After Heartbleed, does the web need a transfusion?


It was my original plan to regale you with some hot tips on capturing the perfect image on your fabulous smartphone. But then a couple of snivelling halfwits from Google and Codenomicon threw my big idea into disarray by discovering a security flaw in the web with such potential for harm, it could change the way we use it forever.

Yet in a plotline that wouldn’t seem out of place in one of those summer smash-hit Hollywood movies, we don’t know if it will, or has.

I’m talking about Heartbleed, something you’ve probably heard of in the past few days. I could go into ludicrous detail about what it is, and why it matters, but instead I’ll give you the dumbed-down version that I understand. If you want uber-geek, heartbleed.com has everything you need.

Update: you can test a website to see if it’s been locked down and now unaffected by the Heartbleed exploit. To do so use this SSL Test.

 

For those unwise enough to stick with me, Heartbleed is an exploit in how sensitive data is stored. This technology is called OpenSSL; it was used, and possibly still is because of the legwork needed to switch to a different security platform, by two thirds of sites on the world wide web.

Blimey.

What’s an exploit? It’s a weakness, in that the power to repel hackers is significantly compromised.

SSL is that little yellow padlock at the bottom of your browser window that is there purportedly to assure you that any details you provide at this point will be securely transmitted and stored.

You’re seeing that padlock more than ever because every company wants you to share as much information possible, so it can know you better and therefore tailor its offering to your specific needs.

These websites could be asking for something as innocuous as a username and password to access a member’s area.

Ironically, among websites compromised by the Heartbleed exploit, apart from Google itself, and Yahoo Mail!, is LastPass – a secure password storage service that gives you a single master password to remember (never did get that idea).

Well since Heartbleed acts as a master key for much of the internet, that might not have worked out so well.

You can take heart in the fact that shortly after this flaw was discovered, a patch was issued that fixes it. But locking down this encrypted technology to do what it was supposed to do in the first place, depends on every OpenSSL-powered website to actually install it. And most have. But yet…

When I was on BBC Radio Merseyside last week, mein host Simon Hoban asked me if we should change all our passwords. My response was a mixed bag.

Unequivocally yes, you should change your password: frequently, in fact. It’s good to get into a habit of not relying on others to protect you and your online data, as we now see.

But changing your password won’t fix the problem: only website operators can do that. The gaping hole needs sealing first. Otherwise it doesn’t matter if your password is the entire Bible, backwards: once the hacker’s opened the door, they can just reach right in and grab it.

I said very much earlier that we’re in this horrible Heartbleed hiatus right now. Simply, we have no way of knowing if hackers exploited it. There is no evidence that Heartbleed was exposed until this couple of geeks found it in a recent OpenSSL update but as we’ve seen from Flight MH370, things often take a long time to materialise.

I don’t want to instigate histrionics, here, but Heartbleed will damage the web, irrespective of how the post mortem plays out.

Knowing your data wasn’t safe – for two years – and that huge corporations relied on the security ‘protecting’ it for so long, won’t do etailers any favours.

The world wide web is just a child. Mistakes happen when you’re growing up. But Heartbleed rebuffs the saying that ‘to err is human’.

If machines can mess up, too, it makes me feel a whole lot better.

Scam school

Talking scams today: a bit like last time.

I’m really angry because it seems lots more vulnerable people are being targeted than ever before by low life scum.

But it’s not just the old, unknowing and trusting, who are suffering by this latest rash of ransomware and malicious emails. Every business now and into the future is being damaged by the work of scamsters. Every dent in the world wide web’s trustworthiness is damage magnified in the future.

So let’s all hold hands and help people young and old to embrace online safety and build a better world together.

Kumba-bloody-ya.

Facts about staying safe online

  • 99.99% of scams are self-inflicted. It’s better to be safe than sorry. If something spooks you or looks unusual, don’t click on it
  • Never stand in front of a webcam in your pants. Unless you have trousers over them, and a shirt
  • Keep a very close eye on the address bar, and double click the email address in the From: field to be sure the message is coming from who you think it is
  • Same with social media, don’t go spouting off about sensitive stuff that could bite you now or in the future
  • There are no Nigerian princes seeking sanctuary in your bank account
  • Cialis won’t turn you into Casanova
  • No bank or shop will ever email asking for your login details or credit card info including your security code. If they do, and they’re legit, they don’t deserve your custom anyway
  • Never say yes to anyone asking for sensitive information such as usernames, passwords and bank details via email. That’s just rewording the point above – but it needs repeating
  • Stick to safe sites and double check that hyperlinks in emails are from who they say they are which you can generally test by right clicking them.

Tools to keep you safe online

Best thing about all this is that the things you need to protect yourself against yourself dropping the ball online – because that’s generally when unscrupulous types break in – are free. Forget your Nortons and your McAfees. They’re only there to keep Currys/PC World staff in margaritas.

PC users

Your first line of defence against viruses is either Windows Security Essentials or Windows Defender, both from from Microsoft. Let me help you figure out which works best for you, and what – if anything – you need to do:

  • Windows XP, Windows Vista and Windows 7: You should download the antivirus software Microsoft Security Essentials (MSE, from here: http://windows.microsoft.com/en-GB/windows/security-essentials-download) and follow the simple prompts. Be aware that Windows XP is no longer officially supported by Microsoft. You can’t download the very latest version of MSE but virus updates will still be available to you until 14 July 2015. If you’re still rocking XP I recommend upgrading to Windows 7 (it’s about £70 right now at ebuyer.com). If you have Windows Vista or Windows 7, you already have a very basic version of Windows Defender included, but it only scans your machine for nasties (it’s an antispyware app, not a fully-fledged antivirus program)
  • Windows 8: Microsoft rolled out the security barrel for users with a brand new version of Windows Defender. It built on Microsoft Security Essentials as the de facto antivirus program. It’s switched on from the very start but you can do lots of things with it that are explained in great detail at http://www.microsoft.com/en-GB/security/pc-security/windows8.aspx.

Whatever version of Windows you use, I always recommend downloading the free Spybot application (safer-networking.org/dl/) and running it on at least a monthly basis to check your PC for nasties in case something slips through the net. Microsoft Safety Scanner (http://www.microsoft.com/security/scanner/en-us/default.aspx) does a similar job to Spybot, if you want to stay loyal to the Redmond company.

Linux users

You need the free version of Comodo Antivirus for Linux.

Mac

If you’re unlucky enough to be smacking a Mac, I have nothing for you. Mac users say they don’t get viruses or malware. Leave ‘em to it.

I wrote a story about all this – better yet, you can read it without giving me the password you use to book classes at the local leisure centre.

In depth

Today’s column is going to be all about protecting yourself against nasty scams online. Now permit me to waffle on a bit before getting to the

Got the chance to play pretend journalist today when a press release came through via the BBC wanting me to talk on a breakfast radio show about all the ways dodgy sorts try and scam folks online.

Assuming they consider me one of the good guys rather than the rogueish types who make millions bending people’s wills to their strange offerings, I did some more digging. And unusually for press releases, the information provided was factually correct.

What was unjust was how they painted a picture of the victims being exclusively silver surfers. I happen to know a few people who I don’t call mum and dad that have a fairly good grasp of technology and are of sound mind. I also know that thanks to my mouthing off in this column Sunday lunch will be a decidedly icy affair.

Scams, like the spoils, are abundant. Snake oil merchants will target anyone. They have sound business sense like any trader in that they have a certain type of person in mind, for sure, but cowboys don’t discriminate.

And it’s not just about phishing, using emails to steal your money or identity.

Recently we’ve heard a lot about a gang in the Far East, now imprisoned, that hacked into people’s computers with a spoof log-in screen for Facebook. After you unwittingly give them your details, they take control of your account and hold it to ransom while threatening all sorts of indecent stuff until you pay up.

That’s the tip of the iceberg, and if you weren’t of sane mind it would be enough to make you feel like you need to protect yourself with rings of steel.

I was going to tell the radio DJ that, like using social media, avoiding scams is all about using your common sense. But as scammers get increasingly sophisticated I’ve heard of emails being received about orders already placed by customers, not just accounts held, that by all intents and purposes on the outside look entirely genuine.

That’s the bad stuff out the way. Thankfully we have defences and, by jiminy, we’re going to use them.

My tips on staying safe online

  • No bank will ever contact you online to ask you for your password. What has perplexed me on a number of occasions is a bank getting on the blower to ask for a lot of personal details before proceeding with the call. I still don’t get why they do that. But online is an entirely different matter.
  • There’s no such thing as a free lunch. No Nigerian prince is going to give you his Lottery win. Forget it.
  • Cialis will not turn you into Casanova. Neither should you take your clothes off in front of webcam in any situation.
  • Don’t give your username and password or bank details to anyone requesting them via an email, EVER. I’ve had emails from thieves who have hacked friends’ email accounts – they do this using ‘brute force attacks’ on webmail providers – and sent emails supposedly on behalf of that user saying they’re in a sticky situation and asking for money to bail them out.
  • And lastly, this: it’s easy to cloak, or mask, email addresses and weblinks in the body of a message. Most of the time you can double-click these details to find out the real information behind them. Sometimes you need to right-click and choose properties.

Data is a huge business these days. In some ways your digital footprints and shadows are worth more than your bank account.

But irrespective of whatever valuable information is in question, the fact that third parties are putting up barricades to stop charlatans and deceivers getting hold of data should be enough to make you keep your house in order.

Most of the major brands who keep your data ask for two-step authentication these days. That’s where at some stage in the signing in process they send you a text, which contains an authorisation code. You enter that, then you enter your username and password. If they’re that concerned about your data and its safety, shouldn’t you be?

9 killer ways to raise money online


A new charity embarking on their first fundraising drive just approached me asking for advice on how to use the web.

I discovered it’s a freakin’ minefield. No wonder many charities pay handsomely third parties to figure out the landscape for them – thus losing much of their hard-fundraised.

One of my favourite charities, Christel House International, is run by philanthropist Christel DeHaan who soaks up all the admin costs so every giver sees the full balance of their donation go directly to where it’s needed most. I know this isn’t possible in many cases but it’s certainly going to be made a whole lot more difficult when the systems used to facilitate online giving add more fees into the mix.

Anyway, here are my recommended channels for fundraising and getting donations on the world wide web:

  • Amazon Associates. You can earn up to 10% of all sales generated through your customised affiliate link. If you’re on WordPress, you could use the PrettyLink plugin to ‘cloak’ the URL with a link of your choice matching your website URL – so, for example, you could remind your fans to always shop at Amazon at davethackeray.com/amazon (a link which doesn’t actually exist)
  • Commission from many other online shops. easyfundraising.org.uk takes a cut but automates the parlaver of having to sign up to the affiliate schemes of multiple retailers. It’s like Amazon Associates on the proverbial steroids!
  • PayPal Giving Fund. This is essential if you want to use Givery but it also adds your charity to the list of good causes people can support when buying stuff on eBay. You know that little “would you like to donate $1 to this cause” that pops up when you pay for your eBay kit using PayPal? You could be on there!
  • PayPal Charity. If you simply want a way to let people contribute online using a trusted funding platform then it’s worth paying a small fee to make it happen. Sign up to PayPal Charity and enjoy beneficial rates for every donation
  • As a simple donation platform, Givey is the only place you need to go. It’s taken them three years to build a system that doesn’t charge its charities a bean every team people donate. And unlike Virgin Giving, you don’t have to pay a setup charge (VG charges £100 PLUS VAT for creating your account AND THEN transaction fees). Hint: remind your donors to sign up for Gift Aid so you get an extra 25% on top of what your kind supporter has given. If you’re looking for alternatives there’s a full round-up of fundraising sites at MoneySavingExpert
  • If you already create useful content you might want to consider having people show their support using social microdonations engine Flattr. I know a prominent podcaster who lets people contribute using this system, and he reports that it works very well indeed
  • Be a little more creative and develop some kind of media presence – with your supporters picking up the tab. Hundreds of media producers have found funding using a platform called Patreon
  • Innovate using crowdfunding platforms such as Kickstarter or Indiegogo to give you the money to produce your projects.
  • Set up charitable SMS text messaging so people can stop wasting money on The Voice and give it to you instead.

25 years on: WWWhat a day!

WWW diagram - Tim Berners-Lee

Diagram forming the bedrock of Tim Berners-Lee’s 1989 proposal for the world wide web. Image copyright: CERN.

On a misty day in March 1989, an unassuming worker bee at Cern – the physics research lab in Switzerland otherwise best known for the Large Hadron Collider which helped scientists discover the Higgs Boson particle which apparently is quite important – proposed a neat way of making information on the internet accessible to all.

Previously a massive collection of networked computers of which very few people were aware, the internet was frothing with data but no reasonable way to find it.

This Cern chap was aware of the internet’s mighty potential and set about proposing this humanising of a world of data. His boss acknowledged that the creation of a world wide web would be a nice idea, but the proposer’s notion was nothing but vague.

Tim Berners-Lee was unmoved by the snark and set about creating a web browser prototype. Two and a half years later the first elementary window to the internet was born. That date was March 12 1989 – and the world would never be the same again.

 

What if…

If it hadn’t been for the world wide web I’d probably be an electrician. If you’ve seen me try and wire a plug you’ll see why things turned out as the should have.

It’s hard to quantify the impact of the world wide web on our lives. On a macro level WWW has shrunk the world. It’s certainly shrunk our bank balances, by giving us easy access to 24-hour shopping and one-day delivery. In some places efficiency of retail is far greater: live in San Francisco or New York City and eBay can have your goods on the doorstep same day, if not same hour.

The world wide web has been an instrument of revolution, creating movements of change from the Arab Spring to Capitol Hill.

Eric Schmidt, the former head honcho at Google, told us in 2010 that every two days now we create as much information as we did from the dawn of civilization up until 2003. Gary Vaynerchuk said we’re about to enter the second industrial revolution because of the world wide web – after Chris Anderson predicted the same.

And in grouping the world’s information, it has given us ready access to study paths previously unimaginable. As I type this I’m neck deep in an EduX course administered by some faraway Ivy League seat of academia helping me understand how people think. The Khan Academy and TED are democratising the best of everything to swell our brains and ready the planet for a new dawn of challenges and change.

Who doesn’t love to kick back after a hard day at the monitor with an hour of music tailored to our preferences (any music streaming service is driven by WWW protocols)? To catch up with our social networking obsession (WWW – tick). To learn how to cook on YouTube (WWW) or connect to our friends and family on Facetime or Skype (you guessed it). To watch the TV shows and listen to radio programmes we want whenever we want using BBC iPlayer (no surprises here).

Every single industry has been impacted. Industries have been created, from digital marketing to the maker movement.

Not just virtually there

Berners-Lee facilitated accessibility by all on the move to the minds of billions. Though the WWW is inherently of bits and bytes without it we would never have seen the likes of iPhones, iPads, nor seen the development at a terrifying pace of medical science – made possible by folding technology loaning inspiration and connectivity from the laurels of the world wide web.

There is nothing in modern life that hasn’t been at least adjusted by the fevered pace of progress of the web. The march of online in taking over previously mundane and manual processes, or at least sharing out the pain by invoking collaboration through the use of crowdworking platforms like The Mechanical Turk, helping us to live more satisfying and enriching lives.

Sensor the future

The first quarter century of the world wide web has been an awareness-growing mechanism. Showing us the possible, and how we can halt the impossible. Of thinking widely, of aiming for the stars and not just giving us the rocket but the propulsion to touch them.

While it’s not yet quite ubiquitous in availability worldwide – though efforts by Google with balloons (the aptly named Project Loon you can track online) and Facebook with drones are driving us closer to that state of everyone-connected – the web is shifting from an internet of people to the internet of things.

To not just be a plaything for many, but a meaningful, essential tool for the majority. To go beyond being the conduit for half-arsed cyber currency, to steer us away in our perception of the online realm as primarily a driver for effortless and conspicuous consumption.

If I had the money or the wit to invest, I’d be putting my money on sensor manufacturing.

Following roughly the theory of Moore’s Law, sensors have rapidly shrunk and become cost effective to the point where Kickstarters everywhere are experimenting with how we can monitor, manage and measure thousands of things that before were as lifeless as a tumbled leaf.

Objects as familiar as fridges are already internetworked so we can check from afar enough eggs are awaiting us for our homecoming. We’re wearing more technology than ever before, calculating our every move and giving privacy conspiracists enough ammunition to start an uprising on one of the increasing number of apps fomenting secrecy (including Whisper, one of the leading lights in anonymizing our thoughts online, which just raised $30m funding on a $200m valuation).

But this is not just about domestic appliances or wearable technology. We’re talking about things like bus stops and bins. Stuff to make our lives easier, or to make it simpler to control our movements.

Which is a spectacular precursor to us all being replaced by robots – the ultimate controllable device.

Until they control us.

WWW and the internet

An important distinction:

  • The internet is a collection of networked devices forming a master network – the internet. This assembly of microcomputing is about double the age of the web as we know it – the internet was first created in formative fashion in the early 1960s with the advent of packet switching as an accepted technology
  • The world wide web (WWW) is a collection of documents, web pages, linked by hyperlinks and URLs – those addresses we type into the address bar of our favourite web browser like Google Chrome. So think of the WWW as your way of seeing all the great stuff hosted on the devices making up the internet.

Most fascinating article ever written

The 6 companies that run the internet

Podcasting for Americans

A very dear friend across that there pond was kind enough to ask for my advice on setting up a podcast.

I’ve never bought podcasting equipment in the US – though I once had a fabulous microphone sent across by one of my mentors in the podcasting space, Mike Phillips.

But as an ambassador to the European Podcast Award I do get around a bit, which means I’d know what to look for if I was podcasting for Americans.

Elvis podcasting

Elvis would’ve made an awesome podcaster. Photo Credit: kevin dooley via Compfight cc

So without further ado, and with no affiliate links whatsoever to distract me from offering you exactly what you need at the cheapest possible price:

Hardware

Stand and mic holder

Get yourself a desktop stand with a metal base so your mic doesn’t fall over. Like this:

Microphone

Audio-Technica produce the sweet-sounding ATR-2100 – the best bang for your buck by a mile. Slam it into a mixer if you must, but it also plugs directly in to your computer via USB so you don’t need to faff about with any other external recording equipment for a simple podcasting setup. Two options to buy it – from eBay (seller like http://www.ebay.com/itm/Audio-Technica-ATR2100-USB-Cardioid-Dynamic-USB-XLR-Microphone-/360865172871?pt=US_Pro_Audio_Microphones&hash=item54053d8d87) or from Amazon: http://www.amazon.com/Audio-Technica-ATR2100-USB-Cardioid-Dynamic-Microphone/dp/B004QJOZS4/ref=sr_1_11?ie=UTF8&qid=1393957003&sr=8-11&keywords=usb+microphone (less than $60).
If you’re going the simple route, you’ll need a mini USB to USB cable to patch the mic to the computer: http://www.amazon.com/AmazonBasics-A-Male-Mini-B-Cable-Meters/dp/B001TH7GUK/ref=sr_1_1?ie=UTF8&qid=1393957882&sr=8-1&keywords=mini+usb+to+usb ($5.49)

Software

Podcasting has never been easier or more accessible. The first thing you need to decide is whether you’re going down the Skype or Google Hangouts route. Both are free if you’re doing computer-to-computer chats or interviews, or if you’re US to US, free for Skype to landlines or cellphones, too.
If you’re going to use Skype for interviews, I swear by Pamela for recording Skype convos: https://www.pamela.biz/shop/pamela_professional_edition?idev_id=1150 ($42). It records audio, and video if you’ve got something interesting to show your viewers.
If you record via Google Hangouts you’ll get a version automagically uploaded to YouTube where you can edit the result in the browser. And if you want an audio-only version of your show, you could rip that from the YouTube video using something like snipmp3.com. Everything relating to Hangouts I just mentioned is completely free.

Easy over

It’s not about you. It’s all about the audience. Be valuable, and provide everything they need to feel like they belong to what you have to offer.
That’s the easy bit. The tough bit is being consistent, batting out episode after episode. Every episode I ask people to rate my show on iTunes, and I offer SpeakPipe.com for listeners to record questions and feedback so I can use it on the show and keep our content fresh and relevant.
I used to be The Podcast Guy, so I know a fair bit about the merits of web radio. And if you’re podcasting for Americans, I know a few of them, too. Do reach out if you’re interested in doing things differently – I ask nothing in return for my knowledge but your passion and commitment to making podcasting a success for you.