Tag Archives: security

Dump Yahoo now

Telecom NZ temporarily cancelled 60,000 Yahoo Xtra email passwords at the weekend. The move follows ten days of spam messages swamping New Zealand in-boxes.

The biggest email outage New Zealand has seen.

Yahoo is the problem. Not just for the sloppy security which meant the Yahoo Mail site has a cross site scripting vulnerability.

That’s bad enough. But Yahoo lied about the fault. Then it hid the vulnerability’s seriousness both from partners like Telecom NZ and from end-users.

Yahoo repeated claimed to have fixed the problem. It hadn’t.

The company simply cannot be trusted. That leaves us with no alternative: dump everything Yahoo.

That means you and I should have nothing to do with Yahoo. It also means Telecom NZ needs to pull the plug. Telecom’s lawyers should already be pouring over any contracts. Telecom NZ needs a transition process for customers locked into to Yahoo Xtra mail accounts to disengage, the sooner that gets started the better.   

Can Kim Dotcom’s cloud be trusted?

This time Kim Dotcom has gone to great lengths to build a respectable business.

Dotcom and his lawyers have hit on a formula that looks squeaky clean. If anything naughty is stored on his Mega servers employees can legitimately hold up their hands and say “it wasn’t me”.

Hiring high profile InternetNZ boss Vikram Kumar to head the new operation was a public relations masterstroke, at least in New Zealand.

Months of writing about cloud computing from a business perspective have taught me cloud provider must be trustworthy. The same logic applies for personal data as for business data. As Dotcom’s Megaupload customers discovered, if a cloud operation is suddenly stopped, data cannot be retrieved.

On the surface the 50GB of free file storage looks like too good a deal to pass. But can we trust Dotcom and his new Mega organisation with our data?

In this case, that question is almost irrelevant. Dotcom’s business may or may not be trustworthy. It may even be financially stable*. Mega may respect the law. The problem is governments in Washington, Wellington and elsewhere don’t.

Last year’s raid was, at best, legally questionable. The indictments are also questionable. That didn’t stop governments closing Dotcom’s earlier cloud service and confiscating his assets.

Your data security is more dependent on the whim of the US government than it is on the integrity of Kim Dotcom and Mega.

For now at least, The US government appears happy for you to store the same files on Amazon, Apple, Microsoft, Dropbox or any of dozens of other cloud services.

In this case the question of trust isn’t about Mega but the US government.

* Mega may be financially sound, but if I was doing real due diligence, that’s where I’d look first when assessing the risks.

Lack of trust at Wynyard Quarter

Sitting down at Jack Tar in the Wynyard Quarter

Sitting down at Jack Tar in the Wynyard Quarter

We took overseas visitors for lunch at Jack Tar, a restaurant pub in Auckland’s Wynyard Quarter. The food is more expensive than in less attractive spots, but not bad.

However, I doubt I’ll eat there again.

When we ordered, the waitress asked for a credit card. She said this would go ”behind the bar”. I’ve done this before in pubs. Usually handing over a card is an option. This was a requirement.

We played along. Not doing so would spoil the moment. This is worrying on two counts.

First, I don’t have a personal credit card - that’s my choice. Does this mean I can’t eat at Jack Tar? I don’t know. I’m not planning to sit down and order before finding out.

Second, banks tell credit card holders not to let them out of their sight.

Sure, Jack Tar is an unlikely front for an international card skimming operation. That’s not the point. A business which can’t trust customers to pay the bill is in no position to turn round and ask for trust in return.

Lifehacker Australia says Windows 8 won’t solve your security woes

Microsoft is telling the world Windows 8 is the most secure version of Windows to date. That’s true enough. Yet as Angus Kidman at Lifehacker Australia reminds us, that doesn’t mean you can forget about security.

He says you’ll need to keep up-to-date with the latest patches, stay away from suspect websites and take care with passwords and other connected devices. All sound advice. Read more at Why Windows 8 Won’t Solve Your Security Woes | Lifehacker Australia.

 

Why BYOD won’t be a problem for long

Everybody in the business IT world is talking about BYOD or bring-your-own-device. It happens when company’s allow or even encourage employees to choose their own workplace gadgets.

BYOD can cause headaches for companies and CIOs, not least because of the cost of supporting dozens of different devices, multiple operating systems, hundreds of apps and so on. And then there are the security issues.

I caught a session by Cisco’s Vaughan Klein at Gen-i’s recent IP Voice seminar where he gave the best explanation I’ve seen so far, why BYOD problems are transitory.

Klein says BYOD will soon give way to bring-your-own-application and that in turn will give way to bring-your-own-browser.

Before long web browsers will deliver just about every business computer application - this includes the heavyweight suites from companies like Oracle and SAP. When that happens the support and security burden on companies will ease considerably.

 

Huawei with the fairies

The United States sure has a problem with Huawei. Chris Keall’s report in the NBR quotes a congressman who says the Chinese communications equipment giant’s customers should worry about intellectual property, privacy and US national security.

There may or may not be something in those accusations.

Australia’s government takes them seriously. It has shut Huawei out of the juicy big contracts for that country’s fibre network, the NBN.

New Zealand’s government does not take the claims seriously. Either that, or government thinking is so far down the markets-rule-everything drainpipe that security considerations come second to buying from the cheapest supplier.

I’m not qualified to comment one way or another on whether the accusations are valid, or on the political calculus behind the decisions in Australia and New Zealand.

However, I offer these four thoughts, or if you like, angles to consider as this story unfolds.

1. China is now the United States’ main superpower rival. Unlike the Soviet Union, which was an economic basket case, China poses an economic challenge as well as a political or military challenge. In New Zealand we’re no longer used to see politicians going in to bat for our industries and companies, it is still common in the US. Possibly the accusations could be as much about undermining the economic challenge from Huawei as anything else.

2. If Huawei’s Chinese-made telecommunications kit is a challenge to IP, privacy and national security, what about all the other gear being made in China for US brands? Are Chinese-made Apple iPhones also a problem, what about routers and other equipment?

3. Call me paranoid if you like, but if US leaders assume companies in other countries are putting backdoors into strategic infrastructure devices. Does that imply US spooks have already at least thought of doing the same thing with US-made kit?

4. Do the relatively close ties between NZ National party leaders and Huawei, along with the relatively relaxed attitude to the companies kit being used for infrastructure, imply New Zealand is now diplomatically closer to China than to the old US alliance?