Not your type: websites watching your strokes

Keyboard pieces

Some of your favourite websites could be recording every keystroke you make during your visits, a study has revealed.

According to researchers at the world’s poshest-sounding university, Princeton, nearly 500 sites use something called ‘session replay software’ to capture whatever it is you’ve typed in, whether that be credit card details you readied before chickening out of a purchase, or queries such as ‘how do I declare my house and garden an independent republic no that’s silly delete that’.

Some of the sites that employ such software are those of respected brands such as Reuters, CBS News and Samsung. The Telegraph also uses it.

According to the researchers: ‘These scripts record your keystrokes, mouse movements, and scrolling behaviour, along with the entire contents of the pages you visit, and send them to third-party servers.’

The young princes at Princeton have also warned that the practice could expose users to ‘identity theft, online scams, and other unwanted behaviour’.

And, unsurprisingly, the law may have an interest in all of this. Paul Edon, director at security firm Tripwire, reckons recording people’s keystrokes without telling them that that’s what you’re up to isn’t necessarily legal, saying: ‘If these websites do not alert the user to the fact that they are recording keystrokes, then I would class this under “nefarious activity” as it is being less than honest, and the information is being collected without the user’s knowledge.’

So, maybe think carefully before you type in future. I’m not too concerned myself. All I ever type into the internet is ‘Will we have a white Christmas?’ and ‘Has Scarlett Johansson expressed any attraction to sarcastic tech bloggers yet?’.

Not your type: websites watching your strokes

Making a killing: weaponised AI gets a slamming

A group of worried types have made a reasonably terrifying video – so now you, too, can worry along with them.

The Campaign to Stop Killer Robots’ short film, Slaughterbots, begins with a beaming, probably evil CEO telling a rapt audience how good his AI-controlled assassination drones are. Everybody claps as one buzzes in and attacks a dummy.

Things then take a turn for the worse as terrorists seize the murderous technology and go on the rampage.

Rather than me talking you through it all, here’s the vid:

An excellent, worthy cause, no doubt, as most would agree that new ideas for killing people aren’t desirable ideas. Sadly, though, if we somehow managed to collectively ban this horrible stuff, wouldn’t states just carry on developing it in secret, convinced that that’s what every other state is up to?

I’m just being cynical; I don’t actually have anything useful to add to the debate around this latest development in human madness/destructiveness. But perhaps you do! Please add your comments below. Let’s get this sorted out.

Making a killing: weaponised AI gets a slamming

A fresh blow for cybercrookery?

ethernet 2

Sick of clicking on sites that ruin your day because they turn out to be malicious entities run by cybercrooks, eager to infect your personal computer with their insidious ransomware and foul malware? Well, now there’s a filer for that.

Old-fashioned tech firm IBM, which, incidentally, you rarely seem to hear much about these days, has created a new free service which it says will automatically block your attempts to unintentionally access a website where fraudulent intent lurks.

The Quad9 Domain Name System (DNS) service accesses nearly 20 lists of internet-based nastiness, which it uses to identify threats and warn users.

However, tech-phobic or lazy types might be put off by the fact that you’re required to change the settings on your router to get it to work – but should you feel up to it, click here to find out how to.

IBM has built the service in conjunction with the curiously named Packet Clearing House (PCH), and the awesomely named Global Cyber Alliance (GCA), whose CEO, Phil Reitinger, said: ‘Protecting against attacks by blocking them through DNS has been available for a long time, but has not been used widely. Sophisticated corporations can subscribe to dozens of threat feeds and block them through DNS, or pay a commercial provider for the service.

‘However, small to medium-sized businesses and consumers have been left behind – they lack the resources, are not aware of what can be done with DNS, or are concerned about exposing their privacy and confidential information.’

According to the GCA’s press release, Quad9 can protect you and the devices you love without slowing down your internet speed, and goes on to say that ‘leveraging PCH’s expertise and global assets around the world, Quad9 has points of presence in over 70 locations across 40 countries at launch. Over the next 18 months, Quad9 points of presence are expected to double, further improving the speed, performance, privacy and security for users globally.’

Jim Brennan, from IBM Security, said: ‘Consumers and small businesses traditionally didn’t have free, direct access to the intelligence used by security firms to protect big businesses. With Quad9, we’re putting that data to work for the industry in an open way and further enriching those insights via the community of users.

‘Through IBM’s involvement in Quad9, we’re applying these collaborative defence techniques while giving users greater privacy controls.’

Could this initiative spell the end for phishing groups and the rest of the motley crew that bedevil the super information highway? Unlikely, but it should have some sort of impact.

And there other ways to make a difference: Click here to read our recent briefing on cybersecurtity, and why people are your most effective defence.

A fresh blow for cybercrookery?

Time out: Germany bans (some) smart watches

Watch

Parents hoping to keep tabs on their kids via the latest technology have been dealt a blow, in Germany at least.

The country’s version of Ofcom, the Federal Network Agency (FNA), has forbidden the sale of smart watches targeted at children – after it became apparent that over-caring parents could dial into the devices to secretly listen in on their conversations.

The FNA claims to have taken action against a number of, unnamed, firms – and has asked parents to smash up any watches they’ve already bought, which may make for some interesting scenes on Christmas morning.

The agency’s president, Jochen Homann, said: ‘Via an app, parents can use such watches to secretly listen to a child’s environment. They are to be seen as a prohibited transmitter. Our investigation has also shown that parents have used the watches to listen to teachers in the classroom.’

Germany’s surveillance laws forbid devices that can be programmed to covertly dial a phone number, allowing others to listen in.

Time out: Germany bans (some) smart watches

Friday round-up: A week in tech

A new Star Wars video game has caused a commotion for appearing to encourage the young to take up the pastime of gambling.

Battlefront II features things called ‘loot crates’, which players can purchase and then bust open for some kind of reward. As a crate’s contents aren’t revealed until you’ve bought one, some have slammed the game’s creator, Electronic Arts, for effectively promoting gambling to children.

Shameful, probably. But natural progress, surely? Advertising for gambling outlets floods the internet, TV commercials, the radio waves and newspaper pages – there’s no escaping Ray Winstone’s obnoxious floating head or some former footballer coaxing us to ‘claim a free £10 bet now’ – most of it easily accessible by people well below the age of 18.

The government will have to act at some point. I bet you £100 they bring in new gambling legislation next year.

***

A pawnbroking chain has become the latest victim of a serious data breach – but, rather refreshingly, it seems to have broken standard procedure and actually told people about it.

Cash Converters, the store where unwanted Argos Christmas gifts go to be reborn, has said some of its customers’ addresses and usernames on its old website might have been accessed by agents unknown.

Showing some excellent pre-GDPR diligence, the firm rushed to report the breach to the Information Commissioner’s Office (ICO), and has said it’s taking the incident ‘extremely seriously’ – a commendable move and the polar opposite of the squirming avoidance Equifax indulged in during a series of disastrous hacks earlier this year (‘If we don’t tell anyone, maybe it’ll all go away?).

Apparently, no credit card information was accessed, which is something. In a statement, Cash Converters said: ‘Our customers truly are at the heart of everything we do, and we are disappointed that they may have been affected. We apologise for this situation and are taking immediate action to address it.’

If you’d like to know more about what the GDPR will require of you if your data is breached, and learn lots of other things too, please have a look at our excellent guide to the legislation by clicking here.

Friday round-up: A week in tech

Socitm Scotland – A review from a hill

Matthew Fraser

Here, Socitm technical consultant Matthew Fraser shares some of his highlights from the Scotland Conference – from which he briefly sloped away to enjoy a near-futile expedition up a nearby hillside.

By Matthew Fraser

Desiring to view the Socitm Scotland conference from another perspective, I donned my walking boots and headed up Arthur’s Seat (the extinct volcano in the middle of Edinburgh) to view the event from above.

A glance at the picture above shows that this was a complete failure, as the conference venue was obscured entirely by another hill.

Why would I share such a failure of planning? Well, I was strongly influenced by the excellent keynote address given by Charles Reeves of Aviva, where he discussed having a positive view of failure. Quoting Winston Churchill (who had his fair share of both success and failure), Charles said: ‘Success is the ability to go from one failure to another with no loss of enthusiasm.’

Charles developed the idea of having a culture where failure is accepted. It reminded me of one of my favourite quotes, attributed to Theodore Roosevelt: ‘The only man who never makes a mistake is the man who never does anything.’

We are often happy to share our success stories, and allow others to learn from our moments of brilliance – but perhaps we should be just as quick to share our failings, so that others can avoid the same pitfalls?

With this in mind, I’ll openly admit that if I had looked at a map it would have been clear that the conference would be out of view from atop the volcano.

Another concept Charles developed was of technology giving humans ‘superpowers’ – the ability to perform tasks that only a few years ago would appear as magic. However, he also emphasised the need for these powers to be useful. I reflected on this idea during my climb. Using the GPS on my watch, I could track my movement and know exactly how much further I had to climb. It is amazing technology, but is it truly a useful ‘superpower’?

I would expect each delegate at Socitm Scotland would have their own high points (though none as high as, at 250 metres, Arthur’s Seat). A few of my others include:

The Socitm Top Talent’s workshop on collaboration; not only did it give helpful insight, but I got to play with an air rocket.

Matsoft’s introduction to Low Code; as a developer who has forgotten more programming languages than I can remember, this could be a genuine ‘superpower’ in application development for me.

The Lamb Koftas at lunch were unexpected and very tasty.

Eddy Van der Stock’s presentation on the work V-ICT-OR are doing in Belgium; particularly their work on Digital Maturity and the lessons they have learned.

And finally, a low point. My hotel (which I will leave unnamed) was a bit too techy for its own good. Having all-the-lights-on sensors connected to the door sounds like an excellent idea, in theory. But when your wife leaves the room and you’re in the shower, the devices simply leave you in the dark – damp and quite nervous.

Socitm Scotland – A review from a hill

Room for improvements?

Improve_blog.png

At Socitm’s East Midlands meeting in Loughborough last week, our former Vice Chair of the East Midlands region, Warwick Andrew, delivered a session covering observations he’s made of our Improve service.

Improve – a bespoke programme which gives local government and public sector organisations the real picture of their ICT services – covers five modules: Estate, Performance, Cost, Digital, and User Satisfaction.

Over the summer, Warwick was one of two consultants that visited Socitm’s Improve customers as far apart as Cornwall and Shetland, on the hunt for excellence. But what does ‘Good’ look like?

‘Good’ can look different to different people: very low costs can be a major achievement, or a sign of underinvestment; relatively few service desk calls can mean a very robust service, or it could mean users avoid using it; very low costs of acquiring equipment can mean excellent procurement practice, or it could suggest a failure to procure the right equipment for user needs. And so on.

So, what did Warwick notice on his far-flung travels? Around dreaded austerity, many of the visited councils have seen dramatic reductions in spend over the last five years, but this is by no means consistent; some IT departments having lost near 30% of their numbers and budget, others hardly any.

One council was just starting the process of reducing its staff numbers, indicating that in 2018 its service desk would levels would drop from of 21 to 17 people; which, as the council in question only had about 2,500 users, struck Warwick as long overdue. Overall, the local authority still had about one member of IT staff for every 25 users – 45 to 60 would be more normal.

Three of the council’s visited had recently taken services back in house, which appears to be part of a trend. Certainly, the inability of outsource partners to have business models that shrink as well as expand are a factor, as cost bases decrease, Warwick noted. However, the failure to respond to business changes and meet user satisfaction levels was also quoted. None of the services he visited have a predominately outsourced provision anymore.

Meanwhile, no organisation fully supports schools any longer, with most having no relationship beyond either network connections to a corporate core or application maintenance for a schools package.

Having worked on a number of sites undergoing desktop virtualisation projects, Warwick was surprised by the number of sites he visited that have either never embarked on such a thin client/desktop virtualisation project or have rolled back implementations. For two clients, the whole experience of attempting a desktop virtualisation has been regarded as a disaster. Warwick highlighted that the common factor appears to be the reliability issues having a centralised system causes, with resilience measures not being sufficient to cope with Citrix issues (none of the sites surveyed had used VMWare).

According to Warwick, one council has instigated the removal of all desk phones and replaced them all with smartphones; something Warwick thinks may be worth investigating as business case for others.

Finally, flexible working. Warwick said that, whilst IT departments are supplying lots of tablets and laptops for others to work flexibly, the number of IT staff working from home appears not to have changed much in recent times, with presence on site still valued.

So, plenty of observations so far! If you’d like to know more about our Improve service, please visit the website.

 

Room for improvements?