Whittaker @ 3:15 pm

Categories: Cloud computing, Government, Hardware, Productivity, Security, University

Tags: Security, Storage, USB Flash Drive, Robin Harris, Flash Memory, Zack Whittaker

A few weeks ago I bought a Kingston 2GB flash drive from my local music store. Only after I got back home that afternoon I wondered why I had actually bought it. I had no use for it (pot calling the kettle black) but still thought it could be useful in one of those moments where data transfer was needed and the network had failed hopelessly.

Robin Harris seems to think that optical media is as good as dead. As a non-read-only medium, I would agree with him. They are still mighty useful for distributing films and software, but flash drives seem to be taking over in some respects.

So in a vain effort to publicly and perhaps pointlessly sort out this conundrum for myself, I’ll weigh them up against each other.

A majority of the developed world has access to a broadband connection. In places such as schools, colleges and universities, the Internet connection is far faster than those commercially available. With integration now between Office and SkyDrive as well as other non-Microsoft combinations, saving a document to an online storage provider is as simple as saving it to your hard disk - and the file is available from anywhere, including mobiles.

Flash drives for me are my last ditch alternative. It’s my backup for when my Internet connection occasionally drops (feel free to detect the element of sarcasm in that). Then, I use it to transfer data from one place to another; more often than not a large movie from a friend’s computer to mine or vice versa. I also use it as an ultimate backup device - in the context of needing to give a presentation and having it there in my pocket just in case the network epically fails.

Then again, for those in student accommodation living in halls of residence, they will find that their Internet speeds are throttled to act as a quality-of-service moderator for other users. That said, most student digs are supplied with Ethernet ports, so the intranet speeds between computers in your block of flats are incredibly fast. To transfer things across the Ethernet network is near instant and much quicker than transferring to a flash drive and walking to the other room.

Flash drives also have the potential to become riddled with malware which not only self-replicate once they plug in to other machines but they exploit the nature of the device itself by installing auto-starting applications. Network administrators spend many of their waking hours clearing up the mess from devices which are infected with malware as I have previously written mentioned.

But because the cloud services are actually a bunch of servers sitting in a warehouse in Arizona and provided by organisations who can afford it, the need to protect themselves is greater than that to protect the user. So you can bet that the physical security and anti-malware features will be pretty substantive. You don’t get this on a flash drive.

However with flash drives, you have the feeling knowing that the data you hold dearly to your heart is in fact dearly in your pocket, protected and safe. It cannot be hacked into or manipulated when it is in there. You can be mugged, though. But even if you get rained on and your flash drive gets mashed in the weather, because of the solid-state goodness, the device is almost always salvageable. It’s not an excuse to drop it in the bath or down the toilet, though.

Ultimately, the cloud is a highly scalable and as secure as it can get, and the flash drive in my opinion is outdated and insecure - especially in corporate/government and university environments - but more practical than optical media. When it comes down to it, user preference always counts more than what I or any other journalist says. Personally, I prefer the cloud, but simply because it’s free.

Thoughts?

October 5th, 2009

Hotmail hacked: Thousands of account details published online

Posted by Zack Whittaker @ 9:47 am

Categories: Breaking news, Microsoft, Productivity, Security, Windows Live

Tags: MSN Hotmail, Microsoft Windows Live, Phishing, Cyberthreats, Spam, E-mail Providers, Viruses And Worms, Security, Spam And Phishing, Internet

Update (19:55 GMT): added statement from Microsoft at the end.

Thousands, perhaps tens of thousands of Hotmail accounts have been hacked through phishing sites and published online, according to the BBC.

The news is still breaking but according to Neowin, who first reported the story, Microsoft have enacted a rapid-response protocol to limit the damage.

According to Neowin:

“It appears only accounts used to access Microsoft’s Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts.

However, considering the Windows Live ID is a single sign-on solution for all Microsoft and Windows Live services, the implications could be a lot greater than first considered.

While phishing is relatively new in the grand scheme of online malware and threats, it seems the tens of thousands of users have mistaken a genuine login page for a fake one, and are now suffering the consequences.

This poses a question I have considered for some time now. There will no doubt be a number of students who have been a victim in this phishing campaign who have been sending and receiving important emails through the service, instead of their own university dedicated system.

Phishing often relies on the service targeted having a massive user base. In comparison to colleges and universities, Hotmail has a greater number of users worldwide, therefore the benefits reaped would be greater.

As a result, it is not clear whether users of Live@edu were targeted, considering the Windows Live ID sign-in process is identical to that of Hotmail. The potential, however, is very much there,

It is unclear at this time whether this is a “proof of concept” come protest-like attack, as the potential to take advantage of these accounts on a personal scale could be endless. But considering the details were published to the wider web, it seems to me it could be a way of alerting people to the consequences of phishing and/or the security of Hotmail.

With the simplicity of the Windows Live ID sign-in screen, to attempt to create a phishing site from this is surprisingly easy. However with the most recent browsers, a clear green bar or similar will indicate that in fact the sign-in screen is secure.

Nevertheless, it is an interesting story which may well see Microsoft bump up their security to Yahoo! anti-phishing standards.

Microsoft’s statement:

“Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a phishing scheme. As always, upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers.

As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.”

October 2nd, 2009

Mozilla Labs UX chief: What's next for Mozilla, Firefox and the Web

Posted by Zack Whittaker @ 12:08 pm

Categories: Cloud computing, Discussion, Events, FOWA London 2009, Major breakthroughs, Next-generation technology, Open source, Research, Security, University, Web 2.0

Tags: Security, Web, Mozilla Firefox, Web Browser, Mozilla Corp., Aza Raskin, Web Browsers, Internet, Zack Whittaker

Shortly after having a door slam in my face and it nearly breaking my nose, I sat down with Aza Raskin, the head of user experiences at Mozilla Labs to discuss not only where Mozilla is heading in the near future but also what he sees in the next-generation World Wide Web.

This interview was done over a cup of coffee in a bustling room. Everything said here is from Raskin himself, with notes taken by myself and paraphrased to make it readable.

The views from the UX guy

As the head of user experiences at Mozilla Labs, he looks at future-proofing Mozilla as an organisation, and as a result focuses mainly on the web. He assists and helps out on other non-Firefox projects but does spend the largest portion of his time on the browser. Even though he and his team are separate from the Firefox development team, he has a large sway of input. On the other hand, some bits he suggests go in and some do not.

Firefox 3.6 will be the next release of Mozilla’s open-source browser and will be designed specifically with Windows users in mind. The new user interface will incorporate many of the technologies that Vista and Windows 7 have such as the Aero theme; more so with Windows 7, though, as multi-touch features will be included in the browser’s functionality.

The future of the web is difficult to guess or estimate in any capacity. Nevertheless, everyone desires an open web. Microsoft, Apple, and Google with their respective browsers are all aiming for the majority share of the market. Raskin assures me that this is not Mozilla’s aim. As a not-for-profit organisation, they benefit from having a wide range of users but for the most part the userbase is the size it is through personal, hands-on experience and “Word of Mouth 2.0″. The aim is not to get 100% of the marketshare, but enough to get the shift and the space to create.

Something Raskin mentioned in the “open web” were things such as Flash and Silverlight - technologies which are plug-ins but don’t allow you to view the source. In his opinion, it is important that everything you see, view and use should provide the code alongside it. Having non-view source so you don’t know what is going on is not an “open web”. There will of course be exceptions to this, but I’m sure you understand what he means.

I asked why Firefox 3.5 had slowed down, become more sluggish and more lethargic in quality and usage from personal experience.

Because Raskin struck me as an unflinchingly honest and supremely intelligent man who understands full well is responsbility to the end-user, I believed him whole-heartedly when he said it was predominantly Adobe Flash that slowed things down. More often than not, web sites hold Flash advertising which is why when you open a selection of ten random tabs, the collective memory going towards running these advertisements cause Firefox’s memory footprint to rocket. I believed himl it made perfect sense.

He told me that Firefox 3.5 was introduced to make things better. With different technologies incorporating a more user-centric set of experiences such GeoLocation, Private Browsing and SeaMonkey, these were base-level features to make the end-user more client (rather than cloud) based and provide an overall enhanced experience; not only on their own volition but to keep up with other competing browsers.

Google and Microsoft have huge research departments with thousands of people working towards making their browsers accessible but also house the potential for a wealth of features for future releases. Mozilla has “tens” of people, but as Firefox is open source, anyone from academics, students, universities, developers and ordinary consumers make the research process so much more democratic. This is what drove him to work on Mozilla Ubiquity.

Along with this and their “personas”, the customisable themes which you can see in the first image above, the browser should be yours and not be the company developing the browser to determine what it should look like. People love personalisation through their sites, bookmarks and add-ons, which is another reason  why Firefox has done so well.

The future of Firefox –>

September 21st, 2009

Google Apps and Facebook's recent inbox controversies

Posted by Zack Whittaker @ 11:56 am

Categories: Discussion, Google, Legal and political, Productivity, Security

Tags: Google Inc., Google Apps, Facebook, ReadWriteWeb, User Permission, Cloud Computing, E-mail, Online Communications, Zack Whittaker

Over the course of last week, issues with both Facebook’s service and Google’s Apps service were highlighted by users.

What Google did wrong

Microsoft must have been reveling in Google’s tears as their competitor to Live@edu glitched, allowing other users and students to view, in some cases, the entire contents of another student’s inbox.

The issue was caused by an unknown bug which occurred during the switchover process from self-hosted accounts to Google-hosted accounts. According to one report, Google took between 3-5 days to isolate the issue and close the accounts before fixing the problem.

ReadWriteWeb’s summation:

“In the case of the Google Apps glitch, which began on Friday, September 11th, a couple of students notified Brown’s Computing and Information Services department (CIS) that they were able to read emails belonging to other students.

The CIS department contacted Google on the following day and sent out an email to the 200 students whose mailboxes were in transition, asking them whether or not they were experiencing the same problem. Some were. The affected students could either see entire inboxes belonging to another classmate or, in other cases, saw less than 100 messages that did not belong to them.”

What Facebook did wrong

On a similar note, Facebook took a relatively quiet step in the anti-privacy route by allowing application to access inbox messages.

This appears to be a effort to open up the Facebook experience outside of the desktop by allowing the API to connect with offline applications, but arguably the system is susceptible to abuse.

According to a campaign to keep messages private:

“On August 11th, Facebook started giving whitelisted apps access to inbox messages. User permission is required, but the potential for abuse is enormous - a malicious or hacked app could post private messages on the web for anyone to read.
Even if you block or avoid applications, messages you send to less careful friends (who do use inbox apps) could be compromised.”

The controversy began when the Facebook Developer site announced last month that:

“The Inbox API allows you to access your users’ messages, once they grant your application the new read_mailbox extended permission. This lets your applications provide an interface for users to view their messages. For example, your application could pop up an alert when the user receives a new message.”

Ironically those supporting the cause (via) Facebook itself, although the petition application you use doesn’t collect any personal information. However, Facebook and security has never seemed very tight with applications in mind; there is very little stopping an application being a spam-engine and causing more hassle than good.

Had Facebook decided to ask the users their opinions of this, explaining in lay terms so the vast majority of audience understands using a poll, perhaps the end result would have been far different.

While no company is perfect and it is becoming increasingly difficult to fix and plug holes in complicated code, both Facebook and Google should take something away from all this: Sometimes doing what you consider good causes more issues, and the customer has the final say.

Have your say. It’s free, you know?