Protecting your online banking and Paypal accounts

Posted on by
3

If you bank or shop online or otherwise use the Web to move money around, you need more protection for your accounts than just a simple username and password. Many of us reuse passwords on multiple accounts, and if a hacker or a malicious piece of software can obtain this information, you can suffer the consequences and be out a lot of dough in the process.

Of course, the quickest fix is to not reuse passwords across multiple accounts, but that isn’t likely to be implemented by many of us. A more secure and dependable solution is to make use of two-factor authentication. This is a fancy way to talk about a device that you keep on your person that only you have access to. If you work for a financial institution, or another paranoid employer, you probably already have something that looks like a credit card or a key fob with a small LCD display. This is the second factor (the first is your login name), and unlike your login only you have possession of this device. To make it work, you enter a series of numbers on its face after you enter your login ID. These are timed precisely to an authentication server. If you don’t enter the right sequence of digits, you can’t login to your account.

These fobs or security keys have been available for the general public for a few different Web sites. Paypal, for example, sells them for $5. Getting setup takes just a few moments, and requires an extra step when you login to your account.

But the fob can be lost, or you might not remember to carry it with you when you are shopping online. A better solution is to use a virtual key, one that runs on your smartphone for example, or makes use of a series of text messages if you just have that service. You don’t need to remember to bring anything with you, and these virtual keys are also free of charge.

VeriSign/Symantec calls its service VIP, for VeriSign Identity Protection. It is available in software for a wide variety of phones, including iPhones, Androids, Blackberries, and others. You download the software (via iTunes for the iPhone, and similar Web app stores for the others) to your phone, walk through the setup process, and register the software key with Paypal or other sites that you are interested in protecting. Here is one credit union in Palo Alto that makes use of the service where you can get an idea of the VIP process in more detail.

VIP can be used for other purposes than your online banking: they can protect VPN access to your corporate network, and other intranet kinds of applications. They are easy to manage, once you tie in the key servers to your corporate identity servers. And they remove the headache of managing the actual hardware security keys from the whole process, which is another plus.

VIP isn’t the only game in town. A startup called Enole.net is working on something similar that can turn your cellphone into a universal ID for all sorts of purposes, such as your car, your house key, and so forth. I haven’t gotten any specifics but the information on their Web site sounds intriguing.

It is time we started using better authentication methods for more of our online logins. And VIP is one very painless way to do so.

Markmonitor: Brandjacking Index 2010 on Luxury Goods

Posted on by
Reply

Everyone wants a bargain, but when it comes to buying luxury handbags and other high-priced name brand consumer goods online the deals are usually too good to be worth it. Given the discounts offered, it is no surprise that the amount of counterfeit goods being sold approaches nearly half the legitimate volume of the genuine articles.

But what is surprising is the level of sophistication that the fraudsters will go to place their sites high on search pages and purchase pay-per-click ads, making it harder to find the real articles from the name brand vendors when shopping online.

In this edition of the Brandjacking IndexTM, we look at the abuses in the luxury consumer goods sector. It isn’t a pretty picture, despite the smooth buttery leather exterior that many of the real handbags offer. You can register and download the full report here.

Baseline: Open Source Apps, Now

Posted on by
Reply

The time has come for the enterprise to consider open-source software. OSS, like Apache Web servers, Asterisk IP telephone switches, Linux desktops and others, can be less expensive to maintain and easier to support and scale. It can also provide a level of professional quality that, in some cases, can exceed purchased proprietary code. But before you switch to OSS, there are some issues to consider.

You can read the rest of my article on Open Source Applications in Baseline magazine here.

Strange Loop Conference St Louis

Posted on by
Reply

I attended a few sessions of this conference here in St. Louis, organized by Alex Miller. Miller has the uncanny ability to find the geekiest person at major organizations and convince them to come to town and talk about some of the really big issues that they are dealing with their code. The conference started off with Hilary Mason, who is a computer scientist and mathematician working for bit.ly. Did you know that you can get all sorts of analytics with any shortened bit.ly URL by just appending a plus sign at the end of it? Yup. She spoke about machine learning, and understanding and predicting behavior from large data set collections. For example, when the World Cup was playing, they observed all sorts of traffic coming from the countries that were in competition during the games. As soon as the game was over, the losing country’s traffic dropped to nothing. Obvious, but interesting. She also gave one of the best illustrations of Bayesian probability analysis that I have seen this side of grad school (and that has been a very long time for me).

I got to hear from Eben Hewitt, who wrote the O’Reilly book on Cassandra, an open source database project that is part of Apache and the current favorite of the large data set folks. He spoke about the really big data guys and how we have to talk in petabytes — WalMart’s customer data base is half a PB, and Google processes 24 PB each day. The data that was assembled to make the movie Avatar was around a PB.

Finally, there was Brian Sletten, an independent consultant based in LA, talking about new Web technologies. He mentioned the Powerhouse Museum in Sydney that is doing some interesting things with Web services — now how cool is that? I can feed my museum addition by going to a geeky conference.

You should put this on your radar for next year. This is very high signal, almost no noise. Some of the speakers could use some polishing, but the raw data is excellent.

SearchVirtualDesktop: Windows Intune shows promise at first glance

Posted on by
Reply

Windows Intune is Microsoft’s cloud-based antivirus software, and like other cloud antivirus products on the market that I reviewed earlier for Techtarget, it’s a bit rough around the edges. The product is a combination of Windows Defender anti-malware protection and the Windows System Center and Forefront management services. You can read my review published this week here.

 

Running legacy apps on Windows 7 using InstallFree

Posted on by
Reply

InstallFree 7Bridge can virtualize and isolate applications from the rest of your desktop, so you can run older, legacy apps on more modern operating systems.

Watch the video here on Webinformant.tv

InstallFree 7Bridge
http://installfree.com
Pricing: $25 per endpoint with the first application included, additional applications are encapsulated by InstallFree at $5,000 per application plus an18% annual support/maintenance contract. There is also an enterprise edition that includes the ability to encapsulate your own applications. Volume discounts available.

Running legacy apps on Windows 7 using InstallFree

Posted on by
Reply

InstallFree 7Bridge can virtualize and isolate applications from the rest of your desktop, so you can run older, legacy apps on more modern operating systems.

InstallFree 7Bridge
http://installfree.com
Pricing: $25 per endpoint with the first application included, additional applications are encapsulated by InstallFree at $5,000 per application plus an18% annual support/maintenance contract. There is also an enterprise edition that includes the ability to encapsulate your own applications. Volume discounts available.

Video abandonment and short attention spans

Posted on by
Reply

We live in a world where short attention spans rule, as I wrote in a column more than two years ago. But nowhere is this more evident lately than when it comes to watching Internet video clips. The research outfit Visible Measures found that after the first ten seconds, videos lose about 20 percent of their audiences. Ten seconds? That is a lot of itchy mouse fingers, barely enough time to even think about whether to continue watching. No wonder so many new network TV shows have already been cancelled.

I wanted to see how my own series of screencast videos stacked up to that statistic. For the past two years, I have been producing more than 50 of these over on Webinformant.tv as well as posting them across more than a dozen different video sharing Web sites. For some of the videos I use a service from Wistia.com where I can track exactly how many people have watched them all the way through, who has abandoned watching mid-way, and who rewinds to see something a second or third time. I purposely speak at a rate that is faster than normal for my narrations, mainly to cram more information into the video and also to make sure that my viewer continues to pay attention. When I first began doing these videos, my goal was to produce something around five minutes in length: now I try for closer to three minutes. Some of my clients have even wanted two minutes or less for their videos. People just don’t have the time and attention spans are dropping.

Granted, these videos serve a different purpose than your average YouTube chronicle of skateboarding cats, but still it was nice to know that my abandonment rates were a lot lower than reported by Visible Measures. I found that within the first ten seconds, I had pretty close to 100% of my original audience, in some cases much higher due to rewinds. Most of the time, it would take closer to 30 seconds before I lost anywhere from 20 to 30% of the original audience. Granted, this isn’t the general public, these videos are geared towards IT managers and business users, and no animals were employed during my productions (at least none that I knew about). And I was gratified to see that I even retained anywhere from 50 to 65% of my original audience at the end of the video. One video that was four minutes long ended up retaining only 25% of the original audience. But I am not sure if it was just too long or the particular subject matter or my treatment or the product itself – it is hard to do exacting research here to link cause and effect.

Ironically, I started doing these videos as a way to package information into a more concise and digestible portion than listening to a 45 minute Webinar. Clearly, we all have to do better at brevity these days.

I will keep this column short. If you want to read what I wrote two years ago you can get more perspective.

Ford misses on 2011 Sync

Posted on by
Reply

I had a chance to try out the latest 2011 model Ford Edge, a crossover SUV vehicle that comes with the latest electronics package. Usually, I get to review products that I can’t explain to my family what they do (intrusion detection appliances, anyone?) but having a press loaner car was a nice change of pace. My overall review is that while Sync is better than ever, it is still too pricey and too limited when compared to after-market options.

Ford has four different option packages of tech for its cars: There is the Sync features which allow you to connect your cell phone and music players to the car ($395). There is a navigation package that adds graphical maps to the basic turn-by-turn directions ($795). There is a rearview video camera ($240) which shows you what is going on when you are in reverse, and a touch screen for controlling audio, climate, and other cabin operations ($365). That adds up quickly and is also confusing to sort out. So my first suggestion is make it all a single priced option.

I test-drove a 2011 Edge that came with three video screens: two four-inch LCDs on either side of the speedometer and an 8 incher in the middle of the dash. This configuration will also be available in the 2011 models of the Lincoln MKX hybrids, and eventually on other cars too. The car retails for $30,000 and in my driving it was very comfortable and got about 22 mpg.

Ford has sold more than two million cars since 2007 with Sync installed: sadly, they are not available for this 2011 upgrade. The best bits are the phone connectivity and how the touch screen and voice-activated controls work, although it will take some getting used to. When I first got the car it spent more time running in my garage than on the street, as I went back and forth between my office’s Internet connection and gathering various bits and pieces of gear to try out in the car.

The car comes with a plethora of ports: two USBs, one three-RCA audio/video jacks and an SD slot for you to plug various stuff in. If you have an iPod or a USB memory stick with MP3 tunes on it, as soon as you attach it to your car it will start playing the music. All the connectors are located in the console between the two front seats, so you can stow all your gear out of sight too.

As soon as you pair your phone with the car via Bluetooth, it will attempt to download your address book so you can set up speed dialing of your most frequently called contacts. These are graphically displayed on the main screen and with a touch of a button or using voice commands you can interrupt your music and dial or answer a call. The sound quality was acceptable according to my listeners. Again, this isn’t anything all that new, with the exception of the graphical display. To play your music you’ll want to use the USB connection rather than Bluetooth.

Some downsides? If you have an iPhone, you will most likely need an upgrade to its firmware to work with your car. You can’t receive text messages (on other phones the system will process them and speak them to you over the car’s audio) on the car’s screen, which depends on a new Bluetooth profile that is as yet unsupported by Apple but is supported for Blackberry users.

The standard navigation package with Sync doesn’t show you a map of your surroundings, unlike all of the GPS’s that cost about $150 that are sold nowadays. I ended up bringing along my own GPS on a couple of trips, just because the Sync’s features were so abysmal. The $795 upcharge buys you a SD card with the maps included, which is probably the highest price you can pay for an SD card of any size these days.

Also built-in to the car is a Wifi radio, and with the addition of a broadband USB modem you can turn your car into a mobile hot spot, in case your laptop-toting passengers want to be online when on the road. Ford uses the Wifi radio to download software updates and actually provision the electronics software on the assembly line while they are making the car. You can watch this brief video about how they do it here.

If your phone supports tethering via Bluetooth, you can share and drive its Internet connectivity this way. I couldn’t get this to work on my Android phone, however.

Ford makes another electronics package for just its pickup truck line called Ford Work Solutions to run Office applications and Web browsing. This is based on a Windows CE in-dash PC, and a Sprint broadband data modem. Ford has stated that we might see some merging of functionality in the future, such as having a Web browser built into Sync so you can surf when not moving. They are also working on other Sync apps including Pandora radio and Twitter clients that will be available next year.

Speaking of Web browsing, each Sync-equipped car comes with a Web reporting system so you can keep track of any mechanical issues from the comfort of your own browser. (A screenshot is shown above)

This brings up the point of distracted driving, and certainly if you are going to buy this electronics package you should spend several hours understanding what you have before you venture out on the road. The glass cockpit is a bit daunting at first, and even for the geek in me was a bit too much information to deal with on a busy city street, let alone going 65 mph on the freeways. Ford has a “do not disturb” option to block incoming calls and texts, which is a good idea.

While I liked a lot of the features in my Sync-enabled Edge, overall I think it is still has a few rough, well, edges. Maybe if the enhanced navigation card was free I would be more favorably inclined to recommend it. And if you were to collect a GPS, a notebook PC or iPad, and a broadband modem, you can replicate most of this technology for about $600, or about a third of what you would pay for the various Ford Sync options. But you would be missing the integrated voice/touch controls for all these devices.

Using applications whitelisting with CoreTrace Bouncer

Posted on by
Reply

My latest video screencast is looking at Bouncer from CoreTrace. They have a new software-only version 6 that provides solid endpoint protection by only allowing vetted applications to run across your enterprise. There are agents for all 32-bit versions of Windows since 2000 and 64-bit Windows 7 and Server 2008.

CoreTrace Bouncer. Pricing begins at $35 per endpoint

Here is the link to the video review.