Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

// Home / Blogs

Steve Cassidy

How to check your identity hasn’t been sold to the hackers

Tuesday, September 16th, 2014

Database breaches, in which giant corporates such as Adobe, eBay, or Sony lose track of copies of their user and billing databases, are becoming almost weekly news items in late 2014.

Sometimes this is given a hacker spin, other times it’s just a dull case of not knowing where all those USB keys or backup tapes have gone.

Consumers are meant to respond to the news – which manages to be simultaneously both worrying and vague – by meekly changing their passwords, even if they don’t think they’re included in the database that’s been stolen. eBay’s alleged database theft triggered a mandatory password change for everyone, right across the system.

I have some problems with this approach, because, to be honest, I have a whole lot of different web identities. Once you’ve signed up to enough services for review, this becomes inevitable: I have a slew of login names and emails, and figuring out which one goes with which service becomes a daily trial.

haveibeenpwned

This is partly down to disorganisation on my part, but it’s also a matter of personal security: just because the entire IT service business has declared that a single email address ought to be the arbitrator of identity, doesn’t mean that this approach is in my best interest. You’d be hard-pressed to deduce my username for my principal online banking account from the one I use to divert the inevitable marketing spam that follows a trial software download these days.

This approach puts me in a very rarefied group. Most people are encouraged by both daily advice from lazy e-commerce operators, and their own memory limitations, to have only one username/email combination and maybe a few different passwords, reused over and over again on various services.

As this count rises (and industry studies show a straightforward trend –  one service 3 years ago, between four and six now, and nine or more in 3 years’ time), so does the insecurity. The nasty black-hat hackers know this very well, and this increases the value of a stolen list of usernames: not because the hackers want to sign in to your Adobe account (to cite the largest recent breach as of the time of writing), but because they want to hit your Mastercard login, on the assumption you’ve reused the same credentials.

So it really does become essential to know whether your name(s) feature on those stolen lists. But how to check?

Enter Troy Hunt – he’s the operator of http://haveibeenpwned.com. Type your email or user ID into his site and it looks through his cached copies of the stolen lists to see if you’re at risk. As is becoming habitual for me with this type of investigation, none of my identities trip the alarm, but I made a wild guess and put in a former client’s email address to produce the screengrab you see here.

pwned1

I know what you’re thinking: why should you trust a site that a) has no www, and b) uses hacker-speak as part of its domain name? Aren’t all these people in it together? Who is this guy? Mr Hunt, however, has an easily traceable identity on the net and a very useful blog where he discusses the curiosities and vicissitudes of running such a thing as a public service. He is, in the jargon of this field, a “white hat”.

This is a vital role, given how e-commerce and customer relations have developed – certainly none of the affected businesses have taken steps of this nature to help you figure out whether your personal security plan has actually ended up working against your interests.

In an ideal world, the likes of Adobe and eBay would be paying Troy Hunt’s hosting charges on Azure (which is where haveibeenpwned.com lives), because most breaches appear to be failures of duty of care, and most of the cleanup processes seem to be left to a loose alliance of commentators, rumour-spreaders, paranoids and white-hatted hackers.

In fact, havibeenpwned.com has been around for a few years already, but Troy has been adding further lists to the resource as the thefts and breaches continue, which makes it a progressively more useful and relevant utility – although I suspect that the way the man in the street reacts to technology and the mixture of risks from hacking won’t change very much, even if you do the public-spirited thing and let them know if their name comes up as being in the at-risk group.

This is one of those classic “you know you’re a nerd if…” moments, where the most you can hope for is that some of the people you put through the checks might go so far as to change their passwords, a little bit more often.

How to turn off Google Location Tracking

Monday, August 25th, 2014

The problem with those crazy ideas about cellphones and Big Brother is that, occasionally, it turns out they were right. If you are an Android phone user the chances are that you have used your Google account to log in to the store, sync your emails, and all that good stuff. I certainly have, on two distinct phones and another brace of Android tablets.

And, I’ve been travelling – oh boy, have I ever been travelling. 50,000 air miles since last September, up and down to Cornwall, over to the Hague a couple of times, down to Switzerland, and in the last couple of weeks, chugging down the Canal de Borgogne at 5km/h. In all those places, my ancient but sturdy Moto XT890 has come with me.

(more…)

Formula 1: what a difference virtualisation makes

Friday, July 4th, 2014

Dell CaterhamHere at Silverstone the preparations for the British Formula 1 Grand Prix are well under way. While the weekend will be full of headlines surrounding Lewis Hamilton, Jenson Button and the various other British hopefuls, it’s intriguing to see how important the background technology is; and in particular, how virtualisation is giving Caterham Racing a time-saving edge. (more…)

How to lose a business customer on the web

Friday, May 23rd, 2014

OverworkedPeople talk about Net Neutrality a lot. The fear is that a two-tier (or four-tier or six tier…) internet will develop once the floodgates are open, so that internet businesses can develop cosy preferential relationships with their most profitable partners, relegating all others to less well serviced, lesser performing backwaters that don’t get the offers or find themselves cut out of all sensible forms of communication.

(more…)

Tags:

Posted in: Rant

Permalink

CeBit 2014 diary: Cameron comes to town

Tuesday, March 11th, 2014

IMG_1539

How can one link together rural broadband, Big Data and enterprise resource-planning software? By including a pair of EU leaders in the mix, of course. An early start on the stand of sponsor Software AG at this year’s CeBIT put me in a very unaccustomed position among the scrum of paparazzi, as German chancellor Angela Merkel and British prime minister David Cameron walked up behind a fearlessly simplistic diorama of Smart Big Data at work.

As you may be able to tell from my wobbly picture, the perfectly sensible explanation of how cargo-tagging and inventory management makes shipping more efficient may not have exactly kindled the perfect spirit of European allegiance that both Merkel and Cameron would have preferred as a takeaway message for the assembled press-pack. It certainly fired up Software AG’s Karl-Heinz Streibich, whose German flowed much faster than my talent for translation; I got the idea, in as much as an appraisal of the use of Big Data in an Internet of Things around a container port can be made in a three-minute speech with two impatient heads of state waiting their turn with the microphone.

(more…)

HP cuts off upgrades to spite its loyal customers

Monday, February 10th, 2014

No updates for HP servers

If you have an HP ProLiant server, or a ProCurve switch, then you’d better set some time aside before February 19th to download the drivers, BIOS updates, patches and fixes for your model from the HP support website. Because after that date, unless you have a current warranty or a Care Pack Service Agreement, you will be unable to get your download.

In a startlingly brief five-paragraph blog post entitled, with no obvious sense of irony, “Customers for life”, senior HP staffer Mary McCoy lays out the company’s rationale for this move and slips in various interestingly chosen phrases, such as that this “aligns with industry best practices” and that HP is “in no way trying to force customers to purchase extended coverage”.

(more…)

Tags: , , ,

Posted in: Rant

Permalink

How to cancel recurring PayPal payments

Tuesday, January 7th, 2014

Coins and notes

On almost exactly the first working day after Christmas, I was irritated by £39.99 being spirited out of my bank account by PayPal, sent on my behalf to Microsoft – with absolutely no trackback or narrative to the transaction at all.

This type of transaction is a modern plague and whole lifetimes of reading material on ultimately frustrating and self-indulgent Adventures in Billing stories can easily be found on this subject, starring pretty much every major brand you can think of: Microsoft, PayPal, Google and more. The most commonly cited bad guy in this field is Netflix, whose free startup offer collects your payment details and then seamlessly slides into charging you, by way of PayPal’s repeat-payment system. The email notifying you of the transfer only ever comes after the money’s been sent, not before.

(more…)

Tags: ,

Posted in: How To

Permalink

Stupid Windows 8.1 tricks (or how not to upgrade your PC’s hard disk)

Monday, December 23rd, 2013

Business laptops 428There has been a bit of a burst of action lately with engineer’s utility updates. No, come back! This is important.

You may think that “engineers” are a vanishing species and it’s all about just unwrapping the latest Chromebook, which will immediately solve every computing problem you ever had, but it’s not: despite the dire forecasts of the death of the PC, other forces are at work, including both the growing demand for data storage and the relentless pace of hardware improvements.

(more…)

IBM Watson meets Willy Wonka

Thursday, November 7th, 2013

Question key

Forgive me for a bit of speculation here: I’ve spent a couple of hours in the company of the IBM team behind Watson, the cognitive computing brontosaur which, in 2011, famously won the US game show Jeopardy against two human competitors, in what had all the appearance of a fair fight.

This represented a reasonable test of an entire suite of processes, for breaking down a human language question into a search and then marshalling multiple potential answers into a ranked set of probabilities of being the answer, if not necessarily the one the human was expecting.

(more…)

Michael Dell’s reasons to be cheerful

Friday, October 25th, 2013

Michael Dell TechCamp

In retrospect, I should have seen the signs way back. Dell Tech Camp, which has been a largely UK and Ireland-based event in the past, suddenly upped sticks and took itself off to Paris, foregoing the previous offbeat locations for a distinct – if overcrowded – up-tick in the shape of the mysterious Maison de X, which was variously described to me as a “technical college” , “founded by Napoleon”, and “tres chic”.

The press corps was unusually extensive, and packed unusually tightly together on tres chic little gold-painted chairs, so that the head honcho for Tech Camps past could take the stage for only a few seconds and say “who better to tell you what’s going on than… Michael Dell”.

(more…)

Authors

Categories

Archives

advertisement

SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010