Translate

Thursday 9 February 2017


The End Is Nigh

"Fake News" is nothing new.  Ever since history began we have had serious sounding people offering apparently credible accounts regarding the end of the human race.  Lately we are being bombarded with a new apocalypse almost daily.  The global suicide rate is increasing yearly. More and more people feel helpless and lost and seek the relief of oblivion from a world that feeds us an unending stream of black despair.  The thing is no matter what "new" theory the doomsayer class bring on board it has been done many times in the past.  There have been predictions of comets smashing us, waves washing us away , plagues killing us, Fundamentalists (of all sorts) rising up and smiting us and nuclear annihilation was a certainty when I was young.  So! below we have a brief history of the highlights of the failed predictions since recorded time 

Pre History
One of the world’s oldest religions, Zoroastrianism claims that the end of existence will happen when a comet, called Gochihr, strikes the earth. 

Norse myths say that Ragnarök will be the battle between the gods, killing all but two of the humans, who will then repopulate the earth. (Adam and Eve raising those incestuous kids again?)

1st century CE
Early Christianity: Second Coming and you are all judged by holy Jesus it will happen from around 100 CE up to any day now!  

7th century
Muslims believed in the Qiyamah (Last Judgement) during which time Jesus will come to earth, end all wars, and kill ad-Dajjal — the Muslim anti-Christ. Then every person who ever lived will be bodily resurrected, before being judged by God. The faithful go to heaven, and the rest to hell. Apparently there's also room for a few "People of the Book," i.e. Jews and Christians, look forward to further heavenly Armageddon’s if that happens!

16th century
In 1504: Painter Botticelli (he of the cherubs and buxom ladies) believed he was living during the End Times, according to an inscription on his painting The Mystical Nativity.
1533: Michael Stifel, Judgement Day. A common saying in German for “PIDOOMA” (the acronym for Pulled It Directly Out Of My Ass is to "talk a Stifel."



18th century
1719: Jacob Bernoulli: saw a comet in 1680 he said it would return shortly and collide with the Earth. The Comet hasn't been seen since.


19th century
The Great Disappointment in the Millerite movement was the reaction that followed Baptist preacher William Miller's proclamations that Jesus Christ would return to the Earth in 1844, what he called the Advent. His study of the Daniel 8 prophecy during the Second Great Awakening led him to the conclusion that Daniel’s “cleansing of the sanctuary” would happen on October 22, 1844. But it came and went and they were disappointed.
1865: predicted by Edward Bishop Elliott, a Victorian Biblical scholar; he later revised this to 1941. Still failed!
1881: according to an 1862 edition of the prophecies of Mother Shipton, who allegedly wrote "The world to an end shall come, In eighteen hundred and eighty one."
20th century
1910: Halley's Comet's tail crosses the Earth and people think that the world will be gassed to death by cyanogen gas.

Jehovah witnesses deserve a special mention for being the most special of Fail Masters


1914: Jehovah's Witnesses: Armageddon.
1915: Jehovah's Witnesses: Armageddon.
1918: Jehovah's Witnesses: Armageddon.
1920: Jehovah's Witnesses: Armageddon.
1923: Wilbur Glenn Voliva: Flat Earth to end
1925: Jehovah's Witnesses: Armageddon.
1927: Wilbur Glenn Voliva
1930: Wilbur Glenn Voliva
1934: Wilbur Glenn Voliva
1935: Wilbur Glenn Voliva
1941: Jehovah's Witnesses: Armageddon.
1941: Victorian scholar Edward Bishop Elliott, based on his interpretation of the Book of Revelation, came up with this date after his earlier predictions in the 1860s proved untrue.
1975: Jehovah's Witnesses: Armageddon.
mid-1970s: David Wilkerson: Worldwide economic depression.
1977: William Branham: predicated the destruction of the U.S., termination of all governments into a world government and the Second Coming of Christ.
1977: Pyramidologist Adam Rutherford: Beginning of the Millennium.
1978: Jim Jones took his cult with him and left.
1979-1980: John Todd: Installation of a world government ruled by the Illuminati, with Jimmy Carter as the anti-Christ. Not Jimmy Carter FFS, the last nice guy in American politics
1980: Pat Robertson: "A year of sorrow and bloodshed that will have no end soon, for the world is being torn apart, and my kingdom shall rise from the ruins of it."…NOPE
1981: Hal Lindsey: Pre-tribulation rapture.
1982: Pat Robertson: Great Tribulation.
1982: R.E. McMaster: World War III and/or economic depression, based on cyclical theory. Nope, although the Falklands war kicked off and that was a surprise.
1985: Pat Robertson: Worldwide economic collapse.
1988: Hal Lindsey: Second Coming.
September 11-13, 1988: Edgar Whisenant: Second Coming.
1988: Colin Deal: Second Coming.
1989: Edgar Whisenant: Second Second Coming.
1990: Elizabeth Clare Prophet: Global thermonuclear war. (missed that)
1991: Louis Farrakhan: The looming Gulf War would be the "War of Armageddon which is the final war." (yeah that happened)
1992: Rollen Stewart: Second Coming.
1992: Mission for the Coming Days: Second Coming.
1992: First end of the world prediction from collision with the Pleiades star cluster (a.k.a., "photon belt")
1994: Harold Camping: Second Coming. (bored with all the pornstar first and second comings)
1994: Some Jehovah's Witnesses: Armageddon. (these guys should give up and have some fun)
1997: Heaven's Gate: Earth changes and a UFO abduction coinciding with the Hale-Bopp comet. Mass suicide in the hopes of hitching a ride on said UFOs. (Face Palm)
1997: Jehovah's Witnesses: Armageddon. (still at it)
1998: The Church of the SubGenius: the Rupture. Every year on July 5th, they meet and party in reverence, certain that it will happen this year. (Recent writings have inverted the year to "8661.")
1999: according to some interpretations of Nostradamus
1999: A now little-known collision with Planet X
1999-2000: David Wilkerson: Worldwide economic depression
May 5, 2000: Cataclysmic crust displacement predicted by Richard W. Noone
2000: Y2K: Collapse of civilisation. Christian preachers in Papua New Guinea predicted the end.
Hal Lindsey failed on this one again.
21st century
2001: Cataclysmic displacement of the earths predicted by William Hutton
2003: Mary 2003 was supposed to have Earth cataclysmically smash into Nibiru/Planet X, according to ZetaTalk.
2005-2026: William Strauss and Neil Howe: A crisis period in the U.S. comparable in effect to the American Revolution, Civil War, and Great Depression/WWII. (still waiting)
2007: Hal Lindsey: Second Second Coming. (boring twat)
2007: Pat Robertson: Great Tribulation.
2008 — whenever she dies: Sarah Palin: believes she is of the "Final Generation" and will see the End Times during her lifetime.[citation needed]
2008 — whenever it shuts down: The Large Hadron Collider will destroy the world with black holes, strangelets or something similarly scary and full of nutritious non science.
2009: David Wilkerson: Earth-shattering calamity engulfing the whole megaplex, including areas of New Jersey and Connecticut. Major cities all across America experiencing riots and blazing fires.
2011: Harold Camping tries again: Third Second coming/rapture. May 21st, to be precise. He put up billboards! Later postponed to October 21st, but again nothing came of it. Camping might hold on to the money people sent him if he were not dead now, though he evidently blew a bundle on billboard advertisements.[42] though followers were encouraged to drain their savings for Camping's campaign funds and many are deeply disappointed that they are still alive
2011: Ronald Weinland: Second Coming on the 29th of September. Strike one!
2012: But of course! Lots of movies about what to look forward to when we die horribly in an apocalypse
2012: Ronald Weinland: Second Coming on the 27th of May. Strike two!
2012: Last known end of the world prediction from collision with the Pleiades star cluster
2013: 2012 was just a warm up, the real bad stuff starts 2013 or something and it seems Isaac Newton predicted it.
2013: Ronald Weinland: Second Coming on the 9th of May. Strike three, you're out!
2014 (February 22nd) Ragnarok The end of the present world according to Norse mythology.
2014 (March 21st) Asteroid?
2014: World War III, resurrected Nostradamus prophecy of a fire in the North for the reference of the end of the age of the fifth sun, believed to be a specific Northern region of a country, current speculation is North Korea, as relative to the resolution of a Pope prediction. Oh, and the Rapture. And a giant asteroid hitting the Caribbean.
between April 2014 and October 2015: A tetrad of lunar eclipses (or blood moons) will signal the start of the end times, according to megachurch pastor John Hagee.
Unspecified time during the reign of Pope Francis, the pope succeeding Benedict XVI. Mediaeval Saint Malachy supposedly predicted Peter the Roman (Petrus Romanus) would be the last pope, Rome would be destroyed and a terrible judge would judge his people, The end.[54] Doomsayers have already started fitting up the new pope into the prediction.
2015: Solar flare has killed us all but we don’t know yet.
2015: September 23rd (some references give a margin of September 18th to September 25th) Asteroid.
2015: October 7th. eBible Fellowship, an organisation vaguely related to the late-Harold Camping, is confident they've got the date right this time.
2016: Tom Wattkins: He had a vision of the Great tribulation claiming to have met the beast of revelation, etc. Turns out the same day is a solar eclipse., though of course he'll mention that.
2016: May 16, Pastor Richardo Salazar was allegedly told by God that an asteroid fully made of ice, with a 9km diameter, traveling at 30,000km per hour would strike earth killing 1,200 million people. The funeral would be massive apparently!
2016: June 3-4, Modern scholars got the Mayan date wrong. It was never 2012, rather it was June 2016 and there are plenty of numbers involved, the best numbers
2016: June 14-August 19, according to this super-reliable-super-honest-super-definitely-NOT-bullshitting "NASA scientist", there was meant to be a magnetic reversal between June and August which would cause the Van Allen belt to fall killing 80% of life on Earth. He got this information from aliens via HAARP. Yup, aliens told our good 'ol uncle Dr. Sal that the sky is falling.
2016: October 31st, Walid Shoebat alleges that the world is "100% certain" to end on this exact arbitrary nutjob date. As the basis for this claim, he refers to his own science of "Futurology 101".
2016, Bible student and computer scientist Nora Roth on MarkBeast.com claims as much through a lot of numerology surrounding seventy "sevens".
2016, December: Bible student and computer scientist Nora Roth subsequently revised her claim to December.


Okay, we are still here and so many people are sad and disappointed that we have not been plagued, shot, drowned, smitten or commeted to death that they probably killed themselves.

What further we can look forward to failing
2017, October: Nibiru/Planet X will again collide with Earth, this time according to David Meade.
2017: Various Christians: We'll be chipped, and the Great Tribulation begins.
2017 to 2113: Asteroids.
2018: 24th of June, obscure crank Mathieu Jean-Marc Joseph Rodrigue ensures that doom is upon us, based on some middle school math.
2018: Hal Lindsey: Third Second Coming.
2018: The Bible guarantees May 20 2018 Pentecost
2026: More asteroids.
2028: Fred Clark: A tongue-in-cheek offer guaranteeing 15 years of Bible-prophecy hucksterism for four easy payments of $39.99.
2030: Approximate date of a mass extinction event predicted by Bob Geldof. Myles Allen, of Oxford University claims "Competing hyperbole" are unhelpful in understanding real climate change. [75]
2035: Even more asteroids.
2036: Yet more asteroids.[
2037: Hal Lindsey: First Third Coming.
2038: Deterioration of the fundamental older technology that still underlies the most crucial systems today.
2039: End of life, the universe and everything. Also known as the Ascension.
2040: Yes still more asteroids.

2041: March another asteroid apparently.

What is my point?  Well it is simple, please cheer the fuck up and be nice to each other.  The world is going nowhere, none of us is getting out alive so enjoy the ride.






Monday 28 September 2015

UK National Health Service accredited apps leak medical data



A number of UK National Health Service (NHS) accredited smartphone health apps do not properly secure customer data and have poor information privacy practices, according to researchers at Imperial College London, who checked 79 of the 230-plus apps available in NHS England's Health Apps Library.

Apps in the library are supposed to be compliant with data protection legislation and undergo tests to ensure they meet standards of clinical and data safety. But despite this vetting, the researchers found that many of the apps weren't up to the required standard with some ignoring privacy standards, and nearly a third (29 per cent) sending the data ,which included both personal and health data, without any encryption at all. The majority also sent personal data to an third party associated online service.

"If we were talking about health apps generally in the consumer space, then what we found would not be surprising," said Kit Huckvale, a PhD student at Imperial College London, who co-wrote the study, suggesting that the NHS vetting procedures should conform to a higher standard.
The study sent bogus user data to all 79 apps in the study, and looked into how this was handled, eventually exposing those with poor security.  Four apps sent both identifying and health information without encryption. Although the study was not designed to examine data handling after transmission to online services, security problems appeared to place users at risk of data theft in two cases. The NHS has since claimed that it has removed the apps that are vulnerable, or has contacted the developers to insist they were updated.

But the findings are not surprising. After all, in June, NHS England was put under scrutiny for its review criteria for the Health Apps Library. The criteria were designed to provide a framework to assess those apps for suitability before they're published for the public to download - but they had been labelled weak, and furthermore it seemed as if some of the apps failed to meet even that low standard.

At the time, Phil Booth, co-ordinator at health privacy campaign group medConfidential, described the review criteria as "very weak", and added that his organisation had given feedback to NHS England on how some of the apps could be improved, but that the advice appeared to have been ignored.  For example the five step approval process is heavily focused on ensuring the information the app supplies is from an approved source and there appears to be little or no assessment of the apps suitability to handle or transmit data securely.

"Unfortunately, not all of the apps currently in the library even meet the criteria they supposedly should. And, despite having provided detailed and specific feedback on a number of these apps using the provided feedback forms on the relevant web pages SIX weeks ago, we have had no response - and nothing appears to have changed on the site."  At that time however a spokesperson from NHS England went directly to denial mode and claimed that the newly published report was out of date and that NHS Choices has improved slightly since it was written. Well that’s okay then except for the fact nothing whatsoever has been fixed.

The findings of the Imperial College London study suggest that NHS England failed to take notice of medConfidential's advice. It is likely that the Health Apps Library could be another major IT project fail for the NHS. It appears the NHS is taking a purely reactive stance to ensuring the library contains secure apps, as opposed to an eminently more sensible (considering what’s at stake) proactive approach, and this may well lead to personal and health data getting into the hands of criminals.

The NHS is just one amongst many organisations that needs to get up to speed with the criminal reality that is todays cyber world.


Wednesday 29 July 2015

The Blame for Cyber Breaches moves into the Boardroom






The Blame Shifts?

Until quite recently Senior IT Execs have been the the lightning rods of the cyber breach era.  As soon as a company was hacked the unfortunate "IT Guy" could be seen packing his bags while silently cursing the miserable IT budget he had to work with. While most corporate entities would deny they have a blame culture they are generally happy to make exceptions and blame the head of IT when they get hacked. However things may be changing and the days are ending when IT execs most important task was to get high scores on "User Experience" surveys and take one for the team when the business was breached.

Historically the CEO's role in a breach scenario has been to offer mournful faced interviews, claiming that our privacy is important and such a significant cyber breach had been unforeseeable "who could know such a thing was possible?"..(everyone who reads the news!). But a recent spate of high-profile resignations show that the focus is now been turned squarely on senior board members.

Following a hack that compromised over 20 million personal records of government employees US Office of Personnel Management head Katherine Archuleta has been forced to resign. When the London based hedge fund, Fortelus, was hacked to the tune of $1.2 million, Thomas Meston, the CFO also lost his job.


Katherine Archuleta

These are two latest resignations in a trend that began in earnest last year when the CEO of giant US retailer Target, Gregg Steinhafel, was forced to resign from his $24 million per annum position in the wake of a disastrous data breach that compromised 40 million shoppers credit cards and 70 million customers personal data. Given a breach of this magnitude, Steinhafel was given little alternative but to leave his position as the head of the $40 billion corporation.


Target Retail Breach


The difficult fact for senior executives to understand regarding the cyber landscape is that there is nothing anyone can do after the event to limit damage. Unlike cash and other tangible assets, once the data escapes it can be replicated endlessly and shared globally in an instant.  No amount of court orders can slow down the process and a product recall doesn't really cut it. Once a breach has occurred the corporation will most likely find itself accused of negligence. It is then up to the CEO and his board to disprove any negligence claims by proving that all reasonable steps had been taken to safeguard the organisation’s database.
 
In the 80’s and 90’s when the computerized office was becoming a reality and a lot of the world’s current crop of CEO’s were in college studying business administration (without an ITC module), it was reasonable for executive boards to delegate the safeguarding of the corporate data to the experts in the IT department. The “IT guy” would install Anti-Virus software and get back to their proper job of responding to user feedback surveys, managing the network and helping users with their mouse, keyboard and printer. But now, suddenly it seems, there are hundreds of mobile devices connected to company servers and hundreds of thousands of new variations of malware being developed targeting these mobile devices it is a whole new landscape, combine this with the relentless ongoing and targeted email “phishing” campaigns that we see every day then it is clear that traditional safeguards are no longer adequate. Board members are now expected to understand the risks and authorize budgets to ensure properly designed and layered cyber defenses are in place and train staff to understand the outcome of risky behavior.  If they don't they risk ignominious dismissal.

Why Hack User Data instead of Financial Data?

The underlying reason for the growing trend in cyber-crime is because of the increasing value of corporate databases. The more business that is conducted online, the more corporations know about private citizens and therefore the more valuable the database becomes. In the case of a growing number of corporations, the company’s database is substantially more valuable than its cash holdings. A case in point is the recent Ashley Madison hack where the very personal details of up to 37 million trainee adulterers were taken from the company’s servers. This hack has destroyed Ashley Madison’s hope of a $200 million IPO and has the potential to cause untold misery to millions of families.

International organised criminals have rapidly shifted focus from financial fraud to data theft. Stolen data can be laundered more easily than stolen cash by disguising it as legitimate market research. The data can be doctored and presented to a rival organisation as legitimate; in others cases; it is simply put up for sale to the highest bidder. This is generally done via the Dark Web, using encrypted websites where anything can be bought and sold. The damage inflicted on the compromised corporation can be terminal.  With a single cyber-attack, a company can see its damage-control costs escalate out of control, its customer goodwill shattered, the company put at risk of lawsuits, and the company’s stock price decimated.

In 2014 the total number of detected security incidents globally grew to 42.8 million with the number of breaches costing over $20 million doubling.  These breaches were a litany of high-profile corporate and government security breaches such as Target Corp., Home Depot, Neiman Marcus, Michael Stores, Sony Pictures Entertainment, and Wall Street giant JPMorgan Chase, costing an estimated US$500-billion.

Bring on the Lawyers

Given the rising number of cyber violations, it’s not surprising, there has also been numerous class-action lawsuits filed in the U.S. from stakeholders for breach of fiduciary duty, including a case against another hacking incident at Sony involving the alleged theft and release of social security numbers and other personal data, while electronic commerce giant eBay Inc. is facing a class-action launched in July, 2014 by 125-million customers whose personal data was breached early last year.



The shifting face of IT Governance

With so much at stake, there is now a shift beginning toward data governance being removed from the IT department and into the boardroom as part of the enterprise risk-management framework. Boards are only now beginning to figure out that oversight of cyber security has become as much a part of their financial duty as the accounting on the balance sheet. It is not the job of the board to manage data security but it is the job of the board to ensure it is managed as well as reasonably possible.


The IT literate CEO

Given the current global tsunami of cyber-crime, CEO's need to sponsor projects that implement layered defense, mobile device management, staff training and also address the risks posed by third parties interacting with the business. Focus should be on the rapid detection of security intrusions, and an effective and rapid response.


But whatever form of attack may occur, from now on the cyber security buck stops at board level. Senior executives are beginning to realize that the delegation of total responsibility for corporate security to the "IT Guy" is over.




Tuesday 12 May 2015

Smartphone Apps Secretly Connecting to User Tracking and Ad Sites







So, you unbox your brand new phone.  You use it for a few weeks, you love it, the battery life is great and it runs smooth as silk.  Over the course of a few months you get a bit bored and you look for free apps, because everyone likes free stuff.  You pick and mix, get some cool games, some productivity apps for work and  you get helpful apps for your music collection.  Stuff is free and life is good.

Six months later you find your battery life is halved and the smokin
' speed you saw at first now shows some lag, the OS gets a bit flaky and you feel that your latest and greatest device is no longer up to date. You start to look at the latest models on release and look forward to an upgrade.

What
happened?

One thing that may be causing severe degradation of your smart phone performance is those wonderful free apps you are using.  Security researcher Luigi Vigneri from Eurecom has developed an automated system for detecting Android apps that secretly connect to ad and user tracking sites.

Vigneri began by downloading over 2,000 free apps from all 25 categories on the Google Play store.
He then launched each app on a Samsung Galaxy SIII running Android version 4.1.2 that was set up to channel all traffic through the team’s server. This recorded all the urls that each app attempted to contact.   They then compared the urls against a list of ad-related sites from a database called EasyList and a database of user tracking sites called EasyPrivacy, both lists were compiled for the open source AdBlock Plus project. Finally, they then compiled the number of matches on each list for every app.

The results
were interesting. In total, the apps connected to a staggering 250,000 different urls across almost 2,000 top level domains. And while most apps attempted to connect to just a handful of ad and tracking sites, some are much more prolific.

Vigneri give
s as an example “Music Volume Eq,” an app designed to control volume, a task that does not require a connection to any external urls. And yet Vigneri says “We find the app Music Volume EQ connects to almost 2,000 distinct URLs,”.  Many of the apps connect to ad-related sites and tracking sites while some connect to much more dubious sites that are associated with malware.

But here’s the problem
, as I see it. This frantic activity takes place without the user being aware of it and it eats resources. That’s something that most smartphone users would be highly annoyed to discover if they knew what was going on behind their back, so to speak.

The Music Volume EQ app is not alone in its excesses. The team say
s about 10 percent of the apps they tested connect to more than 500 different urls. And 9 out of 10 of the most frequently contacted ad-related domains are run by Google.

The user tracking sites that apps connect to are less pervasive. More than 70 percent of apps
did not connect to any user tracking sites. Those that do can be extravagant; some connect to more than 800 user tracking sites. What’s more many of these are created by organizations that Google has designated with “top developer status.” The worst offender is an app called Eurosport Player which connects to 810 different user tracking sites.

Today, Luigi Vigneri and pals from Eurecom in France have a solution. These guys have come up with an automated way to check the apps in Google Play and monitor the sites they connect to. Their results reveal the extraordinary scale of secret connections that many apps make without their owners being any the wiser.

They call their new app NoSuchApp or NSA for short in honour of a similarly named monitoring agency.  The team plan to make the app publicly available on Google Play in the near future.

So, if you find your phone lagging and eating your battery for lunch
, try resetting it to factory default and see if the shine comes back. 


And remember, those app guys that give you free stuff need to make a living, somebody is paying them either for your tracking data
, or your invisible URL connections. 

Most importantly, you end up paying the most, with loss of your privacy and of your smartphone battery life 

Thursday 16 April 2015

When is a smart watch not a smart watch?


Hamilton Railway watch


A Short History Lesson of the Watch

The first time pieces to be carried by a person were made in the 15th century in the German cities of Nuremberg and Augsburg.  These early time pieces addressed the age old question man had struggled with since the sun went behind a cloud and messed up their sundial. That question is, “what time is it?”

These early time pieces were driven by a main spring and were so inefficient they had to be charged (wound) twice a day.


In due course, these time pieces evolved to to include advances like perpetual movement, being charged (wound) by the motion of your body.  With the waistcoat falling out of fashion, the watch moved from your pocket onto your wrist.


Evolution came slowly but surely, until we are where we are today.  We now have robust multi-function watches, powered by solar energy, run by microcomputers, corrected to the nearest millisecond by satellite and can tell the time anywhere in the world as well as act as a slide rule, GPS, altimeter, stop watch, etc.

The “Smart” Watch


In what universe is this attractive


Then, along comes the almighty Smart Phone Makers, who tell us they will redefine the watch on our wrist to make it a truly useful device. Are they trying to be ironic?

A short history lesson of the Smart Watch

During the 1980s, Casio marketed the successful line of "computer watches", in addition to its calculator watches. Most notable, was the Casio DataBank series.  The RC-1000 Wrist Terminal, released in 1984 (George Orwell anyone?), was the first Seiko model to talk to a computer. The Timex Datalink product line was introduced in 1994. The early Timex Datalink watches had a wireless data transfer mode to communicate with a PC to sync appointments and contacts created with Microsoft Schedule+ (pre-Outlook program) and so on.

Today, we have a couple dozen manufacturers marketing watches that are claimed to be "smart".  They do things like display the time, vibrate when you get a call, show caller ID, show a map, answer a call and record data from your exercise regime.  Except for one notable exception, the Pebble, most need to be charged once a day (echoes of the 15th century, anyone?).


So, I must ask the question, is there a need for a remote display on your wrist that buzzes when a distant acquaintance posts a picture of their baby’s diaper on Facebook?  Is it more polite to check your wrist, rather than your phone, to see the goings on in your virtual world?  The answer, is that it most certainly is not.  If you check your phone, you are being moderately disengaged, when you are looking at your wrist you are being plain bloody rude. You are saying "My time is precious and you are wasting it".  (Editors note: Body language is the key indicator of rudeness in social and business interaction. Breaking eye contact is considered rude in most cultures.)

So who will buy a Smart Watch?


$25 each

This is an interesting question and luckily we have a ready answer.  The data services company “Owler” found that zero percent of 1000 engineers plan to buy an Apple watch and not one of them thought the watch was worth the price.  The same survey found that of 8000 marketing people 11% said they would buy the watch and about half reckon the price is right.  Sounds about right!
However I have no doubt that along with the marketing lovelies, there will also be hoards of technology fans who will desire another gadget, so robust sales are most likely assured and good luck to them, it's their money.   

Do I hate Technology?

It's true that I dislike the devices being sold as Smart Watches. Am I a Luddite, railing against the relentless forward motion of technology? Do I fear progress and want to cling to my old fashioned watch with all its complicated moving parts?  Am I not cool and just don’t get it?

Well, the truth is I am not cool, but I love technology. All sorts of technology. Smart Phones, petrol engines, desktop computers, engine management systems, PLC control systems. I have built dozens of computer systems just for a laugh. I know what multi-core CPUs, DRAM and multi-threading are, and I even have qualifications to prove it! Good for me!

So why do I dislike these Smart Watch Gadgets?  Because they are a sham, made from cheap off the shelf components and add nothing new to technology.  They are intrusive, in an already intrusive world. You can stick the phone in your pocket and ignore it; you can’t ignore something buzzing on your wrist every ten seconds.  Most of these smart watches are slave devices that don’t work unless they are connected to a phone and what they do can be done far better by a large screen phone.  The watch communicates with the phone base station via Bluetooth.  Bluetooth is not secure and should be switched off when not in use. Okay, let’s ignore that as we do with so much else that we can’t see.
But let me tell you the main reason for my disappointment: the battery life.  The biggest companies in the world are designing these things with running times worse than time pieces from hundreds of years ago.  If manufacturers wanted to push the boundaries of the basic time piece, they could at least have matched its endurance. Why not design better batteries, along with hybrid auto-winders and combine that with solar panel wristbands. You know, innovation of some description.

Fitness and Health Apps

"Oh," I hear you say, "what about all the health benefits and fitness tracking?". Before you even strap on an electronic fitness device, read this. If you are okay with health and fitness data being downloaded from your device and resold to data brokers, then please, rock on.  You might get lower premiums on your health insurance, or then again you may get higher premiums on your health insurance. It may even make no difference, but the point is it is intrusive in a creepy Orwellian way and makes me viscerally dislike the ethics behind the marketing.
 
My Watch, it's quite smart
Finis

If the manufacturers of these devices were straight with consumers and said, "Hey guys, we are selling an expensive fashion bracelet that you charge everyday, it lights up and buzzes now and then.  If you buy it, you will be seen to be modern and cool. It will be out of date in a year or two, but don't worry, by then we will have something better.", I would be cheering from the sidelines because the truth is being told and I am sure the gadget lovers and marketers would still buy it (and once again,good luck to them it's their money).

The current crop of wristbands connected to a phone is a marketing ploy which promises a lot, but will deliver no real benefit to the user.  They will, however, deliver great benefit to the companies that collect and resell personal data.  

There is a great future for bio-tech, it is an absolute certainty that tech will be placed onto and eventually into our bodies. What about smart retinal implants, or wrist bands collecting biometrics? What about biotech injected into the body to regulate blood sugar or fat absorption?

Technology designed to augment our capabilities will not come from a fashion wristband, but more likely in the form of nanotechnology that works from the inside to promote healing, retard aging and maintain health.

I have no doubt that watches connected to phones will be a success and probably even become useful, but are they the future of Body meets Tech? 

Most definitely not.

Q: So, when is a smart watch not a smart watch?


A: When it's a stupid watch.


Tuesday 13 January 2015

The EU Proposal For Protecting Individuals Online Data



The European Commission's proposal for a General Data Protection Regulation (GDPR) represents the most significant global development in data protection law since the obsolete 1995 EU Data Protection Directive. The GDPR aims to unify data protection laws to meet the challenges users face in the current digital climate and in particular, strengthen the protection of online personal data.
A "regulation" unlike a "directive" is directly applicable in all EU member states without the need for national implementing legislation. The Commission's aim is to harmonise data protection law across those member states.
When enacted into law, it will require all businesses handling EU residents’ data to delete personal information on request or when it is no longer required by the organisation, and encourage the use of auditable deletion procedures for companies processing personal data.
Non-compliant businesses could receive significant fines, with data breach sanctions ranging from €250,000 or 0.5% of annual worldwide turnover for less serious breaches, up to €100,000,000 or 5% of annual worldwide turnover for more serious infractions.
That’s rather big news so it is surprising that 81% of IT managers across Europe are unfamiliar with the proposed Regulations, according to research from Kroll Ontrack and Blancco.
According to the research 61% of IT managers said that their organisations have not taken measures to achieve compliance with the pending regulation, with 55% failing to review and adapt data destruction policies. A further 25% did not have any process in place to deal with data destruction.
Overview of the Draft Regulations
The 119-page draft is rather text heavy as you would imagine coming from Brussels, the bureaucratic capital of the world.  However, there are some significant changes to the existing regulations that need exploring. Among the most significant changes, the Proposed Regulation changes the consent requirement from “implied” to “explicit”. It introduces some new concepts such as the concept of breach of security, the protection of the information of children, the special status of data regarding health, journalism etc., and the requirement for businesses to employ a data protection officer. It would require companies to conduct privacy impact assessments, to implement “Privacy by Design” rules, and to ensure “Privacy by Default” in their application. Individuals would have greater rights, such as the “Right to be forgotten” and the “Right to Data Portability” which covers the ability to move your data seamlessly between providers. There is also a section regards transferring data to different geographies with big implications for cloud storage vendors and users.
There are Special Categories of Processing that are not covered by these regulations, included are Health and journalism

Data Tracking

There will also be a requirement to maintain comprehensive process documents that would be created and maintained in a similar way to the ISO system, in place in most businesses. This information is similar to that is currently provided in notifications to the data protection authorities but include new requirements such as the obligation to keep track of the transfers to third countries, or to keep track of the time limits for the erasure of the different categories of data.

Securing Data

There is a section devoted to the security of the personal data. In addition to the security requirements of the current directive the Proposed Regulation introduces an obligation to provide notification of personal data breaches. In case of a breach of security the data controller is required to inform the local supervisory authority within 24 hours, if feasible. In addition, if the breach is “likely to adversely affect the protection of the personal data or the privacy of the data subject,” the data controller is required to notify the users, as soon as possible, after it has notified the supervisory authority of the breach.

Data Breach Impact Assessment

There is a proposed requirement that obligates controllers and processors to carry out a data protection impact assessment if the proposed processing is “likely to present specific risks to the rights and freedoms of the data subjects by virtue of its nature, scope, or purposes. Examples of these activities include: monitoring publicly accessible areas, use of the personal data of children, use of genetic data or biometric data, processing information on an individual’s sex life, the use of information regarding health or race, or an evaluation having the effect of profiling or predicting behaviours.”


The Proposed Regulation introduces significant penalties for violation of the law. Organizations would be exposed to penalties of up to 1 million Euros or up to 2% of the global annual turnover of an enterprise.


It remains to see how this initiative pans out but the Proposed Regulations signals intent to pursue more aggressively the infringers and to equip the enforcement agencies with substantial tools to ensure compliance with the law.

Saturday 3 January 2015

Is Your Favourite App Sharing Corporate Data




Is Your Favorite App Sharing Your Company’s Data

Over the first half of this decade, countless devices have been injected into the corporate workforce by the BYOD (Bring Your Own Device) trend. Security professionals expected mobile viruses and malware incidents to tag along with them, resulting in a huge uptick in incidents mirroring the situation that began in the PC ecosystem fifteen years ago. 
However, these worries have largely been in vain, according to a recently released report from app analysis vendor Appthority, mobile app data leakage and collection is posing a far greater risk to business users than anyone could have imagined. 
The culprit?  Data mining by Apps.

Digging For (Your) Gold

The report detailed the widespread collection of data by the current top 100 free and top 100 paid apps on both Android and iOS smartphone platforms. Appthority ran a comprehensive range of static, dynamic and behavioral analysis against all 400 apps in a test environment.
The report showed that among free Android apps, 88% of the top 100 apps available on Google Play collect user data in the form of, unique device identifiers (UDIDs) or IMEIs, while 82% engage in location tracking and 30% access users' address books. These are typically default settings.

Though Apple states iOS is a more secure and privacy focused alternative to Android, the stats weren't much better for their platform. More than half of the top 100 free apps on the App Store engage in the same UDID and location tracking, and 26% also access users' address books.

Even when users paid for apps, the report found that data collection was still prevalent. Out of the top 100 paid Android apps, for instance, 65% still utilized UDID details, 49% collected location data and 14% accessed address books. On the iOS side, 28% used UDIDs, 24% collected location data and 8% accessed address books.

Why it Matters

Mobile app data collection exposes enterprises and users to a number of risks that are not usually considered by IT departments. For example, if a user syncs their corporate Outlook account with an unmanaged smartphone, that device and all its apps will have access to an address book that contains contact details for the user’s contacts, company’s customers and suppliers. If an app that collects that address book information is compromised, attackers could have the information necessary to send spam to those contacts, gather client’s phone details, read calendar entries, and access confidential information such as contracts or quotes sent via email.

Although most organizations outside government don’t appear concerned about apps sharing location tracking data they really should take note. Think of it this way: If a third party can discover the location of key executives, they could utilize that information to predict M&A activity. From a HR perspective it is most likely true that most employees would not want to have their after work movements tracked by an employer, no matter how innocent while, say on a business trip.

Or from a life and death perspective a U.S. soldier shared a picture on Twitter of himself arriving at an Iraqi base. The picture included location details via geo tagging and shared on the internet.  These were downloaded enemy soldiers who launched a mortar attack on the exact location the soldier landed destroying the U.S. military helicopters on the base.

Where Does Your Data Go?

Data collection by mobile apps alone is cause for concern; however the report goes on to list ad networks as the ultimate destination of the data.
Seventy one percent of the top free Android apps and 38% of the top Android paid apps share user data with ad networks.  Meanwhile 32% of the top iOS free apps and 16% of the top iOS paid apps share user data with mobile ad networks.

Users are frequently not aware of such data collection practices because the privacy policy is posted obscurely on the app developer's website.

A Phoenix-based security researcher Joe Giron found that a surprising amount of users’ data is being collected by the company’s mobile application and labels it as nothing more than malware.  Joe writes in his Security Blog 
"Christ man! Why the hell would it want access to my camera, my phone calls, my Wi-Fi neighbors, my accounts, etc?" "Why the hell is this here? What’s it sending? Why? Where? I don’t remember agreeing to allow Uber accedes to my phone calls and SMS messages"

The huge growth of mobile ad networks poses multiple risks.  According to the leaked Snowdon papers, attackers can pose as an ad network and obtain user data directly; they could compromise an ad network's software development kit and infiltrate an app, or simply target the potentially vast data collection being stored by dozens of ad networks around the world.  The user’s details are then used to initiate large scale malware and phishing attacks.


How Do We Secure Apps?

Currently there are an estimated one million BYOD connected apps in the workplace and more than 80% of those apps have access to corporate data. The same apps that make the device useful or fun could potentially cause harm to a business.  The harm could be from poor design practices or simply because the app is working exactly as it designed to work, collecting your data.

There is a workplace solution for securing Apps in the enterprise, though.  Apps can be managed with secure containerization through EMM.  Strategy Analytics recently recognized BlackBerry BES10 as the most cost effective and comprehensive EEM solution available.  BES10 can manage BlackBerry, iOS and Android devices by setting up a personal workspace and an enterprise workspace. The personal workspace can have the user’s private apps and images. But the enterprise workspace will contain all work related documents or work contacts and data collecting apps cannot access that portion of the device.  Data-collecting apps are shut out and cannot access that portion of the device.


The United Kingdom’s Centre for the Protection of National Infrastructure deploys BES to secure sensitive government data, and provides a great example of a large-scale deployment tackling the issue head-on.