Random Acts of Technology

10
Nov
2019

The Best Defense is a Good Offense

Krebs on Security has an article published on October 16th from this year (I know I am behind) detailing the attack of a known black market card fraud site BriansClub. What is interesting about this whole hack is that it is not some vigilante group going after the site to save consumers, but rather it is a rival black market operation trying to sabotage the operations of one of their competitors. In essence, this was a business decision made by one of BriansClub’s competitors to try and take them out of business. It’s similar two warring cartels attacking each other until the other doesn’t have the resources or the people to continue operations.

This does beg the question though, why not make offensive operations against these kinds of sites the norm, not the outlier? In the financial services industry we have a number of cybersecurity information sharing organizations, maybe it is time to establish an offensive cyber operations organization that doesn’t just share information about known threats but actively seeks them out and attempts to disrupt illegal operations. Of course there are potential pitfalls with this type of setup. The efforts of this type of group would have to be carefully watched by both the industry and law enforcement to ensure the operations were focused solely against illegal operations in the dark web. The last thing you would want would be to have a group that was supposed to protect consumers decide to go rogue.

Risks aside, it seems like it is time to open up and publicly establish more direct industry operations against these criminal elements. Sharing information will never prevent fraud, these sites have to be shown it isn’t worth operating because they will be taken down before they can ever make any money.

26
Aug
2019

Time To Unplug Your Smart Ovens

The Verge reports that owners of the June smart oven have been experiencing some seriously concerning incidents recently involving the oven’s preheating without their owner’s knowing. This continues to raise questions about just how much control you want to give smart devices over your house and its critical systems. While I am not sure what the true cause of the issue is, it should make everyone re-think connecting so called “smart” devices that can cause serious physical damage if something goes wrong. An oven is a perfect example of this kind of device.

Smart ovens, locks, etc. all sound great until they are hacked, poorly programmed, designed poorly, etc. When your smart device can let a malicious person into your home, cause your food to go bad, burn down your home, track your movements, etc. then it is time to rethink just how smart you want your home to be. I know smart devices are the way of the future, I have many of them myself, but I never hook them up to anything that could physically damage my home. There is too much risk to take given that the health of you and your family are at stake.

I urge anyone considering these devices to evaluate why they are needed and if you can live without them. After all, preheating your oven is great, but not burning down your house is even better.

11
Jun
2019

A Sad Day For Makers Everywhere

TechCrunch reports that three days ago, Maker Media, has been forced to halt all operations due to ongoing financial issues. As a reader of Make Magazine and a father who has actively pushed my young daughters to get involved in STEM activities this is heartbreaking. I know the business model was always going to be very difficult to sustain. There is likely some truth to the comments on the TechCrunch site that point out a business model designed to promote the sharing of ideas is going to inevitably drive people to circumvent the centralized community that Maker Media created.

Still, losing a major proponent of the STEM and maker revolution is a major blow to everyone that believed in Maker Media’s mission. I can only hope that they find a benefactor who can contribute the funds to reopen their operations and keep their mission alive.

08
Apr
2019

Roblox Hits 90 Million Users – Protect Your Child’s Account

TechCrunch reports that the virtual world game Roblox has surpassed 90 million active users. This is a major milestone for the platform that has been marketed primarily through word of mouth among children and their friends. As a parent whose children love to use this platform, this is both impressive and terrifying at the same time. There is significant risk to kids on this platform if the right steps are not taken to secure these kids’ accounts and filter their online experience.

For those of you who find themselves in the same boat as I do, I strongly encourage you to read through Roblox’s parents guide to securing their child’s account. Make sure you enable the parental controls to protect your kids.

07
Apr
2019

New Breach Identification Service Launches

There is a new data breach identification service, Breach Clarity, that is the first of its kind to offer guidance on what a consumer should do if they are part of a breach. The service doesn’t replace the work that other sites like Have I Been Pwned do but complements it. Once a consumer verifies that their information has been exposed as part of a data breach through a site like Have I Been Pwned, they then can go and enter the name of that breach on the Breach Clarity site to determine what they need to do to protect themselves based on the data that was harvested.

This is a huge positive step in the fight to help protect consumers when their personally identifiable information (PII) has been disclosed. Up until now, there has not been a resource that gives real guidance on what to do if you were a victim of one of these breaches. The best you could do was know that you were a part of the breach and then if you read sites like Krebs On Security, you would know to freeze your credit reports. With Breach Clarity consumers now have a resource that provides real guidance on what to do when their data is no longer private. I strongly encourage you to check this site out and make sure that you have taken some of the steps it suggests if you have been part of a data breach.

As a reminder, some of the best things you can do whether you are a part of a current data breach or not are:

  1. Use a different password for every online account, never use the same one multiple times. You will need to find a password manager program like 1Password or LastPass to help you mange these.
  2. Freeze your credit reports – it is just a good idea to do that. There is no need to leave them unfrozen and if you know you are going to need to get a loan or have a credit check done, use a temporary thaw period.
  3. Disclose as little about yourself on social media as you can. Do you really need everyone to know your phone number, email addresses, addresses, etc? Protect that information and only disclose it to those that really need it. If you are using your mobile phone or email as a second factor of authentication on accounts, it is even more important to protect these details.
  4. Always use two factor authentication when a service provider allows it. Even better, use an app like Google Authenticator or Authy to provide the one-time passcodes for these services. Don’t use your phone number or email address unless there is not another option.

Stay safe out there.

03
Apr
2019

Facebook is at It Again

Our friends over at ZDNet just released another report on Facebook and their ongoing security woes. This time, Facebook has been caught asking users to confirm their identity by entering their email address and their password for their email service provider so that the platform can login to handle this confirmation. It goes without saying that anyone asking you for the user name and password you use at another service provider is not looking out for your best interests. With Facebook asking for these credentials and their recent issues, you know they are definitely not looking out for your best interests.

TL;DR – Don’t give Facebook your credentials to other services. It’s bad.

27
Mar
2019

Your Customers Don’t Care About Your Vendors

Sabre Airline Solutions suffered a major outage this morning which the media quickly jumped all over and were trying to figure out what happened and why. I’m not here to talk about why the system went down or why the company didn’t do more to prevent this type of situation. As an interesting aside, I actually worked for a company a long time ago that became part of Sabre but that is a story for another time.

Anyway, the point of this post is to remind companies that your customers could care less about who your vendors are and they don’t care that it is your vendor’s system that caused the problem. As a service provider, you must own the issue, the problem is yours and you can’t pass the buck to some vendor that no one knows about or why they should even care. When you enter into a contract with a vendor, your organization assumes all of the strengths and weaknesses they bring to the table. Their faults are your faults and their accomplishments are your accomplishments. If you aren’t willing to agree to the terms of this marriage then you’d better never sign the contract to begin with because it will not end well.

So to recap:

  1. Never pass the buck and blame your vendors in front of your customer, the issue is yours.
  2. If you aren’t willing to own your vendor’s faults then you shouldn’t be entering into a relationship with them.
  3. Your customers don’t care that you have vendors. They care about the service YOU provide. For them your vendors = you.
25
Mar
2019

Facebook Did It – They Lost All of Their Credibility

There is an interesting article over at Forbes today detailing how if you thought Facebook hadn’t lost their credibility yet on privacy, they certainly have now. For about the past six years, Facebook has been storing all the passwords you have used in clear text within an internal database that all of their staff have had access to. Yes, that means anyone in Facebook could have gotten into your account, or possibly just taken the whole database and dumped it for the world to have. Facebook is a little fuzzy on if anything nefarious has been done with this data or not.

The large implications, as the article’s author points out, is that this constant disclosure of personal data is desensitizing us to the serious implications that they truly have. Ultimately this could result in other companies taking the stance that there is no need to secure data any longer because no one really cares if it is protected or not. It comes down to us, as consumers and as the owners of this data, that we demand companies be held accountable to keep it safe. Either that, or we need to actively stop using these services. I don’t know how likely that will be in the case of an organization like Facebook since people are so invested in it that leaving is almost impossible to comprehend for many. Yet this is what is going to be required if these companies are going to be forced to change. Otherwise nothing will change and your data will be available to anyone, anywhere, anytime with no ability to control its spread.

The question then becomes, how important is your data, your private information, to you? Do you value it and if so how much? If the value is high then inaction is no longer acceptable and you must begin to advocate for stronger protections around that information. How can you advocate for this? Check out the resources below:

And of course, you can always write or call your elected officials to demand action on regulatory change.

25
Mar
2019

Long Live Clippy

I couldn’t help writing about a story The Verge recently wrote about the introduction of Clippy animated images and then the subsequent removal of them in the Microsoft Teams communication platform. How many more indignities does the poor paperclip need to endure at the hands of its creator? It was clear that the developers at Microsoft just wanted to relive some of the glory days of Microsoft Office and let some of us office workers do the same. Why their brand people had to go shutdown such a glorious resurrection of the world’s most annoying paperclip is beyond me.

For anyone that would like to join the effort to push Microsoft to bring back the Clippy stickers in the Microsoft for Teams platform, you can go and upvote the request on the Microsoft Support site.