Archive for July 24, 2014

Here’s A List Of Sites That Do Canvas Fingerprinting…. All 5,619 Of Them

Posted in Commentary with tags on July 24, 2014 by itnerd

So, if you’re scared of Canvas Fingerprinting, and you’re not blocking it using AdBlock Plus, there’s another way to deal with this privacy menace. Simply avoid sites that use it. How do you do that? Here’s a list of 5,619 website have used the technology during May 1-5, 2014 created by a group of researchers that looked into this technology. Besides porn sites, 48 government sites have Canvas Fingerprinting code as there are .gov domains listed here. That’s very unsettling.

Also, if you’re the curious type check out the project website for background information about canvas fingerprinting and other advanced tracking mechanisms such as ever cookies and use of “cookie syncing” in conjunction with ever cookies. It will make you not want to surf the Internet.

Leave a comment »

Family Punted From Flight Because Of Critical Tweet…. WTF?

Posted in Commentary with tags on July 24, 2014 by itnerd

This caught my attention because of how stupid this sounds. A man and his family were yanked off a Southwest Airlines flight because of this according to The Globe And Mail:

Duff Watson said he was flying from Denver to Minneapolis on Sunday and tried to board in a spot for frequent flyer privileges he held and take his sons, ages 6 and 9, with him, even though they had a later spot to board the plane.

The agent told him that he would have to wait if wanted to board with his children. Watson replied that he had boarded early with them before and then sent out a tweet that read “RUDEST AGENT IN DENVER. KIMBERLY S. GATE C39. NOT HAPPY @SWA.”

Watson told TV broadcaster KARE in Minneapolis on Wednesday that after he boarded, an announcement came over the plane asking his family to exit the aircraft. Once at the gate, the agent said that unless the tweet was deleted, police would be called and the family would not be allowed back onboard.

This seems really over the top to me. While I’m sure Southwest was not thrilled that the Tweet was posted, it’s not threatening, racist, or offensive in my humble opinion. Thus pulling him off the flight and threatening to call the cops if the tweet wasn’t deleted seems to me like a form of censorship. Though Southwest doesn’t see it that way:

Southwest said in a statement a customer was briefly removed from the flight, and as an airline, it has no intention to stifle customer feedback on social media.

“Our decision was not based solely on a customer’s tweet,” it said, adding it offered the customer vouchers as a gesture of goodwill.

I may be wrong about this, but when a company offers something to a customer who’s had a bad experience, they’ve typically done something wrong or they want the issue to go away.

Now I have a personal Twitter account and I have Tweeted about good and bad experiences with airlines and gotten responses within a minute or two. One experience that comes to mind is that I needed to be on the ground in Charlotte NC to meet a customer and it was time sensitive. I had booked my flights to give me a two hour window from the time I landed to the time my meeting was scheduled to account for a delay of some sort. My connecting flight got cancelled due to a mechanical issue and that forced me to take another flight several hours later and I missed the meeting as a result. What irked me was the lack of communication about the delay. I got a $6 meal voucher upgraded to a $100 travel voucher after I tweeted about it. So airlines watch social media and use it to address customer issues among other things. That’s a good thing. What Southwest did wasn’t good. At least from an optics perspective as I think they would have been better off in engaging the customer in a discussion rather than taking the route they did.

Agree? Disagree? Please post a comment and share your thoughts.

 

Leave a comment »

Hey IT Nerd! Do You Believe Apple When It Comes To Those Backdoors?

Posted in Commentary with tags , on July 24, 2014 by itnerd

I’ve received this question in my inbox in the last day or so:

Dear IT Nerd. It sounds like Apple has really got themselves into quite a mess here with these undocumented function calls that have been discovered. But I haven’t noticed you offering an opinion as to whether this is much ado about nothing or there is actually an issue here. Could you do so now? 

Thank you. 

Thanks for the question.

My opinion is this. Apple has handled this badly. Assuming these are legitimate debugging tools, which is plausible as Apple has been known to not document everything that iOS or OS X is capable of, then their denial that these are “backdoors” are kind of a PR miss as nobody believes them. That’s because it all seems hastily thrown together to explain these “backdoors.” That leads to the impression that Apple has something to hide or is working with the NSA or some similar organization. Having said all that, it does seem extremely weird that Apple has a function that allows someone to completely bypass the device encryption. And they have a packet sniffer that is running on iOS devices that is not a developer tool. That really needs to be explained by Apple in a clear and transparent manner as possible. In this age of Edward Snowden, the failure by Apple to come completely clean on this make them look very, very bad. So, to sum it up, I’m not really buying what they’re saying. At least, not without more of an explanation from them.

Another thing to consider, I fully expect BlackBerry to have some sort of ad campaign that targets this fiasco. It will likely say something along the lines of “You can’t trust Apple when it comes to security. The only smartphone vendor that you can trust with security is BlackBerry.” Seeing as Apple is making a push for the enterprise, they need to make this go away to have any credibility in that space.

 

Leave a comment »

StubHub Hack Shows Why You Need To Take Passwords Seriously

Posted in Commentary with tags on July 24, 2014 by itnerd

You might have read yesterday that a criminal group “hacked” StubHub to illegally buy tickets to various events. That sounds scary and it is. But what is scary is how the criminals did it. They basically discovered that the accounts that they used to pull off this crime had passwords that were used elsewhere. So the victims used the same password for their StubHub and Facebook accounts for example. Here’s why that’s very bad:

The StubHub incident and arrest is seen by at least one security expert as yet another sign of the trouble with the current usage of passwords. Phil Dunkelberger, CEO of Nok Nok Labs, noted in an email to eWEEK that the fraudulent purchases made on StubHub using stolen usernames and passwords are just the latest example of one of the key problems in online security—password reuse.

“When someone reuses a password across multiple sites, it is only as strong as the weakest link,” Dunkelberger said. “By using the same password to access your local pizza delivery account as you use to access your bank account, or in this case your StubHub account, you can have serious implications for financial or other sensitive data.”

This basically reiterates what I said a couple of weeks ago. You have take your password usage seriously or you could be on the wrong end of one of these “hacks.” If you haven’t already, I would strongly suggest that you re-evaluate your use of passwords for your various online sites and make adjustments quickly. The people arrested in this “hack” won’t be the last ones to use this method to further their criminal aims. Thus you should not want to be caught up in that.

Leave a comment »