Friday 12 April 2013

Why trusting your IT company just became a whole lot more important

When we book a computer into  our workshop we use a paper form which includes a box for the password for the computer we are going to work on. Often we may also need the password for the customer’s email account – and we’ll either hack that using a tool called Mail PassView or ask the customer for it if we need to.

I’ve never really thought about the security implications of this process as I trust my staff implicitly, however we do intentionally keep the password off the database system as it’s pretty hard to hack a piece of paper, and once we are done with the worksheet this can be either filed under lock and key, or shredded and pulped.

If the customer is concerned about their security they have the option of changing the password afterwards, but in practice I’m sure very few bother as it’s not always easy to manage, particularly now you have to change it on all your mobile devices too.

One of the big changes in Windows 8 is the reliance on a Windows Live ID, which is often associated with the customer’s main email account. The implication is that we now need the email password to do pretty much anything on the computer, including tasks such as installing Office 2013 which must be linked to a Live ID account.

Whereas before a single password would give limited access to a system, with cloud services and Windows Live ID integrating with everything, it’s a case of one password to rule them all. In many ways this is great as Microsoft have long been the champions of a single authentication for everything, but as soon as you need to give your password to a third party for essential work to be carried out this model presents a huge security risk.

What does this mean for the average Windows 8 user? Well for starters you need to be able to trust your technical support as never before, as now they get access to everything. Suddenly that shady PC repair shop on the corner with the second hand laptops and the phone unlocking sign in the window isn’t looking so attractive is it?

One of the problems with our industry is that there’s very little regulation – the organisations that claim to act as trade associations are mostly just glorified social clubs who would much rather organise another members’ golf day than actually get involved in policing their members. It’s left to organisations such as the council run Trading Standards Officers to weed out the bad boys

In some ways this is good news for us as we work to defined procedures which include DBS (previously CRB) checking our employees. We also have excellent relations with our local Trading Standards team and have assisted them in bringing some of the less reputable operations in our borough to account.

However I do sometimes feel that companies like ours are in the minority – I can count on the fingers of one hand the other companies in our sector that I’d confidently recommend. When it comes to handing over your entire on-line identity what is really needed is something like a valet key, which are commonly employed in the US where valet parking is everywhere. This is a clever little key that allows the valet to drive the car and lock the door, but not to open the boot, for example, and some even turn off the engine if  the car travels more than a short distance.

If Microsoft allowed a temporary service account password to be created that worked alongside the main Live ID this would provide an elegant solution to the problem. It could be configured to automatically expire after a set number of days, and could include features such as allowing the ‘valet’ to see email headers, but not open them to read the full content. So there in a nutshell is both the problem and a solution. Over to you Microsoft.

Wednesday 3 April 2013

Raccoons, Easter, and Ungoogleable

When Google Maps added ‘treasure’ to their ‘map’ and ‘satellite’ views I’ll admit I was taken in completely. I thought that the locations were for Easter Egg hunts, based on the fact that the treasure marker closest to me was at the same spot as a local egg hunt. I'm still not sure if it really was an April Fool but the consensus seems to be that it was.

Google + Easter have caught my attention a few times in the past week or so. Last Tuesday it was reported that the word "ungoogleable" was to be removed from a list of new Swedish words after a dispute between the search engine giant and Sweden's language watchdog.

This spat got me thinking about how we use Google, and what makes something difficult to Google for.

A few months ago I was trying to track down an old TV series that I remembered from my youth that featured a very clever computer called Box. This was more than an idle search – the voice interface between Box and its owner was, as I remembered, similar to the voice interface used by Apple’s Siri. By demonstrating prior art it’s possible to stop corporations from destroying any chance of innovation by limiting their ability to patent anything and everything they can. But enough about our horribly flawed patent system – my problem was that armed with a common word like ‘box’ I couldn't frame a sufficiently specific search term, so here was a question that was a perfect example of "ungoogleable". In the end I had to resort to posting messages in a science fiction forum, and within hours a helpful member had told me exactly where to find Star Cops, which I ended up watching all over again. And Box was indeed just like Siri, only smarter, and slightly less smug.

Usually I'm pretty good at Googling for  things and I've learnt many subtle Google-specific techniques that allow me to search effectively; it’s a real skill, and one I'm far too quick to exercise whenever I need a question answered. But of course there are some questions that just don’t have answers.

Easter morning is an exciting time for my niece and nephew who live in California. It starts with an Easter egg hunt in their garden, followed I guess by gorging themselves on chocolate until they feel ill. Imagine how distraught they were to find that the local raccoons had beaten them to the gorging part. I don’t know who I feel sorrier for; the poor raccoons who must have been feeling ever so ill; my sister who somehow managed to  stop herself from laughing out loud at her children’s distress; or my poor niece and nephew who were in fits of tears.

My niece is now 8 and is a technically savvy as most children are these days. Her reaction? She went to the computer and Googled “"What do you do when Raccoons eat your Easter Eggs?" Which is another perfect example of a question that Google just can’t answer.