Author: Jonny Hankins

Jonathan's Author Bio: Co Editor of the International Handbook on Responsible Innovation, and author of Responsible Innovation, A Narrative Approach, Jonny works for the Bassetti Foundation in Milan publishing articles on innovation and responsibility on their website and in academic and trade journals and also blogging about his interests. He is on the editorial board of the Journal of Responsible Innovation and member of the the Virtual Institute of Responsible Innovation

Kill the Password

11 Replies Jonny Hankins

This week I would like to draw readers’ attention to an article that appeared in Wired at the end of last year. Written by Mat Honan and entitled Kill the Password: Why a String of Characters Can’t Protect Us Anymore, it makes for really interesting and alarming reading.

The author starts by explaining that he lost all of his digital life last year as his accounts were hacked, an event that lead him into investigating online security and how it is breached.

What he discovered is not for the faint hearted. The linking together of different accounts using an email as username means that any seriously interested party with a little time on their hands and very little money can relatively easily get into a single account, and from there into the others.

His conclusion is that the culture of using passwords for security is outdated, a thing of the past and that anyone who tells you otherwise is either deluded or trying to convince you of something that is not true.

The worst password choices

Worst passwords of 2012

The availability of information is a problem because of the personal question access to resetting your password. Mother’s maiden name, place born etc. are easy things to find out about anybody through ancestry sites or other documents. Once you have somebody’s email address, you try to reset the password using the personal questions through the provider’s website. The answers might be on Facebook, or on their blog, or maybe intuitive, but they are out there.

Then to the customer services rep that you speak to by phone. They are people and can be misled. The article contains a transcription of a conversation between a hacker and one of these people. As the user needs to be able to reset the password they are offered a series of questions that get easier and easier to guess. Names of best friends is possible using Facebook or other social network publications, but if not try favourite food or others, but the example given is name of one of the files in the account. Try Google, Amazon, Personal, one will be right.

So the problem is that the system needs to be flexible and easy enough to use, so we must be able to easily change our passwords, but this makes security impossible.

How can this problem be addressed? Here the trade off is privacy. If the company knows you, through your search histories, places you have been, where you work and what you like to do they might better be able to tell if the password reset-er is you, but you lose any privacy you think you might have.

Voice recognition can be tricked using recordings, biometrics and fingerprints too. Once a system uses these things that cannot be changed or reset the problem is magnified. If I have a fingerprint lifted from a screen I can use it to get anywhere and new fingers are hard to come by these days, so what do you use next?

The article poses these problems from the point of view of somebody who has been hacked, but the author also looks at who these hackers are and even meets a couple. It is big business in certain circles, particularly in the Russian speaking world where organized crime has a large stake and makes a lot of money through stealing identities and all that follows. In other circles they are just “kids” having some fun wreaking havoc.

There are a few simple strategies outlined in this (not short) article that are worth following but none are foolproof, and that is a lesson we could all learn from. Just a word of warning, it contains some harsh language.

On a lighter note happy new year to everyone, and my mum’s maiden name was Windsor (no relation to either Barbara or Elizabeth).

Year End Update

3 Replies Jonny Hankins

As the year ends I would like to look at some of my post over the last year or so to give an update about what has unfolded since I wrote them.

2012 Ending

The End is Near

I will start with Citizen Science. In 2011 I wrote an article about online gamers as scientists, and this year a couple of posts touched upon the issue of citizen science.

Recently the UK press has carried a story about a WW2 carrier pigeon whose remains were found in a chimney. The bird had a capsule on its leg that contained a message in code. Experts were unable to understand the message so they released the data into the public domain in the hope that somebody would be able to decode it. A perfect example of citizen science, the use of the Internet to access millions of brains.

A gentleman in Ontario responded with what he believes is the meaning of the note, although debate is rife around the issue of verification. He claims that the code is from WW1 and nothing more than a series of acronyms. Read this BBC article for more.

Still way back in 2011 I wrote a post about prosthetic limb technology and the fact that someone had opted to amputate a hand in order to have a robotic replacement fitted. Recently doctors have reported great improvements in prosthetic control, including controlling the artificial limbs through thought.

This experimental science has been going on for some time now, with implants in the brain interpreting neuron activity in order to make the limb move. As sensors get better movement improves and so control is greater. This week researchers in the US have released video of a woman operating a robot hand through thought. Watch it here on the Independent newspaper site.

One thing that isn’t addressed in the press coverage that I feel is important is that the person does not have to be attached to the arm, they can operate it remotely. This must have implications for how research and the handling of dangerous materials may be treated in the future.

If you want to see where this technology might take us just have a look at this video reportedly of someone controlling a remote control quadcopter using only thought waves. Incredible stuff!

More recently I wrote a piece about the compulsory tagging of students in a Texas school district. The project has run into problems as one of the students was withdrawn and moved to another school for refusing to wear the tag on religious grounds. Read the report here.

Andrea Hernandez refused to wear the tag saying that the bar code it contained could be the mark of the beast, an interpretation she takes from the book of Revelation. When they removed the mark from the tag she continued to refuse to wear it however so was effectively expelled. She is taking the school to court over the matter presenting problems to all those involved in the project.

I also wrote about the MOSE project to protect Venice from the rising seawater that floods the city ever more frequently. Recent news (in Italian) states that the project will no longer be ready in 2014 (2012 was the original date set for completion) but will possibly be finished in 2016.

The major problem seems to be lack of money. The project budget has increased massively, and the economic crisis has meant that money is found piecemeal so that the work can continue.

I do not want to be too critical of the land that bore my wife and children, but unfinished engineering projects are not uncommon in Italy, let’s hope this one does not end like many others.

Next week I will be taking a self enforced holiday, so no post on Thursday. Happy winter solstice to all, enjoy the festivities, thanks to everyone who has read and/or commented over the last year and I will be back in the new year (presuming that the Mayans were mistaken).

Instagram (AKA Facebook) in the News

15 Replies Jonny Hankins

Instagram hit the news with a bang today, and for all the wrong reasons.

They changed their privacy policy so that they have permission to sell any photos that users have posted to third parties. This means that maybe one day you might see that photo of your dog driving a toy car on TV advertising the said toy.

Dog Driving

A Dog driving a Toy Car

Great, you get famous. Not so great, you don’t get paid for it.

Yes our friends at Instagram have the right to sell the photo and keep the money. They may also “share your information as well as information from tools like cookies, log files, and device identifiers and location data with organisations that help us provide the service to you… (and) third-party advertising partners.”

They are not doing it for the money of course, but to “help us deliver interesting paid or sponsored content or promotions, you agree that a business may pay us to display your username, likeness, photos, in connection with paid or sponsored content or promotions, without any compensation to you.”

They just want to make your user experience more fun. “This means we can do things like fight spam more effectively, detect system and reliability problems more quickly, and build better features for everyone by understanding how Instagram is used,” it said in a statement.

If you don’t want to give them the right to do this you have a choice of course. You can withdraw all your pictures and delete your account by 16th January and never use them again.

I have written various articles about Facebook and their fluid privacy policies, you can find one here.

One of the most incredible things to me is reading the comments that these articles have provoked. Some people do not care about privacy, it seems to be a thing that only we oldies ever think about. This is a massive change in culture and opens a myriad of possibilities for exploitation in many forms.

Many of my friends use Facebook, probably all of them, but I am the odd one out. I do not use Facebook. A choice that has consequences, I could not register for Spotify the other week, they want your information. But I don’t want to share mine! And recently I applied for a job as a journalist but they wanted a breakdown of my social networking, so if you don’t do social networking you must not be a very good writer.

So make sure that your Instagram friends know what is happening so they can make an informed decision, think about what you post and where you post it, and remember, nothing comes for free, not even social networking.