Extra! Extra! Privacy for sale!

Data Privacy Month

Privacy is a keyword that has sold a lot of newspapers lately.  Why is that?  For starters, absolute privacy is more elusive than Peyton Manning trying to win a 2nd Super Bowl.  24-21 Seahawks, but I digress.

When discussing online and data privacy, responses can be generally summarized in to one of three statements:

“I don’t have anything to hide, anyway.”

or

“I don’t have any data anybody wants.”

or

“The ‘Internets’ and NSA can read our minds!  Break out the aluminum foil.”

There is some truth to all of those statements.  However, let me respond one by one…

“I don’t have anything to hide, anyway.”

Hopefully, that is true!  I would put myself in that category.  However, not having anything to hide is not the same as, “please document all of my likes, dislikes, medical conditions and internet searches.”  The power of big data is amazing.  It’s hard to imagine what a single search provider can deduce from your search history.  Add your social media activity and GPS coordinates from smartphone snapped photos to the mix and it would be a mundane task to predict where you are going to have lunch…next Wednesday….before you even know.  So, what’s the harm in that?  Well, like anything else there is no harm if that information is not abused.  However, the idea of so much personal information logged on a server somewhere in cyberspace can make anyone a little bit uncomfortable when you start to give it some thought.  After all, these companies exist to make money and your information is the product they are selling.  If someone was following you, your children and your “friends” around with a pen and pad, from a safe distance of course, jotting down your schedule and any other details they could gather in plain sight, would you be OK with that? Unlikely.

Be aware of the fact that when you are logged into a social media account or search engine, your web traffic and internet searches are likely being logged and analyzed.  If you have a problem with that, remember to log out of all websites you logged into and clear your temp files before browsing the web.  Some individuals keep a separate browser for random searches and web traffic and another browser for logging into social media websites and the like.

“I don’t have anything anybody is interested in stealing.”

Actually, you do.  You have credit cards, a social security number and credentials to campus or corporate resources.  You may have access to intellectual property or research data.  You definitely have access to a computer.  Many of today’s attackers are more interested in computing power as much as anything else.  If they can turn your computer into a zombie and make it part of their apocalyptic cyber army, they are more powerful and more effective in getting what it is they’re ultimately after.  There have been countless cases of a computer sitting under the desk of a receptionist in an inconsequential office taking part in a cyber attack against a high value target.  So don’t subscribe to this faulty reasoning.  It’s just not true.

“The ‘Internets’ and NSA can read our minds!  Break out the aluminum foil.”

Well, this is not true as it stands today, but there is no telling what next week will bring.  Here’s the bottom line.  The climate of information security has changed from ‘trust but verify’ to ‘don’t trust and verify’.  Everything worth protecting needs to be protected.  What do I mean by that obscenely obvious statement?  Assuming something is safe or relying on security by obscurity is not going to cut it anymore.  Any data hitting the wire or the air via WiFi should be viewed as fair game for invited or uninvited onlookers to see.  Encryption for data at rest and data in transit is not an option; it’s a requirement.  Every website, product or software package you are investigating should support encryption.  Accept no less and assume your local network is already breached in some way.  It’s not paranoia.  It’s reality more often than anyone would like to admit.

Watch this short video for some important reminders.  It’s an oldie but goodie if you haven’t seen it before.

Google Glass: The Apple of My Eye?

I had very few preconceived notions and limited information about Google Glass before my test drive.  Aside from watching the concept video, I didn’t really know what to expect.  Unfortunately, the experience of wearing Glass did not fully live up to what I was hoping for.  Is it cool?  Yes.  Is it different?  Yes.  Is it life changing? NO.  Is it worth $1500.00 to the average consumer? Not by a long shot.  $500?  Nope.  $200?  Maybe.  Will it replace your iPhone, Galaxy or Lumia anytime soon?  Definitely not.

One thing is for sure…smartglasses can potentially introduce a truly hands-free mobile computing experience.  I have no doubt that as they mature they will eclipse the fledgeling smartwatch market.  However, at the moment they are both in the same category of being merely smartphone accessories.  Google Glass does not really enable you to do anything you can’t do now and much of it’s functionality relies on being tethered to your phone.  There are a few features worth taking note of though.

The picture taking and video recording ability of Glass could be a game changer.  Taking a picture is as simple as winking your right eye.  What parent doesn’t want that ability?  Saving time in a bottle becomes a real possibility now that we can record almost exactly what our eyes are seeing.  Video recording has long been known as the great equalizer and no doubt everyone would be on their best behavior if a simple gesture could preserve everything you say and do…on youtube.  I’m not saying it’s good or bad, but having a video camera pointed everywhere you go is definitely one of the more interesting Glass features.  There are so many practical applications for that feature as well.  Police Officers, field technicians, reporters, and students would no doubt find a wearable video camera useful on a daily basis.  Maybe state IT workers could find it useful too…

 

This is also a feature that makes me concerned as a security professional.  It is well documented that hacking into a webcam is nothing short of commonplace.  It’s kind of funny that of all the cyber risks in the wild, a webcam hack is the one risk that seems to resonate with everyone (see video below).  According to most and depending on where your webcam is situated, the idea of someone covertly watching us is just an unfathomable violation of privacy.  What can be worse?  I know!  Someone covertly seeing everything you see.  Hopefully you don’t look down when you type in your super secret passwords.  Anti-Virus for Google Glass?  Probably not, but with Android being targeted heavily with malware, AV on your smartphone is a must.  Keeping your phone OS and all accessories updated is equally, if not more, important.

By and large my experience with Google Glass was a positive one.  It was great to be able to have GPS directions in the corner of my eye rather than on my Costco purchased dashboard GPS.  Be forewarned though that the device runs hot when used for processor intensive tasks.  I also really enjoyed the text to speech ability of the device.  That feature was especially helpful when taking a picture and sharing it with my Google+ circles almost instantly.  It was shockingly accurate with the exception of one embarrassing picture caption that I will not share at this time.

So by and large, I would say that Google Glass and other products like it are here to stay.  They definitely have the need to mature, but the vision and application of smartglasses and even smartglass (car windshields?) is exciting.  Oh yeah, and get ready for a new breed of selfie…

They are unavoidable.
They are unavoidable.

Mobile Computing in 2014 and Beyond…

With all the hype surrounding Google Glass, Dick Tracy watches and curved phone displays, it makes me wonder what the future of mobile computing is going to be.  It’s obvious that smartphones are not quite as “smart” as they used to be.  Standard phones continue to disappear (Nana has an iPhone) and so-called smartphones have taken over the coveted title of “phone”.  The line that separates smartphones from tablets is thinner than the devices themselves.  So, then, what’s next?  Wearable technology seems to be the obvious progression of mobile computing.  It is soooooooooooo 2010 to reach into your pocket and pull out a square clunky device to check your e-mail…

Sadly, internet access from your watch, glasses, or iShoes, means more of an attack surface for malware writers and the like.  It won’t be long before ‘patching your shirt’ has nothing to do with a needle and thread.  The Internet of Things is growing and everything we own will have an IP address along with software to patch.  It’s this endless exposure that demands a risk based approach to IT security rather than the secure everything approach that just isn’t feasible anymore.

In any case, I’m excited to have a little face time (literally) with Google Glass over the weekend.  I’ll summarize my opinions on the topic sometime next week.

photo