The internet exploded this week with a cache of private photos taken from the devices or online accounts of several high-profile celebrities. Beyond the ethical and social questions raised by this incident are the technology questions and risks that have been exposed through this leak. There are lessons here on what businesses can do to better secure their information and that of their customers. From what we know so far, the photos were claimed to have been taken from the iCloud accounts of the celebrities involved. It’s recently been revealed that Apple’s Find My iPhone service was vulnerable to password brute-forcing. Brute-forcing is a password analysing technique which works by testing a large number of passwords until one is shown to be the correct one. Because Apple didn’t block repeated incorrect login attempts, it was vulnerable to this technique. This recent iCloud vulnerability, whether or not it’s how the photos were gained, is terrifyingly easy to exploit. It’s not a stretch to believe this vulnerability could have also been behind the iPhone ransom incident from a few months ago. As data continues to move to the cloud, it’s important to implement good security practices to reduce the risk of exposure. If you operate a business that involves handling sensitive or personal information, you are responsible for the security measures that keep that information out of the wrong hands. Here are five things businesses can do to prevent unauthorised access to their online information: 1. Perform regular security audits on any online applications that store personal data. Even a fairly rudimentary security audit would have revealed the brute-force vulnerability that Apple was exposed to. You can perform your own security audits using software such as WebSecurify, or hire a “penetration testing” consultant. 2. Ensure all software developers that work on your online applications have adequate knowledge and training in computer security. This one can be tricky to measure, but most software developers are quick to learn when made aware of hacking techniques and how to protect against them. Resources such as the “Security Now” podcast help increase awareness. Depending on the technologies your company relies on, following related technical blogs is a great way for your developers to stay abreast of any security developments they need to react to. 3. Do not reuse passwords across multiple applications and do not use easily guessable passwords. The Find My iPhone vulnerability still required a fairly rudimentary password to successfully gain access to an account. Remembering passwords (and creating strong ones!) is a tough process, look to software tools that make it easier and also remember the passwords for you. My personal recommendation would be AgileBits' 1Password, but many software applications exist that do this well. 4. Keep software up-to-date by installing updates as promptly as possible. This applies to everything from your operating system, to your browser, to the plugins it may rely on (Java and Flash updates in particular are crucial). Modern operating systems (Windows, OSX, iOS, Android) all display prompts for security updates. Mobile operating systems in particular prompt for updates often, don’t ignore them! If you’ve had a particular software package that doesn’t have auto-update or update prompts, be sure to periodically check online for updated versions of that particular software. Never run unsupported software, or software with known security issues. 5. Finally, if you ever have a security breach, make diagnosing and patching it your number one priority. Depending on the breach, this is a task that can be performed by your developers, although in some cases you may wish to consult an expert with background in computer forensics or computer security to help diagnose and rectify the problem. Notify your customers if you have a vulnerability that concerns the integrity of their data, and give them the information they need to secure it again. Remember, your customers might not be happy about the breach, but they’ll be furious if they find out you covered it up or failed to try your best to prevent it. Farid Wardan is a lead software engineer at Terem Technologies, an Australian company that specialises in developing custom software and technology solutions for corporate innovations and high-tech ventures.
Enterprise app market booms, while 69% of all smartphone developers earn less than $US1000 per month7:02AM | Tuesday, 22 July
Which technology is best to use in launching a new site or web application? There was a time when I would answer this question by getting into the details of the various features and performance characteristics of a given platform, but over the years I’ve realised it’s really not a technology question; it’s a people question. The issues are: who is going to build it, and who are you going to want to hire to continue to build it? Anyone who has been around software engineers (or any engineers) knows that a truly great engineer is worth many mediocre engineers, so if you’re starting a technology-intensive business, it’s critical that you be able to attract high calibre people. For instance, Adobe ColdFusion (formerly Macromedia ColdFusion, formerly Allaire ColdFusion) is an extremely productive platform for building web applications — in terms of getting something done quickly it’s great, but good luck finding great engineers who want to work with ColdFusion. Deserved or not, ColdFusion has a reputation in the industry for not being a “real” programming environment (there’s a whole other discussion to be had about the perversely inverse relationship between the ease-of-use and productivity of a programming environment and the credibility it receives in engineering communities). Most software developers wouldn’t want to be forced to work with ColdFusion for fear their other skills would atrophy. This is not a statement about how good ColdFusion is as a technology; it is a statement about the realities of putting together a team. This is a nuance lost on a lot of entrepreneurs and managers who haven’t done hands-on coding before — the tools you choose define the nature of the team you will build moving forward, and in most cases it’s extremely difficult to switch gears. To be fair, this nuance is also usually lost on engineers, who can easily burn a lot of cycles debating the merits of Ruby vs PHP vs Java vs ColdFusion vs every other thing. In the end, the tools listed here, among many others, are mature enough that they can all serve well to create web-based applications. Some might take longer, some might not scale as readily, some might not integrate with other technologies as easily, but from the standpoint of “can it be built in a reasonable amount of time and be production-ready and reasonably scalable” the answer is yes in all cases. The best technology to choose is the one that creates the culture you want. Nathan Dintenfass is a product executive living in San Francisco.
In Australia, we live in what I call a ‘high trust’ society. We tend to take people at their word. For example, imagine you are at a social gathering where you do not know anyone. Someone asks you “What do you do for a living?” You could say, “I am an airline pilot with Virgin Australia” and most people will accept what you say immediately. In fact, you could make almost anything up! This model will, of course, fail immediately if the person you are talking with says, “I am too, which route do you fly?” or if they know someone in the room who is also a pilot. The lesson here is, in Australia and many Western countries, people tend to trust first and ask questions later. In most of the rest of world, however, business is transacted in a low trust environment where trust must first be earned, sometimes with every call you make. We work with those we trust to solve our problems If I want someone to make a buying decision with me, I need them to trust that what I say will happen when they buy my product or service. The bigger the decision, the larger the level of trust required. Trust comes in three stages: Stage one: This is a good person I was talking with an older person just listening to their stories. After a while, out of the blue, she said, “Greg, you are a good boy.” I was so surprised, I said, “Why don’t you put that in writing”, which she did. I now have a signed piece of paper, which I treasure, stating: “Greg is a good boy.” Getting to the point where someone thinks you are a good person is just a matter of listening while asking open, reflecting and probing questions. The fact you take the time to listen tells the other person you are someone they can trust. Stage two: This person has good ideas A fellow business coach asked for a minute of time to discuss a client of theirs they were having trouble with. At the end of this discussion, she said: “Greg, you always have great ideas. Do you mind if I use you on an ongoing basis?” All I had done was listen to the problem and reflected ideas back in the same format as she stated them. For example, she said: “The person I am coaching has achieved all the goals we set out to achieve. I do not know where to go from here.” “Have you reset the goals in light of the way the person has developed?” I asked. What I did was reflect back her words in a new way. While this was not rocket science, it did give her an ‘a-ha moment’ and cemented in her mind that I have good ideas and moved me to the next level of trust. Stage three: This person can do what they say they can do “You can change all that COBOL into JAVA using an automated tool?” one incredulous programmer asked me. I could see this multimillion dollar project was going nowhere despite the level of trust we had developed. I asked: “John, if I can show you this working will you authorise a pilot program?” What John wanted was evidence for himself and others of his team that I was a trustworthy person. We set up the demonstration and won the pilot program. They believed because we showed we could do what we promised on a small scale, then a large scale. Your trust bank account When you meet someone for the first time you automatically open a ‘trust bank account’ with a small, but positive, balance. Every time you promise to deliver a result (to get more, to save more, to look good, to feel good, to eliminate pain, or to be loved) and you do it, you add to your trust bank account. Every time you fail you make a withdrawal. Can you be trusted before you can prove it? Yes, in most situations people will take you at face value. When it comes to decision that will impact their business or life you can be sure it will only be made when you trust bank balance is substantial. Today’s question and actions: This week, when you meet with your clients ask this simple question: “How could purchasing this product or service change the way you do business?” You may be surprised by the answer. What are you doing to make deposits into your trust bank account? Every time you make a promise, no matter how small, if you do not deliver it counts as a withdrawal. Send an unexpected handwritten card or thank-you note and you add to your trust account. Do you listen attentively? Do you share ideas? Nothing will establish trust and increase sales better than becoming an expert in asking the right questions, following up with ideas and showing how these ideas work with other organisations. Email me to set up a time to talk about opening a trust account with your team. Have a great week! Reprint permission: Permission is granted to reprint this article with the condition it is republished unedited and in full with full attribution to the author and the authors bio. Please provide a link to the reprint to the following email; email@example.com
Given the sheer volume of public hand-wringing by traditional players such as the resources industry and large retailers over threats to their revenue, it seems that some view innovation as something to be wary of, rather than enthusiastically embraced.
Sydney-based start-up biNu has snagged $4.3 million from investors including 500 Startups, having already received funds from Google’s Eric Schmidt and Seek co-founder Paul Bassat.
Californian start-up YourMechanic took out the top title at TechCrunch Disrupt SF 2012, while other standouts included a self-balancing bicycle and a predictive database for app developers.
Wayne Swan is to deliver his Budget speech to a backdrop of a share market slump in Australia, with investors concerned over the eurozone economic situation and jobs data from the US.
Some people foolishly measure experience in years, rather than achievements. Yet the quickest way to garner high quality experience is to work in a fast growing start-up.
Tech giants Google and Microsoft have offered new incentives to start-ups and small businesses in an attempt to increase the user numbers for their respective technologies.