bloxlox

Appears that recording and monitoring visitors pictures is already well established in the US, and I see using similar facilities for ongoing security of access as a natural: https://envoy.com/features/visitor-photo-id-system

Relax  everyone... the blox-meister's still here! But 100,000 people in the UK have signed a petition that calls for parental access to the social media accounts of children who've taken their own lives. Ellen Roome, who lost her 14-year old son in this way, points out that were he to have died from an illness a post-mortem would be undertaken, but any such clues in such a case as this are denied by social media organisations. They do this to protect the privacy... of dead people, she adds. We've touched on this before... a means of enabling others to access social media in the event by a setting allowing family members to unlock an account by identifying their familiars. You may not want it enabled on a continuous basis and as a teenager most likely not, but it could be a default feature for every year-end unless overridden. The way organs in the UK are assumed to be up for grabs unless otherwise advised? https://www.theguardian.com/technology/article/2024/may/29/uk-mother...

Having recently published the system specification from the user point of view, I feel a pressing need to define the software elements that will comprise its whole workings. Foremost among these will be a database of random pics, to form the backdrop of the familiar picks that the user will identify from each gallery in order to proceed. This is a recent crop of Conservative members of parliament, and they have literally been cropped by my fair hand to fit a 150 x 150 pixel square. Aside then from a database of known-to-you and unknown-to-you personages, what we need sooner rather than later is an app into which these images can be dropped like underwear into a washing machine, so as to emerge sized as required. I am conscious that a US company was recently fined $7 million for harvesting faces from the 'net, but this was using bots whereas my own galleries are lovingly picked and arranged by human hands... which I feel no judge could object to. Our faces are captured daily and oft...

The program specification outlines a means of access to premises for office working, or else to an online system for home working. At the entrance to the premises, the client is recognised through facial recognition. The client is invited to touch a logo bearing the word BLOCKLOCK in a tic-tac-toe layout from upon a plinth-, counter- or wall-mounted tablet or screen. Doing so replaces the logo with the same arrangement, except featuring nine randomised faces, amongst which is that of the client in question. On occasion, for out-of-house access the opening gallery may exclude any picture of the client, targeting those cases when an impostor attempts access with no prior knowledge of the appearance of that client. Upon successful identification of self, the client is presented with a further randomised selection of faces among a pin-pad style gallery of nine frames. Among that first iteration is one face that the client would be expected to know, for instance a portrait of the...

My thanks to the Bauer Media Group and the jocks at Hits Radio for this gallery! You can listen to my own favourite breakfast show ~ Joel and Leanne starring ~ live from the towers in Liverpool and Manchester. And the nice thing about it is ~ and this is rare for radio stations based in London and badged around the UK as 'local' ~ they're both Northerners. In fact when Joel's previous FM station Heart FM (proud to be replacing local DJs with London-based media celebs) replaced him along with his former side-kick Lorna... the Manchester Evening News ran a petition in an effort to reverse the move. If you'd like to promote your own people in the bloxlox portrait galleries then drop me a mail at colin@bloxlox.com  Pics should ideally be sized at 150 x 150 pixels... t o save me doing it. N.B. I just discovered that mail forwarding has not been on to date... try again, Elon!

Something I learned from an interview with Mark Zuckerberg was that Facebook was not the first thing he experimented with at uni, but did tie much of what went before together. Another is that as they progressed it from one uni to the next, they figured how great it would be if some company came along and globalised it for universal use: without even considering that it might be them. It seems as I've said before like a digital mountain to climb and (impossible as it may seem) with a goal in view, a plan and continuous feedback it is at least plausible... in the way that to George Mallory, ascending Everest was humanly possible even in the absence of oxygen. But it may involve forays in one direction before back-tracking to essay another. And this is how my thinking goes. That for a product of minimum viability B2B may be preferred to B2C. For one thing, apps appear to grow as memes and there's no better field of happenstance than the App Store. Plus ideas are a dime a do...

Keen readers of the blog will recall how I contacted the National Cyber Security Centre to see if their co-respondent Laura was real, and not a bot. They got back to say that she was, and I hope I've caused no offence there. They must have a sense of humour too, because they assigned my query case no '1234'. But it led me on to GCHQ, the UK de-crypt and monitoring service... Dang, I just gave it away! But they are oft posing teasers online in the effort to recruit the next Alan Turing, and I figured it would be fun to see how long it would take them to crack one of our own block-locks. Instead I discovered a local initiative in the form of four unis, whose vision is: To facilitate high-quality and impactful research in and across a wide range of disciplines relevant to UK national security challenges. To build relationships with stakeholders across the North West and throughout the region, including government, industry, and civil society, to identify opportunities to devel...

A cautionary from the Big Apple... yeah, but which big Apple? Subsequent to my recent post on muggers using Face ID in London to clean out your bank account, it appears in the US the modus operandi is to film regulars at bars on their phones, so as to get the passcode and steal the phone. After that, they clear you out of your Apple account prior to clearing out your savings. "And that's why the entirety of Apple's security cannot hinge on those six digits... " ... says the lady in the video: https://www.youtube.com/watch?v=QUYODQB_2wQ Filming people choosing from a gallery of faces would of course be altogether harder ~ especially were the faces and underlying key-pad to be refreshed and reshuffled every time the phone was opened. Persuading manufacturers who are among the richest companies in the world to dwell on the problem, however, won't happen overnight. More groundswell then, and less dwell?

Here's our recent exchange: Colin:  I wonder if you could help with advising us on how we might be supported in the our efforts in the UK, which aims to replace passwords ~ which you report are responsible for 80% of data breaches in the UK ~ with a system altogether better? Laura:  Thank you for your enquiry.  Sorry the NCSC is not able to answer specific technical enquiries, however there is plenty of guidance on our website. Culturally the UK differs from the US in that the latter is open to new ideas from any place, and the UK is not. When Margaret Thatcher was in power, we even used to say that when it comes to running the UK, "Nanny knows best". In view of the fact most MPs had had one as a child, this would have struck a chord. After 9/11 for instance, the US government openly invited homeland security ideas. In the 1960s in the UK we'd the National Research and Development Corporation (NRDC) and the National Enterprise Board (NEB), to combine later with the Br...

Apple's password manager is telling me that 98 of my passwords appear in data leaks, are too easily guessed, or have been reused by me multiple times. (This is something I'm sure that you could never be accused of). Apple are asking me to do something about it, and I am:  www.bloxlox.com

Ticketmaster faced recently, I think, a senate committee hearing over the fact that so many fans were unable to get tickets, and that those listed by resellers were going for upwards of $20,000. Ticketmaster themselves blamed the rise of the bots. These attempt to circumvent the devices like captchas that the company use, in order to appear human so as to be able to make repeat purchases... a treasure-trove of tickets to resell on StubHub et al. I like the idea that people who claim to be who and what they are must prove it with having to recognise family or friends from among their cohort. That could be contracted out to a  company like bloxlox, who'd be able to verify that you are who (or what) you say you are? Image courtesy of Cal Poly's Mustang News.

Here is one form of identity-fraud that's on the rise, and which puts you potentially in the most danger. But don't let me convince you, let the Financial Times of London's consumer editor: https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2 Because the problem we have, and everyone in the hardware and software business is complicit in this, is that passwords are no longer memorable. Take a look at the blog-post's title: Apple's suggestion for the latest app I want to use. You know you can't remember passwords, and they know, and so they've asked us to devolve our authority to our handheld devices. Which means if it is stolen whilst unlocked, it's happy to fill in all of those passwords for you. Which in turn means two-step verification ~ or carrying another device around in order to ratify the first. Do you think Apple's happy, you needing extra devices to authenticate each other? I do. Block-locks are both cheaper and ~ being immaterial...

Lobby group UK Finance released its annual report today, with a breakdown of how our annual fraud bill of £1.2 billion breaks down. Popular as ever is the Authorised Push Payment, where people are convinced to hand over banking details in order to be cleaned out. As often as not, this is done by a 'relative' on the end of the phone line who convinces you to transfer cash urgently into their account. And this is how sophisticated this has become with the assistance of AI... ... which is able to turn anything you say into someone else saying it, so long as you've sampled their voice. Typically your son, for instance, will call to say that he's in a financial fix (although this may also be a UK Member of Parliament) and needs cash desperately. Naturally you transfer the cash, given the distress in a voice that you do recognise. Except it's not really theirs. Block-locks provide the ideal means by which you can ask someone to prove, online, that they are actually relate...

Love the fact Fasthosts sponsor this thing to eat their prawn sandwiches on. Hate the fact that since switching to their servers, my uploads have slowed to a crawl. Clearly I'm paying for it and I'll be sailing you users back to the Canadian host soonest.

Scale of this stuff though is mind-boggling. Googling SSE + cybersecurity and SASE + cybersecurity will keep you quiet for hours. My instinct tho' is for a foot-in-the-door demo, to test both the market and product. Mental note to speak to the JW's...

There's a good deal of to-and-from between we founders as per benefits and dis-b's of various online access security systems.... I mean, we now have to live! But one that pops up is the increased use of two-step security systems involving, say, a text message. Real-world problem: you wanted shared access to a savings account, but its access is based on an SMS message directed to just one phone in order to do so? Nor is SMS at all safe, and is used constantly by hostile powers to continually scan the service in order to compromise national security. More alarming, as the Popular Mechanics article reveals, as the fact that your phone can be compromised without you having to act upon any particular SMS or email. No access system is 100% secure, and the take-away from today is that the larger the pool of your own images which the blox system can draw upon ~ along with that from the blox database of random images ~ the better. There may eventually be a place for random images...

In the search for a killer app, we've probably been missing the elephant in the room by focusing on workarounds relating to MDM or Mobile Device Management. A tar-pit to fall into if ever there was one, for the manufacturers jealously guard their 'walled gardens' along with the password and passcodes systems providing for access. The attractions of a PIN-by-proxy service are considerable, in that it's:     (a)     fairly straightforward to get set up     (b)     ideal PR and means of beta-testing     (c)     proprietary, IP-able and licensable     (d)     fun We'll look at the ins and outs of rolling out a system of this kind ~ that may yet involve a live stream with two actors dressed in bank and a cloud costumes able to provide online access to a system using a password generated between themselves... ... but of which the user, dressed as a giant hand-set, remains wholly unaware. Now where've I put Ridley ...

Will be resumed as soon as possible. Sunday afternoons in particular, we're not always able to upload all of the edits to the BLOXLOX website. Get over it. 

A perfect Saturday, in many ways, although I curtail work on the security system in time for afternoon tea with a good friend whom I know from keep-fit classes. He won't mind me saying so, but he's a man of leisure now after long-ish service for the government as a civil servant. He dropped out of uni, taught himself Cobol and would eventually be involved in computerising say index cards for the Metropolitan Police service. He has offered in the past to assist with the UK governmental procurement process, which for me has always had the same attraction as mud-wrestling. As with all of us in later life, the back-story is fascinating. But the front-story is too. His son is thirty-ish and was emerging from a London pub recently when surrounded by hooded youths who, after a roughing up, held his phone to his face in order to (mis) use his Face ID. I'm presuming they took the phone too as the cherry on the icing, but they were most interested in clearing out his bank account. ...

How'd we get to the point where we need two separate electronic devices to buy a book? I liked libraries. Mrs Thatcher hated them, because she hated communities and considered life was all about self, self. self, work, work, work, cash, cash, cash. Bookstores are going the same way, along with print despite the fact that research is showing that kids retain more from what they've read on paper against on screen. I try to purchase a book at 03:30 a.m. called Dark Cloud and which, ironically, records how servers and are continual quest to live online is ~ like much else ~ destroying the planet. Never did get to order the book because, phone upstairs and laptop downstairs, I do not like to be beholden to running after electronic devices to live my life. He says as he types on a laptop... The one-time passcode is an effort to mitigate the fact that according to the National Cyber Security Centre, 80% of data breaches are accounted for by password (mis)use. There has to be a better...

The UK's National Cyber Security Centre hosted a presentation this last week for the benefit of PR agencies and journalists, who were told that access via internal doors in the building could be achieved with the passcode... '1-2-3-4'. In its defence they said they thought it was the only one journalists could remember. Which is undoubtably true: in fact it's probably stretching it for those in UK media. Pictured are the top ten passwords used in the UK, where we're supposedly creative, although my favourite has to be that which one panelist on the BBC programme said would guarantee access to any building site: "One two, one two, one two...".

These have been around for years, but are clearly still employed at scale by some of the largest players. Its a wobbly-wobbly word that is supposed to be unreadable by the bots... but I'm thinking that the bots who are still struggling with these are most likely to be the class jocks rather than the nerds?

Half-way into the month here and there's a pressing need I feel to at least define an app with which to get the ball rolling and I like something aimed at tablets for older and casual and family users who don't want it plugged into the grid. Screen-grabs below from Reddit say it all, or at least some of it. Thus I'd like an app for users of tablets (or phones for the courageous) that omits the passcode and boots a gallery of faces instead by way of access. As Elon probably says when he's not at SpaceX... It's not rocket-science, is it?

The search for a 'killer' app is much I feel like the play, 'Six Characters in Search of an Author'. Nonetheless it is essential prior the heavy task of coding... I remember reading how the author of the Lotus 1-2-3 was basically up all night for a fortnight on the job. I think though a positive step toward what might be done to minimise the effect of a device being lost or stolen is to conceal some of the apps that matter. Here's a takeaway for you. The crown jewel of Apple Passwords belongs to your Apple ID. I use it so rarely ~ because you rarely beed to ~ that whenever prompted to do so I have forgotten it and have to go through the rigmarole of resetting it. To avoid this at least for those occasions when I've the laptop available, I do what I do for every other password of note, which is to write it on a digital sticky. This is the equivalent of leaving a real sticky on the kitchen table to point burglars to where the keys are all kept. People like Apple k...

An intriguing application this one, and one that I quite like and feel others would too. For the problem with catch-all facilities like this is ultimately, if they've got into your laptop and figured out your Google password then it's 'Hi caramba'. In fact one of the fastest shoot-downs on Dragons Den (think Shark Tank) was a guy with a plug-in device with all your passwords on it... and if that gets stolen, they said? I don't know yet the ins and outs, and we do know Google is the 800-pound gorilla. In fact they gave away their own form of Captcha just to squash all of the others. At the end of the day though, ours is better than yours... much as I love them and this is written on one of their (bought in) platforms. The patent may yet be the key, moreso than the app. Many years ago, just to challenge one that had already be granted in the US cost around a three-quarter million dollars. One then worth investigating.

The need for this one came about from personal experience... always the best way. Until the digital age you'd an envelope with 'In the event of my death' written on it (and you can see we're shooting for the next big thing amongst Gen Z here), if indeed there was anything at all. My father, who used a PC, had both one of these and a file on the PC with banking details along with passwords and so forth. His Facebook page stands as an overgrown monument to this day, none of us having the password for it. My mother passed years later, tho' never used any digital device save an iPad that she had and never really learned to use anyway. We lost the password for that and despite Apple's entreaties, it looked (and was) easiest to throw it in the bin. There proved to be accounts however for things like landlines for which without either the password or the account holder in person, were never to be closed. We all thus live on in digital form, our various accounts, forum ...