The Ashley Madison scandal, a violation and a reminder about security

Password cracking has become somewhat of a modern day past time, given the advancements that have been made in technology. Specifically, in the past five years there have been more privacy and password breaches than in the previous handful of decades combined. That is an exponential increase that makes us all exponentially at risk. Something that has paralleled this increase has been password reuse, which unfortunately correlates with network vulnerability.

Privacy and security on the internet have been two of the main themes passed around in discourse regarding the internet and personal identity for sometime now. This discussion has had a resurgence recently due to the Ashley Madison password crack, where a sophisticated group of hackers known as the Impact Team broke into the website that connects married individuals with others seeking extramarital sexual engagement and exposed all the user’s private information to the world. Now, this scenario obviously is a breeding ground for public shamming, as well as philosophical disputes regarding the principles of cause and effect. However, the focus of this article will not be on moral code, given the internet already consists of copious articles that ridicules and denigrates many of these innocent people who simply were engaging in their birth right – Freedom of Choice. Sure, if I wanted to I could bring out an alternative lens that would discuss a belief that takes into consideration an invisible specter world at work with the Ashly Madison scandal, a world riddled with unknowns and mystical oversight that provides an unspoken esoteric “checks and balance system”. However, these angles would position me on a pretty rocky soap box that I don’t feel at all privy to. Because at the end of the day, the truth of the matter is, when speaking in terms of legality and not subjective ethical positioning, all 37 million of these users who were exposed were indeed violated. Hands down. The bigger matter at hands here, which in fact more of the conversations on the internet should be tilted toward, is privacy and how to further protect our online identity.

The most important piece of information that has come out of this virtual scandal, which seems can’t be reiterated enough, is a problem that has already been discussed ad nauseam – password reuse. Really, perhaps we should all think about our passwords as condemns – use them once, never share with others, and when you do throw them out make sure they aren’t visible to the naked eye – bury or destroy them. Time and time again, albeit the millions of people being concerned about identity fraud, internet users still seem to be in constant denial that their accounts could be at risk. Using the same password over and over again for each and every online account is simply asking to be violated. Whether it be an Ashley Madison, Bank of America, or Facebook site, most people tend to believe themselves to be excluded from the rational of password variation, believing that, for some reason, they are immune to being hacked. The fact of the matter is, it’s simply not the case. Hackers do not discriminate, because if they can do it, they will. Point. Blank. So until everyone has thumb-print-protected passwords on their MAC and PC laptops, it would be a good idea to never use the same password for another site, in addition to constantly updating passwords on all accounts every 30 days.

Here are some tips for creating hard-to-crack passwords:

1) Never use your name or the word “password”. Basically, don’t be a nincompoop.

2) In fact, don’t use words at all. Words are universally ubiquitous, be more cryptic.

3) Always use at least eight characters or more. The longer, the more variations that need to be tried, meaning the more difficult to decode.

4) Contain characters that include numbers, capital letters, and multiple symbols from the top portion of the key board.

5) Completely go wild on your keyboard to come up with something entirely new and obscure. The only trick is, retaining it.

And remember, you don’t have to abide by the way of the technocrat. There is always the way of the luddite.

Google’s Experimental Patent Purchase Program

Whether it is an attempt to strictly protect against patent trolls or the less altruistic pursuit of acquiring more leverage against their competitors, Google has initiated a new, experimental program to review patents from sellers, in order to prevent them from ending up in the wrong hands. There has been friction in the past where patents have been sold to non-practicing entities, calling into question the validity of software patents altogether. Google’s method of reducing this contention in the market is to vet all potential patents looking to be sold by having the owners submit them to Google’s Patent Purchase Promotion Program, communicating exactly when they would like to be sold and at what price.

The first trial of this program will begin on May 8th, allowing all patents to be submitted for review until May 22nd. After the window for submission closes, Google will reconnect with all patent holders who submitted by June 26th about the potential of acquiring their patent, clarify the logistics and what it would entail. Google is attempting to finalize all those they would like to absorb as their own by end of August. Before all transactions are finalized, Google is mandating sellers be well versed with the “fine print”. Because of the politics regarding patent laws, the company is in fact encouraging those who do choose to sell to Google to speak with an attorney. They do not want anyone in the dark about certain liberties or potentialities Google could have with the acquisition. The company wants all sellers to step away from their patent knowing the rights Google holds post-transaction.

The strict window for patent submission is Google’s attempt to expedite the review and acquisition process.  The company states their intentions are invested in creating a more hospitable environment and smoother experience for both individuals and companies selling patents, by overseeing they get to the right people at the appropriate price. And in Google’s world, well, that is Google.

How public is your Wifi?

When we go to an internet cafe, sign into a free network and access our accounts, we generally assume that most people in the building are there using the internet for similar reasons. Although this may often be the case, it is not true all the time. Internet cafes and places that offer free internet access to paying customers are seen as lucrative havens for the unethical hacker. Unethical hacker meaning – those technology nerds that use their expertise of knowing all the bugs and loop holes of systems, programs, and devices for personal gain. So why preface hacker with a negative value proposition of “unethical” when the term “hacker” in itself is generally loaded with connotations? Because, nowadays there are “ethical hackers. Since the internet has become somewhat of its own sovereign country, they are similar to that of a travel agent who, once upon a time, helped to devise one’s trips, giving travels tip on how to travel safe and smartly – the “Ethical” Hackers do the same for the internet. Ethical Hackers are consultants for safety, or maybe the better analogue here is, they are like the Sex Education teachers of the internet. They show people how easy it is to get in trouble, and what one can do to stay protected – if you get my drift.

How is there even an outlet for an Ethical Hacker career? With over 1.43 billion smartphone users world-wide, among other personal devices, it is very likely that many of those users have at one point in time used an open WiFi sources to sign into programs with sensitive information about themselves or their company, leaving them vulnerable to hackers with malicious intent. In 2013 alone Risk Based Security reported that more than 822 million records were exposed – records of which every detail of one’s identity was accessible. And although most educated technology consumers are aware of the privacy risks they take when signing into unsecured networks, it is often forgotten, or inadvertently ignored out of necessity – hence the need for ethical hackers to reinforce to people, and businesses alike, just how easy it is for someone with a little skill, a half of brain, and the right tools, to gather all the information one needs within minutes to ruin an anonymous person’s life. This is the reality of the world we live in these days, and we need to get serious about wearing protection.

Here are just three, out of the many things, internet users can do to prevent themselves from being a vulnerable target.

1) Encryption:

It is best to make sure, and double check a few times over, that the network for which you are signing into is encrypted. Encrypted networks are there to protect users from unwarranted surfers– i.e. hackers. However, it is important to also make sure that, even though a network says they are encrypted, the network you are signing into in the public space is in-fact the network it says it is. Hacking trolls redirect traffic to networks of their own that they create for open source settings with a few tools and tricks of the trade. Often times a personal smart device will scan all the networks available and connect to the first readily available option. Hackers generally label their networks something benign, like a fictitious cafe name, to come across as safe to the user. If your device ends up connecting to a less-than-trusted source such as this type, it is even more vulnerable to be hacked, with or without decryption software.

2) Keep Operating Systems Updated:

It is easier for hackers to find bugs in the system of outdated operating systems, these bugs providing loop holes making them more at risk. While it is a simple form of protection to update your system, often times it is easier said than done since most people don’t keep on top of their updates, due to time, money, or laziness. However, those annoying reminders on our smart devices that pop up every two weeks innocuously telling us our systems needs to be updated, might just be able to save our virtual lives.

3) Not Using Internet Cafes

Now, I’m not saying that we shouldn’t log onto to any network outside the iron fence on our fancy office building or the isolation of our four-walled home, but rather I am suggesting to not do all your bills, emails, and SSN juggling on an open source WiFi network. However, if you are just wanting to plop yourself down next to a big cup of your favorite local coffee and get into a raging game of virtual scrabble with a buddy halfway across the world, I think that should be fine, although I would use an alias.

To get a little smarter about the reality of digital identity fraud, Read Maurtis Martijin’s article on ethical hacker Wouter Slotboom on Matter.

By Kayleigh Stack

Privacy Concerns, The Increase in “Smart” Tech & The Irony

In one of our last posts ( written by the lovely Kayleigh Stack ) we talked about Samsung Smart TVs and the privacy they lack when speaking in front of them ( their voice command feature constantly listens whether the TV is on or not ). Having a company listening to what you say 24-7 is horrible, but this issue doesn’t end there. In fact, it’s much worse than what most people know, or at least are willing to know. No, I don’t wear a hat made out of foil paper and no, I’m not talking about crazy government conspiracies. I’m simply speaking of all the companies that constantly keep an eye on you, that you might not even notice anymore.

Sure, showing a picture of how awesome your meal is, while you are on vacation is of great importance. And I certainly appreciate all the check-ins to let me know where you are at all times. Let us not forget about all those lovely selfies, tweets and Facebook posts that keep me inform about your entire life, minute-by-minute. Unfortunately, like I already mentioned, it doesn’t end there. It seems that, knowing who the picture is, ( I’m talking about the very creepy and scary face recognition feature ) is not enough.

Smart Tech

Nowadays, you walk into your house and your very slick Nest thermostat knows you are there. Your TV listens to every word you say, and your “Smart” bed ( yes those actually exist, and I’m not sure why you need a bed to be “Smart” ) is informed of all your sleeping (and perhaps, none-sleeping) habits. Oh but please wait, because there is more…

For the very small price of $199, you can buy your  your own personal Big Brother show. And guess who’s the main star of the show? That is right- you! You can buy cameras to stream HD footage of everything happening in your house, to any computer, phone or tablet.

Have we lost a sense of privacy?

So where do we stop? Have we simply lost a sense of privacy? Think about this: If you have a kid today, by the time your kid is 20, Facebook will probably know more about your son, or daughter, than you. The problem is not in only what they know, but what they do with what they know. Once again, no crazy conspiracy theories here, seeing that all this information collection is currently used for the purpose of… wait for it… selling you stuff.

If you are like me, dyslexic, sort of ADD, and with little interest for most material things, you probably never pay attention to web advertisement.  However, surprisingly, quite often, an ad will catch my attention. Needless to say, whatever it may be on the ad, it is always tailored to my interests. Witchcraft you say? Perhaps voodoo, or black magic? That’s what I used to think. Turns out, they are just using all that information they have about me, that supposedly I  “willingly” give up, to position ads ever-so-appropriately on the webpages I browse. Funny how we all keep a secondary email account to use when we don’t want to give our email out, yet we dump our entire life’s story into the hands of those evil genius advertisers. Oh the sweet taste of irony!

I can only help to think that maybe, and just maybe, it is time to become more conscious about this subject. Now if you excuse me, I need to go tell Facebook what’s in my mind…

Fede Pisani

Tech Blogger

Rumors of Apple patent inducing decline in GoPro Stocks

Back in January, reports broadcasted that action camera giant -GoPro- potentially had a new competitor. This purportedly induced a 12.7% decline in their stocks, after rumor spread of Apple being reassigned a patent that led many to believe the multinational corporation and technology laureate was soon to be a competitor in a market dominated by GoPro since its inception. Just the shear mention of Apple perhaps carving out a niche as an action camera producer led share holders to pullout with strategic immediacy, most likely evoked by tech experts competence on Apple’s brand loyalty and the influence their products have on consumers.

Who had the patent first? Kodak or Apple?

However, its seems there was a hiccup in the reporting and the patent was not newly sought out from camera company giant Kodak, but rather was acquired by Kodak shortly before being sold to Apple. It was never filled by apple. Apple first submitted an application for the patent in 2012, according to USPTO office records, and finally granted on January 13th, the day in which a slew of misleading reports were published by popular media sources discussing apples acquisition of the patent to be solely related to development of go-pro-like devices. So does this in fact suggest Apple’s efforts to enter into the action camera/Go Pro market? With the growth prospects of the market itself increasing in the upcoming years, predicted to grow at a CAGR of 22.2 % between 2014-2019, it would come at little surprise. In addition, knowing Apples track record, there is the likelihood for them to create products that would inevitably rank at top of the charts, with flying colors.

Apple- a new GoPro competitor or a new product on the horizon

However, perhaps the newly acquired patent from Kodak is misleading and is suggestive of something else entirely, as reported by other reliable news sources. There has been mention that if Apple were to be interested in becoming a Go Pro competitor, the patented solution would most likely have come directly from within Cupertino. Therefore, it is more probable they are using the patented tech to apply to other already existed technology or to maybe even to their ever evolving, ever advancing, soon to be released Apple watch. We will all just have to wait at the edge of our sets to find out.

 

Sources:

http://appleinsider.com/articles/15/01/13/misreported-apple-patent-reassignment-supposedly-induces-gopro-stock-price-decline

http://newsmaine.net/22036-apple-has-patented-new-design-remote-controlled-digital-video-camera

http://assignment.uspto.gov/#/search?q=20130235222

 

 

Kayleigh Stack

Customer Liaison and Research Associate