Connect with us

Tech News

Encrypted doesn’t mean hack proof, even for cryptocurrency

(TECH NEWS) There is no such thing as un-hackable, even in cryptocurrency. Yes, it can be hacked, BUT it can also be prevented.

Published

on

passwords dark web Chinese hacker blackmail apple

What if cryptocurrency… wasn’t?

Sounds like a terribly clever Black Mirror episode, I realize, but it’s a serious question that’s come up more and more in conversations about cryptocurrency: is it really safe? Security has always been the core offer of bitcoin, Ethereum and their digital kindred. It’s right there in the name. Cryptocurrency equals currency, encrypted. It’s supposed to be so good it can be bad, as in, the security is so tight bad people can do bad things and nobody knows about it.

bar
But despite the rep for felon-worthy security, the plain fact is that blockchain isn’t invincible. When it comes to secure exchange of funds, blockchain-based cryptocurrency is still probably your best bet, but as with all things “best” does not equal “perfect.” Blockchain’s advantages over conventional cash are clear: there’s no hard currency to steal or lose, no middleman to get up to nefarious doings, and the records are cozy behind the apex of information security. That’s great, but it’s not everything.

How to keep the crypt part of cryptocurrency

That being the case, in my self-appointed role as AG Crypto Guy (Pulitzers, call me) here follow several ways nefarious folks can eff with your fat digital stacks, and what you can do about them.

1. Malware

It’s a classic. Early on, cryptocurrency was spared the plague of Russian threats and Nigerian princes for the same reason as Linux: not enough there to steal. After Mt. Gox and other frankly spectacular bits of fraud (the word “trillion” occurs in the Mt. Gox story, and it’s not hyperbole) that is, to say the least, no longer the case. Bad folks are writing programs based on the same tricks they’d use to swipe normal cash – Trojans that skulk in the guts of your programs, scooping up secure data, phishing attempts to get you to hand that data over voluntarily – aimed at your digital dollars.

Solution: Operational security. Sounds fancy when I put it like that, but for our purposes “operational security” just means “stuff that you do” as distinct from “stuff your computer does.” If you keep a substantial portion of your value in cryptocurrency, protect it as tightly as you would anything else worth having. Have strong, single-use passwords for each service you use your coins of choice with. Keep offline backups of your cryptographic credentials. Use a good VPN. Think of it as the equivalent of keeping your bank password out of your Smart Lock list, and not putting your PIN on a Post-It.

2. Botnet

The scourge of the new digital order. Seriously, who figured the robot apocalypse would come, not in the form of a deceptively soft-voiced computer overlord, but a houseful of mechanical morons? Well, except XKCD. And us. Anyway. The aforementioned bad folks are by no means especially bright, so they tend to be in favor of having other things do their thinking for them. As we put more and more computers into things, generally with less and less security, those people can make those computerized things do the thinking, and the hacking, for them. Hundreds, thousands or hundreds of thousands of dumb little computer brains can thus be put to work, crashing sites with overwhelming numbers of requests or brute forcing security information by inputting every possible option at the speed of Internet.

Solution: Get offline. Not entirely, obviously. That would rather defeat the purpose of digital currency. But the Mt. Gox folks got shafted because they kept their bitcoins in an online wallet, and through mismanagement, fraud or a combination thereof, they found themselves suddenly bereft of same. To avoid their fate, go with what cryptocurrency types call “cold storage”: keep your stash offline. No amount of digital malfeasance can reach data that isn’t connected to anything. When buying or selling on an exchange, restrict what you transfer to what you’ll use for that particular transaction, and use a wallet where you and only you have the public and private key. It’s only a little less convenient, and it’s safe as houses.

3. Scams

If the information revolution of the last four decades could be reduced to a single transcendent lesson, it is as follows: no digital solution, however elegant, fixes stupid. With something as new and deliberately opaque as cryptocurrency, it’s horribly easy to be stupid, and even easier for folks versed in the art of the steal to exploit same.

Solution:
Learn. At least until we get a proper robot apocalypse going, this is something we h. sapiens can do that, as yet, our machine overlords can’t. Do the reading. Research different currencies and different exchanges before you lay out funds. Talk to people about their experiences before you invest. Nothing replaces legwork, digital or otherwise.

4. Hacking

Proper hacking this time, none of this faffing about with turncoat toasters or email con games. No code is perfect. Some bad folks, alas, are exceptionally bright, and will from time to time find holes they can exploit.

Solution: Zen. Or “s$%t happens,” depending on your cultural framework. Cryptocurrency isn’t perfectly secure. Perfect security isn’t a thing. It’s just more secure than normal currency, especially if you have a philosophical problem with banks, nations or both. People have been scamming people through the medium of exchange since the medium of exchange was barter. Cash is safer than barter. Cryptocurrency is safer than cash. That doesn’t mean it’s perfect, just that it’s as good as it gets. Execute on the solutions above, and with any luck your Robot Future Money should stay where it belongs.

#KeepItCrypt

Matt Salter is a writer and former fundraising and communications officer for nonprofit organizations, including Volunteers of America and PICO National Network. He’s excited to put his knowledge of fundraising, marketing, and all things digital to work for your reading enjoyment. When not writing about himself in the third person, Matt enjoys horror movies and tabletop gaming, and can usually be found somewhere in the DFW Metroplex with WiFi and a good all-day breakfast.

Tech News

Study finds 1,000 phrases that accidentally activate smart speakers

(TECH GADGETS) Don’t worry about accidentally activating your nosy smart speakers… unless, of course, you utter one of these 1,000 innocuous phrases.

Published

on

smart speakers

It’s safe to say that privacy concerns, especially in today’s digital era, are unquestionably valid. With new video recording technology making it easier to identify people at a glance (whether they like it or not) and concerns that your smart speakers are eavesdropping on you, it may feel like you’re bordering on slightly paranoid around modern technology.

After all, even though there have been cases of smart speakers picking up on intimate conversations, there’s absolutely no risk of them overhearing private things without your consent, right? Even though it’s been documented that these devices — including Cortana, Alexa, Siri, and Google Home — have listened in relationship spats, criminal activity, and even HIPAA-protected data, you’re totally in the clear.

Oh yeah. The thing is, everything that gets broadcast into your smart speaker? There’s a completely random chance that someone back at headquarters may decide to sift through it in order to improve AI learning.

And while most of the time these conversations are totally benign, it doesn’t change the fact that a complete stranger is getting an earful of your private life. In fact, these transmissions? Are actually completely admissible in court, as several murder cases have already demonstrated. Their key evidence was none other than poor Alexa herself.

But wait, wait. These smart speakers can only get your information if you activate them, and that requires you to clearly enunciate their names. Right? Um. Not exactly. Even though you may think that you need to speak crisply into the speaker to activate it, it turns out that these devices are highly sensitive to any suggestion that you might be talking to them. It’s almost like your dog when you even remotely glance at his bag of doggie treats in the corner: one crinkle and Fido comes running, begging for some kibble and ready to serve you.

It’s the same for your smart speakers. As it turns out, there are over a thousand words or phrases that can trigger your device and invite it to start recording your voice. These can range from the perfectly reasonable (Cortana hearing “Montana” and springing to attention) to the downright absurd (Alexa raising her hackles over the words “election” and “unacceptable”). Well, crap. Now what?

It’s no secret that someone is listening in on your conversations. That’s been clearly documented, researched, dissected, and even accepted at this point. However, if you thought that they’d only listen to it if you gave them implicit permission by activating your device (which, to be fair, should not even count as permission in the first place), you were wrong.

So what’s a privacy-loving person to do? Just suck it up and try to choose between the lesser of two evils? On one hand, yes, these smart speakers are super convenient and can make your life easier. On the other?

Well, if you’re a fan of your privacy, then perhaps these devices aren’t meant for you. At this point, you’ve got little recourse. These companies will continue to use your data, and there’s nothing stopping them from spying on you. That is, unless you prevent them from doing it in the first place.

If you want to keep your private conversations private, either unplug your smart speaker when you’re not using it, or don’t get one in the first place. Otherwise, you’ll continue to give your implied consent that you’re totes cool with them butting in on your personal life, and they’ll continue to be equally totes cool with using it without your permission.

Continue Reading

Tech News

HEY needs to fix its issues to be the Gmail killer it claims to be

(TECH NEWS) You would hope that HEY, the paid email service, would launch without issues but it has a few. Let’s hope some of that money goes to fixing them.

Published

on

Hey email

Last week, we covered HEY–a new email service that seemingly has a lot to offer–and while we largely praised the service despite it being a paid client awash in a sea of free email options, not everyone is fully on board with HEY’s inimitable charm–at least, not yet.

Adam Silver, an interaction designer focused on user experience, had some criticisms of HEY–many of which he identified as “pretty surprising oversights.” Though Silver does mention that his overall opinion of the service is good, these oversights are the focus of his review.

“HEY isn’t very accessible,” says Silver in his notes. His assessment, while self-admittedly not a holistic view, includes issues related to JavaScript (specifically when it isn’t enabled, which is something more and more companies are requiring) and lack of reasonable keyboard shortcuts for anyone using a screen reader. As Silver points out, these are fairly simple–and, thus, surprising–problems that probably should have been caught from the onset.

“All of these things are really easy to fix,” amends Silver.

Another issue Silver highlights is the inbox (imbox?) sorting. As we mentioned previously, there are three locations for email: the imbox, the feed, and the paper trail, each of which serves a different purpose. The problem with this system is that organizing emails by only three overarching categories affords little flexibility; furthermore, Silver notes that the menu for accessing each folder leaves a lot to be desired from a design standpoint.

The feed is also the subject of Silver’s criticism in that it doesn’t function enough like a traditional inbox to the point that it is actually difficult to use. Especially given the feed’s purpose–to store newsletters and such in a free-scrolling manner–this is a hold-up for sure; coupled with the feed’s lack of notifications, you can see how this problem cripples the user experience without active attention to the ancillary feed inbox.

Lastly, Silver mentions that the name “imbox” is, well, stupid. “This is not a typo but it’s not good,” he says. “You need a really good reason not to keep things simple.”

This is actually a point that we initially glossed over in our overview, but it’s another instance of a company doing a little too much to stand out–and, in doing so, potentially disrupting the user experience. “Keeping it simple” by calling the delivery place for your email the “inbox” won’t sink your brand, and the name “imbox” is sure to, at best, annoy.

It’s important to reaffirm that HEY’s driving principle–accessible email that prioritizes your privacy and charges you a relatively nominal fee for doing so–is good, and that’s the tough part of any app’s development; should they choose to follow Silver’s lowkey advice and make a few tweaks, they’ll have a winning product.

Continue Reading

Tech News

Live captioning via AI is now available for Zoom, if a little limited

(TECH NEWS) In order to be more inclusive, and improve the share of information with your team, live captioning is a great option for your next Zoom call.

Published

on

Zoom live captioning

The ubiquitous all-father Zoom continues to prompt innovation–and in a time during which most companies are still using some form of remote communication, who can blame them? It’s only fitting that someone would come along and try to flesh out Zoom’s accessibility features at some point, which is exactly what Zoom Live Captioning sets out to accomplish.

Zoom Live Captioning is a Zoom add-on service that promises, for a flat fee, to caption up to 80 hours per month of users’ meetings via an easy-to-implement plugin. The allure is clear: a virtual communication environment that is more time-efficient, more accessible, and more flexible for a variety of usage contexts.

Unfortunately, what’s less clear is how Zoom Live Captioning proposes to achieve this goal.

The live-captioning service boasts, among other things, “limited lag” and “the most accurate [speech-to-text AI] in the world”–a service that, despite its sensational description, is still only available in English. Furthermore, anyone who has experienced auto-captioning on YouTube videos–courtesy of one of the largest technology initiatives in the world–knows that, even with crystal-clear audio, caption accuracy is questionable at best.

Try applying that level of moving-target captioning to your last Zoom call, and you’ll see what the overarching problem here is.

Even if your Zoom call has virtually no latency, everyone speaks clearly and enunciates perfectly, your entire team speaks conversational English at a proficient degree across the board, and no one ever interrupts or experiences microphone feedback, it seems reasonable to expect that captions would still be finicky. Especially if you’re deaf or hard of hearing–a selling point Zoom Live Captioning drives home–this is a problematic flaw in a good idea.

Now, it’s completely fair to postulate that any subtitles are better than no subtitles at all. If that’s the decision you’d like to make for your team, Zoom Live Captioning starts at $20 per person per month; larger teams are encouraged to contact the company to discuss more reasonable rates if they want to incorporate live captioning across an enterprise.

Nothing would be better for speech-to-text innovation than being wrong about Zoom Live Captioning’s potential for inaccuracy, but for now, it’s safe to be a little skeptical.

Continue Reading

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!