You are the weakest link

One of the big fears that many people have about online shopping is that some ne’er-do-well will magically nick their credit card details, and while that’s a legitimate concern – I wouldn’t give my card details to a site I didn’t trust – I think it’s been blown out of all proportion. I know a few people whose card details have been stolen (it’s happened to me, too) and in each case the guilty party wasn’t some faceless foreign hacker, but someone on the other end of a phone, or someone in a shop.

The best tool in any hacker’s armoury isn’t a bit of software or some mad card number-intercepting gadget; it’s social engineering. That’s a fancy way of describing the methods you can use to persuade people to give you confidential information. A typical example is calling someone up, pretending to be the IT department, and asking them to confirm their user name and password. A lot of people will do just that and boom! The villain’s in the system. The same principle is behind the “phishing” scams that infest the net: rather than intercept your credit card details, phishing scammers simply put up a fake page that looks like your bank and ask you to hand over your details. An alarming number of people do just that (and if you’re one of them, you’ll probably find that your bank won’t reimburse you for any dodgy spending that results).

I was reminded of social engineering the other day when I was having a cigarette break outside a PIN-protected building: as a guest, I’m not allowed to know the door code. But I got in anyway, thanks to a group of people who *were* allowed to know the code; one of them had forgotten it, asked their colleague what it was, and their colleague duly supplied the code number in a voice loud enough for me to hear. In one fell swoop the security system became redundant – although I was only there to steal everyone’s coffee, rather than to do anything sinister.

The weak link in any security system is usually a person, or people in general. Passwords are often absurdly easy to guess – the wife’s name, the person’s date of birth, the name of their dog or worst of all, the word “password” or “letmein” – and if you can’t guess it, you can usually persuade people to hand over the details by pretending to be the IT department or bribing them with a Toblerone. And if that doesn’t work, there’s always good old-fashioned stupidity, such as the offices with ultra-secure buildings and ultra-secure networks whose employees stick a couple of wireless network access points on the corporate network, forgetting that the whole point of wireless is that it works through walls. Judging by the press releases from security firms I’ve been reading recently, there are still an awful lot of firms providing free internet access to passers-by – and leaving their networks wide open to villains, ne’er-do-wells and ruffians.

Of course, it’s important to take security seriously – and there are some horrifically talented people out there who can bypass even the toughest security systems. However, you’ll find that the most common threats tend to be ridiculously simple: a fake email purporting to be from your bank; an email that claims to be a screensaver but which contains something nasty. If people were a little more paranoid and a little less trusting, the net would be a safer place.

Pedantic note:
Although I’ve used the term “hackers” in this post, some members of the hacking community would be unhappy about that. Technically a hacker is someone who takes things – hardware, software, systems – apart to find out how they work or to make improvements, while someone who uses those skills for evil reasons is a “cracker”. However, language changes and over the years, “hacker” has come to mean anyone who breaks into systems, whether they’re good or bad – hence “white hat hackers” (the good guys) and “black hat hackers” (the bad guys). Complaining about the use of the term “hackers” to describe bad guys, then, is a bit like moaning that “shambles” no longer means “slaughterhouse”.

Give them an inch and they think they’re rulers

Cory Doctorow at BoingBoing has discovered yet another example of digital rights management technology being used for things that have nothing to do with piracy: US cable companies are being pressured by Time Warner to “expire” their customers’ digital recordings of TV programmes such as Six Feet Under when the next episode airs.

This is the danger of sucking up to the studios in the first place: they say, “Suuuure, we’ll ‘let’ you build a PVR that will tape the shows you cablecast to your customers, but that permission is contingent on our ongoing goodwill. So if in the future we decide, for example, that your PVR can’t record certain shows, or can’t skip certain commercials, or can’t store certain recordings for more than a few days, you’d better implement it. Or else. So what if your customers can’t figure out why their PVRs don’t work properly? That’s your problem, pal.”

Food for thought

When I moved to Glasgow a couple of years ago, I was struck by the same thought again and again: my dinner tastes like crap. Or rather, it didn’t taste of anything. Thick sirloin steaks didn’t really taste of steak, no matter how I cooked them; tomatoes were cold, but didn’t really have any flavour; even cheese – my great weakness – was bland and lifeless.

At first I wondered if I’d left my tastebuds back in Ayrshire, but when I started looking into the food I was eating I spotted one key difference. Before I moved to Glasgow most of the food I ate was local, so for example almost all of the meat I ate came from a local farm. When I moved to Glasgow, most of the food I ate came from supermarkets.

So I started looking at the labels of the food I was buying, and discovered that in many cases I was buying something that looked like food, but which was largely a collection of preservatives, colourings and water. Fruit and veg had been picked long before it was ripe and transported halfway around the world, which explained why it didn’t go off for a week but also explained why it didn’t taste right. I started reading up on the food industry and the supermarket industry, and learned what terms such as “reformed” and “mechanically recovered” meant; I read a few articles about the pesticides and chemicals in foodstuffs, the micro-organisms in milk and the regular health scares about factory farming. So I went organic.

There are three things you need to know about organic food. First, it’s much more expensive than supermarket “value” ranges. Secondly, it takes a lot more effort (so a weekly shop isn’t enough). And thirdly, it usually looks awful and tastes fantastic.

The first time I tried organic fruit, I ended up covered in juice – not because I have particularly sloppy eating habits, but because I was used to fruit that wasn’t particularly juicy or tasty. I had to learn how to cook bacon again, because I was used to chucking bacon into the pan, waiting for it to shrink and chucking more in. Organic bacon isn’t full of water, so it doesn’t shrink. I had to get used to shopping several times a week, because organic fruit and veg is ripe and therefore goes to mush in a couple of days. And I rediscovered my tastebuds, which had been largely unused for several months.

There’s another benefit to organic food, which is that by choosing organic you’re generally supporting smaller, local farms and shops instead of giving yet more cash to the supermarket chains. Don’t get me wrong, I still buy stuff from supermarkets – wine, toiletries, bread, the odd packet of crisps – but their power (and their effect on small shopkeepers) worries me. If you want a good scare, the non-fiction book “shopped” is worth reading.

I’m convinced that to future generations, our eating habits will seem insane – and I suspect that the health consequences of cheap (ie. adulterated) food will come back to haunt us.

The Rebel Sell

Fight Club. Adbusters magazine. American Beauty. No Logo. Each one a rallying cry against consumerism, a wake-up call to alert us from our advertising-induced slumbers. Right?

Not according to The Rebel Sell. The article – an excerpt from a new book – posits that Naomi Klein’s anger at yuppies in her local area is driven by irritation at her loss of social “distinction”, that American Beauty is about cool, not anti-consumerism, and that Adbusters is just another magazine that you buy in a newsagent.

How can we all denounce consumerism, and yet still find ourselves living in a consumer society?

The answer is simple. What we see in films like American Beauty and Fight Club is not actually a critique of consumerism; it’s merely a restatement of the “critique of mass society” that has been around since the 1950s. The two are not the same. In fact, the critique of mass society has been one of the most powerful forces driving consumerism for more than 40 years.

It’s interesting and inflammatory stuff. I might track down the book.

Please excuse the dust

…but I’ve finally got round to updating the blog template and in typical blogger style, republishing the entire weblog isn’t working properly. There’ll also be some display weirdness on older blog posts, particularly ones with inline images (the new template uses slightly different column widths than before).

Tired, unhappy

“Make sure you’re sitting down before you open this.” Not the subject line you want to see on an email from your accountant; it turns out that I’ve made a complete and utter arse of some tax stuff and as a result, I’ve got until 31st January to find a sum of money that’s even bigger than the sum of money I reckoned I had no chance of raising by then. Maybe I should become a celebrity blogger:

Liberals are wusses! Saddam is evil! Pay with PayPal!

Hmmm. Maybe not.

I think I’ll have to classify this week as a write-off: not only have I landed in deep tax trauma, but I’ve got a bloody sore back, I managed to stab my tongue with a toothbrush while half-awake the other morning, I’ve got writer’s block and there’s the beginning of The Biggest Spot of All Time on my chin.

On a brighter note, I’ve discovered that Java is the crack cocaine of the coffee world. Tasty, too.