Sunday, April 07, 2019
QWERTY bad...
The most interesting legal blog this week came from Linn F. Freedman writing for the law firm Robinson and Cole LLP on the topic of Password Fatigue.
Find the original here:
https://www.dataprivacyandsecurityinsider.com/2019/03/password-fatigue/#page=1
Find the Lexology version here:
https://www.lexology.com/library/detail.aspx?g=146c0b7e-8b58-4581-8e81-f8aa7fe6d68f&utm_source=Lexology+Daily+Newsfeed&utm_medium=HTML+email&utm_campaign=Lexology+subscriber+daily+feed&utm_content=Lexology+Daily+Newsfeed+2019-04-03&utm_term=
Do you spend 12 or more minutes a week entering or resetting your passwords? Have you ever kept count? For authors who have to be active on social media to promote their works, the tally and loss of productivity is probably greater unless one uses a "service". Just don't trust your browser. In all things in life, you get what you pay for.
Kacy Zurkus, writing for the Malwarebytes blog shares a raft of good ideas, and insights into password spraying, which is using a small number of common passwords on a large number of accounts.
https://blog.malwarebytes.com/cybercrime/2019/03/hackers-gonna-hack-anymore-not-keep-reusing-passwords/?utm_source=double-opt-in&utm_medium=email-internal-b2c&utm_campaign=EM-B2C-2019-April1-newsletter&utm_content=antivirusmixtape
The comments section is worth perusing for helpful tips, particularly if it would never occur to you to post a photo of your car on any social media site.
For more information on recent-ish data breaches, read this by Malwarebytes:
https://www.malwarebytes.com/data-breach/?utm_source=double-opt-in&utm_medium=email-internal-b2c&utm_campaign=EM-B2C-2019-April1-newsletter&utm_content=laws
Krebs On Security has more creative tips and recommendations for those inclined to do some password navel gazing.
https://krebsonsecurity.com/password-dos-and-donts/
Norton, too, has useful advice for choosing and securing passwords.
Their tip about having a short personal phrase top of mind is a good one. So often, one goes to a site to change a password and the site rejects every password that one thought one might use because of "forbidden words" or because one's choices don't conform to whatever the site requires (such as 3 upper case, 3 lower case, 3 numerals, 3 special characters.)
https://us.norton.com/internetsecurity-how-to-how-to-choose-a-secure-password.html
Nord VPN discusses the anatomy of a good password. It's instructive to read multiple tips by security experts to see on what they agree (such as reliable services for password management), and where they differ.
https://nordvpn.com/blog/the-tips-on-creating-strong-passwords/?utm_source=SecurityTips&utm_medium=email&utm_campaign=5passwords_all
Finally, do not give your email password to anyone or any site that says its' for your own good. It's not. If you were tricked into giving your email password to Facebook, change your email password on your email site. Don't give them your phone number, either.
https://blog.malwarebytes.com/security-world/2019/03/facebooks-history-betrays-its-privacy-pivot/?utm_source=double-opt-in&utm_medium=email-internal-b2c&utm_campaign=EM-B2C-2019-April1-newsletter&utm_content=chromebrowser
All the best,
Rowena Cherry
Thursday, July 05, 2018
Illusions of Safety
Last week, five people on the staff of our local newspaper were killed by a gunman who attacked their office because he had a long-standing grudge against the paper. (It's worth noting that the paper did not skip putting out a single issue.) Naturally, the rector of our church preached on the incident. He drew upon Psalm 30, which includes the beautiful verse, "Weeping may spend the night, but joy comes in the morning." To reach that epiphany, however, the psalmist has to recall a time when he felt confident in his security but then experienced the apparent loss of that safety and protection. Our rector talked about how we might have existed in a "bubble," thinking we were safe from such unpredictable mass violence, that it would never strike where we live. Now the bubble has been burst.
That reflection reminded me of what the media repeatedly told us after 9-11: "Everything has changed." Then and now, that remark brings to mind an essay by one of my favorite authors, C. S. Lewis, "On Living in an Atomic Age" (collected in the posthumous volume PRESENT CONCERNS). Lewis reminds us that such catastrophic events change nothing objectively. What has changed is our perception. That idea of safety was always an illusion. To the question, "How are we to live in an atomic age?" Lewis replies:
"'Why, as you would have lived in the sixteenth century when the plague visited London almost every year, or as you would have lived in a Viking age when raiders from Scandinavia might land and cut your throat any night; or indeed, as you are already living in an age of cancer, an age of syphilis, an age of paralysis, an age of air raids, an age of railway accidents, an age of motor accidents.' In other words, do not let us begin by exaggerating the novelty of our situation. Believe me, dear sir or madam, you and all whom you love were already sentenced to death before the atomic bomb was invented: and quite a high percentage of us were going to die in unpleasant ways."
As he says somewhere else (in THE SCREWTAPE LETTERS, maybe), the human death rate is 100 percent and cannot be increased or decreased. The bottom line is NOT that, knowing the inevitability of death, we should make ourselves miserable by brooding over our ultimate fate. It's one thing to take sensible precautions, quite another to live in fear. Just the opposite—we should live life abundantly. Lewis again:
"If we are all going to be destroyed by an atomic bomb, let that bomb when it comes find us doing sensible and human things—praying, working, teaching, reading, listening to music, bathing the children, playing tennis, chatting to our friends over a pint and a game of darts—not huddled together like frightened sheep and thinking about bombs. They may break our bodies (a microbe can do that) but they need not dominate our minds."
Steven Pinker's two most recent books, THE BETTER ANGELS OF OUR NATURE and ENLIGHTENMENT NOW, offer an antidote to the mistaken belief that we live in a uniquely, horribly violent age. Although Pinker and Lewis hold radically different world-views (Pinker is a secular humanist), both counsel against despair. Pinker demonstrates in exhaustive, rigorous detail that in most ways this is the best era in history in which to live—and not only in first-world countries. The instantaneous, global promulgation of news makes shocking, violent events loom larger in our minds than they would have for past generations. (But what's the alternative—to leave the public uninformed?)
We can deplore evils and work for solutions without losing our perspective.
Margaret L. Carter
Carter's CryptTuesday, June 06, 2017
Romance Futurology Part 1 - How Will Security Work in the Future
There is a genre of Romance called simply Futuristic. For the most part, formerly, setting a story in "the" future qualified that story as science fiction. Today, the futuristic romance is a growing genre.
We've been discussing genre at length and depth, and have noted how, over generations, "genre" of all types has very fluid definitions.
My take on "genre" definitions is that the genre identification is more about what is left out than about what is included.
Readers look for another novel to give them the same "feeling" that a previous one did -- and often look for the same setting or time period as a signal that this novel is like that one.
"The" future is another such setting clue often used by readers to choose which book to spend money on. If you are "in the future" then you are not in Regency England or Imperial Rome. Thing is, with futuristic worldbuilding, a writer can indeed include time travel visits to ancient times, and modern interstellar versions of government by aristocracy. So "futuristic" may be as difficult to identify as all science fiction has been.
In science fiction, we worldbuild "a" future for a story by extrapolating trends, either straight line "if this goes on" or in a curve "if only" or "what if?"
But we can't expect to write about "the" future -- only "a" future. The future we choose to create either generates a story, or is generated by a story you want to tell.
Last week, we looked at trends in publishing, and how they swing back and forth regularly. Your story, the story you were born to tell, will fit into a trend somewhere -- your problem as a commercial writer is to identify the current trends and watch carefully, preparing a manuscript to present right when the trend that supports it begins to gather force.
Some trends are so big that we can't see them while sitting inside them.
The Internet and email were such a trend. Everything changed when the concept "browser" was deployed by envisioning the World Wide Web. Before that, Universities were pouring thousands of hours into creating electronic records, books, facts, images, accessible by special and very idiosyncratic decoding software. They even gave such software a woman's name, as Librarians were mainly female.
Then came the idea of standardizing all that coding and accessing it with a piece of software that could read "the" markup language we know today as html (hypertext markup language).
To look behind a web page, right-click your mouse on a blank spot on a web page and choose "view page source" -- the "page source" now includes little program call-outs that tell the server on the machine where the page resides to run a little program to deliver "interactivity" -- so much of the "page source" you can access is just instructions to do things, and you can't see what those things are.
Where will this be in 20 years from now -- a hundred years?
We're already doing a lot of this by voice command. Artificial Intelligence is now considered the next big disruptor and it is ready to rock-n-roll big time.
This year, UPS is testing using drones parked on top of their delivery vans to distribute packages in a neighborhood. The FAA thinks this is a fine idea. Those drones couldn't work without A.I. and other advanced tools that will soon bring you autonomous driving cars.
For maybe 80 years, we've had science fiction stories about A.I. Characters that humans fall in love with. It is starting to seem less grotesque, less of something to resist.
But a lot of folks working on the bleeding edge of A.I. are sounding notes of alarm. A.I. can now be projected to take over most of the jobs work-a-day people make a living at. The only jobs left will require genius level intelligence, and creativity -- and even those are within reach of Artificial Intelligence that can learn and keep learning.
Recently, there was an article about Artificial Intelligence learning to become aggressive, initiating attacks not just responding.
So far, nobody has identified something artificial intelligence can't do that humans can. Every time some human function is defined as uniquely human, some human genius teaches A.I. to do that (or even do it better.)
That is a trend!
http://aliendjinnromances.blogspot.com/2017/05/trends-and-counter-trends-part-1.html
We love A.I., we adore artificial intelligence, -- we create artificial intelligence and nurture and adore it as we do our children.
What is really going on here?
How will the human/A.I. interface develop? Will artificial intelligence become a legal person (Heinlein explored that at length, and Star Trek's Character Data gives us many new facets to consider)?
What about Artificial Intelligence Refugees washing ashore, fleeing some sort of cyberwar?
A.I. is being discussed as the solution to cyber-security, being able to sift vast Big Data pools and sort out the one or two major trouble spots (terrorists).
Right now, the entire security industry may be taking itself too seriously (Romantic Comedy is a fabulous genre for tackling this). The I.T. folks at work keep making you change passwords, and berate people for opening emails or plugging in a thumb drive.
Mobile Devices and services now require two-step authentication -- you have to have a smartphone to read your news feed on Yahoo. (well, there is a work-around right now, but that won't last).
The attitude behind the policies of cyber-security gurus is that if you get hacked, it is YOUR FAULT (not the fault of the attacker. Only the victim is to blame in cyber-warfare). You did something wrong. You breached protocol. You opened an email. You visited a website. You put in your personal data (but of course I.T. forces you to identify yourself!)
We are all tangled up in a ball of twine and quite ludicrous about it because we have (in a cultural panic) set aside several time-tested principles of life.
We have done this because the benefits of online communications are bigger than the threats and costs (so far).
Since we can't stop people in other countries attacking us for profit, our "security" folks attack US. They blame the victim of the sucker-punch rather than the immorality of the sucker-puncher, and our own defense (our immune system!) attacks us, forcing us to change our way of doing things because of something someone we don't know did to us.
"Security" works differently if your Identity is known to the Security Officer.
Ask yourself: When was the last time Donald Trump was strip searched for the egregious crime of attempting to enter the White House?
Does Presidential Security torture, torment and beat up on the President?
Then why do the cyber-security I.T. department folks beat up on YOU when you try to access your Cloud account with this or that company? Stop what you're doing (you can't enter the white house)! Identify Yourself! (like they don't know what they are responsible for knowing?) Papers Please! ACCESS DENIED! You have to wait three days to try again.
Where did this come from? What is really going on here? What trends produced this deplorable state of business?
The principles we have abandoned are "don't blame the victim" and "innocent until proven guilty" and "I am who I say I am; if I lie, I will be removed from society, maybe forever."
You shouldn't blame a victim because next thing you know, you will be a victim.
Quality of life is severely infringed on, productivity sliced in half, and happiness beyond reach if you live an entirely DEFENSIVE life in a defensive (curled inward) posture. The H.E.A. ending as we currently envision it can not happen inside a "secure" defense perimeter that punishes you for the deeds of those outside your defense perimeter who are guilty of life destroying behavior.
Logic and reality have long established you can not prove innocence, but you can prove guilt. So we must presume people innocent until we can prove guilt.
Identity is sovereignty -- personal sovereignty is the bedrock of Western Civilization. This dates back to the Magna Carta, probably farther. There's a Biblical quote: "how goodly are your tents, O Jacob." This refers to the camping habit while wandering in the desert where tents were set up so that the entry ways did not face into each other -- giving PRIVACY to the neighbors.
Privacy is the bedrock of personal sovereignty.
You can't DEFEND privacy or security or innocence or Identity, and thus the net result of all these elements, FREEDOM.
Once you surround these elements with "defense" walls, they no longer exist! The very act of DEFENDING obliterates what is to be preserved.
So our entire cyber-security industry is set up backwards.
The ancient Chinese knew this. The best defense is a good offense.
You don't punish your employer (the voters are the employer) for having been attacked by an outsider (non-citizen).
The trend for Romance Futurologists to follow and extrapolate is, "How can we use A.I. to rectify our errors in cyber-security and every other sort of security, national and personal?" How can we use A.I. to reverse the entire I.T. Industry's take on how to "secure" us, given A.I. has now learned to be aggressive. (OK, we "shouldn't" -- but will we? And what if we did?)
What will we try first? What will we try last that actually works? (and who will fall in love with their A.I. protector? What fruit would such a union produce?)
Do we love to do the protecting -- or to be protected?
What's sexy about protection?
"Security" seems to be a word that refers to an absence of risk. Futurologists have to ask whether risk is, itself, sexy?
How much "security" do we need and when do we need it? At what price in productivity? If all human jobs will be un-invented by A.I. servants, do humans have to be "productive" any more?
Will life be one long orgy? Or will we all pick up and move to the stars, letting A.I. have Earth?
What price Freedom?
Jacqueline Lichtenberg
http://jacquelinelichtenberg.com
Tuesday, January 08, 2008
Falling in Love
We call it "falling" in love because to be in love is to be at a lower potential energy state than we are as individuals.
What "falls" is your tension level that holds your psychological defenses up.
When those psychological barriers around your identity "fall" you are able to make contact with another in a deep and (ahem) penetrating way that binds two entities into one.
This is ordinarily signified by a Neptune transit. Neptune is famous for "dissolving" barriers or inhibitions.
Now consider the global political situation.
For a writer there is nothing more explosive dramatically than sex and politics.
Today we live in a world of "security" -- where even your identity can be stolen!
How much harder will it be for someone raised in this world to lower those barriers around identity and be able to really REALLY "fall" into love? (correlate with divorce rates?)
In physics, when two particles combine into an atom or atomic structure, they lose energy.
During the formation, energy is emitted in a packet, a spark, called a "packing fraction". The "packing fraction" is the energy a system does NOT have because it is a system, not individual particles.
It's the same with a couple in love. Together, they are bound by the absense of that packing fraction of energy. (thus a third person hitting that atom can disrupt the bond of the relationship by adding energy to it, blowing it apart).
The well known sensation of "security" that a woman feels in the arms of her strong lover obviously a universal experience, an important signal that you are "falling" in love.
What exactly is "security?"
The word has been so misused today, to apply to unusual search and seizure (having your hair spray confiscated at airline checking "security." )
Today "security" means being constantly on guard against intrusion, theft, and sneak attack.
But "security" is really the sensation of not having to be on guard. The sensation of knowing for certain that there exists NOTHING "out there" that might consider harming you or that would do so by accident.
This high contrast (i.e. conflict) between biological and psychological needs and our constructed civilization is fodder for thousands of romance novels (just as the Regency period is for novels about feminine independence).
Tell me what titles you've read lately that exploit that conundrum -- that "security" means today "on high defense" instead of "undefended."
Jacqueline Lichtenberg
http://www.simegen.com/jl/