Protecting Yourself After the Equifax Security Breach

What Happened:

On September 7th, Equifax — one of the three large credit monitoring agencies — reported that it had suffered a massive data breach by hackers. Worse, they reported that the hack had occurred five weeks previously, on July 29th. That data breach exposed credit information, social security numbers and other information on more than 143 million Americans and some foreigners. Why did they wait five weeks before telling anyone? Your guess is as good a mine. But a data breach that severe, followed by a five-week delay in letting consumers know about isn’t OK with me, and it shouldn’t be for you.

To put this kind of hack in scope, I’d compare it to Hurricane Irma: catastrophic, massive in scope and something that will take many of us years from which to recover. It shouldn’t be taken lightly. Anyone with access to your Social Security Number and a will to cause harm can do great damage. Don’t let them have that chance.

Experts recommend implementing two tools you can begin using right now to help protect and — in some cases — lock down your financial information:

  1. Sign up for free credit monitoring at websites like Credit Karma
  2. Freeze your credit reports at all three major credit agencies

Let’s take a closer look at each of these tools.

Credit Monitoring

Credit Karma is free and, in my opinion, far easier to use than the annual free credit report systems put in place by The Federal Government. They also give you full-time access to your credit scores, not just once a year. Nice touch. Once you’ve signed-up, you get access to current credit scores AND any activity or requests on your credit accounts, including loans and credit cards. That can help you stay on top of any odd behavior on your accounts. Here’s an example of how Credit Karma’s web page alerts you to activity on your accounts. Note the bottom of the image:

Credit_Karma.jpg

Credit Freezing

Securing our credit information is also known as implementing a “security freeze”. Taking such action doesn’t impact us from using our own credit cards or financial accounts: it simply prevents anyone else (in most cases) from accessing our credit information without our express permission. For example, when we apply for car loans, mortgages or rentals, our potential lenders and landlords usually run credit checks. However, once we’ve provided our Social Security Number and legal name, anyone with that information and the right level of access can access our credit information, if our accounts are not “frozen”.

Once we freeze our accounts, this isn’t possible, something that can help prevent identity theft.

If our credit files are frozen, even someone who has our name and Social Security number probably can’tobtain credit in our name. I say “probably can’t” instead of “never” because professional hackers and others with special tools and unique access might still be able to. But freezing our accounts makes casual and intermediate level identity theft much, much harder to accomplish.

How Credit Freezing works:

First, you should understand that, in most states, there’s a $10 free to freeze your credit account access and additional $10 fees to temporarily lift those freezes. Victims of crimes can have that fee lifted with the correct documentation, but I don’t believe the Equifax breach constitutes a crime. Perhaps it will be in the coming days.

To activate a credit freeze, you’ll need to write letters to all three credit reporting agencies requesting this action. You can find samples of those letters included in the link at the bottom of this post. When writing, you’ll need to provide proof of who you are, proof of where you live and include the $10 fee. Applications are supposed to take effect within five business days of your in-writing request, but given what just occurred to Equifax, I’m guessing it might take longer for them to comply. TransUnion and Experian should comply quickly.

Once a credit freeze is activated, any future credit check on your accounts will be denied. However, you might need to allow certain people access to your credit records. For example, if you’re applying for a loan or a rental, you’ll most likely need to let potential lenders and landlords have access to your credit records. To do so requires the following:

  • Contacting the credit reporting agencies by a method their choosing: phone, fax or internet.
  • Provide proper identification to prove who you are.
  • Provide a unique PIN or password, to confirm your account.
  • Specifying to whom your credit report will be accessible and for how long.
  • Paying a $10 fee for each temporary access you personally approve.

Is this a pain in the you-know-what? WIthout question. But it’s far better than having your credit info stolen, abused or compromised. And it’s certainly better than having your identity stolen.

If you have better solutions: please share them in the comments section. I think it’s worth discussing as a community. 

Here is the link you can use to learn more about the formal process, including sample letters you can use when writing to all three credit agencies

As a bonus, here’s a link to a great article from noted security expert Brian Krebs on the very same matter: https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

Why You Need a VPN Service & How to Pick The Right One

In my book, I strongly advocate for everyone using something called a VPN (or a virtual private network). Using a VPN is sometimes necessary to gain access to certain US websites (Netflix, for example) when traveling outside of the US. However, and this is key: it's also required to help us maintain our online privacy. 

The concept of having, let alone maintaining, online privacy is a crucial bedrock of our Democracy. In March of 2017, the Senate voted to allow U.S. internet service providers (also called "ISPs") to sell our browsing data without our consent. That vote now requires the participation of The House of Representatives before it becomes law, but the writing is on the wall: our privacy is, once again, under attack. This isn't a surprise to people who follow cybersecurity, like myself: our online privacy has been under attack for a long while now.

However, there's a simple, 100% legal and very affordable solution you can take -- right now -- to take back some of your privacy and stop making all of your public data so damn public: use a reputable VPN service. They usually cost about $5-7/month.

It works like this: when we use a VPN service, it routes our connection to the internet through their servers, masking our information from the outside world. What gets masked is our IP address — something like a computer ID number — and the websites that we visit. So it's kind of like surfing the internet with a Harry Potter cloak over us. Only in this metaphor, the bad guys would be the ISPs and the U.S. Government.

Now look: some of us might believe that, because we're not doing anything illegal online, that we have nothing to hide. The reasoning suggests that if we have nothing to hide, we don't need a VPN. I understand this way of thinking, even though I think it's incorrect. Consider this analogy: if you don't do anything illegal during a normal day, wouldn't you feel very uncomfortable if you knew that you were followed and watched wherever you went? Twenty-four hours a day? Day after day? If the answer to any of these questions was "yes", then you want a VPN.

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
        — Edward Snowden

I, therefore, recommend a VPN service that cares about our privacy and can demonstrate that to us as the potential customers. But how do we, as the consumers, learn how to choose a reputable VPN service? Here are a few guidelines that I'd propose, based on the research I did for my book and for the series on security I'm currently writing for Medium. Choose a VPN that:

  1. doesn't keep logs on the websites that its customers visit
  2. isn't headquartered in the United States
  3. offers servers in 10+ countries
  4. is NOT a member of the 5, 9, or 14 eyes security agreement
  5. offers a connection with an encryption rating of at least "AES-256"
  6. offers a free trial and/or a money back guarantee after 15-30 days
  7. supports both Macs & PCs

There are a small group of providers that do a really good job of accomplishing these core principles. I'm a fan of the following VPN programs in this order:

Click on ANY of the company names I've listed above to visit their websites and learn more. Please know that I'm an affiliate for each of these amazing companies. That means if you purchase a plan, I receive a small percentage of that sale as a "thank you tip" for recommending them. While it's not remotely enough to live on, I want to be transparent. I support them because they're the best at what they do. 

Finally, one new entry to this list is a service that's 100% free. ProtonVPN does also offer paid subscriptions that entitle you to faster speed and more security options, but let's be honest: you can't beat free if you're pressed for cash and really want to up your security game. Proton VPN is engineered by the same Switzerland-based company that makes Proton Mail, one of the most secure email solutions in the world. It's worth checking out. 

There are other companies I'm still examining and vetting but, for now, these six companies are all based on the best tech available, something you should confirm for yourself by doing a bit of homework.

Apple's Powerful Trojan Horse: The Ecosystem

With tremendous fanfare, Apple introduced new hardware and services this week. Among the offerings: larger iPhones, a new method of paying for purchases called Apple Pay, and a brand new product category — the Apple Watch. On this last announcement, Apple CEO Tim Cook was completely unable to contain his joy. And why not: this is the first Apple product that truly stamps his tenure as CEO in a way that most closely resembles his predecesor.

If you've never seen Tim Cook this happy before, it's because he never has been.

As usual, it didn't take long for the press -- the tech press specifically -- to start panning Apple's announcements. Mashable featured a writer who declared that he already knew he wouldn't be buying an Apple Watch. Business Week headlined "These Top Designers Aren't Impressed". Engadget: "Much Ado About Nothing". San Jose Mercury News: "Apple Watch Underwhelms". LA Times: "Don't Call It Stylish".

As usual, it didn't take long for the press -- the tech press specifically -- to completely forget that their opinions — good or bad — don't matter. What they forget — what they always forget because they're too busy trying to come up with a strong point of view — is that consumers are just ordinary people. And ordinary people don't, as a general rule, read technology reviews before buying their electronics: they make purchases based on a gut-level instinct. Either the product attracts people to WANT to use it or it doesn't. 

Apple's mastered the art of making devices that appeal to hundreds of millions of people, not to journalists or tech bloggers. And, because they now have a history of reliably delivering on this front, Apple is the most valuable company in the world. With that position comes a massive user base who actively depend upon it's ecosystem of products and services. 

That last point - the ecosystem - is Apple's trojan horse that most bloggers and journalists seem to have missed in the wake of Apple's September 9th announcement. Tim Cook said as much himself.  Go back and watch the event. Right around minute 56, Apple's CEO says the following, just seconds before introducing the new watch:

"We love to make great products that really enrich people's lives. We love to integrate hardware, software and services, seamlessly. We love to make technology more personal and allow our users to do things that they could never have imagined."

Bingo. 

It doesn't matter if the new phone isn't big enough, powerful enough or cheap enough. It doesn't matter if the new watch doesn't sell 95 million units in the first year because it's too much glitz, too much money, and not enough substance. While Apple's hardware is, in and of itself, well-engineered and very polished: the hardware wasn't the big announcement.

The big announcement was, as it always is: the ecosystem, in this case, the triumvirate of the new iPhones, Apple's iOS running the Apple Pay software, and a massive partnership with credit card companies and merchants nationwide. The big announcement was that Apple was going to do for using credit cards what it did for buying music: making it fully digital, making  more secure and making it really, comedically easy.

Now all the parts are in place:

  • Apple designed the new iPhone6's to come with a special NFC chip.
  • Apple designed the Apple Pay app, facilitating making credit card payments using the NFC chip.
  • Apple created partnerships with retailers and services who will provide Apple Pay availability during check out.
  • Apple partnered with six major credit card companies to allow the payments to be accepted and processed.
  • Apple integrated touchID functionality into all new phones to use a unique, biometric identifier — your fingerprint — to authenticate that it's you making a purchase with your credit card creating, hopefully, a more secure and hacker-proof method of payment.

All you and I see is the end result: buy something, take out your phone, wave it, place your finger on the home button and.... you're done. It's simple, elegant and powerful. That's what Apple is selling and that's what Apple has always sold: the experience. Average people who already have an iPhone will love this. And they'll love it enough to buy a new iPhone 6. And now, maybe, also an Apple Watch. 

And, since Apple receives a profit each time a customer uses its experience, you can be sure the company's profits will continue to soar. And, with those profits will surely come more ecosystems that make life easier: medical, scientific and artistic. Who knows what the future holds?

Well, actually: Apple does. They're building it. 

 

30 Seconds to a Better YouTube: Guaranteed.

I'll be honest. I dislike commercials. Intensely. And I say that as a former SAG/AFTRA actor who was paid good money to hawk products on radio and TV. Still, how many times can I be interrupted by the endless number of pop-up annotations on YouTube videos before I go insane and slit my wrists? 

(note to self: don't actually try to find out the answer to that question...)

So I conducted a bit of research today and discovered that — lo and behold! — there's a really easy way to prevent these annoying interruptions from infecting my video playback experience. Here's all you need to do:

  1. Sign in to YouTube.

  2. From the upper right side of the screen, click once on your profile pic, then again on the "YouTube settings" link.

  3. Click "Playback"
  4. De-select "Show annotations on videos"
  5. Click "Save"

That's it. You'll never see another pop-up annotation again. However, please remember: this won't stop paid commercials from airing before any YouTube videos: I'll tackle that issue in another post. This fix will most certainly stop any annotations entered by the person who posted the video during playback. That means, you won't need to click on small buttons to dismiss each of those pop-ups and that, in turn, means that you can better enjoy your videos now.

Like that tip? You can always say thank you, and buy me a coffee. 

Helpful Tech Advice, Part I: Protect Your Data... Proactively.

I can't tell you how often (yes, still) people call me because, they've lost their data and never thought they'd really need a back-up. Sad, but true: most people think data loss won't ever happen to them. And when disaster strikes (and it eventually will), dealing with it is emotional, expensive and time-consuming. Also: you've JUST LOST YOUR DATA!

So don't wait to be REactive and instead be PROactive. That means you do something now, before the problem happens, right? Right. That means having a regular back-up. If you're on a Mac (I am), you can connect an external hard drive and use Time Machine which is free and included as part of the Macintosh OS. If you're on a PC, you can use Symantec System Recovery which is reasonably priced at around $90.

And, for those of you who are either "on the go" with your computer or simply don't like having to connect something physically to back up your data: then back-up to the internet. I use a great program called CrashPlan made by Code 42, but there are others like Carbonite or Mozy that all do the same thing. Most of these companies charge about $60/year for their unlimited back-up service, but It's worth it for the peace of mind and the time saved.

The $4.99 Olympic Games

The wife and I stopped paying for cable TV a few years back. It's one of the best investments we've ever made, especially considering how much low hanging shit passes for newsertainment these days. However, in order to help ensure that we always do have something compelling to watch, I signed us up for subscriptions to Netflix and the NFL’s Game Rewind. Between those options and being able to watch a few other shows online for free (like The Daily Show, for example), we're totally satisfied. Well, scratch that: we're mostly satisfied. As it turns out, we found ourselves unable to watch the pageantry unfold online earlier this month when the 2014 Sochi Olympic games launched.

Here in the States, NBC paid $4.3 billion dollars to broadcast the Olympics and they never do a good job of it. To make matters worse, their online offerings — and please excuse my technical terminology here — sucks balls. In fact, NBC’s Olympic coverage regularly sucks balls, so I guess I shouldn't be surprised by their rather predictable ball-sucking. But I am.

I’m surprised because rather than do what every other first world nation does — make old events available available to anyone to watch online for free — they instead force you to prove that you're a cable TV subscriber. Which the wife and I are not. And if you’re not a valid cable TV subscriber then, tough shit: NBC has determined that you can’t watch any of "their" replays of Olympic coverage. 

So, forced with a situation where my freedom was being hampered, I did what any freedom-loving American would do in my position. I fought back using the power of the free market and a little something I like to call: "research". Here's what my research uncovered. 

  1. The Canadian Broadcast Company (CBC) serves up, on their Olympics website, a delightful number of video replays of super cool Olympic events, including the entire opening ceremonites. And so does the BBC.
  2. All of the videos on these public websites are free, but made only available to those with a local Canadian or British IP address. This practice is known as "geo-fencing".
  3. Using a virtual private network (VPN) client is not illegal in the US when accessing free, public websites. 
  4. By using a particular VPN client like Tunnel Bear, my IP address can appear to be either Canadian or British. Presto: I'm now able to access the CBC's or BBC's Olympic coverage.
  5. Tunnel Bear is free and streaming unlimited data through their servers costs $5 per month. 

But is doing this legal? Because I don't advocate being a douche bag or breaking the law. So I indulged in a bit more of the aforementioned research: 

The Electronc Frontier Foundation (EFF) not only believea this practice is legal but, in another article, recommends Tunnel Bear, the very same VPN client, I stumbled upon. PCWorld claims using a VPN is absolutely legal. Lastly. while this article in Forbes indicates that the legality of out-smarting geo-fencing is unclear, they also mention that the CBC's response to outsmarting their technology will be technological, not legal. 

Is it perfect? No. It's not the same as watching on TV. Even with my high-speed internet, the bandwidth takes a bit of a hit. But it works. And I don't ever have to deal with NBC again.

So go ahead. Invest the $5 and watch all the Olympics you like online. It'll feel like it's worth at LEAST $4.3 billion, eh?

TV Repair Technicians: A Lesson in History

Say you're handy with computers. Say your friends tell you, "Hey, you're handy with computers! You should charge money for your time and expertise!". So you start doing just that. Say you've even got a consulting business or, like myself, worked for a large institution where you got paid a nice living to manage hundreds or thousands of computers all at the same time. 

Your life is comfortable, your job is secure and you haven't a care in the world, right. Only, you do. And here's why...

Every generation gets the chance to experience and create using a new kind of technology. And, not far behind that technology, come the experts who master it and help us utilize it. The first technology was foundational: fire, arrowheads, and wheels. Those who could master these crafts had special, revered places in the community. But as humanity evolved, so did technology. The introduction of electricity into technology brought us the telegraph, the telephone, the radio, the television, the computer and more. Who knows what other phantasmagoria is just around the corner that we can't even yet conceive?

But we can conceive, with some reasonable certainty, historical patterns. Initially, the folks who knew morse code were in VERY high demand. But that demand peaked and then faded as radio technology evolved and matured. Once the telephone and radio had become mainstream, how many people were needed to send messages in morse code over the wire? Not many. And then, eventually: none. But those engineers who understood electronics and transmission lines and vacuum tubes were in VERY high demand. But that demand peaked and then faded as television, motion pictures and the internet technology evolved and matured. 

The historical pattern is clear: if today's technology experts can't or won't evolve, they'll get left behind and see their demand fade. They'll become the TV Repair Technicians of the future. I'm looking at you SysAdmins, app developers, & coders. The world has always changed, technology has always evolved and now, together, the acceleration of a changing world has created incredible opportunity. And instability.

If you love tech as I do, it means never resting on your laurels and always reinventing yourself. But, then again, you already knew that, didn't you? You just needed a polite reminder of the ways things are. That's why it's always a blast (a slightly alarming blast) to hear Charles Edge speak about The State of the Mac. But the writing is on the wall and always has been. When folks like Charles speak, they're merely pointing out the latest iteration of that same writing on that same wall. 

Twenty years from now, when the internet becomes, possibly, the meta-internet and IPv6 allows all of our various devices to be connected to the web and then inter-connected with each other, the world will - most likely - be a very different place in which to live. Information will flow not just from our computers, hand-held devices and biometric recorders, but also from every object that uses electricity. Stop and think about that for a second. Will you be ready to serve your clients, your company, your country or even your family with the emerging technology of the future?

Your own future isn't yet written, so don't be afraid: be proactive.

I shall remain,
ever,
your,

Mac Dweeb

Mac Tech Conference - Day 1

So alright. Here we are. Dweebs and geeks together. Forever. Or, at least long enough to get on the bridge of the U.S.S. Starship Enterprise (no, seriously) and snap a photo in the captain's chair. And you know what? I'm grateful. No, not for the picture in the captain's chair. But for this conference.

About five or so years ago, Apple pressed +delete on the IT track of sessions at its famed WWDC conference at the Moscarpone Center in San Fransisco. So that left the nation's Mac SysAdmins and dweebs with no place to go to network, learn, trade tips, and trade secrets on where to drink beer. I'm looking at you, Chris Lasell. 

And the community wept. And crowd sighed. 

The folks at Mac Tech recognized an opportunity, took a chance and - three years ago - Mac Tech's yearly IT conference was born. Since then, it's grown into it's own special gathering and many of the community's best and brightest that I used to see at WWDC are now in attendance here. Even that Asian guy who always wears a safari hat with a fan built into it. And that Andy Ihnatko guy who always wears a cowboy hat. Him too. 

Folks share code, software tools, insights and more. I'll be presenting on -- what else? -- the art of presenting. But that's because The Mac Dweeb thinks that other dweebs CAN be good presenters and just need to know a few solid tips and tricks on how to pull that off. 

That, and some fine home-brew beer from Chris Lasell.  

Mac Tech Conference

I'll be attending and presenting at this years Mac Tech Conference in gorgeous downtown Manhattan Beach, California. The worlds finest SysAdmins and software developers will be in attendance and I'm looking forward to meeting everyone in person after a long year of coding, scripting and deploying. :) 

My presentation, entitled, "Hacking the Science of the Brain to Create Unforgettable Presentations" will be a joint session (which means that both the IT and Dev attendees are invited) held on Friday at 11:15 in the shore room. The session and Q&A is meant to help anyone who needs to make a presentation (for sales, for management, for fun!) better understand the science of the brain in order to make a lasting impression.

Hope you can all make it.