Posts tagged ITV
In the US Black Friday follows Thanksgiving Thursday and, along with so-called Cyber Monday, has become one of the biggest days in the online shopping calendar. Inevitably it has become a big deal in the UK now too.
On Friday’s ITV Good Morning Britain I was in the studio sharing some tips on how to bag the best online Black Friday bargains.
Many Black Friday shopping tips apply equally to buying online around the rest of the year, but some peculiarities have emerged:
- Keep checking throughout the day. A large element of surprise and secrecy exists around Black Friday that retailers are keen to persist. Prices change, new deals get added and stocks are limited: it’s all part of a clever strategy to keep us interested throughout the day and coming back to their online stores. But that does mean that a good price at 8am might be even better by midday, but sold out by six. That’s the risk you take.
- Black Friday Pop-Up Portals: Comparison sites and aggregation tools are useful all year round, but on Black Friday dozens of pop-up sales portals appear on reputable websites. Which to choose? If you’re shopping for gadgets and technology (always a big deal over this weekend) then take a look at the website of popular gadget magazines or online titles – referrals and traffic mean Black Friday is great business for them too, and many have journalists locked in a room all day hunting down the best deals so you don’t have to.
- Is it really a bargain? It’s worth pointing out that some retailers don’t play fair – research by Which? found many so-called Black Friday bargains were anything but, with prices cheaper both before and after the shopping bonanza weekend. Websites like camelcamelcamel.com (I’ve no idea…) keep track of prices over a period of time to let you see how the price you on offer today compares with the price over, say, the last twelve months.
It goes without saying to watch out for scams though phishing, smishing and malvertising, be aware of your rights and consider paying by credit card for the best consumer protection.
A final thought:
- Don’t let Black Friday Frenzy take over. Remember this is essentially a bit of fun – the worst that can happen is that we pay full price for something or don’t buy it at all. Part of the fun of the whole experience is the thrill of chasing a bargain but your life absolutely does not depend on it. Keep it in perspective and if the fun stops then switch off your computer, switch on the kettle and make a cup of Black Friday tea.
Make no mistake, hoverboards have been the hot technology of 2015.
Fuelled by Back to the Future fever and celebrity spots with Jamie Foxx, Justin Bieber et al, self-balancing scooters (to give them their proper name) have proven so popular with the public that online auction site eBay reported sales of one every twelve seconds earlier in December.
On Thursday I joined the ITV Good Morning Britain team to talk through the hoverboard phenomenon and the growing safety concerns that have led retailers around the world to stop selling and start refunding.
Negotiating an obstacle course on a hoverboard in windy conditions while answering Ben Shephard’s questions live on national television? No sweat!
There are two powerful safety angles to this story:
First up, hoverboards are heavy, powerful vehicles requiring skill, balance and practice to master. Unlike a Segway – considered the hoverboard’s forebear by many – there are no handlebars here, it’s just a motorised sideways skateboard.
Like the Segway, however, it is illegal to ride hoverboards on public streets and pavements in the UK. When the Crown Prosecution Service issued a statement reinforcing this guidance in October some argued the law (derived from the Highway Act of 1835 in England and Wales) was overbearing and heavy-handed. Then, last week, a 15 year-old lost control and was killed, run over by a London bus after losing balance on a hoverboard.
The other safety angle is the construction of the boards themselves. Leaping aboard the lucrative coat-tails of the hoverboard craze far-east manufacturers have mass produced hoverboards to lower price points with inevitable corner-cutting. Sadly, these short-cuts have been potentially lethal, with basic safety standards and common sense all but ignored. The main flashpoint has been the electronics.
One problem is that lithium-ion batteries used are notoriously unstable unless properly shielded. Major airlines are refusing to carry hoverboards in hold or checked luggage for risk of the batteries catching fire mid-flight. The other problem is that to keep costs low manufacturers are choosing to ship hoverboards with inferior quality poorly-shielded batteries, without thermal cutout circuitry or fuses in their plugs. Outcomes have included spontaneous explosions and fires and have been well-documented in various social media and the mainstream press. National Trading Standards claims to have examined thousands of self-balancing scooters at UK borders since October, with 88% (15,000) assessed to be unsafe and detained.
Eager to avoid a PR horror story major retailers have been quick to ground hoverboards, pulling stock from shelves and issuing health and safety advisories faster than you can say Great Scott. Amazon has been issuing automated refunds to customers and advising to dispose of hoverboards in WEEE approved sites.
In the wake of the VTech hack I answer ITV Good Morning Britain viewers’ concerns on the safety of their kids’ personal details.
Another week, another high-profile online hack.
In August 2015 the Ashley Madison scandal climbed the mainstream news agenda based largely on how the outed data transcended the all-too-commonplace bank details and password leaks.
The breach of tech-toy manufacturer VTech’s data last week has achieved a similar degree of infamy: six million sets of children’s personal details – including photos and chat transcripts – were swiped with apparent ease.
It’s of scant consolation that the hacker chose to share the story (and data) with a journalist rather than the denizens of the dark web: the Hong Kong firm hadn’t a clue that its online defences had even been breached until the journalist contacted them, begging the question of whether VTech’s website has been breached before? Nobody, not even VTech, can be sure.
The very nature of the VTech hack is disappointing but, if there is a positive, also a cautionary tale for remainder of the online industry.
‘SQL injection’ attacks are the oldest in the book, literally child’s play to execute, with plug-and-play exploitation toolkits and tutorials freely available online.
Like TalkTalk before it, VTech should have known better. As well as poorly-secured passwords (hashed with fatally insecure MD5 but not salted, therefore crackable with little more than a Google search) were plain-text secret questions and non-existent SSL security, all of which indicates a business quite simply not taking seriously its duty of care with users’ most sensitive data.
That in 2015 high-profile online services are still open to rudimentary exploitation signifies – to me at least – a distinct immaturity of the web as a whole. If any good comes of this attack it will be the wake-up call to other service providers to get real with their online security.
While VTech might make it through the immediate blip in its seasonal sales, time will tell whether it can survive the longer reputational damage. I hope so: as a parent I’ve found VTech’s tech toys to be among the best in class. I just hope it now takes less of a toy-town approach to its online services and its users’ data.
In the same Good Morning Britain episode I also talked viewers through how to enable parental restrictions, controls and security measures for other Christmas gadgets – the full story is available on the ITV website.
Of all the high-profile hacks and leaks of 2015 the TalkTalk Data Breach in October may prove to be one of the most significant yet, potentially impacting all four million of its UK customers.
While details of the breach are still emerging the leaked data appears to include unencrypted names, addresses, email addresses, bank account/credit card information, customer account numbers and more.
The ‘significant and sustained’ cyberattack, likely using a DDOS (distributed denial of service) attack as a smokescreen for their chosen method of entry and extraction, shows the hallmarks of highly-organised cybercrime.
Sadly, this isn’t the first time that the UK telco’s customers have had their personal details sneaked out of the back door. Data leaks in November 2014 and August 2015 exposed information that has been used to successfully defraud customers of thousands of pounds with phishing and vishing attacks.
- Treat incoming telephone calls purporting to be from a service provider – TalkTalk or otherwise – as potentially toxic. Regardless of any account number or information quoted, or the telephone number called from (Call Line IDs are easy to spoof), in my opinion phishing and vishing fraud is now so common that incoming calls are impossible to trust. A reputable/genuine caller will quite understand any concerns and give you an option to call back on a verified number found on your (for example) bank statement or the firm’s main website (not a link they send). However, make sure you call back from another number (maybe a mobile if you have one – but check call charges) or ensure your landline has been cleared first (wait 5 minutes or call a friend first).
- Check your bank statements, credit card bills and any online payment service accounts (eg Paypal). If there are any transactions you don’t recognise, no matter how small, query them. And then keep checking them – this is good practice anyway.
- Check and change your passwords, particularly if you use the same password as your TalkTalk account across any other accounts? Email, social network, PayPal, auction sites etc?
TalkTalk has a dedicated page to keep those concerned updated with the latest news and advice on the data breach: http://help2.talktalk.co.uk/oct22incident
September has been a busy month for television appearances. As well as new seasons of BBC1 Rip Off Britain and Planet of the Apps for Ginx TV, twice I’ve been up bright and early sitting on the ITV Good Morning Britain sofa.
The stories I covered were both Apple-focused but, it’s fair to say, at different ends of the good news spectrum.
The ‘iCloud Celebrity Photo Hack’ (or “The Fappening”, as it has also come to be known) is an altogether different news item, made more difficult because there’s a lot that’s still unknown about how private photos of celebrities came to be leaked in the first place – not least, whether Apple’s iCloud is even culpable.
I’ve uploaded my notes on the iCloud Celeb-gate story (do keep in mind that’s exactly what they are, just notes), and I’ll be sure to update them as regularly as I can while the story develops.
Here’s what we know about Heartbleed (as of today – it’s a developing story) plus some pointers about what you need to do to protect yourself:
What is the Heartbleed Bug? The Heartbleed Bug (or CVE–2014-0160 to give it its official name) is a vulnerability in OpenSSL, the fundamental bit of code used by as many as 500,000 websites to encrypt the data we send online. The upshot is that sensitive data such as our usernames, passwords and credit card details could potentially have been exposed to hackers. It doesn’t matter what device you’re using to connect to the web – a laptop, Mac, Windows, iPhone or Android – the vulnerability is on the web server that you’re connecting to.
Is it serious? Heartbleed is a serious enough vulnerability that it’s forced website owners all over the world to update, to patch their web servers. And we’re talking about the big players, like Yahoo and its services such as Flickr and Tumblr; some banks and even the FBI’s website are impacted too, an estimated half a million sites in total. Some sites such as Google and Facebook managed to patch their services early on or before the vulnerability was made public, but that doesn’t mean they weren’t vulnerable beforehand. And it’s not just websites that use OpenSSL, it’s email and instant messaging services too.
Who has exploited it? Concerningly, even though the Heartbleed Bug has only just been made public (by researchers at Google and Codenomicon) this vulnerability has been around for a couple of years. Perhaps nobody knew it was there until the last week. Perhaps (and this is speculation) some people did know but, having free access to privileged and sensitive data, chose to keep quiet about it. As it’s difficult to trace if and when the vulnerability has been exploited, we may never know.
What can we do? Some of the knee-jerk advice online has been ‘don’t go to work until you’ve changed all of your passwords’, but that might actually put you at more risk until the affected servers get patched with the fixed version of the OpenSSL code. Good advice is to check whether your service was impacted by the bug – this link on Mashable is pretty comprehensive – and as per the advice change your password only when safe to do so. Whatever you don, don’t use the same password for multiple accounts – consider using a secure password manager to keep track of them all. And, as always, keep a close eye on your bank statements for suspicious transactions.