Password recovery methods, available on almost any website that you can make an account on, are more than likely to be tethered to a user’s email address. If a person has sincerely forgotten the passphrase to their account, they would typically use such a feature to regain access. Today, the average internet user might have fifty or more online accounts connected to their digital identity. Is it really all that safe to trust your entire digital key ring to an email account?
You can install every shade of anti-malware and anti-keylogger software under the sun; you can make use of multi-factor authentication or one-time passwords, and you can even have 30+ character passwords. But the truth is, all of these are merely obstacles in the way of hackers and can certainly be outmaneuvered. Malicious software, if crafted carefully, can avoid detection by many anti-malware solutions. Multi-factor authentication methods are prone to Man-in-the-middle attacks, and automated password cracking can now be done with a desktop PC, using wordlists readily available across the web.
According to How Secure Is My Password?, it would take a desktop PC approximately eleven minutes to crack an 8-digit passcode that AOL.com considers “strong”. Eleven short minutes, and anyone can gain access to all of your accounts, which in turn, could give them unlimited access to your financial information, sensitive documents, family photos, emails and chats, and even your current GPS location.
The responsibility to secure your digital keyring lies not only you, but also the websites that you use. To this day, there are websites that set a limit on the amount of characters you can use in a passphrase (usually to something under 20 characters), and some don’t even advise against using dictionary words or personal information in login details. Educating users about proper security practices should be a top priority for all online services.
It is well understood that the human element is the weakest component of a security system. People can be easily manipulated into divulging information that could compromise even the most complex security systems, in a practice called social engineering. Also called human hacking, this practice can be used for good, such as in the work of “white-hat” penetration testers and security auditors, but of course, also in the work of “black-hat” individuals.
Customer-support induced password recovery is a simple technique used by a teenage hacker known as Cosmos, that granted him access to countless web accounts. This method involves posing as someone else to a web service’s support team in order to convince them to grant access to a person’s account. Often, in attempts to verify that the caller is who he or she claims to be, the representative may ask for vague, personally identifiable information that is often found on a user’s social media profile(s) or with a simple background check. Of course, there is always the $5 Wrench Trick.
As you can see, there are many exploits, of both the human and technical variety, that can be used to gain unauthorized access to online accounts. Of course, they can be applied to any email account, the digital key ring that could unlock numerous online accounts belonging to a single user. Email’s intended use is communication, not online account management. Be smart, and don’t let anyone get a hold of your key ring.
I put together a tiny Javascript bookmarklet that displays a stern looking Chris Hansen, former host of MSNBC’s To Catch A Predator, on the left side of your browser screen. So the next time you find yourself viewing questionable content online, simply click it and “have a seat over there”.
Google announced in a blog post Wednesday that its Atom and RSS feed aggregator Google Reader will be retired on July 1st, 2013, citing a declining user base as the primary reason for its shutdown. It is unknown whether or not the service’s scheduled demise is related to Google’s struggle to integrate Reader with its social network, Google+. Perhaps the search giant will shift its focus from news feed aggregation to its social news magazine project, Google Currents.
All hope is not lost, as web syndication is not deterred with end of Google Reader. The RSS (Really Simple Syndication) protocol is not dependent on Reader, allowing web feeds to function normally. What is damaged, however, is a wide-range of applications and web services that make use of the Google Reader API. Google Reader clients such as Silvio Rizzi’s Reeder and social news app Flipboard will need to adapt, either by using an alternative web feed aggregator service or by implementing their own.
Google’s announcement isn’t all bad news though, as its withdrawal from the web syndication market will allow some breathing room for its former competitors, encouraging innovation. Digg, once a big player in the social news arena (which has since been dominated by reddit), made a timely announcement on its blog Thursday that it will be building its own news reader service, garnering support from many soon-to-be-unsupported Google Reader users.
I for one am excited by the thought that web syndication still has a fighting chance against the bite-size news snippets seen popularized on sites like Twitter.
I signed up for the Facebook Graph Search waiting list about one week ago. Just today I got to try out the new feature. The first thing I did was enter in the query, “photos that I’ve liked” and pressed enter. Boy, was that an eye-opener. Years and years of Facebook likes, credited to my own name and identity on the photos updates of my friends and family, suddenly appeared before my eyes in a seemingly endless stream of content.
The archival abilities of Facebook are truly amazing. And frightening at the same time. A three year old photo of you and your friends on a night out in town, that was lost and completely forgotten, could be found in a blink of an eye – and by anyone on your friends list. With poor privacy settings, that photo could be found by anyone. The ease of accessing such data with Graph Search is both a blessing and a curse. Surely, one could use the feature for completely legitimate, non-creepy reasons such as finding a pal to go on a road trip with, but there is no doubt that it will be used for unsavory purposes such as data-mining, social engineering, or just plain-out stalking.
There has been some chatter about privacy concerns the new Graph Search feature brings to the table. The truth is that privacy is almost non-existant on the social web now. Unless one makes an effort to scrub personal details from the web (or to simply not share them), publicity and transparency should be expected. The Graph Search feature is only organizing and archiving information on peers and strangers, and thus making it more accesible. If you take issue with the new social search feature, Facebook may not be the best option for you. Privacy and the social web aren’t very friendly with each other.
Wordpress, the popular open-source blogging platform, announced Thursday that it plans to accept the cryptographic currency Bitcoin as a method of payment for service upgrades. According to its Alexa.com ranking, Wordpress.com is the 22nd most visited website in the world, meaning the acceptance is a huge endorsement for the virtual currency.
The announcement strikes as a huge win for the Bitcoin community, mainly because there have been many other organizations in the past who have declined to accept the currency. Wikipedia has previously backed the EFF’s stance" on the unacceptance of Bitcoin as a method of payment for donations, although many others are hoping they will reconsider.
In January 2007, when the iPhone was introduced to the world by Apple’s then CEO Steve Jobs, it was revealed who the tech industry’s Messiah was – the smartphone. Google was quick to follow with their open-source Android OS (originally developed by Android, Inc.), which was to be distributed for use with other Internet capable and GPS-enabled devices from electronic manufacturers like HTC and Motorola.
Microsoft was late to the smartphone party. An awkward 5 years late. The Windows Phone was introduced by the company in February 2012, creating a gap between themselves and the millions of consumers already using Apple or Android smart devices. Because so much time has passed, its a harder task to pry users away from their current platforms.
How should Microsoft attract new adopters of its smart products? By giving them a reason to make a switch. One method to simulate value is the “app exclusivity” approach, which involves Microsoft convincing developers to offer their software solely on the Windows 8 market. Windows was the first to integrate “social” in their mobile OS, unlike other options like iOS and Android whom’s focus lies on apps. Differentiating itself from its competitors is Microsoft’s ticket to winning this race. But if something drastic isn’t done soon, the flocks won’t migrate.
I’ve been exploring the use of data corruption, of both image and audio files, to create the distorted, pixelated artwork and music known as glitch art. Also called databending, the art form calls for the perversion of computer data using any of the following methods:
Reinterpretation—converting a file from one medium to another.
Sonification—the reinterpretation of non-audio data into audio data.
Forced errors—forcing an application or piece of hardware to fail in the hopes that it will behave unexpectedly or the data will corrupt.
Incorrect editing—editing a file using software/hardware intended for a different form of data.
My favorite form of databending is sonification, because the end result of the method is probably the most peculiar. Sonification produces crackly and whiney melodies that sound almost like grungy Chiptune music. You can check out an example here.
While my attempts did not yield the results I was hoping for, creating them was certainly an interesting process. I will continue to experiment with different methods of databending, but until then, you can see my creations below:
Steve, you always were, still are, and will continue to be an inspiration to me. Your innovations, inventions, and creations turned not only the industry, but the entire world on its head. Your spirit will continue to live on in the hands and fingertips of millions. Thank you, for being you.
The Fancy, a social photo sharing website similar to Svpply and Pinterest, just one-upped the two by offering its Fancy Box Subscription, a service that sends hand-picked goods featured on their website to your home for just $30 a month. The subscription-based delivery model is very much like The Dollar Shave Club, as well as Nas, Nick Cannon, and Blake Griffin’s 12Society.
This new offering from The Fancy seems only to be a natural progression for such a website, and is sure to bring in a boost to the revenue stream for the company.
Myspace teased a recent redesign of its service in a new video the company posted to Vimeo on Monday, which shows off the new look and a few basic features of the site. From the look of things, it seems to take design cues from Pinterest (note the signature board-like grid, albeit a horizontal scrolling one), and can be described simply as “the offspring between Google+ and Last.fm”.
Much like Digg, Myspace has been “reverted back to a startup” after a $35 million acquisition by Specific Media from News Corp.
Something that caught my eye was the Facebook integration weaved into the service. Users will be allowed to login to the site with their Facebook accounts, signaling Myspace isn’t looking for much competition with the blue giant. And that’s a very smart move for them. When you start a company from ground zero again, it’s always a good idea to start slow, and see where things take you.
I wish all the best to Myspace and can’t wait to see the finished product.
%7Bchrishansenify%3D%22%3Ca%20href%3D%27javascript:(function()%7Bdocument.getElementById(%5C%22glasses%5C%22).style.display%3D%5C%22none%5C%22%3Breturn%7D)()%3B%27%3E%3Cimg%20src%3D%27https://lh3.ggpht.com/-0xToZLlI3Eo/Tgx1Bj9m9sI/AAAAAAAAI78/AyEFs0OkJkw/s1600/chris_hansen.gif%27%20width%3D%27%25%27%20height%3D%27%25%27%3E%3C/a%3E%22%3Bvar%20div_popup%3Bdiv_popup%3Ddocument.createElement(%27div%27)%3Bdiv_popup.innerHTML%3Dchrishansenify%3Bdiv_popup.id%3D%22glasses%22%3Bdiv_popup.setAttribute(%22style%22,%22position:fixed%3Bz-index:1000%3Btop:-10px%3Bright:0px%3Bwidth:100%25%3Bheight:100%25%3B%22)%3Bdocument.getElementsByTagName(%22body%22)%5B0%5D.appendChild(div_popup)%3B%7D)()%3B){kind=link}