Do you need help using the Internet?

Leave a comment

coverI have a new book and it may just be the thing you have been looking for!  The name of the book is You’re Never Too Old to Surf:  A Senior’s Guide to Safe Internet Use. 

This book is for you if you have ever wanted to harness the power of the Internet, but haven’t been quite sure what that means or how to do it.  It is intended for the parents, grandparents and great-grandparents who want to use the wide range of tools that are available today on the Internet, from simply surfing the web to buying online, using email, blogs and even social networking sites.  You may have sought guidance from your child or children  only to be annoyed at their exasperated response to your questions.  Or, you may have tried it on your own, and gotten frustrated with the tools, or had some problem result from that use (or know someone who did).  You may be using the Internet, but just not feel very confident in what you are doing.  If you fall into any of those categories, I wrote this book for YOU!  Of course, if you are the child or grandchild and are having trouble explaining things to your elders, this book could help you too.

The book is available from Amazon.com and BarnesandNoble.com.  Your local bookstore can order it too.  It is published through CreateSpace, ISBN 978-1506163857.

Please give it a try and let me know how you like it.

 

Think Twice about what You Post

Leave a comment

Today I read a post in Facecrooks (which by the way is a positive site to help you protect yourself, despite the name) about a man whose posts lead to negative consequences.  The post started with:

According to police in Philadelphia, a 19-year-old man was targeted by three robbers after he posted on Facebook and Instagram about an inheritance of jewelry he had just received.

The three robbers kicked down the door of the victim’s home at 2:30 a.m. Saturday morning, making off with a Rolex watch, several gold chains and mobile phones. Thankfully no one in the home was hurt, but the robbers have not yet been caught.

According to the Hickory Record, the robbers were caught and during the questioning, they mentioned they had heard about the inheritance.  Clearly the young man who received the inheritance never intended for strangers to know about his good luck.

This is a case of not having Facebook privacy controls set appropriately.  To check YOUR settings, go to the small arrow at the far end of the blue border at the top of your Facebook page.  Click the arrow and select “Settings” as shown below.

Checking Facebook Settings

Checking Facebook Settings

At that point,select “Privacy” from the left menu.  You will see a screen that begins with “Who can see my Stuff.”  If you have not already set it, this probably says “everyone.”  If so, edit it and and select the “custom” button.  You might want to set that to just your friends, or friends of friends.  Or, you can set it so that only specific people can view what you post.

If you have something valuable, such as the jewelry inheritance, you want the post to be sent only to your friends, and maybe not even all of them.  You can use your lists of people to narrow the group further.  If you have it set as “everyone,” not only can everyone who happens on your page read it, but they can also share it with everyone they know.  With this kind of visibility, it is not surprising that the bad guys got the news.

You need not adjust those settings the same for everyone.  But, for valuables or for photos of children (especially with other information), it is best to limit the range of people who see your post.

Phishing

Leave a comment

Yep, “phishing” is a real thing, and you pronounce it the same as “fishing”.  Like fishing, phishing uses bait in an effort to hook something.  Unlike fishing, phishing doesn’t look for fish, but rather for sensitive information.  Phishing attempts to use an apparently trustworthy request to gain usernames and passwords to get access to more computers and/or credit card and other financial information to get money.

The key to phishing is that the request appears to be legitimate.  An email might be constructed to have the same look as those from your bank or other financial institution.  Or, the email might appear to be a bill from a company with which you do business.  Today phishing happens withing social networking tools, such as Facebook,  too.  These might be realized as:

A game or lottery.  In this kind of phishing, you may get an email or a Facebook post that claims you have won money.  Unfortunately, to get to the money, you must send them money or access to your bank account.

A request to confirm your account  These emails or social networking program ask you to log into a system that appears to be the legitimate.  Often these are sites that are appropriately branded and look as you expect them to be, but aren’t.  Never click on a link in  the email or social networking message;  the site might not take you where it appears to be.  The better approach is to log in manually.  So, if the message appears to be from Facebook, don’t click on the link, but instead type in http://www.facebook.com and proceed from there.

A violated policy alert.  You may note an email or Facebook post that claims you have broken some policy in your email system, Facebook or some other social networking system.  These always ask you to log in and do something.  Always navigate to the site manually.  Don’t provide information unless you are sure you are on the correct site.

Photos and Videos.  It is quite common for people who have hacked one account to try to get more information by sending information to contacts that appear to be from the original owner of the account.  These messages might claim to have videos or photos of you that are not appropriate.  Or, the message might claim to have photographic proof of some gory or sensational event.  These are almost always an attempt to get access to your account.  You should ignore t hem.

Before logging in to any site, always verify that you are indeed on the main site. Careless and unsuspecting users are often fooled by these tricks.

Cybersecurity, Sony, and You

Leave a comment

By now, I assume you have heard about the hacking of Sony’s computers last month.   Just to remind you, Sony produced a comedy film about two fellows who were supposed to assassinate Kim Jong-un, called The Interview.   There was significant publicity before the movie was released;  personally I did not find the commercials compelling and had not planned to view the movie.  Then, just before it was to be released suddenly Sony’s computers fell victim to a significant hacking attack.  Financial data, including social security numbers and identities, were released.  Equally embarrassing were the masses of personal emails which highlighted the dysfunctional nature of the film business.  In addition, the hackers “wiped” most of the computers “clean,” meaning the data are lost to Sony.  Estimates of the damage are in the millions, far more than the value of the film.

Early reports blamed North Korean hackers for this attack.  Then reports suggested that the hackers were really not from North Korea, simply “sympathizers” with North Korea.  Then the focus turned to North Korea again.  The Federal Government seems fairly sure that fault lies with the North Koreans.  However, whoever was behind the hack announced they would do no further damage if Sony never released the film.  So, Sony halted release of the movie.  It did later get released amid cries of the inappropriateness of the North Koreans censoring our media.

So, what do we know? Clearly Sony was hacked.  Evidence suggests that the intrusion had been occurring for more than a year, prior to the release of data.  Could it have been the North Koreans given their lack of technology?  We have known since 1998 of the formidable capabilities of the DPRK army’s Unit 121;  at that date, its force was 17,000 hackers (there are probably more now).   Further, North Korean officials had previously expressed concerns about the film to the United Nations, stating that “to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war. [emphasis added]”   Could it have been someone else who sympathizes with them?  Yes.  The Guardians of Peace have made threats against the United States, and they have the capability.

The question though is what is the impact on you?  Well, assuming you are not one of the employees or dependents whose private information or communications were released, this is primarily a wake up call is the impact that hacking can have on us as individuals and us as a society.  First, to us as individuals.  Those people whose financial data were exposed may run into a variety of problems from credit card fraud to identity theft.  Someone, whether it is Sony, the individuals themselves, or others, will need to spend much time and money to ensure that the people are made whole again.  You run the same risk every time you use a credit card (whether on or off the net), or connect to the Internet.

The more interesting question, though, is what happens to us as a society.  Sony will spend a small fortune recreating its data bases, correcting information and repairing relationships with its customers.  Of course, they will need to create a better security system to protect the recreated repositories.  That means that the costs of Sony movies will increase and we will all be forced to pay for it.  Perhaps this experience will frighten all of the studios to invest more money and so that the costs of all movies increase.  Well, today it is just a cost of doing business.

Bigger than that, however, is the threat that if another government (or perhaps another company or group of people) doesn’t like what you produce, they can affect it by hacking into your computers or even threatening to hack into your computers.  What will that do to the freedom of speech and expression in this country?  What will it do to entrepreneurship in this country?  For that matter, what will it do to the governing of this country?

In this case, the cost was primarily financial.  What happens when the hack is against our power grid,  water systems, or hospitals?  The implications of that are far worse.

We all need to be careful about computer security, and we need to think about the tradeoffs with ease of use.  And, all of us need to put pressure on corporations to improve their security systems from the bottom up.

 

 

Cyber Monday is coming

Leave a comment

Tomorrow is Cyber Monday, the online equivalent of Black Friday.  Online vendors offer great deals  — without the crowds, lines and hassles. While I never partake in Black Friday shopping (although I do practice Small Business Saturday shopping), I always try to get some time for Cyber Monday shopping!

Ah, but it is not without its problems.  There are great deals, but those that seem too good to be true often are just that, untrue.  People will pretend to give you bargains, and even pretend to be something they are not just so they can steal your money.  So, you need to be ready for them if you are planning to shop on Cyber Monday.  These are some hints that will help you keep safe.

  1. Only shop with companies you know.  Those little boutiques and great offshore stores may look like they offer great deals, but you may never get anything from them.  They should be avoided unless you are sure they exist because someone else has shopped there or you have some physical evidence that they exist.
  2. Don’t click on a link from an email to get to a website.  The link may look safe, but you do not know that link will direct your browser to where it says it is going.  If you must, copy the email address that it is visible and paste it into your browser manually.  Once you arrive at the page, look at it carefully to be sure it is the intended site and not a fake site made to look like a real site.  It is easy to reproduce logos, colors and the like to make a page resemble a legitimate business page even if it is not.
  3. Only provide your financial information  to websites that are secure.   Anything sent over a regular Internet connection can be captured by people with the correct knowledge and tools.  To avoid hackers having access to information such as your credit card number, you want to send the information over a secure internet connection.  Reputable stores will transfer you to a secure connection before asking for financial information.  You can tell two ways.  First, you should be able to see a locked padlock icon somewhere on your screen (it is different with different browsers, different versions and different kinds of machines).  For example, in Firefox on a PC, the padlock is at the top of the page near the “go back” button.  Also, even if you cannot find the padlock, look at the URL, or address in the locator window at the top of the page.  If it is a secure connection, the address will start with https:// (instead of the normal http://).  The “s” stands for secure.
  4. Try to use just one credit card online.  In today’s world there are lots of examples of hacking both online and at the brick and mortar stores.  It is a good practice to use a credit card online that is not your main credit card.  In that way if you are a victim of fraud, you can cancel the one card and still have another for your regular purchases.
  5. Keep passwords secure.  Most of us think passwords are a hassle.  While they are a hassle and it is hard to remember secure passwords or multiple passwords, they often are the only thing keeping your credit card and other personal information safe.  Keep them secure and keep them “strong” (hard to guess).  For more information on this, I recommend you look at the blog entry on passwords.
  6. ALWAYS use anti-virus software, a firewall and anti-spyware software.    It is amazingly easy to pick up malware on the Internet.  (For more information, check out my blog on malware.)  Having those tools available does not guarantee that you will not have problems anymore than putting locks on your doors will prevent you from being burglarized.  But, we all lock our doors at night.

Enjoy your hassle-free shopping, but be careful.  It is easy to forget there are undesirable people in cyberspace just like there are in most communities.  Avoid them if you can!

Facebook “Likes”

Leave a comment

If you have been on Facebook at all, you have been faced with the option to “like” a product, service, or business.  You might select to “like” it to make a statement of support.  More likely you selected “like” in order to get messages from the organization on your Facebook feed, or to register fora contest or coupons or the like.  If you are like most of us, you do not think much more about the action.

Facebook, and corporations that would like to advertise on Facebook, however, think a great deal about that click.  We all know that the organization will send us information on our feed about the product or service, thereby opening ourselves to advertising.   Facebook and the organizations that advertise want to achieve much more with this information.    This additional use is the source of a lawsuit in California claiming that Facebook and certain advertisers use the information without paying them or giving them a way to opt out.  According to an article in the New York Times,

The case focuses on an advertising tactic known as sponsored stories, in which Facebook users endorse brands, in some cases without their knowledge. For example, if users “like” Wal-Mart, the retailer uses their names and pictures in advertisements to their friends on the social network. Wal-Mart pays Facebook for the service.

In other words, they use your image and the fact that you “liked” the organization to advertise to your Facebook friends and even to others who may not know you over Facebook.  Think how much stronger advertising can be if they say “John Smith, Mary Jones and Ken Anderston all like this product.”  It is an endorsement.  Perhaps your “liking” had nothing to do with an endorsement … maybe it was just a way of getting information about a product — or even a competitor’s product.   It could be misleading to say you are advocating the organization, and might be down right wrong to say you are.  Hence, the California law.

Senate Bill 2105: Cybersecurity Act of 2012

Leave a comment

On Valentine’s Day, four Senators introduced Senate Bill 2105, which is also known as the Cybersecurity Act of 2012.  If you would like to read the bill as it was introduced, it is available in full as presented.   If passed, this law would authorize the Federal government to regulate the security of privately owned critical infrastructure, much of which is controlled by Internet-connected systems and susceptible to being hacked.  This includes electrical power grids, telecommunications networks, air traffic control systems, dams, and nuclear power plants.  Said differently, this would allow the Federal government to have security standards, to assess a company’s compliance, and to levy fines if the security is not sufficiently high.

Last week, the Wall Street Journal reported that a group of Senators have weakened the bipartisan legislation.   They responded to business lobbyists who claimed that such regulations would “regulations would create a costly and cumbersome process.”  Rather than requiring the companies to meet these regulations, they should be encouraged to do so.  According to Senator John McCain, “Instead, we must leverage the ingenuity and innovation of the private sector in partnership with the most effective elements of the federal government to address this emerging threat.”

I am perplexed as to why Senator McCain, who has a strong record on National Security, would take this stand …. unless he does not really understand the real and present threat of such an attack.  Consider the number of companies in the last few months that have reported a security breach.  Sometimes the breach provides thieves with passwords, which can be problematic enough, but sometimes instead it is social security numbers, bank accounts and more personal information.  The people whose identities are stolen have a never ending hassle to fix the problem.  Many companies do not take security as seriously as they should.  Even when security is a priority, the companies have a significant task keeping a step ahead of the hackers.

Now, take that up to a regional or national level.  Suppose the U.S. had no access to electricity or telecommunications equipment.  Suppose this is not for a couple of hours as you might get in a thunderstorm, but rather for an extended period of time.   What would that do to the company’s productivity?  What if it happened during peak holiday shopping and no one could buy gifts or food?  What if it happened on election day and half the people were not able to vote?  What if …. there are many horrible examples.

We have already proven this can happen.  Well, it is unclear whether “we” proved it or someone else proved it by the introduction of the Stuxnet virus into Iran’s nuclear reactor.  Not only did it stop operations, but it did it in a way to damage the plant and roll back their development.  Other similar viruses, aimed at the “Internet of Things” (such as a power plant) have also been identified.

People release viruses all the time — sometimes without even knowing the impact of what they have done.   Why do we believe it won’t happen here?  Personally I think it is because people just do not understand technology and what security breaches can do.   They understand bombs or people shooting guns and know how to respond.  But electrons?  It is easy to listen to those claiming to be experts and follow their advice.

I hope we get the legislation.  I hope that it is flexible enough to be able to adapt to the rapid changes in technology.  I hope we can find a way to protect ourselves before it is too late.  If you agree, please share your concern with your Senators and Representatives.

 

A postnote:  Even weakened, the bill failed.  Too many people thought telling infrastructure companies that they need to be secure was a problem.  Sigh.

Older Entries

Follow

Get every new post delivered to your Inbox.

Join 194 other followers