Your face is not your fortune

Speaking of security things (which I was, again, just a few days ago)…

You keep your password secure and safe, yes?

You restrict unfettered access to your Facebook and other social media, yes?

You do not broadcast every single thing you have done, are doing, and are going to do to the entire world, yes?

And you would be against anyone, whether corporate or public body, having this much knowledge about you, yes?

Well… unlucky.

It’s happening here in the UK, and it is about to happen in the US.

In the UK there is an AI (artificial intelligence) engine hooked up to a software application called ClearView.

ClearView is, in turn, hooked up to every social media platform that exists (yes, even MySpace but joking aside, Facebook is definitely part of this tale).

ClearView is also hooked up to the UK Police National Computer.

ClearView is able to pull information about you from all of these sources, and present the output to public sector employees, Central Government agencies, anti-Crime organisations, and other entities too shady to mention by name.

Where does ClearView get the trigger for all this activity?

From looking at your face.

Source

In May 2019, a man was fined £90 for refusing to show his face to a police camera that had been set up to film members of the public as they walked about East London.

Source

The Metropolitan Police said it was ‘a trail’.

Guess what they were ‘trailing’?

Well, let’s not pull any mental muscles trying to work it out, eh?

User Access and Identity Management

Speaking of security(ish) things (which I was), in one of those annoyingly regular events, I had to change my AD password yesterday.

So I changed it from one incorrectly-spelt, mixed-case Welsh town (with two numbers and three special characters).

For the new password I chose another incorrectly-spelt, mixed-case Welsh town (with two other numbers and three other special characters).

Trouble is I can’t remember where I put the mis-spelling in the new password.

And it’s a longer placename than any of the easy choices:

Cwmystwyth
Bwlch (or Bwlchgwyn)
Rhydymwyn
Twyn
Ynysybwl

Hǝllo’ ʍɥɐʇ,s ʎonɹ uɐɯǝ¿

I get a helpful security alert for a couple of webservices that I own.

The security alert gives me threat-metrics based on attempts to gain access (or overpower the webservices through a DDoS attack).

The threats are categorised by IP address ranges assigned to countries, and the output is ordered by country.

Which is, of course, meaningless.

As easily as I could GPS-spoof your Satnav, I can IP-spoof a country’s IP ranges.

I suppose security alerts (and the IT security industry in particular) need to hang their hats on something, but using national-specific IP ranges aren’t the right pegs.

Plusnet/BT: good customer service/awful service

I have been a loyal and faithful customer of Plusnet (aka BT), for more than 12 years.

Through four house moves, over those dozen years, I have stuck with Plusnet/BT because I liked their product and their customer service when I needed to speak to them.

I have been a happy subscriber to the Plusnet/BT Superfast Broadband, until now.

First of all, I am paying for the Superfast Broadband which, according to Plusnet and Openreach is delivering 70Mbs to the house.

Except it isn’t, as you can plainly see from BTs very own speedtest result:

Plusnet lack of speed

Plusnet lack of speed

I used to get 70Mbs, but about eight months ago the speed took a hit down to 50Mbs.

A few weeks later it dropped to 38Mbs which is where it’s been languishing ever since.

To put this in to context, I’ve lost almost half of my broadband download speed.

Plusnet said the problem is the config, but I’m using a cable into a router into an Openreach modem.

And that’s the config that Openreach gave me.

So suddenly that config’s wrong?

An Openreach engineer attended. He said I should be getting 70Mbs, and successfully tested the download to that speed.

Then he saw me run a speedtest and verified what I am actually getting.

I changed the cable from the laptop to the router. No difference in download.

I changed the router. No difference in download.

He changed my Openreach modem, but that changed also nothing.

As I’m out of contract (there’s a reason for this), Plusnet said they couldn’t help me any further so goodbye and thanks for all the money.

Speaking of money, I’m paying a couple of quid south of £40/month for this substandard Superfast broadband.

Why am I out of contract?

Because I shall be moving soon. If I take out a new contract (18 months!), I will have to pay a penalty for early termination.

None of these things is good.

Heart Attack Diary: #8

It’s not just the heat. It’s the drums. The drums and the heat. Make the drums stop, Caruthers. Make the blessed drums stop!

 

I now have three appointments at the cardiology clinic.

They add up to two consecutive afternoons of back-to-back appointment fun.

I’m reading up on all my best jokes to keep the nurses entertained.

They love that.

Erm.

Yesterday, in the company of a work colleague, his partner and her 7yo son (and their mentile as anything dog), I walked five miles along the bank of the River Trent.

We walked around the National Watersports (no, not that kind) Centre for a bit, and then headed along the Trent in towards the Lady Bay Bridge.

I really enjoyed the walk, but we covered the ground much slower than if I’d been flying solo.

I might have a proper crack at that walk tomorrow.

My colleague had (probably) been briefed not to talk about work, so we didn’t. At least we didn’t in any great detail, just one or two generalities.

But we had a little tech chat or two (about non-work things), which was nice.

I have spent some time, over the last week, debugging a hacked website.

Mostly that involved just reading code, and googling some pretty esoteric .php and SQL.

The hacked website (one of mine that I left languishing for the last two years on a shared-by-many GoDaddy server) is now back online.

It’s not only been debugged, but I’ve gone to great pains to harden the security: validate all file permissions, remove the legacy users, put a new user in place with upgraded access requirements, delete the FTP user, migrate the MySQL database to a new MySQL database with a new root user and updated root access.

Then I updated the design, and modernised some of the functionality.

So it might be that the podcast could be making a return appearance.

There are some logistical problems that need to be solved, in order to make a return truly viable, but these are being worked on.

There are a couple of very good security plugins for WordPress now.

I’ve tried the iSecurity plugin, which is quite good, but Wordfence is very much my favourite.

Anyway.

Today I didn’t undertake any significant walking.

But I did take the ZX10R out for the first time since the ‘event’.

I was not reckless.

And was very careful.

My pulse may have quickened slightly when the garage door rolled up and I saw the pristine ZX10 waiting for me in all her Ninja blackness.

And my pulse may have continued to beat slightly quicker as I wheeled the ZX10R out and started her up.

But actually I felt fine.

And I took my pulse rate, just to be sure.

The good news is I haven’t forgotten how to ride a 1,000cc Super Sports Bike.

There is no bad news 😀

I grinned the whole time I was out, though I was only in the saddle for 90 minutes in total (two stops en-route).

And when I came back my pulse rate was unsurprisingly in the 72-74/BPM range, which is my ‘normal’.

So that’s alright then.

 

Ripping off the NHS patients

Here’s a thought.

As an in-patient, I was only able to access Internet services via the WiFi provider that the hospital partners with.

The 4G signal being somewhat patchy.

It is right, frankly, that neither the wider NHS, nor the Nottingham University NHS Trust/Nottingham City Hospital provides this kind of service.

They need to concentrate on their core activities.

But Internet services are fundamental, in this day and age: access to the Internet has even been judged a human right.

There needs to be a review of the current Internet Service Provider to patients at the Nottingham City Hospital.

WiFi Spark, ISP ripping off NHS patients

WiFi Spark, ISP ripping off hospital patients

WiFi Spark charge their captive market £6/day for an advertised download speed of 1Mb.

But hang on, VirginMedia charge me an equivalent £1.58/day for an actual download speed of 200Mb (and 20Mb upload).

So WiFi Spark charge four times the price that VirginMedia charge, whilst the so-much-cheaper VirginMedia deliver a service that is actually 200 times faster than WiFi Spark promise to deliver?

Yes, so it would seem.

Anyway, because I had no alternative, I bit the exorbitant bullet and paid £9/day to WiFi Spark.

And yet never once, in that 24 hour period, did I get anything above 250Kb download.

Sometimes, I barely got over 100Kb download, and seldom got above 25Kb on the upload.

So the service levels that WiFi Spark advertise are nothing more than made up numbers?

So it would seem.

And let’s look at those prices.

Not an actual price of £6/day, but a true cost of £9/day for two devices.

And if you have three devices, then the true cost is £12/day (which doubles the advertised price).

£12/day for shockingly awful levels of service.

My phone tried to do an OS upgrade, and in 18 hours it still hadn’t downloaded the upgrade pack.

18 hours!

OK, so these are terrible levels of (paid through the nose) service, but that isn’t this point which has got me so (non-medically) inflamed.

That there is no alternative.

And presumably, because this has been allowed to continue, the NHS Trust that runs the hospital has never carried out a value-for-money service review?

I doubt it.

This is what has angered me.

A full service review needs to happen, else the patients are just going to continue getting ripped off.

And ripping off a bunch of people who are not only captive, but who are seriously unwell, is beyond unethical.

It is a scandal.

Watching ones words

Today I sat down and read my employer’s Social Media policy.

I mean I really read it.

Like a novel.

Cover to cover.

Didn’t skip a single nuance.

*pauses for a long thought*

Anyway, I’m off to delete around 97% of my Twitter feed.

See you in about 2018.

Video nasty

Today I watched a computerphile video that scared the living crap out of me.

As a result of this video, I’ve come home and changed the root, the system, the user, and the backup passwords on everything I own, even though they were already ‘secure’ by most standards of IT security.

Then I changed the passwords on all of my webservices.

If watching this video doesn’t have the same effect on you – that you immediately change your Amazon, email, eBay and any other webservice password – then you need to have a word with yourself.

Really.

Money for nothing

The ever-unfolding Ashley Madison story is very interesting.

For a number of reasons.

First of all, I need to say that I have no moral axe to grind with regard to either the Ashley Madison or Adult Friend Finder websites.

They are, in my eyes, not significantly different from any other dating website(s).

And if you think married individuals (men and/or women) are not all over the more mainstream dating websites ‘looking for NSA fun’, they you really have led a sheltered life, haven’t you?

So yeah, Ashley Madison and Adult Friend Finder are not really much different to Match, PoF, or SaM.

They provide a service.

You may not agree with the somewhat direct nature of the service they provide.

That’s up to you.

But the seekers and users of those services (the marrieds of this world who want to know what else is on the market) will find a way to get what they want.

They’ll find a way to get what they want whether they use the overtly direct services of Ashley Madison, or the covertly indirect possibilities that services such as Match, PoF, SaM (etc) offer.

However, what I do have a problem with is services that charge a fee for a range of functions, and then don’t carry them out correctly.

So when users of services such as Ashley Madison and Adult Friend Finder find their secure data plastered all over the internet, that’s pretty bloody awful.

What that shows is that the secure data that Ashley Madison users have entrusted to the website, has been kept in a wholly insecure manner.

And let’s face it, personal details such as full name, date of birth, email address, and credit card information are some of the most secure data that we own.

So you’d expect it to be kept securely, right?

But when that secure data becomes available to anyone with a web-browser, that’s taking the description ‘incompetent’ to a whole new level.

Of course it is.

But when ex-users (and that’s a key phrase in the coming thought) of Ashley Madison and Adult Friend Finder have paid an additional premium fee to ensure that their personal data is removed from all aspects of those websites, and yet that supposedly-deleted data is also included in the same publicly-available list of users…

Well, that’s way beyond incompetent.

And it’s a long way beyond dishonest.

That’s actually criminally fraudulent.

And that’s something I do have a problem with.