A Look Back At 2018 In Tech

Standard

The following was published in yesterday’s edition of Foster’s and Seacoast Sunday.

2018 has been quite a year for technology. While mostly good, there was also some pretty bad press for technology this past year.

Data breaches, privacy concerns and infiltration of social media platforms certainlypexels-photo-273011 highlighted the bad. Facebook, Google and others have been repeatedly grilled on Capitol Hill this year, mostly for good reason. Facebook has had perhaps their worst year since their meteoric rise to the top of the social media ladder. Concerns about Facebook were worsened by revelations that nefarious influence campaigns took advantage of serious privacy shortcomings within the platform’s ecosystem.

2018 started with the revelation of the Meltdown and Spectre flaws in nearly all of the chips that power computers. While the concern was valid, the impact was quickly contained and patched. As the new year took hold, more concerns came to light about potential foreign influence across the technology industry. From the before mentioned social media issues to concerns that companies like Huawei, ZTE and others could be embedding spy technology within their products, the year was off to a rocky start for tech.

Two of the biggest tech stories of the year are the arrival of GDPR, the strict European data privacy law and the reversal of net neutrality rules by the Federal Communications Commission. Europe’s GDPR or General Data Privacy Regulation, places the most stringent requirements yet on the protection of personal information. It reaches across borders and continents so that even if a company exists outside the European Union, if they employ just one citizen of the EU, they must comply.

With the number of households cutting the cable cord and moving to online only live TV and streaming services, the repeal of net neutrality rules raised a huge red flag. The concern is that high speed Internet providers would make deals with content providers and make some content available quickly and smoothly and other content painstakingly slow to frustrate the consumer into using the preferred content. There are some real concerns that some of this may be playing out, but so far, it does not seem to be so blatant as to draw legal attention. Time will tell, but the intersection of regulation and technology is front and center.

Hands free technology improved dramatically this year. Smartphones are safer than ever, provided you take advantage of their handsfree capabilities, especially in the car. Wireless power has also come on strong this year, allowing you to charge your favorite tech just by playing it on a charging pad. Maybe the battle for the charger will finally be over.

Collaboration tools really took off in 2018. Platforms such as Slack and Microsoft Teams have redefined the collaborative workplace. The ability to communicate in real time, whether in or out of the office and share content, have never been easier or more productive.

Personal devices continued to mature this year. The Apple Watch, now in its fourth iteration, has become the smart watch of choice. The capabilities and battery life continue to get better with every release. Similarly, smartphones like the iPhone or Galaxy Note are so powerful they may be the only device you need. Smartphones, tablets, wearable and portable PC’s continue to get smaller, lighter, more powerful and more capable, allowing you to do nearly anything that you can imagine almost anywhere at any time.

With all this technology comes the need for an ever more skilled technology workforce. We need the skilled labor force to continue to design, develop and support the technologies of today and what’s yet to come. Our schools need to rethink current curriculums to be sure that we are grooming the workforce of the future before the future passes us by.

It’s been a great year for technology, despite the high-profile headlines that expose the inevitable dangers that these same technologies may bring. In my next article, I’ll look forward into what 2019 may hold for technology developments. In the meantime, my best wishes for a Happy and Healthy New Year.

Today’s Emergency Alert

Standard

Did today’s emergency 911 alert concern you?  I hope it did.  As a result of a nationwide problem with one of the larger telecommunications and Internet providers, 911 services were down in many parts of the country.  Cell phone callers were the most impacted.

The outage effected areas from New York to California.  Washington State was hit particularly hard.  Cell phone users in many parts of the country received a government issued emergency alert today like the one below:

Key to this alert is the critical question, do you know the local 10-digit number for your police and fire department?  You should.

I have my local dispatch center number stored in my phone.  This next statement may upset some emergency officials, but several years ago, shortly after the implementation of the statewide 911 system in New Hampshire, a police officer that I know recommended that I never call 911 and instead call local dispatch.  Why?  This persons opinion was that the statewide system slowed emergency response.  When you call in to a 911 center, the operators ask information to both qualify the emergency and to offer immediate phone based help, when appropriate.  The 911 operator then calls the local dispatch center to send help.  Some feel this introduces unnecessary delays to the response.  Others say it helps avoid unnecessary dispatches and offers more immediate help, especially for health related emergencies while the caller waits for first responders to arrive.

I suspect there is a heated debate around this topic.  As it relates to todays emergency alert, I was feeling fine about it, as I have my local dispatch numbers.  If I were in an out of state location or somewhere else locally that I did not, I would need to depend on 911 and this would certainly concern me.

If you have not already, I recommend you put the local dispatch numbers for places you frequent.  Places like your home, place of work, family members you visit often, etc.  By storing them in your phone, hopefully you will never need them.  You don’t ever want to find yourself in a position of needing them and not having them.

With regard to the cause of today’s alert, the FCC is investigating the CenturyLink outage to determine why it took down one of the most important emergency communications netqorks we have.  The national 911 system was thought to be one of the most highly redundant communications systems in existence.  Today’s outage, which actually began yesterday afternoon, says otherwise.

Year End Scams – Be On Guard

Standard

With the major December holidays behind us, the New Year is right around the corner.

With the New Year, comes the flurry of tax forms that we need in order to file our corporate and personal tax forms in March and April.  Especially with key parts of the Federal government on furlough due to the current shutdown, the scammers will be out in full force!

Over the next week and into January, you should be receiving your W-2 and other various tax forms, mostly via US Mail, though more and more organizations are moving toward electronic distribution of these tax forms.

W-2 ScamBe very weary of any email you receive with a tax form attached.  It will almost certainly be a scam, with hackers looking to compromise your account and/or identity.  Most companies will ask you to login to their secure portal to retrieve your tax forms.  I recommend you do that by going to their site manually, not clicking on any links you may receive in an email and as I said earlier, never open an attachment like that.

This applies to HR departments as well.  They need to be on the lookout for scams where company executives ask them to email them all the issued W-2’s.  Do you know an executive that would ever ask for something like that?  I hope the answer is no.  This has happened in years past, so don’t let yourself get caught this year.  Certainly any company executive who needs access to this information has access via whatever systems you use.  Ask them to login and retrieve the information they need, but don’t give them any credentials to do so.  If the request is legitimate, they will have what they need and know you are doing the right thing.

Protect your privacy and remain vigilant!  The bad guys are out there, just waiting for you to slip up.  Think of like a game of Simon Says.  Don’t do it, if you don’t hear Simon Says 🙂

Happy Holidays to All!

Standard

I know I have not been as regular as I like to be on my blog these past couple of months.  I have had some personal and professional developments that have required my attention more than usual.  Whichever holiday you and your families celebrate this time of year, I hope it is wonderful, meaningful and peaceful for you.  Thank you for your readership and I look forward to sharing more frequently with you as we move into the new year.

december-holidays-around-the-world-powerpoint-1-728

For fun, did you know that during the month of December, all of the following holidays are celebrated?

Buddhism
  • Bodhi Day: 8 December – Day of Enlightenment, celebrating the day that the historical Buddha (Shakyamuni or Siddhartha Gautama) experienced enlightenment (also known as Bodhi).
Christianity
Hinduism
  • Pancha Ganapati: a modern five-day Hindu festival celebrated from December 21 through 25 in honor of Ganesha.
Judaism
  • Hanukkah: usually falls anywhere between late November and early January. See “movable”
Paganism
  • Yule: Pagan winter festival that was celebrated by the historical Germanic people from late December to early January.
  • Yalda: 21 December – The turning point, Winter Solstice. As the longest night of the year and the beginning of the lengthening of days, Shabe Yaldā or Shabe Chelle is an Iranian festival celebrating the victory of light and goodness over darkness and evil. Shabe yalda means ‘birthday eve.’ According to Persian mythology, Mithra was born at dawn on 22 December to a virgin mother. He symbolizes light, truth, goodness, strength, and friendship. Herodotus reports that this was the most important holiday of the year for contemporary Persians. In modern times Persians celebrate Yalda by staying up late or all night, a practice known as Shab Chera meaning ‘night gazing’. Fruits and nuts are eaten, especially pomegranates and watermelons, whose red color invokes the crimson hues of dawn and symbolize Mithra.
  • Koliada: Slavic winter festival celebrated on late December with parades and singers who visit houses and receive gifts.
Secular
Unitarian Universalism

This is why Happy Holidays is a nice way to wish everyone the best of the season if you are not sure which holiday they celebrate.  If you’d like to wish someone with their specific holiday greeting, just ask.  It’s a simple and thoughtful way to recognize the diveristy of our world and to help bridge divides that really should not seperate us.

Technology Makes Traveling Easier

Standard

The following was published in yesterday’s Foster’s and Seacoast Sunday.

This past week, I made my last business trip of 2018. This trip involved traveling out of the country, to Latin America and I was impressed with the technology I encountered leaving and returning to the United States.

You may have read articles over the last year about some airlines and airports introducing biometric passenger verification systems to ease the boarding process. For many, boarding a flight is often the most stressful part of the trip, with hordes of people crowding the boarding area, making it difficult for some, to board at their designated time. Once you are lucky enough to get to the gate agent, many passengers fumble to unfold a crumpled boarding pass or pull up the electronic one on their phone.

jetBlue Self Boarding

Last week, at Fort Lauderdale International Airport, I encountered jetBlue’s facial recognition boarding process. While some people still insisted on crowing the entry to a very clearly defined boarding lane, the technology enabled process definitely seemed to make the boarding process flow more efficiently and it did seem to lessen the number of people crowding the boarding area.

I was impressed with how well this system worked. You walk to a predefined spot in the boarding lane and stand on a mat with your feet on the shoe outlines on the mat, much like you encounter in a TSA body scanner. You look at what seems to be a small tablet, it takes your photo and you are quickly presented with a green check mark to board or a red check mark, which directs you to the gate agent. The system performs a highly complex technical task in about the same or possibly less time than it takes the typical boarding pass scanner to scan your boarding pass. I did not encounter any delays as a result of this system. A few people were redirected to the agent and they smoothly moved over to the agent while the next person in line stepped up for their photo. My experience showed less bottleneck in the boarding line as a result.

These systems check government databases to match faces to password and other Customs and Border Protection databases to ensure the person is who they present themselves as. This is a very effective check and balance when tracking individuals who come and go from the country. I find it far more reliable that the paper forms of the current and past, which notoriously get lost and are far too manual to track effectively.

While there are benefits to the technology, it’s not without potential faults. Privacy advocates have a lot of concerns that facial and other biometric databases may be misused by law enforcement. This is certainly possible and everyone needs to consider their own feelings on this issue. With the amount of video surveillance legally in use around the world, I consider this to be a fact of modern, connected life. One can only hope that the benefits will vastly outweigh the risks. I tend to take a fairly simplistic view of this technology. Meaning, if you have nothing to hide, I don’t think this should be a concern.

The other technology I used was Global Entry, upon re-entry to the United States. Similar to facial recognition for boarding, Global Entry leverages biometric technology, again facial recognition, to take a photo of your face and look you up in the Customs and Border Protection databases to verify you identity, eligibility for entry into the United States and significantly speed your entry process. Instead of having to wait in the long serpentine immigration line, to have your passport examined by an officer, you walk up to a kiosk, have your picture taken and present the printed receipt to an immigration officer to clear your entry. Fast, efficient and reliable.

No doubt 2019 will bring even more technical innovation to the travel experience. I hope you will keep an open mind and explore taking advantage of these developments to make your travel experience more efficient and most importantly, more safe.

 

DHS/FBI Ransomware Alert

Standard

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A.

The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.

SamSam

You may review the entire DHS/FBI alert here.

This threat is primarily targeting Remote Desktop Protocol (RDP) ports and systems.  The primary recommendation is close these ports or layer in two-factor authentication, at a minimum.  Onepath, the firm I work for, never recommends leaving RDP ports open to the Internet.  They should only be accessed from behind a firewall, through a VPN and always secure with two factor authentication.

The following are specific recommendations contained in this alert.  I strongly support each of these recommendations.  If you are unsure if your company is properly protected, reach out to your IT department or IT partner immediately to assess your vulnerability.

DHS and FBI recommend that users and administrators consider using the following best practices to strengthen the security posture of their organization’s systems. System owners and administrators should review any configuration changes before implementation to avoid unwanted impacts.

  • Audit your network for systems that use RDP for remote communication. Disable the service if unneeded or install available patches. Users may need to work with their technology venders to confirm that patches will not affect system processes.
  • Verify that all cloud-based virtual machine instances with public IPs have no open RDP ports, especially port 3389, unless there is a valid business reason to keep open RDP ports. Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access that system.
  • Enable strong passwords and account lockout policies to defend against brute force attacks.
  • Where possible, apply two-factor authentication.
  • Regularly apply system and software updates.
  • Maintain a good back-up strategy.
  • Enable logging and ensure that logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.
  • When creating cloud-based virtual machines, adhere to the cloud provider’s best practices for remote access.
  • Ensure that third parties that require RDP access follow internal policies on remote access.
  • Minimize network exposure for all control system devices. Where possible, disable RDP on critical devices.
  • Regulate and limit external-to-internal RDP connections. When external access to internal resources is required, use secure methods such as VPNs. Of course, VPNs are only as secure as the connected devices.
  • Restrict users’ ability (permissions) to install and run unwanted software applications.
  • Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
  • Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.

Finally, here is a link to Onepath’s blog post on this matter.

More Data Breaches, Just In Time For The Holidays

Standard

The following was published in today’s Foster’s and Seacoast Sunday.

If you’ve been paying attention to the news over the last few days, you know that both the Marriott hotel chain and New England’s own Dunkin Brands, parent of Dunkin Donuts, have announced significant data breaches.

Let’s start with the breach at Marriott. There are several worrisome things about this breach. First and foremost, early reporting is indicating that this breach may have been underway for four years, beginning sometime in 2014. This speaks to the sophistication of hackers, in that they are able to gain access to a target network and take up residence, undetected for extended periods of time. This allows hackers to harvest untold troves of data from the targeted company, in this case Marriott.

Here is what we know about this breach. The attack targeted Marriott’s Starwood Preferred Guest rewards program database. This encompasses the Marriott brands including Aloft, Design Hotels, Element, Le Méridien, Sheraton, St. Regis, The Luxury Collection, Tribute Portfolio, W Hotels and Westin. If you have stayed at one of these brands, you could be impacted.

The data exposed in this breach is also a significant concern. Early estimates indicate the private information of as many as 500 million guests may be exposed. This includes personally identifiable information potentially including passport numbers, which is a major concern. Names, mailing and email addresses, phone numbers, account numbers, reservation details and more may have been breached.

Marriott uses advanced encryption algorithms for payment card data, so the hope is that the hackers may not be able to decrypt that data and gain access to credit, debit and bank account details. Regardless, if you have stayed at a Marriott property and may have an account in the Starwood guest system, you should keep very close watch on your accounts and enable any and all fraud alert features available to you.

You should obviously change your password if you have a login to any of the Marriott brand websites. And if there is any chance that you have used the same password for other accounts, you are best to change those account passwords as well.

Now let’s turn to Dunkin Donuts and its DD Perks rewards program. This one is a bit interesting in that Dunkin Brands, the parent company of Dunkin Donuts is not saying it experienced a data breach. Rather, it is saying other data breaches may have exposed usernames and passwords that may have given hackers access to come DD Perks accounts.

The company is warning customers who are DD Perks members or use their mobile app to pay for purchases at their stores, that their accounts may be exposed. The company is also saying this issue only impacts a small percentage of customers. Here’s hoping.

Time will tell how widespread the Dunkin issue is. As with the recommendations above, if you are a DD Perks member or use the mobile app, you should change your password immediately and closely monitor your linked payment accounts.

I expect far more details on each of these breaches will be coming out in the days and weeks ahead. With online shopping and mobile apps becoming more and more prevalent every day, you need to take prudent steps to protect yourself. These breaches will unfortunately continue. It’s up to each of us to take advantage of every available precaution to safeguard ourselves for the collateral damage that these breaches bring. I know I’m a broken record, but start by using a unique password for each and every account that you have.