Safer Computing 

What's one company that prospered hugely, almost unmanageably, off of the sudden work-from-home blast of early 2020? Zoom. And what's one company telling its employees to come back to the office now? If you're guessing, Zoom, you are correct. The whole conversation around returning to…

I could say, "That's it.  That's the post."  But I won't leave it at that.  I will elaborate, because I feel I owe everyone a logical explanation of what MFA is, why it's so important, and how to do it right.   MFA stands for Multi-Factor…

The information security blog you know and love is on the way back! The older posts may take a while - they have to be recovered from an imperfect backup one at a time, by hand :/ 

I missed an installment on Friday, and maybe I'm a little tired of blogging about What's Wrong With the World. So here's a taste of something else. About a month ago, I had what I believe was a ransomware attack on my home infrastructure. I…

Wouldn't it be good if all applications and websites let you know this? Because it's true for almost all. Password storage is where many companies do not do all the right things, and do not do all the things right. There are many ways to…

Smartphone shopping. More fun than a root canal, isn't it? I needed a new phone to bring to my employer's BYOD program. I decided not to use my personal phone number with that, so my existing device was not under consideration. Also our BYOD program…

Click Through for The Register Story Starting Friday, Salesforce.Com had a fifteen-hour outage due to their having to "pull the plug" after a script went rogue and gave all comers full access to the database. Anyone logged in could do anything to anyone's data. Not…

You have probably seen news of businesses and institutions being attacked by ransomware, and having to pay tens of thousands of dollars to get rid of it. Names like CryptoLocker, Fusob and WannaCry have floated by. But, what is ransomware? How does it work? How…

"Relevant" is the ad industry's current excuse for all the spying, tracking and intruding on our lives that they are currently tormenting us with. https://www.nytimes.com/2018/12/24/business/media/data-sharing-deals-privacy.html They "need" to suck down every aspect of our personal lives and habits and idle thoughts... so they can show…

Not Beaches! BReaches! Ah yes, breaches. Not really a much better movie, I'm afraid, yet we keep seeing it over and over. Big splashy headlines touting eye-popping numbers, followed by unsolicited offers of credit monitoring from companies who are really, really hoping their arbitration clauses…

One of my best friends is an IT guy, with about the same amount of career experience as I have. (We're old, get it?) When we get together, I notice that we each show the distinctive mindset of our specialties: he's always thinking, How can…

Data centers with thousands of computers in concentrated amounts of floor space do have to expend enormous amounts of energy keeping things cool. Your home data center can almost entirely ignore this issue, except where your computers have to be enclosed. At some point, you…

Your home is your data center. Maybe this sounds like a stretch but, unless you live a very low-tech existence (like this guy, perhaps?), this is how we all live now in the 21st century. Oh sure, you are not going to have to have raised…

Every one of us has a data center to care for. Not everyone takes it as seriously as some do. The mouseover text for this one reads: The weird sense of duty really good sysadmins have can border on the sociopathic, but it's nice to…

AKA permanent spyware You must assume: if they can hear you ever, they can hear you always. Amazon is offering bedside units with cameras. What could possibly go wrong? In 1984, Orwell speculated the state would force us all to have in-home surveillance. We did…

It's an established fact that any headline in the form of a yes/no question can safely be answered, "no." And so it is with today's post, as you will see. One of the things we humans have to watch out for is, who can use…

3-2-1 is the watchword for how to do backups. I have written about this a lot, as I consider it the most basic of security basics. If your data is backed up offsite, ransomware can't get to it, fire and flood can't get to it.

On Dec 14 the FCC carried out its corporate masters' plan to gut net neutrality, responding to millions of astroturfed "comments" from dead people, etc. This action made the work of the Electronic Frontier Foundation all the more critical. On Feb 7, one of the…

Back in 2016, I swore off Windows completely and especially Windows 10. One of the reasons was a "feature" called Telemetry, that basically amounts to "Windows 10 is 100% spyware." It was widely reported at the time, along with an elaborate hokey-pokey you could dance…

The word on why we got treated to a false alarm about missiles heading for Hawaii is this: (over-simplification alert!) They clicked Yes. There's a security lesson here. Stop and take a breath and read all these prompts. Clicking OK automatically is the road to…

Email scams have been a problem almost as long as there has been email. Today's joint is not about the basics of that, I have dealt with those before. Scambusters is a great source of detailed information about these scams, and how to avoid being…

In a revelation that should surprise exactly nobody, security researchers have revealed that Western Digital MyCloud drives have a built-in backdoor. A hard-coded username and password give privileged command line access to the device, which may then be compromised however the attacker sees fit. This…

Randomness is important. You use it in the physical world when you shuffle a deck for a game of cards or roll a D12 for a result in Dungeons & Dragons. But you need it even more in the digital world, and it's more difficult…

We live in the age of social media, that’s for sure. Facebook claims over 2 billion people as its users. Twitter is how we first get breaking news, how we know it’s time to turn on CNN or MSNBC to see what happened when the…

[ missing picture: Lisa lost her computer to theft, is now posting notices begging the thief to burn the files to a CD and send them to her] Maybe this is churlish, but I told ya. And told ya some more. I struggle to empathize…

Today let's think about how to be safer using the oldest internet application still in common use: email. Email predates the Web by about twenty years. So when young people accuse it of being “for old folks” (meaning, people like me) I have to admit…

Motherboard, a part of Vice magazine, has published a very good Guide to Not Getting Hacked. It's also available as a PDF. One of my favorite sections draws from the EFF Surveillance Self-Defense page. "Threat modeling" may sound like something a management consultant would explain to you…

What's missing from this pretty-good article? Give it a read, but the TL;DR is that a NY Times cyber-security writer tells us what she does to make herself safer online. It includes everything I do, and a few things I don't. But there's one crucial…

Welcome to the wonderful world of the Internet of Things. You’ve probably seen this term in the news a bit lately. Perhaps you read about it in connection with a massive botnet called Mirai, or it's even more potent descendant, IoT_reaper. The term Internet of…

Whenever a news story breaks about information security (usually a radically bad FAILURE thereof) then "security researchers" or "consultants" get trotted out by the media to give expert soundbites. David Kennedy was a keynote speaker at the recently-concluded Rochester Security Summit, so he'll do for…

Advertising supports a lot of the content you enjoy on the Internet. The economics of it should be simple. An advertiser pays a certain amount to get a commercial message in front of many readers or viewers. Some percentage of those viewers make a purchase.

Backup is the most basic information security measure. Whatever else happens, your worst-case, baseline fall back is: restore from a backup and get back to work. So you always want to make sure your backups are rock-solid. A rule of thumb for how to ensure…

The Cloud! It sounds so… ethereal. We’re all going to have computers floating around in the air? What’s going on here, really? Today, let's look at data storage "in the cloud" and how we can use it more safely. A sticker on my laptop says,…

So do mine. What can you say? Maybe I should write that, p@5SW0rdz? It doesn’t matter. We all use passwords. It’s the simplest and most popular method systems and sites have to authenticate us. But let’s face it, passwords suck. There are lots of problems…

Death and Taxes. With enough lawyers you can avoid most of the taxes, but as sure as I am typing these words, and you are reading them, every one of us is going to die[*]. While we each have a will to cover our possessions…

There are three elements of safer computing: Everything I am going to suggest to you in these pages supports at least one of these elements. There are a lot of things to talk about, and some of them need a pretty detailed discussion. But to…

I call this blog “Safer Computing” because I want to evoke some of the same ideas we think about when we talk about “safer sex.” We know sex with others can’t ever be 100% absolutely safe. So we are being clear-eyed about those risks when…

The password advice we all hate - upper and lower case, numerals and punctuation, change it frequently - is wrong. We knew this in our guts, but now Bill Burr, the original author of the NIST report that started it all in 2003, has recanted. So…