Everything works right when Cameron Park Computer Services is running the network
to http://markgermanos.wordpress.com. In an effort to make my life easier, I am switching to one primary blog at http://markgermanos.wordpress.com. Please update your notes and follow me there. Thanks.
The Stop Online Piracy Act is very dangerous. It gives lawyers the power to shut down web sites of their clients' competitors. Very dangerous piece of legislation. Dangerous. Dangerous. Call your Senator and tell them this is awful and must be defeated. Barbara Boxer is at (202) 224-3553 and Diane Feinstein is at (202) 224-3841.
Herbert Thompson seems like just another smart academic software developer who loves formulas and geeking out. But he’s also stolen the identities of several casual acquaintances. In fact in one case he gained access to a bank account in seven shockingly simple steps. And he used no special programming tricks, just common sense.
Thompson stole identities as an experiment back in 2008 to show the public how easy it is to get access to personal data and banking information. He proved it only requires some simple surfing for freely available personal data and cobbling it together in powerfully creative ways. Thompson began his experiments by first receiving permission from people he barely knew to try to break into their bank accounts. What the following steps show is how vulnerable we all are to security breach.
The victim:
He knew her name was Kim, where she was from, where she worked and roughly her age. He also knew the name of her bank and her username although as Thompson says, this was easy to guess—it was her first initial and last name. (Note: Change your username to something a bit less obvious.)
Seven Steps:
1) Google search. He googles her. Finds a blog and a resume. (Thompson called her blog a “goldmine.”) He gets information about grandparents, pets, hometown. Most important he gets her college email address and current gmail address.
2) Next stop: Password recovery feature on her bank’s web site. He attempts to reset her bank password. But the bank sends a reset link to her email, which he does not have access to. So he needs to get access to her gmail.
3) Gmail access. He attempts to reset her gmail password but gmail sends this to her college email address. Gmail tells you this address’ domain (at least it did in 2008 when Thompson conducted the experiments) so he knew he had to get access to that specific address.
4) College email account page. Thompson clicks the “forgot password” link on this page and winds up facing a few questions. Home address, home zip code and home country? No problem, Thompson has it all from her resume. The same resume found from the simple google search done earlier. Then came a stumbling block: the college wanted her birthday. But he only had a rough idea of her age, no actual birth date.
5) State traffic court web site. Apparently you can search for violations and court appearances by name! And such records include a birth date. (Facebook also makes this piece of data very easy to get even if people do not note their birth year…remember Thompson knew roughly how old Kim was.) But he had no luck with the Department of Motor Vehicles.
6) Thompson goes back to the blog and does a search for “birthday.” He gets a date but no year.
7) Finally, Thompson attempts the college reset password again. He fills in her birth date, and simply guesses the year. He gets it wrong. But the site gives him five chances, and tells him which field has the error. So he continues to guess. He gets access in under five guesses. He changes her college password. This gives him access to her gmail password reset email. Google requires some personal information which he is able to get easily from her blog (e.g., father’s middle name.) Thompson changes the gmail password and that gives him access to the bank account reset password email. Here again he is asked for personal information but nothing that he could not glean from Kim’s blog (e.g., pet name and phone number.) He resets the bank password and bingo, has immediate access to all her records and money.
From Thompson:
Needless to say, Kim was disturbed. Her whole digital identity sat precariously on the foundation of her college e-mail account; once I had access to it, the rest of the security defenses fell like a row of dominoes. What’s striking about Kim’s case is how common it is. For many of us, the abundance of personal information we put online combined with the popular model of sending a password reset e-mail has our online security resting unsteadily on the shoulders of one or two e-mail accounts.
Yes in this case the personal information came from her blog but it could have easily come from a Facebook page or other online community pages.
Thompson provides sage advice on Scientific American:
Go and do a self-check. Try to reset you passwords and see what questions are asked to verify your identity. Some questions are better than others. Date of birth, for example, is bad. In addition to the DMV, there is a wealth of public records available online where folks can track down when you were born. Most account reset features give you a choice of questions or methods to use. Go for questions that ask about obscure things that you won’t forget (or can at least look up), like your favorite frequent flyer number. Avoid questions that are easy to guess, such as which state you opened your bank account in.
It’s also critical to remember that once you put data online, it’s almost impossible to delete it later. The more you blog about yourself, the more details you put in your social networking profiles, the more information about you is being archived, copied, backed up and analyzed almost immediately. Think first, post later.
***
Christie Nicholson granted reprint permission. See http://www.smartplanet.com/blog/thinking-tech/how-to-steal-an-identity-in-seven-easy-steps/9487?tag=nl.e550 for the original post.
I have created a new word: PIMPAGE; the act of promoting one's own goods and services.
*****
Mark Anthony Germanos is the author of two books, Escape the Cubicle: How to leave your corporate or government job for something better and How to Make Computer Systems Work for You. Mark is the President of Cameron Park Computer Services. As a small business owner and computer networking consultant, he has seen habits that successful companies embrace. He helps his clients embrace those habits to increase their profits, efficiency and happiness. Mark feels those who embrace cloud computing, social media campaigns and QR Codes give themselves a comparative advantage over those who lag behind. Mark moved from Chicago and restarted his business in California with a cell phone and a Honda Civic. An active triathlete, he has a life, a dream wife and a dog. For additional details, visit http://cameronparkcomputer.com. Twitter: http://twitter.com/markgermanos. Facebook: http://facebook.com/cameronparkcomputer. LinkedIn: http://www.linkedin.com/in/markgermanos.
For anybody confused by computer and Internet jargon, I want to present a story. This helps answer the question: What is Search Engine Optimization?
A man finishes work on a Friday and goes home. He looks in the mirror and says "I want to meet three beautiful women tonight. I want them to adore me. I think I will need to dress well, have good hair and clean my teeth." He takes a shower, gets dressed, combs his hair, brushes his teeth and departs for the bar.
At the bar, he meets three beautiful women. Sure enough, they adore him. All three give him their names and phone numbers. They whisper to each other "He is wonderful. He dresses well, he has good hair and he has clean teeth."
His SEO campaign worked. He tweaked his appearance to meet what he thought his target audience wanted. How is your Internet marketing working? Are you attracting the right prospects? Are you attracting any prospects? Call 530-677-8864 today for a .COM audit. Initial consultations have no cost.
***
Mark Anthony Germanos is the author of two books, Escape the Cubicle: How to leave your corporate or government job for something better and How to Make Computer Systems Work for You. Mark is the President of Cameron Park Computer Services. As a small business owner and computer networking consultant, he has seen habits that successful companies embrace. He helps his clients embrace those habits to increase their profits, efficiency and happiness. Mark feels those who embrace cloud computing, social media campaigns and QR Codes give themselves a comparative advantage over those who lag behind. Mark moved from Chicago and restarted his business in California with a cell phone and a Honda Civic. An active triathlete, he has a life, a dream wife and a dog. For additional details, visit http://cameronparkcomputer.com. Twitter: http://twitter.com/markgermanos. Facebook: http://facebook.com/cameronparkcomputer. LinkedIn: http://www.linkedin.com/in/markgermanos.
A vendor who I did business with last year called and told me I had a $21 credit on the account. They will credit my charge card. That brings up a good point…never kill a phone number. You never know when someone will look at an old form or an old business card.
I am amazed how often I go to clients and see the business cards I passed out back in 2003-2005. People still view those cards as valid and call.
If you are looking at changing your phone number, I would suggest a) getting the new number and b) forwarding the current number to the new number or at least to a voicemail service. You do not know who will call.
Due to its high relevance (how strongly I agree with author Vineet Jain), I am reposting these valuable insights here:
2011 has been an exciting year for the cloud. Companies are starting to accept the idea of using internet-based services instead of servers they control themselves. That in turn has driven a push to make the technologies more mature — and the tech companies making those technologies are growing up too.
2012 will be a banner year for cloud technologies, from real business models that don’t just push free products to developing the way companies use the cloud to enable better and smarter ways to work.
It’s with that backdrop that I envision the following five trends coming to prominence over the next year.
1. Hybrid is the new black – and we’re not talking cars.
The amorphous “cloud” has certainly laid its claim to many hearts and minds, but enterprises aren’t going to just jump ship overnight. Like the hybrid car strategy, which marries the known with the new, enterprises will adopt hybrid clouds that maintain the benefits of traditional servers with the accessibility of the public cloud.
Time has already shown us that big enterprises are not the most adaptable of environments. Although they are living organisms that mutate when necessary, they move cautiously and attempt to create the most sustainable ecosystems possible. To that end, it’s very rare to see them make swift and extreme changes. They’re more likely to move in steps and adapt new technologies to existing ones in order to create a path towards change.
Because of this organizational behavior pattern and general aversion to major risk, I believe that you’ll see enterprise-wide shifts to a hybrid cloud model. That will allow them to keep the stability, speed and security blanket of having some of their infrastructure behind the firewall, married to the benefits of the public cloud. This way they gain the benefits of a cloud environment, but retain control of their intellectual property giving them a competitive advantage and peace of mind.
2. Tablets meet the other “Jobs” — the ones we go to everyday.
2012 is going to be all about how those slick devices we already use to read the news and watch movies will shift to become real business tools. And it’s going to be executives who will drive their use in the workplace. When the person in charge sees how useful something can be, they’ll make sure it gets accepted.
Cloud technologies are key to making tablets into useful business tools. Because tablets lack the storage and processing power of full-blown computers, they depend on internet-based computing resources. Cloud services also enable employees and executives to use whatever devices they want: As long as it has a browser, it can work with the cloud.
3. Offshoring is out, on-shoring is in.
The right people to do the job are often right here in the United States. Employers are going to realize they can on-shore jobs in Iowa or Idaho instead of looking to India or Ireland. Pay an engineer the local wage, leave them at home, give them access to the tools of a cloud commuter and it’s just like they’re working from the corporate office.
4. Freemium isn’t really free.
While the end user might not pay, there are enormous costs for businesses who have to support the patchwork of mediocre products designed only to solve one person’s problem, not solve an organizational problem. Not to mention the fact that it isn’t a sustainable business model — designed only to pump up the numbers and give the appearance of size. Didn’t we learn from the first dot com bubble?
5. Cloud commuting will get big.
We dropped the “p” from cloud computing because today’s office doesn’t have to be four walls and a water cooler. In fact, the cloud lets you sit in meetings, take calls and read endless email strings you’ve been copied on just like you’re in your cube. Between cheaper mobile devices, better productivity apps, easy internet access and acceptance of the cloud as a part of the corporate infrastructure, employers and employees can save corporations time, money and resources, with the added bonus of helping save the world by staying off the roads.
2012 looks to be a promising year filled with innovations that go beyond early adopter phase, and move into acceptance and executions phases.
Vineet Jain is the CEO and co-founder of Egnyte. Prior to Egnyte, Vineet founded and successfully built Valdero, a supply chain software solution provider, funded by KPCB, MDV and Trinity Ventures. He has held a rich variety of senior operational positions at companies like KPMG, Bechtel etc. in the past. He has 20 years of experience in building capital efficient and nimble organizations.
Yeah, you read that right. Our new site, that looks like our Twitter page, is in production at www.cameronparkcomputer.com. This new site has better formatting, integrated video and a more current message. We will be updating it often. Take a peek.
Jon BonJovi is alive. For anybody who mindlessly retweeted that he died, take note that I am now King of the World. Surrender your prized possessions to your new King, me.
A client downloaded a video of dogs playing piano and singing. He also downloaded a video player that changed his homepage and mandated a call to India, where someone took his credit card number. Sounds like a virus to me. If something looks suspect, do NOT download it. Better safe than sorry…when it comes to security and your credit card numbers.
