Wednesday, December 18, 2013

Shop safely this holiday season

A message from your friendly neighborhood Information Security Manager:

Here are just a few tips for shopping safely and keeping your personal data safe this holiday season...

Shopping in the physical world
- Don't leave purchased items in plain sight in your vehicle.  If you're going back-and-forth to your vehicle to store packages, make sure that the gifts you’ve bought aren't in plain sight. Lock gift purchases in your trunk or in the back with a tarp over them if you have an SUV.
- When shopping at night, try to park under a street lamp even if it means walking a little further.  Would-be thieves are more prone to do their dirt where the lighting is low--and it will be safer for you, too.
- Make it a point to show your identification card when paying by credit card, even if the court does not ask for it.  Clerks are supposed to check this for purchases over a specific amount--typically $50.  Showing your identification card is a good precautionary step to authenticate your use of your own cards and encourages retailers to prevent fraudulent use.
- Take inventory of the cards that you have in your wallet or purse.  In the event that you should lose your wallet or purse while shopping, you'll have a list correlating to the lender you should call. 
- If you're purchasing (or using) gift cards, be aware of the use limitations on them.  For instance, restaurants will typically put a hold on a card for an amount that includes the bill total plus an anticipated tip.  Also, some prepaid cards require the use of a PIN to use--recipients should be made aware of this and have guidance in the event the debit card is lost.
- Protect your personal information like your life depends on it.  Some retailers (e.g., Best Buy) are now asking for a swipe of your driver’s license in order to return product. While a VISUAL inspection of your government identity card--drivers license, passport, etc.--is fine, swiping the magnetic stripe or photocopying is not as it allows the retailer to retain personal data they NOT need to do a simple return.  Assuming you have the original receipt and/or the original card used, simply ask the cashier to verify identity the old fashioned way to protect your personal data.

Shopping online
Additional tips for shopping online à click here


'Nough said,

+THINKER

Thursday, October 17, 2013

"Gravity" was okay, but it could have been better...


[Spoiler Alert!] Saw "Gravity" a few weeks back... I'll preface by mentioning that I generally like George Clooney in pretty much everything he's been in—except "The Fantastic Mr. Fox"...what was he thinking???  …but I digress.  Clooney was great in this movie, too, but he doesn’t get enough screen time to matter.  More on this later.  Now Sandra Bullock is no scrub, yet the director has her playing a medical doctor, and changing circuit boards in Earth's orbit.  Really? To be fair, Sci-Fi films often ask us to take leaps of faith, and I'm generally cool with that unless a film takes itself too seriously.  Still, “Gravity” rather promotes itself as plausible fiction.  In this case, following a "storm" of shrapnel from another (unseen) space station, the unknown, minority actor gets his head imploded after which he and the rest of the team—except for Sandra and Clooney—become human popsicles.

Sandra finds herself floating, untethered, in deep space.  She’s helpless.  She’s spinning uncontrollably and has no visual of the station.  Who saves the day?  Why Clooney, of course!—Leap of faith number one.  He must have had a Tesla-sized battery pack and a space suit full of jet fuel to reach her, make it back to the first, battered space station and then to a second one—Leap of faith number two.  Are space stations really that close in the real world?  The viewer is left to postulate as the next “tense” problem presents itself.

Clooney gets caught up in the next wave of space shrapnel and the movie ditches its "lost in space" theme and turns into "Cast Away (Space Edition)" with Sandra Bullock.  As she talks to herself throughout the balance of the film, she manages to hopscotch to yet another space station—this one left by the Chinese—that is intact enough to get her back to Earth.  But not before she has a hallucination that involves…wait for it…George Clooney!

Clooney and James Spader (see The Black List, Boston Legal, and The Practice) are the co-Kings of the monologue.  Clooney’s scenes are worth their weight in gold here, but it’s still not enough to make up for the boredom that ensues when he’s not on screen.   Don’t get me wrong, Sandra Bullock’s acting chops are good, but the story is so predictable it becomes anticlimactic.  Sandra manages to get to Chinese space station.  Sandra finds said space station is still operational, full of oxygen, and she can interpret Chinese hanzi characters well enough to get it all going and land safely on Earth—Leap of faith number three. 


I really wanted to like this movie.  It has all the requisite elements—A-list actors, Space, tense situations, great special effects—but in the end space was just the backdrop for the drama of a woman wanting to get home.  Even the name of the film, Gravity, is powerful and to the point.  The sum of the parts leaves at least this one wanting something more.  Or perhaps less?  Was there even a question as to whether Sandra was going to escape the capsule as it filled with water at the end?  It would have been more dramatic if, after all she’d been through, that she wound up drowning or running out of air after reaching Earth.  I know, that’s probably not the happy ending everyone would have preferred, but it certainly would have made for an intense fade to black.  Grade:  B-

'Nough Said,
+Thinker

Thursday, August 22, 2013

Don’t look now, but Microsoft is about to become a Deadbeat Dad!

At sound of you reading this sentence you will no longer be asleep.  Awake?  Good!  So what was it like being asleep for so long?  If you’re still using Microsoft Windows XP, you’re the technology equivalent of Rip Van Winkle.  To quote Lawrence Fishburne from School Days, “Wake UPPPPPppppp!!!!”   

While you were sleeping, your software is going to turn into a pumpkin on April 8, 2014 and Microsoft will be content to become a Deadbeat Dad—that is to say, they will no longer support Windows XP per their website announcement (http://www.microsoft.com/en-us/windows/endofsupport.aspx).  I suppose as a consumer with an aging XP machine I rarely use anyway, I should be flustered, angry, or bitter about this announcement, but I find myself indifferent because this is the typical audacity I’ve come to expect from the Death Star in Redmond.

 Imagine a car company—let’s call it Mega Motor Company—that is so successful that they effectively have 80% of the market.  MMC only introduces a new model only every 5-8 years, but they intend to dispense support for an older model that has 20% market share in order to force consumers to buy a new jalopy that’s effectively the same vehicle underneath with “freshened” body panels.   Future calls for support will go something like this:

Mega Motor Co. Support operator:  Hi, thanks for calling Mega Motor Company, where we sell you what WE want to and you shouldn’t expect much else.

Consumer:  Hi, I’d like to schedule an oil change and a tire rotation?

MMC operator:  Sorry, but we’re no longer supporting your vehicle model.

Consumer:  Oh really?  Well I guess I’ll just take my jalopy to another shop!

MMC operator:  Not so fast.  Everything on your vehicle is proprietary so only MMC can work on it.  If you get someone dumb enough to provide the support you seek, we’ll sue them back to the Stone Age.

Car companies use platforms to sell “different” cars to distinguishing tastes all the time.  What they don’t do is thumb their nose at the cash cow that is their customers.  Sound crazy you say?  Not really.   That scenario pretty well describes Microsoft.  As of January, 2013, Microsoft had 80% of the operating system market—20% of which was attributed to Windows XP (Ref.: http://www.w3schools.com/browsers/browsers_os.asp ).  Oh, and that 20% translates to about 500 MeeeEEeel-yun users! (Ref.  http://www.businessinsider.com/microsoft-to-cut-windows-xp-2013-4 )  Yet there is no outrage…no protests…not even a blip on the nightly news or CNN. 

Now I won’t even go into the reasons why a company with >80% market share has not undergone anti-trust scrutiny—that’s a discussion for another day, but for comparison:  Delta Airlines has 16.3% market share and the impending merger between U.S. Airways and American (which will result in an "unheard of" 21% market share) has state legislators in arms! (Ref. http://www.usnews.com/news/articles/2013/08/13/regulators-sue-to-stop-american-airlines-us-airways-merger-but-why-now ) ...but I digress.

What I find amazing is how Microsoft can use subtlety—“You can depend on your firewall and anti-virus software if you want to, but no amount of software add-on will protect your old OS from being compromised.”  And don’t think for one minute there isn’t  a team of developers in a back room in Redmond making sure such things happen.  Don’t you wonder why that really expensive car part breaks just beyond the warranty expiration?  Brace yourself.  The software gremlins are coming!  And like any good dealer, Microsoft will be there to give you a fix…

Mega Motor ServiceTechnician:  I’m not authorized to fix your problem, but let me take you to the showroom where you can buy more lipstick on  a pig…er…our new jalopy.  You know, the one with tiles instead of a start button.

Microsoft shows no shame in being a Deadbeat Dad, but that’s how it goes in the software business.  Now please continue to stare at your screen.  You are getting sleeEEEeepy…


Monday, April 22, 2013

*Phishing Scam Alert...and no, it's not the one from Nigeria this time...


Head's up regarding a Phishing scam that affected someone I know and had their e-mail credentials compromised. The e-mail may be distributed to an undisclosed list of recipients from someone you actually know. The subject says "Check out this property!" and has a "Click Here" link. In the interest of discovery, I clicked via a safe VirtualMachine and landed on http://pptyavail.c0ldwellbanker.us.jas/..[Do not bother to click on the Link, it's been modified to protect the technically challenged], a page that looks like it might be from Coldwell Banker. There's another "Click Here" button that prompts you to provide your login credentials from one of the four major e-mail systems--AOL, Yahoo, Gmail, and Windows Live. Here's the sneaky part: After you provide your credentials you're forwarded to a bonafide Coldwell Bank site. 

So how do you know if you're getting scammed? Here are some of the signs:

i) Ask yourself: Do you know the person who sent you the e-mail? and Is this something they would send? Context is important.

ii) Was the message sent to undisclosed recipients? Ask yourself: Why would someone do this? There are good reasons--distribution list from church, community group, intramural sports, etc. But more likely it's because the sender doesn't want you to see the hundreds--if not thousands--of users he's sent the message to.

iii) Is the URL an Extended Validation SSL site? If it isn't that doesn't make every site bogus, but it does mean you need to look more closely at the URL.  Very briefly, most people know by now that SSL encrypts the data traffic between your browser and the destination site. All you need to know about EV SSL sites is that the associated certificates are much harder to obtain by illegitimate groups, and when you go to EV SSL sites your address bar will change color--usually yellow or green, depending upon what browser you're using. Try browsing to your bank's web page. Most of the major banks use EV certs.

iv) Does the URL have a legit name you recognize in the HOST part of the domain name--that's the name to the immediate left of .com, .edu., .org, etc. (e.g., in login.wellsfargo.com, login is the subdomain, wellsfargo is the host domain, .com is the second level domain) A hacker will try to trip you up by inserting a name you recognize in the subdomain, because there are no controls on what a subdomain can be named (e.g., wellsfargo.hackersite.com)

v) Does the site ask you for credentials from an account not associated with the site you're on? If so, that should be a Red flag! Sirens should be going off in your head. Now facebook has an interface that allows single sign on to other apps, but a legit site won't need to ask you for credentials if you're already signed in (and have an active session) on facebook. Likewise, if you're asked to provide e-mail credentials, ask yourself why a bank needs to know your e-mail address AND the password. Unless you're accessing your web-based e-mail directly, NEVER provide this information to anyone.

In summary, if you're at work and you stumble upon one of these phishing emails, notify your Information Security folks of I.T. department pronto. If you're at home and you get one, most email services have a way of flagging the message sender as SPAM or you can forward to SPAM@.com

Hope this helps! I know we want to share with folks we trust, but let's be careful with the data we give up so willingly!


'Nough said
+THINKER

Wednesday, January 16, 2013

Karma is a witch, Lance…which is why there’s no coming back from the deep, dark hole you’re in.



Happy 2013, everyone!  You’ve no doubt heard about the forthcoming “confession” that Lance Armstrong has reportedly provided to Oprah.  Like many others, I’ll DVR the Oprah’s Next Chapter program on the Oprah Winfrey Network (OWN) and zip through the commercials to hear Armstrong’s assertions for myself.   What you’ve probably heard far less about are the details regarding the evidence that led USADA to taking Lance Armstrong’s Tour de France titles and banning him from cycling for life.  I won’t bore you with the details—you can get the gist here—but what I can tell you is that the amount of evidence can be described as nothing short of “mountainous.”  So if Americans are so forgiving, why are so many people “kicking him when he’s down?”  Maybe… just maybe… he deserves it?  Call it karma.  Call it hater-ation.  How about considering for a moment that it’s warranted.  No one likes a bully.  And most people would agree that everyone is entitled—although there are certainly limits—to the extent which one is able to express repentance an obtain absolution.  There are limits though. For example, considered by some to be a bully in his day, think about Pete Rose (aka “Charlie Hustle”).   

Pete Rose, a switch hitter, is the all-time Major League leader in hits (4,256), games played (3,562), at-bats (14,053) and outs (10,328).  He won three World Series rings, three batting titles, one Most Valuable Player Award, two Gold Gloves, the Rookie of the Year Award, and made 18 All-Star appearances—18!!!—at an unequaled five different positions (2B, LF, RF, 3B & 1B).  By any measure, Rose belongs in baseball’s hall of fame(HOF); however, once it was clear that Pete Rose had gambled on baseball while active as a coach—and even bet on his own team—the result was definitely clear: (in Seinfeld Soup Nazi voice) “No Hall of Fame for you!” 

 Banned for life by baseball’s commissioner Rose is, and rightly so in my opinion.  Betting while an active member of MLB was reprehensible and affected the integrity of the sport itself.   I support that position and continue to feel it weighs far more heavily that the simple notion that the baseball HOF is a museum, and therefore he should be in there.  Let the almanac people take care of tracking the statistics.  If integrity cannot be the “floor” on which your HOF stands, then what’s the point?  Here’s the thing: what Pete Rose did pales in comparison to how Lance Armstrong damaged cycling.

Lance Armstrong was—and arguably, still is—the “Tiger Woods” of his sport.  People watched the Tour de France just to see him ride and see how the cyclist with the incredible cancer recovery story could endure pain and win against able-bodied riders.  Too good to be true?  Sure.  But people like a feel good story and following Lance’s success became a sport in much the same way of following the count of Tiger’s major tournament wins.  Lance even donated money and was instrumental in raising money to support LiveStrong, his cancer research foundation.  Where the tale begins to crumble is that Lance’s success was all built on not just a lie, but on a well-funded, well-orchestrated doping program that he led (allegedly) such that the sport with the most extensive drug testing program in the world could not detect wrongdoing.   Let me state that again: the sport with the most extensive drug testing program in the world.  Yes, cycling.

Despite being lampooned as having mostly doped up riders, no other sport—not baseball, football, basketball, hockey, tennis, golf, swimming/diving, gymnastics, or track & field—comes close.  Cycling has them all beat in terms of extent to which they test (frequency), and the quality of testing by comparing each cyclist’s test results against their individual established biological/cellular baseline.  No other sport is as successful in identifying the cheaters, either, which is why the NFL is reticent to go all out with testing for steroids because performance enhancing drugs (PEDs) affect people’s opinion about the legitimacy of the game.  Make no mistake, the NFL and other sports commissioners are watching resolutely in how all this “truth” is affecting the popularity of cycling.  Still, if all Lance did was lie about PEDs, that would be bad enough, but he went beyond that. 

Armstrong used money, power, and influence to dismantle and crush the credibility of anyone who questioned him—even when they were under oath.  And like dopes people are—pun intended—many continued to buy Lance’s story.  Maybe it was because people want to believe that Lance was helping cancer patients for all the right reasons.  Or maybe people had their collective heads in the sand thinking the end justified the means.  I believe it’s a combination of those factors and the fact that most people don’t understand the commerce of cycling.  Unlike other sports, cyclists typically do not make millions of dollars.  Don’t get me wrong, they make a good living riding a bike, but few people understand how cyclists make money.  It’s actually pretty simple. 

Think about a cyclist in the same manner as you see a race car driver.  Like race drivers, cyclists must have sponsors for their teams to fund seasonal campaigns.  In return, the sponsors get advertising space on the uniforms and additional visibility—read: media coverage—when their rider wins.  When your livelihood is based upon performance and perception, even small influences can mean the difference between getting a sponsor and effectively being ostracized from the sport.  To wit, any time some witnessed and identified Armstrong as a PED user--usually, these were his fellow riders—he denigrated them to the point where they couldn’t get sponsors.  And he was ruthless and vicious in how he did it.

So Lance cheated.  So what? 
So he lied to protect himself and his foundation. So what?
So he disparaged other riders who might cripple his empire.  So what?  Why do you care?
What I have the most distaste for is two-fold:
1.       I resent the fact that Armstrong used LiveStrong as a shield to cover his PED machinations and further extend his own personal pursuit of sponsors who bought into his demigod status that transcended the sport.  And if you think “transcending the sport” is an understatement, ask yourself:
·         How many bike races—not including Olympics or fringe sports (e.g. XGames)—have you watched in the last 20 years that didn’t include Lance Armstrong (if any)?
·         Assuming you don’t following cycling in hard core fashion, can you even name a contemporary cyclist other than perhaps Greg LeMond or Miguel Indurain?--*Note:  LeMond and Indurain won 3 and 5 tours, respectively.  Neither has won the big tour since 1995.
·         How many times have you seen or heard about Lance outside of race events in the media (e.g. Entertainment shows, news, etc.) vs. any other rider (e.g., who?)?

2.       I’m so incensed by this notion that pro athletes really don’t “get it.”  Even the ones who never really needed PEDs—read: Bonds, Sosa, Clemmons—the fact that they took those drugs influences what kids do and has a trickle-down effect on college and high school students.  To say nothing of intramural sports athletes.

For the record, my final point in all this is not to convince you to hate Lance Armstrong.  Quite the contrary, despite all the facts, he still comes across as an everyman (a la Peyton Manning) to me.  Albeit one that has flaws, Lance is somehow still marginally believable.  Perhaps that’s just the image he wants us to see.  Perhaps his current “I’m sorry” tour he’s embarking on is, as many in the websphere—including yours truly—suspect, is not genuine remorse, but more about covering his ass from all of the lawsuits that may be forthcoming.  Fact is, he’s going to have to give much of the ill-gotten gains back.  It’s one thing to be apologetic from bonafide regret.  It’s quite another to feign sorrow because you got caught.

Listening to ESPN Radio this morning, I couldn’t help but listen to broadcaster Stuart Scott’s story in which Lance reached out to him personally when Stuart was diagnosed with cancer.  Stuart cited that Lance gave him the phone number of executive director at LiveStrong and told him, “If you need anything, I’m here for you.”  Blah, blah, blah.  I take nothing away from Lance’s compassion for Stuart Scott, but trust me when I tell you he’s not providing the executive director’s number to every person he meets who is so diagnosed.  Millions of people either know someone or are affected directly by this disease.  For the record, I lost two grandparents and my birth father to cancer, so I’m sensitive to the impact Armstrong has made on the cancer research front.  There are plenty of other organizations that do equally great work and are worthy of your time and donations—Susan G. Komen foundation (http://ww5.komen.org ),  National Marrow donor program (www.marrow.org ), and Love-Hope-Strength (http://lovehopestrength.org ) among them.  In the final analysis, Lance’s charity work does not excuse the plethora of decisions he’s made purely for personal gain. 

Karma is a witch, Lance…which is why there’s no coming back from the deep, dark hole you’re in.  You’d have done everyone a bigger favor by just disappearing.  Instead, you chose the “let’s see how I can rehab my image” route—most likely by following the advice of one of those parasite image counselors.  Like people who yell “fire” in a movie theatre, you have the freedom of speech to say what you think you need to say.  And like those same people, you need to be prepared to face the consequences.  Break a leg, dude…no really.

‘Nough Said,
+THINKER