Ad: Manage updates with the Download App
ie8 fix

locks

The ethics of lock picking and telling

In 2004, a video circulated on the Internet showing how a standard Bic pen could be used to open the U-shaped Kryptonite bike lock. The company recalled the locks, replaced newer purchases, and changed the design for new locks. Problem solved, right?

Not exactly. Despite the fact that the problem had been revealed 12 years earlier in a British bike magazine, Kryptonite had continued to sell the locks unchanged. Angry customers filed a class action lawsuit that was settled in 2005, with Kryptonite offering to replace all affected locks or provide vouchers, and compensate people whose bicycles were stolen as a result of the lock being picked.

"If you don't make the problems public, the companies don't fix them and the consumers buy shoddy stuff," said Bruce Schneier, chief security technology officer at BT.

There's been plenty written about breaking into the virtual locks that safeguard sensitive data on the Web. But the picking of real-world physical locks is becoming an increasingly popular pastime for some. Enthusiasts have formed sporting clubs and hold regular competitions. Security researchers write books about how locks can be broken into and show how it's done on blogs and videos and at security conferences.

Naturally, lock manufacturers aren't happy. They argue that publicizing the vulnerabilities causes people to panic unnecessarily and puts the public at risk by giving criminals information they can use to break door locks, safes, and other secured assets.

But, just like third-party disclosure of vulnerabilities in software forces manufacturers to acknowledge security holes and patch them quickly, lock manufacturers will find they can't escape the scrutiny and will have to be held accountable for their products, experts say. … Read more

Column: Finally, ID fraud protection that works

Jay Foley, co-founder of the Identity Theft Resource Center, told me recently that 57 percent of all identity fraud involves opening new accounts "for short-term gain." The ITRC should know: it has been surveying ID fraud victims for several years and has amassed some impressive real-world statistics.

Foley also said 13 percent of the identity theft victims found out about the attacks only after criminals had established utility or cable service in their names. "So your credit record is more theirs than yours, making it harder to fight them in court," he said.

Clearly the best … Read more

For the love of lock picking

NEW YORK--I feel much less secure after attending the Last HOPE conference this weekend.

Not only is my personal information at risk every time I log onto the Internet and use a cell phone headset or passport, but even my gym locker, bike, and home can easily be accessed with the proper tools and manual dexterity.

In the popular Lockpicking Village area at Last HOPE (Hackers on Planet), I watched guys twirl little pins in all types of locking devices. For some, it took less than a minute to get the locks to snap open. One lock picker even showed … Read more

Subscription vs. license: When do you take your profit?

In talking with a large enterprise buyer today, I was struck by an argument he used against subscription models, open source and otherwise. Granted, he was negotiating and I've heard the inverse argument from others, but he had a good point.

The point? That an upfront proprietary license might actually work better for some IT buyers.

Subscription value is clear: The vendor is tasked with delivering constant software and support to earn the customer's business on a daily basis. No sell-them-and-run deals. It completely changes the way vendors engage with their customers.

But on the IT buyer's side, a subscription's price is likely to be higher on an annual basis than the maintenance on a proprietary license. In the first year, a subscription is dramatically cheaper. But over five years...? Or how about just in the second year, or third? It's no longer so clear-cut.

What is clear is when the vendor takes their profit: Upfront in the case of license-based businesses, and in the future in the case of subscription-based businesses. It's that niggling question of the future that may be problematic for open-source businesses.… Read more

"Mind the Gap!" with Linux

Alfresco, my employer, is based in London, so I go over once per quarter for management meetings. Because I'm there so often, I took the time to get an Oyster card, which manages payments while riding on London's public transport. Little did I know that Linux enables my transfers from Paddington to Arsenal Tube Station....

As ZDNet reports, Transport for London opted for Linux to remove its fetters to proprietary systems that had been crimping its ability to innovate:

The Oyster contactless card system...[previously] suffered from lock-in to proprietary systems, which hindered developments to the online payment … Read more

The re-keying deadbolt that 'learns'

If you're the hopelessly paranoid sort who identifies with Mel Gibson's character in Conspiracy Theory, a New York cabbie who barricades himself at home with a phalanx of deadbolts, you'll love the KwikSet Smartkey. The secret to this formidable piece of security is its "un-bumpable" technology, a "side locking bar" that bypasses the traditional pins-and-tumblers system that just seems too easy to pick if you've watched enough CSI episodes. (Wikipedia has more on this.) If that's not enough peace of mind for you, there's an option to self-program any key … Read more

Microsoft's self-inflicted handicaps

I woke up this morning to a great Techcrunch review of Microsoft's new/old strategies. For those who watch Microsoft on a regular basis, it's no surprise to hear that the company's dedication to its 20th-century businesses (more billions, please!) cripples its ability to move forward and catch up with the 21st Century.

Microsoft is a company with a lot of good people doing amazing things, but those people are like a horse that has been handicapped out of the race with the baggage of Microsoft old. They are putting up a good fight to be seen and listened to, but it's a hard ask. Microsoft is clearly a company that is changing, the only remaining question is will the whole organization transform into the new Microsoft quickly enough to survive the rapidly changing way companies and individuals interact with technology.

And so Steve Ballmer at Mix'08 was relegated to old jokes about Apple and panicky suggestions that Microsoft is the "little engine that could" against Google. It's not. At some point Microsoft will have to admit that its old model of install (Microsoft) once, control everywhere" is precisely why it isn't relevant in the 21st Century of software.

How do we know that Microsoft is struggling to catch up?… Read more

Microsoft is "committed to openness," snickers its general counsel

Wow. Microsoft is nothing if not brazen. When you think of Microsoft you normally don't think of these words, at least not together, yet these words came from Microsoft's general counsel, Brad Smith, in response to Google's complaint that a Microsoft and Yahoo! tie up would be bad for the Internet:

Microsoft is committed to openness, innovation, and the protection of privacy on the Internet.

Microsoft? Committed to openness? Microsoft has been committed to destroying openness over the years, and Brad Smith has played an integral role in that strategy, defying the US Justice Department and the world's consumer. I think highly of Brad, but I find this guile to be galling in the extreme.

Google is exactly right in calling out Microsoft's cheek:… Read more

Open source is mainstream. Is it the only stream?

The obvious answer to my question above is, "No." But sometimes the obvious is, well, not so obvious.

InformationWeek's Serdar Yegulalp writes:

If open source continues to vigorously gain traction as a business model amongst software developers, Microsoft and its ilk will suffer one of three fates in the long run: a slow death where they are whittled down by competition not restricted as heavily by onerous licensing and costs; a trimming-down -- either slow or fast -- where they adopt open source as a way of life; or they somehow remain lone holdouts by dint of offering something that, for whatever reason, people still want to pay for.

This is already happening. Ask VCs what they're investing in and you'll find few traditional, proprietary software companies. The only companies who seem to continue to make a living in this fashion are the behemoths who leave customers little choice but to buy from them.

For now.… Read more

Microsoft tries to close off the web, one MSN contact at a time

You've got to hand it to Microsoft. The company knows how to go against the grain. Just at the moment that the rest of the planet has discovered that there is huge value in opening up, Microsoft has been stalking the web, demanding payment from startups that want to allow users to import their MSN contact lists to other web services, as Fortune notes.

Here's the "deal":

If the company wants to offer other IM services (from Yahoo, Google or AOL, say), Messenger must get top billing. And if the startup wants to offer any other IM service, it must pay Microsoft 25 cents a user per year for a site license.

However, if a company wants to force its users to abandon 73% of their friends (assuming it's roughly a three-way race between AIM (53 million active users), MSN (27 million active users), and Yahoo! (22 million active users), then they can use MSN for free! Wow! Dave Rosenberg calls this "bizarre and stupid." I think he's being overly generous.… Read more