Archive for the ‘Security’ Category

Soocial

May 15, 2008

I’m sure everyone has had this simple idea before: keeping all that contact information in sync irrespective of whether it’s in your computer address book, mail address book, your mobile, your social network site etc. Well, Soocial is in a Dutch start-up in private beta right now and is aimed at exactly that: supporting over 400 models of mobile phone as well as Gmail, Highrise, Mac address book… You can allow other applications to use your contacts without passing on Soocial specific details using OAuth — natch.

I’m also just loving the punning visual design that Soocial uses — whether it’s a Knightrider star and pop icon to symbolise hassle-free synchronisation, or Sean Connery’s pistol-toting, nappy-wearing rendition of Zed in in Zardoz to show that something went wrong. Wonderful.

Technorati Tags: ,

Did you see this?

February 11, 2007

Mr Geddes in cracking form as normal in OPINION://Did you see this? : well worth a good read and re-read. He points out that not only is technology great for making money but it’s great for forming opinions as well and that many of us take this democratisation of opinion forming for granted.

A good deal of Western governments and companies have twigged that market opinion is important, and that showing a good face to consumers is important and that actually doing the right thing is a good deal more profitable than not because of this. This was less so fifty years ago when it was easier for governments and companies to wave their hands Jedi-mind-trick-style, “Move right along there. There’s nothing to see”. A well-informed public is a dangerous thing. Nowadays the information comes thick and fast and as a famous law tells us “90% of everything is crud”. The only way to make sure that the 10% that isn’t gets through is to allow just about anything through.

So, getting different results on www.google.com from those on www.google.cn, or Verizon forbidding criticism using their own network (link is to great blog about Terms of Service for one Verizon service. The actual ToS seem to have been taken down) is initially a shock, but it’s the thin end of the wedge. Censorship is a sin of omission that constrains the natural political power of the network. Unless we all act, it’s going to become the norm, which would be a crying shame.

Technorati Tags:

And you thought pea and ham soup was just for dinner

January 6, 2007

At a recent Christmas party, i won 3 pints of Dutch pea and ham soup (erwtensoep). Not just any soup, but that most Hollands of erwtensoeps, Unox. I left it in my work bag and then unbeknownst to me, brought it with me to work the next day. Except that work was in a different office. I’d made it through all the security checks and was about to board the plane before I decided to dump the precious soup in case I was arrested as a terrorist.
And You Thought Snow Globes Were Harmless Decorations – New York Times:
‘Mr. Schneier’s crack on having to remove shoes: “It’s a good thing the shoe bomber wasn’t an underwear bomber.” ‘

This article has some great quotes on airport security and some simple analysis that runs through my head every time I fly (which lately is a little too often): ‘Inherent in the obsession on liquids and gels, Mr. Schneier said, “is the notion that we can stop the bad guys by focusing on tactics, which is moronic. I pick a defense, you see my defense, and then you, the bad guy, decide what to do. That’s a game we can’t win.”

He added, “Screeners are so busy looking for liquids that they’ve missed decoy bombs in tests. We’ve defined success so weirdly. When T.S.A. takes away some frozen tomato sauce from grandmom because it might become a liquid, they think of it as a success. But that’s a failure. It’s a false alarm.” ‘

Technorati Tags: ,

How to spy on everyone with a Nike+iPod running kit

January 1, 2007

I have been eyeing a Nike+iPod running kit since they came out. I have been a little encumbered by already owning a great running watch that tells me my speed, distance run, heart rate and other interesting metrics, and realising that I seem to train better without such data. The Nike+iPod running kit allows you to put on a particular favourite when you reach the difficult part of your workout and to watch these metrics from your iPod (instead of your watch screen). The kit is made up of a sensor that you drop in your shoe and the receiver which plugs into the dock connector of your iPod. It’s possible to turn off the sensor, but the instructions say that it’s also easy just to leave it running in your shoe. This means that people could be walking around with their running shoes with the sensor on the whole time.

A recent study from the University of Washington shows that it possible to track owners of the sensor, without their knowledge, at distances of up to 20m. For under €200, the authors built a modified receiver, which can transmit the locations of multiple sensors back to a base location via WiFi. They show some possible applications, including a Google Maps realtime mashup of sensor locations:

200701012148
Pretty impressive! As they say, possible applications include allowing a stalker to track his target, or to build a database of the daily tracks of possible targets — e.g. for a thief checking who is regularly away from home for a set period of time. On a less nefarious note, stores could invade privacy of individuals by tracking movement and associating this with purchasing history. Full details of the research, tools built and real results are in the paper and well worth the read. The authors also point out some simple cryptographic techniques that would slow down potential hackers.

Technorati Tags: ,

Procter and Gamble experiment with RFID

January 1, 2007

The iPod running kit paper also notes that Procter & Gamble have collaborated with Walmart recently to test out RFIDs hidden in products. The aim of the test was to check whether RFID could be used to check inventory levels in the stores. When shoppers found out the reaction was predictable: they were a number of irate reactions to the ‘cover up’ of ‘secret study’ of ‘controversial spy chip technology’! Read in this context, these concerns see to be pretty daft. If you stuck a student with a clipboard noting who bought what on the corner of a couple of aisles, it would not be an issue. If you made the shelf a little more intelligent so that it detected the weight of the products in it, no-one would mind. Of course, we are assuming that Procter & Gamble take a lot more care with their RFID devices than Apple and Nike do. A P&G spokesperson said that the chips could only be read by special readers held no further than a half inch away and were largely useless after being removed from the store.

The Nike+iPod FAQ answers the personal privacy question slightly ambiguously: “
Does it use GPS and does this mean you can track my movements?
No.”

Users are encouraged to leave the device on:
“Is the sensor battery replaceable? How long does it last?
No. The sensor’s battery has a life of over 1000 active hours. The sensor sends a low battery signal when there is around 2 weeks of life remaining (based on usage pattern), indicating that the sensor needs to be replaced.

Most Nike + iPod runners and walkers can just drop the sensor in their Nike+ shoes and forget about it. When inactive, the sensor enters stand-by mode to save battery life.

Technorati Tags: ,

Bluetooth hacking

January 1, 2007

Bluesnarfing, bluebugging and backdooring have been in the spotlight for over a year now, and, finally, the mobile phone industry have reacted and are issuing fixes for these very serious problems. Accordingly, the time has come for full disclosure..

A good deal of really interesting material on just how open Bluetooth is. (From those fun folk at the Chaos Computer Club). Rather than discussing philosophical approaches to security, the information here is the practical demonstration of a number of security flaws (some of which are surprisingly simple).

Technorati Tags: ,