The Mindset of Security

And yet again, there has been another security breach with significant number of accounts put at risk. Last week, it was disclosed by Yahoo! that over 450,000 account ID and passwords were obtained by a third party and published on the web.

The thing that bothered me the most about this particular security breach was that apparently the email addresses and passwords weren’t even encrypted. It was just a regular file on their server and once someone had downloaded it, it had the email addresses and passwords to approximately 500,000 people.

I won’t be a broken record and reiterate the importance of not using the same password for multiple websites, but if someone wants to read up on some suggestions I have, here’s the article Multiple Locks -- One Key.

The revelation that I had with this security breach is that the mindset that I need to take is to assume that any website that requires a password will eventually be compromised. For me, this is an important approach as it means that I will have to have the strategies and contingencies in place so that when the inevitable happens, that I am prepared.

It’s a little discouraging for me to think that there’s probably no chance that any type of password can’t be stolen, but I think that this is just one of the realities (and the disadvantages) of our technologies. In my mind, there’s just no getting around the fact that people will always try to make a living by obtaining things that don’t belong to them.

Part of the problem that we will face though is how do we limit the damage that can be done from those who obtain our identities? I think that some things are in our control and other things aren’t.

What we can control is how many different places that we use that password (refer to the previously mentioned article). If we have a password that is unique to one site, then if that one site’s credentials are exposed then at least we can limit it to that site.

The other thing that we can do is to look at some advanced methods of password creation. Sometimes we are exposed because of hackers that get into a third parties database, but there are other times when the weakness and lack of complexity of our password s makes it easier for a third party to guess – or to use automated tools to try different variations. If we’re using passwords such as PASSWORD or the date and month of our birthday for our banking PIN, we need to take some responsibility for that.

There are many articles online that discuss different strategies for creating stronger passwords – for the next article, I’ll summarize these articles, provide links and give some suggestions.

Those are a couple of things that we can do to limit the damage. One of the things that we don’t have control over is how long it takes to be informed that there has been a breach so that we can change our passwords. This one is a little more problematic as it could be days or even weeks before we’re aware and this means that they have seamless access to our account.

I suppose that the only real way to mitigate this is by keeping assessing the relative damage that can be done and then for those sites where it’s more critical, to make sure that we keep a closer eye on activity for anything out of the ordinary.

The other thing that we can do is to change passwords on a regular basis. From what I understand, this particular security breach was in a historical document containing usernames and passwords, so anyone who had changed their password since the list was created would not have been affected by the breach.

Unfortunately, there’s no one solution out there, I think that if I had to summarize how to minimize damage, it would be to be smart, be proactive and be vigilant of account activity.

Revisiting Security - Yet Another Breach

In the news this week has been yet another massive security breach - this time with the professional network - LinkedIn.  Apparently, millions of account passwords were breached and available to the criminal element. As I had to go in to reset my password, one of my previous articles came to mind and I thought it would be prudent to revisit it, and here's why...


I was discussing this breach with a colleague - I had asked her if she had changed her LinkedIn password and how it affected her.  Her response was "oh, I really don't use LinkedIn, there's not much personal information there and I have very few contacts, so even in the worst case, it probably wouldn't affect me too much".  I paused and then I responded, "Okay, so a couple of things, first of all, have you considered that your personal account information is theoretically available now, and that things like phone numbers, addresses and the such can be harvested to take out loans impersonating you?  Also, let me ask you this...this LinkedIn password of yours..it would be unique to LinkedIn and it's not a common password that you use for your email, for banking, for Facebook, right?".  With this statement her eyes got very big and she immediately went to change her password.

This is exactly the type of issues that I was referring to with my blog entry Multiple Locks - One Key.  As difficult as it is, we just cannot be using the same passwords for all websites.  It's human nature to do so as it's impossible to remember unique passwords for each site, but refer to my article, I have some suggestions on how to manage passwords effectively and safely.

Finally, should anyone have your own tips about how you manage your online identities and would like to share them, I'd love to post a follow-up article on other strategies and techniques.

Fantastic Voyage

As a virtual old-timer in the technological world, I’m very content with the little leaps and bounds that technology has made over the years. To a large extent, technology has evolved through gradual refinement more than anything else. I am of the generation that I can reminisce about an 8086 processor, a 300 baud modem or a dual floppy CGA-based system. Having knowledge and experience with these technologies grants me automatic inclusion into the TGC (Technology Geriatric Club!).

This gradual innovation and maturation is timed and controlled by the science behind the technology. Certainly, the advances in miniaturization has greatly influenced the ability to make smaller, and yet larger capacity – and faster chips.

Same sort of advances with our access to the outside world, we can have the fastestmodem and computer at home, but the true bottleneck is in the infrastructure of our cable or DSL lines.

I don’t know if it’s my imagination, but what I’m seeing lately with technology is astounding me. It seems to me that the physical limitations have been – well, maybe not eliminated, but certainly they are not impeding technological advance.

My first – oh my gosh – moment was with the advent of 3D printing. I’m probably fixating on this technology a bit, but holy cannoli – the more that I read and think about it, the more that I think that this is going to be an incredible technology as more applications are thought of for it.

Caught With My Technological Shorts Down

And here…

3-D Printing

The next innovation that caught my fancy was a monumental shift in technology as it relates to digital photography.

Next Great Technology - Digital Imaging

Next on my hot sheet is a medical technology that I’m not sure if it’s just experimental or becoming close to mainstream. This is the development of what are essentially micro-bots that can be inserted under the skin and either programmed or controlled remotely. I’ll be honest that I haven’t read much of this technology yet, but as someone who has gone through a few surgeries, I can attest that the smaller the incision, the less invasive the surgery, the easier it is on the body. As a side note, as soon as I read this particular article, I flashbacked to my youth and being fascinated with the movie Fantastic Voyage.

Are we there yet? No, not by a long shot and probably not in our children’s, children’s lifetimes but heck, when it comes to technology, I think that just about nothing is impossible but the impossible!

The more that I think about this theory of mine, the more that I think that I might be onto something. Maybe it really is a matter that our technology is maturing – that the first 40 years has been in developing the core infrastructure and technology to remove these hard-wired limitations.

Perhaps now that we have small, fast, efficient processors, (relatively) large storage devices the size of a fingernail and all of the other bits and bytes that we need, maybe now our biggest limitation is the creativity to think outside the box and to say to one’s self, “Well, why NOT?”.

It really is a brave new technological world and I don’t think that it’s going to get any less exciting.

Let’s strap ourselves in and enjoy this fantastic voyage!

The Next Great Technology - Digital Imaging

Some of my "faithful readers" might recall my fascination with 3D printing and how it snuck up on me as a "woah - I would have never thought of that!" sort of thing.

Well, another one of these moments has occurred - this time it is a technological innovation as it relates to photography.  A start-up company down in the US has invented a new technology that is being referred to as a "Plenoptic" camera.  In essence, instead of just taking a very static bits and bytes type of image, it's actually capturing all of the light waves coming from all directions.

What does this really mean?  Well, believe it or not, you can take an "image" which has been captured via a plenoptic camera and with a special widget, you can post this image online and the USER can decide - dynamically - where they want the focal point to be.  To see how way cool this is, the following article actually has a plenoptic image of a flower.  If you go and click on a portion of the image in the background that is currently blurry, you'll see that the effective focal point of the image has been changed.

With innovations like this and 3D printing, I'm always wondering if technology is taking a big LEAP.  For many years now it's been just refining and optimizing existing technology.  Now, it's inventing new technologies that I had never considered.

New innovation in digital imaging.

Engage! A Change in Philosophy

I’m a big fan of Star Trek, especially “Star Trek – The Next Generation”. One of Captain Jean-Luc Picard’s catchphrases was “Engage!” to his crew as they were ready to go into warp drive.

This phrase came to mind to me last week as I waiting to get some blood-work done at a lab.

I was sitting there waiting for my turn with 11 other people and I noticed how many people were on their communication devices. I did a quick count and was amused that half of the people were in fact engaged electronically and seemed to be completely oblivious to the real.

As a matter of fact, that was the original theme of my article, about how technology takes us out of the “here and now” and we are no longer as socially engaged with those around us.

However, as I thought through this, I came to the realization that this was an easy judgment to make. Pondering a little more, I considered that people in fact may still be socially engaged, but that I wasn’t in any position to be able to tell. Maybe the young man was texting with this girlfriend and was completely engaged with her during this exchange. Perhaps the elderly lady was in a chat room with her daughter and they were taking advantage of an opportunity to “spend time” together (in an electronic form).

Despite this revelation in my thought process, I think that there is still cause of concern as it relates to technology and social engagement. In some respects, I think that my original concerns were still valid. For example, should there have been some incident and all of my fellow waitees were called upon to give evidence as to who was there and who wasn’t, I’m quite certain that this electronic engagement would have meant that at least half of the people left the lab not even noticing who they were sitting down with.

In that respect, I think that society has lost a little of its charm.

I can’t help wonder about how many opportunities are being lost because people are oblivious to their fellow flesh-and-blooders. I think of something my Mom told me about how she took a cab recently. She had a nice conversation with the driver and for all intents and purposes adopted him. Had my Mom been absorbed with the electronic life, the two of them would not have had made a dent in each other’s lives.

I think a little ruefully that these types of encounters enrich us. They help us to learn about different views and to grow as we gain new experiences and meet different types of people.

I don’t really so much have a problem with the electronic form of engagement, but the biggest thing for me is that it generally involved engagement with people already in our circle; there can be minimal interaction with others that we might get in the “real world”.

Still, I suppose that it has its benefits. It’s extraordinarily useful for nurturing those relationships that we’ve already developed, so I can’t be too critical. I guess for me, it’s like this type of electronic interaction should be the dessert, not the main course.

In closing – next time you’re on the subway or in a cab and having the opportunity, I will give the following advice…

Engage!

Testing Internet Speed

When we sign-up for high speed Internet, one of the decisions that we’re making is what speed we want.

The problem is that what an Internet Service Provider will quote with their plan is the optimum speed that can be expected. The actual speed can vary – and will vary – depending on numerous factors.

This causes a problem as we don’t always know if there is a chronic problem that is impacting the actual access speed. In my own case, I had suspected that I wasn’t getting the speed that I was expecting, but I just wasn’t so sure and I didn’t really have time to investigate. I then recalled about a website which measures the speed of one’s connection. I ran this utility
http://www.speakeasy.net/speedtest/ and noticed that I was consistently only getting a download speed of 8 megabits per second, despite paying for 18 megabits per second. The ISP had investigated and determined that there was a physical problem with my line but seeing that I was in the process of moving, I didn’t deem this to be something that I needed to contend with. Interestingly enough, since I moved, I’ve rerun the test and it’s now reporting a more reasonable speed.

Why does this matter to you? Well, first of all, if you’re paying for a specific speed, you’d like to (by and large) get the speed that you’re paying for. The other thing is that if you’re consistently getting much slower speeds, it can be an indication of other more serious problems. It could be an indication of a hardware/line problem, but it could also indicate a problem with your computer as well.

A "Public Service Announcement" from TecHumanity

Just read this article and I thought that this is exactly the sort of thing that people need to be aware of.  As per the attached article on CNET News, there is a DNS related virus which could impede people's ability to access the Internet this summer.  Now - that having been said, do you own due diligence - as you should with ANYTHING that's published on the Internet.  Being an electronic doubting Thomas is not a bad thing.

Still, here's the article.

http://news.cnet.com/8301-1009_3-57418276-83/web-could-vanish-for-hordes-of-people-in-july-fbi-warns/?part=rss&subj=news&tag=title

In case there's a link problem, then just go to CNET news today and find the article.  Also worth noting that later on, the article gives a website which can take a look at your computer to see if you're infected and affected!  The link is http://www.dcwg.org/ but as always, TecHumanity does not endorse or recommend any website, product or service.  As mentioned before, do your own due diligence!