Independent Schools Conference

316534237_0af30c7be1_m.jpgI'm chairing a session tomorrow at the Independent Schools Annual Conference. We're looking at the threats and opportunities presented by Social Networks within a schools' context - so primarily YouTube, MySpace, Bebo and Facebook.

It should be a good session: we have Dr Zoe Hilton and Emily Knee, both from the NSPCC - who are experts in child-protection issues.

And then we have Antony Mayfield from iCrossing, who is a specialist in the interactions of People and Brands through the medium of Social Networks.

I'm guessing we'll be faced by a bunch of Heads who think that Social Networks are just a threat, pure and simple - but I'm hoping that I'll be wrong...

Follow me on Twitter: @IanYorston

'Evil twin' fear for wireless net

Moral? Switch on security features...

People using wireless high-speed net (wi-fi) are being warned about fake hotspots, or access points.

The latest threat, nicknamed evil twins, pose as real hotspots but are actually unauthorised base stations, say Cranfield University experts. Once logged onto an Evil Twin, sensitive data can be intercepted.

Wi-fi is becoming popular as more devices come with wireless capability. London leads the global wi-fi hotspots league, with more than 1,000. The number of hotspots is expected to reach 200,000 by 2008, according to analysts.

"Users need to be wary of using their wi-fi enabled laptops or other portable devices in order to conduct financial transactions or anything that is of a sensitive or personal nature," said Professor Brian Collins, head of information systems at Cranfield University. "Users can also protect themselves by ensuring that their wi-fi device has its security measures activated," he added.

In the vast majority of cases, base stations straight out of the box from the manufacturers are automatically set up with the least secure mode possible, he added.

Link: BBC NEWS | Technology | 'Evil twin' fear for wireless net.

Follow me on Twitter: @IanYorston

Mobiles to let parents keep a track on children

Guardian Unlimited

Parents worried about where their children are will be able to check up on them using technology that can locate their mobile phones, under new industry guidelines released yesterday.

The code of practice has been drawn up by the five British mobile networks in conjunction with the Home Office, police and children's charities. It also allows firms to sell services based on data that locates the position of a mobile user.

"This is a revolutionary step change," said John Carr, of the children and technology unit at the charity NCH. "The secret service and police have had access to this data for years but never before has the mass market had the ability to locate a handset."

Under the guidelines unveiled yesterday, the phone being traced receives regular text messages reminding the user that he or she can be tracked. Unlike a similar scheme in Finland where children under the age of 14 have no right to cancel the service, British children will be able to opt out of being located by their parents. The service also stops working if the handset is switched off.

Several firms are planning to offer services which parents can use to find out whether their children are at school or out with their friends. MapAmobile, available to parents through high street retailer Carphone Warehouse, has thousands of users. But Niki Torrance, the company's marketing manager, stressed that the technology will not provide a pinpoint location. "In a city where there is quite a density of masts it is possible to get a location down to about 50m, although 100m to 200m is more likely. In rural areas, however, it could be 1 or 2km."

Follow me on Twitter: @IanYorston

Defending Networks Against Cascading Failure

American Institute of Physics

Just as foresters can often halt a forest fire from burning out of control by deliberately setting firebreaks, it might be possible to reduce the size or spread of outages in a network in the wake of an attack or overload.

The Internet and the electrical grid are just two such networks that might benefit from a new model devised by Adilson Motter of the Max Planck Institute for the Physics of Complex Systems in Dresden.

Several previous network models have shown how an attack on key nodes of a system can cascade into a catastrophic failure. Motter's model shows how such a failure can be mitigated by shutting down selected peripheral nodes that handle only small amounts of the network's total load.

Simulating attacks on networks showed that answering the original attack with several successive rounds of precautionary node shut-down drastically reduced the size of the overall cascade.

Physical Review Letters: motter@mpipks-dresden.mpg.de

Follow me on Twitter: @IanYorston

Military Jams Wireless Doorlocks?

Daily Wireless

SlashDot mentions a Washington Post story about mysterious failure of keyless entry systems in cars around military towns.

Three years ago, thousands of drivers in Bremerton, Wash., were stumped on two occasions when their push-button remotes proved impotent when the Carl Vinson was in port. It happened in Las Vegas in February, prompting hundreds of calls to car dealerships and locksmiths. And in May, a two-way radio system being tested at Eglin Air Force Base in the Florida Panhandle jammed remote control garage door openers in communities near the base.

[...]

Some SlashDot readers have a different theory; radar.

"...The SPS-48E radar, has such power because it is an Air Search radar. There are ranges at which we are required to turn off our radars in vicinity of land, but this is soley at the attentiveness of the watchstander, and we frequently got reports during Operation Iraqi Freedom thaty our 48E was jamming the airport radars in Kuwait, and we were requested to lower the power output.

...The interference is in the Military A-Band, which covers 233-403 Mhz. This is used for shipboard radars, as well as radar at airfields."

Follow me on Twitter: @IanYorston

People who read this also read that..

From an article at ZDNET:

The people in my personal focus group (my wife, my mother, and some coworkers at CNET) agree that this is one of the creepiest things they've ever heard of: a new service that will tell your correspondents exactly when you opened the e-mail they sent you. It will also tell them how long you took to read their message and which computer you used to do so. The kicker: You'll never know all this information is being collected. It's a supercharged return receipt that's completely invisible.

The service is called DidTheyReadIt. What it does is insert a small tracking device, often called a Web bug, into the e-mail that you want to track. When your recipient opens your message, the bug (a one-pixel, transparent GIF file) is pulled from the DidTheyReadIt server, generating a logged event that shows when the message was opened and for how long.
This is the same technique used by spammers to detect if you open an email. Once they know you opened it, then they know that they have found a "real" email address and the floodgates open. Now everyone can take advantage of spamming technology.

Marshall Brain then adds:

What if you don't want people doing this to you? There is one way around it, maybe. Your email client would need to have a setting that says, "don't show me GIFs/JPEGs embedded in email messages". If every email program had that ability, then the problem would go away.

But many business and institutional e-mail systems already track e-mails in this manner and I'm not convinced it is such a big deal. One of the problems that has arisen from ICT is the development of computer excuses ("my hard drive failed", "the printer wasn't working" etc etc), which aren't so much excuses as lies.

Returning a little honesty to the technology might force people to be little more honest and encourage them to address the real issues ("I'm overworked", "it wasn't a priority")

Follow me on Twitter: @IanYorston

Passwords can sit on hard disks for years

New Scientist

Typing your password or credit card number into a computer is a moment's work. But if you think your personal details disappear as soon as you hit the Return key, think again: they can sit on the computer's hard disk for years waiting for a hacker to rip them off.

They hope their results will convince programmers to work harder at making computers more secure.

As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. There are some obvious safeguards, such as never allowing your computer to store your passwords. But even that is no guarantee of security.

When you type in a password, it is stored in random access memory (RAM), where it is held temporarily until other data overwrites it or the computer is switched off.

But every so often, the computer copies the contents of its RAM onto hard disk, where it is easy prey for a hacker, who can read it directly or design a worm to email it back. The longer sensitive data stays in RAM, the more likely it is to be copied onto the disk, where it stays until it is overwritten - which might not happen for years.

Follow me on Twitter: @IanYorston

Schools urged to smash internet myths

SocietyGuardian

I'll bet it isn't just children who get confused by spam, junk, virus, trojan, hackers, warez, DRM, mp3, cookies, ping, defrag, VoIP, etc. etc.

Children are confused about the dangers posed by using the internet with some believing it puts them at risk of catching HIV or being abducted by aliens, according to research published today.

Schools should do more to address such false and exaggerated fears about the internet, which may prevent some children from exploiting its benefits, said researchers from the University of London's institute of education (IoE).

Scare stories about children meeting murderers and paedophiles online may lead parents to curtail internet access, which deprives children of its educational opportunities and prevents them from learning how to deal with common problems, such as false online advertising, said the IoE's director, Andrew Burn.

Some children confused paedophiles with hackers or thought they sent viruses via "spam" or junk emails, the IoE's centre for the study of children, youth and media found.

Follow me on Twitter: @IanYorston

Largest Prime Number discovered

BBC Science

A scientist has used his computer to find the largest prime number found so far - written out, it would stretch for 25 kilometres.

The new number, expressed as 2 to the 24,036,583th power minus 1, has 7,235,733 decimal digits. It is nearly a million digits larger than the previous largest known prime number, and belongs to a special class of rare prime numbers called Mersenne primes. Primes are important to encryption and could lead to uncrackable codes. This new figure, identified by Josh Findley would take someone the best part of six weeks to write out longhand.

Mr Findley was taking part in a mass computer project known as the Great Internet Mersenne Prime Search (Gimps). Mr Findley used his home computer and free software as part of an international grid of 240,000 networked computers.

Follow me on Twitter: @IanYorston

Tags that never die

ZDNet

Businesses are all too keen to talk up the potential of radio frequency ID (RFID) while privacy campaigners are similarly vocal in calling for some hardcore data protection to go with the new tagging technology, and one of the emerging battlegrounds is all about when exactly the tracking chips need to die.

Item-level tagging is some way off yet, mainly due to cost rather than retailers' lack of enthusiasm but, when it does kick off in earnest, it's worth putting money on consumers being at loggerheads with retailers over when exactly to switch off and kill the chips.

RFID tags can be read, either by a store or by an unrelated third party, unless they're shut down by the company that installed them in the product.

While a consumer might quite fancy the idea of walking up to the checkout and having his new $9,000 plasma-screen TV scanned instantaneously, he might not be so pleased that any passer-by with a reader can find out what he's got in the back of his car. He may also just not like the idea of a supermarket being able to scan his goods after he's left the store.

But when should the tag's tracking powers be turned off? Kill commands, as they're known, do exist. The idea is that when a shopper passes a certain point, any active RFID chip essentially shuts itself down (German supermarket Metro tried similar technology with its RFID rollout and was rather red-faced to find its "kill" commands were more like a "nasty-kick-in-the-shins" commands).

The question remains: why would we want to keep the tags active once we've left our local Tesco and should retailers be allowed to?

Burk Kaliski, chief scientist and director of RSA Laboratories, believes there's a strong case for chips that never die. That doesn't mean always-on though. They would be more zombie than normal chip--alive but not capable of doing anything without being activated.

When the chips leave the store, they should be switched from non-private to private so they remain intact and in some select instances can be returned to readability, but otherwise are immune to shop-scanning, he said.

Introducing kill commands, Kaliski said, would "discourage innovation" and would be "counterproductive". There are indeed uses being touted for zombie tags. Taking goods back to a shop, for example, would be easier; recalling faulty or dangerous goods would be simpler; and distributing pharmaceuticals could be made safer by using RFID to scan for potentially harmful combinations.

But is that enough?

According to Katherine Albrecht of privacy group Consumers Against Supermarket Privacy Invasion and Numbering (Caspian), the disadvantages far outweigh the benefits. "Whoever made the tag is the entity that can reactivate it... that's even more dangerous [than kill-command chips]. If you believe a chip is dead, you don't take common-sense precautions to protect your privacy," she said.

The issues of individual privacy are more pressing when it comes to item-level tagging--the more commonly practiced case of pallet level-tagging is less of a threat, according to Geoff Barraclough, marketing director of BT Auto-ID Services. "With the use of RFID in the supply chain, there are no privacy implications," he said.

Consumers may be able to dodge uninvited eyes gleaning information from RFID tags but businesses may not be so lucky. With new extra-long read-range RFID equipment hitting the market, the motive and opportunity arise for underhand retailers or suppliers to gain an advantage [on competitors] by picking up on who's moving what goods, where and when.

With standards yet to be sorted out and early adopters falling over themselves to implement RFID rollouts, it seems the big names may have also forgotten to protect their own privacy.


Follow me on Twitter: @IanYorston