Now Playing Tracks

How to protect your personal data from the next hack attack like eBay | Technology | The Guardian

How to protect your personal data from the next hack attack like eBay | Technology | The Guardian


Passwords and personal data were stolen in eBay’s cyberattack. Here’s how to protect your information against future hacks

Ebay suffering the biggest hack of all time led to the exposure of lots of personal data including postal addresses, dates of birth and phone numbers for millions of people around the world.

While the company insists no financial information was stolen, private personal data still holds a lot of value.

But what options do users have when a site demands personal information as a condition of use, with no way of determining how secure that data will be?

“We have to take care of our data, but in many circumstances if we want to use a service we have no choice but to surrender data, stuff that is very difficult to change,” Rik Ferguson, global vice president of security research at security software firm Trend Micro, told the Guardian in the wake of the hack.

“It’s all very well telling everyone to go out and change their passwords, but you can’t go and change your postal address, telephone number, name and date of birth.”

Shopping services need your postal address to deliver goods, for instance, media services need your date of birth to verify age, and a taxi firm will need your phone number to alert you when its car arrives outside your door.

“All organisations that are hold any sort of private or financial information should absolutely be encrypting that data at all times – there is no excuse for not doing so,” says Ferguson.

Unfortunately, eBay’s hack has proved that not all companies are as good at protecting your personal data as they should be.

“All data that is shared should be done so in the knowledge that it absolutely is at risk from targeted attack. All of that data has financial value to the attacker, and they will continue to go after it.”

Just the bare minimum, ma’am

The safest way to protect yourself is simply to not give out any personal information. When that isn’t possible, provide the absolute bare minimum. After all, why does an internet company need to know where you live or have your phone number?

Avoid giving any over any more information than is absolutely necessary and required for the service to work. And if that is more information than you are prepared to give, perhaps the service isn’t worth the risk. Your information is valuable to the company you are giving it to, just as much as it is to the hackers that may gain access to it, and therefore they often ask for much more information than they really should.

Don’t give your credit card details to every shop

Credit card details are one of the most valuable pieces of information you own and therefore one of the primary targets for any criminal hacker. Consider using other secure forms of payment that do not require you to hand over your credit card details.

“PayPal represents a great example of giving data to a secure third-party so that you don’t have to give your credit card details to everyone you buy from, but of course that makes it single potential weak point in the chain,” explains Ferguson. (PayPal is owned by eBay, but was not affected by the hack on the auction site, and has its details encrypted, it says.)

Many other services, including Google Wallet and Visa’s V.me, are available to shield your payment information from online stores, but it is very important that you secure those accounts as much as possible with very strong passwords and, where available, two-factor authentication (where another tool like a number generator is used to protect your login).

Tweak your postal address

While giving out your post address for services is often unavoidable, there are some things you can do to protect yourself.

When a service that is not going to send you parcels asks for your address you can leave out one crucial factor. For instance, if you happen to live in a flat you can leave off the flat number of your address, simply listing the building number.

Also, if a company is using your address or postcode to simply verify the country or two you live in, as is often the case with online streaming services, consider giving them another postcode of the next street over or one in a surrounding area.

Use an alternate phone number

Quite a lot of services require a phone number to verify your identity. The companies use the potential security of the mobile phone operator’s registration process to strengthen your proposition that you are who you say you are. But giving up your real phone number could lead to a deluge of spam calls or phishing attacks should it be stolen.

Some services can essentially be fobbed off with a fake phone number, but others may actually use that number. So instead of giving them your primary phone number, considering giving them a secondary phone number.

One idea is to register another pay as you go account mobile phone number – simply getting a SIM from a mobile phone provider is often free and easy via the web or operator stores – and put that in an old phone for when you need to receive a call.

Once you have a secondary number registered, you could also set up call forwarding so that the number simply forwards to your real, primary phone number. That way you can continue receiving verification phone calls and queries as if you had given out your primary phone number, but can safely ditch the secondary number if it is stolen in a hacking attack – without having to tell all your family and friends about a new phone number.

Don’t give your full name

Your name is almost always the bare minimum of information required to set up and use internet services. That makes it the most readily available piece of personal information on the internet.

Consider giving certain sites and services a fake name, a nickname or perhaps a jumble of your real name, swapping your first and last names. Never give your full name with middle names if at all possible. That way hackers don’t get your actual real name and another piece of information that could lead to identity theft.

Fudge your date of birth

Lots of sites and services require your date of birth, often to verify age. But there’s no reason you have to give them your real date of birth. It is one of the most used pieces of private information for verifying your identity to banks and other crucial financial services - so should be protected.

Consider giving less crucial services a fake birthday. It doesn’t even need to be that different, but a month or a day change, or even a single digit year change should be enough to prevent it being used to gain access to your bank account, for instance.

Remember to make it a memorable one in case you’re asked for it as a security check, and for extra memorability, use the same fake birthday on every site. (Unix fans might like 1 January 1970, for example.)

Use multiple email addresses

An email address is often far more important than it is given credit for. Most services allow users to reset a password or regain access to locked accounts by using an email address for verification.

But once a hacker has access to your email account, they potentially have access to any other service that uses that email account to retrieve lost login credentials. And it’s quite likely there will be a confirmation email buried somewhere in your inbox from that service - so all the hacker has to do is search for that service (Amazon? eBay? iTunes?) in your email, then go there and demand a password reset - which will land in the inbox they control.

“You can try and operate multiple email accounts,” suggests Ferguson. “Some email services allow you to create disposable email addresses that are relatively easy to manage.”

He explains: “You could have an address that is bespoke to eBay, for instance with something like eBay.yourname@emailprovider.co.uk or paypal.yourname etc, so if that account is compromised you can just throw it away and create a new one.”

Another option is to create several layers of email addresses, using one for low security accounts, one for medium and another exclusively for banking or other crucial financial services.

Fake those security questions

Many sites and services require “secret” answers to questions like “who was your first teacher?” or “what is your mother’s maiden name?” There is nothing inherently wrong with the idea of secret questions to verify your identity as long as they actually stay secret.

Wherever possible, pick and choose to write your own secret question, and give an answer that is unique to each service. This can be hard to do if you do it at random. Try using something about the site to fill it in. So if you’re on “Randomsite.com” and it asks you what the name of your first pet was, why not say Randomsite? Or Etismodnar? Or Rando, or Etism. The important thing is to be consistent. (You might even consider going back to sites where you have already filled this in and changing them to match your pattern.)

The advantage of this method is that if the sites are doing the right thing, and encrypting your answers (and then encrypting future responses, and comparing the saved and latest responses to see if the results match), then even if hackers do grab the information and decrypt it, it will make little sense. Most hackers try the results they get from any password or other hack on multiple sites - that’s why it’s dangerous to use the same email/password combination on multiple sites.

Faking information can be particularly important when it comes to easy-to-find information like your mother’s maiden name or your father’s middle name (both of which could be available on the electoral register, for instance).

Use a secure password managers

The problem comes when trying to remember all this fake or varied information, but there are storage solutions that offer to securely store passwords and other important information.

“Look at password management software,” suggests Ferguson. “There are a load of options out there and it does mean that you can at least confine risks to individual accounts with unique passwords when they are breached.”

Password managers like LastPass or 1Password offer to store more than just passwords. Individual logins for internet accounts can have other information such as your fake secret passwords, date of birth or postcode attached to them. That way it is simply a case of looking up the information when you need it.

Most of the good password manager services also provide multiple ways to access the information, via a mobile app, website or offline for instance, as well as multiple layers of security, including two-factor authentication.

It is extremely important to ensure that your password manager account is as protected as possible with a bullet-proof password, which should be as long and complex you are capable of remembering.

It also creates a layer of inconvenience when you want to login to each service that one login and password for everything eliminates, but it will all be worth it when one of your accounts like eBay is broken into.

As Ferguson says, “effective security is no longer about designing architecture with the aim of keeping the attacker out permanently, that’s a pipe dream. If they want to get in, they will get in.”

These days it is inevitable that one or more services you use will get hacked at some stage or another, and so preparing yourself for that attack could mean the difference between a simple password change and having to cancel cards and change passwords everywhere.

What Television Will Look Like in 2025, According to Netflix | Business | WIRED

What Television Will Look Like in 2025, According to Netflix | Business | WIRED


In the future, Netflix will know exactly what you want to watch, even before you do. You won’t have to spend all that time browsing through endless lists of shows on your television.

That’s according to Neil Hunt, Netflix’s chief product officer. It’s just one of many predictions for the future of TV that the forward-thinking executive laid out on stage today at New York City’s Internet Week conference, and no one would be surprised if all that came to fruition. If there’s one company that knows about changing the way we watch TV shows and movies, it’s Netflix. From its humble origins as a DVD-by-mail outfit back in 1997 to its current status as a video streaming powerhouse and original content creator, Netflix has already overturned the status quo more than once.

As a slew of other tech companies, from Amazon to Yahoo, compete with Netflix to move television online–and traditional broadcasters fight to protect their old business models–Hunt has a clear vision for how the war for our attention will play out by the year 2025. Here are a few of his predictions:

You’ll Have 48 Million TV Channels

People have traditionally discovered new shows by tuning into the channels that were most aligned with their interests. Love news? Then CNN might be the channel for you. If it’s children’s programming you want, Nickelodeon has you covered. And yet, none of these channels can serve 100 percent of their customers what they want to watch 100 percent of the time.

According to Hunt, this will change with internet TV. He said Netflix is now working to perfect its personalization technology to the point where users will no longer have to choose what they want to watch from a grid of shows and movies. Instead, the recommendation engine will be so finely tuned that it will show users “one or two suggestions that perfectly fit what they want to watch now.”

“I think this vision is possible,” Hunt said. “We’ve come a long way towards it, and we have a ways to go still.” He said Netflix is now devoting as much time and energy to building out that personalization technology as the company put into building the infrastructure for delivering that content in the first place.

Creative Freedom Will Come to Hollywood

Hunt knows what you’re thinking: Most of Netflix’s extensive library consists of shows and movies you’d never want to watch. “Some would call it junk,” Hunt admitted on stage.

But he doesn’t see it that way. “There are no bad shows,” he said. “But there are many shows with small, but devoted audiences.” And as Netflix’s personalization engine becomes smarter and smarter, he said, it will become easier for those small audiences to discover new content they might not otherwise have found. That will give people like filmmakers and actors more creative freedom, he explained, because they’ll finally have a distribution channel that will tolerate small, highly individuated audiences.

“Internet TV can afford to carry those small shows,” Hunt said, adding that this approach has already enabled shows and films to thrive on Netflix that might not otherwise have worked on traditional television. The Square, a documentary about the Arab Spring uprisings in Tahrir Square, is one such example. “It’s been so successful on Netflix, and might not have found a home on linear TV.”

Internet TV will also free filmmakers from traditional television formats, Hunt said, in which they get one half-hour or hour-long slot per week with which to hook a viewer. On the internet, a television episode “can be as long or as short as you want, and it doesn’t have to tease you into the next episode because you can binge right into the next episode.” Eventually, you won’t even recognize TV shows as TV shows. “The stories we watch today are not your parents’ TV,” Hunt said, “and the stories your kids watch in 2025 will blow your mind away.”

The Commercial Will Finally Die

Netflix has already proven that it’s possible to build a big business in television without advertisers. Subscription fees, it turns out, do the trick. That means that the proliferation of internet TV may be the final nail in the traditional commercial’s coffin. That would change the entire economics of the advertising industry over the next decade, Hunt explained. “The ad-free model seems to be very popular with consumers,” he said. “We have to imagine that the Geicos and the Wendys and the Chevys will have to find a different place to advertise their wares in 2025.”

But there’s another possibility. According to Hunt, the same technology that delivers personalized content to viewers could also help internet TV service providers select more targeted ads to show their users. “Maybe you only see that Chevy ad if you’re ready to buy the car today,” Hunt said. That means viewers would see fewer ads, and advertisers would get to reach a more relevant audience.

Live Sports Will Arrive on Netflix (Maybe)

Ok, so this might not have been one of Hunt’s predictions, per se, but when asked by an audience member whether we might see live television and sports broadcasting on the site in the future, Hunt said we should “stay tuned.”

He noted that bringing live sports to Netflix would change the economics of the company. “Sports franchises end up being able to sell to the highest bidder,” he explained. “It’s not an area where Netflix has the total advantage over everyone else.” But he also said that as Netflix continues to grow its footprint, it’s always a possibility. Such a development would be an even deeper blow to the traditional television industry, as live sports are one big reason people opt not to cut the cord.

Everyone Will Have a Smart TV

In 2014, Hunt said, about 100 million internet-connected TV will sold–or about one for every three homes with broadband internet. And by the year 2025, he told his audience, everyone will own a smart TV.

That means the race is on to become the smart TV manufacturer of record, and the competitive landscape is broad. This is a battle that will include cable companies, internet TV providers like Netflix, and tech giants like Google and Apple, as well as television manufacturers like Sony and Samsung. That should usher in a golden age of innovation in the smart TV space, as powerful competitors vie for your attention–and make each other better in the process.

Also on WIRED: EBay Demonstrates How Not to Respond to a Huge Data Breach

Why Tech’s Best Minds Are Very Worried About the Internet of Things | Enterprise | WIRED

Why Tech’s Best Minds Are Very Worried About the Internet of Things | Enterprise | WIRED


The Internet of Things is coming. And the tech cognoscenti aren’t sure that’s a good thing.

For years, the prospect of an online world that extends beyond computers, phones, and tablets and into wearables, thermostats, and other devices has generated plenty of excitement and activity. But now, some of the brightest tech minds are expressing some doubts about the potential impact on everything from security and privacy to human dignity and social inequality.

That’s the conclusion of a new survey from the Pew Research Center. For ten years, the Washington, D.C. think tank has surveyed thousands of technology experts–like founding father Vint Cerf and Microsoft social media scholar danah boyd–about the future of the Internet. But while previous editions have mostly expressed optimism, this year people started expressing more concern. “We had a lot of warnings, a lot of people pushing back,” says Janna Anderson, co-author of the report.

The Internet of Broken Things

The 1,606 respondents said they saw many potential benefits to the Internet of Things. New voice- and gesture-based interfaces could make computers easier to use. Medical devices and health monitoring services could help prevent and treat diseases. Environmental sensors could detect pollution. Salesforce.com chief scientist JP Rangaswami said that improved logistics and planning systems could reduce waste.

But most of the experts warned of downsides as well. Security was one of the most immediate concerns. “Most of the devices exposed on the internet will be vulnerable,” wrote Jerry Michalski, founder of the think tank REX. “They will also be prone to unintended consequences: they will do things nobody designed for beforehand, most of which will be undesirable.”

We’ve already seen security camera DVRs hacked to mine bitcoins as well as a worm that targets internet connected devices like home routers. As more devices come online, we can expect to see an increase in this kind of attack.

Beyond security concerns, there’s the threat of building a world that may be too complex for our own good. If you think error messages and applications crashes are a problem now, just wait until the web is embedded in everything from your car to your sneakers. Like the VCR that forever blinks 12:00, many of the technologies built into the devices of the future may never be used properly. “We will live in a world where many things won’t work and nobody will know how to fix them,” wrote Howard Rheingold.

So Many Left Behind

That complexity could also leave many people behind. Developing nations–precisely the ones that could most benefit from IoT’s environmental benefits–will be least able to afford them, says Miguel Alcaine, an International Telecommunication Union area representative for Central America. In an interview, Pew’s Internet & American Life Project director Lee Raine pointed out that the IoT could lead to a much larger digital divide, one in which those who cannot or choose not to participate are shut out entirely from many daily activities. What happens when you need a particular device to pay for items at your local convenience store?

Meanwhile, those that do partake in the IoT may find it dehumanizing, especially in the workplace. We’ve already seen some companies explore the possibility of monitoring their employees through wearables. “The danger will be in loss of privacy and a reduction of people into numbers: the dark side of the quantified self,” wrote Andrew Chen, a computer information systems professor of at Minnesota State University. Peter R. Jacoby, an English professor at San Diego Mesa College, summed up this line of thought bluntly: “By 2025, we will have long ago give up our privacy. The Internet of Things will demand–and we will give willingly–our souls.”

The Counterargument

Not everyone thinks this loss of privacy is inevitable. Harvard fellow David “Doc” Searls argues that we needn’t sacrifice our privacy in order to enjoy the advantages of connected devices. There’s no reason that all devices must connect to the internet as opposed to private networks. And even those that are connected to the public internet could use encryption to talk to private servers, protecting your data from large companies.

“People’s Clouds of Things can be as personal and private as their houses (and, when encrypted, even more so),” he wrote. “They can also be far more social than any ‘social network’ because they won’t involve centralized control of the kind that Facebook, Google, and Twitter provide.”

Searls imagines a world with more fine-tuned control over not just privacy, but the terms of service that govern the products we consume today. We’ve already seen some progress towards such a vision with open-source Internet of Things projects such as Spark, Tessel, Skynet and Nodered. The question is whether these types of platforms can be used to build truly open consumer products, and, if so, whether anyone will want to use them.

The Hypometer

It’s also possible that the Internet of Things will fail to take off in any meaningful way. “The Internet of Things has been in the red zone of the hypometer for over a decade now,” Bill St. Arnaud, a self-employed green internet consultant wrote. “Yes, there will be many niche applications, but it will not be the next big thing, as many pundits predict.”

An unnamed co-founder of a consultancy with practices in internet technology and biomedical engineering agreed. “Inter-networked wearables will remain a toy for the wealthy,” he wrote. He thinks wearables and other connected devices will be useful for the military, hospitals, prisons and other niche operations, but he doesn’t expect them to be particularly life-changing.

Justin Reich, a fellow at Harvard University’s Berkman Center for Internet & Society, hedged his bets. “I’m not sure that moving computers from people’s pockets (smartphones) to people’s hands or face will have the same level of impact that the smartphone has had,” he wrote. “But things will trend in a similar direction. Everything that you love and hate about smartphones will be more so.”

(via Instapaper)

How Netflix Is Transforming the Economics of the Web | Enterprise | WIRED

How Netflix Is Transforming the Economics of the Web | Enterprise | WIRED


Netflix is now paying two major internet providers for a more direct path into the homes of all those people watching movies and TV shows on its popular video streaming service.

This week, the company announced it has reached an agreement with Verizon to connect its service directly to the ISP’s network, a deal similar to the one Netflix reached with Comcast in February. In the past, Netflix delivered its service into Comcast and Verizon through middlemen networks — “transit networks” that provide the backbone for the internet. But in order to ensure that its video streams arrive in homes without too many hiccups, it’s following in the footsteps of Google and Facebook, building a straighter path into ISPs.

The rub is that Netflix doesn’t want to pay. Netflix has been loudly complaining about this sort of deal, saying that Comcast unfairly forced the agreement after allowing transmit network links to “clog up.” Comcast, Netflix says, is setting itself up as a gatekeeper that can charge whatever it likes for access to American homes.

As Comcast looks to acquire another large ISP, Time Warner, the situation has fueled much controversy. The worry is that after the merger, Comcast will have even more gatekeeping power, and this becomes even more of an issue when you consider that, as a cable TV provider and the owner of NBCUniversal, Comcast is also a Netflix competitor.

But the situation with Netflix is even more complicated than many people realize. The problem is that we don’t really know what the company’s deals with Comcast and Verizon look like, and we don’t know how Comcast will handle such deals in the future. Netflix may actually be paying less for delivery than it was in the past, and various economic forces may continue to keep the cost of such deals down.

But what we do know is that, now that companies like Netflix and Google are pushing such enormous amounts of video across the network, the economics of the internet are changing.

Equal Pay for Equal Play

In the past, a transit networks like Level 3 would trade traffic with home ISPs like Comcast without either party paying a fee. This is called “settlement free peering.” These arrangements worked because both parties were sending and receiving similar amounts of traffic. But that changed when networks like Level 3 started carrying Netflix’s streaming video, and they were delivering more traffic than they were receiving. This led to what’s called “paid peering,” where the transit network must pay for the delivery of its extra traffic.

Some, such as policy analyst Rudolph van der Berg, who now works for the Organisation for Economic Co-operation and Development, argue that all or most peering should be settlement free since it almost always saves both parties money in the long term. That may be the case, but paid peering has become more common over the past few years. And now, Netflix is paying for access too. In past years, Google and Facebook have also set up direct connections to ISPs like Comcast, and though its unclear whether they are paying for the privilege, they very well may be.

As long as an ISP charges everyone the same rates, regardless of the content being delivered, it’s not really an issue. But we don’t know how much Comcast and other companies charge.

Streaming video industry analyst Dan Rayburn tells us that this lack of transparency isn’t a big deal. He believes that market forces ensure that Netflix isn’t paying more than they were paying to the transit networks, and certainly, Netflix hasn’t said that it’s paying more. In fact, Netflix could be paying less than the market rate — which would certainly give it an advantage over smaller competitors. That said, Netflix argues that it shouldn’t have to pay Comcast as much as it pays a Level 3, because Level 3 provides additional services, including moving its content across long distances.

Competition Is Key

It would be far better if the terms of these deals were made public, so we wouldn’t have to rely on rumor, speculation and estimation to determine whether everyone is getting unfair treatment. But the bigger issue is that, as more and more companies are must go directly to Comcast, it will wield more economic power. Things may be fair today, but not tomorrow.

The fact of the matter is that everyone who wants to reach Comcast users must go through Comcast, whether that’s through direct paid peering or through a transit network that has a peering arrangement with the company. And with the Time Warner merger, that collection of users will grow. “Comcast charged market transit prices for Paid Peering,” William B. Norton wrote in the 2014 The Internet Peering Playbook. “But what prevents them from charging a higher price?”

Meanwhile, multiple sources report that the FCC is considering allowing ISPs to charge different rates for different types of traffic. That would give Comcast, Verizon, and other companies even more leverage in negotiations with content providers. In other words, Netflix may have gotten the last good deal any content provider is going to get.

Correction 7:55 EST 04/30/14: An earlier version of this story identified Rudolph van der Berg as a writer for Ars Technica. He is a policy analyst for the Organisation for Economic Co-operation and Development.

Also on WIRED: How Netflix Is Transforming the Economics of the Web

wnyc:

Yesterday, we mused that it would be nice if there were a notification system for close NCAA games. Well, lo and behold, the WNYC Data team has built @NailBiterBot — which tweets anytime a March Madness game is under 3:00 within 8 points; under 1:30 within 6 points; or under 0:30 within 4 points. Here’s our experiment:

1) Follow @NailBiterBot

2) Turn on notifications for that account.

3) You’ll get a push notification when a game is close, telling you to tab over or turn on the TV and catch the action.

We hope it works!

-Jody, BL Show-

To Tumblr, Love Pixel Union