Archive for News
Facebook Murders – Killer Uses Information From Victim’s Online Profile
Have you heard about the Facebook murders?
No, you haven’t. That’s because it hasn’t happened, yet.
The latest dustup over Facebook’s privacy changes has played out around the web, in the print media, and even in Washington D.C. as the company decided to put dollars above users by changing it’s privacy settings and policies. If you missed it, here is a quick overview.
Facebook recently implemented some new features and policies that come on the heels of last fall’s set of privacy "updates" in which every single Facebook user had all of their privacy settings changed to allow EVERYONE to view EVERYTHING, unless the user stopped to read and comprehend a pop-up screen that basically required users to decide whether to keep their old privacy settings or to use Facebook’s "recommended" settings. You can about imagine what most users that were just wanting to pop onto Facebook for a minute and see if there were any new pictures or updates from their friends chose.
Now, Facebook has implemented something it is calling F8, which basically allows other websites to use that newly private data for various purposes. As you can imagine, some people are up in arms about this.
Facebook Changes Privacy Settings Following Murder of Local Student
The problem with the Facebook privacy debate is that it is being conducted by technical bloggers, covered by technical journalists, and used for publicity by politicians. What gets left out of this debate is that of the almost 500 million Facebook users out there, most of them are NOT technically savvy. In fact, the whole reason Facebook’s growth has been so phenomenal is because it was able to tap into "regular" people.
If Facebook continues on its present course, the privacy debate being engaged in today will come crashing down someday soon. Since Facebook used to take care of its users and inspired a certain sense of trust among them, many non-technical users don’t even realize that there is any debate going on about Facebook privacy. They don’t read blogs, or click on LIKE buttons all over the web. They don’t have Twitter accounts, they don’t know what Digg is, they use Internet Explorer because it came with their computer. The most technical thing that they know about the Internet is that you can search for stuff with Google. Most importantly, they have never revisited their privacy settings.
If you are thinking, "Cry me a river," about embarrassing pictures, then you are either not thinking it through, or you are a simpleton. Either way, let me paint you a picture.
Anytown, USA – Some Day in the Near Future
Police today announced an arrest in the kidnapping and murder of local high school student, Jane Doe. Police reports suggest that the suspected killer, John Smith, used information found in Doe’s Facebook profile to carry out the kidnapping and murder.
Smith, a parking lot attendant, noticed Doe when she visited a friend at the community college. A high school parking permit sticker affixed to Doe’s window told Smith that Doe was currently enrolled at Lincoln High School. Smith apparently sent several friend requests to other students at Lincoln including fellow student Bob Jones. Jones said he accepted Smith’s friend request because he needed more "friends" for his "mafia" in a Facebook game called Mafia Wars.
Jones was already a friend of Doe’s, so being Jones’ "friend" gave Smith access to a wide array of information about Doe. Recent changes in the default Facebook privacy settings made much of Doe’s information available to "everyone," and even more data available to "friends of friends."
On the day of the kidnapping, Doe responded to a status update made by Jones about attending the school’s bonfire ceremony, indicating that she would, "see him there." Smith knew what kind of car Doe drove thanks to some pictures posted to her and Jones’ Facebook pages. A quick glance at the High School webpage or Facebook page told him the time and location of the bonfire. Using the address in her profile, Smith waited for Doe to leave the house and followed here. Then, he sent a text message to her cellphone indicating that "they were meeting on the west side of the parking lot". Smith had found Doe’s number via another friend’s Facebook profile from an update made months ago.
Jones grabbed Doe and forced her into his van at gunpoint. Then, using the victim’s cellphone he posted a "mobile status update" to the Facebook website indicating that she had car troubles and would not be attending. Later, he sent another update saying that she was "Chilin’ late at Taco Bell." Friends were therefore unconcerned when she didn’t arrive…
Think it’s far fetched?
Click on the links of some of the people who are friends of your friends. See how much information you can view about them. Sure, some of those accounts are locked down, but many are not.
Next, pick a sorority and do a little searching around on Facebook for it. How many co-eds can you find personal information about?
It isn’t about pranks and antics, it’s about real world privacy.
New PayPal Security Key – Extra Security For People Who Are Probably Safe
PayPal is looking at a new security option to help safeguard its accounts from the frequent phishing attempts leveled at its users. The additional security comes in the form of a small electronic gadget that is sized to be on a keychain, like this one used by Purdue University. This electronic security key generates new numbers every 30 seconds. In order to log into your account, you would have to enter both your regular password and the numbers shown on the device.
It is like your username and password are your ATM card, and the numbers on the security key are your PIN number. Only, it’s even better because your PIN is constantly changing. Basically, in order to do anything, a thief would have to get your card and your keys. (Now imagine a similar security key device that requires a code to unlock the display and you are getting to security that is pretty much unbeatable except by government agencies.)
The idea is that even if a hacker or phisher were able to get your username and password, they would be useless without the numbers on the electronic key. If they managed to get the username, password, and numbers, they would only be good for 30 seconds.
On the one hand, this is great security. In fact, some method of combining this type of technology with something like OpenID so that it could be used on every website, would pretty much shut down phishing and password theft and cracking as we know it.
On the other hand, the PayPal security key is basically designed to stop phishing attacks where the hacker tricks the user into divulging their username and password. Not surprisingly, these methods work best on those who are the least security aware, or those who have the least understanding of website security. While those who are most concerned with security are likely to be vigilant and thus only fooled by the most sophisticated techniques.
In other words, this security device would best protect the people who are the least likely to get one, and do the least to protect the people who are most likely to get one.
And, while we’re at it, what about people with multiple PayPal accounts (a personal, and a business one, for example)? What about business accounts? If the guy with the number key device is out sick or on vacation, what then?
The bizarre part is the number of security improvements that could be made without requiring someone to order, buy, and keep track of another piece of hardware. ING’s online banking at ING Direct, for example, requires a user to choose an image and a phrase that validates that they are indeed looking at the REAL ING Direct login page before entering a password.
The image and passphrase display over a graphical numeric keypad where the user enters their PIN. Any phishing attempt would fail immediately when the user noticed that the picture and words that are always there are suddenly missing or different.
Even better, entering the password PIN requires clicking the numbers on the screen, so not even a keylogger can capture the password.
PayPal doesn’t even offer this basic security and its next move is an electronic security key?
I know I would feel much more comfortable if when I clicked a button to pay with PayPal if I could see some sort of validation that this isn’t an elaborate deception that looks like I’m entering my PayPal username and password into my PayPal account when I am actually entering it into a form designed to look exactly like the original. All you have to do to pull of the scam on even the security savvy is a way to make the address in the URL bar say "PayPal" since that is the only means of validation PayPal currently offers.
Maybe PayPal should start by implementing some of the basics, and THEN worry about taking it to the next level.
Multi-Taskers In Trouble – Pseudo-Science Makes Great Headlines
A "news story" making the rounds the past few days details a "study" which says that multi-taskers are more likely to be distracted and make mistakes than non-multitaskers. At least that’s the conclusion they come to after dividing people into two groups, those who often have multiple things like television, videos, and music going at the same time versus those who do not and then showing them pictures of red and blue squares.
Basically, those who don’t always multitask were better at telling if red squares changed positions among red and blue squares than those who don’t multitask.
Just wondering, but could it be that people who are more likely to multitask are also more likely to be easily bored by things like, oh, I don’t know, watching red and blue squares?
These things always crack me up. Some scientists run a questionnaire, or do something like show people pictures and then leap to these huge sweeping conclusions like this. You want to study how multitasking does or doesn’t help or hurt your mental abilities, compare people doing important things and see how it works out. I’ll bet that when it actually matters, the multitasking people have about the same error rate on their tasks as those who don’t multitask, especially if their multitasking allows them to do things in such a way as to not make for the need to rush later on.
Places running the multitasking story total 350+ already on Google News. Guess we’ll be hearing more about this before everyone (multitaskers and not) forgets all about it.
Why Multitaskers Stink at Multitasking- Wall Street Journal Blogs
Study finds people who multitask often bad at it – Associated Press
Drop that BlackBerry! Multitasking may be harmful – CNN
Study: Multitaskers ‘lousy at what they’re doing’ – USA Today
Self-Proclaimed Multitaskers Aren’t That Good at Multitasking – Lifehacker
Of course, what is really funny is that this isn’t groundbreaking. It isn’t even remotely original. Consider these previous media flare-ups about multitasking.
March 2007 – Warning on the Limits of Multitasking
Nov. 2007 – Is Multitasking Driving You Mad?
July 2008 – The "Myth" of Multitasking
Now, if you will excuse me, I’m going to listen to some music while I write some more articles while downloading a rap about Arlington off of Youtube.
Good day.
