Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


New Security Holes


New Security Holes

Author
Message
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40770 Visits: 18860
Comments posted to this topic are about the item New Security Holes

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
IceDread
IceDread
Old Hand
Old Hand (355 reputation)Old Hand (355 reputation)Old Hand (355 reputation)Old Hand (355 reputation)Old Hand (355 reputation)Old Hand (355 reputation)Old Hand (355 reputation)Old Hand (355 reputation)

Group: General Forum Members
Points: 355 Visits: 1145
Sometimes it really feels like we're walking towards a dark tech-age from some sci-fi movie. Companies are known to use others patent and industrial espionage is not unheard of so yes, this would be a security hole that perhaps is used. Would that however get out, that it was used, the company would probably suffer immensely. Or so one would think. Apple had an agreement with several other companies in silicon valley keep salaries down and not much has happened after that got out which I thought would start a huge storm.
David.Poole
David.Poole
SSCarpal Tunnel
SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)

Group: General Forum Members
Points: 4429 Visits: 3177
This is one thing that needs very careful legislation and the mother of all big sticks to enforce it.

What happens if a Google or Amazon moves into your market place? Does this rule out the use of Google and Amazon products for your company?
If you are storing your data in cloud provider of any description and that cloud provider goes into direct competition how would you even know if they were looking at your data?

If you tried to take them to court it would be Jarndice Vs Jarndice. Drags on for decades and no-one wins but the lawyers!

Even if legal safe-guards in place and a machine will only do what a machine is designed to do there is still the human element which is always going to be the weakest link.
Consider the T-Mobile staff who sold data to 3rd party brokerages! That is a breach within the walls of a corporation, what is going to happen outside the walls? Governments are already pushing for greater access to our personal data and all that is going to do is increase the visible surface area of our data. More interaction with it, more chance to expose it to people who shouldn't be allowed the controls to the TV!

My personal experience is that 99.9% of people do their best to maintain honesty and integrity and although the vast majority suceed the disruption caused by the minority is way out of proportion to the size of the minority.

LinkedIn Profile

Newbie on www.simple-talk.com
jay-h
jay-h
Ten Centuries
Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)Ten Centuries (1.1K reputation)

Group: General Forum Members
Points: 1140 Visits: 2253
I did not understant what IBM's objection was when I read the news article. How does this differ from doing a Google or Bing search?

Not that Siri interests me much, I don't need to chit chat with my computer.

...

-- FORTRAN manual for Xerox Computers --
chrisfradenburg
chrisfradenburg
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1772 Visits: 2060
jay-h (6/4/2012)
I did not understant what IBM's objection was when I read the news article. How does this differ from doing a Google or Bing search?


When you go to a search engine it doesn't look into the data you have stored on your phone. Siri does to better understand the context of the command:
http://www.jonburg.com/future/2011/10/siri-apple-know-a-lot-about-you-who-cares-about-privacy.html

Additionally, the commands given to it can be stored in the cloud:
http://www.infoworld.com/t/data-security/should-you-care-siri-taking-notes-194136

From a healthcare perspective, that's a major concern as if a doctor blocks out time on his schedule to review a patient's case via Siri that gets sent someplace that we don't know who is going to have access to it which is a clear violation of HIPPA.
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40770 Visits: 18860
jay-h (6/4/2012)
I did not understant what IBM's objection was when I read the news article. How does this differ from doing a Google or Bing search?

Not that Siri interests me much, I don't need to chit chat with my computer.


Imaging you work for IBM research and set an appointment "We have a meeting about the voice response for Waston program". Apple can now infer that IBM is working on voice recognition for the Watson supercomputer. Enough of those, or perhaps even more detailed personal reminders are potential trade secret leaks.

This could be much more of a problem than a search engine, which is enough of an issue.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
djackson 22568
djackson 22568
SSC Eights!
SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)

Group: General Forum Members
Points: 844 Visits: 1201
David.Poole (6/4/2012)

My personal experience is that 99.9% of people do their best to maintain honesty and integrity and although the vast majority suceed the disruption caused by the minority is way out of proportion to the size of the minority.


I can't argue with your personal experience. You must be pretty lucky if your statement is accurate. IMO I think we are fortunate if 80% of people "do their best to maintain honesty and integrity". I do feel most people are honest, but I stop in saying that all honest people do their best. Even the most ethical people slip at times.

An analogy I use is you receive too much change back at the local superstore. The superstore everyone seems to criticize for only selling Chineese products. Do you return it if you notice at the register? In the parking lot at your car? On the way home? Once you get home? What if it is a penny? Dollar? Ten dollars?

Ask a group of those people you think do their best, and I guarantee you the answers will vary.

I read a story on the Internet once about a guy that bought a wood working power tool at a show, that normally costs around $600. He got a discount of maybe $100-$200. When it was loaded up, he drove home, and discovered they gave him the wrong one - a model that normally cost $900. He lived hundreds of miles away. He called, they wanted him to return it and pick up what he should have got. Responses varied, some said they wouldn't have said anything, others said he should drive back on his own dime, most were somewhere in the middle and suggested negotiating something fair for both parties.

I think it is naive for any of us to believe everyone else has the same values as we do as individuals. Most people may be close, but there is enough variance that it can be risky to assign unearned trust to others.

Dave
djackson 22568
djackson 22568
SSC Eights!
SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)SSC Eights! (844 reputation)

Group: General Forum Members
Points: 844 Visits: 1201
Steve,

Working in this industry I see all the unethical and illegal things that occur, and I find it hard to blindly trust companies with my stuff. If you think about it, companies have a short term profit motive which frequently is more important to them than long term gains. Why would they care about me as an individual, they can always get more customers.

We are seeing more and more retailers shifting away from customer service. Why would we think business to business trade would be any different? Sure, a business customer is harder to obtain, but if they don't know...

I also feel the government has no interest in protecting us, as companies have too much say in how laws are written. DMCA is one example, and the bills that are being pushed recently that would essentially give complete control over our Internet usage to companies is another.

It isn't just voice recognition we ought to be worried about.

Dave
Steve Jones
Steve Jones
SSC-Forever
SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)SSC-Forever (40K reputation)

Group: Administrators
Points: 40770 Visits: 18860
djackson 22568 (6/4/2012)

It isn't just voice recognition we ought to be worried about.


So very true.

Any of our data, even things we might not expect (like images/recording of our person, or our actions), are all up for grab.

Let your mind run wild, you might find all sorts of potential issues with our interactions with businesses.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Eric M Russell
Eric M Russell
SSCertifiable
SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)SSCertifiable (6.2K reputation)

Group: General Forum Members
Points: 6188 Visits: 10033
I understand that the goal is to translate voice commands into web search or iPhone commands, but I don't see why it's necessary to steam the actual voice over to one of Apple's servers. Not only is that a privacy issue, but I would expect it to result in latency or loss of service issues as well.
A 3rd party could implement a client side voice recognition solution that does the same thing but only better. They wouldn't have to invest in server or operational infrastructure; just sell the widget for $5 a pop.


"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search