July 6, 2017No Comments

Protect yourself with better passwords

I have more digital passwords than keys, and without a handy key ring and visual clues like a Hello Kitty key cap, I'm having a hard time keeping them straight.

Add to that the cautions of most info security professionals to avoid using the same passwords across multiple sites and systems, and creating passwords with at least seven characters using symbols like $ or % as well as capital letters and you've got a mind-melding memory challenge. Did I forget to say that you shouldn't write them down, either?

The password we should protect the most is our email password. If a hacker gains access to your email account, he or she could use the "helpful" Forgot Your Password? feature on most sites and possibly change the passwords to your other accounts, like banks, PayPal, social networking and more.

Three different types (desktop, portable and web-based) of software solutions have surfaced for those of us who confuse our bank password with our Yelp password.

Password management programs like KeePass and Password Safe (available free) will store your passwords in one encrypted database and allow you to access them with one master password or key file. Even easier to use are web-based password managers like 1Password and LastPass that allow you to access your encrypted passwords from any device.

Experts say that the most common passwords, and thus the easiest to break, are:

  • the word "password"
  • birthdays or anniversary dates
  • children's or pet's names
  • QWERTY or ABCDEF or ABC123
  • cities and hometowns

And if you think picking a word from the dictionary is the answer, think again. Among the different ways hackers use to crack passwords are the "dictionary attack," which basically tries every word in the English or any other foreign language as your password. Some dictionary crackers even substitute symbols for letters, like pa$$word instead of password.

The best recommendation for password protection is to use a password manager, and to think of phrases that have personal meaning to you and are more complex than a proper name or a dictionary word. Some people use book or poetry excerpts, favorite dinner entrees, phrases from childhood or song lyrics as a foundation for their passwords, and then build in special characters and capital letters. Complex, yes, but some things -- like bank accounts and other personal information -- should be protected to the best of our efforts.

 

October 11, 2016No Comments

The looming digital crisis of confidence

The first hints of trouble will probably start after the polls close on November 8.

Should votes not go his way, GOP Presidential Candidate Donald Trump will likely reiterate and ramp up his claims of a “rigged” election. These cries, left vague enough to fit neatly into a number of real world risks as well as conspiracy theories, are designed to exploit our worries about cyber security, Russian espionage and voter fraud.

From there, it’s not that far of a leap to a call for recounts in key states, “Not My President” signs in yards, and a full frontal legal assault on the legitimacy of the election.

This is the ugly side of a digital, interconnected world. The fact that to date there have been no indications that previous elections have been tampered with gives little comfort in light of state-sponsored cyber attacks that are becoming increasingly sophisticated and damaging. I wrote my second novel about terrorists' cyber attacks shutting down water, power and banking systems. Equally scary and not at all fictional is the Russian willingness to try to influence November's presidential election via hacking.

Voters need only read headlines to understand the breadth and depth of the risks of any computerized system in an inter-connected world. Today’s cyber threats come from all angles – power grids being shut down, water treatment systems tampered with, millions of dollars stolen from banks. Little wonder that more than half of U.S. voters (56%) are concerned that this year’s election will be affected by hacking or cyber attack, according to a September 2016 survey conducted by security firm Carbon Black.

The vulnerabilities of state voting systems, particularly those using direct-recording electronic (DRE) machines, have been well-documented since the 2000 Gore/Bush election. These machines record and store votes electronically, and pose the greatest risk for a security breach. Many are backed up by paper trails, but a large group are not.

Many pundits are looking at Pennsylvania as the state to watch this election. Not only is it a swing state showing a very close race between the two candidates, but it is also a state in which the majority of its counties are using DREs with no verifiable paper trail. Should the legitimacy of this election be questioned, Pennsylvania is likely where it will happen.

That we should have seen it coming won’t matter come November.

Internet security professionals have been warning us for years that anything connected to the Internet can be hacked, even as companies race to connect our toasters, deadbolt locks and pacemakers to the much-vaunted Internet of Things.

Most of us have decided that the benefits of hyper-connectivity outweigh the risks. We like the convenience and we don’t think much about the huge data trails we leave in our wakes. We use 123abc as our password for multiple accounts, and tap into free wifi without worrying about what data we are sending through the airwaves. It’s hard to fully comprehend the risks until we see real-world consequences like identity theft, exposure of private or embarrassing photos or data, or the failure of systems we rely on.

Maybe this November will give us our wake-up call. Or maybe not. Voter fraud in the U.S. is quite a rare thing, and back-up paper trails provide confidence that tampering, if it happened, could be uncovered.

Still, the queasy feeling about this November’s election persists. Part of Donald Trump’s genius is that like a true dealmaker, he always leaves lots of room for negotiation. He exploits the fears of the electorate by undermining and questioning the very process itself. If you’re losing the game, question the rules.

When Trump says that if he loses in November, it will only be because the election was “rigged,” he leaves out the specifics of how. He could mean the scheduling of the debates, the endorsements of party leaders or any number of potential upsets. Should he lose on November 8, the hackability of the voting machines will be ready and waiting as a reason.

Undermining the confidence of our voting system is the real danger. The doubt itself is damaging enough.

July 22, 2014No Comments

When women were astronomical computers

Being a computer used to be one of the few women's jobs in astronomy.

Today, the word computer evokes plastic cases, microchips and power cords, but the term "computer" was actually first used in the late 19th and early 20th centuries to describe people who solved mathematical equations using their brains and a pencil and paper. Rooms of these human computers, or clerks, sat at desks, crunching through large amounts of data for weeks that today can be done in a millisecond.

This was not glamorous work. But it was one of the few jobs available to women in the fields of math and science at the time. So if you had your college degree but didn't want to be a teacher or nurse, you might instead apply for work as a human computer.

Astronomy benefited greatly from the work of women computers. A phalanx of about 80 women worked as human computers for the Harvard College Observatory, processing astronomical data in the late 19th century. Many today credit this group of women with the hard work of mapping the night sky under the leadership of Edward Pickering, Observatory head. It was a momentous project, creating a complete spectral catalog of the northern and southern hemisphere night sky.

Around the university they were known as Pickering's Harem. They were paid about 25 cents an hour to pore over astrophotographs, cataloging stars and celestial bodies. Although he was a progressive, Pickering likely didn't hire women strictly because of his politics -- economics might have played a role too. Women computers would accept wages that were half of what a man would demand.

Their clerical work formed the statistical foundations of modern astronomical theory. One of them, Annie Cannon, is credited with developing a system -- adopted in 1922 and still in use today -- for classifying stars based on temperature. She also discovered 300 stars and classified the photographic spectra of 325,000 more.

Not bad for women's work.

May 31, 2013No Comments

Book Review: Worm

Worm: The First Digital World War by Mark Bowden

My rating: 4 of 5 stars

So, can Mark Bowden, author of Black Hawk Down: A Story of Modern War, make TCP/IP and the domain name system exciting? The answer is yes and no.

The 2008 Conficker worm infected millions of computers to create a "botnet" of zombie desktops and laptops awaiting a command. A small band of Internet geeks united in an unprecedented world wide effort to combat it, and Bowden does do a good job of structuring their story so that you want to keep turning the pages (or in my case, changing the audio book CD) to find out what happens next.

The Internet is a decentralized network with no one organization or government in charge of it; and likewise this story doesn't have just one hero and one villain. Instead it has an army of "white hat" security experts pitting their skills against "black hat" hackers.

Bowden tells the story from the point of view of ten or so key players, quoting email exchanges between the members that are sometimes eloquent, sometimes long-winded. The book is at its most dull when it focuses on these emails; and at its most exciting when it brings to life in-person conflicts like that of Internet defender Rodney Joffe heading to Capitol Hill to alert the feds of the Conficker threat. Bowden also does a great job of explaining the Internet's infrastructure such as the domain name system and root servers in a way that non-techies can understand.

In full disclosure, I'm not a techie but I do work at one of the organizations featured in this non-fiction book. So the little errors that slipped through research and proofing stood out to me and made me less inclined to trust the book from the start. For example, he calls ICANN the International Corporation for Assigned Names and Numbers when it is really the INTERNET Corporation for Assigned Names and Numbers. He also states that ICANN took over the domain name system in 1998 from Stanford Research Institute, but it was actually the University of Southern California that turned over the reigns. But once I got over those details, I appreciated Bowden's story telling and context.

View all my reviews

October 12, 2012No Comments

ITU Study Points to Internet’s Future on Your Phone

A study released by the International Telecommunication Union yesterday showed the world has about six billion mobile phone subscriptions -- one billion are in China, another billion are in India.

We're rapidly approaching a time when we can say there are as many cell phones on earth as there are people. The world's population is pegged at about seven billion today.

In West African countries like Senegal, mobile phones are easy to get, while waiting lists for an old-fashioned, hard-wired telephone in your home can extend for years. No surprise that most residents don't bother to install a land line -- why bother waiting for someone to run a wire to their town or village when they can get a pre-paid mobile phone today?

For developing nations, the mobile phone is also the gateway to the Internet. The study also noted there are now more than twice as many mobile broadband subscriptions as there are fixed broadband subscriptions. It's easy to look at this study and the growth trajectory and see a future where most people are accessing the Internet via mobile broadband technology and in languages other than English. Organizations are already designing and building web sites to be effective mobile or tablet sites first, instead of starting with the desktop user in mind. We'll undoubtedly be seeing more of that in the future.

Read more in the ITU's Measuring the Information Society 2012 report.

February 14, 2011No Comments

Google can do that?! JC Penney manually demoted in search ranking for black-hat dealings

New York Times writer David Segal likens Google to the entrance to the largest shopping mall on the planet. I'll take it a step further and call the innovative search company one of the most powerful media companies in the world. Its search results dictate the information that most of us read on whatever topic sparked our interest at work or at home.

Google takes seriously its responsibility to index the world's information, and last week, after being presented the results of a New York Times investigation, the search company took what it calls corrective action against JC Penney by demoting its status in search results. The charges against JC Penney? That the retailer gamed Google's natural search system by planting thousands of links to the retailer's website in order to increase its appearance in search results for such varied keywords as "dresses", "aluminum sheets," "snoring," and "glass shower doors."

On the flipside, European Union officials are investigating Google for anti-trust law violation, hypothesizing that ad dollars increase both paid and natural search rankings.

Both JC Penney and Google deny the charges.

Segal's piece from Saturday's Times is a great window into the world of search engine optimization -- a good read for anyone interested in learning a little more about what is behind those Google search results that we all rely on.

http://www.nytimes.com/2011/02/13/business/13search.html

3313414_s