Categories
journalism technology writing

Worth reading this week

A quote I’ve been pondering lately:

“One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity.”  — Bruce Lee

Some interesting stuff that I stumbled across over the last few days:

Yes, This Photo from Everest Is Real – What happened to the days when Everest was the achievement of a select few? Now it looks like an assembly line of rich people all jockeying to get up and down the hill before they die.

Why You Should Stop Caring What Other People Think (Taming the Mammoth) – So much of what we do in life is predicated on the decision making of “what will other people think?” This is a great treatise on living on your terms in a way that minimizes the unfound fear that prevents so many of us from pursuing things that can bring us more happiness in the limited time we have.

You should have a personal web site – I’ve been meaning to get back to blogging for a while. This little article caught my eye and prompted me to dust off my blog and get writing again. Thanks Mark!

Incognito no more: Publishers close loopholes as paywall blockers emerge – I used to work at an online newspaper and I led some of our paywall integrations. I was always discouraged by the technology because I immediately saw the flaws and workarounds that could be used to skirt them. But seems I’m an outlier. As this article argues, the vast majority of website visitors aren’t tech-savvy enough (or couldn’t be bothered) with trying to go around paywalls (I suspect quite a few just give up and miss out on good content once they hit the end of their free viewing period).

Have Smartphones Destroyed a Generation? – I haven’t read the whole article yet, but I was directed to this story while reading Digital Minimalism. Really interesting arguments to be made for limiting screen time, especially for kids. I’m still working through the book, but my fav quote so far: “Regular doses of solitude, mixed in with our default mode of socialite, are necessary to flourish as a human being.

I’m always interested about what you read this week too. Feel free to share what you’ve been reading in the comments below.

Talk soon!

Todd

Categories
journalism news technology writing

#PayForJournalism

What a beautiful May long weekend this has been! The weather has been good (for the most part – especially if we ignore last night’s rain), the schedule has been light so that it hasn’t felt too hectic and the kids have been having fun all weekend which makes things more enjoyable around the house.

And I have found some time this weekend to sit and catch up on some of my reading. I’m always reading something, but my magazine pile tends to stack up over time as it is always my last priority given that my iPhone, iPad and Kindle are almost always within arms reach. I don’t know if it is the influence of Digital Minimalism, which I am working my way through on my Kindle, or if it is just the chance to sit on the back deck in the sunshine and relaxing lay flip through a magazine, but either way, I chipped away at my magazine pile a bit this morning.

Side note: Is it ironic that I am reading Digital Minimalism on my Kindle? It is a digital device, but it is a purpose-built digital device designed to allow for uninterrupted reading. I’ll go with the later, but am curious to hear your thoughts too!

In the June 2019 issue of The Walrus, Jessica Johnson, in the Editor’s Letter (sorry… I couldn’t find a copy of her letter online so you’ll have to find the paper copy if you want to read the whole thing), Jessica provides an overview the business model of writing for pay in journalism (from the 1929 Saturday Evening Post to Apple News+ and everything in between!). The decline in revenue in the newspaper space has been well documented over the last two decades. The Internet set out to make information free, yet the free model cannot sustain quality and accuracy.

The tide is starting to turn though. As Jessica says, “The good news is that there are pivotal conversations taking place in government, in boardrooms, and in newsrooms about the role of journalism in our society”. We are seeing the hashtag #PayForJournalism more often. And Jessica’s call to show our appreciation for quality journalism via our wallets is an important reminder of the need to support quality journalism.

I’ll leave it to Jessica to wrap up this post with her parting words from her Editor’s Letter:

If you read a free article – or ten – online today, please make a donation or subscribe to The Walrus or the independent journalistic outlet of your choice.

Categories
infosec technology

Damn you, computer “hackers”!

My mom got scammed online earlier this week. This is the second time in a year that someone close to me has gotten burned by a scummy, sleazy, no good, prey-on-the-weakness-of-others-rather-than-get-a-real-job jackass. And it is so annoying!

In this case, the person that hooked my mom didn’t do any real damage. But it inconvenienced her and I for a few hours this week. And that really sucks. And, if it was worse, it would have taken me a bunch of hours more to rebuild her computer from scratch and get it reconfigured to the point where I wouldn’t have to field tech support calls from her for the next two months asking me where her missing icons or browser shortcuts have gone.

So… here’s what happened:

She ordered some stuff from Amazon.ca a few weeks ago and her order was taking forever to be delivered. She wanted to call amazon to inquire about her order. So, she opened a web browser and typed amazon.ca phone number in the default search bar. When she pressed enter, she received a google search results page that showed a bunch of options for amazon.ca customer service. This included a malicious (bad) customer support website. Unfortunately, my mom clicked on this link, and that’s where the fun began.

The link she clicked on was a phishing page (as per wikipedia: Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.). The link she clicked on went to a compromised website. The website had been designed to look exactly like amazon.ca and it had a blurb on the page with their phone number.

Unwittingly, she called the number on the malicious webpage. The helpful customer service rep (let’s call him Nedry, named after the inept hacker from Jurassic Park) that answered informed her that her amazon account had been red flagged. Nedry said someone else was trying to get into her account. He said not to worry though as he could help find out who it was and clear it up for her.

Nedry then instructed her to go to a website (citrixonline.com – a legitimate website with a legitimate app) and download an app so that they could connect to her computer. This first app wouldn’t install on my mom’s super old computer. This almost stumped Nedry, as he had to call on his supervisor to help up his game and keep my mom on the hook. His supervisor suggested using LogMeIn123 instead (another legitimate website and app). Luckily for Nedry, this second effort kept him in the game.

Once my mom downloaded and ran LogMeIn123, she connected with Nedry and gave Nedry control of her computer. LogMeIn123 provides the ability for you to share your screen with someone else and then that person can do anything on your computer.

And this is where Nedry really got to show off his stuff. Here’s what he did:

  1. He opened a terminal window and continued to show my mom what was wrong with her computer by typing these commands:
    1. ping http://www.amazon.com
    2. top
    3. netstat -n
    4. ifconfig
    5. All of the above commands spit out a bunch of fancy stats and other confusing data to the uninitiated. Nedry showed my mom some of the data and explained that it was the virus taking hold and making a mess of things.
  2. He told her that she had a bad virus on her computer. He said she had something called Torpig. He opened a web browser and went to the Wikipedia entry for Torpig. He read enough of that entry to my mom to really scare her.
  3. Then he used google to search for a website called “geektyper”. He then opened the site directly: GEEKTyper.com – Hacking Simulator. The tagline for this website is “HACK LIKE A PROGRAMMER IN MOVIES AND GAMES!” It has a subsite (geektyper.com/scp) that looks SUPER legit if you’ve ever seen a scary hacking movie.
  4. He even showed her THE GUY that was doing this to her computer!
  5. The he told her that this virus was so bad that it was everywhere in her house: it was on her computer, it was on her TV, it was on her ipad – it was on EVERYTHING!

Quick side note: I’m actually really impressed with Nedry so far. As far as social engineering goes, this guy is making all the right moves… If you’re trying to hack my mom.

And this is where things went downhill for Nedry. He had been laying things on really thick up to this point. He had my mom convinced that something bad was happening. He had ratcheted up the drama sufficiently to scare my mom. But now he had to go in for the close. This is the part of the scam where he brings home the bacon.

He explained that my mom would have to take her equipment to a local computer repair shop. But not just any shop would do. Nedry told my mom that she would need a “Level 6 Certified Anti-Hacking Network Professional”. (This sounds pretty serious! I work in IT security and I’ve never heard of these guys! They must be really hardcore!) Luckily, one of these technicians is located quite close – in Ancaster! However, my mom would have to take all of her equipment to him – her computer, her TV, her ipad, EVERYTHING. This was really stressing my mom out.

But then, like a white knight, Nedry offered to come through in the clinch: he said, but wait! There’s another way. Are you over 45? My mom said yes. He said you’re in luck! He has an offer for people over 45. He can help you remotely to fix your problem and you won’t have to take your equipment anywhere. (what a guy – this Nedry certainly seems like a super hero, doesn’t he!)

And it was at that point that my mom made me proud (kinda, even though she’d already given up control of her computer to this goon): she said, “no, I will get my son to look after it.” As soon as she said that, he got nasty and said, “I’m not helping you. I’m done.” My mom asked him to take all of the stuff off of her computer and Nedry replied, “Turn it off. I’m done.” Then he hung up.

Creative Commons Don also brings in a big one by J. Todd Poling is licensed under CC BY 2.0

Poor Nedry… he thought he had caught a live one and was just reeling her in. But at the last second, she cut the line and escaped. He must have been pretty pissed because he had spent so much time reeling her in. I almost feel sorry for the guy. Almost.

That’s when my mom called me. At that point, I told her to unplug the computer from the wall and I’d come by and see what had happened.

I stopped by today and replayed what happened to my mom based on her story and the evidence on the computer (web browsing history, system logs, diagnostic info, etc.). I was able to restore her computer without a great deal of effort, but I’m still debating on rebuilding her computer from scratch just in case Nedry did or installed something that I didn’t catch in my analysis.

Regardless, Nedry certainly messed up my mom’s week (no computer from Monday until Friday as she waited for me to come check out the damage), and it messed up my Friday night too to take care of this mess. So yeah… thanks Nedry, wherever you are.

Is there a lesson to be learned from this? For sure… there are at least three:

  1. Be careful where you go on the internet: Make sure the sites you visit are legitimate. Check the URL in your browser – if you’re trying to find amazon.ca’s customer service phone number, make sure the URL of the site is amazon.ca.
  2. Don’t let people you don’t know connect to your computer: No matter what! When in doubt, everyone knows someone who is computer savvy and who can help out in a pinch (spouse, cousin, grandkid, neighbour, etc.). Even if you have to pay some kid in your neighbourhood $20 to check it out, that is money well spent if it helps you avoid being scammed.
  3. When in doubt, walk away: If you find yourself stuck in the middle of an uncomfortable scenario like the one I described above, just walk away. Hang up the phone, turn off the computer and call your local tech-savvy friend to help you out. And, if you’re worried about offending the person, just mention that your <friend, son/daughter, neighbour, etc.> knows this stuff and you want to check with them. I’m pretty sure the person on the phone will get belligerent, which is a great indication that you’re talking to someone you shouldn’t be.

And note that this scam also occurs as a cold call from time to time. Someone will call you claiming that they know your computer is infected. Don’t fall for that one either! Again, use common sense and don’t let these scammers into your computer. If you’re nervous, call on your local techie to talk it through with you.

These people are relentless. They succeed with their scams often enough that it is a very lucrative trade for these scammers. And they can be quite convincing. But the best defense against them is awareness and common sense. That’s why I’m sharing this – I battle this kind of scammer every day in my day job and I’m getting really tired of it. Their techniques are so low tech and they aren’t even very good – they simply circle the pack and pick off the naive people using smooth talk instead of using sophisticated hacking skills. Awareness is a great defense and this is part of my way of fighting back against these folks.

So yeah… it was a bit of a wasted night for my mom and I. I would have rather sat with her for the evening and visited. Instead, I spent three or four hours piecing things together and documenting this story to share with you.

But I did get to stop in for a visit and I got a Swiss Chalet dinner out of it so I guess the evening wasn’t a total bust. 🙂

How about you… have you been scammed by these people? Did you get caught up in it or did you avoid getting scammed? How’d they affect you? Do tell in the comments below!

Talk soon!

Todd

 

Categories
technology writing

True Fans – Even the NY Times knows about them!

Facebook - Building a Better News FeedIn my recent Wordcamp Hamilton presentation, I talked about how to build your own fanbase to support your writing. In that presentation, I talked about Kevin Kelly’s suggestion that all you need is 1,000 True Fans to support your creative career.

A recent article on Medium.com by Lydia Polgreen, Editorial Director, NYT Global, entitled “Why people pay to read The New York Times“, mentioned the following:

We used Facebook to push stories out to potential readers, to get people to sign up for our Spanish-language newsletter, Boletín, and to drive traffic to our home page. Just as it does for so many other businesses, Facebook helped us find our true fans.

This is spot on with my talk, where I mentioned that you should use social media to drive traffic to your home page and to get people to sign up for your newsletters. Social media is a fantastic generator of eyeballs. The key is to use it to drive traffic to your site. Be wary of building audience on someone else’s turf (like Facebook or Twitter or Snapchat or <insert flavour of the moment here>).

And, almost on queue, Facebook popped up today to say that they are going to change the behaviour of content delivered to people’s newsfeed on Facebook. Facebook is going to fine tune your feed so that “friends and family come first”. This means less of a focus on publisher’s content and more focus on status updates and photos and videos from your friends. (additional commentary from NYTimes here)

It’ll be interesting to see how this alters the dynamic between the Social Network and its publishing competitors/partners as they continue their courtship dance in the online world.

And, let this serve as yet another reminder to build your own home and foster community where you can control it.

That’s it. G’night!

Todd

 

Categories
infosec technology

SC Congress 2016 – free passes & VIP ticket draw!

SCCongress-logo-2015Folks,

SC Congress is coming up fast. The conference is next week! If you don’t have your ticket yet, I’m here to help. The team at SC Magazine has given me a unique opportunity to pass on to you:

  • free Expo Only VIP Passes ($150 value) – simply register using promo code “DOWEXPO”; and
  • a chance to win one of five VIP Two-Day Full Conference Passes ($1,295 value);

Here’s the deal:

Each free Expo Only Pass provides you:

  • Network with 1,000 cybersecurity luminaries and peers
  • Learn valuable insights for safeguarding your organization during our five Keynote Addresses
  • Attend one additional session of your choice
  • Visit leading brands in our Exhibit Hall
  • Participate in SC Congress’ signature Passport to Prizes program: network for a chance to win a hot, new gadget
  • Earn up to 5 CPE credits – just for attending our sessions

register now

Also, SC Magazine has given me five VIP Two-Day Full Conference Passes to give away. To be entered to win one of these five tickets, here’s what you need to do:

  1. Register for a free Expo Only VIP Pass before next Monday morning (May 30); and
  2. Tweet the following: “Got my free Expo Plus Pass to @SCCongress Toronto June 1/2. Get yours & chance to win a VIP pass at toddhdow.com #infosec” (We’ll accept a similar shoutout on Facebook if you aren’t on Twitter); OR
  3. Sign up for my newsletter here at toddhdow.com (link);
  4. Email me at toddhdow [at] gmail. [dot] com to let me know that you’ve completed the above steps;

And yes, if you have previously registered for an Expo Only pass and you want to upgrade, just tweet or share on Facebook or sign up for my newsletter and you’re all set.

So don’t delay… register today!

And, while you’re at it, sign up for a complimentary digital subscription to SC Magazine.

Are you going to SC Congress 2016? Let me know in the comments!

Talk soon!

Todd