Archive for the ‘News and Commentary’ Category

Newer Entries »

Online security and relationships – a bad mix!

Tuesday, February 16th, 2010

I hope you all enjoyed Valentine’s Day! After reading the previous post, I hope that you all included a note to your beloved in that box of chocolates in which you announced that you’ve changed your shared gmail password. :-) Here are a couple of articles that came out recently that highlight the fact that feelings and security often don’t mix.

In Broken hearts put holes in wallets – the author stresses that “[f]raudsters know that trust is the key to profiting from love”. The bad guys know that people are very likely to share private info including passwords and other data once a ‘relationship’ is built. It’s a game that takes time, but the bad guys have all the time it takes to use social networks to build a sense of trust and then to get your data. (I picture the bad guys sitting at computers with all sorts of chats going on simultaneously like the guys in the park who play several games of chess at once with the punch clock.) Make it your policy to not share your personal data with anyone and you’ll be much safer.

Black hat hackers on demand is scarier. Here we find out just how easy it is for someone you know to pay someone to do the dirty work: your ‘ex‘ pays a few bucks and soon you receive an invitation where you have to enter your password yourself. They pay the money and get your password and access information. Here’s where your diligence comes into play. It takes discipline, but it’s up to you to make sure that before you click on anything or enter your access data anywhere that you know who it’s from. The bad guys in this scenario pretend to be someone you know. This makes it harder to resist the immediate click, but it’s worth waiting a few minutes to confirm who sent it. So much for instant gratification… but you’ll be safer for it!

Peter L

Tags: , ,
Posted in News and Commentary, Passwords and Security | 2 Comments »

Bue Spring Manatee Festival

Thursday, January 14th, 2010

Because there is more to life than just passwords (yes, we admit it!) and facebook and ‘official’ letters from the FBI, we’ll occasionally point out events and activities and all sorts of other things that excite the Sticky Password team.

The Sticky Password team has become very interested in helping Manatees in Florida. So much so, that we’re sponsoring the Save the Manatee Club. Even though no one on the team lives in Florida, we are able to help with contributions. Check out their site to see some neat videos and find out about these cool animals. The stuffed manatee you get for ‘adopting’ a manatee is well worth the price.

If you happen to be in the area (central Florida, north of Orlando) on the weekend of January 23-24, be sure to check out the 25th Annual Manatee Festival in Orange City, Florida.

Tags:
Posted in Events, General, News and Commentary | No Comments »

Personal Privacy and that ‘Interview’ with a Facebook Employee

Tuesday, January 12th, 2010

Yesterday, The Rumpus published an interview with an undisclosed Facebook employee. In the article the employee highlights a bunch of practices within Facebook that suggest that member data isn’t as private as we might think it to be. I’ve put quotes around the word interview in the heading, because it really isn’t clear whether the interview actually took place, or maybe rather, how much of the info is really the result of an interview with a real person and how much has been filled in by the author to cover his tracks or because the info intuitively fits into the picture.

After reading several articles about the interview, I keep returning to the same conclusion I had after reading the original article: everyone is responsible for his or her own privacy. It may seem that privacy is out of our control in this technological world, but there’s a lot we can do.

In the era of instant gratification and reality TV, everyone wants to be a star – and that, immediately. The Internet gives us our chance. We’ve grown used to putting anything and everything (pictures, biographical info, financial and other data) on the Internet with such trust – closer to complete lack of concern – that I am amazed that more harm doesn’t come of it. The anonymity that loosens our inhibitions to reveal intimate secrets blends very well with the voyeurism of the Internet generation.

We want everyone to see us in our full glory and yet we demand that we be granted privacy. We can’t have it both ways. The Internet is a tool that must be used with caution, just like any other tool. If you wouldn’t dance naked in your living room with the shades up, or provide your financial info to your neighbors, why would you think it’s OK to do it on the Internet?

Back to the article, nothing in it is really surprising. Regardless of the company, some employees always have access to customer data. That’s because they need to.  While it may be implementing them a little late in the game, I’m sure that Facebook has similar rules that other companies do. It’s what happens or can happen to the data that is important. Think of the government agents who have lost computers with tens of thousands of personal records. It’s not about new laws or regulations or restrictions, because there’s always the human element involved and that is why we need to think about what we can do to ensure that our personal data is secure. If nothing else, we control the information that we put out there on Facebook and other social networks.

Maybe this interview incident will be a wake-up call to people to think about what they are doing for their own security.

Peter L

Tags: ,
Posted in General, News and Commentary | 4 Comments »

Your online identity – dead

Tuesday, January 5th, 2010

I just found about the web 2.0 suicide machine. Wow! That’s what I call finding a need and filling it.

Once you get past the gallows humor – and, even though it is really only one graphical page, it took me a good while to do so, because they’ve done a great job of playing on the theme in the look and feel of the site.  The terminology used (‘sign out forever’, ‘commit’, ‘resting in a better a life’, etc.) and using a noose as the main graphical element are used consistently without overdoing it. The site gets the message across without being morbid: like watching the Addams Family, but with a moral.

Anyway, once you get past all that, you discover that they are serious about providing a service: they disconnect or ‘kill’ your online connections is various social networks (LinkedIn, Twitter, etc.). As far as I can tell, they aren’t doing anything that any of us couldn’t do on our own. They are simply automating the process for us. That seems legitimate to me. In fact, even if they were doing something that we couldn’t do ourselves (because of our own limited know-how, or time, or even because of EULA restrictions from the social networking sites), I think it is legitimate that we be able to own our information and identities online, and do with them what we want. And that is the underlying concept to all of this. It is a serious matter that companies and organizations can claim or suggest that they own information that is personal to us.

Kudos to web 2.0 suicide machine for helping us take a stand on our own behalf!

And they’ve scored quite a marketing coup: the web 2.0 suicide machine service has been banned from Facebook. Visit their website and see the great banner ad they’ve posted on their site. Other than Oprah promoting them on her show, I can’t think of a more powerful marketing tool at this early stage of their existence.

Did I mention that I really like the way they’ve designed their site!?

Peter L

Tags: ,
Posted in General, News and Commentary | 3 Comments »

Banks that can’t spell

Sunday, December 13th, 2009

Walk into any café, deli, or just about any place where you can sit down (for instance, the salon where my wife gets her hair cut), and you’ll probably be able to connect to a Wi-Fi hotspot or a wireless network. From my desk at home, I can detect 6 wireless networks. Including mine, only two of them are secure. If you wouldn’t allow someone into your home without introducing himself, then why would you give him access to your wireless network without having him at least get the password from you?

Just like the author of the recent article in Wired magazine, I really enjoy reading phishing emails. I like finding as many spelling and grammar mistakes and other abuses of the English language as I can. Do people really think that their bank was in such a rush to get the important email to them (contrary to popular belief, email is not a intended as real-time communication!) that they would misspell words and make other really, really basic mistakes?! Would you really do business with your bank if they couldn’t even send you a letter without making spelling mistakes? Even if you do miss the spelling mistakes and the more sophisticated tip-offs (such as the email of the sender and others that can be difficult to detect), simply follow the rule that no legitimate business is going to ask you for your login and password information in an email! If you have any doubts about a suspicious email, or anything that asks you to ‘confirm’ your private data, simply call the company to confirm that the message came from them. If the communication is legitimate, they will work with you to ensure that you are satisfied that the interaction is legitimate.

The way technology seems to permeate everything we do these days makes it very easy to forget about being careful. The latest posts in the news section emphasize nicely the importance of being aware (or alert or conscious) of what is and isn’t reasonable in terms of basic security.

Tags: ,
Posted in General, News and Commentary | No Comments »

Taking basic precautions

Thursday, December 10th, 2009

Not so long ago, I was VP at a rapidly growing anti-virus company. I was in sales and marketing, but I liked hanging out with the anti-virus gurus. Their jobs seemed so exotic and exciting as they were on 24-hour call saving the world! The more I talked with them, the more I understood that while the bad guys are very good at what they do, much of their success depended on average people NOT taking even basic precautions. The head of the anti-virus lab showed me a very simple slide that he used for his presentations. It showed that the major viruses in the early 2000’s spread only AFTER Microsoft announced the security patches that would protect customers. So, if customers acted reasonably quickly (meaning weeks and not months!), much of the damage that was created by viruses in the first half of this decade could have been avoided. (We can debate the pros and cons of the necessity of software security patches some other day.)

The following article reminded me of the importance of each computer user taking responsibility for his or her own security – nothing that would require huge technical knowledge, just taking care of the basics. Computer software and hardware are tools that can help keep you secure; we each need to use these tools appropriately, and not just forget about them and hope that everything will be OK. As is stressed in the article, basic precautions are necessary even with passwords:

“The statistics showed many people still using “admin,” or “administrator” as their username, suggesting that default usernames and passwords are still being used. Similarly, easy to crack passwords were being used “I23456″ was common as well as the simple phrase “password.” Default and easy to crack usernames and passwords combined with automated account credential tools make the process all too easy, Microsoft said.”

Peter L

Tags: ,
Posted in News and Commentary, Passwords and Security | 2 Comments »

Newer Entries »