Friday, August 28, 2009

New Senate bill would give the President emergency control of the internet. #government

S.773 or the Cybersecurity Act of 2009 is a new bill in the Senate that, if passed, would provide a way for the President to seize control of the Internet in the United States during an 'emergency situation' or cyberattack. This bill is odious for a number of reasons but, in particular, because of its potential privacy and civil liberty implications.

Under the bill, the President would have the power to disconnect the entire internet or individual networks within the United States. There is obvious potential for abuse here and I'd like to urge those of you who truly care about your liberty to write to your Senator and urge them to vote no on S.773 and any revisions of the bill.

Here's the letter I sent to both of my Senators earlier today:

"Senators Inhofe and Coburn,

I'm writing with my concerns over S.773, a bill which will give the President emergency powers over the Internet in the United States in the even of a "cybersecurity emergency". I'm writing to urge you to vote NO on this bill as it is an example of intrusive government and an administration overstepping it's powers.

The dangers to individual liberty and privacy posed by S.773 are numerous and the bill itself is not needed in light of how fast system administrators are to mitigate cyberattacks without government intervention. Again, I urge you to vote NO on S.773.

Thank you for your time and your service to our country.

Anthony Papillion"

I feel this letter is to the point, doesn't waste their time, and adequately says what I need to say. Feel free to use it as a template for your own letters or email to your Senators.

Tuesday, August 18, 2009

How would you handle these offers? Could you survive the tank?

ABC's new reality program Shark Tank is an American take on the British "The Dragons Den" where venture capitalist bring in entrepreneurs to pitch their businesses for a shot at investment. Some of the entrepreneurs are absolutely insane, but some are genuine business geniuses who make both good and bad deals and, some of whom, will definitely live to regret the deals they close with the sharks.

This episode, which is week two, shows some of the stark reality of negotiating with venture capitalist when your business is on the line. Excellent show and I can't wait to see the next episode.

Sunday, August 2, 2009

Is your information secure? A basic security test for every website you join #security #hacking

There's no doubt about it: our personal information is moving to the cloud. From Twitter and Facebook to our online banking account, almost everything about us is stored in a database somewhere online. But how secure is your information and how easy would it be for a hacker to get to it under the right circumstances? Here's a basic security test I put every website I join through and it's easy enough where anyone with about 5 minutes can do it as well:

After signing up to a new website, log out and go to the "forgot password" link. Almost every website has one and they usually only require you to put in your email address to have a password or password reminder sent to you. Go through the process and request your password. Then, wait to see what you get in your email.

Some websites, if not most, will send you either a password reminder or a link to completely reset your password to something new. But others, and there's a huge number of these like PlentyOfFish, MocoSpace, and others, who will just happily send you your password in your email.

That is a website that has just failed a security test.

By sending you your password, it shows that it's not stored in an encrypted form in their database. So anyone who breaks into their site has access to, not only everyone's personal information, but also their site password. Since many people use the same password for almost everything, getting one site password could lead to them having access to your email address, other sites you belong to, and even your online banking account. Additionally, they could use new information gained from breaching your other accounts to extend their reach into your life and, eventually, steal your identity.

I've closed many of my online accounts after they've failed this test. I usually send the site administrators an email telling them I am closing my account and detailing why. It shows that they aren't concerned about security and they are taking the laziest way of developing their site. If they don't put any thought into the user-facing side of security - the part hackers are going to attack on - how much can they really be putting on the non-user facing side that nobody is supposed to see?

It's time sites take our security seriously. Wake up administrators! We're watching you