Mobile Phone Users Remain Lax About Cyber-Security, Says McAfee

In the present times, very few people have phones anymore. Most people have devices that look sort of like phones sometimes but like other devices at other times.

My definition of a phone is a device that makes phone calls either through a wire or over the airwaves using a fancy radio. It enables you to talk to someone and hear their response. When it rings, you can either choose to answer it, or not: fancy phones will be attached to services that show the phone number of the person calling and will take voice messages. That is a phone.

A device that surfs the Internet, takes pictures, handles text messages with aplomb, provides GPS coordinates, enables the use of augmented reality, plays music, plays video games, acts as a wallet, and umm…let’s see, what else? Oh yeah! It makes and receives phone calls! A device that does all this is what I call a communicator, or a phone form factor computer. I, however, seem to be in something of a minority.

About 70 percent of smartphone owners said they considered their devices to be safe from cyber-crime, according to a report from the National Cyber-Security Alliance and McAfee released Dec. 27. Even though the report was primarily consumer-oriented, the findings provide insight into how mobile users could impact the country’s collective digital infrastructure, McAfee said.

A little over 70 percent of the respondents said they had never installed any form of security software or data protection applications on their device. Respondents said they considered their device to be safe from data theft and other cyber-threats. Read more…

One thing that many people don’t seem to recognize is that a communicator (smartphone) is a radio. Almost everything it does is either transmitted or received which means that if there is no security to keep bad things out then there is also nothing keeping good things in. All it takes is the wrong app and your communicator is compromised…which means your business or your boss’s business becomes theirs.

Some people may say “Well, an iPhone doesn’t have that problem.” That is true for the time being, but there is a weakness even those devices have: physical theft. Most people do not have passwords set up so that they have to re-enter them every time they visit a password-blocked site: the passwords are stored so that entry is convenient. A stored password is very similar to writing the password on a post-it note inside the phone case: it’s really great until somebody finds it.

It’s annoying and inconvenient, but as communicators become more powerful they will be able to hurt us more deeply if something happens to them. There is pretty much always somebody who would like to have access to what you have and the more centralized in an easy-to-lose-control-of device we make our lives, the higher the price we will eventually pay. A dumb phone doesn’t need antivirus since it can’t process a virus…a smartphone on the other hand can not only process a virus but can execute it too; it can also store all your precious information in one, single, easily transportable, treasure trove. It’s your stuff; security is really your responsibility.

‘Anonymous’ Hackers Target U.S. Security Think Tank

What is going on? Strategic Forecasting is supposed to be a global intelligence company. According to Wikipedia (since STRATFOR’s website is, as of the time of this writing, still down,)

“The company’s primary focus is to help clients with security. They also publish security newsletters that are available to the general public. Stratfor is known for its secrecy, especially its top-secret client list.”

So a security company known for its secrecy and having a top-secret client list gets successfully hacked for that same list? And names, addresses, and credit card numbers are successfully copied and used to make donations to charities? I understand that any castle can be breached if enough force is brought to bear upon it but this particular castle is supposed to specialize in breaching. This is similar to saying that an armored truck company which specializes in building almost impenetrable armored trucks had a shipment of flawless diamonds stolen from their company designed loading dock, in broad daylight.

Anonymous said the client list it had already posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit-card details in part because Stratfor didn’t bother encrypting them — an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.

Fred Burton, Stratfor’s vice president of intelligence, said the company had reported the intrusion to law enforcement and was working with them on the investigation. Stratfor has protections in place meant to prevent such attacks, he said. “But I think the hackers live in this kind of world where once they fixate on you or try to attack you it’s extraordinarily difficult to defend against,” Mr. Burton said. Read more…

Only the hackers live in the “fixate on you or try to attack you it’s extraordinarily difficult to defend against,” world? If that’s the case then how was STRATFOR hacked? Somehow I think everybody lives in that world. Anonymous has demonstrated time and time again that they probe for weakness constantly like sharks, but if they find a school of vulnerable bait-information that’s government related, they close ranks like a pod of killer whales. I have a question: why was that data on a machine connected to the Internet? If it was a honeypot then the honey was a little too sweet. Considering that this place is a security company, you’d think that honeypots were part of their arsenal but either they were too obvious…or they didn’t have any operational.

In this day and age, I would think that important data like this would:

1. Be encrypted;
2. Have a gatekeeper program that monitors access to and from this specific database;
3. Not have passwords written down anywhere near a computer;
4. Have different passwords for each person;
5. Have internal passwords that absolutely cannot be common words or sequences of numbers (i.e. password, 123456789, etc.);
6. Not be connected to the Internet unless absolutely necessary and have specific times when data could be accessed, like a bank vault time lock.

IMHO, the bane of security is convenience…and the bane of convenience is security. However, the arch-rival of both security and convenience is human DNA. No amount of security in the world is going to protect something if the front door is left open and unguarded.

Hollywood still struggling to focus 3D technology

Avatar was an awesome film. I don’t care what anybody says about it…I will only hear positive comments. For the first time, I didn’t mind wearing the 3D glasses. Was it long? Yes. Was it long enough? It could have been longer as far as I’m concerned…I would have had no problem whatsoever exploring Pandora or even the Venture Star a little longer. The thing is, I see Avatar as using 3D to enhance a story, not as a marketing gimmick. The problem with Hollywood right now is that whole “marketing gimmick” thing. Fads are by nature transitory; something seems cool or great for a while (pet rocks, bell bottom pants, furry dice, etc.) but then the public moves on and the fad is relegated to history…and diehards who refuse to let them die.

Hollywood salivates at the thought of prying open our wallets and vacuuming out our cash. That’s not all that easy since movies are expensive to see these days and we have to be picky. Avatar took a story of alien invasion (where we were the aliens) and added the third dimension to create a greater immersion in the story. Something was seen as a 3 dimensional object because that’s what it was…not because having an arrow appear to fly out of the screen would make you duck.

While 2011 ends with a couple of well-received 3D movies — including Steven Spielberg’s holiday smash “Tintin” and Martin Scorsese’s “Hugo” — filmmakers need to focus on what works in three dimensions and what doesn’t, say experts.

Following a series of 3D flops over the last 12 months, the coming year will see a new crop of releases, including a suped-up version of “Avatar” director James Cameron’s record-breaking “Titanic” in April.

But experts say filmmakers can no longer count on the simple fact of putting “Now playing in 3D” on the posters to attract cinema-goers wary of paying a few extra bucks for a questionably improved experience. Read more…

The problem with Hollywood is that they can’t see. They seem to think that because something is in 3D that it has to fly out of the screen at you at some point. Out of curiosity, how many things fly at you on a normal day? Not very many fly at me and the ones that do tend to be annoyances that I try to ignore…as long as they aren’t an actual threat. Hollywood tends not to look at things that way. Take the recent Clash of the Titans. Why was that in 3D? Actually, it wasn’t. It was shot normally and then processed to be 3D. Why? So things could stick out of the screen at you…things you ordinarily would be nowhere near because you instinctively know that they would poke or crush you. Having to deal with that in a film – at least for me – is a massive annoyance since it pops me out of the film each time. Then I have to re-suspend my disbelief to get back into the film. Sometimes it’s not worth the effort.

The other problem with 3D is the fact you have to wear the glasses. Getting rid of the glasses would go a long way to making 3D more palatable to most people…as long as it’s done properly. I’ve seen films that weren’t lined up properly from my perspective and they subsequently made me rather dizzy. Had I stayed, I probably would have become motion sick. That is very unpleasant for those who suffer through it and it seems to simply be a mismatch between what your eyes tell you and what your inner ears tell you. Paying for this experience is not something that will garner any favor whatsoever.

IMHO, what Hollywood needs to do is make a movie 3D from the start. Since the audience is basically captive and unable to move within the movie world, the point of view for the audience should be close to the action, but not in the line of fire unless the movie is shot in a first-person view. It is not necessary to add projectiles or lightning or peculiar hand motions to prove the experience; if weird motions or circumstances are needed to prove the 3D effect then there are other, more immediate problems that need solving.

AT&T Pulls $39 Billion T-Mobile Bid on Regulatory Opposition

I know it’s wrong to say out loud but I have to say it: I’m glad the deal by AT&T to buy T-Mobile has been torpedoed and successfully sunk. I am a T-Mobile customer and I could see nothing but bad things on the horizon for T-Mobile users since it was highly unlikely that AT&T would have kept prices for T-Mobile as they are. They would have done just what other companies have done when presented with a demand by the government to maintain the status quo: “Yessir! We promise we won’t raise prices (of Chinese tea) and the changeover will be absolutely painless (compared to having your fingernails trimmed with a hedge clipper) for existing customers.”

“They made an unprecedented move bidding on T-Mobile and appear to have miscalculated the risks and the regulatory opposition,” said Kevin Smithen, an analyst with Macquarie Capital USA Inc.

AT&T failed to convince the Justice Department, which sued to block the transaction in August, that it could remedy the market impact of absorbing T-Mobile, the nation’s No. 4 mobile- phone operator. AT&T would have spent months in litigation to try to win court approval, and the company also faced possible opposition from the Federal Communications Commission. Read more…

AT&T I’m sure has many adherents, otherwise they would be out of business. However, I’m under the impression that there are areas where, like cable companies, AT&T is the only game in town. The choice in a single carrier race is naturally the single carrier; when it is the only carrier then it is by default the best carrier.

Had this deal actually gone through there would basically have been two major carriers using phones without SIM cards (Verizon, Sprint) and one using them (AT&T). To most this would not be a problem, but the great thing about a SIM card is that you have all your network access information and your contacts on a little card that you can switch to another phone to make upgrading much easier. (You can also lose the card and completely hose yourself.) While a SIM from T-Mobile would not have worked in an AT&T phone or vice-versa they would work with pretty much any phone on their respective networks. There is also the fact that while you can buy phones from Verizon and Sprint that work overseas, they are specific phones; GSM phones, those used by T-Mobile and AT&T work pretty much anywhere since most of the rest of the world uses GSM protocols for their networks.

My biggest fear with the digestion was the fact that without T-Mobile, there would have been no incentive for anyone to keep prices down. AT&T could have claimed to have the lowest prices of the three, but it would have raised its prices to remain roughly where it was compared to the others…and their service would not have improved a whit.

Young professionals more willing to break IT rules: Cisco

Computers have been both an absolute dream and a complete nightmare. On the one hand they allow easy storage, retrieval, and creation of information; on the other hand they allow easy storage, retrieval, and creation of information. Good or bad is solely dependent upon your point of view.

IMHO, the biggest problem with the cyberscape is the fact that it is not physical, yet people treat it as such. Many people seem to believe that the desktop folder with their name on it will not be looked at by anyone but them. Many people also seem to believe that a password is like a thick oak shed door with a Master Lock on it and not a mini program that runs when activated. This is very troubling. If people feel that their computerized gadgets are boxes with locks on them which protect the contents from outsiders, rather than processing units where running programs protecting more running programs from other running programs are executed, they will be sorely disappointed and very surprised when one compromised application opens their entire gadget.

Specifically, at least 70 percent of employees seven out of 10 young employees (70 percent) admitted to breaking policy with varying regularity. Furthermore, 80 percent of employees said that their companies’ IT policies on social media and device usage are outdated — or weren’t sure if such a policy existed at all.

Cisco threat research manager Scott Olechowski posited that these numbers are startling not only because they reveal many trends that will affect businesses and enterprises moving forward, but also just because these employees were so willing to admit that they’re breaking policies. Read more…

Admittedly, some of this is the employer’s fault. Obviously, the employees either have not been briefed on policy or there is no policy. (Policy that is not enforced is the equivalent of no policy at all, IMHO.) Either way, the employer needs to update and inform their staff.

What I find most distressing of all however is the nonchalance they have with their devices. First they bitched and moaned about having to use a company device in addition to their own devices, but when Command relented and allowed them to access company data on their personal devices, they left them all over the place. They seem to think that the data will protect itself like a bacteria encysting itself. Even though they grew up with computers in their lives from day none they attribute far more ability to the devices than they actually possess. They do not seem to understand that something that may not be malignant on their system can be on the system for which it was intended: the company servers.

IT rules are there for a reason. Yes, many of them are outdated. But, what’s worse: an outdated system, or a system crashed by a backdoor uploaded behind the company firewall from a personal device that had trusted access? You can still get paid from the outdated system. You can even suggest improvements. A crashed system, well, somehow I don’t suppose they’ll think too kindly towards the owner of the device that hosed their system…do you?

Why You Should Protect Your Employees’ Twitter Accounts

To start off, the title of this article is misleading. You are not protecting an employee Twitter account; you are protecting a company Twitter account that an employee handles. The problem in a nutshell is an employee creating a Twitter account ostensibly to promote the company for which they work who is released some time later…and takes the Twitter account with them. Of course since it is the Internet we are not talking about physically moving the account but rather renaming the account so that, in effect, the account is no longer associated with the original company and therefore has moved.

Earlier this year, PhoneDog LLC, which reviews mobile products and services across various carriers and platforms, sued Noah Kravitz, an ex-employee who left the company in 2010. PhoneDog accused him of taking a company Twitter account with him — including the follower list — by simply changing the name on the account from PhoneDog’s to his own, without PhoneDog’s permission.

PhoneDog’s business model relies on enticing people to visit its website. Read more…

IMHO, the Twitter account is considered to be a company asset, like a client list…at least by the company. On the other hand, the person tweeting might feel that the account followers are listening to them tweet about the company and other things so logically the account is more of an email list that they share with the company…and when they leave it goes with them. I say that it depends on the circumstances surrounding the creation of the account.

If the account came from the outside and was subsequently associated with the company then, yes, the account belongs to the employee and when they leave the account should go with them. It would be good business to tweet about leaving the company in a civilized manner…but I don’t really expect that. The person will probably be surprised about the reaction of other potential employers if they tweet negatively but, oh well. The point is, if the account was started outside and subsequently came inside then I feel that the account should go with the employee.

If the account was started from the inside — as most sane companies would require — then, as unfair as it sounds, the account should stay if the employee leaves. While it’s true that most followers tend to do so because of a writing style or attitude, the followers of a company are probably there for the products rather than a specific tweeter. That’s not to say that they won’t prefer a specific tweeter…just that their primary interest is the information and not the bearer.

Taking a company account and renaming it is theft. While it’s true that what we’re physically talking about is just electrons (or binary data bits if you prefer) the theft is still real: its physical location may not have changed but the index location has. Therefore the old address to access the information is no longer valid and thus the data is stolen. Think of it like this: not much of the money in a bank is physical money. Most of the money in any normal bank is actually composed of  binary data bits…it would be impossible for everyone in just one branch of a bank to withdraw all their money in cash at the same time. The bank doesn’t have that much cash on hand because it doesn’t generally need it. Physical money also has the considerable drawback of having to be physically moved which requires guards and specially constructed vehicles and tracking systems and communication systems etc. If you make an Internet hole in a bank and take their binary data bits, is that considered stealing? If you don’t think so then when the F.B.I. and Secret Service catch up with you, you will.

US bill targets exports of Web censorship tools

The Internet is an awesome monster. It is both voice and ears; creator and consumer; liberator and oppressor. It is a treasure trove of information and just like any other source of information can be used for good and bad.

People are still finding new ways to make money. The Internet is just the latest mechanism…and unlike TV or radio offers immediate feedback. You can get quite a bit of information from the Internet that is actual data rather than approximations or averages a la Nielsen. Of course a problem with this is that it allows persons to be tracked or discovered…IMHO anonymity is real so long as you don’t make it necessary to find you. Since the Internet allows for a voice attached to a face that isn’t necessarily real (an avatar) there have been individuals and companies whose business is to ferret out who people are. In a free society, this is an annoyance…in a repressive society it could be a death sentence.

At a hearing of the House Subcommittee on Africa, Global Health and Human Rights, Smith said the Internet has been transformed over the past few years “from a freedom plaza to dictator’s best friend.”

“Every day we learn of more democratic activists being arrested through the use of a growing array of Internet censorship and surveillance tools, abused by the governments of China, Belarus, Egypt, Syria and many other countries,” he said. Read more…

Unfortunately, included in the “many other countries,” is the United States itself. Think SOPA. It’s intended to protect copyrighted material on the Internet. What it is however is a tool to pretty much Internet-rape anyone they don’t happen to like. If you don’t believe me, why did the Department of Homeland Security get involved in a case of supposed copyright infringement without actually doing any kind of due diligence? They obviously didn’t look into the circumstances at all since their evidence turned out to support the defendant. But you have to wonder why the DHS was involved at all.

I wonder what this bill is really supposed to do. Unless the tool in question absolutely requires a connection back to the United States so that servers here can process the information, I don’t see how this bill is intended to have any teeth. Money is a powerful thing and the idea of being able to get a lot of it for something that could be stored on a thumb drive is pretty compelling. The only way they could get around that is to actually search all computers, thumb drives, digital cameras, etc. for “contraband.” The last time I checked, that kind of privacy invasion required a warrant. They’ll probably try to remove that pesky little problem as soon as possible. IMHO it won’t do any good…drugs are illegal and that business seems to be booming.

Thumb drives are called that because that’s about how big they are…considering where people are willing to pack drugs that could kill them I think a thumb drive would be a much less sweat-inducing alternative.

The Cognitive Benefits Of Chewing Gum

There are many different kinds of gum. There’s sugarless gum which nowadays is by far the most popular, but there’s gum with sugar in it as well. There’s gum that is good for blowing bubbles but most gum can blow bubbles…it just takes a bit more effort. There’s gum to freshen your breath, or keep you awake, or just to put an unusual flavor combination in your mouth. In the old days, some gum was made from a form of tar or tree resin. What’s truly odd is that most gum today is made from a form of either rubber or synthetic rubber. (The fact that chewing gum consists mainly of rubber of one sort or another does not mean that swallowing it will be really bad…while you can’t digest it the gum will pass through you just like anything else you eat but can’t digest. The problem comes with the amount you decide to swallow.)

Chewing gum can be good (breath freshener, substitute for smoking, activity for persons of hypersensitivity, etc.) or it can be really bad (that person in the library constantly popping bubbles, getting stuck to the bottom of your shoe or worse, a really big bubble popped in your hair, etc.) but there is no doubt that it has a lot of uses. Strangely enough, there appears to be another use: a brain-booster.

What’s responsible for this mental boost? Nobody really knows. It doesn’t appear to depend on glucose, since sugar-free gum generated the same benefits. Instead, the researchers propose that gum enhances performance due to “mastication-induced arousal.” The act of chewing, in other words, wakes us up, ensuring that we are fully focused on the task at hand. Unfortunately, this boost is fleeting. The takeaway of this research is straightforward: When taking a test, save the gum for the hardest part, or for those questions when you feel your focus flagging. The gum will help you concentrate, but the help won’t last long. Read more…

Alas, the boost is fleeting. It lasts for about 20 minutes. Even if it was like NZT-48 they probably still wouldn’t allow it in school since the detritus is only slightly less unpleasant than cigarette butts. Actually, if it was really like NZT-48 they wouldn’t allow it because it would totally hose their bell curves…the detritus would be of, at best, tertiary importance.  Still, the mental boost is quantifiable.

I wonder, though, if the researchers were chewing gum when they collated their findings. I’m chewing a piece of gum right now and it seems to me that the “mastication-induced arousal” as they call it is actually your body gearing up your gastronomic system to process food; it’s normally in standby unless you’re really hungry. Chewing says to the body that food is on the way so the system switches from standby to active. All those nerves and pumps and enzymes have to get ready for the food that is supposed to be on the way. When no real food comes down, the gastronomic system switches back to standby and your mental processes associated with regulation of that system also goes back into standby. Be aware, I’m not a doctor…this is simply my opinion.

Carrier IQ snooping: Another good reason to root your phone

In the olden days, a phone was used to contact one other person. Occasionally, some relays would get mistakenly activated and there ended up being more than the intended recipient of the call but that didn’t happen too often. As the technology to connect improved, new abilities appeared: the ability to conference call several individuals together and the ability to not only join but create a party line. Unfortunately, the technology to listen in on a communication has advanced as quickly, if not more-so, than the ability to communicate.

When our phones were physically connected to a single spot (an almost deprecated term called a ‘home phone’) there was an electrical circuit made of relays and wires that made the actual connection. Listening in on a conversation required knowledge of the pathway and some equipment that could duplicate the signal without attenuating it too much; as phones became more efficient the attenuation problem became more important and the major proof that someone else was listening in on the line. It was the usual Cat & Mouse game until the Internet and cellphones became dominant.

The Internet still has the equivalent of ‘wires’ and ‘relays’ except now they’re called ‘lines’ and ‘routers.’ They’re also a lot faster and far more efficient. The cellphone is also smaller and more efficient than the original wall vampire…it’s also portable and has the major benefit of being able to both make and receive calls using the same number no matter where you are as long as there is service in the area. The modern cellphone can also be used to send and receive text messages, get directions, take pictures or video, listen to music, watch movies, access the Internet, and in some instances even serve as a wallet. The modern cellphone and the Internet are far more capable than the system they are replacing…they are also far more complex and that complexity is something of an Achilles’ Heel.

When intrepid system administrator Trevor Eckhart released his disturbing findings about the Carrier IQ “analytics program,” he touched off a real firestorm of questions and outrage about just how much we’re being snooped on by carriers who use this software on mobile devices to collect data, ostensibly, data that provides performance feedback only, no doubt to improve our mobile “experience.” However, Eckhart’s research — conducted using his own HTC device — seemed very clearly to illustrate that Carrier IQ is providing much more. Read more…

Carrier IQ is supposed to be a way for carriers (AT&T, Sprint, etc.) and manufacturers (Apple, HTC, etc.) to find those pesky network problems, bottlenecks, hardware faults, and other annoyances that make calls drop or messages disappear into the aether easier to see. Basically, the phones report back to a server with information about their status. The problem is that ‘status’ is a gray area: it could include where the phone is, how much battery is left, how much memory is in use, what the phone is actually doing, etc. Theoretically this information could be anonymized but that process has to actually start somewhere; if the phone makes a connection to the home server it’s better to get more information since trends require a large data set to become visible. However, this means that we have to trust that the company gathering this data will truncate what isn’t pertinent to the task at hand.

Um-hmm. Voluntarily throw away data.

I have doubts about companies throwing away data especially considering that data storage space is relatively cheap and erasing select parts is less efficient than simply keeping what amounts to a minuscule text file. It is much easier to simply bury the notice of this kind of information gathering in legalese and the EULA we all have to accept to use the device in the first place. All EULAs start with something like ‘Please carefully read this EULA…’  and many people don’t read them at all because they know that if they don’t check that little box then the software or device won’t work at all.

IMHO this is the equivalent of bait and switch and I’m sure some persons would disagree with me. My feeling is that something like this should be opt-in. If, however, stuff like this is really necessary then we should be able to see exactly what our little electronic companions are sending…and if we are uncomfortable with it, we should be able to OPT-OUT.