Month: September 2016

Okay…so the news is full of the first baby to have allegedly been born with DNA from three people (sperm and egg from a man and a woman and mitochondrial DNA from a second woman). The baby is five months old, according to New Scientist. So, how come earlier this year (June, to be precise), the likes of Fergus Walsh were talking about the procedure being safe and others suggesting that a 3p baby might be born within a year? This conception was presumably being kept secret until the New Sci exclusive revealed all today, but there must have been plenty of people who knew about it.

Anyway, in saying it’s a first did they forget about American girl Alana Saarinen who was conceived of three parents and born in 2000 before the US banned this technique? There was an earlier birth too, Emma Ott (born in 1997), although her DNA proved to be from only two parents according to genetic tests despite the procedure having been employed in her conception.

The 3p technique could solve the problem of certain mitochondrial genetic disease by using healthy DNA from the “third parent”. The newborn has Jordanian parents and the procedure was carried out in Mexico by a US team.

Alison Murdoch, who heads the Newcastle Fertility Centre at Life, Newcastle University, is one of those at the forefront of this research in the UK. The Telegraph quotes her: “If this baby has been born as suggested then that would be great news. The translation of mitochondrial donation to a clinical procedure is not a race but a goal to be achieved with caution to ensure both safety and reproducibility,” she says.

The listed artwork Spiral Nebula, by Geoffrey Clarke RA, is an iconic piece of sculpture that stands in front of the Herschel Building at Newcastle University, site of many a failed physics practical and slept-through early morning lecture (no wonder I took 4 years to get my chemistry degree!). I snapped it a couple of times while daughter was registering for her biomedical science course at the weekend…

What a bitter-sweet day, to deliver offspring to one’s alma mater, pride (in her achievements so far, fingers crossed for a Noble Prize in 2028, say), relief (that’s she’s opted for biomed and not, ahem, another field of endeavour), and sadness at the passing of her childhood so quickly (tempus fugit and all that). And, of course, the much greater wingspan of old tempus since my university mater was only just starting her alma for me.

Was my account hacked?

Well, there were 500 million users affected of 1 billion active users, so chances are 1 in 2 that it was. But, you will get an email from Yahoo at some point if you were definitely affected.

What should I do now?

Login with your current details, change your password to a strong, unique one and enable two-factor/multi-step authentication so that you have to receive a text or email (SMS) to login next time.

Anything else?

Yes, you should disable security questions on your account as answers may have been stolen and could be used to break in. Also, if you used the same Q&A on other sites, then I’d recommend changing or disabling those. Hopefully, you didn’t actually answer truthfully so the Yahoo hackers don’t actually now know your mother’s maiden name nor that of your first pet.

What data was stolen by the hackers?

Users’ personal data, birthdays, phone numbers, including unencrypted answers to secret account recovery questions (change those too and don’t use your actual pets’ nor mother’s maiden name, they’re easy for hackers to find out from Facebook etc!), but apparently not credit card details.

Did the hackers get my password?

If your account is one of the unlucky half a billion, then the hackers got a “hashed”, or scrambled, version of your password. Hashed passwords have random letters and numbers added to them to disguise the password, it’s very difficult to work out what this random data is and so recover the actual password.

What about my logins for other sites?

As long as you didn’t use the same password as your Yahoo login, you should be fine. If you did, change the password on those accounts too to a unique, strong password.

Who were the hackers?

Yahoo says it doesn’t know for sure, but they suspect state-sponsored hackers, but that is looking increasingly unlikely, it was more likely a crook hoping to grab data to sell from your Yahoo mail, chats, flickr photos, or Tumblr blog etc.

Either way, should I worry?

Yes, be wary of unsolicited emails, phone calls and even snailmail that have unexpected personal details, such as your birthday and phone number, they could be trying to trick you into clicking a dangerous link or getting hold of your bank and other details. Yahoo will not send out emails with links, so any email that claims to be a security alert from them and has links will most likely be a “phishing” attack.

Is this the biggest hack ever?

At least 500 million accounts have been compromised, which is more than the MySpace breach earlier this year which involved 360 million user accounts, and far more than the Linkedin hack of 2012 (117 million users), so yes.

When did the hack take place?

The attack is thought to have occurred two years ago.

If the hack happened two years ago, why is it in the news only now?

Yahoo had suspicions just two months ago when a hacker called Peace was offering to sell data on 200 million of its users on the dark web, but it is only now that they have verified that a security breach actually took place at the end of 2014.

Could Yahoo have prevented this attack from happening?

It’s very difficult to keep one step ahead of very clever people with malicious intent. So, maybe not. However, they left some personal details unencrypted, which is bad practice and may ultimately expose millions of their users to future problems if their account were one of those compromised. Moreover, they really did take their eye off the ball if they’ve only just noticed the intrusion all that time ago.

Isn’t Yahoo irrelevant in today’s internet?

In some sense yes, the glory days of it being the top search engine long before Google came along are long gone. But, it still has a billion active users, that’s a lot of email accounts and personal details that may well have been compromised. Also, if you have a Flickr photo account, that’s Yahoo too, as is your Tumblr!

What’s Yahoo doing about this hack now?

Who knows? Presumably, they are shutting the barn door, despite the horse having long since bolted, had a good run around and been put out to pasture.

Put out to pasture?

Yes, you know? Like you do with an old horse that’s totally useless, long past its prime, way beyond its use-by date, like a saggy old search engine…

Earlier, I issued a warning about slipping a USB stick into your slot for fear of infection or physical damage. But, it’s not just USB devices you have to worry about. According to Naked Security today, which quotes Gizmodo, the “We-Vibe 4 Plus” smart vibrator and accompanying phone app, manufactured by Standard Innovation Corp, sends heat and vibration intensity data back to the manufacturer in realtime when the app is in use. They can therefore tell how many of their connected “Internet of Things” devices are in pulse, wave, echo, peak or “cha cha cha” mode at any given time.

There is, unfortunately, no insulated digital condom for USB sticks. Infections can be transmitted both ways as soon as you slide the stick into the slot, whether it’s a laptop, TV, copy machine or any other USB device. But, it’s not just the risk of catching and transmitting viruses USB users have to worry about, your infection might turn the machine into a zombie and add it to a criminal botnet or worse…

A couple of years ago, there was a demonstration of something far more lethal than a USB stick infected with malware. Some clever sod came up with a tiny circuit that would take a current from these hybrid data-power ports and become charged up and then blast the port with a sudden surge of power that would literally burn out the recipient’s innards.

The malicious device exploits a hardware vulnerability that manufacturers have not bothered to fix in the 20-year history of USB and there is no prophylactic to save your bits…or bytes. It is now available to anyone who fancies ruining somebody else’s equipment, sabotaging computers at work or indeed anywhere they can stick their USB.

If someone offers to put a USB in your port or sends you a free one in the mail to stick in the slot yourself, just say no, no matter how attractive the digital offer, nor how much you really want to. It’s just not worth it.

USB – Don’t die of ignorance.

Here’s a thing, we’re endlessly told we should be drinking more water…well, that’s not strictly true, you get water from food and lots of different types of drinks and unless you have particular needs because of age or disease or are in a particularly desiccating environment it’s actually quite hard to become clinically dehydrated. Another bit of deceived wisdom often bandied about is that certain drinks, particularly those containing caffeine and/or alcohol make you dehydrated too. But, an interesting paper in the American Journal of Clinical Nutrition earlier this year has attempted to standardise a beverage hydration index (BHI). The authors of the paper hypothesised that “the postingestion diuretic response is likely to be influenced by several beverage characteristics, including the volume ingested, energy density, electrolyte content, and the presence of diuretic agents.”

However, that doesn’t seem to be what they found, debunking that particular piece of deceived wisdom. Fizzy drinks, coffee and beer do not make you dehydrated: “Cumulative urine output at 4 h after ingestion of cola, diet cola, hot tea, iced tea, coffee, lager, orange juice, sparkling water, and a sports drink were not different from the response to water ingestion.”

Fundamentally, all of those drinks are mostly water and are not quite the potent diuretics as lifestyle gurus in their lifestyle magazines and bestselling opratic books might have you believe…