Province

TORONTO — Ontario’s privacy commissioner says identity theft and online fraud are threatening to make obsolete the way people use the Internet.

Anne Cavoukian says Internet users are wary of putting personal information online and that e-commerce will suffer as a result.

She’s throwing her support behind Microsoft’s latest effort to accommodate such fears, a new operating system called Vista that’s due out in January.

Vista will introduce the concept of infocards — a way for websites to verify a customer’s identity without receiving or keeping personal or financial information.

Infocards allow the bank to act as a middle man in an online purchase, sending payment confirmation to a retailer without transmitting a credit-card number.

The idea is to replicate online how identity is verified in real life, through the use of separate cards such as drivers’ licences or credit and library cards.

© The Vancouver Province 2006

 

Sun

Canadians are shopping online, paying bills online, and doing their banking online in steadily greater numbers. One-quarter of all Canadians now pay their bills online, and we bought $36 billion worth of goods and services online in 2005, double the 2003 figure.

About the only thing growing as fast as e-commerce and e-banking, it seems, is e-crime. Identity theft, credit-card fraud and other such online abuses are a growing cause of concern for the authorities, lawmakers, merchants and ordinary Internet users. There are no reliable Canadian figures on cyber-crime, but United States estimates put the annual cost of such offences there at $6 billion or more. The British government cites a 50-per-cent increase in two years.

The latest concerns, in Canada and elsewhere, include “vishing” — using Voice-over-Internet-Protocol service to trick consumers into giving their credit card numbers.

So far, concern has not given way to much action by the Canadian government. Canadian justice ministers had the issue on their agenda when they met last week in Newfoundland, but the communique issued after the meeting said only that they had “asked their officials to continue to work on the development of initiatives and approaches to address this important issue.” That won’t do much.

Fortunately, the private sector is taking the lead in the continual technological and public-awareness “arms race” with cyber-scammers. Examples are easy to find: MasterCard has just announced Online Fraud Monitor, “an advanced fraud detection and mitigation tool that uses a sophisticated risk-scoring model to detect potential fraudulent PIN debit transactions in real time, during the authorization process.” ING Direct Canada is introducing new log-in procedures designed to make sure that “You know it’s us” and “We know it’s you.”

Several big companies which sell via the Internet, or which provide Internet-related hardware and services, have united to designate October as Cyber Security Awareness Month, issuing a deluge of reminders about firewalls, anti-spy software, common sense and so on.

It’s only natural for the private sector to move forcefully into preventive online security. By the nature of e-commerce, it is e-merchants and service providers who have the strongest incentive to fight online fraud.

Governments, meanwhile, have been able to do little beyond police work once frauds are detected. The Internet being what it is, national authorities in each country are severely handicapped in fighting international scams. The Canadian Bankers Association has called for identity theft to be made a crime, even though most dishonest use of someone’s personal data should already be covered by existing fraud laws.

But how can any law be enforced if you have been tricked into giving personal data to an online scammer somewhere in the backwoods of Bosnia, say? The ultimate beneficiary of the fraud may live only a few blocks from you, but proving that is a daunting challenge.

One useful measure would be greater control on spam e-mail which, as a federal task force noted last year, is increasingly mutating to include spyware, viruses and other threats. The task force made 22 proposals, including a call for more international co-operation against spam-based Internet fraud, and a call for governments to work with Internet service providers to choke off wholesale spam.

While government continues to mull these problems, individuals need to use cautious common sense. Internet commerce is convenient and efficient, but by now everyone should know that there can be dangers, too. Inform yourself.

© The Vancouver Sun 2006

 

These companies often poorly manage and spend too little on security, expert says

Danny Bradbury
Sun

Only one thing is more frightening than opening your e-mail client and finding all of your important e-mails and contacts have been erased by a hacker: opening up your e-mail client, finding all your e-mails still there, but being unsure whether they have been read by an intruder.

Small businesses are prone to security breaches because of poorly managed security, says Stu Sjouwerman, chief operating officer of Sunbelt Software, which builds anti-spam and anti-spyware software.

“Large corporations spend a lot of time securing their networks and it becomes harder for hackers to get into large organizations,” he says. “So instead of using a bigger hammer and taking more time and resources to break into large companies, they just go for smaller targets.”

According to analysts and vendors alike, small and medium enterprises (SMEs) have a history of under-spending on IT security. “Often, a single person is responsible for a number of IT functions, where security is only one function of the greater IT whole,” warns Craig Andrews, a director at Symantec Canada. More often than not, small businesses are fully aware of the problem. It is a lack of money, rather than a lack of awareness, that is the key issue, argues James Quinn, senior research analyst with Info-Tech Research.

Traditionally, businesses in general spend between two and 10 per cent of their total IT budget on security, says Quinn. “Given the cost of IT security solutions, small businesses almost need to spend toward that upper limit to be able to implement effective security regardless of the business sector in which they find themselves,” he warns.

“If the security capabilities of Microsoft’s operating systems and applications was sufficient, they wouldn’t have released Live OneCare, their own bundled anti-malware solution,” Quinn says. OneCare is a security system from Microsoft that monitors a PC for viruses and Trojan horses, for example. It connects to a back-end computer to ensure its information about virus hazards is up to date.

Like other anti-virus systems, OneCare relies heavily on information stored in online computers to work, and customers must pay a regular subscription fee to keep the system functioning. Companies increasingly are moving security services online using a concept called managed services. By installing minimal or no software on a small business’s computers — but instead running everything on computers operated by somebody else — it reduces the level of in-house expertise needed.

Another advantage is that, at least in the short to mid-term, managed services come cheaper than businesses buying and installing their own software. Often, these services will be paid for on a subscription basis, which can help to regulate the cost of security. Small businesses tend to like regular, predictable costs rather than occasional ad hoc expenditures that are more difficult to organize financially.

However, not everyone believes that managed services are a silver bullet. “The services may be offered more cheaply than were the SME to implement the capability themselves, but is it a service that is absolutely essential?” Quinn asks.

“Before rushing into sweeping managed service contracts the [small business owner] really has to ask if the service is needed.” Many of the very basic services, such as firewall and anti-virus protection, may be best managed in-house because the company is simply installing software and making a few basic configurations.

Even when the company has invested in security programs, there may still be one piece of the puzzle missing. Small businesses must bring their people up to speed, so they build security into everything they do, Sunbelt’s Sjouwerman says.

“There is definitely a task in educating the users in what and what not to do, and user education is at least 50 per cent of the work,” he says. “They must learn not to browse suspect sites at work, download anything from the Web, or open any attachment that they are not expecting.”

Often, the best way to get the message across is in regular team meetings. “You just have to hammer it in. Over, and over again.”

© The Vancouver Sun 2006

Jefferson Graham
USA Today

A company that makes pint-size video cameras is introducing an update aimed at the online video-sharing craze.

Now, it’s mostly geeks and tech-savvy youngsters who know how to get homemade videos onto YouTube and other popular video sites, says Pure Digital Technologies CEO Jonathan Kaplan.

Pure Digital today announces a simpler solution: a camcorder that plugs into PCs and has built-in software to transfer and process the video with one click.

It’s a new edition of a camcorder Pure Digital first began selling in May. Two units — $129 for one that holds 30 minutes of video clips and $169 for a 60-minute version — are now being shipped to stores. They feature one-click uploads to Google Video and Sony’s Grouper video-sharing service.

“Anything you can do to give people powerful technology and simple ways to use it will increase the attractiveness of online video,” says Hunter Walk, a Google product manager.

Allen Weiner, an analyst with market tracker Gartner, calls the Pure Digital innovation “simple, but also revolutionary. There are millions of people who look at a site like YouTube and want to put their videos up, but have no idea how to do it.” Instead of tangling with video-transfer cables and editing software, “This puts everything directly into the camera itself,” he says.

Pure Digital devised the video unit in response to flagging sales of traditional camcorders. The camera — also sold by RCA under a licensing arrangement — was originally offered at Target, but now expands to what Pure Digital says is 10,000 locations, including retailers Costco, Long’s Drugs and Best Buy.

Kaplan says Pure Digital will sell 250,000 camcorders this year, or about 9% of all camcorders sold (around 3 million). He predicts sales will top 1 million next year.

Google last week agreed to buy YouTube for $1.6 billion. Try telling its large audience of videophiles that it’s hard to upload clips.

But Kaplan says most YouTube footage is provided by students using stationary webcams in bedrooms or dorm rooms. “These clips aren’t filmed around the neighborhood, or at special events,” he says. “We’re offering portability.”

Weiner says that with Google’s acquisition of YouTube, Pure Digital is in a good position to add an “Upload to YouTube” button in future releases.

COMPUTERS I Powerpoint 2003 weaknesses posted on Net

BRIAN KREBS
Sun

The cat-and-mouse game that Microsoft Corp. and hackers have played for years has escalated, just as the software giant was addressing some of the biggest problems facing computer users.
   Last Tuesday, the company released a record 26 security fixes for the Windows operating system and the widely used Office programs such as Word, Excel and Outlook. Thursday, hackers pounced again, posting on the Internet information about vulnerabilities in Power-Point 2003, one of the Office programs widely used by business customers and now students.
   Microsoft, whose products are the largest targets of hackers because its products are used on most computer systems, issues software updates to protect users’ computers from the viruses, worms and spyware that are spread through their products via e-mail attachments and the Web.
   But because those patches are released on a regular schedule — the second Tuesday of each month — the people who expose and exploit the vulnerabilities in the programs tend to wait until a day or so after the monthly release to reveal other vulnerabilities they have discovered.
   A company spokesman said there have been no known attacks to exploit the PowerPoint 2003 vulnerability and that it will offer guidance to customers as needed. But that doesn’t mean the company will definitely offer an out-of-cycle software update.
   Only twice this year, in January and again two weeks ago, has the company released a patch early. In both cases, the out-of-cycle patches were offered after some users wrote their own and encouraged others to download them.
   Washington Post

Sun

1. Canon PowerShot G7 digital camera, $875, available now.

Sporting a retro look — complete with a black matte finish and a leather-toned (whatever that is) grip and analog-style (in other words, you can get your fingers on it) ISO speed dial and shooting mode dial — the new 10-megapixel G7 is Canon’s flagship model in its super-popular PowerShot lineup. Brain of the camera is the new DIGIC III chip for faster startup, autofocus and shutter-response. Noise reduction is described as aggressive and the claim is that the G7 can shoot from 80 to as high as 1600 ISO to eliminate shake and blur. It also comes with image stabilization.

2. Nokia 7370 wireless handset, $450, can be used on Rogers and Fido networks in Canada.

When Holt Renfrew is selling a cellphone you know it’s (a) making a fashion statement and (b) not inexpensive. The 7370, part of what the folks at Nokia refer to as their L’Amour collection. Nokia says: “For the busy socialite, the swivel design and one-handed opening makes dialling easy, freeing up the other hand for shopping bags or to peruse the latest design magazine.” In comes with decorative tassels and an in-box silky pouch. And, oh yes, you can make phone calls with it, take photos, play MP3s, etc.

3. Ultrasone Edition 9 headphones, $1,500 US, coming sometime soon.

Let’s not kid ourselves, these upscale headphones aren’t for the average user, but for the audiophile who wouldn’t listen to an MP3 if you paid by the second. Hey, these have Ethiopian sheep leather in the ear and headband pads, and they come in a metal attache case so you can carry them in comfort. Ultrasone uses what it calls S-Logic technology to reduce sound pressure on your sensitive eardrums by 40 per cent while at the same time delivering natural surround sound. The drivers are titanium plated and, in case you were worried, electromagnetic field radiation has been reduced by up to 98 per cent.

4. ViewSonic ViewDock widescreen LCD monitor for the iPod. The 19-inch VX1945wm and 22-inch VX2245wm models will have a street price of $369 and $499, respectively, available Dec. 1.

Built-in 2×2.5-watt stereo speakers and a 1×3-watt subwoofer are part of the package when you get the ViewDock, which will allow you to play your favourite videos straight from your iPod — with a screen that ViewSonic says is more than 65 times larger than what you get from Apple. Both models include four USB 2.0 ports and an 8-in-1 card reader.

© The Vancouver Sun 2006

 

NowPublic relaunches with new tools to help get your words and photos online

Peter Wilson
Sun

For a while, Mark Schneider of the website NowPublic was calling himself the managing editor.

And that’s because that’s what he was, an actual news guy — a traditional journalist, onetime CTV National News reporter and journalism instructor at the University of British Columbia — who had made the transition to a completely digital world.

The Vancouver-based site, www.nowpublic.com, was the kind of place where someone with a digital phone, who happened to spot smoke billowing from a Manhattan high-rise that had been hit by a plane (as someone did this Wednesday), would snap off a few photos and post them almost instantly.

Or they might, at a more leisurely pace, send in a story they thought was being underplayed in the traditional media.

“I was stuck on the credibility thing,” Schneider said of his decision to call himself managing editor.

Then NowPublic co-founder Michael Tippett had a chat with him.

“Tippett and I started talking about that and he said you know you’re really the actual news guy, that’s what you do here,” said Schneider.

Now Schneider’s official title is ‘actual news guy’ and his e-mail address is [email protected].

All of which, he admits, highlights how his job puts him directly into the current ideological battle between old-line journalists (alleged to be corrupt and irrelevant) and the bloggers (said to be lazy and irresponsible).

In this, NowPublic walks a middle line.

“It’s not that we think that citizen journalism is going to defeat traditional journalism,” said Schneider. “That’s not in our head at all. We like journalists. We see ourselves, all of us, as part of the news business.

“But we’re just opening up the envelope a bit and acknowledging what every journalist knows — that people who actually witness the news have important things to say about it.”

To do this Schneider and Tippett are creating a set of tools that allow the eyewitnesses to history, and those who happen to be on the scene with a digital camera (still or video) when news happens, to put their words, photos and videos into context.

It’s what Tippett refers to as “newsifying.”

The problem is, said Tippett, that the nascent citizen journalists out there with their camera phones don’t know how to get their words and photos into the public eye or how to do it within a context.

“So our core mission in some sense is to ‘newsify’ user-generated content,” said Tippett. “They witness extraordinary events, they’re there. But what do they do with it?”

To this end, Now Public offers tools — and is about to offer a bunch more with a relaunch in mid-November — that make it easier for on-the-spot observers to file their words and images.

“We’re starting to provide some journalistic protocols that all journalists ask of themselves,” said Schneider. “And some of these are already implemented in our new highlight tool where we say, okay, if you’re going to write a headline try those tricks.

“And what are the five Ws of journalism? So there’s some prompting going to happen so that people can add value to their contributions and that increases the credibility not only of what they’re doing, but also their pleasure in being part of this process.”

© The Vancouver Sun 2006

 

Sun

SAN FRANCISCO — Microsoft Corp., the world’s largest software maker, reported five “critical” security flaws that hackers can exploit to take over users’ personal computers. Microsoft identified 10 security holes in its Windows computer operating system and Office business programs, including the five deemed “critical,” a classification used for the most severe flaws, in an e-mailed statement Tuesday. “At least two of these vulnerabilities, one for PowerPoint and one for Excel, are being exploited already,” said Alfred Huger, senior director of engineering at Cupertino, Calif.-based Symantec Corp., in an interview. Users of the programs should enhance their security immediately to avoid being victimized by hackers, he said.

© The Vancouver Sun 2006

 

Peter Wilson
Sun

warning I Canadian businesses are good at keeping up with digital security — both online and off — but they’re often doing it on outdated operating systems, and that means they can’t keep themselves safe with the latest technologies, according to a Microsoft expert.

“The security challenge in Canada is that generally we’re a little bit behind, for example, the U.S. and some other countries in technological adoption,” said Bruce Cowper, senior program manager, security initiative, Microsoft Canada

“The real challenge with that is that we’re not always deploying the latest revisions of the software, so perhaps we can’t take advantage of some of the latest technologies and security scenarios.”

In an interview, Cowper said that it concerns him that he’s still seeing older versions of Windows (like Windows 2000 and even earlier) in use at Canadian businesses.

“They’re very good at getting updates on their systems, but they’re updating older systems. For instance, they’re not using [Windows] XP with service pack 2, they’re not using the latest technologies.”

And, with the upcoming launch of Windows Vista, Cowper said he’s concerned that Canadian businesses, and even individual users, might just stay with what they have.

“I’m wondering if people are going to say, ‘You know what, Windows in whatever version we’ve got is good enough for what we need.’ And they’re doing that without looking at the situation and saying, ‘Actually, if I want to give the user the best, secure and most reliable experience, this is what I need to go for.’ “

He said that while companies tend to look at external threats flowing in to them from the Internet, a lot of the problems for corporations lie within.

“There’s the old example that if you present somebody with a screen that says ‘click here to see the dancing pigs and, oh, by the way, we’re going to infect your machine with a virus’ the probability is that they don’t know which one to choose so they think ‘oh, I’d better click here to see the dancing pigs.’ “

Windows Vista, said Cowper, is designed so that the end user doesn’t have to make those kinds of decisions.

“The user doesn’t have to think about it quite so much and isn’t presented with a lot of boxes saying ‘yes, no, are you sure, are you really sure?”

One of the security advances in Vista and in Internet Explorer 7, which also comes with XP, is an anti-phishing filter, which studies Websites for signs that they’re phishing sites and also refers either to an in-computer, or better yet, an external, constantly updated list of known phishing sites.

Cowper said that businesses may find they don’t have to do much of an upgrade of present hardware to run Vista, perhaps just a better graphics card or more memory.

As well, he added, the original outlay for hardware would be compensated for over time by the amount of money that can be saved with using Vista.

“It’s a lot easier for businesses if they don’t have to spend vast amounts of time reconfiguring or patching, updating and locking down systems.

“Ultimately, as a user you’re buying an experience, not just a computer with software on it. And you expect everything to work, to be secure by default and have as much of a rich experience as possible right from the get go, without having to spend vast amounts of time customizing and fiddling to get it up and running.”

© The Vancouver Sun 2006

 

SONY ERICSSON: Breaks the three-pixel barricade with new bells and whistles

Jim Jamieson
Province

What is it? Sony Ericsson K790 Cyber-shot camera phone

Price: $249, with a three-year contract

Why you need it: A legitimate option for those point-and-shoot types who don’t want to carry two devices.

Why you don’t: A waste for more serious photographers who want more features or those who mostly want to talk on their phone.

Our rating:

Phones and cameras have been a challenging mixture since mobile-handset manufacturers started rolling the devices out several years ago.

Insufficient image resolution and lame camera features have made phone cams seem like too much of a compromise.

Sony Ericsson isn’t the first to break the three-megapixel barrier in a camera phone, but its K790 is one of the best in the new high-resolution category.

The K790 is the first handset to carry the Cyber-shot brand name, so you know partner Sony isn’t taking that lightly. The unit features an integrated 3.2-megapixel camera with autofocus, high-intensity Xenon flash and BestPic — where the camera takes nine separate pictures after the shutter clicks, allowing you to pick the best one.

Featuring a bright, five-centimetre LCD display and a sliding shutter cover, the K790 can — like most stand-alone digital cameras — transfer pictures directly to a photo-capable printer via USB cable.

The phone component includes Bluetooth wireless capability and uses Sony’s Memory Stick Micro memory card. Also included are a music player, gaming and an FM radio.

The K790 is expected to launch in Canada at the end of October with Rogers Wireless.

© The Vancouver Province 2006