Newsletter Issue #881
October 17th, 2016THIS WEEK’S TECH NIGHT OWL RADIO UPDATE
If Apple had confronted a scandal anything near as severe as Samsung’s Galaxy Note 7 scandal, you can bet that Tim Cook would be front and center in apologizing for the problem and reassuring customers. Even when the best efforts are made, with all good intentions, things happen, unpleasant things. When Maps for iOS arrived in 2012 riddled with bugs, Cook even went so far as to suggest you use the competition’s mapping software until they could get it together.
Samsung does have information at its site on what to do if you have a Galaxy Note 7. But nowhere in that document is there the appropriate apology for making such a such a serious and potentially dangerous mistake. There’s nothing about Samsung being committed to delivering safe, reliable products to its customers. While such an apology may yet appear, the delay is not going to endear the company to existing and future customers.
There are online references to how a company should handle crisis management. A key example is how Johnson & Johnson recovered from the Tylenol scandal in 1982, where people died from contaminated bottles containing the over-the-counter medication.
More recently, Volkswagen, stung by the revelation it had been cheating for years on emissions tests for its cars with diesel engines because they couldn’t meet U.S. standards, agreed to pay billions and billions of dollars to set things right. In the U.S., they are offering to buy back the affected vehicles at favorable prices to customers, and adding cash payments to sweeten the pot. At the same time, there are huge factory incentives if you want to buy a new Volkswagen. I can see where it’s tempting.
It is fair, however, to mention that VW’s customers in Europe can have their vehicles fixed without charge, but there are no buybacks or financial givebacks. That demonstrates the value of governments having regulations to properly deal with the chronic abusers.
Now on this weekend’s episode of The Tech Night Owl LIVE, we featured outspoken blogger and podcaster Peter Cohen. Peter talked about Samsung’s Galaxy Note 7 scandal, in which the product was discontinued because over 100 handsets overheated or caught fire. How is Samsung handling the controversy, and how will Apple benefit from the fallout? The discussion also focused on falling Mac sales and whether the dearth of new models is at least partly responsible. And what about the Pixel, Phone by Google smartphone? How will Google’s Android partners react to the competition?
You also heard a comprehensive security update from ethical hacker Dr. Timothy Summers, President of Summers & Company, a cyber strategy and organizational design consulting firm. This week, Dr. Summers talked about the reports that the Russians are responsible for the recent hacks of Democratic emails and Twitter accounts. Can we believe the WikiLeaks disclosure of this material, or has it been altered? Is this the beginning of a Cybersecurity Cold War? How will it play out, and how can you protect your own email and other online accounts from hacks? Dr. Summers also discussed the recently revealed email hack at Yahoo, and whether the late disclosure will impact Verizon’s decision to acquire that company.
On this week’s episode of our other radio show, The Paracast: Fortean researcher Joshua Cutchin returns to The Paracast to discuss his latest book, “The Brimestone Deceit.” In Greg Bishop’s review of the book, he says, “The Brimstone Deceit can rightly be called an instant classic because it articulates a refreshingly original approach to the paranormal and more importantly, how witnesses interpret their experiences. Joshua Cutchin carefully builds his case with fascinating, startling, and entertaining accounts from throughout history to show us that when it comes to UFOs, Bigfoot, and other High Strangeness, the nose may really know what has been knocking at our doors for millennia.”
Whenever I read about yet another hack of an email or credit card system, I wonder about the price of almost constant online access and what we have to give up when it comes expectations of privacy. It almost seems as if nothing is safe regardless of what you do.
So I wasn’t too surprised to read that some 500 million Yahoo email accounts have been hacked. Unfortunately, it doesn’t appear that Yahoo bothered to disclose the extent of this massive intrusion to the executives at Verizon who were doing their due diligence in advance of acquiring the company. Does that mean that Verizon is going to abandon this deal? Probably not, although they might demand some financial concessions.
Now as many of you know, I do have email accounts with a some of the larger fee services, and I quickly took the appropriate steps to protect my Yahoo account. I do notice that you can take advantage of two-factor authentication, which means that you need to authenticate with two systems to login. This may include a standard password — and one hopes it’s strong — and having the service send a text message to your mobile phone with an additional passcode. If you don’t successfully manage both tasks, you cannot connect to your account.
All the major email services offer two-factor authentication, as do the banks with whom I do business. The private business email system I use offers it as well. While it doesn’t mean it’s not theoretically possible for a hack to somehow bypass such stringent protections, the chances appear to be extremely slim. A little inconvenience is worth the extra step, but don’t forget it’s more difficult to recover a lost password if you use this method. You’d have to check the online instructions for the service you use to see how it’s handled.
More and more credit and debit cards are coming equipped with their own electronic of protection. Gaining an increased presence in the U.S. is a chip credit card. It’s a feature already in use in the European Union, and it’s a response to massive hacks of credit card data. So I can’t forget the announcement, in 2013, that data from tens of millions of credit cards of Target customers was stolen. In the months that followed, Target upgraded its point-of-sale systems.
I was personally concerned, because I had made some small purchases from Target with a bank debit card around this time this hack occurred. It may even explain why that account was compromised some months later, but the bank would never admit a connection. Let’s just say that I’m not doing business with that bank anymore, but I won’t mention its name because it may have been a fluke. I may have reacted more out of emotion than logic.
Here ares the basics about a chip card: Instead of embedding your credit card data in a strip easily read by a credit card processing device — even one that is hacked and captures that data — it’s all placed in a computer chip. All well and good, but the way it’s implemented in the U.S. is not so user friendly. If your credit card has a chip emblem on it, instead of sliding the card through the reader of a POS system, you have to insert it at the bottom. It has to remain there until the transaction completes, and even then, it may require redoing the steps a couple of times.
With the usual credit card reader at a bank ATM machine, some systems expect you to remove the card. Other systems simply pull the card into the reader and keep it there until your transaction is done. That also helps a bank capture a credit card in case of fraud, or if a customer is being given the heave-ho for some reason.
But in the former case, using the chip card can be awkward, and if the system doesn’t work properly, you may fight dueling messages to insert, remove and reinsert the card. I ran into that problem with Barbara’s bank debit card this morning, and finally gave up and tried another machine. But the chip scheme can also slow down the processing of the transaction, as if the extra security steps are overtaxing machines ill-equipped to manage the extra resource needs. In the usual case, it appears it may take up to twice as long, which is bound to make customers feel they might prefer to revert to the older and less secure card reading system.
My personal preference is Apple Pay, which never shares your credit card data with a merchant. Instead, it sends a secure token that authenticates the transaction. It can sometimes be hit-or-miss, however, and you may have to place your card near the POS machine a couple of times for the transaction to process. Unfortunately dueling mobile payment systems mean that the store you deal with may not accept Apple Pay for reasons that have noting to do with convenience, quality or security.
So if you shop at Walmart, it mentions something called Walmart Pay, an ungainly system that requires a mobile app and a QR code to process a sale. I have decided not to bother, and I hope the powers-that-be in Bentonville, AR will do the right thing and embrace multiple mobile payment systems for the benefit of customers. It’s hard enough for retailers to grow sales these days — and Walmart has had its issues. I just wonder if it could gain more business if Apple Pay were supported. All right, that would possibly require modifying hundreds of thousands of POS systems, so I can see where it won’t happen soon even if Walmart chose to take such a step.
Regardless of which password authentication system you use for an online service, and regardless of what sort of credit card you have, I suspect there will always be a way for hackers to gain control. It will always be a cat and mouse game as banks and merchants fight Internet criminals to protect customers, or until a totally new processing system is devised. Maybe not even then.
But when I mention smoke signals, just remember they can easily be seen by anyone in range, not just the intended recipient.
THE FINAL WORD
The Tech Night Owl Newsletter is a weekly information service of Making The Impossible, Inc.
Publisher/Editor: Gene Steinberg
Managing Editor: Grayson Steinberg
Marketing and Public Relations: Barbara Kaplan
Sales and Marketing: Andy Schopick
Worldwide Licensing: Sharon Jarvis
| Print This Issue
My stepfather spent a good deal of his life as a crime reporter for a long-defunct NYC newspaper of the “bucket of blood” variety, and in the course of his work he made the acquaintance of a wide variety of low-level goombahs. One of whom was nicknamed “Dimes” because he would only communicate with his colleagues by means of public pay phones. Dimes was aware that, if nothing else, his phone call could always be monitored for quality by “the man on the frames” at the local phone company, so that he couldn’t trust his personal landline. So he carried so many dimes and quarters in his pockets that his pants always looked in imminent danger of falling off. Maybe Dimes had the right idea. Most of us are trusting souls and want to believe our e-mail security is a hundred percent guaranteed. But you have something equivocal or personally revealing you need to share, e-mail might not be the right medium for you.