post

Steve's Security Tips For Keeping Your Stuff Private

While discussing cyber security and online safety with clients, family and friends, I’ve had several of them ask me for guidance on how to secure their communications and web activities. While a thorough examination of all the detail surrounding privacy, security, and good online habits could be the length of a book, let me give you some of the basics along with a few links to learn more.

There are several reasons you should care about whether your online, digital communications and web surfing are private:

a) Tracking: Ever wonder how Facebook knows you just shopped for Corningware at Amazon and suddenly the ads on Facebook are displaying other bakeware companies? Would you be surprised to know that nearly all websites you visit set a little digital file called a “cookie”—a file that can prove to be very beneficial most times—but that some cookies are set by third party companies that do nothing but track ALL of your website visits (and much more) everywhere? 

b) Are You Naked on Public Wifi? If you ever connect to a public Wifi hotspot, you should know that it is trivial for a Wifi hotspot to be spoofed and you might have already inadvertently connected to it! There are also packet-sniffers that can view any unencrypted traffic going back and forth between your laptop or device and the Wifi router and some blackhat hacker can view it.

Want to see how incredibly trivial it is to create a man-in-the-middle attack and spoof a Wifi hotspot? Then read this article which should scare the beejesus out of you (it did me). It’s called Maybe It’s Better If You Don’t Read This Story on Public WiFi and its tagline is this:

We took a hacker to a café and, in 20 minutes, he knew where everyone else was born, what schools they attended, and the last five things they googled.

If after you have read that article you are still logging on to public Wifi hotspots without using a VPN, please comment below and give me your argument as to why you think it’s OK to get online with public Wifi and no VPN. I’ve yet to hear a single, valid reason why someone shouldn’t connect securely.

c) Government Surveillance: You’ve undoubtedly heard about Edward Snowden who revealed the vacuum mass surveillance apparatus in place by the National Security Agency and that they’re are scooping up ALL metadata about who called whom; what websites you visit and searches you perform; what texts you send; who your Facebook/Twitter and other friends are; what photos you post; and much more.

As a preview to what might very well happen here in the U.S. under a Trump administration, a new law just passed in the United Kingdom and it will give you a taste of what is probably coming to America…and soon…and why we all need to be more diligent about our privacy and security. The UK Now Wields Unprecedented Surveillance Powers — Here’s What It Means spells out what we could expect in the US in the near future:

The UK is about to become one of the world’s foremost surveillance states, allowing its police and intelligence agencies to spy on its own people to a degree that is unprecedented for a democracy. The UN’s privacy chief has called the situation “worse than scary.” Edward Snowden says it’s simply “the most extreme surveillance in the history of western democracy.”

The legislation in question is called the Investigatory Powers Bill. It’s been cleared by politicians and granted royal assent on November 29th — officially becoming law. The bill will legalize the UK’s global surveillance program, which scoops up communications data from around the world, but it will also introduce new domestic powers, including a government database that stores the web history of every citizen in the country. UK spies will be empowered to hack individuals, internet infrastructure, and even whole towns — if the government deems it necessary.

It is also probable that both the UK and the US will take steps to ban end-to-end encryption (one reason I use more and more services outside the US) and/or legally force companies to insert backdoors in their software so law enforcement can get in to the computer or device you own, especially without having to secure one of those pesky search warrants. It’s actually a lot more ominous than that, but writing much more about it is beyond the scope of this post.

Are you scared now?

You should be. I am, and I stay abreast of all of this every, single day. Read on for some specific tips and tricks to stay safe online.

Edvard Munch’s painting The Scream…and a few scared internet users

[Read more…]

post

Steve's 2016 Road Trip

bee-flowerJust completed another “Steve’s Road Trip” for 2016. Though I’d originally intended to head out to Rocky Mountain National Park this year, my time is limited so, once again, I headed up to the north shore of Lake Superior with my new Nikon D500 camera (which I’m in love with, by the way).

These are a handful of “keeper” photos from the several hundred I took as I experimented with the HUGE number of camera settings! The place I stay at is about three hours away so is even perfect for a weekend getaway.

Click the photo below to view the trip Flickr album or click here:

https://www.flickr.com/photos/borsch/albums/72157671994235846

post

John Oliver on Encryption

John Oliver’s show Last Week Tonight talks about the Apple/FBI controversy and that strong encryption poses problems for law enforcement, but is weakening it worth the risks it presents? It’s…complicated.

post

Seriously Minneapolis StarTribune? "U.S. security at stake as Apple defies order"

Click for an update - 4:04pm
iphone-in-handTo say I was stunned reading this editorial in this morning’s Minneapolis StarTribune is an understatement. I rarely get fired up enough to write a letter to the editor, but this time I felt compelled since they got this so wrong and I’m embarrassed for them that they published this editorial.

I just sent them my rebuttal and I reprint it below with the StarTribune’s paragraphs in italics and green. Also, since the StarTribune apparently did little-to-no research, I’ve provided them with helpful links.

Curiously the StarTribune changed the linkbait-like editorial title in the online version by toning it down, perhaps realizing that characterizing it as “Apple defies order” is wrong: National security is at stake in Apple’s faceoff with feds.

U.S. security at stake as Apple defies order

Apple Inc., the world’s largest info-tech company, now stands in defiance of a federal court order, saying it will fight attempts to force it to help the FBI crack the iPhone of a San Bernardino terrorist involved in a major attack on U.S. soil that left 14 dead and 22 injured. Apple says the government is overreaching and would be setting a dangerous precedent.

The company is wrong on both counts, but the world of encrypted information is a complex one. It is worthwhile to proceed carefully, because this could prove to be a critical showdown in the growing clash between privacy and national security.

Your editorial, “U.S. security at stake as Apple defies order” was one of the most stunningly naive positions I’ve read yet when it comes to the controversy over Apple’s stand on weakening the encryption of one, single iPhone. A weakening that would instantly open a Pandora’s box of cyber threat problems of which you are obviously clueless and seemingly dismissed out-of-hand.

First, it should be noted that the government negotiated for two months with Apple executives. When those talks fell apart, Justice Department officials turned to a federal judge, who ordered the company to create a way to bypass the security feature on the phone. The FBI had obtained a warrant to search the phone and, not incidentally, the consent of the employer that had issued the phone to Syed Rizwah Farook.

First off, it should be noted that the FBI permitted San Bernardino officials to change the password on the terrorist’s iCloud account (rebutted by FBI, now blaming official) and only then, obviously realizing their mistake, requested Apple’s help. Had they not done so Apple has stated publicly it would have been possible to obtain the shooter’s iCloud backup data. Since this mistake was made, the FBI then negotiated with Apple to recover what they could. Discovering that doing so was not possible, and subsequently failing in convincing Apple to create software to weaken iOS (the operating system that controls the iPhone and iPad) so they could break into the device without having it ‘wiped’ by its ten password attempt limit, the FBI then obtained a court order hoping to force Apple to create a method to do so.

Apple has complied with what Justice officials characterize as “a significant number” of government requests in the past, including unlocking individual phones. Apple CEO Tim Cook has become increasingly concerned about customer privacy, particularly after 2013 revelations by whistleblower Edward Snowden about massive government surveillance operations. The company has continued to tighten its security systems and decided to no longer maintain a way into individual phones. Farook’s iPhone 5c was among those with a 10-tries-and-wipe feature that essentially turns it into a brick if too many false passwords are entered. Newer operating systems employ ever-more-sophisticated security features.

The government’s authority to get private information, such as texts, photos and other stored data, through a warrant is not at issue. The key here is whether the government can compel a private company to create a means of access that the company contends will weaken its premier product.

Cook maintains that creating a “master key” to disable security on Farook’s phone ultimately would jeopardize every iPhone. With more than 100 million in use across the country, that is no small threat. There are, however, technology experts who say Apple could create a bypass — allowing for what’s called a brute force hack — without affecting other phones.

With respect to your position on Apple’s creating this sort of “bypass” for this single iPhone, all while acknowledging this is not a “small threat” for the 100 million iPhones already in existence, you then opined, “There are, however, technology experts who say Apple could create a bypass” “without affecting other phones.” This is your supposed justification for minimizing the threat of putting in a backdoor (or what you euphemistically characterize as a “bypass”) for those 100 million+ iPhones already in existence? Who are these so-called “experts” anyway?  [Read more…]

post

Seeking Meaning: Why Baby Boomers Refuse to Retire

boomers

As baby boomers my wife and I approach our “third half” of life (i.e., retirement) with both excitement and trepidation. We’re excited we’ve saved and invested so we can travel, be in a warm climate and out of Minnesota winters, and focus on those things we love best like family, friends, reading, learning, and above all, having experiences. But at the same time we’re nervous about being bored and not having a purpose and we certainly don’t want to essentially hang around until we die.

Turns out baby boomers like us are seeking meaning and are increasingly turning away from a life of leisure and instead moving toward ones filled with activity and purpose. Fast Company had this article about it today that is one of the best ones I’ve yet read about the “new” retirement and what it’s like:

How will all these aging boomers thrive in the 21st century? According to many experts on aging, it’s increasingly by staying in the workforce, at the very least on a part-time basis. As noted by Gallup in their “Many Baby Boomers Reluctant to Retire” report, “Nearly half of boomers still working say they don’t expect to retire until they are 66 or older, including one in 10 who predict they will never retire.”

So it’s not about needing money. It’s about what value we’ll bring to the world in our third half and the meaning that will instill in both of us.

Read more at Fast Company….

post

You May Never Be Able To Grab The Carrot

dangling-carrotIf you are enticed to become “a stakeholder” in a company or startup by having the stock options or warrants carrot dangled in front of you as an incentive, my own “stock options and warrants” tales of woe are a flip-side you need to hear. Especially since you’ll hear A LOT of the “You’re gonna GET RICH” from those trying to hire you or colleagues naive enough to think stock values go up automatically.

TALE #1: STOCK OPTIONS
In December of 1999 I accepted a job at Vignette, at the time the fastest growing software company in history. With the initial shares I received, and the ones I’d be granted and earn-out over four years, I began to consider the realistic possibility that I’d enjoy an options gain of $5-6M over that four year vesting period.

You know about the “dotcom” crash in March of 2000, right? I sure do because Vignette never recovered and the stock (and my initial options) tanked. Though subsequent option grants were adjusted downward, those ended up in value too. It’s been said that “you can make a lot of money on the way up and the way down” if you hang in there with a downtrending company and I did, but that money was NOT made on stock options. When I left in 2003 with thousands of fully vested shares…they all were so far ‘underwater’ that all were worthless.

Vignette_Logo_1000x288Don’t think “Oh poor Stevie…he missed out on being rich” since I’ve done all right over the years and have a wonderful family, friends, my health and (hopefully, if the economy holds) a solid retirement portfolio. Plus, my Vignette experience was a remarkably good one. I worked with lots of great people, met and hung out with a handful of executive-level customers, most of whom I’m still in touch with to this day. Went on club trips (my wife and I took our kids with us to Maui to the Four Seasons) and learned a lot playing the enterprise game at that level.

Sure would have been nice to make millions though, heh? Yes, but after a stint running strategic alliances at Lawson Software (now part of Infor), I ended up going off on my own to perform management consulting and had an opportunity with startups and young companies that gained me tens of thousands of stock warrants…ones that would surely make me rich. Or so I hoped.  [Read more…]

post

Give Yourself for Christmas

Often I roll my eyes over people’s Facebook postings of clutching-at-your-heartstrings videos, but this one was surprisingly thought-provoking. My wife’s cousin posted this today and thought I’d share it.

Comes from a woman named Anna Johndrow, who published it in December of last year and she said this about it, “I found the message of this video from IKEA in Spain so touching and special that I translated and subtitled it. Hope you enjoy. Please share.

post

John Oliver on Surveillance

Love how he can wrap very serious content with enough funny stuff to keep us paying attention…and understanding what’s coming is exactly what we all need to do (and yes, that includes you):

post

NSA Files Decoded

guardian-nsa-files-decodedThe Edward Snowden revelations about the U.S. National Security Agency (NSA) and its vacuum surveillance, sadly seems to be fading from the public consciousness. Undoubtedly this is viewed as a positive by the intelligence community since they are continuing to accelerate their programs now seemingly unabated.

Awareness is one reason I was pleased to see this article that The Guardian wins an Emmy for coverage of NSA revelations. Their multimedia piece NSA Files Decoded is one of the best, most comprehensive and informative (dare I say “entertaining?”) pieces I’ve seen yet. Congratulations to The Guardian team!

If you care at all about the world our children and grandchildren will inherit, then you owe it to yourself to watch the videos or read articles at NSA Files Decoded. You might also consider paying attention to a relatively new website, The Intercept, so that you can stay aware, stay informed, and not be one of those who are naive about the unprecedented and growing power of the intelligence community and its surveillance of all U.S. citizens.

post

A Vacation in Rome: Angels, Demons and Dirt

angelOur vacation this year was to Rome, Italy and it was good and bad. I’ve been trying to reconcile this trip in my own mind but am still wrestling with it so thought best to get it out of my head and in a post.

Our family approached this trip with great anticipation. My kids are 26 and 19 so it is likely our last vacation together as only the four of us. Having never been to Rome, we planned for months. Here’s what we discovered, though these opinions are more mine than my wife or kids:

THE BAD

Tough to see, but the area in front of our five star hotel is littered with cigarette butts and trash...which is *everywhere* in Rome

Tough to see, but the area in front of our five star hotel is littered with cigarette butts and trash…which is *everywhere* in Rome (click for larger view)

1) THE FILTH: Oh my God is Rome filthy. Old is one thing, but cigarette butts, wrappers, cans and bottles, homeless people’s food debris (and urine) is everywhere, and no one has cleaned a sidewalk here since the time of Caesar (or so it seems). It is just simply dirty.

What really stunned me, though, was the endless graffiti. It covers every surface from upscale hotels and office buildings, to subway cars to every shop and apartment building.

graffiti1

Even in the town near Ostia Antica, the ancient Roman port city, there was graffiti on buildings.

Over several days as we were in neighborhood after neighborhood, tony shopping districts, the subway, towns outside Rome, and even major attractions, and the thought that kept coming in to my mind constantly was, “Man…Rome is a shithole!” and I couldn’t figure out if Romans didn’t care about Rome, or corruption is rampant so no one does much work, or something that makes people put up with this in a city with as much potential as this one.

graffiti2

Every subway car was covered, windows etched with knives, and graffiti was all over the inside too.

This filth, or lackadaisical attitude about the cleanliness of the city, even translates to the overwhelming majority of cars driven by Romans in the city. Nearly every vehicle I looked at on the road, in parking lots and parked on the side of roads was scratched, dinged and just simply dirty. Even new cars. I just didn’t get it, especially from this land and people who have designed and given us Ferraris and Lamborghinis.

I actually had my small wallet in a front pocket but the pickpocket got it anyway

I actually had my small wallet in a front pocket but the pickpocket got it anyway

2) THE CRIME: Our last day we were riding the metro bus from a museum near the Vatican and my wallet was pickpocketed. Even though I’d taken incredible caution for the entire trip—especially since every guidebook warns over-and-over again to wear a moneybelt and be extremely cautious—this time I slipped it into my pocket so someone grabbed it. To say I was upset and angry is an understatement, so much so my daughter got off the bus since I was “making a scene.”

Coat of arms of the Carabinieri

Coat of arms of the Carabinieri

We went back to our hotel room to cancel my credit cards and place a fraud alert on our credit report, when a call came in from the front desk. Turns out a team from the Carabinieri, the Italian national military police, had busted a gang of Romanian pickpockets and they found my wallet in one guy’s backpack!

I got everything back. To say I was stunned and amazed is putting it mildly. Based on all the TripAdvisor forum posts, the articles and forum post at travel expert Rick Steves website, this type of crime is rampant in Rome and, as Steves said in one article, “...at least one person on every tour is pickpocketed.”

The scams, people hustling, and the ripoffs made me feel like I was traveling to a third world country, not a modern one like Italy.

But there was a lot of good and amazing things to see and experience and we had those too, thankfully.

[Read more…]