Tag Archives: web security

Book review: The Snowden Files by Luke Harding

Edward Snowden's spy-novel-type book helps readers understand more about government spying
Edward Snowden’s spy-novel-type book helps readers understand more about government spying

The Snowden Files is a good, factual spy book, which makes you think more about data privacy, whatever your current view is.

When we started doing some work with Bitcoin at Endava a few people sent me some interesting article about The Dark Web. Bitcoin and The Dark Web are unfortunately intrinsically linked. The Dark Web is a fascinating subject and I’m working on a more detailed post for future publication. One of the avenues this subject sent me down was online privacy.

I don’t mind that government spy on my electronic communications. I have nothing to hide. I belong to countless social networks and comment on other websites, so I probably have a large digital footprint. I don’t mind that the government can switch my phone on remotely (according to Snowden it’s easier on an iPhone), and listen to the microphone without me knowing – they have more important people to investigate than me. Continue reading Book review: The Snowden Files by Luke Harding

The Future of Digital #Payments

Yours truly at Endava's Future of Payments Event
Yours truly at Endava’s Future of Payments Event. The audience isn’t asleep – they’re tweeting insights from the presentation, or watching the football

For the past 3,000 years payments hasn’t been the most exciting industry, but in the last 5-10 years, there have been dozens of new entrants into the market.

It took 3,000 years to give us pretty much seven payment options: coins, banknotes, debit cards, Diners club, Visa, Mastercard and American Express. In the last ten years, we’ve seen an explosion of disruptive players, all driven through the adoption of the Internet and/or mobile technologies.

Yesterday we hosted an event “The Future of Digital Payments” in London at the magnificent, if slightly warm, Royal Exchange. It was one of the best attended Endava events that we’ve held, despite the World Cup and Wimbledon trying to compete with us!

Continue reading The Future of Digital #Payments

How Your Website can Handle Emergency Announcements

School Flooding Announcement on Website - what happens if the website crashes?
Flooding Announcement on a School Website – what happens if the website crashes?

Major General Patrick Sanders, assistant chief of the UK defence staff, who is currently coordinating the armed forces’ response to the UK floods has described the damage as an “almost unparalleled natural disaster”.

I listened to the Today programme on Radio 4 this morning (a treat that I rarely enjoy now that I cycle to work – and only heard it today because I took my brother-in-law to the airport), and the presenters were speaking to various spokesmen from train companies and utilities around the country.

I’ve recently been speaking to a number of not-for-profit organisations about their digital platforms. Digital is key to these organisations because it provides a direct-to-consumer communication channel (although they each have different terms for consumers) which is far cheaper than previous methods. The commercial sector which recognised this advantage a few years ago.

One specific question which keeps being raised it how to deal with emergencies announcements.

Commercials organisations can often afford robust platforms and fault tolerance because the increased digital traffic from mobile apps and websites usually translates into extra revenue or improved customer service.

However, if you are a school and want to let parents know whether the school is open today or not because of flooding, snow or other natural problems, it’s unlikely the school will be compensated for the added digital traffic. Many UK schools offer a text messaging service to parents to let them know if the school is open or not, but still they receive huge web traffic from concerned parents.

Additional web traffic can often cause website issues. There are a number of methods to ease this high web traffic, most of which are free to use. Continue reading How Your Website can Handle Emergency Announcements

How the UK government is building a global Financial Services market

Financial services companies should start planning for a new global market, and here’s how it can unfold.

It all starts with Identity

UK Government Digital Identity page
UK Government Digital Identity page

Governments have often played a central in verifying the identity of an individual. For instance, governments issue passports, driving licences and authenticate commercial organisations, mainly for tax and legal reasons. Governments are considered trusted sources of verifying identities – banks trust government documentation such as a passport or driving licence) to prove a person or company says they are who they say they are.

Continue reading How the UK government is building a global Financial Services market

How to try a Chromebook for free

I’ve been seriously considering buy a Chromebook for my kids to use at home recently, but wanted to check whether the kids can get on without Windows before buying a new laptop – so here’s how to try it before buying anything.

Chrome running as a Windows 8 app - more than a browser
Chrome running as a Windows 8 app – more than a browser

Chromebooks use an operating system from Google called ChromeOS, which is mainly based on the Chrome browser. It can’t run Windows applications (or Android) – it can only run web sites, or Chrome Extensions and Applications which you usually download through the Chrome Store.

Continue reading How to try a Chromebook for free

The FIFA 14 “Free Coins” scam

Today is European Data Protection day 2014, or ‘Privacy Day’ if you live outside of Europe. Happy EDP or PD depending on where you live.

One of these accounts asked for my email username and password to get free FIFA coins
One of these accounts asked for my email username and password to get free FIFA coins

To celebrate EDP/ PD, I thought I’d share the latest scam going around on EA Sports FIFA 14 and Twitter, mainly targeting children.

FIFA 14 has one of the best monetisation strategies of all computer games which leaves Candy Crush and Farmville well behind.

Firstly, the game costs around £40 to buy, and to play it online on the Xbox, you need to buy a subscription to Xbox Live, which is a further £40 per year. And that’s only the beginning of the journey because many online gamers have quality football ‘players’ in their squads.

There are two ways of getting decent players into your own team – either to trade players in a marketplace or buy ‘packs’ of players (a pack contains a random selection of players which are undisclosed until purchase).

The currency for these transactions are FIFA points. You can buy FIFA points with real cash or through trading players. A brief survey of my kids’ friends revealed that the average amount of money spent on FIFA coins is around £10 per month. Playing FIFA is a £200 per year hobby.

The trading option provides the perfect environment for scammers – it’s the combination of naïve children who constantly want more FIFA Coins.

There are dozens of websites and Twitter accounts setup offering ‘free’ or cheaper coins. Remember that we’re dealing with children who want more coins quickly. So these websites ask for personal details in return for the coins. These personal details appear logical to a child.

I saw a Twitter scam as follows:

  1. The ‘Free coins’ account asks the gamer to follow them in return for coins. The reason for asking a gamer to follow the account is because following a Twitter account enables both parties to Direct Message (DM) each other. This means that further communication can’t be publicly viewed.
  2. The ‘Free coins’ account now DMs the gamer, dangles the carrot of ‘Thanks for following, do you want 100K or 500K coins?’
  3. The gamer responds
  4. The ‘Free coins’ account now asks for the FIFA team name and the Xbox Live account name. Both appear reasonable and are easily justified as “I need to know who to send the coins to.”
  5. The gamer replies.
  6. Now the clever part… the free coins account claims the transaction didn’t work correctly. They will ask the gamer to re-confirm their details. It builds the frustration and emotion for the gamer.
  7. The free coins account now explains there must be some sort of technical problem and asks for the gamer’s email account and password.

At this point, the DM conversation may have taken under 5 minutes from the gamer following the account. Once any hacker has control of a person’s email account, they have an open door to many other services because they can visit other sites and press ‘Forgotten password’, and keep resetting these services. And of course, the hacker’s first job is to change the email password and backup email account/ phone number.

Remember that we’re mainly dealing with children who undervalue security.

There are two steps to prevent this scam:

  1. Explain to your child the importance of never giving away their email password to anyone, no matter what the ‘offer’ is. It’s the online equivalent of giving a stranger your house keys.
  2. Explain no one on the Internet is likely to give you something for nothing, especially just for following them on Twitter. Back to the first analogy, it’s like someone on the street offering to buy you some chocolate for free, but they need your house keys to leave the chocolate in the fridge.

Parents of children who have fallen for this scam are rightly upset. The psychological impact is that a stranger has managed to break into the family home and steal from the children, all without parents noticing.

With more apps and games offering freemium options and monetised gamification, these scams will become more common.

Have a happy European Data Protection day.

2014 Digital Media trends/ predictions now on Slideshare

Here’s the Slideshare presentation for my 2014 Digital Media trends (click on that link to see the description for each trend).

Agree or disagree with them? Feel free to comment below.

Digital Media predictions for 2014

In 2014 we'll see television change significantly
In 2014 we’ll see television change significantly (Credit: National Museum of American History on Flickr)

Every year I forecast a number of predictions in the Digital Media/ Internet world, and at the end of the year I score those predictions to see whether they came true or not. Here are links to 2010, 2011, 2012 and 2013 predictions.

For the coming year, here are my predictions:

  1. TV will change. In the next couple of years, television is going to change significantly in both content and technology terms.
    In the latter front, I reckon we’ll see 3D disappear altogether (bye-bye 3D channels), Ultra HD become production ready, Xbox One will become the central home entertainment device, and with television sets growing every year, we’ll see more transparent TV technologies for when the box is switched off.
    In content terms, Sky have lost the TV rights to the Champions League from the 2015/6 season. This will mean the next round of Premiership rights bidding will be huge, because Sky can’t afford to lose the Premier League. Unless they start significantly boosting the awareness of another sport, similar to what they’ve done with darts and cycling. The bad news for consumers is that TV is going to become fragmented – think multiple subscriptions from different providers to see all the TV content that your family wants to watch.
    The next two years of TV will see massive change.
  2. Investment post-recession. Remember Facebook buying Instagram for a billion dollars? Or Google buying Waze for almost a billion dollars? As the world (minus Spain and Greece) dusts itself down and emerges from the recession, we’ll see the spending spree continue. I’d expect to see TV broadcasters and newspapers lead in this area.
  3. We’ll see the pace of consumerisation speed up. Large companies will produce their own app stores, many more companies will move to BYOD (Bring Your Own Device) and finally improve the usability of their in-house apps. Across businesses, staff will demand more touch screens to work with Windows 8[.1]. All of this will mean that the business (i.e. non-IT departments) will be buying what we have always called ‘the technology’. And this will be challenging for established IT departments.
  4. Security is going to move to the top of the agenda, specifically with Trust and Identity. This will become the big item agendas for IT departments. Historically we’ve seen hacking groups held up as revolutionaries and small time geeks who are bored. This public and media perception will change as more people’s identities are cloned and security costs for hacking intrusions are passed on to end customers.
  5. From Mobile to Wearable. IT and marketing departments have focused on mobile devices for the last couple of years. We’ll see the focus shift to wearable devices as Google Glass, Samsung watches and Apple somethings all become mainstream. SMAC (Social, Mobile, Analytics and Cloud) will be replaced by SWAC (Social, Wearable, Analytics and Cloud).
  6. 2014 will be the year of the wallet. Visa released V.me at the end of 2013. PayPal already provides a wallet, and we’ll also see banks and payment systems releasing them. The good news is that it’s going to be easier to pay by card online – you’ll only need a username and password rather than your credit card number. The bad news is that we could end up with a number of wallets and many passwords. It will become a race for the first wallet.
  7. Speech recognition to become more mainstream. I use speech recognition for Google searches on my phone and laptop. It gets my search correct most of the time, and for the other occasions, Google usually second guesses what I was trying to search for and gives those results instead. With Google’s speech API, almost any app can use speech recognition, and the more it’s used, it will become better quality.
  8. Integration between services. When I received Google Glass in December I was impressed that as soon as you log in with your Google account, it shares phone numbers held on my Android phone together with my Google+ profile and so on. I saw a demo of Sharepoint 2013 recently with excellent integration between Yammer, Sharepoint, Lync, Exchange and Outlook. To date, social integration has been about finding Facebook friends on a new service or asking them to build new farms and vegetables. We’ll start seeing more clever implementations between applications – why does both Strava and my health insurance app need to follow me around when they can share data?

Using your bank for Single Sign On

Where do you store your important documents?
Where do you store your important documents?

I’ve been writing about the need for a trusted Single Sign On system across the web for some time now and I think I’ve seen it start to emerge.

My concept of the Single Sign On solution is similar to Facebook Connect, but from a trusted, strong, long term brand. Facebook still needs to prove its credibility in the trust arena. I only use Facebook Connect for some personal sites where I want to reduce, or even avoid, the time it takes to register.

Would I use Facebook Connect for tax returns, or my road tax, or my company’s payroll system? Nope.

I do a fair amount of travel and seem to need my passport number (and sometimes other passport details) from time to time. I once scanned my passport and I keep it as a digital image on some secure digital storage where I know I can access it everywhere (interestingly the UK Government also recommends to store it online using a secure data storage site). The same goes for my National Insurance card, photos of my bikes’ frame numbers and stuff like that. When I speak to other people about this, they have similar solutions, and I know some people who keep these solely as photos on their phone. We all have different levels of security that we’re comfortable with, but I really wouldn’t advise the phone method.

Last week I heard about a new service from Barclays Bank called Cloud It. Cloud It enables, well actually it encourages, users to upload important documents. It then adds additional functionality such as alerts for expiring documents, or regular renewals (e.g. MOT certificates and insurance).

I have no proof whether Barclays Cloud It is any more or less secure than say, BT, Google, Microsoft or Dropbox, but the fact that a bank is storing your document ‘feels’ more secure.

The next step of Cloud It really should be Single Sign On. I would trust my bank to authenticate me into other services.

Trust a bank?

I spoke about this concept of a bank offering Single Sign On at a conference earlier this year. Over lunch afterwards I was asked whether people really trust banks after the recession, and the bad press that bankers often receive. One person on the table categorically stated that he wouldn’t trust his bank.

My answer to this is simple: people still keep their money, one of our most valuable day to day assets, in banks once they’ve been paid and they still go to banks to borrow money for their houses and cars. Conversely, if people didn’t trust banks, we’d be hearing a lot more about mass withdrawals after being paid. But people don’t withdraw their money based on lack of trust (except Cyprus), and this proves that people do trust them, and in the future we’ll be trusting them to log in to all sorts of systems across the Internet.