Wednesday, April 30, 2014

Texting and driving a major cause of fatal road accidents

A woman has died in a head-on collision on a US highway just seconds after she posted selfies and updated her status on Facebook. Use of social media while driving is said to be responsible for over 18% of the fatal crashes in the US resulting in over 3000 deaths.
Talking or Texting while driving has become a major source of driver distraction, and a leading cause of road accidents. The trend affects younger people with an urge to read or update their online status instantly.

With the popularity of mobile devices and connected cars, drivers should have the self-discipline to set their mobile to a “driving” mode, much like the “airplane” mode where the ring is silent and alerts do not sound. Parents should educate their kids to keep their cellphone off while driving. Companies can also prohibit their employees from using cellphones while driving as part of their safety policy.
In India the law bans the use of cellphones while driving including with the use of hands free wireless ear pieces, but it does not extend to texting. Texting is usually out of sight as the phone is in the lap of the offender making it difficult for the police to see.

Sunday, April 27, 2014

Parents and children disrespect teachers online

In a survey of 7500 members of the NASUWT teaching union in UK, it was found that both parents and children used Facebook and Twitter to post derogatory comments against teachers. Such posts targeted teachers with offensive language and comments about their race, sexuality and appearance. 26% of the teachers said that videos or photos of them had been uploaded online without their consent.
Most of the teachers preferred not to complain as they feared that no action would be taken against either the student or their parents. According to the teachers union, instances of abuse have already reached proportions where teachers require remedial actions as it has begun to affect their performance and traumatize them.
This survey amply demonstrates the increasing lack of cyber ethics in the online world. Disturbingly, the growing disrespect to core institutions shows that 27% of parents are neither counselling nor grooming their children to be responsible future netizens. Surprisingly, they exhibit antisocial behaviors rather than to prefer to act as good role models.

Saturday, April 26, 2014

Low emphasis on security dents Google’s revenue from the sales of apps!

Google pleasantly surprised customers who downloaded a fake antivirus app from Google Play with a refund and $5 credit to purchase items on Google Play.  Normally, the liability of fake or poor quality apps falls on the developer, as Google according to its terms of service is an agent. Google at best can withdraw the app and blacklist the developer.
This benevolent gesture has more to do with Apple raking in 10 billion dollars last year in app sales to a comparative 1.3 billion dollars by Google, despite the fact that there is a larger base of android smartphones and Google has a 75% share of all apps downloaded.  Apple’s focus on an app rich appstore with low incidents of malware and better margins for developers has reaped benefits with privacy and security wary customers preferring to use the safer platform.

Google has realized that its poor track record on malware has discouraged customers from spending money on their appstore.  With one million apps that have not been adequately security or privacy reviewed, a large effort is needed to sanitize the appstore.
The economics of security have begun to work, but not before claiming its share of unsuspecting victims who suffered hacked bank accounts, ransomware, frauds, loss of privacy and spyware.

Voyeurs can use Google Glass for Creepshots

If you were a woman who has gone to a gym, lazed on a beach, travelled on an escalator, visited a superstore or even attended class; you could have been the target of a “creepshot”. A creepshot is a picture typically of the breasts or butts of unsuspecting women taken by a voyeur using a smartphone in public places. Recently, there was the incident of a man taking upskirt pictures of women travelling on elevators. Such pictures are later posted on Internet sites with embarrassing taglines such as “hot blonde with tight ass at Target Pharmacy”.
On one of the sites that post “creepshots”, the founders describe themselves as “a couple regular family guys who love to hang out, have a good time”.   They describe a ‘CreepShot’ as a candid picture which captures the natural sexy, embarrassing or funny aspect of the subject matter/person without their knowledge”.  Their advice to voyeurs is to “Take a look at the world around you.  There are creep opportunities everywhere: during your commute, shopping, coffee shops, office, sporting events or just even walking down the street!  How about creeping your wife? “
Although voyeurs and websites that host them argue that these pictures were taken in public places, the context, instant and lack of consent when they were shot, violates personal privacy. For example, women working out in a gym do not expect to be photographed in an exercise pose that highlights a particular part of her anatomy.   
Existing laws need to be rewritten as they are not phrased well enough to deal with these immoral and reprehensible acts. The Massachusetts highest court ruled last week that a man who took cellphone photos up the skirts of women riding the Boston subway did not violate state law because the women were not nude or partially nude. The court ruled that existing Peeping Tom laws protected people from being photographed in dressing rooms and bathrooms when nude or partially nude, but did not protect clothed people in public area.
Recently Google announced an update to Google Glass which allowed users to snap photographs just by winking.  Detecting eye blinks is much more difficult than catching a person using his camera and creepshot possibilities are one among the several privacy concerns that the use of Google Glass raises.

Monday, April 21, 2014

Bored housewife killed due to Facebook deception

A bored housewife, mother of three, posing as a young unmarried girl on Facebook had a three year online relationship with a younger man. Recently they decided to meet in person at a public place, for the very first time. On discovering that he had been deceived, the young man killed the woman at the spot in a fit of rage, and then attempted suicide.

 There is no way to verify Facebook profiles or ascertain the intentions of the person they represent. A sixteen year old may actually be much older, married, of a different sex, in a different country and may have ill minded intentions. It is preferable not to trust random requests for friendship, and certainly not to the extent, where one starts sharing sexual chats, pictures or videos.


Saturday, April 19, 2014

Alert victim nabs thief using his cloned credit card

Credit card companies send an SMS alert with payment details after each transaction. Quick thinking by a victim who received one such alert for a payment of Indian Rupees 10,000 (200 US) which he had not made, resulted in the capture of a man who used a cloned card to pay for a bill at a popular restaurant. On the receipt of the SMS, the victim searched for the number of the restaurant from an online directory and alerted its manager to the recent fraudulent transaction. The vigilant manager rushed out and nabbed the customer minutes before he was set to board an autorickshaw (tuk tuk) outside the restaurant.

This incident is a motivating example of how a combination of quick thinking and a speedy response can save the day. SMS alerts have proved their usefulness in containing the scale and extent of ATM and credit card crime in India.

Once an alert on a transaction you have not made is received, immediately bar your card to prevent further monetary loss. Take heed, and act quickly.

Sunday, April 13, 2014

Cybercitizens, do you need to be concerned about Heartbleed?

17% of all Internet services and a larger percentage of networking products have had their security systems compromised by a bug in the implementation of encrypted channels; rendering it possible for  attackers to unearth user passwords or read encrypted communications (both current and stored).

From the published list of affected websites on The Heartbleed Hit List, it appears apparent that the bug impacts a wide range of services used commonly by cybercitizens.  Mail, social networks, home networks and financial sites were all exposed to potential malicious activity which ranged from spying to crime. As vulnerable software versions were in use for over two years, the exact impact of its malicious exploitation will never be known.

The obvious assessment is that it was found early by government agencies who kept its discovery a closely guarded secret, using it to decode encrypted channels set-up to ensure privacy and safety: - to read messages, find passwords and so on. Such flaws are typically detected using a type of test tool, commonly used by governments and specialized labs. It is therefore no surprise that the flaw was uncovered by Codenomicon, a security testing tool vendor. If this was true, then the most obvious targets would be political opponents, dissidents, journalists, and others in whom governments have vested interests in.

If cybercriminals were to discover the bug early they would have used it to steal the private keys of large internet service providers, effectively enabling them to fool cybercitizens into thinking that they were communicating with a legitimate service rather than a spoofed site. In such a scenario, cybercitizens may have willingly parted with their credentials and as a consequence incurred a monetary loss.                                                                                 

The bug also allowed attackers to randomly download a small portion of the computer memory, leaking user credentials. I personally think that such random attacks amounting to finding a needle in a haystack would not be profitable. Rather, it would have been very rewarding to sell such an exploit in the underground market to one or many governments.

The bug highlights the helplessness that cybercitizens face as they rely on firms to ensure the proper use of technology to keep the services they use secure. Cybercitizens are truly helpless victims.

Now, that the bug is known, cybercitizens should first check the services they use ensure that they are not currently vulnerable; following which it is important to change passwords.
Ideally, I would have liked to have seen service provider send emails to their users requesting them to reset their passwords.