Excellent article on website visitor manipulation and psychology
August 2, 2019 Comments Off on Excellent article on website visitor manipulation and psychology
When you’re shopping for a hotel online, did you ever wonder if messages like ‘2 rooms left for these dates – reserve now!‘ or ‘712 people booked this hotel in the last 24 hours‘ are real? In fact, they’re often complete fabrications, but by injecting a sense of urgency into the transaction, they work (which is why they’re there in the first place). Once you know what to look for, you’ll find them all over the Web.
If you’d like to learn more about these fascinating techniques – and how to resist them – check out the superb article by Sidney Fussell in The Atlantic. In the past hour, 296 visitors to this blog have already read it!
Celebrate Data Privacy Day by protecting yourself from email tracking
January 28, 2019 Comments Off on Celebrate Data Privacy Day by protecting yourself from email tracking
This year, instead of firing up the barbecue, putting on elaborate costumes, or singing carols, why not commemorate Data Privacy Day (January 29) by making it harder for external parties to track your email. If you’re interested, check out a very informative article from the Electronic Frontier Foundation on how to do that.
Helpful article on journalist protection is relevant for us all
November 10, 2016 Comments Off on Helpful article on journalist protection is relevant for us all
In the aftermath of this week’s US election, it’s worthwhile to – once again – revisit techniques to protect private information from those that have no business seeing it. Here’s a link to a very useful article from The Atlantic that might give you some ideas about how to safeguard your data. If you’re curious about other security and privacy topics that I’ve written about, here’s a shortcut to them.
Why the recent Internet of Things (IoT) attack is just the beginning
October 30, 2016 Comments Off on Why the recent Internet of Things (IoT) attack is just the beginning
A few days ago we witnessed a new type of distributed denial of service (DDoS) incident. Unlike previous botnet attacks that enlisted compromised computers, this one corralled assorted unprotected devices like Internet-ready webcams, DVRs, and baby monitors to flood Domain Name System (DNS) servers, and thereby seriously degrade the Internet for hours. I’ll leave the explanation of the mechanics of this incident to more qualified commentators, but I do want to weigh in on why I think these types of events are very hard to combat and why I’m very skeptical about the hype around the Internet of Things (IoT).
We all (well, many of us) know how important it is to keep our computers and software patched and up-to-date; most people also get why firewalls are essential. But consider these facts about IoT devices:
- They’re being created for just about every industry. This diversity means that it’s much harder for the entire universe of vendors to agree on common security standards: defining safeguards for a heart pump is a little different than for a Web-ready washing machine. I’ve served on my share of standards committees: to say that they move slowly is an understatement!
- They have really short development cycles. IoT is shaping up to be a brutally competitive landscape. The winners will be those vendors that deliver solutions to market quickly. Designing and building strong security safeguards takes time, and time is money. The end result is that device protection takes a back seat to market pressures.
- There’s limited space for security software. Margins are very thin on hardware devices: security-focused onboard storage space adds costs that aren’t directly related to functionality.
- They frequently rely on APIs for communication. I’ve blogged about API security in the past. Suffice it to say that it’s a rare API that’s locked down properly.
- New models are always coming on the market. Here’s the really scary part: even if vendors do start getting their security act together, it will be years before today’s highly insecure devices get retired. Meanwhile, they’ll be standing by for their next set of DDoS orders.
Yet another reason for local backups
May 6, 2016 Comments Off on Yet another reason for local backups
I’m an enthusiastic user of cloud computing. I’m also a dedicated adopter of information protection strategies such as local backups. When combined, both techniques are excellent ways to protect your data while providing access anywhere you may happen to be.
Merely relying on one or the other by itself introduces significant risks, however. For example, have a look at James Pinkstone’s recent writeup about how Apple Music uploaded and then deleted his local music library.
Gigantic external hard drives are inexpensive and convenient: regardless of your chosen cloud computing service, consider keeping a local copy of your data (and beware of products that are overly aggressive about siphoning and uploading your information).
Excellent article about FBI’s iPhone crack
March 30, 2016 Comments Off on Excellent article about FBI’s iPhone crack
Bruce Schneier has long been one of my favorite technology authors and bloggers. He manages to write about extremely complex topics in a very accessible way – a notably rare and highly admirable skill. His latest article explains why the secretive approach that the FBI is employing to unlock iPhones will eventually harm innocent users unless Apple is notified of the device’s vulnerability.
The problem with computer vulnerabilities is that they’re general. There’s no such thing as a vulnerability that affects only one device. If it affects one copy of an application, operating system or piece of hardware, then it affects all identical copies. A vulnerability in Windows 10, for example, affects all of us who use Windows 10. And it can be used by anyone who knows it, be they the FBI, a gang of cyber criminals, the intelligence agency of another country … anyone.
This is precisely why Apple needs to understand what’s happened. Otherwise, the next entity to break into iPhones may not be doing so in the legitimate and honorable interest of solving crime.
I read Bruce’s blog regularly, and recommend it to anyone interested in security and information protection.
Helpful, easy-to-follow instructions to assess and correct your browser’s SSL vulnerability
October 16, 2015 Comments Off on Helpful, easy-to-follow instructions to assess and correct your browser’s SSL vulnerability
SSL has long been the primary method for encrypting the communications between your browser and the websites you visit. However, for years there have been reports about potential ways for unauthorized parties to exploit SSL weaknesses and thus gain access to your ostensibly secure interactions.
The latest news is that the Diffie-Hellman key exchange algorithm (using 1024-bit primes) has been compromised. This has serious implications for the privacy of your sensitive communications, including banking, shopping, and email, to name just a few.
Fortunately, there’s a very helpful online tool that will evaluate your risk. You can find it at https://www.howsmyssl.com/
You should run this tool for each browser that you use, and take action based on what it tells you. More about that later in this post.
Here’s what I learned when I ran it on my system:
Opera (I haven’t updated this for a while, so it’s no surprise that it’s vulnerable):
Safari (Based on these results, Safari is now a no-go until I get it corrected)
Firefox (I applied the fix from the article that I’ll describe below. The results are good)
Finally, here’s Chrome. Once again, I configured this browser using the information from the article below.
So what should you do if you get a ‘Bad’ message from the How’s My SSL tool? The Electronic Frontier Foundation (EFF) has published an excellent, easy-to-understand article with step-by-step instructions about how to tighten your browser security.
You’ll find it here.
Not scared of algorithms? Perhaps you should be.
August 27, 2015 Comments Off on Not scared of algorithms? Perhaps you should be.
A while back, I wrote about a run-in I had with a rental car company, or to put it more accurately: a rental car company’s algorithm. It’s quite frightening to think about the implications of “lights-out” algorithms making important decisions that can affect all aspects of your life. And as someone who witnesses – first hand – the often abysmal job that enterprises do when testing their APIs (which frequently have algorithms running beneath the covers), I’m particularly concerned about what this will spell for the future.
If you’d like to learn more about these possible repercussions, check out the extremely well written article by Frank Pasquale on aeon.co.
Cyberspace is no longer an escape from the ‘real world’. It is now a force governing it via algorithms: recipe-like sets of instructions to solve problems. From Google search to OkCupid matchmaking, software orders and weights hundreds of variables into clean, simple interfaces, taking us from query to solution. Complex mathematics govern such answers, but it is hidden from plain view, thanks either to secrecy imposed by law, or to complexity outsiders cannot unravel.
If you’d like to read more of my posts about Big Data, click here.
Excellent article on laptop encryption
April 28, 2015 Comments Off on Excellent article on laptop encryption
Did you know that you have very few privacy rights when you cross a border (into the US or anywhere else in the world, for that matter)? I blogged about the dangers of bringing a laptop through customs a while back. Naturally, it’s a good idea to remove any sensitive information from your laptop, especially when you’re traveling. For those situations that require you to keep important data on a computer that’s at risk of being inspected (or stolen), full-disk encryption can be a lifesaver.
Operating system vendors have been doing a great job at strengthening their products, so there’s really no excuse not to take advantage of encryption. Here’s a link to an excellent article from Micah Lee on The Intercept that explains how to do this on Windows, Mac, and Linux computers.
With step-by-step instructions, it’s one of the best written tutorials I’ve seen about this topic. It’s well worth your time to make the effort, but remember: don’t lose your password!
Last day to tell the FCC you support an open Internet
July 15, 2014 Comments Off on Last day to tell the FCC you support an open Internet
Eight hours to go. That’s how long we have to get pro-Net Neutrality comments submitted to the FCC in front of their first comment period deadline — and save the Internet.
Let’s make our power clear, by submitting more comments than the FCC’s ever seen before.
Click here to visit our brand new website and send the FCC a formal comment demanding support for Net Neutrality. It’ll only take a minute:
https://www.battleforthenet.com
We’re in a battle to for the Internet as we know it. Net Neutrality guarantees all websites — start-ups, blogs, independent media — an even playing field. It’s essentially the First Amendment of the Internet.
But the cable companies want to gut Net Neutrality to increase their profits: Without Net Neutrality, those corporations can kill websites by relegating them to slow lanes if they don’t pay fees — or if they just don’t like the content they contain.
Many of you have already signed petitions to the FCC or President Obama — and so have literally millions of others. That’s incredible — and it’s had a huge impact. But now we all need to go one step further and submit formal comments into the FCC’s Net Neutrality proceeding.
It’s really quick and easy, and carries way more weight than the usual petition signature does. You’ll be a formal part of the process.
Click here to submit a formal comment to the FCC before the end of this comment period — it’s over TOMORROW:
https://www.battleforthenet.com
Originally the FCC was poised to undermine Net Neutrality all together. Because we all pushed back, now they’re considering adopting rules that would save it.
But they’ll only do so if we speak out again, even louder.
We can make a huge statement: We have a chance of submitting more comments than the FCC has ever received on an issue before.
The cable companies have millions of dollars and armies of lobbyists and public relations firms — and since they own so much of the communications infrastructure, it’s especially easy for them to push their propaganda.
But we have millions of people on our side — and our only chance of beating the cable companies is if we all take a stand, together.
Click here to visit our brand new website and send the FCC a formal comment demanding support for Net Neutrality. It’ll only take a minute:
https://www.battleforthenet.com
Thanks!
rdschneider 
You must be logged in to post a comment.