Apple’s New Ping Service – Not Yet Ready for Prime Time?

by Michael S. Kraft on September 9, 2010

in Apple Ping service,iTunes security,privacy

Security Concerns Reported On Apple’s Latest Music Software.

I have a love-hate relationship with Apple and their products. I love the iPhone. My wife has one and we use it constantly when we’re out and about as our “internet on the go” – searching for restaurants and cheap gas, checking weather and news reports and so on. But I hate the touch screen for typing. My fingers aren’t that big, but I still cannot manage to type even a few words without misspellings. (Needless to say, my personal phone is a Blackberry.)

I love my iPod. It holds tons of music, is easy to use and there are so many accessories that expand its versatility. My favorite is a wireless remote from Scosche Industries that lets me leave it in my pocket when I’m skiing, but still control everything. But why am I authorized to use only 5 computers? Between my wife, kids and me we have six machines at home (three are Macs) and I have another one at work.  And how hard would it be to program the device to let me move or delete a song from a playlist?

I love iTunes. It has a simple user interface and updating songs to my iPod is relatively easy. Shopping for music through the store is also a breeze. But I hate not being able easily to share music between devices or computers as I could if they were mp3’s or some other format. I also hate that (until recently) every time Apple upgrades their software, QuickTime resets all of my audio and video settings, requiring several minutes of tedious clicking around to get it all back to where it should be.

And that brings me to Ping, Apple’s new social networking service for music fans. According to Apple, you can follow favorite artists and friends and discover the music “they’re talking about, listening to and downloading.” So what could be wrong with that?

When I first saw the information on Ping (pushed to me through an Apple email and upgrade announcement) I was curious. But being busy, I didn’t have time to study much of what it was about or how to set it up. And at the moment, I’m glad I waited. PC World just posted two articles questioning the security of the new service on their Security and Privacy blog.

Apparently the biggest problem for Ping users is what is known as “comment spam,” where users add replies to postings. They have been flooding the boards with solicitations and scams. These may be offers for merchandise offering free or low cost electronics like iPads, surveys and the like. Many of these will contain links to products and services you don’t want or need (I’m sure you know what I’m talking about), or worse, infect your computer with viruses or spyware. The best advice as always: USE EXTREME CAUTION before clicking on any links anywhere to be certain that they are from a trusted source. According to security experts at Sophos, Apple is now manually deleting content that it deems offensive or in violation of its terms of use and suspending the users’ accounts. But given the number of iTunes accounts and the likely flood of users to the new Ping service, that might be like trying to empty a bathtub with a teaspoon . . .with the water still running.

There are two other problems that could give rise to security issues. First, using Ping may expose your email address to the world. According to PC World: “Ping lets you approve people who want to follow you, or turn off following altogether. If someone turns on follower-approval, they’ll be able to see your e-mail address.” So if you’re not careful to limit who has access to you on Ping, you may be in for a nasty surprise in your inbox.

Next, according to PC World, when you sign up for Ping, you are required to provide a user name. iTunes apparently inserts the name that is on your billing records, but if you change that to some nickname, then iTunes assumes you also want to change your billing name and updates that also. It seems rather peculiar that the software would assume that the nickname you choose for their social network would be what you want to use for billing purposes.  They ought to at least ask for confirmation.

I’m not entirely sure I see the value in a social networking experience built exclusively around my musical interests. I have enough trouble already keeping up with Twitter, LinkedIn and my other social networks, so this doesn’t seem like it should be a priority. One thing is certain – at this early stage, I’ll wait a bit for them to work out the kinks.

If anyone is using Ping or has thoughts on the service, please leave comments.

1 comment

Identity Theft Protection – As Easy As Changing Your Oil?

by Michael S. Kraft on June 3, 2010

in data security,identity protection,identity theft

Do you change your own oil? Most of us are capable of performing this simple maintenance on our vehicles, but we choose not to. After all, it is messy work, requires a few specialized tools, and disposing of used oil can be a hassle. To boot, the cost of an oil change at the local service station, specialty stores like Direct Tire or Pep Boys and even the dealerships is relatively modest.

So what’s the connection with identity theft? Identity theft is a big problem that is affecting more and more people each year. At a minimum, the problem creates a great deal of aggravation and considerable worry. At worst, it can cause debilitating harm to your credit, making it difficult or impossible to buy a car, rent an apartment, refinance your home or even get a job.

To combat this problem, many companies such as LifeLock, TrustedID, IdentityGuard, ID Watchdog and others offer services that they claim are designed to help you prevent, identify and correct any problems that may arise due to identity theft. They claim to do this through a multi-faceted approach that includes removing your name from pre-approved credit card mailing lists, providing annual copies of your credit reports and searching the web for potential indicators that your identity has been compromised. And then when a problem occurs, they provide counseling and guidance on how to repair the damage.

Until recently I was not very much in favor of identity theft protection services. After all, many of the features offered by these services are items that anyone can easily accomplish on their own, just like changing your oil. For instance, under federal law, consumers are entitled to receive a copy of their credit report from each of the three major credit bureaus once each year. Likewise, anyone can sign up at www.optoutprescreen.com to limit unwanted credit and insurance offers. And much of the information needed to repair credit damage is readily available on line (The FTC has extensive information available here). So why then should anyone pay on the order of $100 or so each year when they can do this all for free?

The reality is that we are busy people. Or we’re not perfectly organized. Or we just don’t trust that we are going to dot all the i’s and cross all the t’s. Just as with the convenience of the oil change services, there is clearly a place for these identity protection companies even if all they are doing is something that we can do ourselves.

However, before engaging in such a service, be certain that you know exactly what you are getting and what you are not. For instance, many people may mistakenly think that the “million dollar” guarantees offered by these services will pay them money to cover substantial loss of income or provide other compensation if they are forced to pay higher interest rates on mortgages or car loans due to damaged credit. Read the fine print very carefully – in many cases, they do not make any direct payments to the consumers except possibly to reimburse certain limited expenses. To the extent that any significant money might be paid, it is primarily for lawyers and other professionals who they hire to clear your name. Lost income, if it is covered, is very limited (i.e. only for the time off work spent fixing your identity).

More important, the insurance may not even be available unless you can show that your loss was due to a failure of the service and not some other cause. Identity theft is tricky business and there are many ways that thieves can get hold of your information. The protection services cannot possibly stop all of the leaks, so unless it is their fault that you have a problem, their insurance may not be available to help you fix the problem.

What are you doing to protect your identity? Have you used one of these services? Has it been of any value? Do you have questions about identity theft? Please fill out a comment or send me a note.

What do you think? Add your comments here...

The Worst Mistake a Landlord Can Make

May 6, 2010

There are many ways in which landlords can cross the line and get into serious trouble with their tenants, but perhaps the easiest is by misappropriating their security deposit. The security deposit belongs to the tenant, not the landlord. Period. End of story. Yes, the landlord may be entitled to retain the security deposit at [...]

Read the full article →

Six Ideas to Help Small Businesses with the Massachusetts Data Security Regulation

April 29, 2010

I recently had breakfast with my good friend, Cherie Hafford, and we talked about the Massachusetts Data Security Regulation and how much of a burden it creates, especially for small businesses (more on the Regulation here and here). The Regulation is supposed to be scalable – that is, the degree of compliance should be proportionate [...]

Read the full article →

Homeowners Hurt When EPA Scratches Opt-Out

April 27, 2010

As I mentioned in my previous post, the new Renovation, Repair and Painting regulation (RRP) went into effect last week on Earth Day, April 22. The regulation is intended to help reduce the risk of lead poisoning by requiring special precautions when performing work on homes built before 1978. Property owners must hire EPA-certified contractors [...]

Read the full article →

Earth Day Triggers New Law That Burdens Homeowners And Contractors

April 20, 2010

This year, Earth Day heralds a surprise for home owners who live in housing built before 1978. On April 22, the Renovation, Repair and Painting Law (RRP)  takes full effect, imposing new compliance burdens for any contractors who work in older homes, and higher costs for the owners. Any project that disturbs painted surfaces must be [...]

Read the full article →

20 Year Sentence for Identity Theft

March 26, 2010

As cyber-thief extraordinaire Alex Gonzalez is sentenced to twenty years in prison, I find it ironic that his brilliance is outweighed by his stupidity. Gonzalez pleaded guilty to the massive theft of credit card numbers by hacking into TJX, BJ’s and many other payment servers. Certainly some amount of talent was required to perform these [...]

Read the full article →

Identity Theft and Credit Card Receipts – Is Your Slip Showing?

March 22, 2010

I’d like to think that it’s common knowledge that credit card receipts can be a prime opportunity for identity theft. However, too many of us simply crumple the receipts and throw them in the trash without a care. If the receipt shows your full credit card number and expiration date, this is an invitation for [...]

Read the full article →

Podcast – Massachusetts Data Security Regulations

March 8, 2010

I recently had the opportunity to talk with Nick Fishman, co-founder of EmployeeScreenIQ who interviewed me on the Massachusetts Data Security Regulations and what they mean to businesses. Here’s a copy of the interview. Check out the EmployeeScreen blog at http://blog.employeescreen.com/ to learn more about pre-employment screening and the comprehensive methods EmployeeScreenIQ uses to ensure [...]

Read the full article →

Truth or Delusion? – Myths and Misunderstandings about the Massachusetts Data Security Regulation. Part II

March 8, 2010

In my previous article, I discussed the lack of guidance from the Attorney General on implementation and enforcement of the new Massachusetts data security regulation. The law is aimed at protecting residents from identity theft by requiring practically every business with employees or customers in the state to implement a written information security plan (WISP). [...]

Read the full article →

← Previous Entries