Archive for the ‘General’ Category

Newer Entries »

Personal Privacy and that ‘Interview’ with a Facebook Employee

Tuesday, January 12th, 2010

Yesterday, The Rumpus published an interview with an undisclosed Facebook employee. In the article the employee highlights a bunch of practices within Facebook that suggest that member data isn’t as private as we might think it to be. I’ve put quotes around the word interview in the heading, because it really isn’t clear whether the interview actually took place, or maybe rather, how much of the info is really the result of an interview with a real person and how much has been filled in by the author to cover his tracks or because the info intuitively fits into the picture.

After reading several articles about the interview, I keep returning to the same conclusion I had after reading the original article: everyone is responsible for his or her own privacy. It may seem that privacy is out of our control in this technological world, but there’s a lot we can do.

In the era of instant gratification and reality TV, everyone wants to be a star – and that, immediately. The Internet gives us our chance. We’ve grown used to putting anything and everything (pictures, biographical info, financial and other data) on the Internet with such trust – closer to complete lack of concern – that I am amazed that more harm doesn’t come of it. The anonymity that loosens our inhibitions to reveal intimate secrets blends very well with the voyeurism of the Internet generation.

We want everyone to see us in our full glory and yet we demand that we be granted privacy. We can’t have it both ways. The Internet is a tool that must be used with caution, just like any other tool. If you wouldn’t dance naked in your living room with the shades up, or provide your financial info to your neighbors, why would you think it’s OK to do it on the Internet?

Back to the article, nothing in it is really surprising. Regardless of the company, some employees always have access to customer data. That’s because they need to.  While it may be implementing them a little late in the game, I’m sure that Facebook has similar rules that other companies do. It’s what happens or can happen to the data that is important. Think of the government agents who have lost computers with tens of thousands of personal records. It’s not about new laws or regulations or restrictions, because there’s always the human element involved and that is why we need to think about what we can do to ensure that our personal data is secure. If nothing else, we control the information that we put out there on Facebook and other social networks.

Maybe this interview incident will be a wake-up call to people to think about what they are doing for their own security.

Peter L

Tags: ,
Posted in General, News and Commentary | 4 Comments »

The Ice Cream Man

Monday, January 11th, 2010

It was a good weekend – except for the cold or flu or whatever it is that has me incapacitated since Saturday afternoon. (How am I supposed to enjoy play off football when I’m not feeling well!?)

Earlier in the morning on Saturday, I ran into my friend the ice cream man at the crowded grocery store. Our wives were gathering in the isles while the men folk tried to look manly with nothing to hunt and only orders to follow.

Anyway, he came up to me all happy and said that everything was great! I looked at him and didn’t really register what he meant. “You remember,” he said, “ you told me to try Sticky Password.” Now I remembered. (see blog entry of December 15)

“I was really skeptical at the beginning. I thought that it was going to be another piece of software on my computer that would never get used. On top of that, I thought that I only had a couple of password accounts, so I didn’t think that I needed a password manager.”He went on: “I started using it and I found out that I have 37 password accounts. I had no idea! And all I have to remember is one. And the form filling stuff is cool! I’ve got my business info separate from my personal stuff and I get through stuff with just one click. Thanks – it’s really great!”

I told him to let me know when the trial ran out and that I would see about getting him a special deal on the license. He said that he bought 2 licenses the first week after he started using it: one for himself and one for his daughter at college.

As we were saying goodbye, I asked whether he still used the names of his favorite flavors as his passwords. He laughed and said that neither he nor Sticky Password would ever tell!

Peter L

Tags: ,
Posted in General, Passwords and Security | 2 Comments »

Your online identity – dead

Tuesday, January 5th, 2010

I just found about the web 2.0 suicide machine. Wow! That’s what I call finding a need and filling it.

Once you get past the gallows humor – and, even though it is really only one graphical page, it took me a good while to do so, because they’ve done a great job of playing on the theme in the look and feel of the site.  The terminology used (‘sign out forever’, ‘commit’, ‘resting in a better a life’, etc.) and using a noose as the main graphical element are used consistently without overdoing it. The site gets the message across without being morbid: like watching the Addams Family, but with a moral.

Anyway, once you get past all that, you discover that they are serious about providing a service: they disconnect or ‘kill’ your online connections is various social networks (LinkedIn, Twitter, etc.). As far as I can tell, they aren’t doing anything that any of us couldn’t do on our own. They are simply automating the process for us. That seems legitimate to me. In fact, even if they were doing something that we couldn’t do ourselves (because of our own limited know-how, or time, or even because of EULA restrictions from the social networking sites), I think it is legitimate that we be able to own our information and identities online, and do with them what we want. And that is the underlying concept to all of this. It is a serious matter that companies and organizations can claim or suggest that they own information that is personal to us.

Kudos to web 2.0 suicide machine for helping us take a stand on our own behalf!

And they’ve scored quite a marketing coup: the web 2.0 suicide machine service has been banned from Facebook. Visit their website and see the great banner ad they’ve posted on their site. Other than Oprah promoting them on her show, I can’t think of a more powerful marketing tool at this early stage of their existence.

Did I mention that I really like the way they’ve designed their site!?

Peter L

Tags: ,
Posted in General, News and Commentary | 3 Comments »

New Year’s Resolutions

Saturday, January 2nd, 2010

While visiting my parents during the week between Christmas and New Year’s, I cleaned up my dad’s computer a bit. I try to do this for him every couple of months. The last time I was able to do it was at the beginning of August, so things were a bit ‘messier’ than usual. My father is the type of computer user who clicks on just about everything that appears on his monitor. He doesn’t spend much time figuring out whether it’s a system message, spam, a phishing attempt, or some other unscrupulous attempt to entice him to click the link and submit info. He’s been using a computer since 1985 and the Internet since the early 1990s, so you might think that he’d be more savvy to what lurks on the Internet, but as far as his clicking habits are concerned, I think he is pretty average in accepting just about anything that appears. A big problem is that while programs and applications have become more user-friendly (while not perfect, everything from games to business applications really is plug-and-play), system messages and legitimate warnings are still cryptic. So people ignore them. An example of this is the typical firewall, without thinking most people have gotten used to simply clicking ‘OK’ on any message that they think is delaying them in whatever it is they are doing. Instant gratification must never be more than a click away.

After cleaning everything up and updating all of my dad’s software, I added two new elements: Sticky Password and a remote access program. I know, I know, how is it possible that my father wasn’t using Sticky Password, yet!? Remember the saying about the cobbler’s children having no shoes? Well, in this case it was the cobbler’s father – that is, my father who was doing without. He’s been saying that he just didn’t have enough password-protected accounts to make it worthwhile. He has exactly 8 accounts, which seems like a manageable number, but every month he would have to reset passwords for a couple of the accounts, or ask me what his login was for this or that account. (And, no, I don’t recommend telling your passwords to others.) Somehow, all of this activity didn’t register with him as meaning anything – but it adds up and makes it just about impossible to make any sense after all the login resets! (In addition to claiming that he didn’t have enough accounts, I suspect that he wanted some hand holding for the installation. :-) )

I downloaded the Sticky Password installation package and clicked on it to launch the installation on his Windows XP system. I told him to get started while I sneaked off to get some coffee and cookies. When I returned, he was grinning like a Cheshire cat: he had installed Sticky Password all by himself! After 2 minutes of training – most of which consisted of me convincing him that all he had to do was remember his master password – he was happily visiting his favorite sites. A week later and he hasn’t had to reset any accounts and he is still clicking away – happily and SAFELY!

The other element I added was try remote access software. I’m testing LogMeIn, which seems to be a simply service to use and manage. So far, so good! If anyone has any experience or recommendations with this or other packages, I’d be interested in hearing from you.

Now to the New Year’s resolutions: let’s see, all the standard ones – more exercise, eat healthy, get more sleep, read at least one book every month, my dog needs to learn a few more tricks (I’m not sure if that counts as a resolution for me or him)… and, to help my dad keep working efficiently and safely on his computer, a task that will be easier thanks to Sticky Password.

Happy New Year!

Peter L

Tags:
Posted in General, Passwords and Security | 2 Comments »

Happy Holidays

Thursday, December 24th, 2009

Merry Christmas and All the Best in the New Year 2010!

From the Sticky Password Team

Posted in General | 3 Comments »

The latest from the FBI(?)

Friday, December 18th, 2009

I’m a window shopper as far as phishing and email scams are concerned. I like looking, but I must be a disappointment to the ‘vendors’ because I never send my private data to anyone and I don’t click any links. The fact that many of the attempts are just so funny makes it that much easier to resist sending my info to claim the ‘millions pounds’ and other currencies that they tell me is mine, ALL MINE for the asking! (evil laugh)

This week, I received a couple of new ones – at least for me. One was supposedly from UPS about some sort of card that I’m supposed to use to collect a large amount of money. Because of all the typos in the first paragraph, this one was a disappointment.

The other was from the FBI. Wow! The F B I sending me email – it must be important!

I’ll highlight just a few of the things that quickly reveal the FBI one to be a fraud.

The agency the person supposedly works for:

Anti-Terrorist and Monitory Crimes Division.

Federal Bureau of Investigation.

J. Edgar. Hoover Building Washington D.C

In the address alone, I count at least 6 mistakes! Is there really a ‘Monitory Crimes Division’ or did they mean ‘Monetary Crimes Division’?!? I’m sure the FBI are ‘monitoring’ things, but my guess is that they were trying to say that they were concerned about money. The other 5 involve punctuation in the address – why would there be a period at the end of each line and after Edgar, but not after the C in D.C ? I would hope that the FBI would know how to write their address correctly. It may sound like the address stuff is insignificant, but it’s not: official agencies and businesses sweat the small stuff. Mistakes drive away customers, so they have to get it right. Scamsters aren’t as careful!

The email address of the person sending the message is at gmail.com – a free webmail service. Doesn’t the FBI have a domain for their own email? Do their agents really use free webmail for business correspondence?

In the text, they use both ‘ATM Card Center’ and ‘ATM Card Centre’. It doesn’t really matter which form they chose, as long as they stuck with it. I remember in high school, my teachers would take off extra points when I would try to weasel my way through by spelling the same word different ways in the same essay. I don’t think the ‘FBI’ should get a pass on trying the same trick! :-)

For those who did not find enough in the text to STOP them from sending their info to this person, the last line of the email is one last try from the sender to snap anyone out of the daydream of what he or she will do with all that cash: ‘Final Notification from the United state Fbi’.

If you do receive an unexpected offer to receive cash or something very valuable in exchange for verifying your personal information – even if you do miss some of the trip-ups that give the culprit away – you can do some basic research of your own to see if what you’ve received is a scam. The following sites aren’t definitive, but they are a good place to do a quick check on scams that are out there – and there are a lot.

www.scamdex.com and www.snopes.com

Hey, be careful out there!

Peter L

Tags: ,
Posted in General, Passwords and Security | 8 Comments »

Don’t be cute

Tuesday, December 15th, 2009

I met up with a friend from college last weekend. We hadn’t seen in other in quite a while, so we had a lot of catching up to do. I listened with interest as he told me that he owns a franchise of one of those ice cream parlors where you choose the fixin’s and they mix your ice cream in front of your eyes on the freezing countertop. (Does anyone remember the NY ice cream chain Zippy’s with the little baseball and football helmets?!)

I told him about Sticky Password and what I’ve been doing in online security over the past 10 years. He wasn’t familiar with password management programs, but he did have experience with passwords. He proudly told me that he had a great system for creating passwords for email and online accounts: you guessed it – he used his favorite ice cream flavors as his passwords! :-)

I smiled and asked if anyone knew what those favorite flavors were. He admitted that he was only too happy to share his favorites with his customers when they asked for recommendations. I suggested that he download Sticky Password and try the 30-day trial version and that he should contact me any time with questions or comments.

Of course, I’m not suggesting that all or any of his customers are going to be interested in trying to access or violate his online identity. The point is that most people are in the habit of being cute with their passwords. Whether using the names of their children or pets, or, in this case, an ice cream man using his favorite flavors, these are things that someone who knows you even very little might try if he wanted to sneak into your accounts. Using words like ‘password’ or ‘qwerty’ is even worse, because you are opening yourself up to strangers who start their hacking attempts with these standards.

If you are going to be cute, then I suggest being cute with your login or username. That way, at least, you’ll be able to show off your great login to the world – rather than hiding your idea in a password. Passwords need to be something that can’t be easily guessed. While strong passwords may be hard to remember, they are even harder to be guessed by others! By using a password manager you’ll have strong passwords and the tool to manage them for you (so you don’t have to remember them all).

I’ll let you know how it turns out with my ice cream man friend in 30 days!

Peter L

Tags:
Posted in General, Passwords and Security | 2 Comments »

Banks that can’t spell

Sunday, December 13th, 2009

Walk into any café, deli, or just about any place where you can sit down (for instance, the salon where my wife gets her hair cut), and you’ll probably be able to connect to a Wi-Fi hotspot or a wireless network. From my desk at home, I can detect 6 wireless networks. Including mine, only two of them are secure. If you wouldn’t allow someone into your home without introducing himself, then why would you give him access to your wireless network without having him at least get the password from you?

Just like the author of the recent article in Wired magazine, I really enjoy reading phishing emails. I like finding as many spelling and grammar mistakes and other abuses of the English language as I can. Do people really think that their bank was in such a rush to get the important email to them (contrary to popular belief, email is not a intended as real-time communication!) that they would misspell words and make other really, really basic mistakes?! Would you really do business with your bank if they couldn’t even send you a letter without making spelling mistakes? Even if you do miss the spelling mistakes and the more sophisticated tip-offs (such as the email of the sender and others that can be difficult to detect), simply follow the rule that no legitimate business is going to ask you for your login and password information in an email! If you have any doubts about a suspicious email, or anything that asks you to ‘confirm’ your private data, simply call the company to confirm that the message came from them. If the communication is legitimate, they will work with you to ensure that you are satisfied that the interaction is legitimate.

The way technology seems to permeate everything we do these days makes it very easy to forget about being careful. The latest posts in the news section emphasize nicely the importance of being aware (or alert or conscious) of what is and isn’t reasonable in terms of basic security.

Tags: ,
Posted in General, News and Commentary | No Comments »

Thank you to all of our beta testers!

Tuesday, December 8th, 2009

A hearty thank you to all of the Sticky Password 4.0 beta version testers! Whatever the level of involvement, we couldn’t have gotten Sticky Password 4.0 ready without your help – more than 250 of you. Some of you were involved in the testing process from the beginning and provided detailed feedback on the alpha version as early as May – you know who you are: THANK YOU! Others of you downloaded the software and used it, simply letting us know that you were satisfied: to you, we also say thank you! We look forward to continuing the relationship we’ve built up with you. With your help, Sticky Password will continue to offer more and more of what a password manager and form filler should be.

Without further ado, we introduce the Sticky Password 4.0 testers (for the most part in alphabetical order):

1bryan, adam_b_brown, aemassi, ageuzaine, ajrandall106, alan.phillpot, alan, alcc, alee65, alex.horan, allwebco, amarks9, ammarmalhas, amperednia, andre.saegerman, andrew, andycr, anilkott, antal, antonio_grazioli, arinen, ashish.lampuse, ashngabe, avilchinsky, brucieboy, b_draper, bakosandras, belinda.marino, bert.kornet, bgaede, bill, bill_koenig, blars, blbulli46, bluehole1960, bob, brad, brian, bruce.verner, brendanrcarpenter, brownster, brustigian, bubby, c_o_o_p, cam1947, carlos.garcia, cbogan, certman56-buy, charles-bell, chr.schultz, chriscomzippy, christoph, ciscokidd22, ckennedy, clay, coen99, col_of_mar_ret, colinlewis648, cricko, ctray, danrey, dave, david-knight, david.mcintyre, david773, davidr, dcuc, ddesoto, dennisniven, djaufre, dla-inc, dniven, Doc.Go2, drey, e.boerma, eastcoastblues, emawyer, emperorofthemind, ericfdaly, ericsevans, esko.tantarimaki, firefly, flavio.alon, foxfyr1, fred, freddy, fredmac, fsijben, fuller1026, genady, ggroff, ghaines, glenn.paskow, glslagle, gmvigilante, greatdeals, greg.spencer4, gregw, gromit, gross, hafield, harding_david, heiko.lauterbach, henryalmeida, howard_smithuk, hugh, husker_dude, ian, iangcumming, phonecontrol, jandboneal, jiri, jraymer, j.richard, j.schladot, jamie_stephy, jamiepope, jaroslav, jason.young, jclark823, jeffkent, jfs06473, jgmathe, jhorton, jim, jimbrownlpc, jlgarciax, jmadden, jmaisey, jmerhi, jn.poulet, jnmbrink, joekimbel, joesomellow, johan.de.mulder, johnmerle, jpicard, j-pierre.renard, jrpeh, jspaulding22, juanpablo, jwfrank, k_ozawa, kc0ahj, keeeith, keepdad2, keiffer, keith.burley, keith, kensowton, kevin, layn, lesm, lewrose, lnorah, lockwizard, maigaard, mantle88,  marc, mark.borin, marktmanning, markus, matthews, mcdonald43, me@vov meyer.rainer, mhabk, mi6.007, michaelk73, mick, miguel.ceballos, mike, mlrochellesr, muriuki33, mwa, nestor, neverforget, nickb01, nigel, nigel_khan, nori, olegvg, olo1979, pacomputerguy, paulm7777, pavi58, pedavis, phil, phil52743, phyrejuice, plyj, purchasemrnajafali, qdesign, r.morris, ravi.canadian, rebird, ricklesh, r_manning, robbyvmi,  rod, rodandlana, ron.loxton,  rpcob, rs904c, rubyjack, s.sisti, sabonin, scott, sergeim19, silvrstreek58, sjpeel, skfann, lafredo, Spartacus, spickard11, starceo, steveb, steven.winograd1, steyen, sticky, stopopub-stickypassword, t.kelley, tbruno, teachmagic, terrylen, tim, tjander, tmott, tomordor, tsajtos, tytoprox, vivier, v.marek, vrowe, wa6cas, watkins.greg, wigdahl, wildmanjmatt, wileyeng, will, william.bruce, williamf, willrun247, wstamps, wymanjr, ylevintoff, zibulim

Thank you!

The Sticky Password Team

Posted in General | No Comments »

Welcome to the Sticky Password blog!

Tuesday, December 8th, 2009

With the launch of Sticky Password 4.0 on November 24, and with the encouragement of a good many customers, we are launching the Sticky Password blog. Welcome to the inaugural post!

The blog will focus on passwords, password management and form filling, and online security in general. As I scan the daily headlines and listen to computer users locally and on my travels, I am often surprised by the fact that many people still do not seem to appreciate the importance of password security. Our hope is that this blog will get people thinking about basic precautions that will help keep them safe. Online security is important and we take it very seriously, but we will also use humor as food for thought and to bring attention to the latest news in the area of password security.

For those of who haven’t seen it yet, the Sticky Password forum has been available since the summer. While we do not put limitations on topics, it is probably natural that the threads have held pretty closely to support and technical issues. In addition to the FAQ section, the online forum is also a good place to check out for help with technical questions.

We look forward to blogging with you!

The Sticky Password Team

Posted in General | 5 Comments »

Newer Entries »