July 29th, 2015
Last week, while this blog was scaring you with tales of hackers-for-hire, the Google folks were presenting some interesting security practices research [pdf] at the Symposium on Usable Privacy and Security (SOUPS) in Ottawa, Canada. The researchers conducted a survey of 231 security “experts,” defined as someone who had at least five years experience working in or studying computer security, and 294 non-experts recruited through Amazon’s Mechanical Turk. There were some very clear differences between the responses of the experts and the non-experts.
- What amateurs can learn from security pros about staying safe online (Ars Technica | Dan Goodin) “A survey found stark discrepancies in the ways the two groups reported keeping themselves secure. Non security experts listed the top security practice as using antivirus software, followed by using strong passwords, changing passwords frequently, visiting only known websites, and not sharing personal information. Security experts, by contrast, listed the top practice as installing software updates, followed by using unique passwords, using two-factor authentication, choosing strong passwords, and using a password manager.”
- New research: Comparing how security experts and non-experts stay safe online (Google Online Security Blog | Iulia Ion, Rob Reeder, and Sunny Consolvo) “More broadly, our findings highlight fundamental misunderstandings about basic online security practices. Software updates, for example, are the seatbelts of online security; they make you safer, period. And yet, many non-experts not only overlook these as a best practice, but also mistakenly worry that software updates are a security risk.”
- Trying to keep your data safe? You’re probably doing it wrong (NPR All Tech Considered | Aarti Shahani) “There’s a similarly stark gap when it comes to antivirus — the software that has long been hailed as the all-purpose cleaner, the rubbing alcohol of the Internet. Forty-two percent of the non-experts surveyed say products like McAfee and Norton are key. But among the experts like [Gerhard] Eschelbeck [Google Vice President for Security Engineering], just 7 percent agree. ‘Antivirus has absolutely its place. But it’s not like the only one solution that people can and should rely upon,’ Eschelbeck says.”
- Online security: How the experts keep safe (InformationWeek | Thomas Claburn) “A third point of differentiation between security experts and non-experts is the use of two-factor authentication. Eighty-nine percent of security experts polled said they used two-factor authentication, compared to 69% of non-experts. Some 12% of non-experts said they didn’t know whether they use two-factor authentication – which probably means they don’t.”
Articles from Ohio Web Library:
July 22nd, 2015
Hacking into the computer files of a company or government agency often is not a very lucrative occupation, unless the hacker has some way to convert stolen information to cash. So a current trend seems to be for hackers or hacker groups to sell their services, before the hack, to someone who wants specific information. The business side of hacking has been highlighted in some recent news reports, like news about the Hacking Team company being hacked themselves, and the takedown of the Darkode forum for hackers. You may think that libraries are safe from this kind of cyber crime (why attack a library?), but by that logic, we also should not be seeing denial of service attacks on libraries – yet we are.
- Hackers on demand (Fast Company | Steven Melendez) “At Hackers List, for instance, hackers bid on projects in a manner similar to other contract-work marketplaces like Elance. Those in the market for hackers can post jobs for free, or pay extra to have their listings displayed more prominently. Hackers generally pay a $3 fee to bid on projects, and users are also charged for sending messages. The site provides an escrow mechanism to ensure vendors get paid only when the hacking’s done.”
- Hackers for hire: How online forums make cybercrime easier than ever (Washington Post | Andrea Peterson) “These forums and black markets offering physical goods as well as digital services – such as the now defunct Silk Road – have helped drive the popularity of cybercrime, because the sites contain almost everything someone would need to get into hacking for profit, [Raj] Samani [of Intel Security] said. Even those without technical knowledge can visit the forums or black markets and hire people to do the individual components of a scam – or outsource it altogether in a subcontractor-style set up, he said.”
- Sophisticated hacker group strikes for profit, not politics (Top Tech News | Jef Cozza) “Almost as unnerving as Morpho’s habit of targeting enterprise assets is its familiarity with the inner workings of its victims. The group has successfully compromised commonly used e-mail servers such as Microsoft Exchange and Lotus Domino, according to Symantec. It has also targeted enterprise content management systems, where it could have gained access to valuable documents such as financial records, product descriptions, and legal documents. And unlike attacks by other hacker groups suspected of working for the Chinese, Russian, or North Korean governments, Morpho’s malware tools are well documented in fluent English.”
- Hacker for hire (ITWeb | Jon Tullett) “Managing consultant [Tyrone Erasmus] at security specialist firm MWR InfoSecurity, he and his teams are hired to audit their clients’ security, mimicking the behaviour of criminal syndicates that are after the same valuable details: financial systems, intellectual property and trade secrets. ‘I’m a bad guy who plays by good guy rules,’ he proclaims, with a nearly straight face. Since the ‘70s and ‘80s, when hackers like Kevin Mitnick and John Draper burst onto the scene, corporate information security has improved greatly, it’s far stronger and…haha. Just kidding. ‘We have a 100-percent success rate,’ Erasmus says, deadpan.”
Articles from Ohio Web Library:
July 15th, 2015
You have likely heard of Bitcoins, but may not have heard too much about blockchain, the technology that makes Bitcoins work. Blockchain is very difficult to explain in just a sentence or two. For a quick summary, try the first Ohio Web Library article cited at the end of this post, or if you want more information, the second article is pretty good. Essentially, blockchain replaces a centralized authority with distributed authority, and this idea is finding applications beyond just cryptocurrency. It has the potential to be used in ways that could impact libraries, such as identity verification, copyright verification, and document preservation.
- Everledger is using blockchain to combat fraud, starting with diamonds (TechCrunch | Natasha Lomas) “Interesting uses of blockchain technology outside the cryptocurrency space continue cropping up. Just this month Ascribe raised $2 million in seed funding for its ‘notary and timestamp for intellectual property and creative works’, which uses the blockchain to store and sign digital images — creating an immutable record of their existence and enabling copyright to be enforced on digital artworks. While back at Disrupt New York’s startup battlefield in May there was ShoCard, a digital identity startup which stores personal identity credentials on the blockchain.”
- Blockchain technology: The key to secure online voting (Bitcoin Magazine | Matthew Daniel) “Just as Bitcoin users make transactions by sending the digital currency to the recipient’s digital wallet, blockchain voting systems involve creating wallets for each candidate or option in an election. All voters are then allocated a digital ‘coin’ that represents one vote, which they can cast by sending their ‘coin’ to the wallet of their choice. As in a bitcoin transaction, the entire process is recorded in the blockchain public ledger, meaning that unlike most current elections, a voter can verify that his or her vote was actually counted.”
- This man says he can save Reddit with the spirit of Bitcoin (Wired | Kevin Montgomery) “By leveraging bitcoin’s technology, a new blockchain-based system could ensure that content cannot be retroactively removed. Instead, it would simply be up to operators of nodes, or endpoints which display data from the distributed database, to choose which information they wish to hide. If any person was upset with which information that an operator was suppressing, they could merely switch to using another competing node or start their own.”
- Blockchain technology will transform the practice of law (Bloomberg BNA | Joe Dewey and Shawn Amuial) “While this technology is only in its infancy, its application to business is developing at a rapid pace. With Goldman Sachs, Nasdaq and many other leading financial firms and companies investing hundreds of millions of dollars into blockchain technologies, one thing is clear — the lasting legacy of the blockchain is likely to be far greater than Bitcoin or any other single cryptocurrency.”
Articles from Ohio Web Library:
July 8th, 2015
There must be something about summertime that triggers interest in software tools to manage Wi-Fi networks, because in the last couple of months we’ve seen several articles on this topic. We’ve cited four of these articles in today’s 4cast, all of them dealing with Wi-Fi analysis tools that are free. You will see a lot of these tools mentioned in more than one article, of course, but the descriptions and discussion of what each tool is good for may help you decide which ones to put in your Wi-Fi toolbox. And in some cases, these may be tools you hope someone else does not have in their toolbox.
- 8 free WiFi analyzers (Network Computing | Ericka Chickowski) “There are additional, lesser known free options, and we’ve assembled the best of them here. Check them out if you’re interested in delving into a specific aspect of wireless performance, planning access point placement, seeking out rogue networks, or you just want a cool, slick interface.”
- 7 free Wi-Fi stumbling and surveying tools for Windows and Mac (Network World | Eric Geier) “Each of these tools gives you the basic wireless details: SSIDs, signal strength, channels, MAC addresses, and security status. Some can even reveal ‘hidden’ or non-broadcasted SSIDs, display the noise levels, or display statistics on successful and failed packets of your wireless connection. Two of the tools include Wi-Fi password cracking tools as well, useful for educational or penetration testing purposes.”
- Free wireless survey software (TCAT Shelbyville – Technical Blog) “It is important to perform a wi-fi survey so that you can determine not only the perfect place to locate your access point or bridge but to gain an understanding of the channel co-existence challenge you may face. With wireless access points in surrounding neighborhoods and businesses, you will need to perform a survey by walking around and mapping out the BSAs (Basic Service Area) of wireless that surrounds you and your organization.”
- 13 popular wireless hacking tools (InfoSec Institute | Pavitra Shandkhdhar) “Sometimes when you are on a network, you also want to check what is happening on the network. This happens mostly in big organizations, when an employer wants to check who is doing what in the network. For these things, there are a few network hacking tools available that let users analyze packets and see what other users are doing.”
Articles from Ohio Web Library:
July 1st, 2015
Warning: This 4cast posting is going to get technical. But hang with us a minute, with a little bit of introductory information, we can probably get through this. In recent years, there has been a tendency for programmers to write “native apps” for a particular piece of hardware, especially a particular smartphone operating system, so they could make the device do complex things online that would not happen smoothly in a web browser built to run on any operating system. So the announcement last week that the major web browsers have come together to develop a new web language that can allow browsers to perform as well as native apps was big news for programmers, and could very well lead to a simpler, more standardized web experience for the rest of us, too.
- The secret alliance that could give the Web a massive speed boost (CNET | Stephen Shankland) “Today, it’s not unusual to run processor-taxing programs as native apps on your tablet, phone or PC – for example, Adobe’s photo-editing software Lightroom. But running a browser-based alternative, such as Pics.io, has its advantages. A programmer, for instance, can write one Web-based app and have it run on any operating system, since you need only the browser. That programmer liberation could help loosen the grip that Apple and Google have on the technology industry today with their iOS and Android operating systems, where native apps rule.”
Articles from Ohio Web Library:
June 24th, 2015
Ancestry Library Edition, which has been part of the Ohio Web Library since July 2011, is one of the most popular statewide library databases, generating over 3 million public library user searches a year (and another 1.3 million from school and college libraries), despite the fact that it is the only Ohio Web Library resource that requires people to go to their library to use it. This on-site requirement stems from Ancestry.com’s business agreement with ProQuest – the Ancestry Library Edition vendor – which did not allow at-home access under any circumstances; that would have reduced Ancestry.com’s sales to individuals. Recent news about a possible sale of Ancestry.com is a good excuse for us to take a look at the history of the company and this business of selling online genealogy information.
- About me (Paul Allen blog) “My biggest claim to fame comes from co-founding Ancestry.com in 1997 (again with Dan Taggart) and launching the MyFamily.com web site in 1998. I was the company CEO for the first year, where we actually achieved positive cash flow as an internet subscription company before raising outside capital. Then we hired my brother Curt Allen, who led the company as we raised $90.5 million in venture capital. We tried to go public in 2000 but missed the window.”
- Permira to buy Ancestry.com for $1.6 billion [October 2012] (New York Times | Mark Scott) “The agreement comes three years after Ancestry.com raised $100 million in an initial public offering. The site, which allows individuals to trace their heritage, has customers in 15 countries, though the majority of its users are based in the United States, Canada, Britain and Australia. The deal will be a welcome reprieve for the site, which has struggled since becoming a publicly listed company. After hitting a $45 high in 2011, its stock price has tumbled to around $29 on concerns that consumers are reducing their spending because of the economic crisis.”
- Exclusive: Genealogy website Ancestry.com explores sale: sources (Reuters | Liana B. Baker And Greg Roumeliotis) “Permira Advisers LLC, the buyout firm that owns most of privately held Ancestry, has hired investment banks to run an auction for the company, the people said this week. The sources asked not to be identified because the sale process is confidential. Permira declined to comment, while an Ancestry spokeswoman did not respond to a request for comment. Based in Provo, Utah, Ancestry has a database of more than 15 billion historical records and more than 2.1 million paying subscribers. Subscription fees accounted for 83 percent of its total revenue of $619.6 million last year.”
- HeritageQuest Online now provides data from Ancestry (Eastman’s Own Genealogy Newsletter | Dick Eastman) “HeritageQuest Online (a division of ProQuest) has supplied genealogy information to libraries for years. […] HeritageQuest Online has now announced that the genealogy information within its service is being replaced with information from Ancestry.com. Indeed, I logged onto my local public library’s web site this morning, went to the HeritageQuest Online database, and performed a search for an elusive great-great-grandfather of mine. When a census page appeared on the screen it looked clearer than what I have seen before and it also had an Ancestry logo in the upper-left corner.”
Articles from Ohio Web Library:
June 17th, 2015
Facebook and Google are both involved in ambitious and interesting projects to economically expand Internet access to some of the most remote areas on earth by using the skies above us. Google’s Project Loon would use balloons in the stratosphere to connect cell phones on earth to the global Internet. Facebook’s Internet.org (with several other partners) would use a variety of aerial means, including drones, to do something similar. The technology behind these projects is pretty interesting, and certainly the goals are commendable. But some people are worried that the organizations driving this expansion of connectivity are for-profit Internet companies.
- How Loon works (Project Loon | Google) “Each balloon can provide connectivity to a ground area about 40 km in diameter using a wireless communications technology called LTE. To use LTE, Project Loon partners with telecommunications companies to share cellular spectrum so that people will be able to access the Internet everywhere directly from their phones and other LTE-enabled devices. Balloons relay wireless traffic from cell phones and other devices back to the global Internet using high-speed links.”
- Connecting the world from the sky [pdf] (internet.org/projects | Mark Zuckerberg) “For lower population densities, where people are spread out across a large area, the higher up you go, the more cost effective it becomes to place trunk stations and to deliver the internet. But signal loss will also be higher, so satellite access is only really a way of providing a basic internet experience for remote communities. Likewise, for high population densities, only lower altitude platforms will be truly effective, and connection speeds will be faster and the experience better for a lot of people. Given these challenges, Facebook is working on a range of technologies that will provide different options for connecting people.”
- Facebook’s Internet.org platform is a privacy nightmare (MediaNama | Nikhil Pahwa) “First up, no matter what Facebook says about Internet.org being a means of promoting Internet usage, it isn’t. It’s a fundamental, permanent change in the way the Internet works by splitting it into free vs paid access. It isn’t the same as giving someone Rs 10 of data access or even 100 mb. It is a permanent shift. While the kingmaker issue has been somewhat addressed by opening up the platform, there is only one true king in all of this, which is Facebook.”
- Critics fear tech giant dominance of airborne internet (Al Jazeera | Tarek Bazley) “But critics say Google’s search engine is already a powerful force online and any move that would see it controlling infrastructure as well, would give the company too much power. ‘Drones and balloons, these are awesome but what are they being used for?’ says Aral Balkan, an independent internet developer. ‘Are the underlying power dynamics changing? Or is it again a very small group of people exerting their power and control over a much larger group?’”
Articles from Ohio Web Library:
June 10th, 2015
A number of serious issues have recently come under discussion due to a contest over gaming. The Electronic Freedom Foundation [EFF] has asked the Library of Congress to provide an exemption to the Digital Millennium Copyright Act [DMCA] so that libraries, museums, and game enthusiasts can preserve online games that have been “abandoned” by the publisher. The argument is that preservation of access to these games also preserves important cultural history. But the Entertainment Software Association has pointed out that the workarounds needed to preserve these games are also the same techniques hackers use to pirate games. It remains to be seen who will win this contest.
- The legal battle for gaming’s past (Polygon | Philip Kollar) “Let’s say you own a gaming museum or even just a large personal collection that has historic value. When a publisher shuts down the online servers for one of your games, you may want to hack the console hardware in some way to allow it to continue being played. In this way online-only games or modes wouldn’t be lost forever. But, according to the EFF, this technically isn’t legal, which is why it reached out to ask for a special exemption.”
- ESA oppose DRM law change preserving online games (Rock, Paper, Shotgun | Alice O’Connor) “The EFF proposed an exemption for ‘abandoned games’ as comments to the Copyright Office in February, and the ESA have now responded. The proposed exemption would allow folks to pick at shut-down games, creating workarounds for authentication or starting their own servers without getting in legal trouble. It’d cover publishers closing services for games, like EA routinely do, as well as the hypothetical shutdown of Steamworks, which many games rely on for their multiplayer. […] However, the exemption wouldn’t cover games with persistent virtual worlds like MMOs, or browser games either.”
- Publishers fight to block third-party revival of “abandoned” game servers (Ars Technica | Kyle Orland) “In a 71-page brief [pdf], though, the ESA says that these kinds of workarounds can’t be separated out from the wider piracy-prevention functions that the DMCA protects against. To add third-party server support to a console game, for instance, the ESA argues that a user has to first get around access controls built into the software and the hardware itself to modify the code. ‘Consequently, the proposed exemption would, in effect, eviscerate virtually all forms of access protection used to prevent video game piracy.’”
- EFF seeks DMCA exemption to preserve abandoned games (Torrent Freak | Andy) “Indeed, the testimony of ESA Senior Vice-President and General Counsel Christian Genetski before the Subcommittee on Courts, Intellectual Property and the Internet last year (pdf), outlines the software group’s position clearly. ‘[W]hile addressing copyright infringement is one important objective of Section 1201, it is not its only objective,’ Genetski said. ‘[A] prohibition on the hacking of technological protection measures controlling access to protected works (even if the hacking does not result in any copyright infringement) [is] necessary in order to encourage innovation in the online distribution of copyrighted works.’”
Articles from Ohio Web Library:
June 3rd, 2015
Last Wednesday – while you were no doubt reading the 4cast – Mary Meeker of Kleiner Perkins Caufield & Byers (KPCB) presented her 20th annual report on Internet trends at the Code Conference in Rancho Palos Verdes, outside of Los Angeles. Ms. Meeker started doing these reports in 1995 – the same year OPLIN was officially created – and they have become a highly respected and anticipated discussion of the state of the Internet each year. Now that the Internet has become such an integral part of our lives, these discussions often have as much to say about our society as they do about our technology, and this year was no exception.
- The impact of the on-demand economy, as told through Mary Meeker slides (Re/Code | Ina Fried) “You can get groceries from Instacart, lunch from Munchery and other goods from Instacart, but society has yet to catch up to how quickly labor and the workplace is being transformed. The good news is that the next generation of workers isn’t expecting the kind of stability that earlier generations have taken as the norm. They see the neighborhood coffee shop as their office, have no expectation of standard work hours and are far more willing to take on freelance tasks….”
- Mary Meeker’s Internet report: User growth slowing, but disruption full speed ahead (ZDNet | Steven J. Vaughan-Nichols) “On the plus side, the Internet social networking has made this kind of work much easier to find. It may not be ideal work, but at least, thanks to the Internet, it’s doable. The down side is that the average income from these services are far below the media US household income of $51,900. For example, an eBay seller will see an average gross of $3,000; a Thumbtack contractor will earn $8,000 a year; and even in New York City, a typical Airbnb host will earn only $7,700 a year.”
- Messaging becoming the heart of mobile, Mary Meeker says (CNET | Ben Fox Rubin) “Bolstering her case, Meeker pointed out that Whatsapp now has 800 million active mobile users, Facebook Messenger has 600 million and WeChat has 549 million. Snapchat, she reported, has 100 million daily active users. On top of those giant user bases, messaging apps also make up six of the top 10 most used apps globally. These statistics build on Meeker’s 2014 report, in which she noted how communicating online was changing, with people using messaging and chat apps more frequently to communicate with small groups of close contacts than they were using sites like Facebook to broadcast messages to larger audiences.”
- Mary Meeker’s vertical video future (Forbes | Steven Rosenbaum) “But as Meeker pointed out – video isn’t getting bigger. It’s getting smaller, and vertical, and mobile. Said Meeker: ‘Small Screen Vertical Viewing Became Big Deal…’ in 2014. Vertical viewing now accounts for 29% of total time spend on screens. Vertical viewing is the only category that’s growing other than tiny growth in ‘other’ connected devices like OTT [Over the Top].”
Articles from Ohio Web Library:
May 27th, 2015
On June 12, the Federal Communications Commission (FCC) intends to reclassify Internet service providers (ISPs) as “common carriers” under Title II of the Communications Act of 1934, which will give the FCC the authority to keep ISPs from discriminating between customers and providing different Internet access quality for similar types of customer traffic. In other words, the FCC will take a big step toward enforcing “net neutrality.” But Title II was primarily written to regulate the AT&T telephone monopoly, and therefore, it contains some other provisions that may now have the additional effect of strengthening Internet privacy.
- The FCC’s net neutrality decision could mean stronger privacy rules for Internet service providers (The Washington Post | Andrea Peterson) “FCC spokesperson Mark Wigfield confirmed that the agency’s vote will give it more oversight over the privacy practices of Internet service providers. Privacy advocates say this is probably a win for consumers, because for the first time ISPs will have to abide by a specific set of rules designed to protect the privacy of communications. The Communications Act, which governs the FCC, includes ‘one of the strongest federal privacy laws currently on the books,’ according to Laura Moy, senior counsel at New America’s Open Technology Institute.”
- FCC has new privacy requirements for broadband providers (Law360 | Michael Pryor) “The protections, found in Section 222 of Title II of the Communications Act, govern data known as Customer Proprietary Network Information (“CPNI”). This section will be among the Title II provisions of the Communications Act that the chairman intends to apply to broadband providers once broadband is reclassified as a telecommunications service. These privacy rules likely supplant the privacy protections currently enforced by the Federal Trade Commission. The FTC does not have jurisdiction over providers of telecommunications services (also known as common carriers).”
- ISPs really don’t want to follow new customer data privacy rules (Ars Technica | Jon Brodkin) “CPNI rules for phone service prevent companies from using customer information to market new services without the customer’s permission. They also require companies to report to customers and to law enforcement when customer information is disclosed without customer permission. Phone providers ‘may use, disclose or permit access to your customer information in these circumstances: (1) as required by law; (2) with your approval; and (3) in providing the service from which the customer information is derived,’ the FCC says.”
- FCC issues guidance on broadband privacy (Broadcasting & Cable | John Eggerton) “The bureau said that it would be looking for ‘good faith’ efforts to comply with privacy protections, and that seeking bureau input would tend to show such ‘good faith.’ The FCC’s reclassification of ISPs under Title II common carrier is scheduled to take effect June 12 absent a court stay, and will give the FCC oversight of broadband customer proprietary network information (CPNI) once the purview of the Federal Trade Commission. But while the FCC said it would not forbear from applying Title II privacy regs under Sec. 222, it said it would not simply transfer the phone rules to ISPs, but instead likely launch a rulemaking to come up with new rules.”
Articles from Ohio Web Library: