Wednesday 1 August 2018

New Technology

If you want to see the latest in technological innovations then it is worth browsing the crowd funding website indiegogo.com. The site has two main functions, a crowdfunding platform for startup companies and a marketplace for their products. Backers (initial investors) get benefits offered by the startups, this is usually in the form of a discount on their products or early access when the products are released to market. Once the products have been developed they can then be sold through Indiegogo's marketplace. They guarantee shipping of the marketed products, or a refund will be given if they are not delivered in time. One of the risks of being a backer is that a product may never get finished, but you can choose how much you want to invest. 

Some of my favourite products include: Scribit USD399 + shipping (https://tinyurl.com/y925g6ev) - This devices hangs on a wall and can draw any 2D image that you upload through an app. This looks really cool and it can also erase what is has drawn so you can change the image whenever you want. As an example it can draw the weather forecast every morning or draw the daily menu for a shop. Lumen - a metabolism tracker USD299 + shipping (released date April 2019 https://tinyurl.com/y8wxsdv3) - This device is is a small breathalyser that can advise whether your metabolism is burning carbs or body fat. It can advise what diet to follow to achieve your goal (weight loss or gain). The product I like the most is the auto guitar tuner, the Roadie 2 (USD129 + shipping https://tinyurl.com/ydgmyh3b). This tuner is placed on the guitar tuning pegs and will automatically tuner the guitar string to the correct pitch. It can be set to various tuning types as well as standard tuning. Very handy if you are trying to tune a 12 string guitar in a hurry!

To find and/or fund other interesting innovations go to indiegogo.com.

Sunday 1 July 2018

Have I Been Pwned?

Do you know if your email address or logon details to various websites have been hacked? In hacker slang, to "pwn" is to take control of someone's access or computer.  While hackers and cyber-criminals have the means to identify hacked accounts, the average person will find it difficult to know whether their details have been compromised. It is becoming increasingly common for websites to be hacked and the details of their users compromised. Some of the largest breaches include 164,611,595 Linked In accounts, 359,420,698 MySpace accounts and 152,445,165 Adobe accounts. The hacked details may include usernames, passwords and personal information. These details are sold or published online. In 2013 web security expert, Troy Hunt, developed a platform that made it easy for a person to check if their details had been hacked. The website is called Have I Been Pwned (HIBP) and is accessible at https://haveibeenpwned.com. It had also become obvious to Hunt that companies were slow to release details of data breaches and this left end users exposed. As a result, people can now register on his website and be alerted when a data breach occurs that matches their details.

HIBP has been so successful that other companies are integrating their products with this functionality. In particular the Mozilla Firefox browser is using the site to advise users when they are browsing a compromised web page. Mozilla will be releasing a new tool called Firefox Monitor that integrates the ability to search for compromised emails in the browser.  1Password (a password management app) is also using HIBP to advise their users if their logins have been compromised and their details need to be changed.

So what can you do if your account details have been hacked? The most important thing is to reset your password and security information as soon as possible. This is why getting an alert from HIBP is useful. Another common problem is that people tend to use the same password for many sites. So if one site is compromised then access to the other sites is also compromised. Using a password manager is a good way to avoid this issue. Password managers can generate complex unique passwords for every site. Not only can they generate passwords but they can be used to login automatically from your web browser. This way you don't even need to know your passwords or bother typing them in. 

Another useful security measure is to use multi-factor authentication (MFA). This is particularly relevant for high risk websites such as personal banking or government sites. With MFA, a username and password will be only the first means of authentication. Another another mechanism is needed to verify your identity. This can be in the form of an sms to your mobile, or using a one-time password (OTP) that can be verified from an app on your phone app. 

Lastly think carefully about the type of security information you use when registering an account. If you use real information and this is hacked, that can be used for identity fraud (by someone pretending to be you when registering a credit card etc.). If the website is low risk (e.g. a recipe site) then use bogus information that is kept in your password manager, in case you need to recover the account. There are many options when it comes to password managers, so check the review from PC Mag here to choose the right one for you: http://au.pcmag.com/password-managers-products/4524/guide/the-best-password-managers-of-2018

Friday 1 June 2018

IoT

IoT or Internet of Things is the term used to describe the digital capture of information from the world around us. This is essentially the idea of sensors capturing information and sending it through networks (either mobile phone networks or low powered local networks) that can then analyse the information and act upon this as needed. As an example, some councils have implemented this technology to determine when rubbish bins are full and need to be collected, thereby ensuring the bins are emptied only as needed.

As networks have become more common and technology has made sensors cheaper, the IoT concept is becoming a lot more practical and affordable. The main idea is to use cheap battery powered sensors that don't require a lot of bandwidth (the amount of information they capture and send is usually very small) to automate a process or provide information that may not be easily available. You have probably used these systems already, for example when parking in a parking lot with digital signage advising you of the number of bays available. This would have come from sensors detecting vehicles coming and going from the parking lot. Some parking lots now have sensors on the bays and can advise patrons where the empty bays are per aisle. This technology is very useful in an increasingly data driven world. The type of sensors available are also becoming increasingly varied.

Federal funding through the smart cities program has provide councils with a means to develop innovative solutions to make their suburbs and cities more livable, productive and sustainable (https://cities.infrastructure.gov.au/smart-cities-program). The City of Joondalup is using this funding to implement monitoring of the Yellgonga wetlands through the use of sensors, satellites and drones to collect real-time environmental, water quality and public usage data. There are also trials of smart monitoring of irrigation systems (only watering as needed). 

This technology is not limited to suburban areas though. In agricultural settings, sensors can be fitted to watering troughs to advise if they are no longer working and need repair. Stock fitted with sensors can advise of movement and general health and lead to virtual fencing solutions (https://www.iotforall.com/iot-applications-in-agriculture/). Monitoring of silos and tanks levels can be easily automated. Temperature of grain silos can be monitored to ensure the health of the stores. The key benefit of IoT in rural areas is that it doesn't rely on an existing mobile or data network. Low bandwidth radio networks can be used to set up an affordable monitoring systems in any location (https://www.sigfox.com/en/agriculture). 

To find out more about IoT in Australia visit the IoT alliance site at http://www.iot.org.au/ 

Tuesday 1 May 2018

Smart speakers

Smart speakers are devices that have voice recognition technology embedded which enables them to interpret spoken instructions. This technology has been used in smartphones for some time (e.g. Apple's Siri) but is now being extended to smart speakers that can be used in your home. There are currently three main companies that are rolling out these devices, Google (Home), Amazon (Echo) and Apple (HomePod) and each brand has integration with their company's products,

As an example, the Amazon Echo (www.amazon.com/echo) smart speaker uses the Alexa voice recognition system and is orientated to providing shopping services on the Amazon shopping site, as well as streaming video and music from the Amazon platform. The same applies to the Google and Apple devices for their respective media platforms.

As well as providing information, they can also connect into some smart devices in your household to automate things, like turning on and off lights, or lock and unlock doors (with the right smart equipment). Google Home will integrate with the Google Calendar and can provide information about your daily tasks, as well as integrate with your entertainment system if you use a Chromecast streaming device. Google Home has extensive support for home automation devices so is probably a good option if you want to integrate with other smart devices such as air conditioners (store.google.com/product/google_home).

The Apple HomePod (www.apple.com/homepod) uses Airplay 2 to communicate with other Apple devices to manage audio and video streaming, and in particular, works well with Apple Music. So if you have a large library of Apple music then this is a convenient option for streaming music wirelessly throughout your house. The HomePod also has smart acoustic technology which manages directional sound for ambient audio or focused audio for directional sound.

There are benefits to these smart speaker, especially if you have a lot of the compatible technology in your house already. The convenience needs to be balance against the possibility of a lack of privacy.  Given the revelations that have been made about the abuse of privacy recently though failures by some of the technology companies (most recently Facebook) it is a relevant concern about the level of trust we have with these listening devices and how that information is kept safe. I guess the risks need to be measured against the rewards so it is up the buyer to make that decision.

Sunday 1 April 2018

Cryptojacking

You may not have heard the term Cryptojacking but it is one of the newest threats to your computer security. The good news is that it is not malicious in the sense that it won't destroy your data. The bad news is that it will most likely slow your computer down and decrease responsiveness of your system.

Cryptojacking is the use of your computer's processor (CPU) to mine crypto currencies (see my  article on crypto currencies for more info). The reason this has become such a big problem is because it is reasonably trivial for cryptojacking to occur. All it takes is for a website to load a piece of javascript through your web browser, and it will start the mining process. You will probably not even notice this initially. You can check if your CPU is spiking by opening the task manager in Windows (press ctl+shift+esc) and then click on the performance tab. If the CPU graph is showing a lot of activity then it is possibly a cryptojacking script. You can easily test web browser by going to https://cryptojackingtest.com. The site will attempt to load a cryptomining script on your web browser and will determine if your browser is vulnerable to these scripts. If your web browser is vulnerable, you can load an adblocker extension (such as ghostery ghostery.com or privacy badger eff.org/privacybadger). Test again once this is loaded to be sure it is effective. The Opera browser has built in protection for cryptojacking, so is another option.

It is not all bad news though, cryptojacking may become a useful alternative to web advertising. Instead of a site displaying ads, it may request CPU access while you are visiting the site. If this can be done in a way that obtains the reader's consent then this could be an ethical alternative to web advertising. At the moment, we are in the early stages of using this technology so it would be wise to protect your web browser from these scripts.

Thursday 1 March 2018

Digital Self Defense

I watched a very interesting keynote speech recently by Pernille Tranberg and Steffan Heuer, authors of "Fake It!: Your Guide to Digital Self-Defense". They are journalists, so are familiar with information gathering techniques. The main thrust of their argument is that we are currently in an era where data about people is a commodity and companies are grabbing as much information about us as they can to build detailed profiles of our behaviours and preferences. They discussed how your digital identity needs to be managed in order for your privacy to be maintained. The presenters were referring to the digital persona we create online through platforms such as facebook, linkedin and other social media services.

These are publicly accessible trails of our lives, and while they may be useful tools for communicating with friends and family, the data that is able to be analysed can be very revealing. If you ever thought that you have nothing to hide, then take a look at the facebook information gathering tool stalkscan.com. This will show you everything that is publicly accessible in a person's facebook profile, from likes to posted photos, comments etc. It is in the interest of companies like facebook for individuals to have a casual attitude towards privacy, as this is the basis of the their business model. They commoditise your personal information so they can target advertising in a very specific way. Are we really prepared to give up so much information for these "free" services? We can compare attitudes towards the environment in the 1960s with today's attitude towards personal data access. It is somehow not part of our collective consciousness to be concerned about information privacy. Is this because people don't care or are simply not aware of how much information is being traded in these transactions? Would you be happy to hand over your mobile phone number when buying a groceries at a store? Most people would not like to give out this sort of information in real life but this is a common trade when using online services.

Not all is lost though as governments are realising the importance of this issue and the potential for abuse of our personal information. In Australia, the ACCC are running a digital platforms inquiry, which specifically looks at the issue of information gathering by these large corporations
(https://www.accc.gov.au/about-us/inquiries/digital-platforms-inquiry). In Europe, the EU General Data Protection Regulation (GDPR) will come into effect on 25 May 2018 (www.eugdpr.org). This is the result of four years debate in the EU parliament and will bring into law the following protections for personal information: privacy laws will apply to companies that process information in the EU even if they are based elsewhere, penalties of up to 4% annual global turnover breaches of privacy, improvements to consent for use of personal information. In addition the following rights are being implemented: Notification of data breaches, Right to Access your personal information, Right to be Forgotten (data erasure) and Privacy by Design, a principle where platforms will build privacy into their products.

Until such time as governments can catch up with the information grab that is currently underway in the digital world, there are ways that you can defend yourself. A very thorough and useful guide can be found at the electronic frontier foundation's website ssd.eff.org. You can also get some tips from Pernille Tranberg and Steffan Heuer's website www.digital-selfdefense.com. If you would like to see their keynote speech on digital self defense go to https://youtu.be/VVibUH9Wm6w

Thursday 1 February 2018

Real-time payments

The finance industry has been working on a platform to allow real time transfer of funds between bank accounts. Currently, payments can take a day or two to be received between different banks as they need to go through a clearing house to be processed. The New Payments Platform (NPP) has been developed by industry partners to enable real-time clearing of funds between banks. This has been under development since 2012, with the Reserve Bank aiming to achieve a real-time payment system by 2016. Last year the system was tested in a limited rollout to some financial services companies. One of the first companies to use utilise this platform is Bpay. They are rolling out a new payment service this year called Osko (https://www.bpay.com.au/osko). Individuals will be able to register their mobile number or email address with their bank which can be used as an identifier for payments to them. This will make it easier to know how to pay someone (no more bsb and bank account numbers required) and the payments can be made instantly at any time. There will be a 280 character limit for the payment description, which allows for more details to be included than is currently possible.

As the NPP becomes more widely available, companies will be able to use this for payroll and superannuation payments. This will enable payments to be received in near real time and allow documents to be included with the payments (such as payslips). Payments will no longer be restricted to  business hours, making it easier to achieve payment deadlines. This will depend on industry making the most of the NPP but this is likely to change how payments are made in Australia. Watch this space as things will be changing in 2018. For more details visit the New Payments Platform Australia website (https://www.nppa.com.au/)