Marianne Plays With Computers

My Digital Adventures

Dude, My Car’s Been Hacked! — August 15, 2015

Dude, My Car’s Been Hacked!

So I’m the last person in the world to break this story, but in case you haven’t heard, your car may now be vulnerable to hackers. Thankfully, Chrysler has issued a recall for the affected vehicles.

I know that we all want to be connected all the time, and that the convenience adds a lot to our lives. I don’t even remember how I used to get around town without GPS to guide me. I think I got lost a lot. And remembered exit numbers a lot better than I do now.

But this is the price we pay. For each convenience that allows helpful data in, a hacker sees a way to get their own data in instead. When you’re looking for your next vehicle, for each helpful little gadget, ask yourself what could happen if it went terribly wrong. When your doctor wants to monitor your health over the Internet, ask her how your private data is being protected. And if someone offers you a bionic implant that can be “updated” remotely, just say no.

Advertisements
The Little Browser Hack That Helps Me Browse Safer — August 11, 2015

The Little Browser Hack That Helps Me Browse Safer

Although malware often needs to trick users into installing or running it, there are still drive-by downloads that can hurt your computer when you merely browse to an infected site. It may not even be a malicious site. Legitimate web sites have been defaced with malware. Even the advertising that keeps so much of the internet free can get you.

There’s a little trick you can do, though, that will keep you safer without being much more than a blip in your browsing. I read about this little browser tweak a few months ago, instantly implemented it, and haven’t regretted it a bit. You just prevent plugins from running in your browser unless you explicitly allow it.

In Chrome, click the menu (three vertical lines on the right-hand side of the toolbar) and select “Settings.” Scroll all the way down and click “Show advanced settings…” Under “Privacy,” click “Content settings…” Scroll down to the “Plugins” section and select “Let me choose when to run plugin content.” Click the “Done” button at the bottom.

Firefox has taken a different approach. The good news is that in newer versions of the browser many plugins no longer run by default. It will also warn you if the plugin is outdated or known to be vulnerable. However, if you want to review your configured actions, click the menu and select “Options.” Select “Applications” on the left. You can then scroll through the list of content types and review the action performed for each. One of the possible actions is “Always Ask,” which should give you functionality similar to Chrome’s.

Many web-based threats exploit plugins in your browser in order to do bad things. By taking control of the plugins, you can plug this hole in your system. It may result in a few seconds of inconvenience while browsing, but I think the safety you gain is worth it. Plus, there’s a bonus – no more obnoxious auto-play flash ads!

Internet Privacy? — July 27, 2015

Internet Privacy?

As you’ve probably heard by now, cheaters’ dating site AshleyMadison has been hacked, and details about a sampling of accounts have been posted online. A claimed motive is the site’s “full delete” feature that promised users that their personal information and usage data stored by the website could be deleted with the payment of a fee. The hackers claim that this feature is “a complete lie.”

Although this is only the latest in a long string of information leaks, it is also one of the most sensitive. Since the website’s target audience is married people wishing to have an affair, most users presumably trusted that their information would be kept private. Although parent company Avid Life Media presumably never intended to break their customers’ trust, the results are the same.

So you’re not cheating on your spouse, so you have nothing to worry about, right? Well, I guess it depends on what kinds of things you worry about. So you don’t have an account on a hookup website. What have you been posting on your Facebook account? And what are your privacy settings? Do “friends of friends” know what city you live in and that you are on vacation out of state? Or even the whole world? What about your Instagram? Are your pictures telling strangers where your kids go to school and which Starbucks you frequent? What about that Google document where you wrote about your secret crush?

Everyone has a different tolerance for privacy, and that’s OK. But the Internet is not a good place for things that you want to keep private. Even if you’re doing everything right and have your settings all locked down, you still don’t have control over the information that you’re storing (or allowing someone else to store) on the Internet.

I try to keep some stuff private. I have my Facebook account pretty locked down, only letting friends see most of my posts. I only accept friend requests from people if I actually know who they are. I shut down my Instagram account a few years ago. (I didn’t use it that much, anyway.)

But.

I also assume that anything I put out there might become public some day. I don’t put anything on the Internet that I want to hide from anyone. I think twice before hitting post. I ask myself if I’m OK with my mom, my pastor, and my future employer seeing what I’m writing. Because you truly never know.

The Big Breach — July 10, 2015

The Big Breach

Today’s post is about a topic that’s close to my heart. And my credit report.

As you may have heard, personal information belonging to millions of federal employees and others was stolen from the Office of Personnel Management and and the Interior Department. That was bad.

But this week, it’s come out that it’s not just personally identifiable information (PII) that’s been stolen, but fingerprints as well.

This brings up one of the major problems with using biometric identification as an authentication mechanism. Passwords can be changed. Credit cards can be replaced. In extreme cases, you may even be able to get a new social security number. But biometrics are, by definition, a part of you. You can’t just go out and change your voice print or get a new set of fingerprints.

I understand why the keepers of really important data use biometrics. “Something you are” is one of the fundamental authentication mechanisms. (The other two are “something you know” — like a password — and “something you have” — like a keycard.) And two-factor authentication is a must for any really important data.

But if your data is so important that you literally “want a piece of me” to allow me to work with it, then have the decency to protect it at least that well. Unfortunately, the federal government has a history of failing to protect the data in its charge.

The OPM director has resigned over this incident. It will be easy to say that the problem will be solved under a new director. Perhaps the next person to accept the responsibility of this office will in fact do better. But until those in charge value their employees’ personal data and their citizens’ trust more than their positions of power, we will continue to see incidents like this in the government.

Who am I and What am I Doing Here? — July 6, 2015

Who am I and What am I Doing Here?

Lest I repeat myself, you can check out my new About page to find out!

TL;DR

Basically, I’m here to help with computer and security problems. Some of my posts will be technical, and some not so much. Some may not even be directly related to technology. Especially here at first, I’m going to be experimenting with some different kinds of posts and trying to find my audience.

Anyway, I’m having fun, and I hope you enjoy reading my blog as much as I’m enjoying creating it!