Hullo Changes the Game

By | November 22, 2011
2 Comments

Interesting new step forward for the phone, with a “personal call manager” service called “hullo”. The significance? It brings to an end certain restrictions on what a phone is and what it can do:

  • we’re now much more likely to be moving about when we talk, but until Hullo we were still tethered to a single line: Now you can move between one phone and another (on a different line) midway between a conversation (hullo Handoff)
  • we can forward, block or hold calls but we can’t forward, block or hold people: Hullo lets us decide who can contact you and how they do it; (hullo FindMe)
  • phones used to be one on one; now they’re one on many (hullo Chat);
  • phones have been weak as broadcasting tools (multiple SMS was about as good as they got). Now you can send a personal voice message to everyone you want (hullo Blast)

Intriguing stuff, and don’t be put off by the student/young folks twang the website has. Windows only.

The Autorespond Trap

By | November 22, 2011
5 Comments

I’ve written before about the general dodginess of “away notification emails” automatically set up to respond to incoming emails. Such messages usually go along the lines of:

I will be out of the office from 12/08/2006 to 13/08/2006 hunting gazelle in the Liposuction Basin.

For urgent matters, pl contact Ms Elbowgrinder/ Mr Headstrong at Tel 689023 during office hours.

Why are these a bad idea? Well, you’re basically broadcasting to anyone who sends you an email that you’re

  • on vacation, and therefore leaving a presumably empty house
  • details of when they won’t be around
  • giving large amounts of useful information to identity thieves or social engineers wanting to steal your password
  • clogging up people’s inboxes with more information than they are likely to need (if they don’t know you’re on holiday you’re probably not that close).

Anyway, I couldn’t help but be amused by a recent announcement on a security mailing list (which shall remain nameless; I don’t want to compromise security further) which prompted more than 30 autorespond messages informing senders that the recipients were on holiday/maternity leave/trips/the moon. Leaving aside the security lapse that allowed such messages to go to all recipients of the mailing list, I was surprised that these people, all of them apparently in the security field and in government, were broadcasting their movements and absence from the office. Who’s to stop someone from using this information to call up their secretary/stand-in and socially engineering their way into some lucrative information? My advice: Don’t use these autoresponds unless you don’t mind telling all and sundry about your movements.

Oh, the original mailing list email that prompted this deluge of autoresponds was one announcing details of an upcoming information security & hacking conference. No, I’m not going to say which.

Let Your Fingers Do the Remembering

By | November 22, 2011
2 Comments

Maybe I’ve missed something, but why isn’t more work dedicated to understanding the link between passwords and memory? Given that we’re supposed to remember our passwords (as opposed to writing them down on Post-it notes and sticking them somewhere prominent) why don’t we look more closely at the process whereby we remember stuff — and forget it?

Danah of apophenia wrote recently about the somewhat lame password recovery system some websites use whereby “you have to choose three questions and answer them. The problem is that they are all “What is your favorite n” where n is restaurant, band, movie, song, actor, book, drink, food, place, past-time…” As she points out, favorites tend to change over time, and if they were stable, such information is likely to be available “all over the web on their profiles for dating and social network sites.”

One commenter says Bruce Schneier has written that such password recovery systems are less secure than your password, so advises against using them. Here’s the original link, I believe: Bruce concludes that “The result is the normal security protocol (passwords) falls back to a much less secure protocol (secret questions). And the security of the entire system suffers.”

This is all a roundabout way of writing about a recent experience: one password I have to enter is actually a four digit PIN as part of a SecurID token (one of those readouts that give a different number every few minutes). Four digits I’ve used since 2000, and yet, after two weeks off, I couldn’t remember. It was only when I stopped trying to remember, that I remembered, if you know what I mean. It’s not that I had forgotten the number, it’s that I could retrieve the number from my memory. (This is getting way to existential – Ed). The way I “remembered” the PIN was to stop thinking and just type it. My fingers, if you will, remembered it better than my memory did.

I haven’t looked hard, and perhaps there’s data on this kind of thing. But this kind of memory must be way more useful than favorite colors and books and all that kind of thing, which requires thought, which in turn is vulnerable to forgetfulness, or changing habits.

A Communicator Killer?

By | November 22, 2011
2 Comments

I tend to think of the Nokia Communicator (aka The Brick) as a somewhat retrograde device, popular to folk who haven’t quite caught up with the shape of things to come (aka The Smartphone). But Indonesians and Germans don’t agree (link to a podcast I did on the subject for the BBC), using the Communicator in such large numbers that Nokia tends to focus most of its promotional energies in those two countries. This may explain why a German company is about to launch a Communicator lookalike: the HandyPC.

Tony Smith of The Register reports that Berlin-based phone maker ROAD GmbH has announced the HandyPC, a clamshell device based on the Linux operating system and Trolltech’s Qtopia GUI. It’s a quad-band GSM/GPRS/EDGE device with Wi-Fi and Bluetooth on board too. No date has been given for when the product will be sold, or how much it will cost.
 

Linux-based HandyPC to challenge Nokia Communicator | Reg Hardware.

Hang On, I’m Just Calling My Getaway Car

By | November 22, 2011
1 Comment

A bank in Chicago has banned use of cellphones in five of its branches, hoping to prevent the bad guys from communicating with each other during a robbery, according to UPI:

“We ban cell phone use in the lobby because you don’t know what people are doing,” Ralph Oster, a senior vice president [of the First National Bank], told the Chicago Tribune. Cell phone cameras are also a worry.

Oster said there have been holdups in which bandits were on the phone with lookouts outside while committing bank robberies.

As the piece points out, this isn’t the first such ban: West Suburban Bank, based in Lombard, Ill., barred customers wearing hats in January but has not moved to silence cell phones.

Does this make sense? Well, in some ways it does. If there’s a guy hanging around the bank on the phone, it could be that he’s coordinating his getaway car, and you would want to try to nip that kind of thing in the bud. It does happen. By stopping him (or her) from using a cellphone he may decide not to rob your bank, but the one next door instead, where cellphones aren’t banned.

However, where does it stop? Would someone texting/SMSing be told to stop? And how would a security guard, however many PhDs he has, be able to tell the difference between someone jabbing away on a cellphone and jabbing away on a PDA? How about people using handsfree devices? Are they just singing/talking to themselves?

On the other hand, isn’t there an easier way? I would have thought a cellphone blocker would be a better idea (check out this excellent Google Answer on the difference between jammers (illegal in the U.S., since it involves actually interfering with the signal) and blockers (which build a shield around the location to block signals from penetrating it).

Of course, there are downsides. How many times have you been in a bank and then realized you needed to contact a friend/colleague/family member to discuss how much money you should take out/deposit/borrow? As Bruce Schneier would say, devices can be used for both good and ill and if the good outweighs the ill, as it usually does, banning is stooopid:

We don’t ban cars because bank robbers can use them to get away faster. We don’t ban cell phones because drug dealers use them to arrange sales. We don’t ban money because kidnappers use it. And finally, we don’t ban cryptography because the bad guys it to keep their communications secret. In all of these cases, the benefit to society of having the technology is much greater than the benefit to society of controlling, crippling, or banning the technology.