bulletin board
events calendar
business directory

best friend
news briefs




Rules for the New Year

No one will ever ask you for your user name and password online, or by email, unless they are EVIL. Simple as that.

If someone you know does it, uninvite them from your next great party. Okay, you don't have to be that hard-nosed, but you get the point. Even a well-intentioned request shows some ignorance of the risk, and ignorance IS the most dangerous weapon known to humankind. We keep proving that, most notably on the worldwide scale. (I swear there's a humanity quota for ignorance that must be met but you can at least keep your friends from contributing.)

Know that your emails are not entirely hidden from other eyes. Know that instant messages are available to the world. Remember that Tweets, and other social networking stuff, are visible beyond the certain people you “allow” to view them. Your online empire has no clothes. There are ways to poke a window into the transfer of data and, aha!, there you are - exposed.

Our computing devices connect to the big network, the world, and are available for scanning because all of our devices talk, broadcasting constantly while we use them. Your online device is saying "Hello" and receiving “Hello” back all the time, making it visible to everyone connected to the same world as you. You can be hacked if you have a vulnerability - a weak password, a glitch in the operating software because you missed a security update - or if you fall prey to a message that asks for your password.

People with ill intent find you unless you turn your computing device off or disconnect from the internet.

Interactive TV is an example. With traditional TV you never had to worry about being hacked. You simply watched. “Interaction” was limited to rising out of your chair for more food or talking to your mates as they watched and driving them crazy with opinions. Now you watch AND you interact in cyber-space, signaling the world that you have presence. "H-e-l-l-o!"

Most Basic Rule: Unless you are logging in to a known website, don't give your out your password online - not email, not instant message, not anyhow. If you must reveal it, use the plain old telephone service. Just make sure that you make the call rather than responding to a call asking for your password.

There are means to encrypt your work so it looks like gibberish as it travels the internet, but we won't go into that for the moment. And I won't delve into Internet Protocol (IP) phone service which is just as vulnerable as your other computing/network adventures. This is just about a having a security mindset.

Other Rules:

  • Don't use a simple user name. A hard-to-guess username is kind of like a second password.
  • Don't use weak passwords. Use a mix of upper and lower case letters, a number, and a special character if allowed (@, $, !, etc.). Yes, you have to save that weird password somewhere. - scraps of paper, post-its, a black book mess of scribbling. I know, I forget and lose them all the time too.
  • When buying online, ALWAYS know who you are dealing with. Don't assume trust in a business deal. For that matter don't assume trust except with something that has proven up. Be aware of "phishing", a common hack practice that presents you with a web page that may look and act exactly like your usual online sales provider but sends your personal information to the dark depths of hack-dom and your identity isn't yours anymore until you spend tons of time, and angst, restoring it. That really, really sucks. Go to the shopping site yourself - don’t click a link to it that comes in an email because that’s how you are steered to the phony site.
  • Use web browsing systems that protect against unseen passage of code when you proceed to a web site. The Noscript add-on for the Firefox browser is highly recommended (see my previous column about privacy).

Rathery than constantly changing, most hack attempts are just repeats of the same methods. But trust that human ingenuity will think up new ways to cause trouble. Sigh! We are so very clever.

There's a large effort about to start in the U.S. that will scan computing devices that control and operate the nation's infrastructure, looking for security weaknesses. The fear is that these devices are vulnerable because they were built when there was little concern about many types of security issues. Back in "nice world" the threats feared now were pretty much non-existent. Now, experts predict a possible Pearl Harbor of cyber attack that could wreak havoc to systems we all depend on , like transportation and electricity.

Just identifying vulnerable systems is a HUGE step. Cool ingenuity has also given us a way to examine the hardware and, if it is vulnerable, allow the "fix" to proceed, all without slowing down processes.

We computing people, whether we actually write programs or just use our hand held device to jabber on Facebook, are all integral in online and networking security. We should always keep that in mind, without becoming paranoid. That's the way it used to be in Old World. Seems it is ever so important in this world as well.


Have a comment? >>

I'd be curious to know more about Tom Berry aside from the fact that he's a little older. Please do not post his passwords, user names or SSN.

Joseph Weaver