Buzz Out Loud 1458: With our data comes great responsibility (Podcast)

Dear every company on earth who's apparently selling our data to anyone who will buy it and/or collecting it in fat, juicy databases that are like candy to hackers: can you just, like, try to be a tiny bit more careful? And maybe we will, too? Ok, thanks, great. Verizon's LTE service is creeping back after an unexplained outage, Barnes and Noble hits back at Microsoft, calling its patent infringement lawsuits little more than extortion, and an enterprising teen-ager honors our fallen soldiers with a digital record of all the graves at Arlington. Now that is a hero.

Dear every company on earth who's apparently selling our data to anyone who will buy it and/or collecting it in fat, juicy databases that are like candy to hackers: can you just, like, try to be a tiny bit more careful? And maybe we will, too? Ok, thanks, great. Verizon's LTE service is creeping back after an unexplained outage, Barnes and Noble hits back at Microsoft, calling its patent infringement lawsuits little more than extortion, and an enterprising teen-ager honors our fallen soldiers with a digital record of all the graves at Arlington. Now that is a hero.

Play

Podcast




Subscribe: iTunes (MP3)iTunes (320x180)iTunes (640x360)RSS (MP3)RSS (320x180)RSS (640x360)

EPISODE 1458

NEWS

Verizon Grappling with Major 4G LTE Outage as Exec's Words Come Back to Bite Her
http://mobilized.allthingsd.com/20110427/verizon-grappling-with-major-4g-lte-outage-as-execs-words-come-back-to-bite-her/
http://www.engadget.com/2011/04/27/verizon-has-determined-the-cause-of-lte-outage-working-to-res/

Verizon Won’t Be Selling Any More 4G Phones Until The Network Is Working Again
http://www.businessinsider.com/verizon-4g-network-is-down-2011-4

Verizon freezes Droid Charge launch indefinitely, blaming 'unexpected delays' (update: LTE back)
http://www.engadget.com/2011/04/28/Verizon-freezes-droid-charge-launch-indefinitely-blaming-unex/

PlayStation Network credit cards protected by encryption
http://www.theregister.co.uk/2011/04/28/sony_playstation_network_credit_cards/
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

Ars readers report credit card fraud, blame Sony
http://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars

PlayStation Network Still Down; Sony Says it Will Return in Less Than a Week
http://mashable.com/2011/04/28/psn-day11/

Barnes & Noble says Microsoft is attacking Android with its patent-infringement claims
http://www.zdnet.com/blog/microsoft/barnes-noble-says-microsoft-is-attacking-android-with-its-patent-infringement-claims/9305

Apple May Have Snapped Up iCloud.com
http://gigaom.com/apple/apple-may-have-snapped-up-icloud-com/

TomTom sorry for giving customer driving data to cops
http://www.theregister.co.uk/2011/04/27/tomtom_customer_data_flap/

Nintendo Chief: Consumers Don't Understand 3DS Yet
http://www.ibtimes.com/articles/138766/20110427/nintendo-3ds-satoru-iwata.htm

Teen makes digital record of Arlington graves
http://www.latimes.com/news/nationworld/iraq/complete/la-na-arlington-graves-20110427,0,4689775,full.story
http://preserveandhonor.com/

Quick Hits

Cleveland Browns RB Peyton Hillis is Madden NFL 12′s cover athlete
http://sports.espn.go.com/nfl/news/story?id=6438406

Google Launches Chrome 11 Browser, Dishes Out $16500 to Bug Eyed Users
http://www.maximumpc.com/article/news/google_launches_chrome_11_browser_dishes_out_16500_bug_eyed_users

Kickstarter, Two Years And 20,000 Projects Later: $53 Million Pledged, $40 Million Collected
http://techcrunch.com/2011/04/28/kickstarter-53-million/

Science News

Sleep-deprived brains turn themselves off
http://content.usatoday.com/communities/sciencefair/post/2011/04/sleep-deprived-brains-turn-themselves-off/1

Happy Ending

LivingSocial buyers are richer, younger, and smarter than Groupon’s customers
http://www.businessweek.com/news/2011-04-27/livingsocial-buyers-richer-smarter-than-groupon-s-study-says.html

VOICEMAIL

Kim in Denver wants to place an order with BOL

EMAILS

Hey BriMoSt or MolBriSt or The BOL Bad Motha (Shut Yo’ Mouth) I’m just talking ’bout BOL! Anywho.

I just got this email from Sony regarding the PSN network outage. I’ve read it twice and still feel very dissatisfied. As a long time customer (since PS1 Launch day) I feel quite slighted by the brush off Sony seems to be giving us in this situation. I really wish they’d give some sort of compassion, liability, or human emotion to make me feel like they care. I know they’re a faceless company, but this is just bad PR.

Jerome
Ypsilanti, MI

———- Forwarded message ———-
From: PlayStation Network
Date: Wed, Apr 27, 2011 at 9:46 PM
Subject: Important information regarding PlayStation Network and Qriocity services

Add PlayStation_Network@playstation-email.com to your address book

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit http://www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a “”fraud alert”" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; http://www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; http://www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; http://www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
http://www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or http://www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or http://www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

—–

For the love of God tell people to not use their real birth date on Facebook, Playstation Network, etc. Too many Banks and Medical services use it as a security entry device.

Also, please take a swipe at the Credit Card companies. Our credit card numbers are EVERYWHERE. It shouldn’t be the responsibility of every online site and even local retail establishment to guard our credit card numbers with NSA level security. If the Credit Card companies would just implement Two Factor authentication for transactions, then it wouldn’t matter who had our credit card numbers. There are plenty of Two Factor authentication methods that would make Credit Card fraud drop to near zero.

Dustin Aldridge

—–

Hey Buzz Crew (in a creepy voice)

I’m not as concerned that my iPhone is tracking my movements as much as they are using my bandwidth to transmit data. I’m thinking the amount of data is small but when you add that to other services that are now and in the future will be sending data it could get more significant. If I get near my 2Gb bandwidth cap and their data pushes me over the edge causing me to have to pay the carrier more money I will not be happy. We have no way of knowing how much data they are sending over our 3G connections. I think that if they are going to hijack our data stream they should have a counter to tell us how much of our bandwidth they are using. Just wait till targeted advertising starts sending large pictures that fill your screen before you use your app like many of the web sites do now.

Love the show
Thanks
Clay
St. Louis (in the deluge)

—–

Yah! More dim-witted Apple commentary from the Bronx Out Loud crew!

I pulled a copy of the consolidated.db off my phone and did a little data analysis. Each cell tower and wifi access point is represented in the data only once, which would be a poor method of tracking you if that was Apple’s intent. I found the two wifi access points in my house, and they had timestamps which showed they were updated right before I made the copy. Cell towers that I passed by on a recent trip had timestamps corresponding to the trip. I found a couple cell towers with duplicate timestamps. I have over 118,000 wifi access point entries, and when group by exact timestamps, the most common groups had over 1500 access points with *exactly the same timestamp*. All of this is perfectly consistent with what Apple described: a database that is a local cache and which only records the most recent entry.

Apple stated in a phone interview with the Wall Street Journal that they intended to limit the amount of data by limiting the file size, but didn’t realize how much history that would actually be. The schema isn’t complex, but it is sophisticated enough that it wouldn’t necessarily be obvious how much data it would hold. That is one of the bugs they referenced in the FAQ, and appears to be a genuinely honest mistake.

Also in the same directory as consolidated.db is a list of client applications which use location services. Each app is listed, along with a flag that indicates whether or not that app is allowed to use location services. This maps directly to the GUI in the Settings. When you turn off location services entirely, evidently they just set a global flag that blocks all applications, which effectively achieves the user’s goal of preventing any app from determining your location. What they overlooked is shutting down the background service and erasing the data it stores, hence the second bug to which they refer.

Unlike the insinuation in the podcast, Apple didn’t just manufacture the bug story and throw it out there a week after the issue arose. It was leaked to John Gruber days ago, and Jobs and Forstall explained that they took time to understand the issue at an engineering level, communicate that to the executive level, and create a statement that was comprehensible to the general public. I guess the show hosts would rather see Apple rush out confusing, poorly researched facts?

It’s sad that BOL obviously cares more about love bites than computer bytes. How about taking a little pride in journalistic professionalism or at least boning up technically?

Sheesh.

Aaron

—–

From BOL 1137 “”Tech Predictions for 2010″” Molly predicts that “”The cloud craze will slow after a major security incident, probably involving Google”". Good work Molly!
Hagerstown from Steve

—–

Hi Molly,

In case you haven’t seen it yet, I wanted to tell you that you’ve made it into the BlackBerry Playbook commercial:
http://twitpic.com/4qe1ck/full

Best regards,
Renato Ignacio

PS: I enjoy watching your shows. Keep on buzzing!

—–

http://bol.cnet.com, 800-616-2638 (CNET), buzz@cnet.com

Follow us on Twitter: @mollywood @brian_tong @stephenbeacham

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments