Home Tags Kardashian

Tag: Kardashian

You call it ‘hacking.’ I call it ‘investigation’

Let's call the whole thing off Something for the Weekend, Sir? Here's a photo of what I had for lunch! Amazing!!! No it isn't amazing.
It's your lunch. You gotta see the new 4k TV I bought today! Thanks for giving me a fascinating, if cursive, inventory of your consumer durables. Took Jonesy out for his walk and he chased a rabbit. Nice to have your pet's name.

Could be useful. 28 today!!! Your date of birth is gratefully received too. May I also have your mother's maiden name? Hey john im setting off CUL8R Thanks. Now I know you're out with John, I can break into your flat and nick that TV. OMG just got back from the proctologist Well, that really puts the finger on the problem: nothing is secret any more.

As Bette Midler notoriously quipped, the only way we're going to see parts of Kim Kardashian that she hasn't already laid bare to the world is if she were to "swallow the camera." Various surveys and reports over the summer have highlighted the rise in identity theft and put the blame squarely on the idiot public's misuse of social media. With everyone sharing their most intimate details to all and sundry, no wonder computer systems are so hackable, we're told. Well, perhaps. On the other hand, this is a bit like a drugged-up speed racer mowing down a little old lady who steps into the road, and then blaming her for not using a pedestrian crossing. Youtube Video Or to put it in recognisably politically correct terms, it’s like telling a woman she deserved what she got, going out "dressed like that." Most IT security currently revolves around the sharing of little secrets. Unfortunately, rather like the secret life of Walter Mitty and James Bond's agent code number, these tend to be the worst-kept secrets you can possibly imagine. Let's have a look at these secrets, shall we? The date on which I was born. The place in which I was born. My mother's maiden name. My pet's name. My favourite food. My bank account details. My phone number. The total on my last bill. Gosh, those are going to present a devilish challenge to a hacker, I must say.

Even the slightly more esoteric secrets shouldn't be too hard to guess with a little social media trawling: The last film I cried at. My favourite holiday destination. My favourite subject / teacher / brand of cigarettes while at school. Basically, what IT security chiefs are saying is that if a hacker breaks into my account, it's probably because I told someone my date of birth. Much though I'd like to keep such things a total secret, it does make inviting friends to your birthday party very challenging.

As for my pet, IT chiefs would rather I give it a name comprised of upper- and lower-case letters, three numbers and at least one special character before I consider shouting it aloud in the park. I plan to sell the dog and replace it with a correct battery horse staple. Frankly, the business of blaming people for allowing their very existence to be public knowledge, essentially turning us all into what the newspapers thrillingly refer to as "a bit of a loner," seems an odd way of tackling security failings in the systems supposedly designed to protect us. Such is the laxity of the IT security that binds the modern world together: we are witnessing a return to the good old days of writing passwords on pieces of paper.

And – my favourite – proving to retailers that I am the entirely legitimate bearer of a contactless debit card by merit of holding it in my hand. Some 17 months ago, I suggested grasping the biometric nettle by issuing "arsewords" to allow access to the company washrooms. While biometrics are just another kind of shared secret, they are rather more difficult to guess at, and DNA chains are impossibly awkward to share by mistake on Twitter. Even so, as tech-in-the-wild grows equally more sophisticated than the security systems invented to fox serious hackers, it is possible, even likely, that we will become even easier to hack in a biometric future. While it takes some hard graft to go hunting round parish records and government registries, let alone filtering out the white noise of social media, all a future hacker needs is a single hair follicle, and they'll own my entire DNA print. Very slowly, the industry is beginning to consider the prospect of providing access permissions in ways that don't involve dull passwords, guessable secrets and physically holding an eminently nickable device such as a debit card or a smartphone. AI systems have been developed to help identify callers in telephone banking, supposedly right down to spotting whether the caller is acting shiftily. Given that "shifty" is my normal mode of behaviour, this could present a problem.

Except, of course, the AI should realise this and only raise warning flags if I begin to act uncharacteristically open and friendly, but only if it knows my usual demeanour – which is something that could be impersonated. I suggest most criminals will find it easier to do a little acting than to do a lot of IT security penetration.

This is just the same as calling up a celebrity's voicemail and pretending to be the dim celeb in question by typing the default 1234 PIN.
It's not really the celeb's fault for being dim so much as the telephone company thinking this amounts to a secure voicemail system. Let's rethink the concept of what counts as access credentials. Passwords and even two-factor authentication just don't seem to do it any more, because the passwords are guessable and the two-factor device (typically a smartphone) is itself easy to hack and even easier to steal. Until then, our back doors are permanently open to rogue hacker proctologists. People have lost the art of keeping a secret. ® Youtube Video Alistair Dabbs is a freelance technology tart, juggling IT journalism, editorial training and digital publishing. When he raised the issue with fintech experts of looming government plans to outlaw end-to-end encryption, they refused to express any opposition to them.
So don't expect much advancement in banking security any time soon. FBI Update: 14kg

Profiles in cryptographic courage

I recently finished reading "Hedy’s Folly" by the scholar Richard Rhodes.
In it he discusses the “most beautiful woman in the world,” 1930s and ‘40s superstar Hedy Lamarr. With her composer friend George Antheil, she invented frequency hopping. Frequency hopping (or spread spectrum) is a technology that underlies the communication transport and security of almost every wireless device we value today, including GPS, cellphones, Bluetooth, satellites, and home wireless networks. I’ve been telling the story of amateur inventor Lamarr in my security and crypto classes as long as I’ve been teaching.
It’s a great story of a nonscientist making a discovery that changes society forever.
Stories of amateurs solving the world’s hardest problems abound in the computer security and crypto world. Sometimes it’s hard to separate the myths (like the janitor who supposedly became a crypto supersleuth at the NSA) from the real stories, but there are plenty of “average” people who ended leaving a remarkable legacy. The Rosetta Stone One of my other favorite stories is about Jean-François Champollion, a French philosopher who ultimately solved the riddle of the Rosetta Stone and ultimately deciphered Egyptian hieroglyphics.

The Rosetta Stone is a stone tablet written in 196 BCE that contained three different languages of (nearly) the same text: ancient Egyptian hieroglyphics, ancient Greek, and Demotic script. The last two had been decoded, but no one could figure out the hieroglyphics.

Champollion, competing against the popular Egyptian historian Thomas Young, was able to figure out that the hieroglyphs were a combination of an alphabet and single characters that represent a word or phrase (called a logograph). Young repeatedly denigrated Champollion’s findings in public, even when presented with irrefutable proof otherwise.
It was many years later, after Champollion’s death, that other Egyptian experts realized Champollion was right.
I use this story to remind myself that even the popularly accepted experts can be wrong. Even today I see popular computer security experts who give bad advice on topics they don’t know much about.

They either feel they are experts or think their “gut feelings” are better than the evidence to the contrary.
I guess it’s hard to say, “I don’t know,” when someone begs you for advice or when the press asks you to be an “expert.” Public/private key crypto Public/private cryptography underlies almost every digital encryption and signature technology used across the internet.
In the 1970s, three men -- Whitfield Diffie, Martin Hellman, and Ralph Merkle -- together solved the centuries-old problem of how to securely transmit a private encryption key from one location to another, without both parties needing to know a secret at the outset. Diffie presented his idea for public/private key crypto to a group at IBM during a “lunch and learn” brown bag presentation.

Although a very smart MIT graduate, Diffie was not a trained cryptographer, so the IBMers discounted what he said and walked out. One of the people told him he sounded like another crazy guy called Martin Hellman (who had worked at IBM and taught at MIT). In point of fact, British cryptographer, Clifford Cocks officially “discovered” public/private key encryption in 1973, but his creation was top secret and not announced publicly until 1997.

Thus, Diffie, Hellman, and Merkle discovered it separately, and they're still given credit for the first public discovery and announcement. Diffie sought out Hellman and, after a little persuading, decided to try and crack the public/private key problem, while adding Merkle to do the math validity checks.

Diffie realized computers were not very efficient at calculating large prime numbers. Hence, the Diffie-Hellman public/private key cipher provides protection, because finding/factoring the original two large prime numbers used to create a third number is very difficult for even massive computers. Heroes of Bletchley Park A key figure in helping to decipher the World War II German Engima ciphers is Joan Clarke.

Although Clarke had a double-first degree in math from Cambridge University and been selected to work at Bletchley Park, she was assigned clerical duties and paid less than male code breakers. But her intelligence and attitude showed through, and she became a key code breaker and confidante of Alan Turing, who himself struggled after persecution for being gay.
I like this story -- it shows how our irrational discrimination only slows down technological progress. The mischievous raven Edgar Allen Poe was a mischievous amateur cryptographer.

Back at the turn of the 19th century, it was common for lovers and people having affairs to declare their love for each other -- and to schedule rendezvous in the newspaper using rudimentary cryptography (often simple character substitution). Poe would often decipher the lovers' messages, then write a humorous or admonishing reply.

Alternately, he would respond to one party or the other with a fake message using the same cipher. We should call this a “Poe in the middle” attack. There are hundreds of fascinating stories where ordinary people did extraordinary things and changed the world -- or at least added levity.
If you are interested in computer security or cryptography, I encourage you to buy and read a few crypto history books.

They’re much more fun to read than you might think. Who knows? Maybe a Kardashian will solve quantum crypto one day.

H4cked Off: Naivete, thy name is Tim Berners-Lee

Sir Tim Berners-Lee delivered a wonderful keynote at IP Expo today in which he laid down the idea that people should own their own data, and be able to plug it into any data set from any company to create "rich data", rather than simply having separate companies owning separate data sets. It's a noble ambition, and even makes a great deal of business sense if companies would then able to buy back that "rich data" from people. My only concerns with the idea, and what became an extended conversation around it, lie in what I'd describe as more than a little blue-sky thinking from Sir Berners-Lee. Namely, I just don't truly believe the majority of people even recognise a problem with large companies Hoovering up their personal data, and I certainly don't see public awareness rising any time soon. People generally don't see the danger of data sharing, and aren't exactly demonstrating in the streets to demand a change in the law. Sir Berners-Lee said: "If you give people an understanding of how their data is being used, they're much more open to allowing people to use it." But I don't believe you need to give people that reason. Most people just aren't really interested in safeguarding it. They should be, but they're not. And when not even the biggest shock in the history of data privacy could change their minds, how can we hope for more?  Just over a year ago it was revealed to the world, like the dreadful punchline of an epic espionage thriller, that most major world governments have been spying on us all along. That the US government - allegedly fed by other world governments - had been absorbing emails, telephone calls and more for well over a decade, ignoring legality to the extent that the NSA actually ended up in court. While the IT industry reeled, and conspiracy theorists everywhere said 'I told you so', the world at large didn't flinch. Nobody cared. Kim Kardashian and X-Factor remained the hot topics of conversation while Edward Snowden's name faded from memory in mere weeks.  Emergency powers In a press roundtable after his keynote today, Berners-Lee was asked for more detail on how he imagines a government system that is genuinely respectful towards its citizens' data rights may actually work. "Emergency powers? Yeah, there's always an emergency," he quipped. "We should make sure, emergency or not, that there's a system in place we all know about - where there's an agency who watches the watchers, and we need public conversations about that." Berners-Lee talked about how he's been helping GCHQ to start talking about such practice, which is great. But won't the answer to the question of ‘Who watches the watchers?" simply be yet-another government agency - implemented and overseen by the same governments that have ridden roughshod over these issues for a decade? He acknowledged that it's a "tricky" prospect, but nevertheless suggested that we "make the government design it, and put it into place". And, if we "need public conversations", why is nobody having any? Could it be because not enough people actually care?  Berners-Lee was also asked how organisations can be incentivised to better respect data privacy. Referring to his earlier words, Berners-Lee again suggested government regulation, but also said he believed that "where things are transparent enough, people will vote with their feet and go to a different website". Will they? I cannot for the life of me remember a time when the vast majority of users left, say, a social network because the next one was more respectful toward their data. In fact, kids left Myspace and Bebo in their droves to voluntarily chuck every tiny detail of their lives at Mark Zuckerberg's bank account simply because the more data they fed it, the better it could keep them connected with one another.  Berners-Lee suggested social networks called "Sgrouples" and "Ello" as alternatives to Facebook. I do not for a second think teenagers would pick either of these options for any reason except the appeal of popular social features, but that those would come in a different form than (to a 14-year old) some philosophical argument over the terrible dangers of typing your name and date of birth into a form, and ticking a box (without reading the small print).  And let's remember, the millennials are the future of both the consumer and enterprise worlds. I recently read an extremely interesting article which, brilliantly, compared the attitudes of the over- and under- 30s when using a new personal finance app. Apart from offering fast Bluetooth micro-payments among friends (quite problematic in itself, on a security level), the app also ‘socialises' those payments between defined social groups.  Should I really give a damn if my friend Sally buys my friend Fred a coffee? No. More importantly would I want Sally to know I was buying Fred a coffee? Of course not. It's literally needless information, and would make me quite uncomfortable.  But the article proves a neat and clean point. According to the piece nobody at all under 30 who tweeted comment on the app saw any problem with leaving an inherently pointless and "fun" trail of their personal accounts behind them, on public clouds and easily viewable by anyone, at any point now or in the future - acquaintances, stalkers, HMRC. They are so inherently comfortable with leaving a breadcrumb trail of data behind with their every action - online and in the real world - that they certainly don't have an issue broadcasting such an apparently trivial social interaction. Nobody cares, Tim Everybody would rather use iTunes immediately, and tick that "I consent" box, than wade through 40 pages of terms and conditions (in eight-point text). The personal privacy ship set sail a long time ago and, as much as I respect Berners-Lee for everything he has brought to the world of technology (for no charge), I can't see any actual solutions even hinted at by him today. Not that I believe it's Berners-Lee's job, in particular, to sort all this out. Inventing the Worldwide Web and donating it to us all to use for free is quite enough for one lifetime - he doesn't owe it to us to help us control everything it has brought with it as well. At the same time, though, the work he's doing at the Open Data Institute is valuable - but you can't protect people from themselves. At one point, Berners-Lee stated that he doesn't like to comment on what "will happen", but what "should happen". I just can't help but feel I'd rather hear realistic ideas towards the former eventuality, backdropped against the incredible layer of apathy the average person displays towards the safeguarding of their personal data. But data, in many ways, is ephemeral. In most cases, we are compelled to provide it simply to interact with the world. You can't keep a person's name and contact details as theirs and theirs alone, for example, unless you wire their nervous system up to a 20,000-volt battery that punishes them every time they start to type their date of birth into to the latest social app. Not only do I doubt that's what Tim Berners-Lee wants, I also know plenty of otherwise sane and reasonable adults who would happily suffer a moderate-to-severe electric shock just to be allowed to keep using Facebook. 

Nude celebrity pictures posted online after alleged iCloud hack

Hundreds of revealing photographs of female celebrities have been leaked online, reportedly after Apple’s iCloud service was hacked. Jennifer Lawrence, Kirsten Dunst and Ariana Grande are said to be among the celebrities shown in the photographs posted on web forum 4chan. Anonymous 4chan users claim the images had been taken from the celebrities’ iCloud accounts, according to The Verge. Apple’s iCloud service is designed to enable iPhone, iPad and Mac users to synchronise images, settings, calendar information and other data between devices. But concerns over iCloud security have led many enterprises to implement mobile device management systems that enable administrators to enforce policies which control what data is passed on to iCloud. More than 100 A-list celebrities are thought to have been targeted, including reality TV star Kim Kardashian, singer Rihanna and models Candice Swanepoel, Cara Delevingne and Kelly Brook. It is unclear when the iCloud service was compromised as one celebrity whose photos were stolen, Mary Elizabeth Winstead, said the images concerned had been deleted years ago. This either means the hacker has been collecting the images for some years, or the images are still available in iCloud to those who know where to find them. While Winstead and Lawrence have confirmed the pictures of them are real, Ariana Grande and Victoria Justice have said the images are fake. A spokesperson for Jennifer Lawrence warned that anyone posting the stolen pictures will be prosecuted. In 2012, a man was sentenced to 10 years in prison for hacking the private email accounts of celebrities including Mila Kunis and Scarlett Johansson. Apple has so far not responded to media requests for comment on the alleged compromise of its iCloud service. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

Creepy Google Glass pics without anyone knowing? Yes, you can

The inventor of the Google Glass Sunshade says his motivation was to make it easier to see the Glass graphics when in sunshine. Coincidentally, it also covers up the light that tells others the glasses are in use. So clever. (Credit: Chris Barrett/PRse...