January 27, 2010 2 Comments
Today’s post covers the following:
A lot of my time awake lately has been dealing with Information Security. Some ponderings:
Privacy 2.0. You’re only as secure as your friends allow you to be. [link]
Interesting and very scary thought. Especially with what I’m seeing with Google’s Social Search. This is fairly disturbing to me. Friends: Please let me know if you see anything from my account on this and I’ll work on getting it removed.
The more interesting part of this is the derivation attacks that can occur with something like Google Social Search or Facebook. In the 2008 election, Sarah Palin’s email account was hacked. From a Wired article:
As detailed in the postings, the Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.
With regards to secret question/secret answer and sharing of gobs of data, according to how “friendly” I am with someone on Facebook, this is worrisome.
- What was the first school you attended?
- What’s the name of your first manager?
- What’s your first born nephew’s name?
With a little bit of elbow grease, some reasonable attempts could be made on almost every one of these answers. The problem is that Social APIs enable programmatic gathering of this data and focused attempts. Solution: Put in complete BS for secret questions & social networking; hope that you remember the BS and still have friends.
- Better search across your entire library
- Like SERIOUSLY better search
- Better tagging/categorization for library items
- No DRM
- Have a true disruption in America’s telecommunications infrastructure; Large ISPS, AT&T’s and even Verizon’s data rates and support are absolutely ludicrous for the services provided
For about a year, the iPad should bring some good competition to the tablet industry for user experience and price. That’s A Good Thing™. After the first year, the industry’s competitive reaction will depend if they’re making money.