Tag: securitynow

Cloud storage advice

We were discussing cloud based solutions in the office today, now that Dropbox offers double the storage for Pro users. I now have 130.25gigs of storage (up from 78gig) to sync and play with believe it or not, thanks to everyone who used my referral codes (mildlydiverting, seansines and djadams) plus HTC for the extra. We got into the topic of what I use myself?

I use Dropbox for general stuff and syncing across all my different devices including Ubuntu and Android tablets and phones. However I use Spideroak for actual machine backups…

Why?

Well I like what Spideroak do about security and privacy. Compare this to Dropbox’s terms… and what happened last year!

This was confirmed when I heard Steve Gibson’s Security now on Cloud Solutions.

Cloud Solutions
After catching up with the week’s news, Leo and I examine ALL of the various cloud-based synchronizing, storage and backup solutions we could find. I survey each one in turn, and Leo chimes in with his own personal experience with many of the offerings. We conclude that SpiderOak looks like the winner, though Jungle Disk is still in the running.

Zero knowledge encryption is very useful and although I know theres way to encrypt in Dropbox (I actually have considered using them myself for somethings) I don’t really want to encrypt and decrypt on my Android device each time.

For me right now, there quite different parts of the market (although Spideroak do have dropboxes too) and I’m happy with that for now.

Why I love the idea of APML

APML support so far

I decided to split up my posts about the girl geekdinner because something happened later when we got to the pub in Victoria afterwards.

Walid from Trustedplaces.com was showing me some of the new features there planning. Obviously these are not to be repeated so I won't. But we got talking about the Trusted places taste tester and Walid pointed out a site I've never seen before called Imagini. Now how we got on to that subject is about profiling. I was suggesting to Walid it would be great if you make the profiling data available to the user so they could tweak it or share it. Glyn asked about the business motivations for doing so. I didn't really have a answer except it would be very cool.

So why?

Well imagini tries to map out who you are by asking you about 13 questions. Its results are poor and very general. But worst still is once you've done all that work, you get rewarded with a widget, some facts about yourself according to them, some travel sites you might like and being added to their facewall. The author calls it VisualDNA, theres lots more about VisualDNA including this part which talks about the reasoning behind it.

Did you know that businesses around the globe spend a staggering $18 billion per year on market research, trying to work out better ways of understanding what we all want? On top of this, about another $350 billion is spent every year advertising to persuade us to buy what’s been produced and available…

We think that this is totally outdated and simply not a sustainable way to carry on. It just makes sense that the future must be about producing less whilst meeting peoples needs more. We believe that the changing way in which we are all using the internet will make this possible by enabling people to get together and share information about what they like, want and need.

Our view is that the way to start assisting this process is to open up a completely new method of communication – a language that everyone who can see can interact with and understand – a language of images that enables people to understand each other in a different way.

The reason we have chosen images as a way of doing this is because about 90% of the way we all communicate is non-verbal. This 90% is made up of all sorts of different components that include many visual aspects such as who we look, act and behave.

 

This may sound cool but I'm left thinking, what else is it for me?. Now imagine it created a APML (Attention Profile Markup Language) file along with everything else. Then that would be something special.

This got me thinking too, what if other more established places like Trustedplaces, Last.FM, etc also gave away a APML file as part of the profile of each user?

One of the things I loved about APML is the Implicit Data (U-AR) and Explicit Data (I-AM) elements. You can just imagine how simple it would be to output APML from something Last.FM. (whats below isn't true APML markup, just my lazy json like writing)

Implicit (U-AR) last.fm {
concept{ Ferry Corsten = 0.87 }
concept{ Armin Van Buuren = 0.90 }
concept{ Sugar Babes = 0.1 }
concept{ Lemonhead = 0.00001 }
}

Anyway thinking about Glyns question about the business angle, I still don't quite have an answer except to say I've been following Steve Gibsons Security Now which recently has been talking about multifactor authentication.

  1. Something you know
  2. Something you have
  3. Something you are
  4. Someone you know

Well I was thinking APML could be useful for 1 and 3 but started thinking about a 5th factor. Something you know about someone. So a question could be does friend1 prefer ferry corsten, Armin, sugar babes or lemonhead? Maybe? or Maybe not?

Anyway I look forward to seeing more applications and services using APML or something like it. I think there's business reason behind APML but I can't put my finger on it right now. Hopefully someone like Trusted places gets it before Digg who just annouced something similar to trustedplaces.

Comments [Comments]
Trackbacks [0]

Steve Gibson says Windows Metafile was a backdoor

So while in the shower today I was listening to Leo Laporte and Steve Gibson's Security now number 22. I almost fell in the shower after hearing the possibility that Microsoft maybe covered up a backdoor in Windows. Simply put Steve Gibson is suggesting that Microsoft or some people involved in the code for the Windows Metafile (WMF) put in a backdoor. Aka it was not a flaw or vunerability, a backdoor! If this is true I'm speechless.

Its easy to think of this as a conspiracy and put on your foil hats now but this deadly serious. Even Steve has admitted if he's wrong he will be the first to admit he's wrong but he really doesnt believe this. He's actually put a lot on the line for this. Personally I think this is just a long line of the mainstream lying to us. Think about it Sony and there badly written DRM and worst still badly written Rootkit. Lies and more damm lies. Even when there pants were down they tried to cover it up by saying people didnt even know what a rootkit was so why tell them. I remember quoting Miles in my post about the Rootkit saying Apple and Microsoft must be pissing themselves with laughter. Well its now Microsoft's time and Apple are not getting away clean. Theres lots of talk about iTunes in the context of useage patterns feedback and the reduction of uses of the sharing feature across the versions. So Apple users don't even laugh because Apple are hardly saints either.

But back to this claim of a backdoor in Windows. If it turns out to be true (and honestly Steve's explaining actually makes a lot of sense I have to say). We have to wonder how many more there are? Who put this backdoor there and who actually knows about it? I expect by the time this gets out there it will make the large news sources quickly. I've not looked on Digg, slashdot, boingboing yet because I'm on the 10am train into London Bridge. Tell a lie, I just did a search through Digg on the my aggregator and this came up (which is close but not the same) this came up.. I'll digg it when I get back online in about 20mins. Looking at the date of the Digg story (7:30am) its still too early for most of the Western world and may not have had time to circlate yet. Steve did say this was a exclusive to Security now and he's only known about it for about a day at most. Anyhow, we shall see what happens. By the way the people who came out of this smelling pretty sweet has to be Hackers. If it wasn't for hackers and reverse engineering we would never know. This is critical to remember no matter how it turns out.

Comments [Comments]
Trackbacks [0]