Do we like giving out our email addresses?
No, because we don’t like spam.
Do we like risking our email accounts being stolen?
No, but how do you protect your email and use it?
Let’s talk about a service you never knew you desperately needed.
Do we like giving out our email addresses?
No, because we don’t like spam.
Do we like risking our email accounts being stolen?
No, but how do you protect your email and use it?
Let’s talk about a service you never knew you desperately needed.
What if an identity thief decided to steal your stimulus check or your tax refund?
He’d have to have your name and social security number–that costs about $4. One of the easiest ways to interfere with this theft is to create your own account with the IRS. Most people haven’t but it’s easy and keeps the thief from stealing information from the IRS and then your money.
A friend of mine recently had to spend substantial chunks of his week dealing with credit theft. As such things go it wasn’t all that bad but why not spend 30 minutes to save hours?
That same month I got an email for Privacy.com saying that my “Airport Parking” card was declined at “Sayan” (whoever that is). My friend spent hours. I was automatically protected.
One layer of defense is at the credit reporting bureaus which have had to clean up their act after the 2017 Equifax data breach lost my (and probably your) credit information.
Congress, goaded by irate citizens, required improvements, namely credit freezes. Since credit reporting bureaus make their money selling credit information their interests are somewhat in conflict with yours since you only want your credit score accessed when you want to rent something, get a credit card, etc.
There are several steps you can take to reduce your risk. You don’t have to do all of them or do them all at the same time to get the benefit. A few minutes could save you a lot of needless misery. The credit action links take you to the FTC site which is safer than figuring out the correct websites on your own.
Did you celebrate May 7th? That was international password day. Even if you didn’t celebrate, the dark web probably did.
It’s quite likely one or more of your passwords have been stolen.
You think not? How much are you willing to bet? If you use the same password everywhere you’re betting…everything. The bad guys take your credentials stolen from one site and automatically try them on other sites.
While most people have lousy passwords, there’s another problem: Someone can get your password and it isn’t your fault. Worse yet, maybe it isn’t even your bank’s/stockbroker’s/email provider’s fault. What can you do to limit the damage?
Here we go again, only more so. Password theft is, unfortunately, a recurrent theme. An increasingly large volume of login credential theft happens every year as seen in this beautiful but appalling graphic of credential theft.
This year’s crop includes a compromise of 3/4 billion accounts. Conservatively, you have at least a 20% chance of having a compromised account. In practice I suspect your odds are even higher.
The good news is that you can find out if your information was compromised and where it happened and change those passwords.
The bad news is that most people use the same password on multiple sites. That means that if it gets stolen for one site, it’s stolen for the others as well. The worse news is that many sites don’t encrypt your password. The worst news is that people prefer using really lousy passwords. See Who’s Got the Password. for more about avoiding bad passwords.
Government has special challenges pursuing modern information security goals.
There are some across the board threats against the information security goals.
1. Dysfunctional approval process
2. Wrong Priorities
3. Bad technology approaches
What’s the future outlook? Not bad, given that improving technology will eventually sweep everyone forward.
1) The primary motivation for the push is greed on the part of software companies who aren’t getting as much of my money as they would like. These are the same companies who (mostly) offer me nothing new that I want but charge me money for the nothing and charge me time to learn and use the new, bloated interface. I say this as a card carrying computer geek.
2) Marginal cost of product should approach marginal cost of production as volume increases. Given the basic materials for a software purchase are a mass produced DVD and perhaps a book, or perhaps just a web download, we’re obviously far from that. So, we’re being grossly overcharged currently, and the price is going up.
3) I won’t be able to escape monthly software charges the way I can easily skip version “upgrades” that give me 1) a slower PC with a new-for-no-reason GUI, and 2) productivity enhancements consisting entirely of features I don’t use, with a new-harder-to-find-things GUI.
4) When I am offered something good, say in improved security, it’s usually just the vendor uncrippling their product slightly. That’s not the way to treat security. If the penny pinching airlines thought like software vendors, they’d charge us for air and flotation devices.
My fundamental objection is that software vendors want to charge me more when they weren’t doing a great job to begin with.
Here’s why I’m wrong:
1) Smartphone app prices (free or fixed price right now) and Google apps (pretty much free for consumers) are serious competition now and will help control the costs.
2) Barriers to entry for new software providers are pretty low, thanks to existing smartphone stores.
3) Monthly charges mean that a vendor has to care whether I keep paying for his software each month. This will punish vendors who traditionally take me for granted,
4) As computer technology becomes increasingly part of our culture, loony lawsuits over copyrighting trivial stuff are less of a problem. I’m not saying the legal system has gotten smarter. Lawsuits still focus on the software equivalent to, “your car can’t have a gearshift on floor/column/steering wheel, I thought of it first!”, but the most basic bad legal decisions about GUIs and file formats already happened and the effects of those lawsuits are fading. Thus, reduced barriers to entry again should help control cost.
So, we’re being overcharged, but the companies overcharging us probably can’t keep us captive for long in the new system.
No, it’s deliberate, thought out, and not a joke. Run with me on this.
If a bureaucracy wants to show it cares, how does it do so?
#1: Move slowly: International Adoptions take 3 months to 5 years. Security accreditations? Depends if you average in the people who give up.
#2: Require paperwork: Breathtaking amounts of paperwork. Match again.
What are a bureaucracy’s incentives?
#3: Safety: “No” is safe; you can’t be blamed for something going wrong
#4: Delay: Delay is safer than decision. After all, something could go wrong.
#5: More Delay: Not solving the problem makes good economic sense (for the bureaucracy).
#6: Move the goal: If it’s not clear what perfect safety is, keep coming up with things.
The fact that some of the best people you’ll ever meet are involved in these two industries doesn’t change the fact that in these ways and more, the processes aren’t designed to accomplish the actual goal, nor do the incentives pull toward that goal.
Unfortunately, it’s correct. Sounds like an urban legend, doesn’t it? CNN and NPR vouch for its truth. Our nuclear weapons system uses 8″ floppy disks— a technology that had almost vanished before I started my career but that could easily still be in use after I retire.
This is normal for government.
OK, this is normal (and amusing), but is it bad? Yes, because this is very old hardware, the parts are often only available on eBay, and to try keep these systems at high reliability we have to spend a lot of money and time.
There are many reasons why the government spends so much to get so little.
Oddly, the archaic hardware helps with one kind of security problem–fewer hackers are working on finding security problems with systems their grandmothers used. That’s not the only kind of security though, and an increasing likelihood of total system failure is a huge risk to security.
We’ve only just begun, really, so come back for more problems and some choices.