Friday, August 28, 2009
Under the bill, the President would have the power to disconnect the entire internet or individual networks within the United States. There is obvious potential for abuse here and I'd like to urge those of you who truly care about your liberty to write to your Senator and urge them to vote no on S.773 and any revisions of the bill.
Here's the letter I sent to both of my Senators earlier today:
"Senators Inhofe and Coburn,
I'm writing with my concerns over S.773, a bill which will give the President emergency powers over the Internet in the United States in the even of a "cybersecurity emergency". I'm writing to urge you to vote NO on this bill as it is an example of intrusive government and an administration overstepping it's powers.
The dangers to individual liberty and privacy posed by S.773 are numerous and the bill itself is not needed in light of how fast system administrators are to mitigate cyberattacks without government intervention. Again, I urge you to vote NO on S.773.
Thank you for your time and your service to our country.
I feel this letter is to the point, doesn't waste their time, and adequately says what I need to say. Feel free to use it as a template for your own letters or email to your Senators.
Tuesday, August 18, 2009
ABC's new reality program Shark Tank is an American take on the British "The Dragons Den" where venture capitalist bring in entrepreneurs to pitch their businesses for a shot at investment. Some of the entrepreneurs are absolutely insane, but some are genuine business geniuses who make both good and bad deals and, some of whom, will definitely live to regret the deals they close with the sharks.
This episode, which is week two, shows some of the stark reality of negotiating with venture capitalist when your business is on the line. Excellent show and I can't wait to see the next episode.
Sunday, August 2, 2009
After signing up to a new website, log out and go to the "forgot password" link. Almost every website has one and they usually only require you to put in your email address to have a password or password reminder sent to you. Go through the process and request your password. Then, wait to see what you get in your email.
Some websites, if not most, will send you either a password reminder or a link to completely reset your password to something new. But others, and there's a huge number of these like PlentyOfFish, MocoSpace, and others, who will just happily send you your password in your email.
That is a website that has just failed a security test.
By sending you your password, it shows that it's not stored in an encrypted form in their database. So anyone who breaks into their site has access to, not only everyone's personal information, but also their site password. Since many people use the same password for almost everything, getting one site password could lead to them having access to your email address, other sites you belong to, and even your online banking account. Additionally, they could use new information gained from breaching your other accounts to extend their reach into your life and, eventually, steal your identity.
I've closed many of my online accounts after they've failed this test. I usually send the site administrators an email telling them I am closing my account and detailing why. It shows that they aren't concerned about security and they are taking the laziest way of developing their site. If they don't put any thought into the user-facing side of security - the part hackers are going to attack on - how much can they really be putting on the non-user facing side that nobody is supposed to see?
It's time sites take our security seriously. Wake up administrators! We're watching you