In RetroTech: NetLingo Blog

This weekend NetLingo presents a round-up of tidbits from the tech front, enjoy!

Apps Review
Here are some of the best apps for discouraging texting while driving:

DriveMode blocks all calls, texts, and emails, and prevents drivers from reading or typing. When you select the app, it sends out auto replies to let people know that you’re driving. (Free; AT&T only)

Textecution automatically disables texting whenever your phone is traveling at speeds exceeding 10 mph. But you can send a request to the admin to override the block if you’re just riding in a fast-moving car, not driving it. ($30; Android)

text-STAR uses the same 10 mph speed limit as Textecution, and also allows you to schedule auto-reply texts in advance, for periods when you know you’ll be on the road or otherwise occupied. (Free; Android)

DriveSafe.ly doesn’t block incoming texts; instead it reads them aloud. It allows you to respond by voice instead of with your fingers. (Free; iOS, Android, Blackberry) Source: Mashable.com

Latest Online Trend
Have you heard about Japan's new teenage fad?
In a new fad sweeping Japanese teenagers, girls are going out in public with their panties over their heads, says BuzzFeed.com. The teens are using social media to send out photos of themselves wearing panties as unusual face masks, and are even showing up at school or in clubs thus attired. The fad is apparently based on a teen comic book about a character called “the abnormal superhero,” who also wears ladies’ undergarments over his head as a mask. “I really worry about this country,” one Japanese commenter said.


Book Review
Give Me Everything You Have: On Being Stalked by James Lasdun

Cyberbullying isn’t just a teenage phenomenon, said Emma Garman in TheDailyBeast.com. Novelist and poet James Lasdun was a married, middle-aged father of two when he suddenly became the target of a former pupil’s campaign to destroy him from afar. “Nasreen,” as he calls his tormenter, opened the assault with a flood of vicious, anti-Semitic emails before disseminating her allegations of plagiarism, philandering, and even rape via emails to his colleagues and comment sections linked to his books. Lasdun’s “stunningly well-written” account reads like a warning: “What befell him could befall anyone.”

His book “deftly evokes the chill power of cyberstalking,” said Edward Kosner in The Wall Street Journal. When Nasreen’s campaign ignited, the simple task of checking his email was, Lasdun writes, “like swallowing a cup of poison every morning.” The young Iranian-American woman had been a standout student in a 2003 fiction workshop he taught and, after the pair started a friendly correspondence, she initially responded reasonably when he rebuffed her flirtations. After the abuse began, Lasdun got little to no help from the FBI and the police—in part because his stalker was a nonviolent harasser who lived in another state. But Lasdun’s anxiety about how Nasreen might be destroying others’ trust in him was real. This was an asymmetric war, and he never does find a way to give the story a satisfactory conclusion.

That’s partly because he never accepts that Nasreen is probably mentally ill, said Jenny Turner in The Guardian (U.K.). He even admits that labeling her as simply mad would make his story, “for literary purposes, less interesting.” Yet doing otherwise makes him seem more concerned with being a victim than with getting answers. Still, you can’t fault him for refusing to blame the whole episode on a meaningless mix of chemicals in Nasreen’s brain, said Laura Miller in Salon.com. After all, “insisting that the tribulations people live through amount to more than an accident of biology” is “essentially what writers do.”
(Farrar, Straus and Giroux, $25)

- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!

The popular social-messaging service is partnering with American Express to let you make purchases just by tweeting. Twitter, in its seemingly endless quest to effectively monetize itself, is looking across the Internet to Amazon for a little inspiration. The social-messaging network now wants to become something of an e-tailer, and is partnering with American Express to let consumers purchase products by — you guessed it — tweeting.

The project is still in the experimental phase, but so far, here's what The Week knows about how Amex Sync would work: Retailers would make deals with Twitter to sell specific products and services at a discount to Twitter users. Then on the consumer end, you'd link your Amex credit card with your Twitter handle. Once signed in, you'd send a tweet containing a special hashtag to make a purchase, something like #BuyAmexGiftCard25. A reply to @AmexSync confirms the purchase, and — tada! — you are now the owner of a $25 American Express Gift Card.

Twitter believes this initiative could help the company diversify its revenue streams, which are currently heavily reliant on online advertising. "We're convinced that commerce is going to be one of the areas (for which) advertisers are going to start using our platform," Joel Lunenfeld, Twitter’s vice president of global brand strategy, told The Wall Street Journal. It's unclear, however, if or how much of a cut Twitter will take from each transaction.

But tweets could just be the beginning. According to All Things D, Amex is bringing the initiative over to Facebook, Foursquare, and Microsoft's Xbox Live, too.

So what's in it for you? Discounts on a range of products — Amex gift cards, Kindle Fire tablets from Amazon, jewelry from designer Donna Karan, and the like. Of course, that means you'll have to openly advertise to your followers what it is you're buying, which many consumers will understandably see as a dealbreaker.

For marketers, it establishes that almighty link between the mysterious value of a tweet and a measurable purchase at the end of the online retail funnel. Expect the service to roll out slowly over the next few days
- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!

Not a day goes by in New York City that I don't hear about some kind of abduction. But when it happens because people get to know each other online and then meet in real life, I must report on it so you know the dangers, even if you're an adult!

According to Alison Bowen of Metro New York, police are searching for a suspect they think may have murdered a Queens teacher after they met online. David Rangel, 53, was found choked to death and shoved under his couch in his Jackson Heights apartment Sunday, officials said. A police spokesman said cops responded to a 911 call, after a friend checking on him found the door unlocked and ajar.
Police found Rangel with trauma to his head and blood on the floor and the walls. Councilman Daniel Dromm asked the NYPD to investigate the murder as a hate crime. “The horrific crime committed against David Rangel, an openly gay public school teacher who lived in one of the city's most tolerant communities, is deeply distressing,” Dromm said. Dromm spokesman Alex Florez said Rangel appears to have met someone online. The councilman's concern is that someone may have targeted him because he is openly gay, and that this perhaps led into a potential bias-motivated murder. “Something obviously went terribly wrong there,” Florez said. Rangel taught seventh- and eighth-grade Spanish at P.S. 219. “We are deeply saddened by the loss of a well-liked and respected teacher, David Rangel,” the school’s president, Fred Wright, wrote on Twitter yesterday.

Meanwhile, the family of a Staten Island woman, Sarai Sierra, is searching for her in Turkey, where she disappeared while traveling this month. They, too, are concerned she may have met someone online. She had planned to meet with strangers she met through Instagram, according to the Daily News. Online safety expert Hemu Nigam said that when people sit behind a computer screen, they may wrongly lower their guard.

“When you’re going online, it’s very much like you’re going down a New York alley,” he said. “You don’t know where you’re going, you don’t know what might pop up … yet when you’re on a computer, you do it without thinking twice.”
“If you’re connecting with somebody in the online world, unless you are seeing the whites of their eyes, they should be treated as a stranger to you,” Nigam said. Instead, he said, when people talk online, they can feel very comfortable, because they are in the comfort of their own home. But people should have the opposite reaction. If something seems off, ask for clarification, he advised. “I think your first best friend in all of this is Google,” he said. “You can see if the job they’re talking about actually exists. … if your instincts say there’s something wrong, you’ve got to go with it.”

He also suggests a face-to-face chat on the computer or phone. “If the person refuses because they’re giving you examples like, ‘My hair doesn’t look good today, I’m just not feeling well,’ your senses should go up,” he said. If you do meet someone, perhaps through an online dating website, make sure it is in a public place, and consider having a friend show up two or three tables down or suggesting a group setting.

Happy New Year, it's time to change your passwords again. You can't go anywhere online without a password these days. Want to access Xbox Live through your PC? You'll need a password. Logging onto the PlayStation Store? Cough it up. Playing any online games? You know what to do. Not to mention all of your social networking, email, website, and e-commerce passwords.

The problem though, according to Chris Morris at Plugged In, is that most of us just aren't very password-creative. hacker delight in posting usernames and passwords online when they raid a database. To prove the point -- and to help us all make better password decisions -- SplashData compiles an annual list of the most common (and therefore, the worst) passwords from those listings.

The top passwords of 2012 are the same three from a year ago - "password," "123456," and "12345678." In 2012, however, there were some new additions, including "welcome, " "jesus," "ninja," and "mustang." Our favorite newcomer to the list (and yes, we're being sarcastic here), is "password1," a particularly weak attempt at pleasing providers who require a number in your password somewhere.

"At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password," said Morgan Slain, CEO of SplashData. "We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites."

Gamers in particular need to be vigilant in keeping their passwords strong and safe. Hackers have targeted a number of game companies in recent years, including Blizzard, Bethesda, and, most famously, Sony. Earlier this month, PlaySpan, who handles microtransactions for hundreds of online games, was breached.

If you've got any of these phrases as your password on any system — be it a gaming network, email client, or especially an online banking account -- change it. Change it fast. You're leaving yourself open for hacking that could result in the loss of everything, from hard-won Diablo III items to Microsoft Points you spent real-world money acquiring.

Here's the full 2012 list, along with how the popularity of the phrase has increased or decreased in the past year:

1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)

Keep creating the same old passwords? Here's a few tips on how to create an cryptic password:

- Use the first letter from each word in a phrase or line from a song. For example, "Hey, I just met you... And this is crazy... But here's my number... So call me maybe" could be "hijmyaticbhmnscmm." Of course, you'll be stuck singing the damn thing in your head every time you log in.

- Combine two words, such as "hungrydog" or "choppywater." For added security, separate those words with symbols or numbers, or swap numbers in place of certain letters. So instead of "hungrydog," use"hungry$d0g."

- If the site is case-sensitive, vary upper and lower case letters, as well as using numbers and symbols. ("ViDeOgAmE," for example, is much more secure than "videogame.")

Just as remarkable as the power of mobility, over everything from love to learning to global development, is how fast it all happened.

Nancy Gibbs of Time points out, it is hard to think of any tool, any instrument, any object in history with which so many developed so close a relationship so quickly as we have with our phones. Not the knife or match, the pen or page. Only money comes close—always at hand, don’t leave home without it. But most of us don’t take a wallet to bed with us, don’t reach for it and check it every few minutes, and however useful money is in pursuit of fame, romance, revolution, it is inert compared with a smart phone—which can replace your wallet now anyway.

Whatever people thought the first time they held a portable phone the size of a shoe in their hands, it was nothing like where we are now, accustomed to having all knowledge at our fingertips. A typical smart phone has more computing power than Apollo 11 when it landed a man on the moon. In many parts of the world, more people have access to a mobile device than to a toilet or running water; for millions, this is the first phone they’ve ever had. In the U.S., close to 9 in 10 adults carry a mobile, leaving its marks on body, mind, spirit. There’s a smart-phone gait: the slow sidewalk weave that comes from being lost in conversation rather than looking where you’re going. Thumbs are stronger, attention shorter, temptation everywhere: we can always be, mentally, digitally, someplace other than where we are.

So how do we feel about this? To better understand attitudes about mass mobility, Time, in cooperation with Qualcomm, launched the Time Mobility Poll, a survey of close to 5,000 people of all age groups and income levels in eight countries: the U.S., the U.K., China, India, South Korea, South Africa, Indonesia and Brazil. Even the best survey can be only a snapshot in time, but this is a crisp and textured one, revealing a lot about both where we are now and where the mobile wave is taking us next.

A tool our parents could not have imagined has become a lifeline we can’t do without. Not for a day—in most cases not even for an hour. In Time’s poll, 1 in 4 people check it every 30 minutes, 1 in 5 every 10 minutes. A third of respondents admitted that being without their mobile for even short periods leaves them feeling anxious. It is a form of sustenance, that constant feed of news and notes and nonsense, to the point that twice as many people would pick their phone over their lunch if forced to choose. Three-quarters of 25-to-29-year-olds sleep with their phones.

If Americans have developed surprisingly intimate relationships with their gadgets, they are still modest compared with people in other countries. The Time Mobility Poll found that 1 in 5 Americans has asked someone on a date by text, compared with three times as many Brazilians and four times as many Chinese. Fewer than 1 in 10 married U.S. respondents admitted to using texting to coordinate adultery, vs. one-third of Indians and a majority of Chinese. It may be shocking that nearly a quarter of all U.S. respondents, including a majority of 18-to-35-year-old men, have sent a sexually provocative picture to a partner or loved one. But that trails South Africans’ 45% and Indians’ 54%. Brazilians are especially exuberant, with 64% baring and sharing all.

In most respects, overseas mobile users value their devices the same way Americans do but with a few revealing exceptions. Americans are grateful for the connection and convenience their phones provide, helping them search for a lower price, navigate a strange city, expand a customer base or track their health and finances, their family and friends. But in some ways Americans are still ambivalent; more than 9 in 10 Brazilians and Indians agreed that being constantly connected is mostly a good thing. America’s 76% was actually the lowest score.

Carve up the U.S. population into the general public vs. high-income, highly educated elites and some contrasts come into focus. Elites are more likely to say that they work longer hours and have less time to think but also that mobile has made them more efficient and productive, able to manage more, be away from the office, stay informed about the news and be a better parent. Four in 10 Americans think mobility has helped them achieve a better work-life balance, vs. three-quarters or more of Indians, Indonesians, Chinese and South Africans.

Like any romance moving from infatuation to commitment, the connection between people and their mobile devices reflects what they brought into the relationship in the first place. In countries where connection and convenience were difficult, these mobiles offer a kind of time travel, delivering in the push of a button or touch of a screen the kind of progress other countries built over decades. Which makes you wonder: Just how much smaller and smarter and faster and better might our devices be a decade from now? And how much about our lives and work and relationships is left to be completely transformed as a result? What do you think?!

- As seen in Time
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!

If someone wanted to create a global system for tracking human beings and collecting information about them, it would look a lot like the digital mobile-device network. It knows where you are, and--the more you text, tweet, shop, take pictures and navigate your surroundings using a smart phone--it knows an awful lot about what you're doing.

Which is one reason federal officials turned to Sprint, Verizon, AT&T and T-Mobile in early 2009 when they needed to solve the robbery of a Berlin, Conn., branch of Webster Bank. Using a loophole in a 1986 law that allows warrantless searches of stored communications, the feds ordered the carriers to provide records of phones that used a nearby cell tower on the day of the crime. The carriers turned over to the prosecutors the identities, call records and other personal information of 169 cell-phone users--including two men who were eventually sentenced to prison for the robbery. With a simple request, the feds cracked a case that might have otherwise taken years to solve. In the process, they collected information on 167 people who they had no reason to believe had committed a crime, including details like numbers dialed and times of calls that would have been protected as private on a landline.

Such cases are common. In response to a request from Representative Ed Markey, major cell carriers revealed in July, 2012 that they had received more than 1.3 million requests for cell-phone tracking data from federal, state and local law-enforcement officials in 2011. By comparison, there were 3,000 wiretap warrants issued nationwide in 2010. That revelation has added to a growing debate over how to balance the convenience and security consumers now expect from their smart phones with the privacy they traditionally have wanted to protect. Every second we enjoy their convenience, smart phones are collecting information, recording literally millions of data points every day.

The potential for good is undeniable. In recent years, the average time it takes the U.S. Marshals Service to find a fugitive has dropped from 42 days to two, according to congressional testimony from Susan Landau, a Guggenheim fellow. Cell phones have changed criminal investigation from the ground up. "There is a mobile device connected to every crime scene," says Peter Modafferi, the chief of detectives in Rockland County, New York.

But as smart phones' tracking abilities have become more sophisticated, law enforcement, phonemakers, cell carriers and software makers have come under fire for exploiting personal data without the knowledge of the average user. Much of the law protecting mobile privacy in the U.S. was written at the dawn of the cell-phone era in the 1980s, and it can vary from state to state. Companies have widely differing privacy policies. Now conservatives and liberals on Capitol Hill are pushing legislation that would set new privacy standards, limiting law-enforcement searches and restricting what kinds of information companies can collect.

Government snooping is part of the worry. But market demand is driving some of the biggest collectors of data. Mobile advertising is now a $6 billion industry, and identifying potential customers based on their personal information is the new frontier. Last year, reports showed that free and cheap apps were capable of everything from collecting location information to images a phone is seeing. One app with image-collection capabilities, Tiny Flashlight, uses a phone's camera as a flashlight and has been installed at least 50 million times on phones around the world. Tiny Flashlight's author, Bulgarian programmer Nikolay Ananiyev, tells Time that his program does not collect the images or send them to third parties.

In November 2012, news broke that a company named Carrier IQ had installed software on as many as 150 million phones that accesses users' texts, call histories, Web usage and location histories without users' knowing consent. Carrier IQ says it does not record, store or transmit the data but uses it to measure performance. In February, Facebook, Yelp, Foursquare and Instagram apps, among others, were reported to be uploading contact information from iPhones and iPads. The software makers told the blog VentureBeat that they only use the contact information when prompted by users. "No app is free," says one senior executive at a phone carrier. "You pay for them with your privacy."

Many consumers are happy to do so, and so far there hasn't been much actual damage, at least not that privacy advocates can point to. The question is where to draw the line. For instance, half of smart-phone users make banking transactions via their mobile device. The Federal Trade Commission has brought 40 enforcement cases in recent years against companies for improperly storing customers' private information.

Law enforcement is subject to some oversight. Absent an emergency, prosecutors and police must convince a judge that the cell information they are seeking from wireless companies is material to a criminal case under investigation. An unusual alliance between liberals and conservatives is pushing a bill to impose the same requirements for getting cell tracking data as those that are in place when cops want to get a warrant to search a house. Another bill would increase restrictions on what app writers can do with personal information. Cases moving through the courts may limit what law enforcement can do with GPS tracking.

Tech companies are trying to get a handle on the issue. Apple has a single customer-privacy policy. Google posts the permissions that consumers give each app to operate their phones' hardware and software, including authorization to access camera and audio feeds and pass on locations or contact info. The rush to keep up with technology will only get harder: the next surge in surveillance is text messaging, industry experts say, as companies and cops look for new ways to tap technology for their own purposes.
- As seen in Time
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!

Too many businesses judge an employee’s performance by hours worked rather than by value created. It's time to get with the program and understand that "face time" is beyond overrated.

Accolades to Robert Pozen of The New York Times who, yet again, brings up the fact too many businesses judge an employee’s performance by hours worked rather than by value created. As a result, workers who complete their tasks faster wind up procrastinating, surfing the Web, or rereading emails long after the clock strikes five, simply in order to be seen in the office.

Studies suggest that workers are right to believe they are better off sticking around to avoid getting labeled as slackers. Managers in one recent study described employees seen in the office as “dependable” and “reliable,” and those who came in over the weekend as “committed” and “dedicated.” These reactions are unfortunate “remnants of the industrial age,” when hours logged on the assembly line translated directly into more products.

But measuring performance by hours worked “makes no sense for knowledge workers” in the 21st century, and bosses who implicitly reward those who stay late “are undermining incentives for workers to be efficient.” Many organizations will struggle with learning to focus on results rather than hours. But if you can convince your boss to make that switch, it “will help you accomplish more at work”—and that’s something any boss can value.

- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!

In the space of one hour, my entire digital life was destroyed, said Mat Honan of Wired. "First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

This isn’t just my problem. Since Friday, Aug. 3, 2012, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group. The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.

Moreover, if your computers aren’t already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.

I realized something was wrong at about 5 p.m. on Friday. I was playing with my daughter when my iPhone suddenly powered down. I was expecting a call, so I went to plug it back in.

It then rebooted to the setup screen. This was irritating, but I wasn’t concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more. I entered my iCloud login to restore, and it wasn’t accepted. Again, I was irritated, but not alarmed.

I went to connect the iPhone to my computer and restore from that backup — which I had just happened to do the other day. When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.

I didn’t have a four-digit PIN.

By now, I knew something was very, very wrong. For the first time it occurred to me that I was being hacked. Unsure of exactly what was happening, I unplugged my router and cable modem, turned off the Mac Mini we use as an entertainment center, grabbed my wife’s phone, and called AppleCare, the company’s tech support service, and spoke with a rep for the next hour and a half.

It wasn’t the first call they had had that day about my account. In fact, I later found out that a call had been placed just a little more than a half an hour before my own. But the Apple rep didn’t bother to tell me about the first call concerning my account, despite the 90 minutes I spent on the phone with tech support. Nor would Apple tech support ever tell me about the first call voluntarily — it only shared this information after I asked about it. And I only knew about the first call because a hacker told me he had made the call himself.

At 4:33 p.m., according to Apple’s tech support records, someone called AppleCare claiming to be me. Apple says the caller reported that he couldn’t get into his Me.com e-mail — which, of course was my Me.com e-mail.

In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.

At 4:50 p.m., a password reset confirmation arrived in my inbox. I don’t really use my me.com e-mail, and rarely check it. But even if I did, I might not have noticed the message because the hackers immediately sent it to the trash. They then were able to follow the link in that e-mail to permanently reset my AppleID password.

At 4:52 p.m., a Gmail password recovery e-mail arrived in my me.com mailbox. Two minutes later, another e-mail arrived notifying me that my Google account password had changed.

At 5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud’s “Find My” tool to remotely wipe my iPhone. At 5:01 they remotely wiped my iPad. At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account. At 5:10, I placed the call to AppleCare. At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack.

By wiping my MacBook and deleting my Google account, they now not only had the ability to control my account, but were able to prevent me from regaining access. And crazily, in ways that I don’t and never will understand, those deletions were just collateral damage. My MacBook data — including those irreplaceable pictures of my family, of my child’s first year and relatives who have now passed from this life — weren’t the target. Nor were the eight years of messages in my Gmail account. The target was always Twitter. My MacBook data was torched simply to prevent me from getting back in.

Lulz.

I spent an hour and a half talking to AppleCare. One of the reasons it took me so long to get anything resolved with Apple during my initial phone call was because I couldn’t answer the security questions it had on file for me. It turned out there’s a good reason for that. Perhaps an hour or so into the call, the Apple representative on the line said “Mr. Herman, I….”

“Wait. What did you call me?”

“Mr. Herman?”

“My name is Honan.”

Apple had been looking at the wrong account all along. Because of that, I couldn’t answer my security questions. And because of that, it asked me an alternate set of questions that it said would let tech support let me into my me.com account: a billing address and the last four digits of my credit card. (Of course, when I gave them those, it was no use, because tech support had misheard my last name.)

It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud.

Apple tech support confirmed to me twice over the weekend that all you need to access someone’s AppleID is the associated e-mail address, a credit card number, the billing address, and the last four digits of a credit card on file. I was very clear about this. During my second tech support call to AppleCare, the representative confirmed this to me. “That’s really all you have to have to verify something with us,” he said.

We talked to Apple directly about its security policy, and company spokesperson Natalie Kerris told Wired, “Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”

On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file. Here’s the story of how the hackers got them.

By exploiting the customer service procedures employed by Apple and Amazon, hackers were able to get into iCloud and take over all of Mat Honan’s digital devices — and data.

On the night of the hack, I tried to make sense of the ruin that was my digital life. My Google account was nuked, my Twitter account was suspended, my phone was in a useless state of restore, and (for obvious reasons) I was highly paranoid about using my Apple email account for communication.

I decided to set up a new Twitter account until my old one could be restored, just to let people know what was happening. I logged into Tumblr and posted an account of how I thought the takedown occurred. At this point, I was assuming that my seven-digit alphanumeric AppleID password had been hacked by brute force. In the comments (and, oh, the comments) others guessed that hackers had used some sort of keystroke logger. At the end of the post, I linked to my new Twitter account.

And then, one of my hackers @ messaged me. He would later identify himself as Phobia. I followed him. He followed me back.

We started a dialogue via Twitter direct messaging that later continued via e-mail and AIM. Phobia was able to reveal enough detail about the hack and my compromised accounts that it became clear he was, at the very least, a party to how it went down. I agreed not to press charges, and in return he laid out exactly how the hack worked. But first, he wanted to clear something up:

“didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”

I asked him why. Was I targeted specifically? Was this just to get to Gizmodo’s Twitter account? No, Phobia said they hadn’t even been aware that my account was linked to Gizmodo’s, that the Gizmodo linkage was just gravy. He said the hack was simply a grab for my three-character Twitter handle. That’s all they wanted. They just wanted to take it, and fuck shit up, and watch it burn. It wasn’t personal.

“I honestly didn’t have any heat towards you before this. i just liked your username like I said before” he told me via Twitter Direct Message.

After coming across my account, the hackers did some background research. My Twitter account linked to my personal website, where they found my Gmail address. Guessing that this was also the e-mail address I used for Twitter, Phobia went to Google’s account recovery page. He didn’t even have to actually attempt a recovery. This was just a recon mission.

Because I didn’t have Google’s two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery. Google partially obscures that information, starring out many characters, but there were enough characters available, m••••n@me.com. Jackpot.

This was how the hack progressed. If I had some other account aside from an Apple e-mail address, or had used two-factor authentication for Gmail, everything would have stopped here. But using that Apple-run me.com e-mail account as a backup meant told the hacker I had an AppleID account, which meant I was vulnerable to being hacked.

Be careful with your Amazon account — or someone might buy merchandise on your credit card, but send it to their home.

“You honestly can get into any email associated with apple,” Phobia claimed in an e-mail. And while it’s work, that seems to be largely true.

Since he already had the e-mail, all he needed was my billing address and the last four digits of my credit card number to have Apple’s tech support issue him the keys to my account.

So how did he get this vital information? He began with the easy one. He got the billing address by doing a whois search on my personal web domain. If someone doesn’t have a domain, you can also look up his or her information on Spokeo, WhitePages, and PeopleSmart.

Getting a credit card number is tricker, but it also relies on taking advantage of a company’s back-end systems. Phobia says that a partner performed this part of the hack, but described the technique to us, which we were able to verify via our own tech support phone calls. It’s remarkably easy — so easy that Wired was able to duplicate the exploit twice in minutes.

First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry’s published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn’t have anything to share by press time.

And it’s also worth noting that one wouldn’t have to call Amazon to pull this off. Your pizza guy could do the same thing, for example. If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.

And so, with my name, address, and the last four digits of my credit card number in hand, Phobia called AppleCare, and my digital life was laid waste. Yet still I was actually quite fortunate.

They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well. As Ed Bott pointed out on TWiT.tv, my years as a technology journalist have put some very influential people in my address book. They could have been victimized too.

Instead, the hackers just wanted to embarrass me, have some fun at my expense, and enrage my followers on Twitter by trolling.

I had done some pretty stupid things. Things you shouldn’t do.

I should have been regularly backing up my MacBook. Because I wasn’t doing that, if all the photos from the first year and a half of my daughter’s life are ultimately lost, I will have only myself to blame. I shouldn’t have daisy-chained two such vital accounts — my Google and my iCloud account — together. I shouldn’t have used the same e-mail prefix across multiple accounts — mhonan@gmail.com, mhonan@me.com, and mhonan@wired.com. And I should have had a recovery address that’s only used for recovery without being tied to core services.

But, mostly, I shouldn’t have used Find My Mac. Find My iPhone has been a brilliant Apple service. If you lose your iPhone, or have it stolen, the service lets you see where it is on a map. The New York Times’ David Pogue recovered his lost iPhone just last week thanks to the service. And so, when Apple introduced Find My Mac in the update to its Lion operating system last year, I added that to my iCloud options too.

After all, as a reporter, often on the go, my laptop is my most important tool.

But as a friend pointed out to me, while that service makes sense for phones (which are quite likely to be lost) it makes less sense for computers. You are almost certainly more likely to have your computer accessed remotely than physically. And even worse is the way Find My Mac is implemented.

When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed. But here’s the thing: If someone else performs that wipe — someone who gained access to your iCloud account through malicious means — there’s no way for you to enter that PIN.

A better way to have this set up would be to require a second method of authentication when Find My Mac is initially set up. If this were the case, someone who was able to get into an iCloud account wouldn’t be able to remotely wipe devices with malicious intent. It would also mean that you could potentially have a way to stop a remote wipe in progress.

But that’s not how it works. And Apple would not comment as to whether stronger authentification is being considered.

As of Monday, both of these exploits used by the hackers were still functioning. Wired was able to duplicate them. Apple says its internal tech support processes weren’t followed, and this is how my account was compromised. However, this contradicts what AppleCare told me twice that weekend. If that is, in fact, the case — that I was the victim of Apple not following its own internal processes — then the problem is widespread.

I asked Phobia why he did this to me. His answer wasn’t satisfying. He says he likes to publicize security exploits, so companies will fix them. He says it’s the same reason he told me how it was done. He claims his partner in the attack was the person who wiped my MacBook. Phobia expressed remorse for this, and says he would have stopped it had he known.

“yea i really am a nice guy idk why i do some of the things i do,” he told me via AIM. “idk my goal is to get it out there to other people so eventually every1 can over come hackers”

I asked specifically about the photos of my little girl, which are, to me, the greatest tragedy in all this. Unless I can recover those photos via data recovery services, they are gone forever. On AIM, I asked him if he was sorry for doing that. Phobia replied, “even though i wasnt the one that did it i feel sorry about that. Thats alot of memories im only 19 but if my parents lost and the footage of me and pics i would be beyond sad and im sure they would be too.”

But let’s say he did know, and failed to stop it. Hell, for the sake of argument, let’s say he did it. Let’s say he pulled the trigger. The weird thing is, I’m not even especially angry at Phobia, or his partner in the attack. I’m mostly mad at myself. I’m mad as hell for not backing up my data. I’m sad, and shocked, and feel that I am ultimately to blame for that loss.

But I’m also upset that this ecosystem that I’ve placed so much of my trust in has let me down so thoroughly. I’m angry that Amazon makes it so remarkably easy to allow someone into your account, which has obvious financial consequences. And then there’s Apple. I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on."

Additional reporting by Roberto Baldwin and Christina Bonnington. Portions of this story originally appeared on Mat Honan’s Tumblr.
- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!

Elite universities are opening their classrooms' doors to anyone with an Internet connection — for free! The company Coursera has teamed up with 16 universities (including Stanford, Duke, and Princeton) to offer more than 100 free online courses to anyone with Internet access.

Why are colleges offering free classes?
They don't want to be left behind in the digital revolution that has already transformed the way we consume news, music, and books. Stanford, Duke, Princeton, and Johns Hopkins are among the 16 universities that have partnered with a newly launched company called Coursera to offer more than 100 free online courses this academic year; MIT, Harvard, and the University of California, Berkeley, are following suit through a nonprofit venture called edX. Now people anywhere in the world can take Stanford's "Introduction to Mathematical Thinking," learn the "Principles of Obesity Economics" at Johns Hopkins, or have Duke University behavioral economist Dan Ariely lead them through "A Beginner's Guide to Irrational Behavior"—all without paying the $50,000 usually required to attend these world-class universities. More than 1 million people from scores of countries have already enrolled in the free classes, which some believe could transform the mission and model of higher education. Anant Agarwal, president of edX, calls it "the single biggest change in education since the printing press."

What's in it for colleges?
Prestige now, and possibly profit later. Schools say they're willing to give their product away for free so they don't miss the chance to be among the first to develop new forms of education. "The potential upside for this experiment is so big that it's hard for me to imagine any large research university that wouldn't want to be involved," said Richard DeMillo, director of the Center for 21st Century Universities at Georgia Tech. One day the schools will likely try to make some money, too, possibly by charging students for credits or allowing companies to sponsor courses. But universities recognize that they could be jeopardizing their hard-won reputations and their time-tested business model, said Jason Wingard, a vice dean of the University of Pennsylvania's Wharton School. "You run the risk of potentially diluting your brand."

How do the classes work?
Much like a typical college lecture course, but with an audience in the tens or even hundreds of thousands. At a time of their choosing, students watch videos of lectures by respected professors, and complete interactive quizzes and regular homework to prove they grasp the material. The Web videos incorporate graphics and virtual games, and students can pose questions and debate one another in online discussion groups. Professors say it's thrilling to reach so many students at once, from teenagers in India to baby boomers in Indiana. Coursera co-founder Andrew Ng, a Stanford computer science professor, recently taught an online class to more than 100,000 students. To reach that many people, Ng said, "I would have had to teach my normal Stanford class for 250 years."

Are the classes effective?
Some educators doubt that virtual classes can match the experience of face-to-face learning. Online education "tends to be a monologue and not a real dialogue," said University of Virginia English professor Mark Edmundson. There's also an extremely high attrition rate: Of the 160,000 people who enrolled in a Stanford artificial intelligence course last year, only 23,000 finished the work. But the feedback that could improve these courses is just beginning to roll in, and there's already some evidence that students who stick with online courses learn just as much as those in conventional classes. "This is the Wild West," said Agarwal. "There's a lot of things we have to figure out."

Will this trend make college cheaper?
There are grounds for hope. Since 1985, U.S. college tuition rates and fees have grown by 559 percent. In theory, online courses could cut costs by enabling universities to outsource coursework to the Internet and do away with or share some academic departments. Fewer students would need campus housing and other services. Universities have so far opposed giving credit for free classes, instead conferring certificates that don't count toward a degree. But that's already starting to change, with the University of Washington offering credit for Coursera classes this fall.

Could the web replace universities?
Not anytime soon. "Why do people pay $50,000 a year to attend an institution like Caltech?" Ng said. "The real value is the interactions with professors and other equally bright students." Still, even a remote dose of elite education can have great value to students who have no chance of setting foot on an Ivy League campus. And lessons drawn from the courses could reshape how colleges approach teaching, turning the ability to offer a mix of online and face-to-face learning into the new gold standard for top-notch educators. Sebastian Thrun, a Stanford research professor who offers free online computer science classes, predicts that there will be only 10 higher-education institutions in the world in 50 years. "It's pretty obvious that degrees will go away," he said. "The idea of a degree is that you spend a fixed time right after high school to educate yourself for the rest of your career. But careers change so much over a lifetime now that this model isn't valid anymore." In the future, he says, people will return to college throughout their lives, updating what they know through online courses.

A fresh start for the jobless
Free online courses might have millions of immediate beneficiaries among unemployed workers who need job retraining. Even with a law degree from the University of Chicago, Dennis Cahillane, 29, couldn't get hired. But after taking several free Stanford courses in building databases, he recently landed a job as a programmer for a media website. And now he is planning to work his way through Coursera classes in his spare time until he's earned "the equivalent of a B.A. in computer science from Stanford," he told Fast Company. Andy Rice, who owns a weather forecasting company in Minnesota, says he's heartened when he sees resumes from job applicants listing free courses. "I definitely want to hire people who are always questing for new knowledge," he said. "Life's not about what you learn when you're 22."

- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!

Teenagers who engage in sexting—sending sexually explicit texts—are far more likely to begin having intercourse at an early age and engage in other risky behavior, a new study has found.
The study of 1,800 Los Angeles high school students shows that one in seven has sent a “sext” message, and that those who have are seven times more likely to be sexually active. Teens who sext—especially girls— are also more likely to have unprotected sex, sleep with multiple partners, and use drugs or alcohol before having intercourse.
“What we really wanted to know is, is there a link between sexting and taking risks with your body? And the answer is a pretty resounding ‘yes,’” study author Eric Rice, a researcher at the University of Southern California, tells Reuters.com. The fact that some teen girls have suffered humiliation when ex-boyfriends widely distributed photos of them naked doesn’t seem to be registering.
“There is an emerging sense of normalcy around sexting behavior,” Rice says. Some 54 percent of teens say they have a friend who sexts, which makes them 17 times more likely to try it themselves. “If their friends do it,” Rice says, “they’re going to do it.”
- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!

Business Insider evaluated private tech companies and ranked the top 100 by value. Their rankings are based on several metrics, including revenue, users, market opportunities, growth rates, and the perception of investors and tech gurus.




Here they are, The Digital 100, enjoy!
1. Alibaba
2. Bloomberg
3. Twitter
4. 360Buy
5. Palantir
6. Dropbox
7. Square
8. MLB.com
9. Softlayer
10. Vente-Privee
11. VANCL
12. Airbnb
13. Pinterest
14. Datapipe
15. Spotify
16. Craigslist
17. Flipkart
18. Ozon Group
19. Coupang
20. Wonga
21. Hulu
22. Klarna
23. Kaspersky Lab
24. Rovio
25. Conduit
26. Aricent Group
27. Survey Monkey
28. Mu Sigma
29. ZocDoc
30. Just Eat
31. Gilt Groupe
32. Everyday Health
33. Evernote
34. LivingSocial
35. Criteo
36. Zulily
37. Zoosk
38. Redfin
39. Qualtrics
40. Seamless
41. Media Ocean
42. JustDial
43. 10gen
44. AppNexus
45. GitHub
46. Tumblr
47. Box.net
48. Glam Media
49. Stella & Dot
50. Marketo
51. Etsy
52. One Kings Lane
53. Nasty Gal
54. Klout
55. Automattic
56. Xiu
57. Manta
58. Eventbrite
59. Sugar, Inc
60. Kickstarter
61. Apptio
62. Fresh Direct
63. eHarmony
64. Veracode
65. Wix
66. Turn
67. Quantcast
68. Nest
69. Fab
70. Foursquare
71. Storm8
72. Flipboard
73. Vibrant Media
74. Rubicon Project
75. OpenX
76. Return Path
77. Quora
78. Snapdeal
79. Tremor Video
80. RightScale
81. Whaleshark/RetailMeNot
82. Break Media
83. Tagged
84. Yext
85. Stripe
86. Rocket Fuel
87. Mind Candy
88. AddThis
89. SoundCloud
90. Xirrus
91. Federated Media
92. Say Media
93. Yodle
94. Coupons.com
95. Path
96. Shazam
97. Plenty of Fish
98. Warby Parker
99. Thrillist
100. Vox Media

Rethink Robotics unveils Baxter, a robot that can work alongside humans. According to Valentin Schmid at The Epoch Times, Baxter could revolutionize the way American companies operate as they shift production back to the United States using the humanoid robot to save on costs. Rethink Robotics unveiled its flagship product to the public September 18, 2012.

“Roboticists have been successful in designing robots capable of super-human speed and precision. What’s proven more difficult is inventing robots that can act as we do—in other words, that are able to inherently understand and adapt to their environments,” said company founder Rodney Brooks, an artificial intelligence legend and robotics pioneer having spent much of his life teaching at MIT. Rethink was founded in 2008 with the purpose of designing a robot like Baxter and carries a few other products. It is currently owned by venture capital firms and Brooks.

He further notes that providing a flexible and inexpensive solution—the robot costs only $22,000—Rethink specifically hopes to contribute to a revival in American manufacturing. “We believed that if we could cross that chasm with the manufacturing environment specifically in mind, we could offer new hope to the millions of American manufacturers who are looking for innovative ways to compete in our global economy.”
Baxter Solves Problem of Safety, Adaptability, and Programming

Baxter, which is exclusively produced in the United States and will first ship in October, aims to solve some of the long-standing issues with automation. The most important one is safety, as most industrial robots on assembly lines operate far away from humans or need to be caged to prevent injury. Rethink’s robot, which has a screen as a head and big flexible arms, is also equipped with Sonar sensors and software that help it detect human activity. In addition, it is programmed to stop its relatively gentle movements as soon as it detects resistance. A promotional video shows the robot standing on a fixed platform and the company has not commented on whether it can also walk.

“The class of products that can work side by side with people without any protection, those would be important developments. They could take robots from a factory environment … where people would have to be kept away, into more areas … some outside of factories,” says Jeff Burnstein, president of the Robotic Industries Association, an organization that provides education and information for companies interested in automating workflows.

Another big advantage is the ease of use. Normally, industrial robots need technical personnel to be programmed to perform a limited amount of tasks in an effort that involves special software and more often than not can take up to a full day. Baxter, which can be employed in less than an hour after being delivered, can be trained by any type of personnel by merely showing it how to perform a wide range of tasks, such as material handling, line loading, light assembly, or packing products.

In practice this would mean that the employee would move Baxter’s arms to perform the desired process and chose one of several preprogrammed options by way of twisting a few dials. The robot can also adapt to changes in the environment, for example if it drops an object, it knows to get another before trying to finish the task, unlike other robots, which have been seen picking air for a whole day, if no human supervises them.

“This class of robots doesn’t need a whole lot of programming. … That’s important. There are a number of companies that either don’t have the in-house expertise or they don’t want to pay for outside assistance,” said Burnstein in an Epoch Times interview.

“Because of its versatility and the short amount of time it takes to retrain, Baxter can be easily moved by production personnel to different and varying tasks over the course of a day, week, and month,” says the company’s press release. Most of the claims that the company makes in the press release can be tracked in a promotional video and also have been tried in practice when Baxter was on loan at Vanguard Plastics, a small manufacturer based in Connecticut, writes Will Knight of technologyreview.com.

Jeff Burnstein cautions, however, that the ultimate success will be determined after the product is rolled out. “Until these products are out in big numbers you don’t know if they are safe or not.”

If Baxter or similar robots can be rolled out on a large scale, it could mean big things for American manufacturing. Given the fact that robots like Baxter are inexpensive, flexible, and do not need much maintenance in terms of programming, they can be used in companies of all sizes that face tough options in competing with low-wage countries. AFL-CIO, the umbrella federation for 56 U.S. unions cites Bureau of Labor Statistics data saying that 5.5 million jobs were lost in the process of offshoring.

“This development will either save or create new jobs,” believes Burnstein. “We would hope that companies that would have otherwise either closed down because they can’t compete or sent manufacturing jobs overseas will decide to automate in order to keep jobs in the United States.”

Bob Baugh, executive director of the AFL-CIO industrial union council, representing the manufacturing unions within the umbrella organization agrees: “If you are more productive this way, you can share the benefits. … The productivity is shared with the workforce and the community and the country in a sense that people earn better wages and income. They are compensated for these productivity gains that come with the interface with human interaction with technology to produce goods.”

The idea is as follows: A humanoid robot would boost human labor productivity in such a way that it would reduce costs and boost output without reducing employment here. Increased output at lower costs would mean more capital accumulated and wages paid in the United States, leading to greater economic prosperity, even outside manufacturing.

A simple example would see an American company closing its factory in China, because it is upset with intellectual property theft and corrupt business practices as well as rising wages over there. It would then reopen production in the United States, hiring workers and supplementing them with flexible automation solutions. Jobs and output are created in the United States, leading to more jobs and output created in the United States.

Jeff Burnstein sees numerous reasons why reshoring makes sense: “When you build domestically you are closer to your customers, you don’t have to deal with political instability … the fear of your IP being stolen. There are a lot of reasons if all things are equal why you would want to build domestically. … Automation and robotics in particular is allowing companies to do that, we are seeing signs of that.”

According to Bob Baugh, automation is also seen as a positive by the unions, as long as some standards are met: “Workers need to be compensated well and have a good work environment where they do these things and that they have the skills to operate the technology and equipment.” These new developments in automation seem to be a win-win situation that might even lead to American companies becoming export leaders again one day in the not too distant future.
- As seen in The Epoch Times
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!