The Dangers of Living in the Digital World

dangersWe often talk about a “connected life.” But is it possible to have a “too connected life”?

The web was abuzz this week after Wired writer Mat Honan published a detailed description of how hackers were able to exploit holes in the security procedures of Amazon and Apple customer service. His piece is well worth reading, as it includes information provided by the actual hackers who hijacked his life and destroyed his data. In order to take control of Honan’s Twitter handle, these digital hooligans compromised his Amazon, Apple and Gmail accounts and wiped the data from his iPhone, iPad and iBook. Among the data he lost was all of the photos he had ever taken of his young daughter, which for some reason he had never backed up.

According to reports, both Apple and Amazon have quietly changed the policies that led to the epic hack. But for everyone who is a true technophile—everyone whose entire life now resides online—it’s certainly a cautionary tale.

Here are a few lessons to be learned from Honan’s ordeal:

1. Our security is only as good as the companies that protect it.

Amazon’s security processes allowed basically anyone to add a new credit card to a user’s account without verification. The protocols then allowed a password reset based on the recently added credit card, which gave access to the entire account (including the last four digits of all other cards associated with the account).

Apple admitted, when pressed, that their own employees didn’t follow their security rules. Whether or not that’s true, their customer support agents allowed the hackers to get access to Honan’s apple accounts using the last four digits of the primary credit card, which of course the hackers knew because of Amazon’s security flaw.

When you think of the vast amounts of information that we put in the hands (and databases) of our banks, credit card companies, employers, government agencies, and all of the other entities with which we do business, the overall picture is staggering. Identity theft is made ridiculously easy by this proliferation of connected data. Remember: as this case has proven, it’s much easier to “socially engineer” data out of a gullible customer service agent than it is to hack into a system through brute force.

2. If you don’t use a backup service, get one now.

Whatever it costs, it’s a small price to pay. When you eventually need it, if it’s not due to hacking, it’ll be due to loss or hardware failure. Do you know what the most common cause of cell phone damage is? Dropping the darned thing in the toilet. How many photos are on your mobile phone? Have you backed them all up?

And make sure you use a remote, offsite service. One of my favorite security stories is told in a 20-minute clip from DefCon (an underground hacking conference), in which an accomplished hacker describes his experience when his own computer was stolen. He had dutifully made multiple redundant backups but had kept them in the same room as his computer. When the computer was stolen, the backups were too. (Google “don’t mess with a hacker’s computer” if you want to listen to the hacker tell his story, but be forewarned—the language is pretty salty.)

3. If you use a Mac, log into iCloud and turn off the “Find My Mac” feature.

Being able to wipe your computer drive in case it’s stolen is a great idea in theory. But the same “feature” allows someone who gains access to your accounts to wipe your computer, tablet and phone remotely. The benefits just don’t out weigh the risks.

4. Reduce your data footprint and eliminate daisy-chaining of accounts.

Do what you can to prevent someone who gets access to one account from getting access to another. When it’s an option, choose NOT to allow a company to keep your credit card on file. Turn off “one-click” shopping. If a site offers two-factor authenticationby all means, turn it on and use it.

Never use the same password for critical online accounts. I know people who use the same password for everything they do online. It’s not like they’re using “password” or their birthday or anything; they have a solid password, but use it everywhere. A good rule of thumb is to have unique passwords for the critical stuff you do (places you habitually shop and important services you use). You can feel okay about having a single “throwaway” password for certain other sites that require a login. Just make sure that you don’t have any personal information in those accounts that would allow a hacker to gain access to other accounts (with more sensitive information) if they get compromised.

The more we do business and live our lives in a virtual world, the more vulnerable we are to people who want to take our identities, our money and our peace of mind.

Control4 Blog

Living the Automated Life

Sometimes in the world of automation it’s easy to forget how the un-automated live. I recently moved into a new place that did not yet have my Control4 system installed. I went to turn on my TV, wanting to watch DirecTV, which worked fine using my DirecTV remote. But then I decided to watch something on Netflix via my Apple TV. I sat and stared at my DirecTV remote, pushing every button I could think of in an effort to get my Apple TV menu on the screen. I was not successful.

Automated Life

Instead, I had to dig through boxes to find my TV remote (which I hadn’t used in years), also had to find my Apple TV remote and Blu-ray player remote while I was at it. Suddenly I had 4 remotes sitting on my coffee table and with all that, I couldn’t even turn the lights off when I was ready to watch a movie. When I made a stink about never being able to reach the remote I needed and walking to my light switch, my friends gave me looks of extreme disdain and said, “Welcome to real life.” Well it made me mad. Who says that has to be real life? What genius decided that every time I want something new in my living room, I have to get a new remote and learn how to control it. They then criticized me for sounding like their grandparents and being unbelievably lazy. Here’s my response:

A wise man once said, “Laziness travels so slowly that poverty soon overtakes him.”?  Here are some other inventions which might have initially seemed frivolous:

  • Bifocals – Invented by Benjamin Franklin, the same Ben Franklin referred to earlier as a wise man, these glasses are only for people too lazy to lift two pairs of glasses to their face?
  • The typewriter – it just allowed people to be lazy about their penmanship
  • The wheel –I’m sure the cro-magnons would have evolved into the modern day homo sapien without this eventually

Want something more modern? Let’s just try the TV remote in and of itself. The plain old remote that just controls your one TV, should we complain about this device and how it has empowered us to be lazy? What about the microwave? Indoor plumbing ? All these things are unnecessary, we had solutions that worked just fine: buttons on the front of the TV, ovens, and outhouses.

I guess in the end, my response is to once again quote Benjamin Franklin, “A life of leisure and a life of laziness are two things.”

Control4 Blog