Tuesday, April 30, 2013

Explosion in online consumer data collection poses major threat

Dr Terry Beed
A marketing expert at the University of Sydney Business School has warned of a mounting threat to privacy posed by a massive increase in consumer information being amassed in a way that does not comply with the code governing data collection by market and social researchers in Australia.

Honorary Associate Professor of Marketing, Dr Terry Beed, says that market research tools such as SurveyMonkey are now readily available to individuals or firms who may not use them correctly or ethically.

Dr Beed has recently completed a major review of the Market and Social Research Privacy Code administered by the Association of Market and Social Research Organisations (AMSRO) and co-regulated by the Australian Privacy Commissioner.

His warning coincides with Privacy Awareness Week (28 April to 4 May) - an effort by authorities across the Asia Pacific Region to boost consumer understanding of the mounting threat to privacy.

The University of Sydney Business School is partnering with the Office of the Australian Information Commissioner to promote Privacy Awareness Week ahead of changes to next year's changes to privacy laws.

"The ground is changing under our feet," Dr Beed said. "There has been an explosion in the amount of personal data being gathered in the digital environment and it has revolutionised the way we go about marketing goods and services."

"However, much of this data is being gathered by people with no background in market and social research," Dr Beed added. "It is important that they are sensitised about working with consumers' personal information in accordance with the privacy regulations."

Dr Beed says much of this information is being onsold to marketers often via data brokers without the knowledge or consent of consumers and in possible breach of the Privacy Codes, which are approved by the Australian Privacy Commissioner.

"Marketers are now using age, gender or product preferences to design highly targeted advertising," Dr Beed said. "While this may be annoying to some consumers it is relatively harmless. Of far greater concern is data that might be related to incomes, debt levels or health profiles which is gathered and onsold without any warning to the consumer."

"Alarmingly, data analysis tools are becoming more sophisticated and are enabling the reconstruction of individual consumer profiles from a diverse range of sources," he added

Despite the dangers, a recent survey found that very few Australians were fully aware of privacy protections in this country.

The survey, conducted by AMSRO which represents the established market research sector, found that 25 percent of Australians claimed to have no knowledge at all of how companies were required to protect their privacy.

Sunday, April 28, 2013

MYO Wearable-Computing Armbands with Bluetooth 4.0 Connectivity

"Wave goodbye to camera-based gesture control." That is the confident directive coming from a one-year-old Waterloo, Ontario, startup called Thalmic Labs.

The company is prepared to ship its next batch of wearable-computing armbands for device controls early next year.

The $149 armbands called MYO do not require cameras in order to track hand or arm movements. The armbands can wirelessly control and interact with computers and other digital consumer products by recognizing the electric impulses in users' muscles.

The MYO is worn around the forearm; its purpose is to control computers, phones, and other devices, sending the data via Bluetooth. Windows and Mac operating systems are supported and APIs will be available for iOS and Android.

Bluetooth 4.0 Low Energy (BLE) is used for the MYO to communicate with the paired devices. (Bluetooth version 4.0 is the most recent version of Bluetooth wireless technology.

It includes a low-energy feature promoted as good news for developers and manufacturers of Bluetooth devices and applications—enabling markets for devices that are low-cost and operate with low-power wireless connectivity.)

The MYO specs include on-board, rechargeable lithium-ion batteries and an ARM processor. Also part of the mix are the company's proprietary muscle-activity sensors and a six-axis inertial measurement unit.

A user's gestures and movements are actually detected in two ways: muscle activity and motion sensing. The Thalmic team says that when sensing the muscle movements of the user, the MYO can detect changes down to each individual finger.

Also, when tracking arm and hand positions, the MYO picks up subtle movements and rotations in all directions.

Right now, as indicated in their newly released video of the company, Thalmic Labs hopes for greater things for MYO via a developer community. They expect an official developer program to be up and running in the next few months.

They pride themselves in groundbreaking technology, as a team with specialties from electrical engineering to embedded system design. Nonetheless, they are looking to developers for innovative ideas in applications.

Wednesday, April 24, 2013

Twitter Saved Us From a Scam: Dutch Bank ING DIRECT’s Social Media Strategy

While social media can certainly be risky if you don’t take proper precautions, it can also be your number one ally in times of crises.

One such company is ING DIRECT. The banking brand recently averted a potential PR crisis by harnessing the full potential of social media. How?

On the afternoon of April 2, 2013, the company’s social media team received a Tweet from a Twitter user alerting them that somebody was sending out text messages in a phishing scam targeting ING customers.

“ING Bank member alert!” the fake text shouted urgently, guiding recipients to call a provided phone number to “remove restrictions” placed on their credit cards—by disclosing highly confidential banking and personal information.

ING’s social media team and other departments worked together quickly. Internally, the news travelled through the company at lightening speed.

The first public service announcement to warn clients was sent out from ING DIRECT’s social service Twitter account a few minutes after the initial alert, and within the hour a similar mass tweet was sent to all of its major social media channels.

“If we didn’t have social media, we would not have been able to respond with the speed that we did or alert as broad of an audience as quickly as we did,” explains Jaime Stein, ING DIRECT’s Senior Manager, Social Media.

From this crisis Jaime was able to come out with two key takeaways for any business effectively using social media to deal with a crisis situation:

1. Monitor your social media diligently—a single Tweet can mean everything in crisis management. In this case, ING DIRECT was only able to act as quickly as they did because they were paying attention to what people were saying to them on their social media channels.

“We always have somebody actively monitoring conversations, not only directly to us but other conversations in the ecosystem,” says Jaime. “One major advantage we had in this recent crisis situation was this.”

How can you best monitor all of your social media channels at once so you and your team don’t miss a beat? Set up social media streams using HootSuite.

For companies, the key to this is also organization-wide accessibility to key data—so consider setting up a social media Command Center.

Command Centers help organizations manage crisis situations by enabling them to:
  • Monitor brand mentions, sentiment and influencers from one place.
  • Coordinate social team response across departments.
  • Capture and archive conversations for offline responses.

2. Make sure there is a strong social media team in your organization. Educate them to to communicate quickly (both internally and publicly) in crisis situations. It’s all about speed during potential PR disasters.

Luckily, social media allows you and your team to move faster than ever before to respond to clients and associates.

“With the phishing scam, we had the ability to put out an important announcement to all of our Twitter accounts without sending emails, or phoning each other across the organization to say ‘By the way this is happening,’” explains Jaime.

“This is because we have such an engaged team of people across the country in social media. That really helped. We currently have 40 to 50 people plugged into HootSuite and they’re constantly engaged and active on social media.”

Educate your organization’s social media team and prepare them for emergencies. When life gives you lemons, make lemonade.

That’s what the social media team at ING DIRECT believes. According to Jaime, as risky as social media can be in businesses, it can be just as beneficial: “How you handle bad situations will be what matters most,” he asserts. And this principle trickles from the top down at ING DIRECT.

“From 5 years ago to today, there’s a clear acknowledgement among leaders that this is something that’s really important and that they need to invest time and money in,” the company’s CEO Peter Aceto told us recently.

Monday, April 22, 2013

David Foster Wallace on Ambition - Video

Like Neil Gaiman, who famously admonished, "Perfection is like chasing the horizon. Keep moving," Wallace cautions against the lose-lose mindset of perfectionism:

"You know, the whole thing about perfectionism. The perfectionism is very dangerous, because of course if your fidelity to perfectionism is too high, you never do anything. Because doing anything results in failure. It’s actually kind of tragic because it means you sacrifice how gorgeous and perfect it is in your head for what it really is."

Wallace also sees learning and teaching as intertwined:

"I was a very difficult person to teach when I was a student and I thought I was smarter than my teachers and they told me a lot of things that I thought were retrograde or outdated or B.S. And I’ve learned more teaching in the last three years than I ever learned as a student."

Sunday, April 21, 2013

Router compromise, rogue remote control? Easy - ISE

Router hacking is joining the ranks of computer security headaches, where the wireless router becomes the key target for those seeking to trespass into someone else's network.

The remote attacker can take full control of the router's settings or just bypass authentication and takes control. The attacker is free to modify traffic as it enters and leaves the network.

Wrote Michael Mimoso in Threatpost, from Kasperksy Lab, "Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it's everywhere, embedded on endpoints, Web browsers, mobile devices and more.

The same goes for attacking wireless routers; they're buggy and they're everywhere." Earlier this week, that turned out to be more than a quip as, beyond Kasperksy Lab, other researchers exposed critical security vulnerabilities in small office and home office (SOHO) routers and wireless access points.

The research was from Baltimore, Maryland-based Independent Security Evaluators. Their key findings: All of the 13 routers they looked at can be taken over from the local network (four never requiring an active management session) and 11 of the 13 can be taken over from the WAN (two never requiring an active management session).

Actually, there is a another important takeaway from their research: The wireless router hacking vulnerabilities they examined do not take a pile of expertise.

"Our research indicates that a moderately skilled adversary with LAN or WLAN access can exploit all thirteen routers," they said. But while attackers may not need esoteric skills to break into routers, the ISE experts said the average end user can do little to fully mitigate such attacks."

"Successful mitigation often requires a level of sophistication and skill beyond that of the average user (and beyond that of the most likely victims)."

ISE's team said the vendors of these networking devices should be in the front of the line for mitigation actions.

Actions they can take include preparing firmware upgrades that address the issues, instructing their registered users how to upgrade device firmware; be timely in the issue and customer notification of patches; and design a method for automatic firmware updates with the opportunity for users to opt out; and perform regular security audits to ensure devices are as hardened as possible.

ISE has also announced its future plans toward focusing on SOHO routers. All signs are that they will stay on the case.

"Six months after releasing the advisories for the 13 routers, ISE will upgrade the firmware on all 13 routers and perform a reassessment to determine what—if any—impact deeper scrutiny from the security community has brought to the SOHO router industry."

According to ISE, its next study may include more than the 13 routers seen so far. This research was conducted by Jacob Holcomb and directed by Stephen Bono and Sam Small. Jacob Thompson, Kedy Liu, Jad Khalil, and Vincent Faires also contributed.

More information: securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp

Wednesday, April 17, 2013

Security holes in Android Smartphone apps - Videos

Zhendong Su and his students at the UC Davis computer science department have found serious security flaws in popular apps for Android smartphones.

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to researchers at the University of California, Davis.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace.

The researchers focused initially on the Android platform, which has about a half-billion users worldwide.

Android is quite different from Apple's iOS platform, but there may well be similar problems with iPhone apps, Xu said. The victim would first have to download a piece of malicious code onto their phone.

This could be disguised as or hidden in a useful app, or attached to a "phishing" e-mail or Web link. The malicious code would then invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

"It's a developer error," Xu said. "This code was intended to be private but they left it public."

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.

Sunday, April 7, 2013

Networking for Introverts

If the prospect of networking fills you with dread or you think it's something only extroverted people do, think again.

You don't need to have a gregarious or outgoing personality to build a network of professional contacts - in fact, your approach may be better received than the brash personality types out there.

Natural listeners
There is a misconception that only extroverts can network. Introverts in fact have some advantages: they are natural listeners and they tend to reflect before they speak. They are also sometimes better at building long-term relationships.

Regarding yourself as an introvert should not be used as an excuse for doing nothing.

Connecting with people in your search is a skill that needs practising, and the less it comes naturally, the easier you should make the first steps.

Begin with "Level 1 - Conversations" the gentlest form of networking, and one which anyone can do.

Start by talking to people you already know and trust, but talk to them in a way you've never done before.

This approach helps avoid mistakes that will feel like setbacks. Like the cold rebuff you get when you start a phone call saying "you don't know me, but...." or approaching high-level contacts too early in the process when you're still feeling bruised and you don't know what you're looking for.

Don't give people the opportunity to say "not now" or a plain "no" when you're aware how much these will set you back.

Easy targets
Nervous networkers should target the easiest people to begin with not the 'main target.'

When you pick up the phone you know that you can just begin a conversation, and you don't need to prepare a script of what you will say.

Be honest about what you're asking for - make it clear that you are setting up brief conversations with a range of people to find out what is going on in the world or in a particularly favourite sector.

Just think carefully about what to ask for and steer clear of asking for favours!

Ask people for things they are happy to talk about, but a good conversation about the world the person knows well is always welcome and don't forget to thank people properly.

Start by talking only to people you know, ask about their job or their hobbies, the universe, then ask them if they can introduce you to someone else; a proper, warm introduction, not just a name.

The big event
Once you've had a few "safe" conversations with the contacts you already know, you may wish to consider attending a more formal networking event.

Of course it can be intimidating going into a room full of strangers and feeling pressured to make contacts, but the fear of networking is often much worse than the reality.

You are all there for the same reason and you are all feeling the fear!

If you are at an event, ask one of the organisers to introduce you to others. any organiser worth their salt will be happy to facilitate this.

Do make sure that you introduce yourself clearly, so that people know your name and what you do, as this often reveals areas of common ground for conversation.

As long as you show an interest in other people and a willingness to listen, generally people will only be too happy to talk to you.

Networking from home
If you can't face wearing a name badge and making small talk, don't despair. Online forums and networking sites like LinkedIn allow you to make contact with people in your sector - without even having to leave home.

To get started, search for ex-colleagues and look for groups set up within your industry. Remember, as with most things in life, the more you put in, the more you'll get out - so be sure to post messages and join the conversation rather than just observing.

Do not rant, do not pontificate, and do not over-criticise others. Let the tolerant, thoughtful and collaborative you come through in your conversations.

Having a few open conversations online should make it easier when you take the plunge and meet up at a real life event. You'll be networking like a pro before you know it.

Tuesday, April 2, 2013

The Cupertino Effect

The Cupertino effect describes what happens when a computer automatically "corrects" your spelling into something wrong or incomprehensible.

The name originates from an early spellchecking program's habit of automatically "correcting" the word "co-operation" into "Cupertino", the name of the California city in which Apple has its headquarters.

One of my favourite Cupertinos was my first computer's habit of changing the name "Freud" into "fraud" - or, more recently, of one phone's fondness for converting "soonish" into "Zionism".

As Cupertinos suggest, onscreen language is both a collaboration and a kind of combat between user and medium and if self-expression can sometimes reduced to little more than clicking on "like", there's every bit as much pressure exerted in the opposite direction.

The bewildering stream of new words to describe technology and its uses makes many people angry, but there's much to celebrate.

Someone, somewhere has probably already coined you a term - from approximeetings with friends (arranging a rough time or place to meet, then sorting out details on the fly via mobile phone) to indulging in political slacktivism (infective activism carried out by clicking online petitions).

Read more on Neologisms here