Wednesday, May 23, 2018

Web Secret 520: Cybersecurity - part 2

This is part 2 of a 5 part series on cybersecurity.

We are vulnerable to cyber-attacks for a variety of reasons:
  • As early as 1994 experts called for a national information infrastructure – that hasn’t happened
  • Much of the USA’s most sensitive information is not encrypted. How comforting.
  • A recently enacted 2017 Trump law allows your internet service provider (AKA FIOS et al) to sell your metadata without your permission.
  • When companies upgrade their websites, they upgrade their security but old webpages still exist and are vulnerable to hacking. One expert said, “We have 20 years of vulnerable websites.”
  • Two-Factor Authentication was devised in the 70s but has only recently begun to have traction. In other words, we have technology to foil attacks but decision makers are slow to deploy it. And people are even slower to adopt it. Two Factor Authentication is an extra layer of security known as "multi factor authentication." It requires not only a password and username but also something that only the user has on them, i.e. a piece of information only they should know. For example, the answer to questions like "What is the name of your first pet" or "what is your dream vacation spot?"
  • In an April article titled “Failed by Facebook, We’ll Return to the Scene of the Crime. We Always Do.”, the New York Times reported how even when a company is hacked, or fails to protect our privacy, we go right back to using it.

    “The reality is that when it comes to privacy, the trade-off has already been made: We decided long ago to give away our personal information in exchange for free content and the ability to interact seamlessly with others… After just about every big privacy hack over the past decade, people quickly returned to the scene of the crime, using the same store or online site that had been compromised.”

    During the Forum, one expert pointed out how even the most egregious lapse will result in only a brief downtick in a company’s stock market performance.
  • We are fighting a 21st century crime with outdated approaches. The attack vectors multiply and the preparedness of end users is very low.
  • In the 21st century, US armed forces do not manufacture the weapons they need, they subcontract with a private enterprise. Similarly, US apps, software, and hardware are in the hands of the Apple, Microsoft and Googles of this world. The US government turns to these companies to self-police themselves.
  • Cyber-security is not primarily a technical challenge but rather a social/political problem. An educational problem. A legal problem. A policy problem.
It is concerning that several Yale Forum experts stated that there needs to be “carnage” for the country and its citizens to pay attention to cyber security. Meaning one or more people need to die as a result of a hack for the public to demand that attention must be paid. One expert even wondered if we need a “grand carnage moment” to make it happen.

Along that line, some of us during a lunch break wondered when a person’s medical history will be hacked causing them serious injury, even death. Would we even know if it happened? So far hospital records have only been hacked by ransomware.

What happens next?

To be continued next week...

Wednesday, May 16, 2018

Web Secret 519: Cybersecurity - part 1

This past March, I was the recipient of a $3,000 scholarship to attend the 2018 Yale Cyber Leadership Forum.

Yes, my alma mater charges $3,000 to attend a day and a half conference.

The Yale Cyber Leadership Forum aims to bridge the divide among legal scholars and practitioners, technology experts, business leaders, and policymakers from across the globe on how best to understand and counter the most pressing cyber security challenges of our day.” This article aims to summarize what was discussed as it applies to mental health practitioners and organizations.

The Forum brings together a diverse set of thought leaders who are eager to share their experiences, learn more about the array of cyber threats, gather new strategies for overcoming cybersecurity challenges, and contribute to discussions of the best way to tackle the challenges ahead.

Note: Forum attendees were asked to follow the Chatham House Rule. We like to be as pretentious as possible in the Ivy League. For the rest of the world, at a meeting held under the Chatham House Rule, anyone who attends is free to use information from the discussion, but is not allowed to reveal who made any comment. It is designed to increase openness of discussion.

In a nutshell, this is what I learned:
  • The field of cyber security is in its infancy
  • Law and policy are lagging far behind technology
  • It’s not just a tech issue, it’s a people issue. More on that later.
To elaborate, our intelligence leaders believe the risk of a cyber-attack eclipses terrorism as the greatest threat to the USA. If even one of our major infrastructure components (power grid, Internet, financial system) is compromised by a cyber-attack, the other two collapses and we are headed towards catastrophe. Complicating this narrative is the fact that through the world wide web, everyone around the globe is inter-connected.

As one expert put it: “We are as secure as the rest of the Internet.” Great.

These are the countries which have the greatest expertise in cyber warfare:
  1. Russia
  2. China
  3. North Korea
  4. Iran.
Quelle surprise!

We are vulnerable to cyber-attacks for a variety of reasons, which I will explain in next week's post.

None of it is good news.

Wednesday, May 9, 2018

Web Secret 518: The Weed Tube

The US and marijuana regulation = mess.

While the federal government style views pot as illegal, most of the states are in full rebellion. No two states are alike - some have legalized both medical and recreational marijuana, some just medical, some (a minority) don't allow either.

I am fairly confident that eventually both medical and recreational will be legal.

In the meantime, there is, (since March 1,) The Weed Tube, a how to channel devoted to - you guessed it - marijuana focused videos.

If you want to take the pulse of the marijuana legalization movement, there's no better place to start.

The posts range from the fanciful to serious demos and reviews. Here are a few:

Sesh Cannabis First Impressions

How To Make A Strawberry Bowl

A week in my life – Hilton Head Island

Don't judge.

Wednesday, May 2, 2018

Web Secret 517: Protecting your privacy on Facebook

Unless you've been living under the proverbial rock, you know that Facebook is experiencing (putting it mildly) a privacy problem.

We have been advised to shut down our accounts. Realistically, not everyone wants to do that.

Wired magazine published guerilla warfare alternative: "A drag queen's guide to protecting your privacy on Facebook by breaking the rules."

To wit:

Change Your Name: Using a chosen name allows you a bit more control over how your data is collected, stored, and used. By adopting a chosen name, it’s possible to stay in touch with friends who can decode who you really are, while avoiding others who you’d rather not be able to find you. Plus, using a different name on different platforms makes it just a bit harder for trackers to connect the dots between your accounts, activity, and behaviors. But it’s not always practical to change your name; you may have better luck starting with a new account.

“Like” Like Everyone’s Watching: Another easy way to make it more difficult for companies to paint a clear picture of you is to give them false, misleading, or simply too much information. For example, if you don’t want to be targeted by manipulative political ads, perhaps try “liking” some pages or politicians who don’t fully match your values; the same goes for favorite brands, places, celebrities, or anything else you can support. Think of this as throwing the company off the scent.

Tag Photos Incorrectly: Similarly, try mis-tagging photos of friends—or use photos of celebrities, cartoons, or inanimate objects—to confuse Facebook’s facial recognition and computer vision algorithms.

Click All the Ads: You may also want to try clicking all the ads Facebook and other platforms deliver to you—especially the ones you’re not actually interested in. Again, this effectively hides your real interests within a sea of not-quite-real information.

Share Accounts: Finally, for those of us trying to curb our social media addictions, another option is to share an account with friends or family. That way, you can still make sure you don’t miss important updates or events, while making it harder to trace you personally.

Here's my suggestion: go through your list of your Facebook friends and ruthlessly delete the people who you are not close too.

At the end of the article, the author writes: "Are these foolproof? Certainly not... Are they ethical? I think so. Until companies come clean about their motives and give us real options to present ourselves authentically, to control the flow of our data, and to opt out of particular kinds of tracking, I’d say we’re justified in taking steps to protect ourselves..."

And that, my friends, is the truth.

Wednesday, April 25, 2018

Web Secret 516: secret features on your iPhone

Are you one of of the billion people in the world who owns an iPhone?

Then you really should read "Hidden In Plain iSight: Secret, Handy Features On Your iPhone."

But why read a long article, when I can summarize what you need to know in one handy dandy short blog post?

1. Get help in an emergency situation. This tip has gone viral and everyone should learn it and share it with their loved ones: Click the power button five times in a row to bring up a secret menu. In an emergency, you can drag on the SOS slider to automatically call emergency services. Your phone will send your location to first responders at the end of the call.

2. Keep your stuff on lock. That four-digit passcode of days past is no longer the standard. Apple pretty much insists on six digits to keep your private content, well, private. But if you've got some seriously sensitive stuff, you can always go alphanumeric. A combo of letters and numbers. To do it, head to Settings, then Touch ID and Passcode, then Change Passcode. When you're taken to the Change Passcode screen, tap options and select alphanumeric.

3. Delete the worst apps. Have you ever actually used the Stocks app? What about the app for the Apple Watch despite the fact that you can't afford the actual watch? Finally, in iOS 11 you can delete those suckers the same way you'd delete any other app.

4. Need more space? Head to Settings, then General, then iPhone Storage, and finally "Offload Unused Apps" to get rid of those games you haven't touched in years.

5. Free scanner In the new-and-improved Notes app, you can scan documents with the new "Scan Documents" feature.

Voila!

Wednesday, April 18, 2018

Web Secret 515: upgrading

This past November, Apple released the iPhone X.

I purchased it for my husband who was celebrating a major birthday.

It cost as much as a laptop computer.

Normally, I would be the first person in my family to get one. I'm an early adopter who loves tech.

But not this time, maybe never again.

Don't get me wrong. The new phone is better than my 7 plus: it unlocks with facial recognition. It features dramatically improved picture quality. It has a longer battery life. You can charge it by placing it on a wireless charging base.

Cool/useful right?

But not essential.

For the time being, I will not upgrade. Which leaves me wondering when will people stop upgrading or even just pause upgrading.

What might make me upgrade to the X?

A drastic price reduction.

An interesting color - yes, I am that shallow. For the ninetieth time, why does everything come in just black or grey?

Otherwise, I'm hanging on.

But introduce a new iPad Mini and I'm yours.

Wednesday, April 11, 2018

Web Secret 514: the Learned League

I come from a line of Trivia lovers.

Before the Internet, my father could rattle off the names of all the supporting actors in Casablanca.

As a seven year old, I enjoyed reading the 16 volume Golden Book Encyclopedia from A to Z. I also absorbed a thick book that describes everything notable that happened in 1953. I know more about 1953 than any other year of my life.

My love of useless info as continued since then.

So I was beyond thrilled when Marc, my perennial Words With Friends opponent, nominated me for the Learned League, AKA "The coolest, weirdest Internet community you’ll never be able to join."

As one article explained:

"Visiting the desktop-only, confusing-to-navigate website on which it lives is a little like time-traveling to Y2K. Text is small and dense; there are no graphics beyond a generic-looking logo and the tiny flags that players are required to use as avatars. More important, there’s basically nothing at stake: There are no prizes of any kind, and when you join (by referral only...), you’re placed into a group of about 20 random competitors...although everyone, across every “rundle,” as the groups are called, answers the same six questions each day of each 25-day quarterly season..."

There is a twist: In addition to playing offense (by trying to guess the right answer), contestants also play defense by assigning points — 0 through 3 — which their opponent will win by answering that question correctly. A winning approach awards your opponent 0 for an easy question and 3 for the most obscure one.

Things I hate about Learned League:
  • The site is crammed with a mass quantity of statistics that only a Fantasy Football League aficionado could enjoy. Here is just a sample: W: Wins, L: Losses, T: Ties, PTS: Points (in Standings), MPD: Match Points Differential, TMP: Total Match Points, TCA: Total Correct Answers, TPA: Total Points Allowed, CAA: Correct Answers Allowed, PCAA: Points Per Correct Answer Allowed, UfPA: Unforced Points Allowed, DE: Defensive Efficiency, FW: Forfeit Wins, FL: Forfeit Losses, 3PT: 3-Pointers, MCW: Most Common Wrong Answers, STR: Streak.
  • It is not a pure trivia contest. You can win a match even if you knew the answer to fewer questions than your opponent, but were clever about your defensive game. This irks me.
  • It's not just about winning matches, it's about defeating the very best players in your rundle. Only then can you rise to the top.
  • You play every day (except week-ends) during the season and it could become a huge time suck.
Fortunately my friend Marc told me how to play and not lose your mind: "I can only answer on average 2 out of the 6 questions. I spend a max of 10 minutes a day on this. You either know the answer or you don't."

I've done well. I've been ranked as high as second in my rundle and as low as 6th. Currently I'm in 4th place.

But really, I do it for the beautifully crafted trivia questions:

"What cultural and artistic movement was founded in the 1920s by French writer André Breton and defined in his 1924 "Manifesto," in which he laid out the nonconformist and unconscious—and at times absurdist—method by which art is created in the movement, with absence of reason or aesthetic concern?"