More Hacking for Your Enjoyment (Part 2)

WARNING: The following blog post contains adult content that may be offensive to some readers. Discretion is highly advised.

This is a story that I was once told by one of the Staples techs never to tell but I feel now is a good time to tell it.

Back about 6 years ago (approximately 9 months before I was forced out of the company), a father came in with his teenage daughter (probably 15 years old) to have some technical work done on her computer. At first this seemed just like every other repair request that is done in our store.

Later that day when the technician started to check out the system integrity, he came across the pictures folder. Interestingly enough, the teenage girl had the setting to show all the pictures in the folder set to large icons.

At this point, the technician clicked on the first picture to enlarge it and discovered something shocking. Here was a picture of that teenage girl displayed in all her naked glory. Yes, she either took a picture of herself or somebody else took a picture of her. The technician and I looked at each other in complete disbelief in what we were seeing and quickly went to the next picture. The next picture was even more disturbing. It was a picture of a teenage guy in his fully exposed birthday suit. At this point the technician looked at no further pictures and decided to quickly continue on with the rest of system integrity investigation.

Disclaimer: I honestly don’t know what the policy of Staples is/was at the time regarding child porn, but I know that it should not be acceptable under any circumstances. Whether the technician should have notified management on what he saw on this machine is debatable, but there was no question of its legality. I also don’t know if the proper authorities should have been contacted over what was on the computer in question. Let me say that I don’t know if this had ever happened before this but if it had, it was never brought up in any discussion. I would also say that I don’t know what the policy of any other retail repair company’s policy is regarding this matter.

The next day when the father and daughter came back in to pick up the laptop, it was obvious from the girl’s expression on her face that she might have realized that something was very wrong with what she had been doing on her computer. Something inside of me was almost tempted to blurt out to the father to say something like “we saw your daughter and a guy naked on her computer”. However my better instincts told me not to say anything like that as I would presume that the girl would never see her next birthday.

Of course this story leads me into the topic of all the celebrity hacking of naked pictures from Apple iCloud services. While some celebrities have denied that the pictures are real, others have said that they are, while a third group has remained on the fence neither confirming nor denying the truth of the pictures.

Like the teenage girl mentioned above, these celebrities certainly should have known better than having pictures of them floating around in the internet despite the fact that they should have been protected in a cloud environment. With so much hacking going on, it was only time before somebody would start hacking cloud services.

While celebrities like Jennifer Lawrence have come out to say that anybody who looks at the pictures are creating a “sex crime”, this is nothing but hypocritical behavior especially since she is the one who posted the pictures online in the first place. To have anybody think otherwise would be stupid.

A week after the first group of celebrity hacked pictures were released; Apple Computer CEO Tim Cook introduced the world to Apple Pay. This new system is supposed to create a sort of virtual wallet for your credit cards on your smartphone so that it would be easier to pay for purchases at retail stores. From what I have read is that this system uses a fingerprint password system on the smartphone to activate the wallet then the customer waves his phone over or around the retailer’s cash register’s pin pad.

While this sounds great in concept, there are 2 major problems that I would like to bring up. The first is that the fingerprint doesn’t have to be a “live” fingerprint meaning that anybody who has access to that fingerprint could use it to access a possibly stolen phone. Of course given the recent problems with the most recent iOS upgrade regarding fingerprint technology, this doesn’t seem as foolproof as it possibly could be or maybe ever be. I expect somebody to be able to hack and workaround that system very soon.

The second problem is the waving of the smartphone over another unit. Anybody who might be nearby could possibly pick up the signal as it is being transmitted from phone to pin pad thereby capturing the credit card information before it is processed. Since many companies have unsecured Wi-Fi access, it probably is the same system that is used to transmit credit card information meaning that a thief may not even have to be close by to steal somebody’s information.

Which finally leads me to this point: Staples is one of the first companies to want to adopt this new Apple Pay system. Given all of the problems with Staples in the past, do we dare trust them to have a secure payment system with this idea? My thought is that no way they can be trusted given their wretched past.

Overall, Apple Pay sounds as safe to use as iCloud. Why not combine the 2 and do full body scanning in the store that way nobody could steal your personal information? On second thought, there would be no more privacy to give up. I really don’t think Staples would really go for that no matter what stupid things they do.