Yahoo Dyslexia

Yahoo probably has enough on its plate right now, facing possibly the largest data breach ever –  Yahoo says at least 500 million accounts hacked in 2014 – but I just wanted to point out that it doesn’t inspire confidence when their log in screen contains a glaring typo: 

Screenshot 2016 09 23 05 11 47

(I’m not sure the links below about the ‘account security issue’ are particularly helpful either. Users may not have heard about it, and so don’t know what it’s referring to, and the second link does not enlighten the user in this case about whether they’re ‘potentially affected’ or not.) 

But a typo on a login screen? I had to double check I’d not been diverted to a scam site. Not reassuring. 

23. September 2016 by jeremy
Categories: Scams | Tags: | Leave a comment

Sleazy Old Gray Lady?

I was surprised by how sleazy the New York Times is when it comes to cancelling a subscription.

It can only be done, it seems, by calling a US number during US office hours — even when the subscription is from overseas with an overseas credit card. You’d think the bastion of fair play and decency wouldn’t do that kind of thing. But they do.  

Screenshot 2016 09 15 20 22 26

Of course, as I had made the subscription via PayPal so I could just cancel it with a click. And a confirmation: 

Screenshot 2016 09 15 20 36 56

Set up a relationship again? I doubt it. Sorry ol’ Gray Lady. You blew it. 

15. September 2016 by jeremy
Categories: Uncategorized | Tags: , , | Leave a comment

I’m An Airline, Fly Me

This an email from a bona fide airline: 

Dear Sir/Madam,

Please be informed that your transaction with [international carrier] has been confirmed. Due to fraud prevention procedure against Credit Card transaction, we would like to validate your recent transaction with [international carrier] by filling information below :

Passenger(s) name :
Route :
Date of Travel :
Cardholder name :
Address :

Also, we need to confirm and validate your name and last four digit of your card number. Please kindly provide scanned/image of your front side credit card that used to buy the ticket. You may cover the rest information on the card. Please reply in 8 hours after received this email or we will cancel the reservation.

Thank you for your cooperation.

Best Regards,
Verification Data Management

13. September 2016 by jeremy
Categories: Malware, Privacy, scam, Security | Tags: , , , | Leave a comment

Jack’s Hit: Apple’s Missing Socket

There’s been a lot of talk about the removal of the iPhone’s audio jack, most of it knee-jerk, albeit sometimes amusing. A sampling:

I’m no fan-boi, but I find most of this coverage small-minded. Yes, I get that there’s a potential inconvenience here:

  • if you don’t have the lightning-jack adapter, then you can’t use your existing earphones. 
  • Yes, Apple is prodding you in the direction of its expensive wireless AirPods. 
  • Yes, wireless tech is not quite as ready as it could be for the pairing to be seamless. 
  • Yes, these things are easy to lose.
  • Yes, using the headphone and charging at the same time is not going to be possible without some adapter. (This is an oversight, I agree.) 
  • yes, Apple makes more money, because it owns the lightning connector and makes maybe $4 off each device that uses it. (Yes, I don’t like this either. But the wireless 

But two years down the track these kinds of arguments will seem as anachronistic as those that lamented the phasing out of the floppy drive, the serial port, the parallel port, the CD/DVD-rom drive, its own Firewire and 30 pin connectors. (The ultimate Apple I/O death chart – The Verge)

Oddly, both the arguments by Apple and its supporters are also somewhat limited in their horizons. Apple argues that it needs more space inside the device to pack more goodies in. That the technology itself is more than 100 years old. That it makes it easier to waterproof the device. That audio via Lightning or wireless is actually as good as, if not a better, experience. Apple has talked about being courageous, which is a tad disingenuous: brave is risking everything on a startup, not when you’ve got $200 billion sitting around.

The real reason why being pro-jack is going to seem a little Luddite in the future is that the future is not just wireless, it’s deviceless. The smart watch tried (and in my view failed) to move the functionality of the smartphone to the wrist. It’s not a natural place for that functionality to be, because you’re still looking at, and tapping on a screen. It’s just smaller, closer to your face and strapped on. Same with Google Glass. Nice idea, but you’re still looking at a screen, and people hate you.

The device should disappear, all of its features — input, output — internalised. Preferably inside the body. But we can’t do that quite yet, hence the earbud. A good earbud should be both controller and receptor. That’s where we’re going. This is what I wrote for Reuters on the subject. Here’s what I said on Reuters TV.

Nothing too revolutionary here. It only seems so because the debate around jack’s hit has been so mundane, so parochial, as if technology should stand still, and technology companies should listen solely to their users. The phrase ‘faster horse’ springs to mind. Apple isn’t even leading the field on this. There are at least three other smartphone companies which have already ditched the audio jack — Oppo did it four years ago.

We’ll look back at the folk who protested the disappearance of the jack as slightly quaint folk who didn’t get it. Everything leads inexorably towards breaking down the barriers between us and the technology we use — until eventually it is inside our skull. Next to it is close enough for now. 

Hence Ben Thompson, who nailed it with this piece Beyond the iPhone, saying that this wireless, deviceless future is one which may not involve much of Apple at all. 

To Apple’s credit they are, with the creation of AirPods, laying the foundation for a world beyond the iPhone. It is a world where, thanks to their being a product — not services — company, Apple is at a disadvantage; however, it is also a world that Apple, thanks to said product expertise, especially when it comes to chips, is uniquely equipped to create. That the company is running towards it is both wise — the sooner they get there, the longer they have to iterate and improve and hold off competitors — and also, yes, courageous. The easy thing would be to fight to keep us in a world where phones are all that matters, even if, in the long run, that would only prolong the end of Apple’s dominance.

In that sense, Apple has never stood in the way of its own destruction. Yes, it has penny pinched — taxing accessory makers, avoiding taxes elsewhere, squeezing suppliers — but it has not shied away from making these bigger decisions. What is interesting is that in this new world to come it may be at a disadvantage. 

09. September 2016 by jeremy
Categories: Innovation, Phones | Tags: , , , | 1 comment

Winners and losers from LoRa

This was a short box to accompany my Reuters piece on LoRa:

One company most likely to gain from the rise of interest in LoRa networks is Semtech Corp, which holds some of the IP related to LoRa and makes most of its chips. Companies like Microchip have also made LoRa related kits.

The most likely gainers from the spread of low power connectivity, however, are going to be the companies building and managing the networks. SigFox, a LoRa rival, allows others to make the hardware, and its partners to build the networks, but makes its money from charging companies fees for connecting their devices to the network.

“We’ll see a ton of SigFox and LoRa launches over the region over the next 12 months,” says Charles Anderson, an analyst at IDC.

More traditional players are either adopting or competing (or both) with the new networks.

Some telcos have aligned themselves with one or more of the technologies, rolling out LoRa networks in the hope of gaining a foothold ahead of their rivals. They include KPN Telecom NV and SK Telecom, both of which have rolled out nationwide in their respective countries. “The people who make the most money will be those having a large network at the right price,” says Isaac Brown, of Lux Research.

Other telcos are focusing on technologies that use existing cellular networks and 4G standards. Vodafone for example, is using NB-IoT (Narrowband Internet of Things), while AT&T is using LTE-M (the M stands for machine). Both are standards supported by the cellular specifications body 3GPP.

Telecom equipment makers are aligning with one technology or another. In part this reflects a war over technologies, where Huawei and Ericsson, backed by Nokia Networks and Intel, battled to have their proprietary standards adopted. The NB-IOT compromise has prompted a rash of trials — Huawei recently concluded a city-wide trial with Vodafone in Australia, after a similar trials with Deutsche Telekom in Germany last year. Meanwhile Ericsson in June demonstrated its own NB-IoT products, using Intel chips and software.

ZTE, meanwhile, is a high profile member of the LoRa Alliance, the industry body supporting the standard, officially joining the board in June. It launched some LoRa-based smart meters earlier this year. Other prominent members of the alliance include Cisco and IBM.

07. September 2016 by jeremy
Categories: lora | Tags: , , , | Leave a comment

Ripe for Disruption: Bank Authentication

1473236385_featured.png

One thing that still drives me crazy, and doesn’t seem to have changed with banks, is they way they handle fraud detection with the customer. Their sophisticated algorithms detect fraudulent activity, they flag it, suspend the card, and give you a call, leaving a message identifying themselves as your bank and asking you to call back a number — which is not on the back of the credit card you have.

So, if you’re like me, you call back the number given in the voice message and have this conversation:

Hello this is Bank A’s fraud detection team, how can I help you today?
Hi, quoting reference 12345.
Thank you, I need some verification details first. Do yo have your credit card details to hand?
I do, but this number I was asked to call was not on the back of my card, so I need some evidenc from you that you are who you say you are first.
Unfortunately, I don’t have anything that would help there.

So then you have to call the number on the card, and then get passed from pillar to post until you reach the right person.

How is this still the case in 2016, and why have no thoughtful disruptive folk thought up an alternative? Could this be done on the blockchain (only half sarcastic here)? I’d love to see banks, or anyone, doing this better.

A simple one would be for them to have a safe word for each client, I should think, which confirms to me that they are who they say they are. It seems silly that they can’t give some information — it doesn’t even have to be private information — that would show who they are, but only a customer would know.

01. September 2016 by jeremy
Categories: Rants, scam, Security | Tags: , , , | Leave a comment

New investing app for millennials

A quite cute new app called Moneybox launched today in the UK allows millennials to save without thinking and invest in stocks, also without really thinking. 

The blurb: 

The Moneybox app, which launches today in the App Store, enables users to round up their everyday card purchases to the nearest pound and invest the spare change.

For example, when you buy a coffee for £1.80, the purchase will appear in the app and you can choose to ‘round up’ to the nearest pound. The additional 20 pence is set aside to invest across thousands of companies worldwide including Apple, Facebook, Netflix and Disney, via three tracker funds. In addition to round ups, the app also allows users to set up weekly deposits and make one-off payments into their Moneybox account.

To help users decide how they would like their money to be invested, Moneybox offers three ‘starting options’ – cautious, balanced and adventurous. Users can customise their investment choices using a simple slider interface.

Targeted at Millennials, the app aims to make it easier than ever for people to start saving and investing. By enabling users to sign up in minutes from their mobile phone and start investing with as little as £1, Moneybox hopes to open up investing to a new generation.

Yes, it’s kinda sad that you need to make it real simple, but I like the approach.  

31. August 2016 by jeremy
Categories: Software, apps | Tags: , , | Leave a comment

Chatty Interviewees

Screenshot 2016 08 30 11 00 00

This is what it looks like when I (top line) interview someone who is chatty. Barely get a word in edgeways. 

31. August 2016 by jeremy
Categories: Media | Tags: , | Leave a comment

Innovative Complacency or the Wisdom of the Deceived?

 

This is where I see a real problem for developed Asia: a complacency and disinterest in the role of technology and innovation. Or is it the clarity of vision from too much innovation?

Screenshot 2016 08 26 05 09 48

Source: Avaya, THE PROMISE OF DIGITAL TRANSFORMATION (DX) IN ASIA PACIFIC’S LEADING INSTITUTIONS

In a survey conducted by IDC on behalf of Avaya (no link available, you need to sign up to get a copy), key IT decision makers from developed Asian countries (leaving aside Australia for now) were much more likely to downplay the role of innovation in driving business. Singapore came lowest with 14% of respondents believing the statement “innovation is extremely important to drive business.” Compare that to around 40% in India, Thailand and the Philippines.

(Avaya, in case you’re wondering, “is a leading provider of solutions that enable customer and team engagement across multiple channels and devices for better customer experience, increased productivity and enhanced financial performance.” That could probably be simplified.)

In short (excluding Taiwan for which there is no World Bank data, and Australia, for now) the Asian economies with the highest GDP per capita — Singapore, Japan, Hong Kong – are those that value innovation the least. South Korea is only slightly behind there in terms of valuing innovation.

The same holds true when measured by Internet penetration: the more internet there is, the less valued is innovation.

Screenshot 2016 08 27 14 29 10

Source: Avaya survey (col 1), World Bank (cols 2-3)

 

At the other end, it’s also generally true. The lower the GDP, the more likely a country is to value innovation.

The sad truism is that once you reach a certain level of development — and you don’t experience serious recession or other economic upheaval — you tend to see innovation as an unwelcome disruption. In other words, you identify with the established industries, the established way of doing things, probably because that’s where you work and get your living from.

Looking at it the other way, the less developed a country is, the more people — and we’re talking ‘key IT decision makers’ here, not the rank and file folk — see innovation as a way of improving things.

Of course, there’s another possibility too: that those ‘key IT decision makers’ have seen innovation and they realise it isn’t as great as everyone makes it out to be. Indeed, I have some sympathy with that view. The more ‘disruptive’ a technology is, the more disruption it causes — meaning not just that big slow behemoths are put to the sword, but the people who work for them, the companies that supply to them, or make a little here and there in the supply chain.

A truly disruptive business/technology will not only chop off the head of an industry, it will cut off the entrails and lay to waste the body. That can be painful, and not necessarily good for consumers, or anyone standing in the way.

The other question raised in the survey was whether traditional traditional companies in the Asia Pacific would be able to take control against ‘Uber-like’ competitors. Nearly half said it was difficult to compete against such disruptors, and only 3% said they planned to be disruptors themselves. And while 43% felt they were on a par with their peers in terms of being able to fight back, only 6% felt they were “best in class”. Asian modesty, or a serious crisis of confidence?

Australia and China are worth a separate look here. Australia scored highest on the innovation/importance question, with more than 46% of respondents reckoning it was important. That’s good, but it’s probably part cultural. Why would you not at least pay lip service to the Innovation God?

And China skewed the other way. You would kind of expect China to be up there given what is going on in technology. But it’s low — 21/5% — less than South Korea, suggesting that either they were asking the wrong folk, or, maybe the disruption in China is already giving ‘key IT decision makers’ pause. China is by far the furthest down the track in terms of disruption in Asia, so maybe there is some truth in the alternative explanation of this (admittedly scant) data: As economies become more disrupted, so the key ‘IT decision makers’ in them become more pessimistic about how useful innovation is to the economy.

27. August 2016 by jeremy
Categories: Non-tech | Tags: , , , , , , , , , , , , , | Leave a comment

Mind the air-gap: Singapore’s web cut-off balances security, inconvenience | Reuters

A piece I co-wrote on Singapore’s decision to effectively air-gap most of its government computers — beyond security, military and intelligence. This is not something they’ve done lightly, but it does feel as if they might not have thought it all the way through. On the other hand, there were quite a few people I spoke to who said this might be the thin end of a larger wedge. And what does this mean for the cybersecurity industry? 

Mind the air-gap: Singapore’s web cut-off balances security, inconvenience | Reuters:

By Jeremy Wagstaff and Aradhana Aravindan | SINGAPORE

Singapore is working on how to implement a policy to cut off web access for public servants as a defense against potential cyber attack – a move closely watched by critics who say it marks a retreat for a technologically advanced city-state that has trademarked the term ‘smart nation’.

Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say.

Ben Desjardins, director of security solutions at network security firm Radware, called it ‘one of the more extreme measures I can recall by a large public organization to combat cyber security risks.’ Stephen Dane, a Hong Kong-based managing director at networking company Cisco Systems, said it was ‘a most unusual situation’, and Ramki Thurimella, chair of the computer science department at the University of Denver, called it both ‘unprecedented’ and ‘a little excessive.’

But not everyone takes that view. Other cyber security experts agree with Singapore authorities that with the kind of threats governments face today it has little choice but to restrict internet access.

FireEye, a cyber security company, found that organizations in Southeast Asia were 80 percent more likely than the global average to be hit by an advanced cyber attack, with those close to tensions over the South China Sea – where China and others have overlapping claims – were particularly targeted.

Bryce Boland, FireEye’s chief technology officer for Asia Pacific, said Singapore’s approach needed to be seen in this light. ‘My view is not that they’re blocking internet access for government employees, it’s that they are blocking government computer access from Internet-based cyber crime and espionage.’

AIR-GAPPING

Singapore officials say no particular attack triggered the decision, but noted a breach of one ministry last year. David Koh, chief executive of the newly formed Cyber Security Agency, said officials realized there was too much data to secure and the threat ‘is too real.’

Singapore needed to restrict its perimeter, but, said Koh, ‘there is no way to secure this because the attack surface is like a building with a zillion windows, doors, fire escapes.’

Koh said he was simply widening a practice of ministries and agencies in sensitive fields, where computers are already disconnected, or air-gapped, from the Internet.

Public servants will still be able to surf the web, but only on separate personal or agency-issued devices.

Air-gapping is common in security-related fields, both in government and business, but not for normal government functions. Also, it doesn’t guarantee success.

Anthony James, chief marketing officer at cyber security company TrapX Security, recalled one case where an attacker was able to steal data from a law enforcement client after an employee connected his laptop to two supposedly separated networks. ‘Human decisions and related policy gaps are the No.1 cause of failure for this strategy,’ he said.

‘STOPPING THE INEVITABLE’?

Indeed, just making it work is the first headache.

The Infocomm Development Authority (IDA) said in an email to Reuters that it has worked with agencies on managing the changes ‘to ensure a smooth transition,’ and was ‘exploring innovative work solutions to ensure work processes remain efficient.’

Johnny Wong, group director at the Housing Development Board’s research arm, called the move ‘inconvenient’, but said ‘it’s something we just have to adapt to as part of our work.’

At the Land Transport Authority, a group director, Lew Yii Der, said: ‘Lots of committees are being formed across the public sector and within agencies like mine to look at how we can work around the segregation and ensure front-facing services remain the same.’

Then there’s convincing the rank-and-file public servant that it’s worth doing – and not circumventing.

One 23-year-old manager, who gave only her family name, Ng, said blocking web access would only harm productivity and may not stop attacks. ‘Information may leak through other means, so blocking the Internet may not stop the inevitable from happening,’ she said.

It’s not just the critics who are watching closely.

Local media cited one Singapore minister as saying other governments, which he did not name, had expressed interest in its approach.

Whether they will adopt the practice permanently is less clear, says William Saito, a special cyber security adviser to the Japanese government. ‘There’s a trend in private business and some government agencies’ in Asia to go along similar lines, he said, noting some Japanese companies cut internet access in the past year, usually after a breach.

‘They cut themselves off because they thought it was a good idea,’ he told Reuters, ‘but then they realized they were pretty dependent on this Internet thing.’

Indeed, some cyber security experts said Singapore may end up regretting its decision.

‘I’m fairly certain they would regret it and wind up far behind other nations in development,’ said Arian Evans, vice president of product strategy at RiskIQ, a cyber security start-up based in San Francisco.

The decision is ‘surprising for a country like Singapore that has always been a leader in innovation, technology and business,’ he said.

(Reporting by Jeremy Wagstaff and Aradhana Aravindan, with additional reporting by Paige Lim; Editing by Ian Geoghegan)

23. August 2016 by jeremy
Categories: datawars, Security | Tags: , , , , | Leave a comment

← Older posts