Beacons And iBeacons Create A New Market – Business Insider

Beacons And iBeacons Create A New Market – Business Insider.

An upcoming trend for business to look out for is the “Beacon”. This is small device which businesses can place within their business to either gather information on its customers or push information to the customers by interacting with their smart phones (typically by a low-energy Bluetooth connection).

While this is not new technology, recent advances in the cost and power-efficiency of such beacons and the greater prevalence of smartphone users in general and smartphone users who use their devices while shopping, dining, or otherwise engaged in commerce in specific has made beacon deployment a far more attractive proposition for data-savvy businesses. Beacons allow businesses to not only engage in very accurate location tracking of customers, but to push messages directly to customers based upon their location (ex. As customer walks by a rack of clothing, a message can be pushed to them, letting them know that everything on that rack is 20% off for today only.). Likewise, businesses can track the flow of customer traffic, where they do and do not go, what order they visit places within an establishment, and even, potentially what items they stop an look at. This can, clearly, be powerful data for businesses to use, not only for interacting with customers, but in choosing layout of a business and other “customer experience” considerations.

On the downside, there are potential privacy and security implications of this technology, not only for the customers / consumers, but also for the businesses collecting this data. The more intrusive (and non-anonymous) the data a business collects on its customers, the greater the need for policies, procedures, and infrastructure for dealing with this data safely, securely, and withing the parameters of what the law requires. That having been said, this is very exiting technology that can open many new doors for businesses in terms of business intelligence and customer interaction.

Google Chromes cache makes data easy to steal – Is you credit or business at risk?

Google Chromes cache makes data easy to steal.

For those using the Google Chrome web browser, it is important to know that a critical privacy bug has been found in the browser software which has not yet been fixed by Google.

 

Specifically, Chrome routinely stores sensitive information, such as names, e-mails, contact information, and/or even credit card information which are typed by users into web forms at trusted websites. It appears that Chrome stores this information within the program in plain text which can be easily accessed by anyone with access to the user’s computer.

 

As such, until Google addresses this vulnerability, users should be extremely cautious in entering private data into websites using the Chrome browser if there is any chance that the user’s computers can be accessed by others. Furthermore, because the information is cached in the program without any encryption or any other security measures, any trojan horse or similar malware on a user’s computer could potentially access this information and forward it on to identity thieves.

While this clearly has serious potential repercussions for individuals using Chrome, the situation is even more serious for businesses, who could, as a result, be out of compliance with PCI-DSS security rules which are usually mandated by credit card processing companies, if the business wants to be able to accept payments by credit card.

As such, individuals and businesses alike need to take this vulnerability very seriously.

The Lavabit Shutdown and IT Security

How Lavabit Melted Down : The New Yorker.

The New Yorker has an excellent piece online which discusses in detail the events leading up to the shutdown of Lavabit, a secure e-mail provider which was used by Edward Snowden.

 

The article details the pressure placed upon Lavabit and its owner not just to turn over information that would shed light on Edward Snowden’s activities, but rather, information which would give the government wholesale access to all email passing through the services.

 

This article raises serious issues for IT companies who have committed to safeguard the privacy and/or security of its customers. It also raises serious concerns regarding the extent to which the U.S. Government is willing to (and in fact does) compromise the privacy of innocent U.S. citizens as a routine matter.

 

Adobe says hackers accessed data for 2.9 million customers – Oct. 3, 2013

Adobe says hackers accessed data for 2.9 million customers – Oct. 3, 2013.

If you have purchased products directly from Adobe, you need to be aware of this and (i) be on the lookout for notification for Adobe about whether this affects you, and (ii) monitor your identity (particularly with respect to any card used to purchase the Adobe product), to ensure you are not a victim of identity theft.

1-800-Hackers: Why cyber crime is no longer a dark art | Marketplace.org

1-800-Hackers: Why cyber crime is no longer a dark art | Marketplace.org.

Marketplace has aired an interesting piece on the growing trend of using “white hat” hackers as a part of corporate IT strategy as a means of testing and improving IT security.

It is well worth a listen, and is an excellent starting point for consideration of your businesses security and privacy measures. If some form of auditing of your security and privacy measures (not just hardware and software, but policies, procedures, and practices, as well) then your company may needlessly be laying itself open to significant liability, expenses, and damage to business reputation.

As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm – NYTimes.com

As F.B.I. Pursued Snowden, an E-Mail Service Stood Firm – NYTimes.com.

This is an interesting piece on the IT company Lavabit, which, before its shutdown, provided secure e-mail services to its customers. The story details the steps taken by the FBI to force Lavabit to turn over encryption keys and take other steps which would not only provide the FBI with access to Edward Snowden’s e-mail account on the service, but would render vulnerable the accounts of any individual or company making use of the service, without warrant and without court oversight.

In pressuring Lavabit to capitulate to its requests for “technical assistance” including divulging the private encryption keys used by the service, the owner of the company was pursued for contempt of court, fined $10,000.00, and then threatened with arrest when he publicly announced his intention to shutter the company.

The tale of Lavabit is something of a cautionary tail for companies that provide IT services. But even more, it should be a wake-up call to both users and providers of IT services regarding the boundaries of privacy and the lengths to which the government is willing to steamroll even legitimate businesses which seek to guard their customer’s privacy.

Senator Al Franken voices privacy concerns over Apple’s Touch ID in letter to Tim Cook | The Verge

Senator Al Franken voices privacy concerns over Apple’s Touch ID in letter to Tim Cook | The Verge.

With the recent release of the iPhone 5s, a new privacy concern comes hand-in-hand with the new device.  One of the features being debuted with the iPhone 5s is Apple’s Touch ID, which allows the iPhone user to, among other things, unlock their phone with their finger print, using an embedded fingerprint reader in the phone.

Although fingerprint readers in electronic devices is not a new thing, by any means, Touch ID appears to be among the first (if not the first) incorporation of this technology into an always connected mobile device. The concern with this new combination of technologies is over how the individual’s biometric data will be saved, who will have access to it, and how this may affect user’s privacy. These are questions which, based on the limited information which Apple has released about precisely how Touch ID works, remain unanswered.

German Hacker Group Says It’s Broken The iPhone’s TouchID Fingerprint Reader – Forbes

German Hacker Group Says It’s Broken The iPhone’s TouchID Fingerprint Reader – Forbes.

Within just days of the release of the new iPhone 5s, it appreas that hackers have already found a way to break Apples new fingerprint-based biometric security feature, TouchID.

Apple indicates that it is working on fixes to this apparent vulnerability already, but in the meantime, it just goes to show that reliance on new security standards or features must be done cautiously until that system is thoroughly vetted.

Forewarned, fore-armed.

Stop using NSA-influenced code in our products, RSA tells customers | Ars Technica

Stop using NSA-influenced code in our products, RSA tells customers | Ars Technica.

RSA Security, a noted data security tool maker, is advising its customers to stop making use of its BSAFE toolkit and Data Protection Manager, as it apparently includes a back-door-type vulnerability in the underlying cryptographic standard, which was engineered with input from the National Security Agency (“NSA”).

In particular, the Dual EC_DRBG pseudo random number generation routines used in these tools were deliberately compromised and/or crippled, thus undermining the security of most, if not all, of the cyptography systems which make use of it.

These vulnerabilities potentially extend to such products the McAfee Firewall Enterprise Control Center and other products using BSAFE or other systems relying upon Dual EC_DRBG.

The concern arising from this intentionally introduced vulnerability is that, not only does it make any data protected using this standard potentially open to penetration by governmental agencies, but that it undermines the overall reliability of the encryption, thus also throwing encryption based on this technology open to hacking by either foreign governments or criminal hackers.

Navigating the Legal Pitfalls of Augmented Reality

Navigating the Legal Pitfalls of Augmented Reality.

Mashable.com has published an interesting article on the legal implications of Augmented Reality as a marketing and advertising tool.

In the past year, AR has increasingly moved out of the “gee-whiz” phase of just being a technological marvel into becoming a legitimate and increasingly adopted tool in the marketing arsenal of a significant number of companies. (The Mashable article cites Ikea and Philips electronics as two examples, but there are many more, with new-comers jumping on board each day.)

There are, however, a number of significant legal implications that companies need to factor into their decision of whether or not AR is an appropriate tool to use and, if so, how to implement it.

These legal concerns include general privacy and data security issues, truth in advertising regulations, child protection (COPPA) issues, just to name a few.

The takeaway here is: if you are using AR in your marketing and product delivery process OR if you are thinking of adding AR to the mix, make sure that you have thought through and implemented policies and procedures that will keep you on the right side of the applicable laws and regulations that apply. Failing to do so can lead you into a ugly (and expensive) virtual dead-end.