Three Strikes and You're Out - Legacy protocols on lockout rules have a lot of staying power.

 

Why do you often get just three tries to access your account?

                                                                                          

Here’s a scenario that no doubt sounds familiar. You type in a password to get into one of your accounts. The first two times, you type in the wrong password. Then you remember the right one. But your finger slips as you type it.

You’re locked out.

The “three times lockout” rule is almost universally applied. It’s also almost universally reviled. And to make things even more annoying: No one really knows why three is the magic number.

Three tries was probably initially considered the right number to allow for some forgetfulness, but not make it too easy for hackers to guess. But there is no empirical evidence that three tries is the sweet spot. It is possible that the number should not be three, but rather five, seven or even 10, as was suggested in 2003.

The problem is that it’s hard to gather evidence to test the lockout threshold. If you put yourself in the shoes of a system administrator, think about how it would look if you increased the number of permitted tries, and the system then gets compromised. The system administrator would be held accountable. So, the safest option is to stick with what everyone else does: Three tries and you’re out.

There is also the issue of inertia. There are all sorts of legacy protocols when it comes to security. There is, for instance, the dated definition of a “complex” password. Similarly, having enforced expiration dates for passwords was widely considered a best practice until various bodies (including the U.S. Commerce Department’s National Institute of Standards and Technology) released advice in 2017 pointing out that this was actually counterproductive.

The three times lockout rule is another of these legacy practices.

Test

 Is Blogger back up?

Why You Won't Stop Getting Junk Mail

Spending on circulars, coupons, direct mail, hit $76 billion

One old-school retailing trick has survived the e-commerce shakeout—the lowly advertising circular.

Some grocers and other retail chains have learned they risk losing business without a steady flow of paper mailings nudging shoppers to stores. Even online startups that don’t have physical shops are embracing the idea.

Paper ads that arrive in homes spur more buying than emails or texts, said Jackson Jeyanayagam, chief marketing officer of Boxed.com, an online seller of household goods. “Email is starting to become a sandbox because you get so much,” Mr. Jeyanayagam said. Boxed spent 80% more on print advertising in 2017 compared with 2016 and says it now makes up about 12% of the marketing budget.

Most retailers still see digital advertising as a growing focus of their spending, and many continue to cut back on traditional print ads as well as mailers. But more are also experimenting with new ways to send out deals on paper, sometimes mining online behavior or databases of shopper trends to improve their so-called junk mail.

What Makes Junk Mail Great?

• Easy to distribute 
• Cheap to make/cheap to send
• Easy to reach the right audience

Why You Won’t Stop Getting Junk Mail

At Jet.com, the e-commerce site that Wal-Mart Stores Inc. bought in 2016, direct mail makes up 10% of the media budget and is the online retailer’s largest offline marketing expense. Jet sent around 35 million paper coupons and mailers last year, which are effective in reaching new and repeat shoppers as the company tries to attract more urban, affluent shoppers, said Emily Frankel, senior director of digital marketing.

Annual spending on newspaper circulars, coupons, direct mail and catalogs hit about $76 billion in 2017, slightly lower than the previous year but up 85% versus 2012, according to Borrell Associates, a media consulting firm. The firm expects spending on some forms of mailed ads to fall as the U.S. Postal Service raises rates in coming years, said Kip Cassino, executive vice president at Borrell.

For now, paper fliers keep piling up on doorsteps because most people still read their mail, even as they easily ignore most online banner ads and many emails. Product manufacturers support the system by paying for coveted circular space. Retailers often ask suppliers to reduce prices of items they plan to feature in a mailer, or require a marketing fee—a source of revenue.

Grocers usually pick which products go on the front of circulars based on a mix of past sales, deals with suppliers and gut instinct. That’s why meat dominates the cover during summer barbecue season, chips around the Super Bowl and candy before Halloween.

Now some chains are trying to make circulars more precise. “Smart retailers are marrying predictive analytics with circulars,” said Michael Osborne, Chief Executive of SmarterHQ, a digital marketing firm based in Indianapolis. Consumers buy more when they “receive promotions and discounts on items that they may actually be interested in.”

Sources:  

1. The Wall Street Journal, "Digital Ad Trend Can't Slay Lowly Circulars," Sarah Nassauer, January 12, 2018 

2. Wikipedia, "Junk Mail"

3. USPS, "Marketing Mail"

Dumb Starbucks

Performance Art, a Marketing Ploy or Just a Reason to Taunt Trademark Lawyers?

Is "Dumb Starbucks" performance art, a marketing ploy or something else entirely?

Residents of Los Angeles' Los Feliz neighborhood were left to ponder a question with no immediate answers this weekend as a coffee shop opened that resembled a Starbucks in every way, but with the word "Dumb" in front of the outlet's name.

Dumb Starbucks offered Dumb Vanilla Blonde Roast, Dumb Chai Tea Latte, Dumb Caramel Macchiato and much more, all available in sizes from Dumb Venti, Dumb Grande to Dumb Tall.

According to a Wall Street Journal article, a barista who identified herself as Amber said she found the job online and was interviewed by a man whose name she doesn't recall. Asked whether the store was some kind of artistic statement, she said, "I don't know. What is art? Maybe serving coffee is art."

Pressed further, she pointed visitors to a "frequently asked questions" handout. The document said that Dumb Starbucks is using the Starbucks name and logo "for marketing purpose," and that doing so is legal because of "parody law" and the "fair use" doctrine.

So, is this a real business? Yes, the handout says. "Although we are a fully functioning coffee shop, for legal reasons Dumb Starbucks needs to be categorized as a work of parody art. So in the eyes of the law, our 'coffee shop' is actually an art gallery," it added, "and the 'coffee' you're buying is considered the art."

Nice Try, But.... [see video at: http://usat.ly/1h3HYbt]
Despite waning interest following its reveal as an apparent publicity stunt coupled with the looming threat of legal action, in the end, it was the Los Angeles County Department of Health Services that put a stop to “Dumb Starbucks.”

The man behind the concept - Nathan Fielder, a Comedy Central personality with a show to promote - came forward at a news conference, saying he planned an expansion.

Within an hour, health officials had closed the rogue location down.

A sign inside the store told customers the business was a work of parody art.

But was that enough to ease the minds of Starbuck’s attorneys?

Well, the global coffee company issued the following statement Monday: “We are obviously aware of the Dumb Starbucks location in Los Feliz. It is not affiliated with Starbucks. We are evaluating our next step. While we appreciate the humor of the store, they cannot use our name. It is a protected trademark.”

Sources:
1. USA Today, "Starbucks Responds to Dumb Starbucks in LA," Jolie Lee, February 10, 2014
2. The Wall Street Journal, "Dumb Starbucks Creates Stir in L.A.," Ben Fritz and Julie Jargon, February 10, 2014

Google Intent on Using Encryption

The Wall Street Journal/Rebecca Blumenstein/January 24, 2014 --Google Chairman Eric Schmidt said the company is intent on using encryption technologies to penetrate counties with strict censorship rules, such as China and North Korea.

"It is possible, within the next decade, using encryption, we would be able to open up countries that have strict censorship laws .. giving people a voice," Mr. Schmidt said on the side-lines of the World Economic Forum at Davos, Switzerland.

In the wake of the disclosure about surveillance by the National Security agency, Mr. Schmidt said Google has been working to strengthen its encryption so governments "won't be able to" penetrate it. "This creates a problem for governments like China's," Mr. Schmidt added.

Google Inc. moved its search services out of China in 2010 and relocated to Hong Kong, because of concerns about censorship and cyber-attack, but Mr. Schmidt said that the company watches developments there closely. YouTube is totally blocked and that Gmail works sporadically.

The Google chairman said he views the Chinese as technological equals, but he blamed them for most of the world's industrial espionage. "Eighty to 85% of industrial espionage is thought to be done by China. It's a real problem. No other country comes close," Mr. Schmidt said.

Mr. Schmidt said the global debate over privacy sparked by the NSA disclosures is a good thing. "Because you can do this monitoring does not mean you should do this monitoring," he said.

Wipeout: When Your Company Kills Your iPhone

A breakdown of the old paradigm that your company controls work devices and you control yours and "never the twain shall meet."

A personal iPhone can be set up to receive company email via a Microsoft Exchange Server. But once it is set up, the phone can receive a variety of commands from the server including a remote wipe, which can destroy all the data and disable the phone.

 

As more companies allow and even encourage employees to use their own phone and tablets for work activities, often referred to as Bring Your Own Device,” or BYOD, an unexpected consequence has arisen for workers who have seen their devices wiped clean – remotely and with little or no advance warring – during or after employment by firms looking to secure their data.

 

Destruction via email

Since 2003, a growing list of smart phones have come loaded with software from Microsoft that makes remote wipes – and many other remote-control commands – possible.

The phone doesn’t need to download any new software. All that’s necessary is for the phone’s user to configure it to receive email from a Microsoft Exchange Server – the kind most big companies use.

A Remote On/Off Switch
Once that’s been set up, an IT department has the capability to wipe the phone and turn off functions like Bluetooth, the Web browser and even the phone’s camera.

Privacy v. Data Protection
Although it is not uncommon for employers to monitor employees' online activity, many employers are moving toward blocking, firewalling, or restricting Web access based on authentication and encryptions. Similarly, employers have begun to prohibit the storage of company information on any cloud-based sites such as Dropbox or iCloud.

But the question remains: Where should employers draw the line between their right to protect sensitive data and the employee's right to privacy? In the government sector, the U.S. Supreme Court held that even where a public employee has a reasonable expectation of privacy, it can be outweighed for a search with a legitimate work-related purpose (Ontario v. Quon, 130 S. Ct. 2619 (2010)). The facts of the case could influence similar claims against private employers.

Blurred work/personal life
Phone wiping is just another example of the complications that emerge when the distinctions between our work and personal lives collapse. Employers increasing expect worker to be available 24/7 but don’t always provide company equipment to make that possible, leaving working in a bind: Expose themselves to losing personal information when a phone is erased, or refuse to use a personal devise and risk looking disengaged.

Sources:
1. California Lawyer, "Personal Tech Pitfalls at Work," Paul S. Cowie and Dorna Moini, June 2013
2. The Wall Street Journal, "Leaving a Job? Better Watch Your Cellphone," Laruen Weber
3.  Forbes, "Mobile Security: The Fallacy Of Remote Wiping Your Phone," Eric Savitz, July 10, 2012

You Have Zero Privacy, Get Over It



Courtesy TechnoLists

On Privacy, it's Google and Facebook Versus You.
The tech industry can't be trusted on privacy. That's the message we're getting these days – the one we see in headlines about new changes in Google and Facebook, and in ad campaigns like Microsoft's "Scroogled."

We experience it firsthand when targeted advertisements pop up in our news feed or our search results, and when our photos become the stuff of Web commercials. Browser cookies, webmail monitoring, and other intrusive practices may be perfectly defensible, but they don't poll well, and never have.

To illustrate the latest assault on privacy, the Wall Street Journal reported that Google "may display names, profile photos, ratings and reviews in ads as part of what is called shared endorsements" - without first asking for permission. "It's a commercial endorsement without consent and that is not permissible in most states in the U.S.," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. 

Technology companies haven't helped themselves to blunt criticism with their blasé attitudes on the subject. Scott McNealy, former CEO of Sun Microsystems, said in 1999 that, "you have zero privacy, get over it." Ten years later, Google's Eric Schmidt opined that, "if you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

We expect the companies that control our data to protect it. That's a crazy expectation; a naïve one. It's widely known that they're selling this personal information, and that the data trade drives revenue for many of today's largest tech firms, and yet the public still operates under the quaint notion that these businesses are – or should be – trustworthy.

Unfortunately, many tech companies have painted themselves into a corner on privacy. An obsession with 'free' has left them nowhere to turn but advertising, and an addiction to data has driven them toward scale at all costs.

The industry has become massively centralized, with information migrating toward data centers and "stack" providers like Google, and away from individuals. You don't get privacy from such a system. What you do get is a sudden rush of businesses, criminals, and governments, all looking to tap into this wonderful conglomeration of information – one way or another.

Privacy is a problem, and the problem isn't going away. Thus far, the industry has managed to keep regulators at arm's length. But, with the National Security Agency hitting headlines with its top secret PRISM system collecting data secretly from the likes of Google, Apple, Verizon, Facebook and a variety of other online locations, that may no longer be possible. The dangers have become more immediate, they've acquired the flavor of national security, and we're hearing political rumblings around the world. If the tech industry can't provide a solution, it runs the risk of having one imposed. Either way, denial may no longer be an option.

Protecting yourself from the latest privacy attacks from Google and Facebook - with this week's change that affects millions of users who tried to make themselves a bit harder to find, requires vigilance.

Among many tech tips to navigate the byzantine privacy controls, Forbes provides a very useful resource: A Guide To Fixing The Latest Privacy Attacks From Facebook And Google.

Source:
1. USA Today, "On privacy, it's Facebook and Google versus small tech," Andre Mouton, Minyanville, October 7, 2013
2. The Wall Street Journal, "Google's New Ad Star: You," Rolfe Winker, October 12, 2013