For those of you who read my articles, you’ll perhaps notice a trend that I’m a great fence-sitter when it comes to the good and the bad of technology. Not that there’s anything particularly wrong about that – I think that it’s good to remain open-minded and see the pros and the cons of any situation or issue. However, as I thought about the subject of this article, I’ve come to the conclusion that this article will be a bit different and I will present a very definite opinion on thais subject.
There is an old saying that a ghost is a spirit that roams this earth because it doesn’t know that it’s died yet.
My recent revelation is that we have such a ghost among us now. This spirit that does not know that it has died a quiet and slow death is paper. I might surprise some people with the arguments presented here, especially with my love of reading and my *ahem* advanced number of birthdays. As I think along these lines, I see that technology has advanced to the degree where paper is not as necessary and in a lot of respects, it hinders us.
Don’t get me wrong, I’ve obviously grown up with paper and I love the thought of a printed book, and I certainly can’t imagine my weekend routines with an early morning coffee and going to the front door to get my paper, but the benefits of the electronic age far outstrip the nostalgia of being able to hold printed paper.
Were paper to be made obsolete – basically eradicated from our world, would I miss it? Absolutely. The romantic side of me loves the theory of printed page, but I like to think that I’m pragmatic enough to accept its demise.
Through my lifetime, I’ve seen typewriters, adding machines and ledgers (physical paper based) having died a quiet death and we’ve managed just fine. Where all files were stored in file cabinets, there can be no doubt that our technological replacement of a database has given us capabilities that just simply weren’t possible with filing cabinet storage.
Paper has a wonderful feel and smell to it. Especially with a handwritten note you can get so much out of not only what was written, but how it was written and the underlying emotions and passion that you’d rarely see in an email. None of that is disputed. But the stark reality is that as a society, we evolve, and if we don’t evolve, we become extinct. Either or our tools become obsolete – or we do.
I’m not suggesting that paper will ever truly disappear from our world, but it is lost the vast majority of its usefulness and it has come to the point where it hinders us more than helps us.
Much like my “Cash is King” post, we need to accept technology into our lives and use it to whatever extent that we deem necessary.
When the ballpoint pen replaced the fountain pen which replaced the quill, I’m sure that there was equal uproar and concern about losing that esoteric aspect of our lives. We adapted and realized that the older way of doing things were wonderful, but totally impractical as a tool when we have so much more at our disposal.
To further illustrate my point (and yet, I know that I’m dating myself again!) I remember distinctly doing up assignments on a typewriter. When I made mistakes, I had to use white-out or replace the ribbon of the typewriter with the eraser ribbon and retype white powder over my mistakes.
It’s wonderful to be nostalgic – there’s nothing wrong with that but we need to keep in mind that we’re meant to expand our horizons – that one of the things that differentiate us from so many animal is our ability to use tools to grow.
Monday, May 30, 2011
Saturday, May 7, 2011
Stupid Scam/Spam 101
Received an email today stating that I had a "express delivery" sent to me and that there was an attached file which included the tracking number and other delivery information.
Rule #1: If you're going to try that scam, then do not let the recipient see that you've also sent it to numerous other parties. Am I supposed to believe that we all have packages and that somehow the tracking number is the same for all of us? How exactly is THAT supposed to work.
Rule #2: Use a spell checker. It's not that complicated of a technology and not using it destroys credibility, especially when you spell "adress" and "buisness".
Rule #3: Stop being such a dumb-ass. Have you not figured out that people are not going to click on an attachment which supposedly contains the tracking number (which was also in the body of the email!). Any reputable delivery organization would call, or at the very least give a 1-800 number for you to call to arrange for delivery.
I swear, people like this give scammers a bad name!
Rule #1: If you're going to try that scam, then do not let the recipient see that you've also sent it to numerous other parties. Am I supposed to believe that we all have packages and that somehow the tracking number is the same for all of us? How exactly is THAT supposed to work.
Rule #2: Use a spell checker. It's not that complicated of a technology and not using it destroys credibility, especially when you spell "adress" and "buisness".
Rule #3: Stop being such a dumb-ass. Have you not figured out that people are not going to click on an attachment which supposedly contains the tracking number (which was also in the body of the email!). Any reputable delivery organization would call, or at the very least give a 1-800 number for you to call to arrange for delivery.
I swear, people like this give scammers a bad name!
Friday, May 6, 2011
Security Breach - Redux
I don't think that it's a coincidence that a lot of my later articles have dealt with how security is implemented and the issue of security breaches.
I read an article today that I thought was very relevant to one of my points in the blog entry Multiple Locks -- One Key.
Within it, I mentioned that there one of the ways to work around using the same password on all sites without having to remember them all is to use a password manager. Further, I go on to say that the only problem with this approach is if you use an online password manager, and it's security is breached, then all of your passwords are potentially vulnerable to theft, which more or less defeated the purpose of having unique passwords. The way around this is to have a standard prefix or suffix on all of your passwords, and don't write that -fix anywhere. My example would if you added -@nan12w to all of your passwords. That way, if the password manager was compromised, the full passwords wouldn't be.
Well it turns out that I wasn't far off the boat on this one. The password manager site LastPass sent out a notice to their client that "they're not sure, but they think that their system was breached" and that users should keep this in mind and remain ever diligent. This in itself bring up another interesting problem - as these attacks become more sophisticated, we may have instances where these companies are not even aware that their security has been breached.
This issue of security and protection is not going to go away. Like it or not, we all have to remain sophisticated and intelligent and always try to make sure that our information is protected to the best of our abilities. Quite obviously, these companies aren't doing a good enough job.
I read an article today that I thought was very relevant to one of my points in the blog entry Multiple Locks -- One Key.
Within it, I mentioned that there one of the ways to work around using the same password on all sites without having to remember them all is to use a password manager. Further, I go on to say that the only problem with this approach is if you use an online password manager, and it's security is breached, then all of your passwords are potentially vulnerable to theft, which more or less defeated the purpose of having unique passwords. The way around this is to have a standard prefix or suffix on all of your passwords, and don't write that -fix anywhere. My example would if you added -@nan12w to all of your passwords. That way, if the password manager was compromised, the full passwords wouldn't be.
Well it turns out that I wasn't far off the boat on this one. The password manager site LastPass sent out a notice to their client that "they're not sure, but they think that their system was breached" and that users should keep this in mind and remain ever diligent. This in itself bring up another interesting problem - as these attacks become more sophisticated, we may have instances where these companies are not even aware that their security has been breached.
This issue of security and protection is not going to go away. Like it or not, we all have to remain sophisticated and intelligent and always try to make sure that our information is protected to the best of our abilities. Quite obviously, these companies aren't doing a good enough job.
Tuesday, May 3, 2011
The Persistent Shadow
Regardless of the day and of any technologies in society, there will always be a segment of our population who would rather make their career out of subterfuge instead of putting in a hard day’s work. Unfortunately, that will always be the case.
There is a security leapfrog when it comes to those that are trying to protect our information and those trying to acquire it. As the ne’er-do-wells find some mechanism or scheme to steal our money, the guys in the white hat put in a process or technology to make it much more difficult for the criminal element to succeed. Of course, once this has been done, then the scammers go right to work looking for ways to circumvent the current security scheme.
One thing that has become readily apparent over the past few months is that fraud has become big business.
In the past, many of us had to deal with unsophisticated attempts by the fraudsters. It took no time for the vast majority of us to figure out that it was highly unlikely that we were the beneficiaries of some Nigerian will, or that we had won $5,000,000 in some lottery in which we had never bought tickets. Possible benefits from the fraudulent attempts were low; at the most, an individual might be duped out of a few hundred dollars.
In recent months, it has become evident that these attacks are more planned an d deliberate. Where fraudulent activity in the past was based on the concept of sending out millions of emails containing malware or that contained phishing attacks, there is a new gangster in town, and this one takes a more deliberate and patient approach. Not only is it more cost effective, but I believe that what they are finding is that the potential for reward is much higher.
Where the mindset of electronic fraud has undergone a fundamental change is that instead of attacking the consumer, the targets are now the holders of our data – the corporations that house our identities and financial information in their database. This type of fraudulent activity will become more and more common.
The other aspect of corporate database fraud that makes it more attractive to criminals is that it is an active attempt to break into the company data banks. The unsophisticated fraudulent email approach was very passive. All that the individual could do is to sit there and hope that 1 in a million individuals actually fell for the scheme.
Recent security breaches in the corporate world are not anomalies; these will be more and more common. A couple of months ago, a global player in the recognition & reward sector had their database breached, exposing individual names, addresses and other confidential information belonging to major credit card and reward program customers.
For the past two weeks, the entire Playstation network has been down as there was a significant security breach in their database as well. It’s currently believed that at least 100,000,000 (yes…one hundred million) subscribers were exposed. What makes this even more alarming is that it is believed that this theft of data has included credit card numbers, expiration dates and banking information. When one considers the value of 100,000,000 customer profiles, it becomes evident that for these individuals, even if it took them six months to plan an attack and to infiltrate an organization, the potential benefit far exceeds the cost.
On my way in this morning, there’s something else that I’ve realized and I think that this in an important point to keep in mind. There are many people out there that don’t necessarily purchase goods or services online and perhaps they think that they’re not at as much risk. The thing to consider is that anyone is at risk of having their information illegally accessed if their records appear in a corporate database.
The next time you go for an oil change, or swipe your rewards card at Indigo, or purchase an extended warranty at Futureshop, always keep in mind that the vast majority of your transactions with a company will be recorded in their database.
The sad reality is that all of us need to be continually diligent to checking banking or credit card transactions and doing a periodic review of our credit score and record.
Gone are the days of cash transactions, where a purchase transaction ended with the transfer of goods and cash.. The persistent shadow of fraud is our new reality and it is our responsibility to make sure that we practice due diligence to know who we deal with and how they protect our data.
There is a security leapfrog when it comes to those that are trying to protect our information and those trying to acquire it. As the ne’er-do-wells find some mechanism or scheme to steal our money, the guys in the white hat put in a process or technology to make it much more difficult for the criminal element to succeed. Of course, once this has been done, then the scammers go right to work looking for ways to circumvent the current security scheme.
One thing that has become readily apparent over the past few months is that fraud has become big business.
In the past, many of us had to deal with unsophisticated attempts by the fraudsters. It took no time for the vast majority of us to figure out that it was highly unlikely that we were the beneficiaries of some Nigerian will, or that we had won $5,000,000 in some lottery in which we had never bought tickets. Possible benefits from the fraudulent attempts were low; at the most, an individual might be duped out of a few hundred dollars.
In recent months, it has become evident that these attacks are more planned an d deliberate. Where fraudulent activity in the past was based on the concept of sending out millions of emails containing malware or that contained phishing attacks, there is a new gangster in town, and this one takes a more deliberate and patient approach. Not only is it more cost effective, but I believe that what they are finding is that the potential for reward is much higher.
Where the mindset of electronic fraud has undergone a fundamental change is that instead of attacking the consumer, the targets are now the holders of our data – the corporations that house our identities and financial information in their database. This type of fraudulent activity will become more and more common.
The other aspect of corporate database fraud that makes it more attractive to criminals is that it is an active attempt to break into the company data banks. The unsophisticated fraudulent email approach was very passive. All that the individual could do is to sit there and hope that 1 in a million individuals actually fell for the scheme.
Recent security breaches in the corporate world are not anomalies; these will be more and more common. A couple of months ago, a global player in the recognition & reward sector had their database breached, exposing individual names, addresses and other confidential information belonging to major credit card and reward program customers.
For the past two weeks, the entire Playstation network has been down as there was a significant security breach in their database as well. It’s currently believed that at least 100,000,000 (yes…one hundred million) subscribers were exposed. What makes this even more alarming is that it is believed that this theft of data has included credit card numbers, expiration dates and banking information. When one considers the value of 100,000,000 customer profiles, it becomes evident that for these individuals, even if it took them six months to plan an attack and to infiltrate an organization, the potential benefit far exceeds the cost.
On my way in this morning, there’s something else that I’ve realized and I think that this in an important point to keep in mind. There are many people out there that don’t necessarily purchase goods or services online and perhaps they think that they’re not at as much risk. The thing to consider is that anyone is at risk of having their information illegally accessed if their records appear in a corporate database.
The next time you go for an oil change, or swipe your rewards card at Indigo, or purchase an extended warranty at Futureshop, always keep in mind that the vast majority of your transactions with a company will be recorded in their database.
The sad reality is that all of us need to be continually diligent to checking banking or credit card transactions and doing a periodic review of our credit score and record.
Gone are the days of cash transactions, where a purchase transaction ended with the transfer of goods and cash.. The persistent shadow of fraud is our new reality and it is our responsibility to make sure that we practice due diligence to know who we deal with and how they protect our data.
Subscribe to:
Posts (Atom)