Who's fixing the security hole?

Every day, if you're listening hard enough, you'll hear about security holes in the software you use - on your computer, on your phone, in your car. We've gotten used to it, so we don't pay much attention. That's because we assume that something has been done about, or is being done about it. But is that right?

The other day a friend of mine received a message on Facebook. The message said that an interest group he had joined on the social networking site had been hijacked. The message explained that there was a security hole.

If all the administrators of a Facebook group had quit, then anyone - whether they were a member of a group or not - could step in and take over.

They could then do whatever they liked: change the name of the group, send messages to all group members, pretty much run riot. Which is what had happened here.

Actually, this guy had taken over nearly 300 groups, changed their names to Control Your Info, and sent all their members a warning message. The warning made clear that he could have done something far worse, but he didn't. All they wanted to do, they said, was highlight how easy it was.

Facebook was less than impressed. They told me that no confidential information had been at risk and said this kind of hijacking thing was rare. Which may be true, but that probably was small comfort to the members of nearly 300 groups.

Now this all may seem bit obscure. And it is. But there's a bigger issue involved.

The person or persons involved in this attack claimed they were doing a public service to raise awareness of how vulnerable our information is on social networks. They also say that if they'd just written a blog post about it, nobody would have listened.

What they didn't make clear is whether they'd tried to tell Facebook about it first. There's an etiquette among computer nerds that if a security hole like this is found they let the person responsible for the product or service fix it before they go public.

The problem is that often these nerds find their noble efforts are not recognized by the company involved. At best they get a grunt of acknowledgement; at worst they're ignored.

An example: one of my friends recently pointed out that a premier vendor of data protection services and software had left a gaping big hole in its online store.

He was right. Set up an account and make as if you're going to buy stuff, change a character in the resulting web address, and you can see all the details of other recent customers: their name, address, type of credit card, even, in some cases, a partial credit card number.

Enough to call the customer up, impersonate someone from the company, and ask for the missing data.

Not very reassuring. But even less reassuring was the company's response: it took them nearly a month to fix the hole. Only then did my friend publicly reveal the flaw.

Obviously something is broken here. I don't condone the actions of the Facebook hackers. Their actions have not so much raised awareness about the need to be careful with information so much as freaked people out about something they could do very little to fix.

The problem here is not us users, it's them. The companies selling us stuff. There are bound to be holes. They not only need to fix them, but fix them quickly. And provide an incentive for folk who find them to report them without making a big noise about it.

Klik disini untuk melanjutkan »»

A connected home: More than just cables

ASmall as it is, there are seven telephone sets in my house, including a cordless one that seems to disappear into a vortex all the time.

Radio Shack intercom is also installed, connecting our bedroom and my study. All of them work. The few places that do not have a telephone set are the kitchen and the bathrooms.

My low-cost AKAI stereo amplifier is also connected to two pairs of large speakers. One pair is inside my study, which has become the command center. Another pair lives in the living room. There is a LinkSys router with wireless access point just outside my study. My daughter’s PC is connected via a long UTP cable to the router, which in turn is connected to CBN DirectNet Wireless modem.

There are three TV sets in the house, although only one is connected to a First Media decoder. You know, the cable TV provider wants us to pay extra for each additional decoder, and I have refused to spend more for a decoder that I would hardly use. Now, is my house connected?

Hardly, as a connected home has to do more with content rather than cables. Do I have the ability to remotely pick up the content stored in the hard disk of my media center at home with my mobile device? Maybe. But, can I push the content I am creating to the computer in my study in a safe manner? That would be harder to do. What about if you are abroad and want to send the video you made with your smart phone into the TV in your living room? You will most likely need to wait until you are back and have the opportunity to burn the video onto a blank DVD and then play it on the DVD player hooked to that TV.

A connected home, which combines telecommunication and consumer electronics, hinges on a broadband pipe. A few years ago, we talked about Triple Play, which consisted of two bandwidth-demanding services in the home — Internet access and TV — and the telephone. When wireless was added, we had quadruple play.

The aim is to make life more enjoyable (for those who can afford it, of course). The backbone is a home network, and it can be both wired and wireless, and it may also include control systems to manage IP appliances such as the air conditioners and the water heater.

How serious is the concept of the connected home experience today? Well, here is a new abbreviation that you will encounter more frequently: Digital Living Network Alliance, or DLNA. It is based on the so-called Universal Plug and Play (UPnP), which is the standard that home appliances and devices will likely to follow in the future in order to give us the connected home experience. So, the objective of the DLNA can be summed up as full compatibility among consumer equipments. It will enable us to pull or push content remotely to our devices, too.

DLNA claims that currently 240 companies have joined it, including makers of consumer electronics, computers and mobile device. “DLNA also includes many component and software developers”, they write on their homepage.

What the organization does is give certification, of course. So, if you buy a high-end home appliance today, keep an eye out for the DLNA logo. Incidentally, in the near future I will be reviewing a gargantuan LED TV from Samsung, which is already DLNA certified.

In making the connected home a reality, a piece of software is needed. Ericsson, the Swedish telecom giant that we usually recognize for their infrastructure technology, has developed what it calls a “Connected Home Gateway”. Ericsson Multimedia Business launched it during the Mobile World Congress in Barcelona last February.

The Connected Home Gateway provides security for the connectivity between home and telecommunication networks. According to an Ericsson press release, it also provides a single point of entry for IPTV and communication services. It is also DLNA compliant. In fact, another Ericsson press release I received last month announced that their Connected Home Gateway software had received the 2009 TelcoTV Vision Awards.

In simple language, the DLNA is another industry buzzword that you will see more and more. You need to ensure the compliance of the products you are buying — if you’re thinking about building a connected home.

Klik disini untuk melanjutkan »»