How Secure are Your Passwords?

Just a couple of weeks ago Republican vice presidential nominee Sarah Palin had her email address hacked, after someone by-passed her password after guessing the answer to the “secret question”.

She was obviously targeted because of her status, but that doesn’t mean it can’t happen to you. With the average internet user having around 25 online profiles, a secure password is vital to ensure your safety online. The majority people are lazy though. They spend so much time on the net that it’s easier for people to use a simple password that has relevance to them, and is generally short. Remarkably, even though reports of cyber-crime and identity theft are through the roof, people still use passwords like “god”, “abc123” or the classically bad, “password”. These people can be loosely defined as idiots.

A solid password doesn’t have to be difficult, but it should be at least eight characters long and ALWAYS contain a mix of letters and numbers, and if you want to be extra secure – symbols.

Here’s a good way of building a secure, and hopefully memorable password.

•    I’ll start with the word: technologynews (14 characters)
•    Right, now let’s substitute some of the letters for numbers: t3chn010gyn3ws
•    Already that’s pretty solid, but to make it extra tough you could capitalise some of the letters: T3cHn010gYn3wS

That leaves us with a pretty tough password that you need to memorise. It’s not too hard to memorise one password like this, but unless you have a photographic memory, then you’ll struggle to remember a further 24 passwords if you fall into the average net user category.

It’s fair to say that this password is no way the toughest in the world. You could go military style and uses something like 8Uji#ge3s9%=vw2L93VuX>hT:5tPg. When it comes to security, especially if it’s your business, then you should make it as tough as possible.

One way of remembering all your new passwords is to utilise a password manager. These are readily available either online or local and the majority offer ‘one-click-login’ so you don’t even have to remember your gobbledygook.

For more information on ChutneyTech.com and the services we offer send an email to here.

BT Initiates Phorm Trial Number 3

BT wants thousands of its broadband customers to voluntarily participate in a third trial of Phorm’s advertising targeting system starting tomorrow, the two companies announced today.

The trial was supposed to start back in March, but was delayed after technical issues and legal problems. The plans are to monitor 10,000 residential broadband lines in real time.

Phorm released this statement earlier this morning:

“Phorm, the advertising technology company, today announces that its ISP partner, BT, will tomorrow commence its trial of Phorm’s platform, branded “BT Webwise”.

“BT customers are being invited to take part in the trial, which will take place over a number of weeks. Following successful completion of this trial and an appropriate period of analysis and planning, it is currently expected that Phorm’s platform will be rolled out across BT’s network.”

BT’s “Webwise” page sheds a little more light, saying that customers will be asked for permission to wiretap into their line. They say: “As a BT Total Broadband customer, you can try an exciting new service called BT Webwise.”

An “invitation page” will appear on the customers screen initially.

BT continues: “BT Webwise uses a cookie stored on trial customers’ computers to remember their preference. If the cookie is deleted at any point, the invitation page will be displayed again.”

BT has said previously that Phorm’s much-criticised cookie-based opt-out method would be replaced with a new method to satisfy those customers who don’t want their traffic to come into contact with Webwise-related equipment.

Cookies are still involved in the trials however. BT’s FAQ says “to remain opted-out, you can set all your browsers to block cookies from the domain webwise.net”. BT chief press officer Adam Liversage confirmed that opted-out traffic will pass through the system during the trial, but said it “will not be mirrored or profiled”.

Liversage added that BT is still working on a network-level-opt-out, but that it will not be offered during the trial.

This third trial will be the first time BT and Phorm have gauged the effect their behavioural targeting system has on ad click rates. The first trial did not seek to measure whether the technology improved response, and in the second trial no ads were served. The European Commission is currently considering action over the secret tests, which were conducted in 2006 and 2007 without customer consent.

For more information on ChutneyTech.com and the services we offer send an email to here.

Carbon Cops Coming to a Town in a Bubble near You?

A new report from the government’s architecture and design group believes that UK citizens should be subjected to random carbon spot-checks, and intensive surveillance of their diets, transport and waste disposal habits.

The publication comes from the Commission for Architecture and the Built Environment (CABE), and talks, rather excessively, about “monitoring” the general public.

The report is titled ‘What Makes and Eco Town?’, and is sure to rile up the UK’s free-thinking public, because it sound’s like something from George Orwells ‘Nineteen Eighty-Four’.

The CABE believes that strict monitoring is required to ensure the carbon footprint of eco-town dwellers remains at one-third of the British average, which is the requirement for what they call “one planet living”.

The group wants to monitor “the ecological footprint of the diet of 100 randomly selected residents”, along with our waste disposal and transportation habits.

The Carbon Corps also wan to choose the food you should eat, selecting only the most ecological retailers. The group is also, “actively seeking retailers on site who will commit to supporting residents in reducing the ecological footprint of their food consumption, in particular providing a wide variety of healthy, low meat and dairy options.”

The government proposal includes the building of 15 towns, which will house over 100,000 citizens. These towns sound like a large version of the Big Brother house, with 15 mile an hour speed limits, toilets that don’t flush and a fine for residents leaving the town walls.

If you want to live in such a repressed environment, first of all you’re mad, and second of all, you’re mad, and if the government actually agrees to this, then they are also, in my humble opinion, mad.

For more information on ChutneyTech.com and the services we offer send an email to here.

ELSPA Battle BBFC over Reducing BBFC 15 to BBFC 12

In the long running battle over video game classification, Paul Jackson, director general of the European Leisure Software Publishers Association (ELSPA), has slammed the British Board of Film Classification (BBFC), claiming it is not fit for purpose when it comes to game classifications.

Hard-talking Jackson made his point very clear indeed at the Labour Party Conference earlier today. He said that his organisation’s scheme is the only ratings classification with the power to prevent publishers from distributing unsuitable content to children.

The ELSPA is a voluntary organisation that is controlled by videogame publishers. The BBFC is the only ratings body with any legal backing, and is also independent of content producers.

Jackson attacked the BBFC to make everyone aware that a single classification organisation – called the Pan European Game Information System (Pegi) – run by the ELSPA, would be the best way of classifying games both in the UK and across Europe.

“The film ratings board continually downgrades games classified 18 by Pegi. They go to BBFC 15 or even BBFC 12,” claimed Jackson. He believes that the UK would be left “out of step” with classifications in the rest of Europe.

Even though the BBFC has already taken steps to handle the increase in online videogame sales, by launching BBFC Online, Jackson told the conference that Pegi would be better for handling such content.

However, this battle has been raging for quite some time now, and does classification make a difference at all, when children ask their parents to buy games that are branded 18+, and they do just to keep the peace? Or is this just another way for Labour to get more support for their flagging leadership?

For more information on ChutneyTech.com and the services we offer send an email to here.

Google Under Fire from Privacy Experts

A highly influential group of European privacy experts said last week that it will lead hearings with Google over claims that EU data protection laws do not apply to the search giant.

The independent EU advisory body on data protection and privacy, the Article 29 Working Party, said that Google is refusing to submit to Europe’s data protection regime and that “strong disagreements” remain.

The A29WP said in a statement that Google “considers that the European law on data protection is not applicable to itself, even though Google has servers and establishments in Europe.” It adds that Google “wishes to retain personal data of users beyond the six months period requested by the Article 29 Working Party, without any justification.”

The dispute is over the records of users search queries. Google keeps records of searches to use to improve the quality of search results, to fight against fraud and to improve data security.

The A29WP has called for this data to be deleted after six months. In a report published earlier this year, the Party said that companies keeping data for longer risked breaching data protection laws.

“If personal data are stored, the retention period should be no longer than necessary for the specific purposes of the processing,” said the Working Party’s April report.

“In view of the initial explanations given by search engine providers on the possible purposes for collecting personal data, the Working Party does not see a basis for a retention period beyond six months.”

The report also recommends that web users must be able to provide consent to the exploitation of their data, with particular reference to profiling purposes.

Google listened to the recommendations and on the 8th of September confirmed that it would reduce its retention period from 18 to nine months.

However, the Article 29 Working Party says that is not enough: “Google refuses for the moment to submit to the European data protection law.”

A29WP chairman, Alex Turk criticised Google for failing to improve its anonymisation mechanisms, which he labelled as “insufficient”. He said that Google considers that IP addresses are confidential data but not personal data, “which prevents granting certain rights to its users”.

Turk also accused Google of failing to “express the willingness to improve and clarify the methods that are used to gather the consent of its users.”

Google’s Peter Fleischer, from the company’s global privacy counsel, said that the company was committed to engaging in a constructive dialogue with the A29WP and other leading privacy stakeholders around the world.

Google also backtracked from one of its key arguments. Fleischer had previously claimed tat the EU’s Data Retention Directive forced it to keep the details for between six and 24 months. The Party said this was not the case because data retention laws only applied to telecoms companies.

“We agree with the Working Party that search logs are outside of the scope of the Data Retention Directive,” said Fleischer in Google’s response document.

In July Google caved in to pressure from privacy activists when it agreed to publish a direct link to its privacy policy from its front page after calls from regulators to do so.

The Working Party was happier with that, but still wants more. “In conclusion, despite some progress, significant work must still be carried out to guarantee the rights of internet users and to ensure the respect of their privacy,” they said. “In this perspective, the Article 29 Working Party will lead hearings with Google to discuss the points of dissension.”

For more information on ChutneyTech.com and the services we offer send an email to here.

Nintendo Wii Faces Legal Battle Over Controller Patents

Nintendo’s revolutionary Wii console could face a US sales ban, after an American manufacturer has claimed that four of its patents for on-screen navigation and control technology have been infringed by the famous Japanese company.

The US International Trade Commission (ITC) has voted to investigate Hillcrest Laboratories’ allegations that Nintendo violated three patents hillcrest owns relating to a “handheld three-dimensional pointing device” and a fourth for a “navigation interface display system that graphically organises content for display on television”.

The ITC said that the complaint alleges “violations of section 337 of the Tariff Act of 1930” and that it relates to “certain videogame machines and related three-dimensional pointing devices”.

The first part of the investigation will be handled by one of five ITC administrative law judges, who will hold an evidentiary hearing. The judge will then have to make an initial decision on whether there has been a violation of section 337, after which ITC will make a final decision over the lawsuit’s merits.

Hillcrest is hoping for an exclusion order and a cease and desist order, which if approved could see the Wii and its controllers banned from sale in the US, and from being imported.

Charlie Scibetta, a spokesman for Nintendo of America, released a statement that claimed that none of the videogame pioneer’s products infringe Hillcrest Laboratories’ patents. Nintendo plans to “vigorously defend” its position, he said

GAO Raises concerns about US-CERT

A government watchdog agency has slapped the wrists of the US Department of Homeland Security for failing to adequately protect the nation’s critical computer networks, in a report that picks out the US Computer Emergency Readiness Team’s lack of efficiency.

US-CERT is tasked with protecting private and government-run computer networks in America.

A member of the Government Accountability Office said that US-CERT should do a better job of monitoring network activity “for anomalies to determine whether they are threats, warning appropriate officials with timely and actionable threat and mitigation information, and responding to the threat.”

He also criticised US-CERT for weaknesses identified during a 2006 cyber-security drill at the hearing on Capitol Hill last Tuesday.

A draft report issued by the GAO claims that US-CERT “lacks a comprehensive baseline understanding of the nation’s critical information infrastructure operations, does not monitor all critical infrastructure information systems, does not consistently provide actionable and timely warnings, and lacks the capacity to assist in mitigation and recovery in the event of multiple, simultaneous incidents of national significance.”

It also believes US-CERT “still does not exhibit aspects of the attributes essential to having a truly national capability.”

DHS officials defended their capabilities but also admitted that they need to do more to safeguard the nation’s infrastructure. “We are undertaking something not unlike the Manhattan Project,” a DHS spokesman said. “We have set a strong cyber strategy, recently created the National Cyber Security Center, and are in the process of aggressively hiring several hundred analysts to further our mission of security critical infrastructure.”

Among the planned enhancements is a system called Einstein, which collects, correlates, analyses and share computer security information with US-CERT members.

Dell Blames ‘Soft’ Computer Sales for Share Slump

Computer manufacturer Dell’s shares fell by 8.3 percent in early Wall Street trading today. The drop came after the firm warned investors that it would see a “further softening” in computer sales this quarter.

In a short statement released by the company, it said it was “seeing further global softening in the global end-user demand in the current quarter.”

Dell also admitted that it will be hit with heavy costs associated with the realigning of its business – one that continues to operate in the shadow of Hewlett-Packard.

Over the past year the company has undergone a testing re-structuring exercise, and has plans to make 9,000 employees worldwide redundant.

The Company’s owner Michael Dell recently tried to reassure investors by vowing to save $3bn in annual costs by cutting back on staff and shifting to lower cost producers.

In August Dell posted a surprise 17 per cent drop in profits for its second quarter. At the time Dell said that the loss of earnings was a result of technology spending slowdowns and its expansion into Europe and Asia.

Although the company admitted that demand for its products would diminish this quarter, the company still expects growth to be better than its rivals for the full year. Dell’s directors will address its investors about its losses in more detail later today at the Bank of America 38th Annual Conference in San Francisco.

This is more bad news for the industry after HP’s announcement that 25,000 of its employees would lose their jobs as part of Mark Hurd’s “restructuring program” following his company’s takeover of EDS last month.

Intoxilyzer 8000 Under attack from the Law

Pima County Superior Court, Arizona, Judge Deborah Bernini has approved requests to allow the examination of the software used in a new generation of machines that examine blood alcohol levels of motorists.

The Judge ordered the device manufacturers CMI to release the source code of the Intoxilyzer 8000 – something that looks like the systems used in Battlestar Galactica – to defence lawyers for a lawsuit involving 20 drink drive suspects.

Lawyers for the CMI group argue that access to the software that runs the device is not needed to establish whether thee breath tests taken were reliable or not. Only a small portion of Arizona cops make suspected drink drivers have breath tests, with the majority using blood testing to determine a crime. Lawyers for the 20 suspected drink drivers believe that suspects have the right to cross-examine their accusers, in this case the electronic devices.

CBI is adamant that the source code of the Intoxilyzer is a trade secret. However, prosecutors in the case believe that this is just a way to get their clients off the hook. Judge Bernini ordered CMI to hand over its secret source code to the lead lawyer for the defendants, James Nesci, the Arizona Daily Star reports.

If CMI were to reject the request it would place defence lawyers in a strong position to have breath-test results against 170 defendants, both in the cases under consideration by Judge Bernini and other cases going through the system, thrown out of court.

The device has been used since last year, and is well favoured by cops due to its light weight, and ease of use. The unit can even be powered from a car cigarette lighter.

However, it’s not all rosy. Allegedly inconsistent results involving the Intoxilyzer 8000 have led to legal action in six states (Florida, Louisiana, Massachusetts, Minnesota, Tennessee and New Jersey as well as Arizona). A Florida judge also ordered CMI to hand over the source code running the controversial devices but the firm has refused to comply, earning it $1.2m in fines as a result.

YouTube Crackdown on Ninja’s and Terrorists

YouTube, the user generated video site, has caved in to pressure from Senator Joe Lieberman, so has laid down the law on videos that depict violence and terrorism. A statement on YouTube’s Community Guidelines page announced the changes:

“While it might not seem fair to say you can’t show something because of what viewers theoretically might do in response, we draw the line at content that’s intended to incite violence or encourage dangerous, illegal activities that have an inherent risk of serious physical harm or death. This means not posting videos on things like instructional bomb making, ninja assassin training, sniper attacks, videos that train terrorists, or tips on illegal street racing.”

Serious stuff. YouTube spokesperson Chris Dale commented on the change, “We at YouTube regularly review our policies and update them if we feel we can do an even better job of communicating with our users or if we find that there is content we feel may not be adequately addressed. As our blog post on the updated Community Guidelines made clear, we’re always trying to keep pace by creating policies that reflect innovative new uses of YouTube and the diverse content posted by users every day.”

Earlier this year, the senator claimed that al-Quaida terrorists and other extremist cells were using YouTube to disseminate training videos and propaganda, encouraging violence against America. At that time, YouTube claimed that due to the sheer volume of content added to the site each day, it was impossible to monitor everything, but it stressed that violent videos were not allowed. Lieberman, however, claimed YouTube kept these violent video on the site, citing the First Amendment and freedom of speech.

“YouTube certainly has a right to set its own terms of service,” John Morris, general counsel for the Center for Democracy and Technology said “If it wants to prohibit these videos, most of which are not illegal in any sense, it can do so. But this action and Sen. Lieberman’s protests about this kind of video are not going to do anything to keep these videos off the Internet. They are widely available elsewhere.

“As an effort by Sen. Lieberman to suppress these videos, it will be wildly unsuccessful.”

Morris said that not all inflammatory or dangerous speech is constitutionally protected, and most states have laws prohibiting the incitement of violence.

“If I go out on a street corner and yell to passersby that they should go and kill the mayor of my city that would not be illegal speech. Nobody would look at that speech and think I expected people to go do that,” he said. “If I said those exact same words in a meeting of my gang in my city, and I’m a gang leader and I am saying the exact same words in a meeting that’s being called to discuss what our next action is, then that might actually be illegal.”