Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.

Tuesday, June 29, 2010

Protecting your kids or creepy stalking?

When is a parent being too nosy? Just how much authority does the school have to monitor and discipline out of school activities? How much right does a parent have to monitor his kids friends?

Shane Richmond of the Telegraph.co.uk examines these questions in light of Emma Mulqueeny's experience. He recounts part of her tale (taken from her blog):

"“It turned out that what had happened was that one of the parents of the other girls involved had seen her daughters wall, and chat, had then explored all of the other girls’ walls and records of chats and had set about printing everything that concerned them. This parent created the file of print outs and took them to the school, asking that they do something about this.The deputy head said that she had a dilemma, really, she could not do nothing, nor could she really get overly involved. She decided that the best course of action was to call the girls in, to reprimand them for the behaviour that had concerned the other parent, mainly to teach them that 1. they can get caught doing anything online and 2. there is no such thing as completely private in the digital world."

Perhaps not the best solution for satisfying one parent without offending others, but not bad either. But lets look at what might be the real problem. The first mother was concerned about her child's activities and friends on-line. So she looked at her daughters Facebook. No big deal, especially if the kid is young. But then she started checking out the friends walls and pages. Then she started printing things out. Then she took the printouts to the school and demanded something be done about the kids behavior.

Did she go to far? At what point? If she's friended to her daughter she's going to see some of the friends stuff anytime she looks at her daughters page. That's part of Facebook, and similar to hearing something somebody said because you're in the same room. But then she started going to the other kids pages and gathering data to support her case that they were doing something wrong.

How would you feel if another parent had been scrutinizing your son or daughters pages? Would it matter why?

Monday, June 28, 2010

Want to help shape national cybersecurity strategy?

On Friday Howard A. Schmidt, Cybersecurity Coordinator and Special Assistant to the President, announced the launch of National Strategy for Trusted Identities in Cyberspace. The vision statement states the goal is that:
Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.
The difficult part of that statement is creating a solution that is easy to use, and getting people to use it. Of course, that's the purpose of a vision statement, to provide lofty goals to strive for. The PDF of the draft strategy includes a more manageable set of goals:
More specifically, the Strategy defines and promotes an Identity Ecosystem that supports trusted online environments. The Identity Ecosystem is an online environment where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities. The Identity Ecosystem enables:

· Security, by making it more difficult for adversaries to compromise online transactions;
· Efficiency based on convenience for individuals who may choose to manage fewer passwords or accounts than they do today, and for the private sector, which stands to benefit from a reduction in paper-based and account management processes;
· Ease-of-use by automating identity solutions whenever possible and basing them on technology that is easy to operate with minimal training;
· Confidence that digital identities are adequately protected, thereby increasing the use of the Internet for various types of online transactions;
· Increased privacy for individuals, who rely on their data being handled responsibly and who are routinely informed about those who are collecting their data and the purposes for which it is being used;
· Greater choice, as identity credentials and devices are offered by providers using interoperable platforms; and
· Opportunities for innovation, as service providers develop or expand the services offered online, particularly those services that are inherently higher in risk
The purpose of the website is to get public feedback. Go to the site, read the comments, read the PDF (35 pages) and put your two cents in. If we don't tell them what we think, we deserve whatever they put in place.

Friday, October 20, 2006

Mirror Friend, Mirror Foe?

George Orwell's vision of Big Brother has not come to pass - at least the way he saw it. We do have cameras in factories, tapping of the entire phone system, and cameras along our highways and on our stoplights. But so far our homes are our castles. But Accenture Technology is arranging to change that with their persuasive mirror system. For more detail you can read one of the Accenture press releases here.

This mirror is a fascinating piece of technology. I don't know that there is any one piece of it that is groundbreaking by itself, but the way everything is put together is revolutionary. Cameras placed around the house send data to a computer which uses special software to modify persons reflection and show what the consequences of all those trips to the refrigerator could be.

If that were all this system could do, it would be an interesting, and likely expensive, tool for persons wanting to gain control of their weight. But persuading us to change to a healthier lifestyle is only one possible application of this technology. It can also be used to monitor people for changes in behavior. Currently the idea is to watch parking garages for car thieves whose actions presumably would differ from the actions of car owners. But there is also the possibility that employers could use this system - minus the mirror - to monitor employees and watch for signs of improper activity. Remember that from an employers point of view, hunting for a different job can be considered improper activity.

This technology disturbs me. Not because of the potential for big brother - not in the short term, anyway. But what does disturb me is that I can see so many acceptible uses for this technology. Monitoring criminals on house arrest becomes not only easy, but warnings generated by behavior changes no longer rely on humans who can't always be there, but are done automatically, twenty four hours a day. Convicted sex offenders behavior at home can be closely monitored for signs of recidivism. psychiatric patients who don't require the attention of a twenty four hour care facility, but need more monitoring than could normally be given at home could be monitored at home as closely as necessary without having to be in a managed care facility. The possibility of using this system to control the home is also intriguing. I can even imagine a time when people use this system to produce their own entertainment. Imagine a world where everyone can produce their own reality show.

So what happens when these devices become commonplace. In stores, offices, and even in the home? Add networking so that the images gathered and displayed can be accessed from outside and the potential for damaging data loss becomes far greater than anything Mastercard could cause by losing your data. The upside is that most data criminals are going to go after masses of data, not individuals. Not enough money.

Blogged with Flock

Thursday, August 03, 2006

Pharming: Old Trick Gets New Name


Pharming is also known as DNS spoofing and DNS poisoning. The Pharmer tricks your browser into sending the real URL (the human readable address) you type in to a real IP address (the computer code address) that is not supposed to go with that URL. In other words, if you type in http://www.mybank.com which is supposed to send you to your banks IP, your browser is tricked into sending you to the IP address of the bad guys page - which is constructed to look exactly like your banks page.

DNS spoofing has been around at least 10 years. The massive increase in ecommerce has some people concerned that it will be used to steal identifying information such as social security numbers, credit card numbers and user id's and passwords. That is a real possibility. In the last few years that have been a couple of cases of large scale DNS spoofing, but none resulted in identity theft. The concern about pharming isn't the scale of problem it is becoming, but the difficulty of protecting yourself against it if it happens to you at all. Unlike phishing, looking at the URL in your address bar will not tell you that you're being pharmed. If the site you are trying to go to uses security certificates (most financial sites should), a simple check for the https or the lock icon on your browser will give you a clue about the pages authenticity. It's unlikely that a pharmer would have a valid security certificate.

There are three main methods a potential pharmer will use to trick your browser:

1. Replace the hostfile on your computer with one he has created.
2. DNS cache poisoning, or changing the URI/IP address connection in the DNS server.
3. DNS hijack - pretending to be the domain owner and having the address pointed at their servers.

DNS spoofing is hard for the enduser to detect or protect against. Fortunately it's fairly uncommon, and difficult enough to do that it will probably remain uncommon for a while. There have been a couple of cases of large scale DNS spoofing in the last couple of years, but none that have involved the theft of finances or identity - or at least none that have been reported. All of the reports I've been able to find involve cases over a year old, and security experts are not exactly unanymous on their opinion of the risk pharming poses. Most do agree that the DNS system was never intended for the use it's seeing now, and that it needs to be seriously revamped or done away with before there are any serious incidents. At this time it seems that pharming is more a potential threat, but one that needs to be stopped before it becomes a serious, active threat.

Monday, July 24, 2006

Will AMD become more like Intel?

A.M.D. to Acquire ATI Technologies - New York Times

Now that AMD has entered the graphics arena, will they begin to make integrated chipsets? Or is this just a move to enter the lucrative HDTV and portable device market? ATI has long been a favorite with Apple computer. Will Intel's primary (only) rival acquiring ATI affect that relationship? Or will this increase the likelihood of Apple using AMD chips in the future? Many Mac fans were offended (to put it lightly) that Apple chose Intel over AMD, but AMD has no chipset offerings to match Intels, regardless of how superior their chips may be.

The personal computer market is mature. The HDTV and portable device markets are still in the growth phase. They're highly competitive, but component providers such as ATI/AMD can do well. That more than anything else may be behind AMD's desire to acquire ATI. As Intel's primary competitor AMD has done remarkably well, but profits are dropping. Spreading into other, growing markets makes good sense. Only time will tell if the video processor market is the right market, but at this point, it looks like a good one.

Blogged with Flock

Thursday, July 13, 2006

No operating system is bulletproof

According to ZDNet Australia someone hacked the Debian servers. Debian may not be the most secure of the Linuxes - they've been hacked before - but they are one of the most popular of the many flavors of Linux. Security is one of the selling points for Linux as well as other non-Windows OS'es such a Apple's OS X. This just points up that no matter what OS you use security is ultimately your responsibility. So lock down your system with only the services you need, get a virus checker to protect against that threat, and use the most secure browser you can find (I like Flock - download it here.)

Be alert and don't trust anything you get online without double checking it. Stay secure and stay safe.

Blogged with Flock

Tuesday, July 11, 2006

Freescale Semiconductor has done what no one else has been able to do, they have brought MRAM (Magnetoresistive Random Access Memory) to market. Technology review has a very informative story here. I'm pleased that it was Freescale that produced this chip. They're somewhat dear to my heart as one of the two companies that produced the PowerPC chips used (until recently) by Apple computer.

But the fascinating thing about this development is that MRAM is nonvolatile not only in respect to power loss, but also to time. In other words, it would make a great "hard drive" for a no moving parts computer. It doesn't suffer degradation over time the way flash memory does, and, unlike flash memory, and it accesses in nanoseconds instead of hundreds of nanoseconds the way flash RAM does. The one downfall is that right now the chips max out at 4 megabytes. But there is hope that the capacity can be increased 100 fold, which would make an instant-on, no moving parts computer a real possibility. Since there would be no need for a hard drive, battery life would increase dramatically for laptops. Another energy saving feature of MRAM is it's ability, like flash RAM, to keep data without a constant supply of power. That means that anytime RAM isn't being accessed, MRAM doesn't need to be supplied with power.

It's not all fast and easy, though. The magnetic fields required to set the memory and the materials used in the chips may not scale well to chips with smaller feature sizes. The magnetic fields used have distinctive shapes and it may be difficult to find shapes that work with smaller sizes and/or other materials.

But even with the potential problems, this is a huge accomplishment, and could change computing as we know it.


Blogged with Flock

MRAM: A paradigm shift in the making?



Freescale Semiconductor has managed to produce a marketable magnetoresistive Random Access Memory (MRAM), something that the industry has been working on for years. The Technology Review has a good article here.



MRAM uses magnetism instead of electricity, so it doesn't need constant power to keep from losing data. It has an access time of nanoseconds, so it's faster than flash RAM. It also doesn't degrade over time the way flash RAM does, making it a good choice for computer applications. Someday your laptop may have no moving parts and have a battery life measured in days. Or at least in tens of hours instead of 4 or 5 (on a good day ;).



There is a down side. Currently the chips max out at 4MB, and although the belief is that capacity could increase a hundred fold. The questions at this point are:



Will the materials currently used in the current chip scale down as chip features scale down?



Will the magnetic fields scale down, or the proper shape of the fields be easily determined, as the chip features scale down?



Assuming that the answer to both questions is yes, or that the solutions are relatively easy to find, MRAM is the answer to the instant-on computer and the no moving parts computer. If this pans out in the long run, the computer you use in five or ten years may have nothing in common with the computer you're reading this on.