• The explosion of social networks and new user accounts in recent years is staggering. There are now over 1,000 social networking sites on the Internet, with Facebook currently being the largest, with over 840 million user profiles. To put this into context, that is equivalent to the combined populations of the USA and UK, making it the third largest country by population. This illustrates how social networks can be a virtual goldmine of information and knowledge for those who can potentially harvest it both openly and/or covertly as we explain below.
    In our first article we explored how social networks can be described as powerful communication tools capable of reaching clique groups and/or vast audiences instantaneously and globally. We explored two theories behind social networking:
    1. Social networks as a powerful tool enabling citizens to coordinate their observation and management of government(s) and corporations, and where deemed necessary, coordinate (non-violent) struggle against perceived injustices; and
    2. Social networks as a powerful tool custom-built for exploitation by governments and powerful organisations to monitor individual, group, regional, and global sentiments and trends.
    We then explored a variety of ways governments are interacting with social media, ranging from government interference in the activities of the major social networking companies; adoption of tools for monitoring of communications over social networking; implementation of methods for the direct analysis of social networks through active infiltration; seeking legal authority to install software on your computer without your permission; and even preventing access to social media.
    In this article, we discuss methods being employed to infiltrated user accounts, and the potential impact infiltration can have on people and organisations on a potentially massive scale.
    Countless criminal organisations have used social networks for all kinds of social engineering attacks with the intent of gathering sensitive information, or to spread malware or steal financial information from users.
    “Social engineering” is an act of psychological manipulation. All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases, sometimes called “bugs in the human hardware”, are exploited in various combinations to create cyber attacks that exploit weaknesses in both computers and humans simultaneously.
    Popularity can have its down side
    Are you excited about the new ‘friend request’ from that attractive looking stranger in your Facebook account? An experiment, over a short eight-week period, by researchers at British Columbia University in Canada, simply created 102 ‘fake’ Facebook user accounts referred to as Socialbots, with the sole intent of making as many friends as possible and harvesting data. The Socialbots began contacting Facebook users by making random ‘friend requests’ and were accepted by one in five people they contacted. Once the Socialbot made some “friends”, it increased its number of friends by using the social networks of those users who accepted it, befriending the friends of friends.
    These friend requests by the now popular Socialbot were far more likely to be accepted. The research team found that a staggering 60-80 per cent of these requests were successful. As a result, they were able to harvest 46,500 email addresses and 14,500 physical addresses from users’ profiles, including a massive 250Gb of personal data. What is critical to understand is that this information can be gathered AS SOON as the friend request is accepted. Then a copy can be stored offline, for later recall at any time. Therefore the actual owner can no longer recover, or change or delete that personal data that someone may have recorded. Facebook’s “Facebook Immune System”, the massive security system protecting users, and which checks some 25 billion actions every day, did not detect the infiltration of the Socialbots. This demonstrates a very simple but effective capability to attack people at random. (We will talk about targeted attacks shortly below.)
    Indiscriminate attacks in the wild
    The well-known Socialbot malware, called the “Koobface” virus, is specifically created to target social network platforms. Unlike most other malware, Koobface spreads “actively” by delivering messages to people who are “friends” of a user whose computer has already been infected. Targeted social network platforms include Facebook, MySpace and Twitter as well as others. Once the host has been infected, Koobface connects back to so-called command and control servers (C&C), or receives directives on actions to perform or to upload compromised information. In this way the agent is able in a short time to build its own botnet, a huge number of Internet computers that, although their owners are unaware of it, have been set up to forward spam or viruses to other hosts on the Internet.
    The most common infection method is via fake content on a compromised web site. It is sufficient to click on one of the links that Koobface has posted on the fake web site. Typically, this link would attract users by offering a download of a cool video or application. If they then download and execute the file, Koobface infects their system.
    This malware is a typical example of an agent that could be used:
    1. by cyber crime to monetise an assault to social networks platforms; and
    2. by governments to infiltrate social networks to perform intelligence operations, or to spread viruses developed with cyber espionage intent.
    Let’s recall a case in recent months when a Nato chief’s personal details were exposed thanks to a series of attacks moved through social network platforms.
     Targeted attacks
    As the Nato chief example proves, social engineering techniques can also be used to target specific individuals. In the first phase of the attack, a little bit of research is required to determine the target’s “position” in society, and their likely “network” of superiors, respected peers and colleagues. Once the attacker has identified those people who are “important” to the target, a series of fake accounts are created on the social network. Remember that more than one person can be called by the same name. Furthermore, much of the data you need to create the fake account (name, face, activities) is already public on other social networks. In the case of Nato’s most senior commander, several fake Facebook accounts for several of his colleagues were created, apparently by Chinese spies.
    In a second phase of the attack, the fake accounts try to contact the real one, by establishing a relationship. This is exactly what happened when Senior British military officers and Ministry of Defence officials accepted “friend requests” from the bogus account for American Admiral James Stavridis.
    At this point, the infiltration attack has now been successfully executed. As a result, it is now possible to steal sensitive information such as personal e-mail account addresses, photos, messages, knowledge of the targets network of friends, which are all potential future targets for subsequent phases of the attack.
    Similar “social engineering” incidents are worrying and show how vulnerable even the higher echelons of strategic command can be.
    There are some risks you face when your “trusted” social network platform has a data breach:
    An interesting case study occurred when the professional social network LinkedIn was recently hacked, and users’ passwords stolen and leaked on the Internet. The company, through its blog, confirmed the event, declaring that more than six million passwords were compromised.
    The LinkedIn hack is considered particularly serious, because the popular social network focuses on networking people in a business/professional context. LinkedIn members share information about their professions and employments both in private business and in governments. Each public association between user accounts acts as a type of credential establishing a person’s standing and credibility in the community as previously described.
    Accessing a LinkedIn account can expose significant information on the (potential) victims, their relations, and participation in events and discussions related to specific ‘closed’ professional areas, with their inherent privacy levels. It is clear that the information could represent the basis for other types of attacks, and cyber espionage.
    Another real risk is the possibility of a massive phishing campaign being launched during these ‘compromised’ hours, inviting LinkedIn users to change their passwords, potentially providing additional information to the criminal. Typically, such campaigns may include strategic dissemination of additional malware types, typically via an e-mail with a link (although this hypothesis has been excluded by LI) which redirects him to the infected web site.
    Ultimately, all this information that has been garnered can be *stored forever* and utilized for a multitude of reasons, to the benefit of the criminals and the perpetrators of your infiltrated account and private information and network of friends and colleagues.
    What can you do to avoid being compromised or exploited?
    1. Actively manage your privacy settings
    2. Don’t accept friend requests from random people. Share your data with fewer people, and only those that you really do know. Confirm with your friend via SMS / phone, before accepting online. Actually know the people you are befriending! Follow up any flagged concerns you may have about a friend’s online behaviour – they may not be who you think they are, or their account may have been compromised.
    3. Think before you click. Never click on suspicious links. Just because they “purportedly” came from a friend or organisation you know, does not make them safe. Report any abuse to the network service provider. You will be helping others be safer as well.
    4. Never enter your username/password on a site that is not using the URL of your social network provider.
    5. Always update your browsers and anti-virus to latest versions as they can protect against phishing and other attacks.
    6. Clear and delete old social network accounts. Over time you stop using accounts for one reason or another. Make sure the social network provider deletes them.
    7. Don’t assume your online correspondence is private. Many accounts have a default setting to ‘share’ (indiscriminately publish) when first created. Anything shared can be saved (and stored for ever), copied, and can of course even be indexed by search engines.
    8. Don’t share your location. Turn off broadcast features. Don’t leave notes saying you are on holiday. This is an invitation for criminals to visit your home.
    Be sure to read our next article in this series where we explore the *physical* risks associated with online social networking.

    Article published on The Malta Independent

  • Takeaway: From diagnostic tools to antivirus to backup utilities, this list of freebies will help you do more with less.
    If you’re trying to stretch a thin IT budget, you probably can’t afford a lot of pricey tools. Luckily, a number of highly useful tools are available for free. Some of them even work better and are more efficient than their costlier alternatives.

    1: ComboFix

    When the standard antivirus/malware software can’t seem to find the problem, ComboFix almost always does. It also looks for and removes most rootkits and Trojans. To use this tool, you must completely disable all antivirus solutions (and you should completely remove AVG). Caution: If ComboFix is not used properly, it can wreak havoc on the machine you’re trying to fix.

    2: ProduKey

    ProduKey will help you get product keys from installed applications so that when you need to migrate to a new machine, you can continue using those costly licenses. ProduKey will recover keys from more than 1,000 software titles, including Microsoft Office, Adobe, and Symantec. When you use this tool, you will have both the product ID and the product key; the ID is important because it will tell you which version of the software is installed.

    3: Hiren’s BootCD

    Hiren’s BootCD is a one-stop-shop Linux boot disk that can help you pull off a number of small miracles. Its tools include Antivir, ClamWin, ComboFix, Clonedisk, Image for Windows, BIOS Cracker, 7-Zip, Bulk Rename, Mini Windows XP, CCleaner, and Notepad++, among others. This single bootable disk could easily be the only tool you need.

    4: Microsoft Security Essentials

    Microsoft Security Essentials is one of the better free antivirus tools available. Its tagline, “The anti-annoying, anti-expensive, anti-virus program,” is true. When the firm I work with was looking for a new free solution, we tested Microsoft Security Essentials against AVG Free and Avast Free and found Microsoft Security Essentials to be superior, less intrusive, and less resource intensive.
    Note: Microsoft Security Essentials can be used for free for up to 10 PCs. Beyond that, you can purchase the business version, System Center Endpoint Protection.

    5: WinDirStat

    WinDirStat is the program you need when you must know what is taking up the space on a hard drive. When C drives begin to fill up, performance degrades rapidly. It’s essential to have a tool to help you discern what is gobbling up the precious space on a machine, and WinDirStat is the foremost app for getting this information quickly.

    6: CCleaner

    CCleaner gets rid of temporary files and Windows Registry problems faster than any other tool. When a machine is having problems, this is almost always the tool I use first. CCleaner also helps ensure privacy by getting rid of traces left behind (such as cookies) by Web browsers.

    Note: It is legal to use CCleaner Free for business use. However, CCleaner Business Edition comes with a few more features (including one-click cleaning) than the free version.

    7: Defraggler

    Defraggler blows away the defragmenting application in all Windows operating systems. It’s faster, more reliable, and more flexible than the built-in tools. With Defraggler, you can defrag a single file or an entire drive. Defraggler supports NTFS and FAT32 systems.

    8: 7-Zip

    7-Zip is the best file archiver/compression tool (outside of Linux command-line tools). It’s open source and works on multiple platforms. Once you install it, you will find 7-Zip has Explorer support and a simple GUI tool that any level of user can manage.

    9: SyncBack

    SyncBack is a reliable, easy-to-use backup utility. No, you won’t be recovering from bare metal, but you can save your precious data. SyncBack can synchronize data to the same drive, a different drive or medium (CDRW, CompactFlash, etc.), an FTP server, a network, or a zip archive.

    10: FileZilla

    FileZilla reminds you that the cloud has not made FTP useless. There are plenty of reasons you might need FTP, so why not use one of the best and most cost effective FTP clients? And if you need an easy-to-use FTP server to slap up on your Windows machines, FileZilla has one.



  • Automated backup programs, whether used to create local backups or copy data offsite via high-speed Internet connections, greatly simplify administrative tasks. Properly configured, automated backups -- including Remote Data Backups, Spare Backup, Dr. Backup, Yosemite Backup, Windows NT Backup, and Symantec/Veritas Backup Exec -- not only ease an administrator's workload but provide some peace of mind.

    Eliminating the daily pressure of having to manually back up an organization's critical data opens valuable time that can be dedicated to other responsibilities. However, it's possible to become overconfident in an automated backup. 

    Alaska officials, for example, recently revealed that a computer technician accidentally deleted data on a hard drive. Seemingly no trouble, the case took a bad turn when, attempting to recover the data from a backup tape, the state found the media unreadable. Recovery costs are estimated to exceed $200,000.

    Review the following 10 things to know about automated backup programs. They could save you and your organization from a similar nightmare.


    #1 Tapes aren't trustworthy


    It's a sad truth. Many expensive tape backup systems fail when needed most. What's worse, many tape failures are never caught. Whether it's a case of a tape drive requiring cleaning or media failing over time, often tape errors aren't caught until too late. Just ask Alaska's Department of Revenue, whose $38 million oil account (including 800,000 electronic images) had to be painstakingly rebuilt by more than 75 employees because backup tapes proved unreadable.


    #2 Tape maintenance is dicey


    In addition to tape drives and tapes themselves proving questionable, even proper-operating media are only as good as the operator. Unless administrators and others charged with rotating the actual tapes complete the task on time using the correct media, tape backups can prove worthless. Even veteran IT professionals occasionally insert the wrong day's tape or confuse recovery sets. For this reason, it's important that schedules and media are carefully monitored and tracked. 


    #3 Data locations change


    Data locations move and change over time. For example, an organization's public relations files might originally be installed within a server data folder labeled PR. Following an acquisition, a new storage strategy might be implemented in which those same PR documents become part of a Marketing folder. The same thing happens with databases, e-mail accounts, user directories, departmental archives, and other data. Unless backup operations are updated every time data storage locations change, backups run the risk of missing critical data.


    #4 Backup operations occasionally fail


    Just because a backup operation is scheduled does not mean that backup procedure will complete. Electrical outages occur. Thunderstorms intervene. Backup media fills. Backup drives get dirty. Systems freeze. The list of elements that could derail a backup is unending. Thus, you should never consider backups covered just because they've been scheduled. Instead, make reviewing backup logs a daily routine. Better yet, make restoring backups to test their efficacy a regular event.


    #5 Backups back up bad data, too


    When backup operations complete properly, they tend to complete exactly as programmed. Backups don't care if whole directories or partitions have been deleted since the last time they ran; backups usually back up what they're told to back up. For this reason, administrators should not depend upon a single backup set. Users occasionally delete whole folders and directories by mistake but sometimes require several days to realize the error. If your organization is working with only a single backup set updated daily, the likelihood of recovering the erroneously deleted data decreases every day. Maintaining multiple backup sets (or performing differential backups throughout the week) provides organizations with additional options for recovering data. 


    #6 Databases and Exchange require TLC


    Many applications -- including those that depend on Microsoft SQL Server and the Microsoft SQL Server Desktop Engine (MSDE) to power their data -- store their most critical information within multiple database files. Unless the complex instructions that link the information between those databases in meaningful ways is also backed up, just having those database files saved to a backup drive won't enable successful restoration. Be sure to follow the manufacturer's backup guidelines when working with such third-party software.
    Exchange servers need special treatment, too. E-mail servers require applications that can perform online backups, as it's impractical to assume an organization could down e-mail servers during specific windows daily just to complete backup operations. Instead, organizations must ensure their backup applications support online or active operations. In the case of Microsoft's popular e-mail server, such programs are described as being Exchange-aware.


    #7 Some apps work better than others


    Many vendor promises amount to sweet nothings; not all products work as promised. Some applications fail to back up all the files, folders, and drives you specify. Others perform a differential backup even though you called for an incremental. Still others fail to properly write data to specific media or don't complete within reasonable timeframes.
    Worse, competition within the online backup space results in many providers going out of business. Often firms go under with little notice and take your data with them. So shop carefully when considering software manufacturers and online providers. Reputation and reliability typically outweigh cost savings when selecting a backup partner. Whenever possible, don't forget it's a best practice to first test an application before deploying within a production environment, too. Doing so helps reveal anomalies and incompatibilities before damage can be done.


    #8 Documentation is critical


    The best defense against data loss, and a crucial component of any disaster recovery plan, is documentation. Only by documenting which systems are backing up what data and when (and where that data is stored) can an organization have confidence its critical data is properly protected. In addition to tracking this information, documentation should provide instructions for testing backups to ensure the backup sets enable proper recovery.


    #9 Proper backup strategies require regular reviews


    Data locations change. Often, documentation doesn't keep pace. As a result, it's easy for an organization's backups to begin tracking the wrong data. IT departments can help prevent disaster by scheduling regular reviews of its backup strategy. Scheduling quarterly meetings to review backup strategies can help ensure backup operations keep pace with organizational changes.


    #10 Security is easily overlooked


    Once data is committed to a backup, that does not mean the data's safe.There is security to consider. Headlines are rife with stories of sensitive data slipping from the hands of couriers or being misplaced or even stolen. Since backups often contain confidential and protected information, companies must take pains to protect not only the principal data but the backups, too.
    In fact, depending upon the industry within which the organization operates, legislation may require special steps be taken to protect backups from public release. When extending backup and restoration privileges and handling backup media, be sure that appropriate steps are taken to guard against unauthorized access. For online backups, this means ensuring the provider supports 128-bit encrypted data streams (and a separate encryption key for recovery).



  • Researcher says security defect puts Galaxy S III and other cell phones using Android at risk.


    Cellphones using Google's Android operating system are at risk of being disabled or wiped clean of their data, including contacts, music and photos because of a security flaw that was discovered several months ago but went unnoticed until now. 

    Opening a link to a website or a mobile application embedded with malicious code can trigger an attack capable of destroying the memory card in Android-equipped handsets made by Samsung, HTC, Motorola and Sony Ericsson, rendering the devices useless, computer security researcher Ravi Borgaonkar wrote in a blog post Friday. Another code that can erase a user's data by performing a factory reset of the device appears to target only the newly released and top selling Galaxy S III and other Samsung phones, he wrote.

    Borgaonkar informed Google of the vulnerability in June, he said. A fix was issued quickly, he said, but it wasn't publicized, leaving smartphone owners largely unaware that the problem existed and how they could fix it.

    Google declined to comment. Android debuted in 2008 and now dominates the smartphone market. Nearly 198 million smartphones using Android were sold in the first six months of 2012, according to the research firm IDC. About 243 million Android-equipped phones were sold in 2011, IDC said.

    Versions of Android that are vulnerable include Gingerbread, Ice Cream Sandwich and Jelly Bean, according to Borgaonkar. He said the Honeycomb version of Android, designed for tablets, needs to be tested to determine if it is at risk as well.

    Samsung, which makes most of the Android phones, said only early production models of the Galaxy S III were affected and a software update has been issued for that model. The company said it is conducting an internal review to determine if other devices are affected and what, if any, action is needed. Samsung said it is advising customers to check for software updates through the "Settings: About device: Software update" menu available on Samsung phones.

    Borgaonkar, a researcher at Germany's Technical University Berlin, said the bug works by taking advantage of functions in phones that allow them to dial a telephone number directly from a web browser. That convenience comes with risk, however. A hacker, or anyone with ill intent, can create a website or an app with codes that instruct the phones linking to those numbers to execute commands automatically, such as a full factory reset.

    The phone's memory card, known as a subscriber identity module, or SIM, can be destroyed remotely in the same way, Borgaonkar said. "Vulnerability in Android can be exploited to kill the SIM card permanently by clicking a single click," he wrote. "After the successful attack, the end user has to go to the mobile network operator and buy a new SIM card."

    While Borgaonkar has drawn attention to the problem, it's unclear how useful the vulnerability would be to cybercriminals who are primarily interested in profits or gaining a competitive advantage, said Jimmy Shah, a mobile security researcher at McAfee. "There's no benefit to the attacker if they can't make money off it or they can't steal your data," Shah said. "It's really not that useful."

    But the technique could cause huge headaches if it were harnessed to issue outbound phone calls, said Mikko Hypponen, chief research officer at F-Secure, a digital security company in Helsinki, Finland. "If that would be doable, we would quickly see real world attacks causing phones to automatically dial out to premium-rate numbers," he said.


    Find Below the Link to the Researcher's Post.
    ___
    Online:
    Ravi Borgaonkar's blog post: http://www.isk.kth.se/~rbbo/ussdvul.html



  • Microsoft founder Bill Gates on Thursday finally gave the new Windows 8 his endorsement and public approval.

    Bill Gates during an Interview with the Associated Press to discuss the Bill and Melinda Gates Foundation’s participation in a global mission to end polio, took some time out to comment about Microsoft's upcoming operating System.

    He called the new operating system scheduled for release next month "a very exciting new product" and "a very big deal" for the world's largest software maker.

    Windows 8 is Microsoft's biggest overhaul of Windows in more than a decade and the company's attempt to stay relevant and exciting in a world where mobile gadgets like the Apple Ipad, Android tablets and smartphones have started to overshadow personal computers.

    He stated he is already using Windows 8 and is very pleased with it. Gates also believes Windows 8 will be a big deal partly because hardware partners are doing “great things” to take advantage of the OS' new features.

    The release of Windows 8 has been scheduled for the 26th of October, 2012, and a new version of the Internet Explorer will be released alongside the new OS on the aforementioned date.

    Of course, Microsoft is prepared should personal computers continue their downward spiral. Versions of the operating system will additionally be shipping on tablets and smartphones come October 26. It's an important step as the Windows & Windows Live division represented 27 percent of the company’s revenue in 2011. But as the numbers indicate, it’s not all about their legendary operating system these days.

    Windows 8 will replace Windows 7 on practically all personal computers sold to consumers.

    It features major changes in the way consumers interact with their machines, and versions of it will also run on tablet computers and smartphones.

    Although Microsoft has grown into much more than a maker of computer operating systems — providing computer services to corporations and Xbox gaming machines to game enthusiasts — Windows still accounts for a significant chunk of the company's annual revenue.

    In 2011, Microsoft's "Windows & Windows Live" division generated 27 percent, or $19 billion, of the company's $69.9 billion in annual revenue.

    Either way, there's no denying that there will be a lot of pressure on Microsoft to deliver big in the next several months.

  • More Passwords, More Problems

    The more we depend on the Web, the more passwords we accumulate—and forget. Some startups think they have a solution.

    Golden Cosmos
    It's easy to remember one username and password. Keeping five or 10 straight is much harder. Password overload has long afflicted techies, but as we all spend more time doing everything from shopping to banking to playing games on the Web, it's become a more widespread problem.
    A number of companies are trying to combat the problem. Approaches range from password managers that secure your login details with one master password to methods that eliminate the need for multiple passwords in the first place.
    A 2007 study by Microsoft Research explored the strength, frequency, and usage of passwords belonging to 500,000 computer users. The study found that each person had an average of 6.5 passwords that they used for 25 different online accounts—meaning each password was being recycled about four times.
    Five years later, most of us have many more accounts that we access across desktop computers, smartphones, and tablet computers. But we're probably no better at coming up with secure passwords—ones that can't be easily guessed or cracked using a computer—and, as high-profile security breaches at websites like LinkedIn and eHarmony show, weak passwords put our online identities at risk.
    The most common tool for organizing a glut of passwords is the password manager, but few people use them, says Cormac Herley, an author of the 2007 Microsoft Research study. A startup called Dashlane is hoping to change this, with a simple password management and automated form-filling tool that it says can make it easier to shop online. Dashlane encrypts and stores passwords on a user's computer or smartphone. Then only the master password—which is not stored on Dashlane's servers—can be used to access the information.
    The company emerged from a private beta test in April, and Daniela Perdomo, Dashlane's director of user growth, says it currently has hundreds of thousands of users who have collectively stored 1.5 million passwords with its desktop and smartphone software (most are using a free version of the service). She claims Dashlane's auto-form-filling technology is accurate about 90 to 95 percent of the time.
    The weak spot here, of course, is forgetting your master password. But the approach also makes it more difficult for others to gain access to your data simply by stealing your device. And setting up a password manager could inspire you to make your individual passwords more secure, knowing that now you'll only need to remember that one master password to access all your accounts on your computer. Perdomo acknowledges that most people aren't ready to be proactive about weak or identical passwords. "The average person doesn't care until they get hacked," she says, echoing the opinion of several security experts.
    Another key drawback of password managers is that they often need to be installed and synched on each device you use to access your accounts. This might be convenient if you're on your home or work computer, but less so if you're at a friend's house.
    Chances are that you'll have your smartphone on you, though. It, too, is coming into play as a way to balance login security and convenience. That's the idea behind PhoneID, which software engineers Mike Thomas and Vahur Roosimaa created in early September at a hackathon—a marathon coding event where programmers come up with new ideas—hosted by tech blog TechCrunch. Currently a prototype, PhoneID lets you log in to websites with your desktop computer by using your smartphone to scan an on-screen QR code, Thomas says. This way, you would never have to type in a username and password.
    The first time you visit a participating website on your desktop computer, a QR code would pop up on the screen. Scanning it with your phone would prompt your computer to ask for your phone number, and PhoneID would send your cell phone an SMS that could be clicked to log you in to the site and authenticate you. On subsequent visits, scanning an on-screen QR code would immediately log you in.   
    PhoneID requires a website to add several lines of code. And while it could be set up to work with sites where you already have an account and password, it's currently geared toward setting up a new account on a site. Thomas says the approach could save websites from having to store and guard password information, and save consumers from remembering their login credentials. "Even for someone who's technically savvy, keeping track of all your passwords is difficult," he says.
    Gartner analyst Gregg Kreizman thinks solutions like PhoneID will become more common as companies take advantage of the cameras, sensors, and geolocation capabilities of smartphones. These features could help by providing other ways of authenticating users, he says.
    But what if we could just cut down on passwords altogether? The most popular existing examples of this approach are Facebook Connect and Sign in with Twitter, two services that let you log in to websites with your Facebook or Twitter credentials. This makes things convenient for users, while also granting sites access to some of your personal information. It's not all that secure, though. Another approach came recently from Intel, which, at the Intel Developer Forum, announced a futuristic-sounding plan to authenticate people by reading vein patterns.  
    A startup called OneID has a different idea. It requires websites to use its login method, which uses public key cryptography—security technology that encrypts and decrypts data using two kinds of "key" belonging to each party, one kept secret and the other published openly—and knowledge of the devices you use to securely sign you in with a single click.
    OneID founder Steve Kirsch, who also founded the search engine Infoseek, says that when a user hits a OneID button on a website, the site sends his or her public "key" to the user's computer. That key is then forwarded to a OneID server, which can make a swift determination based on the website's specifications and user's preferences about what needs to happen next—if additional authentication is required, or if the user can simply be allowed to enter the site.
    OneID users don't need to set a password. A smartphone app that approves higher-risk activities like making online purchases requires a PIN, though. While someone could still steal your computer and then gain access to some low-security websites that don't require two-factor authentication, you could disable that device's OneID access remotely to stop the breach.
    OneID is in the process of rolling out its technology, though the company could not name any sites that are using it. Kirsch says the company is going after sites, such as e-commerce businesses and banks, that require high security. "As they give it a shot and people see the results, then more and more people will give it a shot," Kirsch says.
    Moxie Marlinspike, a San Francisco-based computer security researcher, says single sign-ons that focus on security are a tough sell. "Most of those sites don't see the convenience of not having to manage a username and password as a real benefit," he says, and if they choose to enable one they'll typically go with the Facebook or Twitter options since that will give them access to some of a user's social information.
    Marlinspike thinks that in order to get users to change their behaviors, developers will need to keep working to make security as invisible as possible. But, he says, passwords will likely be with us for a while.

  •  http://graphics8.nytimes.com/images/2012/09/13/technology/13pogue-glasses/13pogue-glasses-articleInline.jpg

    Google Glass and the Future of Technology

    New gadgets — I mean whole new gadget categories — don’t come along very often. The iPhone was one recent example. You could argue that the iPad was another. But if there’s anything at all as different and bold on the horizon, surely it’s Google Glass.

    That, of course, is Google’s prototype of a device you wear on your face. Google doesn’t like the term “glasses,” because there aren’t any lenses. (The Glass team, part of Google’s experimental labs, also doesn’t like terms like “augmented reality” or “wearable computer,” which both have certain baggage.)
    Jason LongoDavid Pogue wearing Google Glass.


    Instead, Glass looks like only the headband of a pair of glasses — the part that hooks on your ears and lies along your eyebrow line — with a small, transparent block positioned above and to the right of your right eye. That, of course, is a screen, and the Google Glass is actually a fairly full-blown computer. Or maybe like a smartphone that you never have to take out of your pocket.

    This idea got a lot of people excited when Nick Bilton wrote about the glasses in February in The New York Times. Google first demonstrated it April in a video. In May, at Google’s I/O conference, Glass got some more play as attendees watched a live video feed from the Glass as a sky diver leapt from a plane and parachuted onto the roof of the conference building. But so far, very few non-Googlers have been allowed to try them on.




    Last week, I got a chance to try on a pair. I’m hosting a PBS series called “Nova ScienceNow” (it premieres Oct. 10), and one of the episodes is about the future of tech. Of course, projecting what’s yet to come in consumer tech is nearly impossible, but Google Glass seemed like a perfect example of a breakthrough on the verge. So last week the Nova crew and I met with Babak Parviz, head of the Glass project, to discuss and try out the prototypes.

    Now, Google emphasized — that Google Glass is still at a very, very early stage. Lots of factors still haven’t been finalized, including what Glass will do, what the interface will look like, how it will work, and so on. Google doesn’t want to get the public excited about some feature that may not materialize in the final version. (At the moment, Google is planning to offer the prototypes to developers next year — for $1,500 — in anticipation of selling Glass to the public in, perhaps, 2014.)

    When you actually handle these things, you can’t believe how little they weigh. Less than a pair of sunglasses, in my estimation. Glass is an absolutely astonishing feat of miniaturization and integration.
    Inside the right earpiece — that is, the horizontal support that goes over your ear — Google has packed memory, a processor, a camera, speaker and microphone, Bluetooth and Wi-Fi antennas, accelerometer, gyroscope, compass and a battery. All inside the earpiece.

    Google has said that eventually, Glass will have a cellular radio, so it can get online; at this point, it hooks up wirelessly with your phone for an online connection.

    And the mind-blowing thing is, this slim thing is the prototype. It’s only going to get smaller in future generations. “This is the bulkiest version of Glass we’ll ever make,” Babak of Google said.

    The biggest triumph — and to me, the biggest surprise — is that the tiny screen is completely invisible when you’re talking or driving or reading. You just forget about it completely. There’s nothing at all between your eyes and whatever, or whomever, you’re looking at.
    And yet when you do focus on the screen, shifting your gaze up and to the right, that tiny half-inch display is surprisingly immersive. It’s as though you’re looking at a big laptop screen or something.
    (Even though I usually need reading glasses for close-up material, this very close-up display seemed to float far enough away that I didn’t need them. Because, yeah — wearing glasses under Glass might look weird.)

    The hardware breakthrough, in other words, is there. Google is proceeding carefully to make sure it gets the rest of it as right as possible on the first try.

    But the potential is already amazing. Mr. Pariz stressed that Glass is designed for two primary purposes — sharing and instant access to information — hands-free, without having to pull anything out of your pocket.
    You can control the software by swiping a finger on that right earpiece in different directions; it’s a touchpad. Your swipes could guide you through simple menus. In various presentations, Google has proposed icons for things like taking a picture, recording video, making a phone call, navigating on Google Maps, checking your calendar and so on. A tap selects the option you want.
    In recent demonstrations, Google has also shown that you can use speech recognition to control Glass. You say “O.K., Glass” to call up the menu.

    To illustrate how Glass might change the game for sharing your life with others, I tried a demo in which a photo appeared — a jungly scene with a wooden footbridge just in front of me. The theme from “Jurassic Park” played crisply in my right ear. (Cute, real cute.)

    But as I looked left, right, up or down, my view changed accordingly, as though I were wearing one of those old virtual-reality headsets. The tracking of my head angle and the response to the immersive photo was incredibly crisp and accurate. By swiping my finger on the touchpad, I could change to other scenes.

    Now, there’s a lot of road between today’s prototype and the day when Google Glass will be on everyone’s faces. Google will have to nail down the design — and hammer down the price. Issues of privacy and distraction will have to be ironed out (although I’m not nearly as worried about distraction as I was before I tried them on). Glasses wearers may have to wait until Glass can be incorporated into actual glasses.

    We may be waiting, too, for that one overwhelmingly compelling feature, something that you can’t do with your phone (beyond making it hands-free). We’ve seen that the masses can’t even be bothered to put on special glasses to watch 3-D TV; it may take some unimagined killer app to convince them to wear Google Glass headsets all day.

    But already, a few things are clear. The speed and power, the tiny size and weight, the clarity and effectiveness of the audio and video, are beyond anything I could have imagined. The company is expending a lot of effort on design — hardware and software — which is absolutely the right approach for something as personal as a wearable gadget. And even in this early prototype, you already sense that Google is sweating over the clarity and simplicity of the experience — also a smart approach.
    In short, it’s much too soon to predict Google Glass’s success or failure. But it’s easy to see that it has potential no other machine has ever had before — and that Google is shepherding its development in exactly the right way.


    Article adopted from the NewYork Times Technology page...

  • Symantec_CyberCrime_Report

    2012 Norton Cyber-crime report; A worrying scenario.

    Here we are with the regular appointment with Symantec and its report on cybercrimeThe yearly Norton Cybercrime report“, a document that analyzes the evolution of  cyber criminal activities and their impact on the society. The report covers different technologies including and social networking and mobile reporting the impact on final customers in economic terms.
    The report involved 13018 participants across 24 countries aged 18-64 and a pool of expert collaborators.
    The impact of cybercrime is worrying with 556 million of victims per year, 2 on 3 adults have been victims of on line illegals in their lifetime, the total economic loss is 110 Billion with an average cost per victim of $197.
    The Asian region is the most affected by cybercrime, the global pricetag of consumer cybercrime for China amounts to 46 Billion , followed by US with 21 Billion and European Area with 16 Billion.
    The highest numbers of cybercrime victims were found in Russia (92 percent), China (84 percent) and South Africa (80 percent).
    The technologies that have suffered the major increase in cybercrime are social networking and mobile.
    It has been registered an increase in cybercrime which takes advantage of social networks and mobile technology. Mobile users are very vulnerable to attacks, 2/2 adults use a mobile device to access the internet and the mobile vulnerabilities doubled in 2011 respect previous year.
    44% of users aren’t aware of the existance of solutions for mobile envitonments, and 35 of adults have lost their mobile device or had it stolen.

    Of particular concern is an improper use of social networks, wrong management of sessions, absence of validation of visited links and a total ignorance of any security setting expose users to fraudulent activities.
    15 percent of users have had their account infiltrated, and 1 in 10 have been victims of fake links or scams.

    Other behavior extremely worrying is the way in which people use public networks and operate on it, for example accessing to private services such as email.
    The email account are one of the most appetible targets for cybercriminals because they represent a simple way to access to sensible information.
    “When using public connections, 67 percent access email, 63 percent use social networking and 24 percent access their bank account, according to the report.”

    I found really interesting the reading of the report of security firms that could give us a vision on the evolution of cyber threats and of course some practices to share for those users too “distracted” or unaware of the incoming risks.
    The report confirms that cyber-crime industry is a factory that has no crisis and that moves amounts of money comparable to the economical revenue of a State.
    What is worrying is the increasing trend that demonstrate the need to put in place further countermeasures and of course a massive awareness campaign.










  • If you are anything like me, you get to ask questions like what computer should i buy, what phone to buy, or what gadget to buy. More recently, a whole lot of people have been asking: “should I buy a notebook computer or should i just go for a tablet?” This question goes to show how much upside this tablet category has in the computing paradigm shift we are observing. However, with where we are in the early days of this category, does it really make sense to recommend a tablet over a notebook?


    When laptops/notebooks entered the technology market, everyone wanted one of those small devices for computing on the go. Laptops received a lot of hype because of their portability and their ease of use. This new technology took the computing world by storm and dominated the portable computer scene until a new device entered the market: the tablet. This device offers several of the same features as laptops but with added portability. Some individuals may feel this is the new way to compute and they can’t live without their tablet, whereas others say laptops can never be replaced.

    So, How do we now answer this Question, a Notebook or a Tablet?
    We respond to their Question with a Question
    Like any good or helpful IT person, the best way to answer any tech related question where multiple products, platforms and companies are being considered is always to ask “what do you plan to use it for?” This allows you to get to the heart of a person’s computing needs and then recommend a product based on their primary uses.

    However more often than not I am still recommending a notebook over a tablet, especially when they are looking at replacing their primary computer. I don’t currently believe a tablet is a notebook replacement at this point in time. We can actually say that touch computing represents the opportunity to bring us into a new age of computing where tablets and other touch computing devices can replace a notebook, but I don’t feel we are there yet.

    In some cases I have actually recommended the combination of an all-in-one desktop and a tablet over a notebook. I’ve found that the question of performance over portability comes up quite a bit in these conversations and the all-in-one desktop combined with a tablet hits both performance and portability in ways a notebook can not. There is decent sync software on the market from companies like DropBox or SugarSync which keeps content aligned across devices and is useful in the desktop / tablet combination.


    Lets take a look at the advantages and disadvantages of each device to help decide which will best fit us and our needs.


    Laptops
    One of the benefits of using a laptop is the hardware included on the product. Laptops come with full keyboards, large screens and much higher screen resolution than you would find on any tablet. A full, physical keyboard is a desired feature for many individuals who do not like to type on a touchscreen. You can type much faster and more accurately using a full keyboard. The screen is also much larger for viewing photos, browsing the web or even enjoying entertainment content. For a full laptop, not a netbook, your screen size will be 13 inches or larger, depending on the type of product you purchase. Laptops are also more durable than tablets, and you won’t have to worry about scratching or damaging the touchscreen display.
    However, bigger may not always be better. Originally, laptops were designed for portability. These devices accomplish work on the go but they can be a burden to carry with you. Most laptop computers weigh anywhere from 3 to 9 pounds. Not only can this heavy weight be an annoyance to carry in a backpack or briefcase, it can cause back pain if they are carried for extended periods of time.

    Tablets
    These highly portable computing devices give you full control of the screen, features and applications. By using your finger or a stylus, you can directly touch the screen to make gaming more interactive, and the hands-on approach provides a more tactile experience than a mouse for drawing and illustrating. Compared to laptop computers, these products are small. Most tablets offer anywhere from a 7-inch to a 10-inch display screen and weigh less than 1 pound. You can store all your music, capture photos or videos, video chat and even read books on their built-in eReaders.
    Aside from some hefty price tags, you must take special precautions in the care of these devices. They may have a durable body, but the touchscreen display is exposed. And if the touchscreen is damaged, your device could become useless. You can buy a case to protect the screen, but these are not included with the product and require a separate purchase.
    If you're trying to decide between a laptop and a tablet, it all depends upon you and your needs. If you are planning to carry your computer for extended periods of time, the lighter tablet may be ideal for you. Or maybe you want a physical keypad and don’t like the touchscreen display. If you are in the market, figure out what features you must have in your device. Compare and contrast different products to see which ones have the specifications you are looking for. Only by figuring out your needs will you discover which type of computing device you prefer.


    What you should buy depends on what you expect to do with the device. So let's break it down a bit to help you make a decision...

    Do you want to create stuff or consume it?
    The tablet is more of a consumption device, whereas a notebook is more of a creation device. Ask anyone who has ever tried typing a document using a tablet's touch keypad and he will tell you that it can be quite a tedious task.
    On the other hand, if your job requires you to mostly access your emails, browse the web, read reports (as opposed to creating them) and video conference, then the tablet is right for you. And whether it's watching a movie or reading a book, the slate is a far better option.
    Which software do you need?
    Software offerings for notebooks - especially office suites - are still superior to what's available for tablets. In terms of serious offerings, many mobile apps do not promise the same flexibility that the computer versions do.
    On the flip side, tablets have apps that are not only cheaper, but also a lot of fun. And there are lakhs of them, both paid and free, spanning genres such as productivity, photography, gaming, social networking, music, reading, etc.
    How much stuff do you have?
    If you're a media junkie, with a huge collection of MP3s, photos and videos, or the type that deals with huge files, and softwares, then the notebook remains the best option. Most laptops will give a minimum of 200GB of space, going all the way up to 1terabyte (1024GB).
    Tablets, on the other hand, come with just 16, 32 or 64 GB of storage, which is insufficient for high-definition multimedia content. Still if you don't need to store vast amounts of data, a tablet is not a deal-breaker.
    Will you carry it around a lot?
    There is no denying that a tablet is more portable than a notebook, offering better battery life in a significantly lighter package. Besides, if you're a frequent flyer, you will definitely appreciate the tablet when passing through the myriad airport security checks.
    How well does it play with other gadgets?
    In your professional life, you might need to hook up your gizmo to a projector, a broadband wire or a printer; and you might even need to connect other gadgets, like pen drives or a phone, to your device. A notebook is a clear winner here, since most come with at least three USB ports, one HDMI port, an Ethernet port for broadband as well as a card reader. These machines also support USB dongles or Wi-Fi for internet connectivity.
    With a tablet, you will have support for Wi-Fi  and 3G SIM cards work just as well. Most hotels provide wireless internet, so using your tablet when travelling should not be an issue. But unless you have the right cables handy, connecting your tablet to other gadgets is going to be a pain.




    If a Tablet is the best option which do I recommend?
    Often times, however, the person asking the question is looking to add a device to their home, not necessarily replace a primary computer. When this is the case a tablet is a great second, third or fourth screen in the home. It can do quite a bit of generic computing, but having a desktop or notebook as a primary computer is still recommended in some capacity.
    When recommending a tablet it’s important to understand the technical savvy of the person asking the question. For those who I know, or find out, are very technical and love to tinker, customize, tweak etc their technology I know they will love Android. For those like my wife or her parents, or anyone who is not in the 12-15% of early adopters, I’m not as comfortable recommending the Android route yet.
    The middle part of the consumer market is called the early majority and the late majority. Most of that market is made up people where technological understanding is not central. They are the consumers who just want their technology to work: they don’t want to have to think about it, they just want to use it.
    For those consumers I overwhelmingly recommend the iPad. First of all because I don’t want to be tech support, which is also why I recommend Macs in general for these folks, second because the things that Android fans love don’t even enter the minds of these non-tech savvy consumers. It’s not because they are not enlightened, as some would claim, or indeed that they need to see the light, its simply because for them technology represents something very different. These consumers value something different and that is the point – value.


    Laptops and tablet PCs are both viable options. However, there are some key differences, and the notebook offers more benefits than the tablet


Subscribe to: Posts (Atom)