Eideard

Looking for a last-minute baby sitter? Want to let your neighbors know about a break-in? Wondering whether anyone else received an unexpectedly high water bill?

A number of people are logging on to private neighborhood websites to ask questions like these, get advice and share information through an electronic version of the backyard fence.

A company called Nextdoor, which offers a free online platform that enables people to create social networks for their own neighborhoods has launched.

Today, more than 800 neighborhoods in 43 states plus the District of Columbia have set up local websites where they can communicate one-on-one, as well as with the people nearby. There are five Nextdoor websites here in New Mexico, including three for Santa Fe neighborhoods: Los Milagros, Sol y Lomas and Talaya Hill.

Each website includes a neighborhood map, member postings, a directory of residents (including brief profiles), links to resources and reports of interest, and photographs of community events…

Access to each Nextdoor website is password-protected, and only verified residents can become members, log on and post messages. No one else has access to the content, so that people can safely share information on neighborhood topics…

Neighbors log on to the site, using their own user ID and password, to read postings, but they can also elect to receive posts instantly via email…

There are currently no advertisements on the websites, but the revenue model calls for eventually working with local businesses to provide special offers to website members — Groupon meets Facebook — according to Nextdoor spokeswoman Whitney Swindells.

It all sounds useful, practical and positive.

Hermit that I am, I probably would remain mostly as unresponsive to dialogue in the neighborhood as I am at the blogs I contribute to. But, I can think of the few times that my curiosity while out and about – spotting someone I thought might be a gangster preparing to burglarize or vandalize someone – would be useful to everyone in the neighborhood. After I called the Sheriff.

When I was an IT admin, I had the pleasure of dealing often with people who would submit urgent service requests and then leave for the day, leaving their office empty and computer locked by the time I could get there to help. Fortunately, I was often able to fix their problem while they weren’t there. Why? Their password was somewhere on their desk in one of these easy-to-find locations.

Under the Keyboard. This is a pretty common one, and one of the first places to look if you need to find someone’s password (or one of the first places to avoid if you need to jot down an often-used but difficult to remember password.) The worst offenders leave them on a post-it on their keyboard tray, or under the spot where their keyboard lives. Others attach the post-it to the underside of the keyboard, thinking it’s better hidden there. In both cases, it’s a sure bet that anything under the keyboard will have a password on it…

Under the Mouse Pad. This is another common hiding place for people who don’t want to put their passwords under their keyboard. They’ll usually slide a couple of sheets of paper under the mousepad with their usernames and passwords on it and refer to them when they forget, or update them when their password expires…

Under the Desk. One of the most disturbingly common spots many officer workers hide their passwords is one of the easiest to find: right under their desk surface. Just sit down at their desk and put your hand directly under the desktop, and you’ll often find yet another post-it note attached there. Most people who do this operate under the assumption that no one’s ever under their desk to see or notice such a thing—except the IT admin or help desk tech they call when they’ve jostled the Ethernet cable loose from the back of their desktop…

I haven’t even posted half of the silly places people think are secure in the world of prairie-dog cubicles. If you’re guilty of any of these, go apologize in advance to your network administrator. You may have compromised everything that should be secure. And if your password is “1-2-3-4-5″ – quit your job and go back to flipping burgers for a living.

So where should you store your passwords? RTFA for a couple of suggestions.

Yes, there are parts of Kashmir that look just like my neck of the prairie
Daylife/AP Photo used by permission

A much-despised law that suspends basic rights and shields security forces from prosecution in the disputed province of Kashmir will be lifted in some areas in the next few days.

Omar Abdullah, the chief minister of the Indian-controlled portion of Kashmir, said in a speech to police officers that the situation in many areas of Kashmir had become peaceful enough to warrant removing the law, which is known as the Armed Forces Special Powers Act.

Human rights activists have long argued that the act, which gives government security forces wide latitude in areas where insurgents operate, has led to widespread abuses. The discovery of thousands of unidentified bodies in mass graves in the region this summer seemed to underscore the impunity the law allowed.

Security officers cannot be prosecuted for acts committed while on duty in areas covered by the act without permission from the Home Ministry, and such permission has almost never been granted, even in cases where rape and murder were alleged.

The law was put in place in the Indian-administered part of Kashmir in 1990, when the state was in the grip of insurgents — partly fueled by Pakistan — who sought to wrest it free of India…The insurgency petered out in the late 1990s, and the past few years have been largely free from armed struggle. But the act has remained in force and was a crucial catalyst for unarmed protests that have swelled in Kashmir almost every summer in recent years. Last year more than 100 people died in protests, most of them killed by security officers who fired into rock-throwing crowds.

But this summer was largely tranquil, and the state government has been slowly reducing the visibility of its security presence in the region, removing heavily armored bunkers and taking machine-gun-toting security officers off the streets.

Like many activists around the world who support the range of struggle from national liberation movements in earlier days, pro-democracy movements, nowadays – I sincerely hope the Indian government can make it past sectarian insurgencies to support full-blown democracy in a region long in the search for its own voice in governing.

This could be a start.

WiFi and USB have both become inexpensive and ubiquitous connectivity solutions, so the idea of exploiting them both at the same time a single device makes sense. IOGEAR’s latest take on the theme is its Wireless 4-Port USB Sharing Station, which allows up to four USB peripherals (external storage, camera, printer, etc.) to be shared over a WiFi network and in the process provides a recipe for an uncluttered desktop environment.

While some devices come WiFi-enabled out of the box (printers especially), most of them rely on cords. Resembling an ordinary WiFi router, the IOGEAR Wireless Sharing Station in fact requires a WiFi router to establish a WLAN within the station’s range. After plugging USB gadgets into its four ports, they become accessible to PCs, smartphones, tablets and other devices.

An office environment with shareable multi-function printers, or external hard drives, seems to be the most obvious application of IOGEAR’s device. Another likely application is a simple surveillance system, made up of a USB-powered video recording device accessible via WiFi when plugged into the station. Other USB devices that could be shared include speakers, flash memories, memory card readers, MP3 players, or even USB toys.

I can’t wait to play with one of these. This may replace the gaming switch I use as a wireless hub for my entertainment center.

A security researcher who is diabetic has identified flaws that could allow an attacker to remotely control insulin pumps and alter the readouts of blood-sugar monitors. As a result, diabetics could get too much or too little insulin, a hormone they need for proper metabolism.

Jay Radcliffe, a diabetic who experimented on his own equipment, shared his findings with The Associated Press before releasing them Thursday at the Black Hat computer security conference in Las Vegas.

“My initial reaction was that this was really cool from a technical perspective,” Radcliffe said. “The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive.”

Increasingly, medical devices such as pacemakers, operating room monitors and surgical instruments including deep-brain stimulators are being made with the ability to transmit vital health information from a patient’s body to doctors and other professionals. Some devices can be remotely controlled by medical professionals.

Although there’s no evidence that anyone has used Radcliffe’s techniques, his findings raise fears about the safety of medical devices as they’re brought into the Internet age. Serious attacks have already been demonstrated against pacemakers and defibrillators.

I hear their next competition will be to see who can use a wifi nursery monitor to electrocute an infant.

Photo by Glenn Harper

A resident of a facility for psychiatric patients got past security guards at the Willis Tower and made his way to the 102nd floor before he was tracked down and held for police.

The 42-year-old man was charged with misdemeanor criminal trespass and released on his own recognizance after he followed an employee through a turnstile and got into an elevator, said Police News Affairs Officer Laura Kubiak. The man has no prior arrest record, she said.

The incident happened about 4:35 p.m. on May 16.

A spokesman for the Willis Tower said in a statement released to the media that the man was spotted by security in a freight elevator and was in the building for 16 minutes. He went up to the 102nd floor and on his way down was arrested on the 32nd floor, the statement said…

“At Willis Tower, safety is our utmost priority,” the statement said. “We are aware that an individual entered the building on Monday, May 16. Through our security systems and procedures, we were able to track and detain this individual within 16 minutes.”

That he was under psychiatric care and still able to get past security either says something about the quality of that security – or maybe the fact that he doesn’t need a heckuva lot of care.

Good thing he wasn’t suicidal, eh?

Daylife/Reuters Pictures used by permission

At a press conference Sunday afternoon in Japan, Sony Corp.’s Executive Deputy President Kazuo Hirai outlined some of the steps the company will take to protect users’ data. Hirai was flanked by two other executives, Chief Information Officer Shinji Hasejima and Senior Vice President of Corporate Communications Shiro Kambe.

One is hiring a “chief information security officer” to help prepare future defenses against hacking attacks. The company will also set up a new data center in San Diego, with “more advanced security.” Hirai said the new center would have better detection systems in place, as well as enhanced data encryption…

Hirai was not specific about whether users might be compensated for any losses to their credit cards. About 10 million credit cards were registered, representing 77 million users. Sony said there is as yet no evidence of credit card fraud, though several news outlets reported that hacker groups were offering them for sale. Sony Network Entertainment, the U.S. subsidiary of Sony, is working with the Federal Bureau of Investigation to find out more and possibly prosecute the hackers.

The executives were not clear what vulnerability the hack exploited, whether it was a known problem or a newly discovered one. They would not discuss details…

Sony reiterated that the credit card information was encrypted, although the password and login data were not.

While Sony isn’t offering direct compensation to users – at least not yet – the company said it would offer a 30-day subscription to PlayStation Plus while Qriocity customers will get an extra 30 days of service for free…

Senator Richard Blumenthal of Connecticut wrote to Sony this week, asking why the company took several days to notify users that their data might have been stolen. He also called for Sony to provide PlayStation Network users with financial data security services.

Five more years till Blumenthal runs for president. And counting. [He can taste it.]

Sony lost $450 million last year – paid Stringer $4.5 million + stock options
Daylife/Reuters Pictures used by permission

Sony PlayStation gamers expressed shock and disappointment on Wednesday at a massive data hack in which their names, addresses and credit-card details might have been stolen from the PlayStation Network.

Shoppers at London video-games stores said they might leave the network, PSN, which allows them to play games with 77 million other members and buy games online, while some gamers writing in online forums called for a boycott of Sony products…

Sony warned earlier that unidentified hackers had stolen the personal details of its 77 million user accounts, in one of the biggest-ever Internet security break-ins.

The Japanese electronics giant advised users, almost 90 percent of whom are based in Europe and the United States, to change any common passwords they also used for other services.

It said children with accounts established by their parents might have had their data exposed.

“If you think the gamers are pissed over at playstation blog, wait until the Mums get wind of this,” wrote senior member barrybarryk on the PS3news.com online forum…

Sony pulled the plug on the network eight days ago but did not tell the public about the stolen data until Tuesday.

Phew! I don’t know of any industry guaranteed safe from attack. I have some experience with procedures that appear to work – when enforced with diligence and consistency. I’m not certain about any IT departments other than those I personally could vouch for, though.

Oh yeah – just discussing this with another geek in the family – remember all the crap that’s happened at Sony from the closing of research centers to failed security to snooping on users has happened on Stringer’s watch.

In the old days, anybody interested in seeing a Mets game during a trip to New York would have to call the team, or write away, or wait to get to the city and visit the box office. No more. Now, all it takes is to find an online ticket distributor. Sign in, click “Mets,” pick the date and pay.

But before taking the money, the Web site might first present the reader with two sets of wavy, distorted letters and ask for a transcription. These things are called Captchas, and only humans can read them. Captchas ensure that robots do not hack secure Web sites.

What Web readers do not know, however, is that they have also been enlisted in a project to transform an old book, magazine, newspaper or pamphlet into an accurate, searchable and easily sortable computer text file.

One of the wavy words quite likely came from a digitized image from an old, musty text, and while the original page has already been scanned into an online database, the scanning programs made a lot of mistakes. Mets fans and other Web site users are correcting them. Buy a ticket to the ballgame, help preserve history.

The set of software tools that accomplishes this feat is called reCaptcha and was developed by a team of researchers led by Luis von Ahn, a computer scientist at Carnegie Mellon University.

Its pilot project was to clean up the digitized archive of The New York Times. Today it has become the principal method used by Google to authenticate text in Google Books, its vast project to digitize and disseminate rare and out-of-print texts on the Internet.

RTFA. Seriously useful. I’ll never feel the same grumpiness over “captcha” requests, again.

Thanks, Mr. Fusion

In response to calls for increased security from enterprise clients, Apple has hired cybersecurity expert and author David Rice as its director of global security…

A “deeply respected name in IT security circles,” according to those who know him, Rice is reportedly being brought on to bolster Apple’s security and gain the trust of corporate CIOs.

Rice graduated from the U.S. Naval Academy in 1994 and received a master’s degree in Information Warfare and Systems Engineering from the Naval Postgraduate School. He previously worked as a Global Network Vulnerability analyst for the National Security Agency and as a Special Duty Cryptologic officer for the Navy…Rice is also the author of “Geekonomics,” a 2007 book which likens software security vulnerabilities to weakened bridges and other physical infrastructure.

Apple has ramped up its security efforts in recent years, in part to gain the trust of corporations and government agencies who have begun adopting the iPhone and iPad. As the iPhone maker has upgraded the security of iOS, it has found itself gaining ground on Research in Motion, the self-professed leader in “CIO friendliness…”

A recent partnership with Unisys is also meant to boost Apple’s security reputation. In an interview last October, a Unisys executive said the deal came about because his company had “put a lot of heavyweight engineering into securing the [iPhone], which, frankly, no one else has figured out yet.”

My experiences with government security types lead me to believe that Rice’s own top-level clearances are somewhat compromised by the fact that he went to work with geeks at Apple. That has nothing to do with the realities of security or politics. Just bureaucratic silliness.

BTW – if you’d like a look into his public brain, drop by his blog.