Another week, another web 2.0 security issue.
January 18, 2008
Not a week goes by without a web 2.0 breach/hack/infestation/buyout*
This week two issues have surfaced around the 2.0 ethos. The first is concerned with myspace.com, a ‘back door’ resides within the myspace architecture that allows access to private profiles – including those whom the law considers to be a minor. This is interesting as myspace, as recently as Monday, announced measures to protect minors in a joint press statement with with 49 attorney generals in the US. (link)
(*delete as appropriate)
The second, deals with code malicious mobile code propagating from legitimate sites around the Internet. dubbed the ‘random JS toolkit’ the code attacks in two stages. Stage one infects the website with an iFrame exploit, installing itself on the legitimate website, stage two in the normal infection stage of client machines via malicious code and installation of trojans/spyware/adware.
It’s interesting to note that the evolution of attack vectors, are they following the trends of mainstream IT. Could this maybe considered the first client/server malware…
Thanks
Paul
Whose data is it anyway?
January 2, 2008
How many of you have a Friends Reunited account? I have. Today I received a email from ITV.com asking me to take part in the beta personalisation service, which was interesting as I don’t recall actually visiting ITV.com let alone signing up for a beta. After digging around it seems that Friends Reunited was purchased by ITV.com back in December 2005. This does bring up an issue around my data which is held within Friends Reunited and the federation of that data to 3rd parties. It makes sense that when I signed up for Friends Reunited I ticked the “I agree” box for the T&C’s and didn’t actually read what it said (like most people) so my details can be shared with others. Which got me thinking….
How many web 2.o services depend upon access to the personal data within facebook, myspace, linkedin to exist – and what would happen if this “open access” was no longer open? Do these internet augury’s have the right to allow or deny access to information of which they are custodians rather than owners? Reading this Wired article on scraping (here) it seems that major information providers are taking a much more serious view on how people – and more importantly who – can get access to the data they hold.
Thanks
Paul
Spock dies, but others live….
November 15, 2007
It feels like day ten: update one
People are individuals, with different needs, different wants. Projects are similar, we are now at a stage where all the projects are at different levels or maturity. Each project will need different resources, some will need less.
Spock says his actions to James Kirk. The Vulcan entered a radiation-filled engineering section of the U.S.S. Enterprise, even though to do so meant certain death. It was the only way to bring the main engines back online in time to save the lives of his shipmates.
Fighting the effects of the deadly radiation Spock rasps, “It is logical. The needs of the many outweigh the needs of the few.”
Kirk finishes the statement for his friend, “Or the one.”
Think not?
Paul
The Power (and Peril) of Covergence
November 15, 2007
The sandpit is progressing rapidly into the most difficult phase – convergent thinking, leading to the development of well-formed project ideas. This stage of the process is always highly charged – participants are dealing with passionate ideas and ideals, while the sandpit process forces individuals and teams to pick and choose and to prioritise.
Building multidisciplinary project teams, in real time, while listening to and taking on Board feedback from Mentors and Funders is challenging. It’s good to see our participants responding well to this challenge, to to see real excitement within the emerging project teams. Things are beginning to look very positive - and we’re optimistic of a good outcome by Friday afternoon.
Pete Hedges, EPSRC
90 facts travellers must tell officials
November 15, 2007
Day 4 in the Big Brother House
The Daily Telegraph commented today amongst other papers how the Government is set to obtain 90 facts about any one who flies on International travel. The Daily Mail got the number down to 53 items, from the expected name, DOB and passport information to the not so expected credit card details and reg. number of vehicles. “The information will be stored for as long as the authorities believe it is useful, allowing them to build a complete picture of where a person has been over their lifetime, how they paid and the contact numbers of who they stayed with…”
The plans were unveiled as part of a £650 million contract was signed by ministers yesterday to introduce electronic checks on passengers.
The information will be stored for as long as the authorities believe it is useful, allowing them to build a complete picture of where a person has been over their lifetime, how they paid and the contact numbers of who they stayed with. Mr. T
Fortress Britain
November 15, 2007
Day Four: Update One
Today the UK government announced the winners of th UK e-borders scheme (link), with the introduction of numerous surveillance and tracking technologies, this was announced in parallel with the creation of a single “border police”. The interesting part of this initiative it the joining up of the islands of information from no fly watch-lists, biometric visas and passports.
Is this the start of the implementation of little sister scenario, or does it mean much safer flying?
Paul
Team Work!
November 15, 2007
Day Four
Today people are presenting and selling their ideas as part of the peer review process. They are starting to develop solutions to the problem statements they have worked up in groups over the last few days. Teams are shifting membership to enable the best skills and resources to be brought to bear to solve their chosen challenge. This has had the effect of teams starting to form their own individual identities. As they start to develop a dynamic life of their own, a Privacy and Consent model between themselves is starting to emerge. All activities now converge on work packages that they themselves are emotionally signing up to. It’s hotting up nicely! Mr T.
A sandpit view from a non expert
November 14, 2007
Day Three: Update Two
As a non expert it has been interesting seeing the discussions evolve during the past couple of days. I have never considered what my identity actually means in any depth before and doing so is something I would recommend to others. I have not yet got round to joining social networking sites and never considered the implications for my privacy. I would certainly not sign up so lightly now… How the research community actively engages and initiates broad discussions on this issue at all levels will be an on-going challenge for us all.As a representative from one of the funding bodies, it has been interesting seeing the ideas generated in real time rather than simply seeing the final proposals come through the door. There’s still a long way to go and I’m sure they’ll be a few twists and turns on the way…
Paul
Yoda
November 14, 2007
Just in case you were interested what Peter Hedges looked like. Also, here is an excellent link describing the issues around privacy and consent and data aggregation (link)
How many identities do you have?
November 14, 2007
Day Three
Discussion of such an emotive topic in this setting really brings home just how complex we are both as individuals and as a society. If I actually sat down to consider how fragmented my identity really is I might be there a while! Most people would tell you that being able to hold different ‘personas’ depending on the contextual setting is a valuable ability. and, of course, the type and depth of the the information you provide in one setting (e.g. when you apply for a credit card) is not the same in another (e.g. when you complete your tax return). Can you tell that the last couple of days have been very thought provoking????
It has been fascinating and I am looking foward to seeing the ideas that are now bubbling away start to grow. This is where it gets really interesting…
