The recent web site attacks by popular hacker group <a href="http://twitter.com/#!/lulzsec"lulzsec have shown two main things:
Firstly, it’s a jungle out there. The CIA, banks, governments, are all targets for an organised bunch of techies. Basically, whoever you bank with, if you are just covered by a password or two (PIN + password) then you are dangerously vulnerable. Vulnerable to brute-force hacking, vulnerable to phishing, or vulnerable to malware, which might track every key you type.
Secondly, security on the WWW sucks, in general. If banks, government agencies, and so on, can’t get it right, can you trust a friendly site like facebook to store your details properly? If you use the same password for your gmail account and for your your facebook account, if a leak in facebook allows hackers to learn your password, then your gmail account is vulnerable. And, if you use that password for online banking (or paypal, or anything that *knows* your payment card details) then you are looking at a security hole.
Lulzsec have shown that it is so easy to penetrate any web site that they choose, that it’s almost pointlesss to attempt to prepare against malicious attack. I disagree, and think that there are many things that we can do to mitigate any vulnerability.
Once, I had a credit card for less than 24 hours before it was withdrawn by the issuer – a shame, as it had five or six zeroes in a row, which I think is cool. Turns out, a major CD retailer in the UK had been compreomised and in that window I’d used my new card, which was not only useful to scrape the ice off my windscreen.
So, how to mitigate? Firstly, lie. Unless it’s a bank, if it asks your birthday, give your fathers, brothers, favourite pop-star, whatever – but change the year to suit your demographic. If it wants your mother’s maiden name, give it your first pet’s name, as another example.
Be consistent, so you can do this with many web sites – but do not do this with *important* accounts, like online banking. They should all have unique passwords. #separate accounts into groups – change-your-life important ones, major inconvenience ones, and low convenience ones. Use a different password policy for each one . . .
As the online world evolves, it’s important that us early adopters are aware of the current problems. We all need to wear a black-hat at times, because we cannot trust the banks and merchants to do this for us. We should all insist on personal key-generation devices (my Luxembourg bank gave me one by default), for example. These, when powered on, give a passcode to be used to authenticae you to the web site.
We should all use an up-to-date browser and plugins, we should regularly test the systems that we trust our personal details with, and we should have the skill to work out where the intrusion in the train is, when things go wrong. These days, I reckon that less than 1% of visitors to this blog, and less than 0.01% of online personas would know how to do these things.
If you have a child, you don’t just give birth, and then it turns into an adult over time. You have to help your child – in the early years, feeding, clothing and cleaning, in later years feeding, clothing in ever-more-expensive clothes, and nagging them to clean themselves, and eventually just worrying about them and feeding when you can.
It’s the same for pets, but they desire less in the way of expensive clothes.
And so it is with computers. Unlike your vacuum cleaner or iron, you need to maintain your computer. Apply patches, defrag the disk, renew licenses for anti-virus, buy it new software, remove dust from its CD drive (actually, I guess you do need to maintain vacuums by emptying them, and irons by descaling them).
As computers become more prevalent, then the maintenance issue increases with every “smart” device. Smart phones need software updates, cars have many computers that can require software updates, and so on. Soon, there will be computers in irons and vacuum cleaners.
When digital TV arrived, I bought a couple of set-top-boxes to use with my existing TVs. They were awful – one kept rebooting itself, and another would occasionally decide that there were new channels, and it would insist on scanning for them. It would insist – there was no way to refuse the request, but, annoyingly it still required user confirmation before starting. So, you’d power up, walk off to make a cup of tea, and come back to press OK (the only choice) and wait 5 minutes. And it never found any new channels.
Neither of these set-top boxes had an upgrade path. I couldn’t improve the software in any way. I sold one on ebay, the other went in the bin at the weekend. Hopefully upgrading will become the norm for all smart devices in the future, even irons.
One day, devices will be self-diagnosing and self-repairing, but for now we’re in the point of the lifecycle where we will spend more of our own time maintaining our devices. This will leave us less time to maintain our loved ones and the things that really matter to us.
I did a double-take when I saw the advert for pressure washers in a local store.
They were boldly advertising a two-year guarantee, as if that was something to be proud of, a unique selling point, even.
To me, this is unacceptable. If I buy a tool – a machine, even – then I’d expect it to last a lot longer than two years, unless I was very unlucky. I just don’t understand why we put up with shoddy stuff. This home and garden tool will probably see action less than once a week, for less than an hour each time (I’m thinking washing cars weekly (except when on holiday) and cleaning the patio once a year) so less than 100 hours of use in it’s guaranteed lifetime.
To me, that seems unacceptable. I notice that other garden tools like strimmers and leaf blowers are also flimsy and poorly made, and I think we’re being taught to expect these to only have a limited lifetime. Building tools to last longer costs more, and, of course, the repurchase is delayed, so less revenue overall.
Everything available in the UK is built to a price, and designed to last a specific number of years. Ford, for example, state that their cars are designed to last ten years, or 100,000 miles. But they really only design them to last 3 years (their warranty period) before they start to break. But with a car, repairs are cost-effective. When your pressure washer breaks, it will probably cost as much to repair as it did to buy.
The same can be said of software, of course. The more money you pour into development, the higher the quality can be, and the more sturdy it is. The difference is that software doesn’t wear out, but what happens is that defects that have always been there become more visible. The solution is to repair (patch) or replace (upgrade).