Do you need help using the Internet?

I have a new book and it may just be the thing you have been looking for!  The name of the book is You’re Never Too Old to Surf:  A Senior’s Guide to Safe Internet Use. 

This book is for you if you have ever wanted to harness the power of the Internet, but haven’t been quite sure what that means or how to do it.  It is intended for the parents, grandparents and great-grandparents who want to use the wide range of tools that are available today on the Internet, from simply surfing the web to buying online, using email, blogs and even social networking sites.  You may have sought guidance from your child or children  only to be annoyed at their exasperated response to your questions.  Or, you may have tried it on your own, and gotten frustrated with the tools, or had some problem result from that use (or know someone who did).  You may be using the Internet, but just not feel very confident in what you are doing.  If you fall into any of those categories, I wrote this book for YOU!  Of course, if you are the child or grandchild and are having trouble explaining things to your elders, this book could help you too.

The book is available from Amazon.com and BarnesandNoble.com.  Your local bookstore can order it too.  It is published through CreateSpace, ISBN 978-1506163857.

Please give it a try and let me know how you like it.

 

Phishing

Yep, “phishing” is a real thing, and you pronounce it the same as “fishing”.  Like fishing, phishing uses bait in an effort to hook something.  Unlike fishing, phishing doesn’t look for fish, but rather for sensitive information.  Phishing attempts to use an apparently trustworthy request to gain usernames and passwords to get access to more computers and/or credit card and other financial information to get money.

The key to phishing is that the request appears to be legitimate.  An email might be constructed to have the same look as those from your bank or other financial institution.  Or, the email might appear to be a bill from a company with which you do business.  Today phishing happens withing social networking tools, such as Facebook,  too.  These might be realized as:

A game or lottery.  In this kind of phishing, you may get an email or a Facebook post that claims you have won money.  Unfortunately, to get to the money, you must send them money or access to your bank account.

A request to confirm your account  These emails or social networking program ask you to log into a system that appears to be the legitimate.  Often these are sites that are appropriately branded and look as you expect them to be, but aren’t.  Never click on a link in  the email or social networking message;  the site might not take you where it appears to be.  The better approach is to log in manually.  So, if the message appears to be from Facebook, don’t click on the link, but instead type in http://www.facebook.com and proceed from there.

A violated policy alert.  You may note an email or Facebook post that claims you have broken some policy in your email system, Facebook or some other social networking system.  These always ask you to log in and do something.  Always navigate to the site manually.  Don’t provide information unless you are sure you are on the correct site.

Photos and Videos.  It is quite common for people who have hacked one account to try to get more information by sending information to contacts that appear to be from the original owner of the account.  These messages might claim to have videos or photos of you that are not appropriate.  Or, the message might claim to have photographic proof of some gory or sensational event.  These are almost always an attempt to get access to your account.  You should ignore t hem.

Before logging in to any site, always verify that you are indeed on the main site. Careless and unsuspecting users are often fooled by these tricks.

Privacy Legislation

There is good news for those of us who use email, smart phones and social networking sites!  Legislation was introduced in both houses of the (U.S.) Congress today that would prohibit employers or prospective employers from forcing employees or prospective employees to divulge passwords.  The good news is that both houses think this is a problem and are acting to do something about it.  The bad news is that the bills differ.  The Senate’s version is called the Password Protection Act and is sponsored by Sen. Richard Blumenthal, D-Conn also includes smart phones, private email accounts, photo sharing sites, and any personal information that resides on computers owned by the workers.  Rep. Ed Perlmutter, D-Colorado introduced similar legislation in the House.  However, last month, Rep. Eliot Engel, D-N. Y. introduced the Social Networking Online Protection Act (SNOPA) that extended the protections to elementary, high school and college students.  The ACLU supports this inclusion of students because they are a target of much of the social media monitoring.

Rep Engel was quoted by ABC News  as saying:

There have been a number of reports about employers requiring new applicants to give their username and password as part of the hiring process. The same has occurred at some schools and universities,” Engel said in a statement. “Passwords are the gateway to many avenues containing personal and sensitive content — including email accounts, bank accounts and other information, he added.

Of course, the legislation also protects employers in that it prevents them from accidentally learning information about a candidate that is not allowed to be considered in a hiring decision.

These are positive steps to protect our civil liberties.

Meanwhile the New York Courts have asked Twitter to release data pertaining to a user involved with the Occupy Wall Street movement.  According to CNN,

Twitter, however, countered that the court would need a search warrant to get that information. It pointed to a recent Supreme Court decision which found that attaching a GPS device is considered a search under the Fourth Amendment, which prevents unreasonable searches and seizures.

“If the Fourth Amendment’s warrant requirement applies merely to surveillance of one’s location in public areas for 28 days, it also applies to the District Attorney’s effort to force Twitter to produce over three months worth of a citizen’s substantive communications, regardless of whether the government alleges those communications are public or private,” wrote Twitter in its motion.

Twitter also suggested that Harris owns his own tweets and could therefore file a motion to quash on his own, despite the prosecution’s assertion of the opposite.

The ACLU is calling Twitter’s move a ‘big deal.’

The fourth amendment should protect us from arbitrary search and seizure of our own information.  Just because it is easy to access (because it is electronic) does not make it right to do so.

How Private are your Facebook Posts?

There were  two disturbing stories in the press today, both of which involve Facebook and how others use your data.  The first was in Forbes, and asks What Employers Are Thinking When They Look At Your Facebook Page.  Many people who looked at that story were amazed to learn that employers were looking at their Facebook pages at all, and even more amazed to learn they use the information in hiring decisions.  Potential employers are looking at your Facebook page to decide what type of person you are and whether you would fit into the culture of their organization.  According to the article, potential employers will look at the page, including photos, posts, status updates, conversations, causes and games and rate individuals on their levels of extroversion, agreeableness, conscientiousness, neuroticism, and openness to new experiences.   As I look at postings, I ask what potential employers learn when someone posts every time he or she has a spat with a significant other, says unpleasant things about sports teams, spends significant time playing games, spells poorly, uses bad grammar or slang, and/or has many negative conversations.  If you look at your postings, are you the type of person with whom you would like to work?

I agree that you can learn many things about a person by reading their Facebook page and it might just provide insights into whether the person will be successful at certain companies.  However, what I fear is all that information taken out of context.  I remember when I first started teaching students how to design web pages and one of my students provided a link to “Bare Naked Ladies.”  I was taken aback until I realized that it was a band.   Today I frequently am confused with posts that refer to music I have never heard or television shows I do not watch.  I have committed more than a few faux pas commenting when I thought I understood the context, but was totally wrong.  While I try hard to think about context, I have found myself misunderstanding the meaning of posts by good friends and even my son.  The key here is that Itry to think about context before making an opinion …. what are the odds that overworked HR staff will cut the applicants the same slack?

This article was troubling enough until I read Govt. agencies, colleges demand applicants’ Facebook passwords.  Yes, you read that correctly, demand passwords, and access to all of the postings on one’s Facebook page.  Thanks to the ACLU, they do not get the passwords, but now expect people to log in and allow the interviewer to watch as they click on every link, photo, conversation, etc.  Campus athletes too must provide administrators access to their social networking sites  and allow them to monitor what is said to ensure the athletes are not saying negative things about the program.  What is next?  Will the bank administrator demand to see what I tweet and post before deciding on giving me a mortgage?  Will the government decide whether or not I am an undesirable by looking at my Facebook posts?

For the record here, I will note that personally I leave most of my posts open on Facebook because I post items that I want people to share, such as about this article. Hence I am not bringing this to your attention because I am concerned about what people will think of me.  Instead, I am bringing it to your attention for two reasons.  First, everyone needs to take responsibility for what is on his or her social networking sites and what is visible.  If you have things you do not want a prospective employer or college recruiter to see, then make sure your security settings prohibit them from seeing that material.   Put yourself in their place and see if the image you get is what you want them to have, and adjust your settings, friends and postings accordingly.

Second, I am posting this because I think we have lost the line between due diligence and invasion of privacy.  The post-9/11 world has brought increasing invasions of our privacy because we have let it happen.  If we are going to give up the right of privacy as a society, I think we should do it consciously.  The fact that information is in digital form does not make it any less private.  We need a dialog about what is happening and  the cultural implications of what is happening.  I am hoping we start it today.

Hacking — Are we Safe?

Last week there was an article in most English-speaking outlets about the group Anonymous hacking a conference call from the FBI to Scotland Yard on January 17, and releasing the contents to YouTube.  The group  was able to access the call because it allegedly obtained an email from the FBI to law enforcement agencies in various countries giving details of how to dial in to the call.   Of course it is quite embarrassing for two of the world’s foremost law enforcement agencies to be subject to such a breach in security.  It is not known whether the information provides critical details for current investigations and whether those investigations were compromised by the leak.  The FBI, which is investigating the incident provided the following statement:  “The information was intended for law enforcement officers only and was illegally obtained. A criminal investigation is under way to identify and hold accountable those responsible.”

What is more of concern to us today is — if it can happen to Scotland Yard and the FBI, how secure are MY emails?  The answer is, “not at all.”   Emails that are sent unencrypted over an open Internet line (the way most of us send our email) are subject to being intercepted.  People can employ electronic devices on Internet lines to read emails and other transmissions.  That is to say, someone other than the intended individual can intercept an email, without the sender or receiver being aware of that fact.  Or, if either party has inadvertently installed spyware on his or her machine, the spies do not even need to intercept the email if it can be diverted automatically.

So, what does a user do to protect him or herself?  First and foremost, remember that emails are not generally secure, and that they should not contain sensitive information.  Social security numbers, credit card numbers, passwords, and other critical information should never be sent via email.  If it could represent the loss of money, security, privacy or identity, it should not be put in an email because it is too easy for it to be stolen.   That means that you should never do business with a vendor that that wants you to send information about your accounts via email OR that sends your full credit card number back to you in an email as a receipt.

Second, be cautious about using open networks.  Many of us use non-secured networks at coffee shops, hotels, and other places where we want to conduct business.  If you have a wireless network in your home, ensure that it is a password protected network.  Open  networks are particularly easy to breech, and their use increases the likelihood that your email will be intercepted.

Third, use virus and malware protections on your computer to be sure that your email is not being monitored before it is ever sent.

Remember, a massive number of emails are sent each day.  One site estimated that in 2010, there were, on average, 294 billion emails sent per day.  The odds of someone finding your email and acting upon it are quite low.  However, care in what you put in the email will help protect you if someone does intercept your email.

 

Post note:  There is a nice tutorial I recommend:  9 Things You Must Absolutely do to Keep your Online Identity Secure

Happy ‘Change your Password Day’!

You can be forgiven for not realizing that today is a holiday, and you can be forgiven for not knowing how to celebrate it because this is the very first time we have had it.  ‘Change your Password Day’ was proposed by writers as Gizmodo as a way to remind all of us to remember to change our passwords regularly and smartly.

A few weeks ago, I posted an entry about how to change your password, called “Passwords.”  In that post, I suggested some of the common recommendations about how to increase the strength of your password;  if you have not read it, I recommend it.  The goal is to select something another person — OR COMPUTER — would not guess.   The recommendations to stump other people are easy, don’t use something that is identifiable to you.  Computers are a little harder to trick, however, because they can compare your password to dictionaries (in multiple languages) and other documents to find something that you might put together.  So, do not use a word in a dictionary or on Wikipedia or in a fact book.

Gizmado writer, Rachel Swaby discusses passwords in terms of how easy they are to break.  She provided this comparison below:

The chart is reposted from Ms. Swaby’s blog.

The chart nicely shows the relative difficulty of cracking passwords with different characteristics.   Long is better. Clearly, those that are not dictionary words, that have combinations of upper case and lower case letters and special characters are the best.  Even combined words, especially where you have numbers and special characters, are preferred to common words.

So, take a minute today and look at your passwords.  Are they strong?  If not, make them strong.