In a move that is strongly reflective of its overseas ownership, T-Mobile has announced that its customers now have the option to purchase cellular services without having to commit to a contract. Unlike the US, a large majority of European and Asian cell phone subscribers routinely purchase cell phone services on a monthly basis as opposed to the 1 and 2-year contracts familiar to most Americans. T-Mobiles new pre-paid plans start at $50/month for unlimited voice, texting and data, with a couple of small catches: data may be unlimited, but access to T-Mobile’s high-speed data network is capped at 500MB for the $50 plan (Increased to 2GB for $60, and truly unlimited for $70/month). The other gotcha? Pre-paid plans will no longer subsidize the cost of expensive phones that can be gotten for “free” with 2-year contracts, at least not in the manner with which you may be familiar.
What this means for you:
Of the major carriers in the US, T-Mobile is in fourth place in terms of market, and they trail third-place carrier Sprint by a large margin. Lacking the marketing muscle to go head to head with Verizon and AT&T, T-Mobile is attempting to disrupt the US market by offering plans that are common-place and popular overseas, but still relatively untested in the US. Many analysts believe that the US cellular market will grow to mirror its overseas counterparts, but that convergence is still at least 2-4 years away.
One of the key differences in T-Mobile’s plan is how they plan to allow consumers to still “subsidize” the cost of new phones. In a traditional 2-year plan as offered by the major carriers, the cost of a new phone is incorporated into the monthly subscription fee, and presumably at a rate that pays off the phone in two years time. T-Mobile offers a similar deal with their pre-paid plan, but instead of offering a single monthly amount, they actually break out the cost of the monthly payment for your new phone.
Why is this important? With T-Mobile, once you have finished paying off the phone (which can be done on their 2-year schedule, or sooner should you decide to just buy out the remaining balance), your monthly bill will be reduced to just the amount owed for services. With the traditional contract offered by the big carriers, your monthly bill will stay the same even though you have paid off your phone. This is no big deal if you decide to switch carriers, but they are banking on the fact that you might not. So far, this has paid off, given the popularity of this type of contract, but maybe T-Mobile can bring disrupt enough of the market to put some strain on the Verizon/AT&T duopoly in place in the US.
(Full disclosure: I’m a T-Mobile customer on 2-year contract, paying down my brand-new Nexus 4. I’m paying approximately $80/month which includes a monthly payment of $20 for my phone.)
Apple has joined the growing ranks of digital services enabling two-factor authentication as a means to protect their customers from account theft. Two-factor authentication has long been a staple of secure corporate and government networks, and employs a basic mechanic of password plus a randomly-generated authentication code that is delivered to a device that you must have in your possession at the time of authentication. In the past, this device has traditionally taken the form of keychain fobs and cards whose sole purpose was to generate numeric keys constantly, but this same functionality can now be delivered through apps that are installable on smartphones, via SMS message to registered cell phones, or even via automated voice calls to your home or office phone.
What this means for you:
In Apple’s case (as with services like Gmail, Facebook, and many massive, multiplayer online games like World of Warcraft), two-factor authentication is an opt-in service, and is not enabled by default with your Apple ID/iTunes account. Enabling the extra security requires you register one or more cell phones with Apple that will receive your authentication code via SMS. Should you do this? If you use services that require an AppleID (iTunes, iCloud, Mac.com, etc.) with any frequency, and especially if you have iTunes credit banked, you should absolutely enable two-factor authentication, especially if the account is tied to a core service you rely on, such as a Mac.com email address, or iCloud for your iPhone and other Apple devices. Two-factor security makes your AppleID (or any other account like Gmail, etc.) that much harder to hack. There will be some inconvenience, especially if you are in a hurry to access your account and have to hassle with the extra security code entry, but imagine the alternative if your account is hacked.
With greater security comes less convenience, a fact of life in this digital age, and not something that will change in the foreseeable future without a significant evolution in security technology.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
With results that will probably surprise no one (and warming the hearts of black-hat hackers everywhere), the US Government Accountability Office has published its findings on a recent security audit of the Internal Revenue Service. The summary reads like the report card every good parent dreads, “Needs improvement.” Despite having a comprehensive security plan (the development of which was funded by your dollars!) the GAO has found that the IRS has failed to follow through in many areas of implementing and enforcing that plan in various parts of its operation, and these failures have severely compromised the overall security of the very important data the IRS collects on all American citizens.
What this means for you:
As you might expect, the 31-page GAO report is not the most exciting of page-turners. I’ll save you the dry read with the “moral” of the story: having a security policy is only as good as how well it is enforced and maintained. It does your company no good to say that “All employees must use strong passwords that are changed every 60 days” if no one is checking to see if they are actually adhering to the policy. It’s actually much worse for your company if you do have a security policy, experience a breach, and then discover that the breach was due to lack of enforcement.
Don’t get me wrong – I’m not recommending against having a security policy. You should have a security policy, especially if you handle sensitive data of any sort, and you should be making every effort to enforce, update and maintain that policy on a regular basis. A simple security breach could cause untold damage to your company’s reputation, and even more so if you have to admit that it happened because you failed to follow through on your own company’s policies.
Technology lobbyists have been pushing for reform of the 1986 Electronic Communications Privacy Act for years, primarily to address the multitude of shortcomings, loopholes that couldn’t have been predicted almost 30 years ago. Law enforcement has also jumped onto the bandwagon, having recently submitted a rider proposal that would be attached to any changes proposed to the ECPA. Their objective? To get cellular providers to retain all the text messages passing through their network, primarily for the purposes of investigating criminal activity. Currently, most providers say they do not retain the actual text messages centrally, and smartphones by default are not designed to retain text messages long term, but each provider appears to have different policies governing exactly how much data is retained, and how long. This inconsistency troubles some lawmakers, and enforcement has long held that criminals purposefully use SMS as an “untraceable, untrackable” communication method.
What this means for you:
A proposal is a long way from actual law, but many privacy advocates and watchdog groups say a rider proposal like this could hamper much needed changes to the decades-old ECPA by weighing down progressive proposals with Big Brother agendas that most technology companies find distasteful, if not diametrically opposed to in their publicy stated values – think Google’s “Do no evil” policy. The fight for privacy continues to carry into new areas everyday, but the SMS fight could be a huge battle: six billion text messages are sent everyday. Privacy issues aside, imagine having to figure out how to store this information in a way that is useful, let alone subpoenable!
When laptops and desktops first started shipping with webcams built right into the chassis, people immediately started joking about their computers spying on them, and I saw numerous semi-serious and completely serious attempts to cover them up with tape, post-it notes, permanent marker and just about anything people could put their hands on to alleviate that prickling sensation of being watched. Unfortunately, reality isn’t typically far behind imagination, and you probably aren’t surprised to know that it is completely possible for your webcam equipped device to be hacked, and yes, your webcam activated and watching whatever is in front of it. Not scary enough for you? What about that laptop you just gave your daughter?
Sadly, this isn’t just a scare tactic. ArsTechnica has a chilling article that takes a detailed look into the creepy world of “ratters” – young, mostly-male hackers who use covert Remote Access Terminal software (RATs) installed on compromised computers for the express purpose of spying on and remotely tormenting their “slaves.” RAT software is based on the same technology commonly found in support software used by IT professionals (like C2) to provide remote assistance and control on their customer’s computers. Unlike those legitimate tools, RAT software is designed to being undetectable and easy to install and spread without the victim’s knowledge.
What this means for you:
In nearly every case of malware attacks, especially ones that can deliver a payload like a RAT package, the incursion is typically the result of an action taken by the victim: visiting questionable websites, opening unknown attachments, clicking strange links in emails. Alongside of this is a set of inactions that the user is also guilty of: failure to install reputable antimalware software, failure to make sure the OS and installed software are kept up to date, and of course, failure to remain constantly vigilant! As you’ve heard me say many times, nothing will stop a dedicated hacker from penetrating even the most stalwart of defenses. However, a good malware application and some common sense will put you miles ahead of the less cautious and less safe and typically off the radar of hacking ratters, who are looking for easy targets.
Another simple solution? That piece of tape ain’t looking so bad now, right? Just remember to cover the lens and not the “activity” light for the camera, which will tell you when your camera is possibly watching your every move. As always, if you notice your computer behaving strangely, disconnect it from the internet immediately and call a professional for advice.
Image courtesy of idea go / FreeDigitalPhotos.net
Though it’s no secret to the security world, the US government has specifically avoided naming Chinese state agencies as the source of a tremendous surge in cyberattacks on corporate and government institutions over the course of the past 2 years. On Monday, the gloves finally came off as Obama’s security advisor, Tom Donilon pointed the finger of blame right at China’s military in a speech given to the Asia Society in New York, NY, as evidence gathered by multiple security firms continues to build an unavoidable confrontation on this issue. The Chinese government has of course denied these allegations, but has also said that it is willing to meet with the US and other nations to discuss cybersecurity.
What this means for you:
It’s still very early in the ballgame to decide if this is going to make things better or worse for the average business. At the moment, unless you are on the short list of companies that have information worthy of corporate or state-sponsor cyber-espionage, nothing will change for you, as your threats are likely still coming from the “traditional” vectors: either organized criminal elements seeking to steal from you, or random mischief and mayhem generated by malware controlled by those with less focus and malice. Today, as before, constant vigilance remains the most effective tool in your defense.
Targets of state-sponsored cyberattacks will continue to have a great deal to worry about. Where a “garden variety” attacker encountering strong defenses would normally move on to easier marks, cyber espionage targets will typically suffer through a dedicated, prolong campaign of multiple types of attacks (brute force, trojan horse, spear phishing, social engineering, etc.) because of the valuable data or services protected within and the deep pockets of the government powering their efforts.
It’s not immediately clear what either government hopes to accomplish around meeting on cyber warfare, other than to set up guidelines that will only be used for political leverage when violated by the other party, and probably ignored when it suits either country. As you can imagine, rules like the Geneva War Conventions only work when both sides are willing to abide by them.
Classic car enthusiasts have bemoaned the industry’s shift towards computerizing every aspect of automotive operations, especially things that in the past could be tuned and maintained with a set of tools and a little elbow grease. The rise of technologies like fuel-injection, ABS and automatic transmissions have made our cars some of the most sophisticated electronics we use on a regular basis, aside from our smart phones and computers, and like them, sometimes we know very little about how to keep them operating at top efficiency. A new company, Automatic, aims to change that with a small device called the “Automatic Link” which plugs into your car’s ODB-II port – the same one auto shops use to run diagnostics on any car made after 1996.
The device connects to your iPhone via Bluetooth, and using telemetric data gathered by your car’s own onboard computers, GPS data tracked on your phone, and (presumably) some powerful cloud-based data analysis, will analyze your driving habits and start to put together recommendations on how to drive more safely and efficiently, as well as providing historical analysis of all previous travels in your vehicle including time spent on the road, distance traveled, and average fuel-efficiency. If it spots trouble with one of your car’s systems, instead of flashing a cryptic message code that you have to dig out of your car’s instruction manual, it will again leverage the internet to provide more meaningful clues as to what might be wrong, and then show you nearby highly-rated auto mechanics that can help.
What this means for you:
The Automatic Link isn’t shipping until May of this year, so aside from media hype, all we have to go on are the promises of Automatic’s website. At the moment, it’s only being launched for iPhones, so if you aren’t among the Apple faithful, you are out of luck at the moment. This device is following a growing trend where we are tying larger portions of our lives to our smartphones, which, as I’m hoping you realize, is a double-edged sword. There are a great many benefits to be gained from devices such as this – but at what cost to your personal privacy. No doubt, Automatic has plans for the massive amount of data these devices can gather, and I imagine the demographic information contained within has any location-based business salivating at the prospects.
Among the many things that complicate technology, batteries have historically been a big, heavy, environmentally disasterous anchor around everyone’s necks. Researchers at UCLA have recently announced a breakthrough in producing graphene-based “supercapacitors” that essentially takes the best parts of a capictor and a traditional battery to form what may be as transformative as the discovery of electricity. Graphene-based batteries are envisioned to be able to charge in minutes. On top of this, graphene itself is very eco-friendly (compostable, in fact), durable and flexible, almost the exact opposite of current battery technology.
What this means for you:
I don’t know about you, but my mobile devices always seem to be on low battery at the most inconvenient moments. Even if there is a power plug nearby and you happen to have your charging cable, putting your phone/laptop/camera/tablet down in the middle of a busy day (not to mention a public place like an airport) for an hour or more is just not practical. What may be really eye-opening is if graphene battery technology could be used for electric vehicles, specifically electric cars which have been struggling against “range anxiety” in their adoption and spread. Charging stations, once envisioned as impractical (mostly because of the slow charge times) could literally operate with the same speed and convenience as a traditional gas station, paving the way for a fossil-fuel free future. Say that four times fast!
Image courtesy of digitalart / FreeDigitalPhotos.net
You might not have realized this, but in 2012, US Copyright Office let an exception to the Digital Millenium Copyright Act (DMCA) expire that suddenly made it illegal to unlock a cellphone you owned, for the purposes of using it with a different carrier. Passed in 1998, the DMCA covers many areas of modern technology, but the exception essentially allowed consumers to unlock phones like the Apple iPhone themselves, as opposed to purchasing a (much more expensive) unlocked phone or asking/paying the carrier to unlock the phone for you after you’ve paid for the phone through a subsidized contract. Though the exception lapsed late last year, the Whitehouse and the FCC have both issued statements urging Congress to legalize unlocking.
What this means for you:
In the US, unlocking your smartphone doesn’t have quite the same value as it does in other parts of the world, primarily because the two largest carriers operate networks that use two different technologies that are not found in any one phone. For example, if you had an AT&T iPhone, you can’t unlock it and move to Verizon, because the actual hardware will only work on GSM networks (Verizon is a CDMA-based network) but you could use it on T-Mobile’s network. The carriers aren’t really interested in seeing the exception renewed, primarily because it narrow’s consumer choice and “locks” unknowning customer with technology that, while simple to crack, is technically illegal to actually do without the carrier’s permission.
The issue rarely surfaces for most consumers anyways, as the carriers offer “free” or heavily discounted phones (with a multi-year contract, of course!) to “new” customers, so most opt to get something shiny and new, versus unlocking their 2-year old phone. The issue here is really more centered around protection of consumer rights and the fact that if you own something, you should be able to do whatever you want with it as long as it isn’t impacting the well-being of others. Unfortunately, the Whitehouse and the FCC can’t do anything about the DMCA or renewing the exception because the Copyright Office is governed by Congress. And we all know how productive they’ve been lately.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
In what many analysts are seeing as another setback for beleaguered BlackBerry, the US Department of Defense has now announced that it will start allowing the use of iPhones and Android devices in a space that was once the domain of BlackBerry devices. In the early days of mobile email delivery, BlackBerry devices were designed for enterprise-controlled security, where as the other email-capable devices still relied on immature internet standards, or like Apple’s early iPhones, completely eschewed corporate control. Because of this, BlackBerry became the defacto standard for any business that valued security over style, including pretty much every government agency around the world.
What this means for you:
Don’t count BlackBerry out just yet, but the count is getting shorter and shorter, and at some point the referree might need to stop the fight. The Pentagon isn’t getting rid of BlackBerries (that would be a haymaker they won’t get up from), but they are now opening up the space for departments to use solutions from other vendors (namely Apple and Android). This is a signal to the rest of the world that might have been sceptical of iOS or Android’s security status that if the world’s most powerful military is willing to consider using iPhones and Androids, maybe those platforms have finally caught (and passed) BlackBerry on the security front.











