Have social networkers turned into social creepers?

Posted on February 25, 2010 by Kristen Vitartas

The direction that social networking has taken over the past several years has been monumental. I wasn’t into the whole Facebook craze in college – instead the extent of my social networking knowledge didn’t extend beyond AOL’s Instant Messenger and journaling about my day on Live Journal.

Only a mere five years later, here we are in 2010 where people can’t escape social networking if their life depended on it. With that said, I’m wondering just how many people can live their lives without social media once it’s introduced to them. (I say that because I do know people that live without it. Just take a few of my family members for instance: three of them have never owned a computer in their lives and don’t intend on purchasing one or start learning how to use one now, and the other just canceled her home Internet, claiming that she only needs the Internet at work.)

So for the sake of this post, I’m going to assume that most (if not all of my audience) is using social media – after all, you’re reading this blog right? And you’re probably wondering why you’re reading yet another post on social media.

I’m as much into social media as the next person. I’m on Facebook, Twitter, LinkedIn, write for two of my organization’s blogs, keep my own personal blog, and have 15 blogs that I’m following lined up in my Google Reader. With all of this connection to strangers around the interwebs, one has to be careful to protect yourself.

Turning up the creep factor with Chat Roulette and Foursquare

Now a lot of this seems like common sense, but it’s worth repeating. If you don’t personally know and trust the person you are talking to, then don’t give out any personal information or agree to meet someone in person. A new craze, Chat Roulette has taken social media to the extreme. Chat Roulette pairs up random people via a video chat with the option to click a “next” button at anytime during the conversation. So now people can actually see the creepers people they’re talking to online! Is your skin crawling yet?

Not only is that creepy enough, Foursquare is rapidly gaining momentum. Foursquare allows users to “check-in” to a location via their mobile phone, allowing people that you are connected with on Foursquare to easily see where you are (which speaks volumes of where you are not, but more about that later). The idea is that when your friends check-in to a particular restaurant, store, etc., you can pick up the little nuggets of advice they have left behind. For instance, if I were to check-in at P.F. Changs, I could get a comment from a friend saying, “I highly recommend the lettuce wraps.” Players also receive points to unlock badges. Points can be received for trying a new place in your neighborhood, visiting a location multiple times, or bringing a friend along. These points unlock a multitude of badges. Become a regular at any one location and you may just become the “Mayor” of that bar, restaurant, etc. earning you freebies at that location.

I signed up for Foursquare to see what all the fuss was about, and even added some “friends” that I am following on Twitter, but the problem is, I don’t even know all of those people personally. So why would I want them to know exactly where I am?

Which leads me to http://pleaserobme.com/.

Nobody’s home

The purpose of http://pleaserobme.com/ is to highlight the dangers of location sharing. While the idea behind Foursquare and other location-aware sites are fun, they are also potentially dangerous. Checking in to locations around your city (or even when you’re away on a trip), just scream that you are not at home, leaving you vulnerable.

My advice if you’re going to participate in Foursquare is to only add people that you know – but that still doesn’t stop others from seeing your whereabouts if you share your check-ins on Twitter or other social networking sites.

For the record – I have never checked-in to a location and have since deleted the app.

Let’s hear it!

There’s a good chance a fair number of you have used Foursquare, and maybe even a few that have checked out Chat Roulette. I want to know your thoughts behind both. Have you used either? Do you plan to? If you do, what keeps you going back? Likes? Dislikes?

Leave your comment below, or find me on Twitter.

Filed under: Social Media | Tagged: , , , | 1 Comment »

Bah Hummbuzz

Posted on February 11, 2010 by Chris Jenkins

Yet again I’ve been disappointed by a technology solution that was going to be the latest and greatest thing since the inception of the Internet. Yes, I’m talking about Google Buzz but I don’t blame Google for my disappointment. I blame the hype created by the tech industry. The continued approach to build it up and slam it down simply tires me.

The recipe for a flawed release is simple:

  • 2 Pounds of Rumors
  • Sprinkle in Leaks
  • Add some Expert  Guesses
  • Stir to build Hype
  • Bake in a Release
  • Check for Review
  • Burn and Destroy

In our industry nothing is quite as juicy as playing armchair innovator, except maybe claiming the lack of innovation. Wave, Buzz, iPad, Windows 7 you name it. We will build it up to be exceptional only to ensure everyone thinks it sucks. I’ll admit I follow the hype, I get excited, I build unreasonable expectations, and I’ll be the first to let you know when a solution fails to meet them.

What I’m realizing is it’s not the product failing, but it’s the unreasonable expectations that create my disappointment. Perhaps rather than listening to the hype I should wait patiently, and unwrap new technology like a child on Christmas. Of course to do this I’d have to tune out of the hype, and that’s nearly impossible today.

So to all those tech writers who are spoilers, I say bah hummbuzz!

Filed under: Technology | Tagged: , , , | Leave a Comment »

Twitter Tuesday: Twitter’s getting business friendly

Posted on December 15, 2009 by Kristen Vitartas

In a blog post by Twitter this week, it was announced that Twitter has some special features in the works for businesses that tweet. The Contributors feature, which will allow multiple users to tweet on behalf of an organization, enables users to have more engaging and authentic conversations with their followers.

The feature would attach the contributors Twitter username to the tweet – making whoever posted the tweet identifiable and allowing for more engaging conversations.

tweet

Twitter asserts that after some user testing, the Contributors feature will be released soon, along with several other business developments in the works!

12/16 ETA: Mashable just published an article featuring some wonderful screenshots of Twitter’s Contributor feature. Check ’em out! 

Filed under: Technology | Tagged: , | Leave a Comment »

Computer Security: Back to Basics

Posted on October 6, 2009 by Jacob Prystowsky

Computer security is a complex subject, and staying safe is no easy task. Paraphrasing a quote attributed to security analyst and cryptographer Bruce Schneier, the only secure computer in the world is unplugged, encased in concrete, and buried underground — and even that one might be vulnerable. This reality aside, it’s still important from time to time to review some of the basic steps of computer security.

Physical Security

A general rule of thumb is, once an attacker has physical access to your computer, the game is up. So be smart: Don’t let just anyone use your computer, and don’t leave it unattended in an insecure place. Even at home, you may not be completely safe. Is your screen visible through an outside window? Do you know and trust your neighbors? Has there been recent criminal activity near where you live? Who else in your house has access to your computer? Ask yourself these questions when evaluating your physical security.

Encryption

Treat any information that you store unencrypted on your computer as though it is going to be stolen. You probably wouldn’t care (as much) if someone took your grocery list or vacation photos, but tax returns, bank statements, account passwords, and confidential emails, to name just a few, are another matter altogether. As a rule of thumb, if you can’t stand to have it read by everyone, then make sure it can’t be read by anyone. (For a more thorough treatment of why cryptography is important and to get software recommendations, see “Nothing to hide? Hide it anyway.”)

Passwords

Actually, “password” is now anachronistic – “passphrase” is probably the better term, since short, simple words won’t cut it in this day and age. Good passphrases should be long (16 characters is not unreasonable), complicated (use upper- and lowercase letters, numbers, symbols, and whitespace), easy to remember, and, most importantly, hard to guess. Furthermore, you should use different passwords for different accounts (so that if one is compromised, the damage is contained), change them regularly, and not reveal them to anyone who you don’t implicitly trust.

These requirements are challenging to say the least, so a better solution is to let software pick – and remember! – your passwords for you. I like Keychain Access (built in) on Mac OS X and Password Safe (passwordsafe.sourceforge.net) for Windows.

Public Locations

It goes almost without saying that you need to be especially cautious when using your computer in public. If you’re somewhere where you wouldn’t feel comfortable thumbing through your wallet, you shouldn’t use your computer there, either. Be aware of who is around you, especially if they have a view of your screen or seem suspicious. Make sure that no one can shoulder surf as you’re typing.If you’re traveling, make sure you know where your computer is at all times. Never set it down and walk away from it in places like airports and train stations, even if it’s in a bag (thieves know what laptop bags look like).

If you use a public Internet connection (whether wired or wireless), treat everything you do online as though it is being intercepted and read. If you need to do anything sensitive, use encryption and a VPN if you have one. Avoid connecting to unknown Wi-Fi networks or those with suspicious names. If you are using VOIP or videoconferencing software, act as though your audio and video are being monitored. Make sure all your software, including the OS, is up to date, run antiviral and firewall software, and turn off features like file sharing and remote login before you go in public.

Be Cautious

It’s nearly impossible to cover every possible scenario, but, in a nutshell, think carefully before you act.

If you get an email asking for your personal or account information, it’s probably a scam. Similarly, if you’re asked to visit a website for an unexpected reason (for example, to preserve your account information), you should be extremely cautious – it’s almost never the case that this is legitimately needed. Don’t click on any suspicious links (which might take you to a phishing website). Instead, type in the company’s URL yourself to see if it’s legitimate. If you get a message and you’re not certain that it’s legitimate, don’t hesitate to call whatever company is supposedly contacting you or email them at a trusted address to find out if the email is a scam. And, of course, if you’re offered something that’s too good to be true – a large sum of money, a special business venture, a lottery winning, or something similar – it is almost certainly a fraud.

Outside of phishing emails, you should avoid visiting strange websites or downloading files (especially software) that you don’t recognize or that are from questionable sources. P2P file-sharing software is particularly likely as an attack vector for malware. If you are visiting a secure website and are told that there is an error with its certificate, that it is expired, or that it is signed by an unknown Certificate Authority, it’s always safer to cancel whatever you were doing than to continue on and risk being trapped in a MITM attack. And, of course, be sure regularly to update your OS and install, use, and keep up to date antiviral and firewall software.

Filed under: Technology | Tagged: , , , , | 1 Comment »

Cincinnati accounting show live blog of “XBRL – the digital reporting frontier”

Posted on September 30, 2009 by Jacob Prystowsky

Only fifteen minutes until the session begins. We’ll be updating as things progress soon.

2:27: People are still coming in and we’re going to begin pretty soon.

2:34: Stands for extensible business language and is based on XML. Used to communicate business and financial info. Why use it? SEC and AICPA suggestion and also better than a spreadsheet or other clumsier and slower methods. More accurate… If the taxonomy etc is used properly. And it is faster and enables more frequent updates.

2:40: the taxonomy is code, can bee pulled from SEC website which enables standardization. Instance documents breaks down individual data. This technology is being used internationally already and is required in some places, e.g. China.

2:43: Software is in it’d infancy right now but will probably get better over time. Variety of in house uses probably also, such as live data analysis, that will push development. One thing to note, auditors aren’t required to have any involvement so companies are on their own. Another consideration, what are long term plans for it’s use? Chairman Cox said, long term point is to bring investors faster, easier, more accurate information.

2:48: SEC had been helping development since 2005 and taxonomy etc continues to evolve over time, even recently.

2:50: SEC will require tables, notes, schedules to be individually tagged. Software is immature right now but again will improve.

2:53: Quality of initial submissions varies right now. About 410 issuers submitted XBRL exhibits in July or August and 14% of issuers are using grace period now. From an outside perspective, how do companies post viewer so anyone can grab file? Something to think about. Common mistakes: applying wrong tag or applying it to blocks of data inappropriately, or not tagging parts of documents that need to be as per specs. So still room for growth out there.

3:02: XBRL has been extended more as well. Banking, real estate, utilities, manufacturing, media, and so on.

3:05: Why do issuers need to “get it right?” SEC will require it for one thing. Need to help investor end users get it properly as well. And getting things wrong does pose liabilities.

Filed under: Technology | Leave a Comment »

Google answers the call again

Posted on August 12, 2009 by Jacob Prystowsky

“We’re sorry, the party you are calling cannot be reached. At the tone, please leave a message. After you are done, stop speaking, then hang up, or press: Pound. To leave a callback number: Press. Five. To page this person: Press. Seven. At the tone, Eastern Standard Time Will Be: Eight. Forty. Five. And. Nine. Seconds. Now please: Listen. To. The. Party’s. Voicemail. Message. Thank you. (Beep.)” (OK, maybe that’s an exaggeration, but just barely.)

Sound familiar? If so, you’re probably like most cellphone-wielding Americans. Make you want to tear your hair out? You’re not alone. But have no fear: Google’s just entered the calling and voicemail market, with a beta caveat and pricetag of “free,” as usual, and they’re set to do to it the same thing Gmail did to web-based email providers and that Google itself did to search engines. First we had Google SMS. Then we had GOOG-411. Now we have Google Voice. The best way to experience Google Voice is to try it out yourself (invitation from Google required), but while you’re waiting for your invitation to join, we’ll break down just a few of the reasons that make those of us in the IT Department at OSCPA love it.

Where do you want to call from?

The fun starts at the registration page. Chances are, when you got your cell phone from $carrier (AT&T, Sprint, Verizon, etc. — pick your favorite), they gave you a random phone number, or at the very least, didn’t give you much say in what it was. Not so with Google Voice. While at the moment Google doesn’t allow you to transfer your current phone number to the service, they make up for this by letting you search for a number you want. That’s right: if you want a phone number in New York that contains the word “CODE,” you can do that (if one is available). If you want a number anywhere that has a “1776,” you can do that, too. Or if you’d just prefer to appear to be calling from Hawaii, Google’s got you covered (that would be area code 808, if you’re wondering).

Back to basics

Google, of course, offers all the “basic” features you would expect, all done with their traditional style and simplicity. When people call your Google Voice number, it will forward the call to any number of your choosing. In fact, it will forward it to as many different numbers of your choosing as you like, all at the same time, and it can be programmed to ring different phones depending on who’s calling. You can also choose to block certain people altogether, send some callers straight to voicemail, or even mark particularly annoying callers as spam (rumor has it that they receive a fictitious “number disconnected” message — at last, some competition for the TeleZapper). You can also require callers to say their name first (Google will ask you when you answer whether or not you want to take their call), particularly useful for numbers you don’t recognize. And you can set up several different voicemail greetings to play for different people.

For all of these features, you can set your preferences based on individual people or groups of people (e.g., you could decide that callers in the “Family” group ring all your phones, hear “Hi, please leave a message!” as their greeting, and don’t have to say their name first, while those in “Work” ring just your work number, hear “Hello, I’m not here right now, so please leave your name and the best time at which to call you back” as their greeting, and do have to say their name, and those in “Annoying” are just sent straight to voicemail, being told, of course, “I’m sorry, but I will be unavailable for the foreseeable future”).

Also — and this really does merit its own paragraph — Google Voice isn’t annoying. It doesn’t plague you with prerecorded messages telling you that you’re at a voicemail system and so you should leave your name and number after the beep (really, in 2009, does anyone not already know this?) or asking you whether or not you’d like to page the person you called. If you call in to check your voicemail, it doesn’t beat around the bush, telling you that the menus may have changed since yesterday and that you have: Twelve. New. Messages. And, everywhere, the menus are short, simple, and fast. No more waiting for thirty seconds just to hear how to erase a message. This is Google, after all.

Free calls, cheap calls, and call recording

Another great feature, although perhaps not as crucial since most people using Google Voice will probably use it with a mobile phone and not just a land line, is that you can make calls to any (continental) US number for free (caveat being that it still uses your cell phone minutes if you’re not on a land line). And if you’d rather talk to someone in Brazil, Russia, or Germany, you can call them too, and cheaply at that (at the time of writing, $0.04, $0.05, and $0.02 per minute, respectively). Google even gives you $0.10 right off the bat, just for signing up.

We should also mention that you can record calls to listen to later, although at the moment this is restricted only to incoming calls and doesn’t include calls from your Google Voice number as well. So, next time you’re on an important conference call in the middle of driving to the airport, you can focus on traffic instead of finding a pen to write down your hotel’s address.

SMS? Yes

Not limited only to voice, people can send SMS messages to your Google voice number as well, and these will be forward to however many mobile phones you’ve added. You can also send and receive SMS messages via the web interface, and you can save old messages for reference instead of having periodically to erase them as you would on a phone.

Voicemail, part deux

You have no idea how clunky your current voicemail system is until you’ve seen how Google Voice does it. With voicemail from Google, you can listen to your voicemails online, save them to your computer, or embed them on web pages (sounds like a problem waiting to happen), it’s true. Yes, you can even listen to people as they leave you a message to decide whether or not you want to take their call. But Google’s taken it to the next level, because Google Voice can also automatically transcribe your voicemails to text, send them to you via SMS and email, and let you store, search, and annotate them online in a Gmail-like interface. While not perfect (the transcription is sometimes a little off, but still amazing for a computerized service), this feature is probably the best part of Google Voice, and you really have to see it to appreciate it.

Do you like your carrier’s features? Then stick with them. In the meantime, we’ll be using Google Voice.

Filed under: Technology | Tagged: , , , , , | 2 Comments »

Let bookmarklets work for you

Posted on August 7, 2009 by Jacob Prystowsky

Everybody has heard of web browser bookmarks (aka “favorites”), links to web pages stored within your browser for easy access to websites you want to visit again. But did you know that bookmarks are capable of storing more than just URLs? Modern web browsers allow you to store JavaScript (or “JS” hereafter; JavaScript is a simple scripting language that provides much of the power on the web behind everything from Gmail to the statistics software for our very own OSCPA website) within them too, and with a little creativity and programming experience, you can be well on your way to making your web browsing experience easier and more pleasant — and if you’re like me, taking some of the chore out of regular tasks, as well.

Let’s get started

First things first — if we’re going to write JavaScript bookmarklets, it helps to know a little bit of JS, or at least have prior programming experience of some kind and be good at learning on your feet. If you don’t have this proficiency already, there are plenty of sites that can get you up and running soon. You’ll also need a modern web browser (I prefer Firefox) and a decent text editor — I recommend the excellent BBEdit (or its free cousin, TextWrangler) for Mac, Visual Studio (or its free variant, Visual Studio Express, or Notepad if you absolutely must) for Windows, and either vi[m] or Emacs for Linux — I won’t take sides publicly. For the purposes of demonstration, I will be writing bookmarklets using Visual Studio and running them in Firefox, but the process will look almost identical no matter what combination of the above software you use.

Everybody’s first bookmarklet

The canonical first program is “hello world,” and there’s no reason to break tradition here. Open your editor of choice and type:
javascript:{
alert("hello world");
}
Much as the http:// at the beginning of a regular URL signals to the web browser that we are accessing a web page, the javascript: tells the web browser that this is going to be a piece of JavaScript code, not a regular bookmark. Copy the block of code, paste it into a new window, and remove all the line breaks. (This is the technique we will be using: writing in an easy-to-read style, and then when we are ready to try it, making everything one line, which is required.) If you’ve done this right you should have a piece of code like this:
javascript:{alert("hello world");}
bookmarklets-1At this point we’re ready to add the bookmarklet to our browser. Open a new window and then add a new bookmark to your browser, then after it’s created, paste in your single line of JS in place of the page’s URL and give the bookmarklet a descriptive name like “hello.” After loading the bookmark, you should see an alert pop up with the text, “hello world” inside:

bookmarklets-2

A little more serious

Now that we’ve seen how to make a bookmarklet, let’s try a couple of real world examples of how bookmarklets can make your life easier — since admittedly, “hello world” probably isn’t useful to you. For all these examples, just follow the template above: write your code, make it one line, and save it in a new bookmark in your web browser. (With any luck, you won’t have any debugging to do.)

Search the news

I’m a fan of Google News, but it can be annoying to have to load the home page just to search for something. Let’s tackle this with bookmarklets. To get an idea of the kind of URL we are going to generate by doing a search, we try a test search, and get something like this: http://news.google.com/news?pz=1&ned=us&hl=en&q=test+search. After some experimentation, we come up with this JavaScript solution:
javascript:{
var term = escape(prompt("Search Google News:"));
window.location.assign("http://news.google.com/news?pz=1&ned=us&hl=en&q="+term);
}
The first line (of real code) prompts the user for some search terms, URL-encodes the characters (e.g., “?” becomes “%3F,” etc.), and assigns this result to a new variable named term. The second line appends this search term to a generic-looking Google News search URL, and then directs the current window to go to this search URL. Just what we wanted: searching the news without the middleman.

High-contrast web pages

Sometimes webpages can be downright hard to read. While garish, it’s generally accepted that white text on a black background is the best possible scenario for readability, and bright red and green both stand out well on black as well. The following JavaScript, adopted from a bookmarklet found at Lifehacker:
javascript:(function(){
var newSS, styles = '* { background: #000 !important; color: #FFF !important; font-size: 12pt !important; font-weight: bold !important } :link, :link * { color: #F00 !important } :visited, :visited * { color: #0F0 !important }';
if (document.createStyleSheet) {
document.createStyleSheet("javascript:'" + styles + "'");
} else {
newSS = document.createElement('link');
newSS.rel = 'stylesheet';
newSS.href = 'data:text/css,' + escape(styles);
document.getElementsByTagName("head")[0].appendChild(newSS);
}
})();

will do the job, making any webpage high contrast and easy to read.

These are just two examples of what can be done with JS and some thought. With a little practice and foresight, you, too, can start writing bookmarklets to change the way you work online. (If you like bookmarklets and use Firefox, be sure also to check out the powerful Greasemonkey extension.)

Filed under: Technology | Tagged: , | Leave a Comment »

Password Safe

Posted on July 28, 2009 by Jacob Prystowsky

passwordsafe-2Whether it’s your bank’s website, OSCPA’s membership resources, or even just an email account, nearly everything we do on the Internet requires us to authenticate ourselves with a password. But passwords provide a virtually inevitable quandary: Any password that easily can be remembered can also probably easily be guessed. Worse yet, it is difficult enough to remember multiple simple passwords, much less multiple secure ones, so people tend to reuse the same password, or set of a few passwords, across multiple services, perhaps altering the passwords very slightly (and probably predictably) for each one, and that’s if we’re lucky. Add to this the sometimes draconian password policies requiring passwords to be changed on a regular basis, and it’s no wonder that passwords are such a problem today.

The ideal solution, of course, would be if everyone (we will use an apocryphal user Alice for simplification) used different passwords for each resource (email, banking, OSCPA, etc.), and if each password was secure. The importance of using different passwords for different services is the same as the importance of using different keys for different locks. Imagine if Alice used the same key for her car, her home, her mailbox, and her office. If a thief — let’s call her Eve — ever managed to copy the key, she would immediately have access to all of these locations, and Alice would have additional hassles with having to change so many locks. Furthermore, Eve could target the easiest location at which to copy Alice’s key — perhaps by impersonating a maintenance person at her work, instead of having to go directly to her house. The importance of Alice’s keys being secure (i.e., not easy to copy, not blank keys bought from the store, and of a shape not easily guessed) is, we hope, self-evident.

Password security involves a lot of different technical aspects, but the three take-away elements are this: Good passwords should be complex, utilizing both uppercase and lowercase letters, as well as numbers, spaces, punctuation, and other symbols; they should be long; and they should be random. Complexity is a measure of a password’s key space. Intuitively, the greater number of symbols that Alice’s password contains (e.g., letters and numbers instead of just letters), the greater the number of combinations of passwords that she could be using, and so the more passwords that Eve must guess. Length is a measure of a password’s key length. Once again, the longer a password, the more possible passwords there could be, and so the harder individual passwords are to guess. Finally, randomness is a measure of a password’s entropy, which can be thought of as measuring how hard it is to predict one letter based on another (for example, a password of “abcd” is less entropic and so less secure than that of “a3@Z”).

passwordsafe-3

These days, a minimum amount of entropy that we should demand from our passwords is about 128 bits. In lay terms, this corresponds to a password of between 16 characters (containing a completely random sequence of every symbol of which you can conceive) and 64 characters (containing only regularly-typed English letters). Somehow remembering a litany of completely different passwords of these types, some of which must be changed on a regular basis, is understandably probably impossible (unless you’re Dustin Hoffman’s character in Rain Man). And if you write these passwords down, unless you store them somewhere safe, you might as well use weaker passwords that are easier to remember — and if you do store them somewhere safe, they’re probably not going to be easy to get to.

What’s the solution to this technical headache? Go ahead and use different, strong passwords everywhere — but only worry about remembering one of them. There are a number of different software solutions that will store your password for you, many built into the different operating systems, but the program we will be reviewing is Password Safe, which is free (in fact, open source), available for Windows (beneficial for many corporate environments, and programs compatible with Password Safe are available for other operating systems), and secure.

Upon launching Password Safe, you’ll be asked either to open an existing database or to create a new one (choose the latter if you’re using it for the first time). The fact that you can create multiple databases has a number of useful applications. For example, you could have one database for home and another for work, or one database for personal accounts, and another for group accounts, and the password database for the latter could securely be shared among multiple people. The password that you supply for each database will be all that is required to access the passwords inside, letting you remember just one key — the database password — while forgetting about the numerous secure passwords stored inside. If ever you need them, just open up Password Safe and pull them back out again.

passwordsafe-1

Password Safe helps you manage your passwords in other ways as well, like coming up with good passwords in the first place (you can customize your password policy and even have the program generate a random password for you), storing account and other info along with them, remembering the last several passwords used, copying passwords to the clipboard without viewing them (for deterring shoulder surfers), changing how often passwords expire, and so on.

Finally, the databases that Password Safe creates are very secure, ensuring that if a thief somehow got access thereto, if the password you chose to protect it is secure, its contents will be, as well. The software is open source, so you can examine its code yourself and ensure it is up to no ill, and it was designed by the respected security analyst Bruce Schneier. To protect your information, databases are encrypted with the Twofish algorithm, one of the Advanced Encryption Standard finalists, and Password Safe has been reviewed by Schneier’s own Counterpane Internet Security, Inc. (now BT Counterpane, owned by BT Group plc). So whether you’re a grandmother at home or a corporate executive flying between Columbus and San Francisco, it’s time to set your excuses aside for not using multiple strong passwords everywhere and save yourself a headache of trying to remember them all.

Filed under: Technology | Tagged: , , , , , | Leave a Comment »

Nothing to hide? Hide it anyway

Posted on July 21, 2009 by Jacob Prystowsky

If you’re like most Americans, you probably value your privacy. You’re probably not ashamed of anything, and you’re not doing anything wrong, but just on the principle of the matter, you would prefer to keep your private life private. If a stranger knocked on your door and told you that he was going to watch you read your mail, you would almost certainly call the police. If you saw your neighbors peeking through your living room windows as you watched TV at night, you would probably walk over and give them a piece of your mind. And if you found out that the government had been listening to your phone calls without a warrant, you would be outraged, and probably hire a lawyer to get justice and accountability. And all of these actions you would be justified in carrying out.

Just as you enforce your privacy in your tangible, day-to-day life, so, too, should you do so on your computer — especially as more and more of the activities that make up our usual days become digitized, are stored on hard drives, and are sent flying across the Internet. So it is somewhat mystifying to me that most of the people to whom I have talked about encryption seem entirely disinterested in taking the time to implement secure cryptography (see the end of this post for more information) on their computers.

Oftentimes, the first reaction to my suggestion that I hear is, “Why? I have nothing I need to hide.” But, while that is probably almost always the case, their reaction misses the point entirely. It’s not whether or not you have anything to hide, it’s whether or not anyone else has the right to pry, and in my mind, unless either someone is both legally authorized and justified in snooping on my data, or I give my consent for them to do so, I should keep the data on my computer as secure as possible.

It used to be the case that setting up good encryption was difficult, and that trustworthy software was hard to find — but this is no longer the case. While it is true that there are a glut of badly-written encryption programs that leave your data virtually as vulnerable as they were before, there are also plenty of respectable implementations that easily can be obtained and installed (see the end of this post), and no longer do you need a degree in computer science or mathematics to use them, either (although if you find Feistel networks or finite fields interesting there are plenty of technical aspects about which to learn as well).

The reasons aren’t purely philosophical, either, as there are serious risks in allowing data to sit unprotected on a hard drive. We store our home videos, vacation photos, tax records, hotel reservations, flight itineraries, bank statements, music, and business correspondences on our computers, just to name a few, and more and more, these data are not just sitting on our hard drives, but transmitted online, synchronized via servers located around the world, and categorized, indexed, dissected, and disseminated via the Internet and a littany of applications. So, just think of the potential devastation — financial loss, identity theft, character destruction, etc. — that could result from a breach of privacy on your computer.

Worse yet, it doesn’t take a skilled attacker or government spy for your information to be at risk. Social networking sites routinely encourage their users to volunteer reams of personal information; most grocery store shoppers don’t think twice about swiping their “frequent shopper cards” to gain access to special deals (and allowing the store to track their purchases); and, frighteningly enough, more than 70% of people would give up their passwords for a chocolate bar. Most people seem so incredibly careless with their information security that these and other signs of complacency only add emphasis to the fact that we collectively need to take more seriously the potential risks in leaving our data unprotected (not to mention giving it away) and abrogating our responsibilities — just as it would be irresponsible for us to leave our front doors unlocked and open at night, print our credit card numbers on the back of our shirts, or walk down the street announcing how much money we have and in which pockets we have our wallets.

If you value your privacy in other aspects of your life, consider taking more seriously your privacy when it comes to your computer and your “digital life,” for lack of a better phrase. It is both an issue of security and of philosophy, and it is a salient one. For respectable cryptographic software, consider TrueCrypt, PGP, GPG, and RSA. (For platform-specific options, consider also FileVault for Mac OS X and BitLocker for Windows Vista, both built into their respective operating systems.) For general cryptographic (and other) security information, check out Bruce Schneier’s work (as well as his blog, Schneier on Security, and his books), the Center for Democracy and Technology’s cryptography page, and the Electronic Frontier Foundation.

Filed under: Technology | Tagged: , , , | 2 Comments »

Consider keeping some important data online

Posted on July 17, 2009 by Adam Mahle

It is common for data security folks to tell you to be careful about what data you keep online and the risks associated. But, I’m here to tell you why you should keep some of your data online. Because, while you should be careful about what data you put online – you should be careful about what you don’t.

Consider the unpleasant scenario – a home robbery, house fire, storm, flood or some other loss. After the event you will need access to insurance documents, home photos and other important data. Now assume that you stored all that information on your home computer – all that information is now lost, and recovering it has just become much more difficult.

NOAA public domain image

“But wait!” you say, “I keep all my data backed-up and stored in a fire safe so I’ll be alright.” You need to be careful with this assumption and should be aware of some facts:

  1. Thieves like stealing safes – they assume that you have something valuable inside that they want. 
  2. Fire safes are rated to a specific temperature for a specific amount of time – but the temperatures that are reached inside – while relatively safe for paper documents, at least for the rated period of time – can be catastrophic for your data storage media (backup tapes, CDs/DVDs, flash drives and pretty much all other media are susceptible to heat).
  3. Water, used by the fire department or the result of some act of Mother Nature, can cause damage to both your digital storage media and your paper documents within a safe. So even if you have taken measures to protect your data at home – it may not be quite enough.

No one wants to think that events like these might occur to them, but unfortunately no one is immune from the possibility. Preparation gives you the possibility to mitigate your risk in these situations. To help yourself prepare for some sort of catastrophic event like this I suggest that you look into keeping copies of your important data online. You may want to consider using an online document management service or one of the many online backup services avaialbe. Most online backup services provide reasonable protection of your data through encryption and other measures, and are a relatively safe (there is no such thing as perfect) means to protect your data from loss or theft – and will still be available to you should some catastrophic loss at home occur.

So remember, while you may not want to advertise information about yourself or put compromising data on the Internet, you really don’t want to avoid putting data up for that reason. With proper consideration most data can be reasonably secured online – and your disaster recovery solution could be considered an investment in your own future well being,

Filed under: Technology | Tagged: , , , , , | Leave a Comment »

Next Page »