End of (Tech) Life

It seems like virtually every kind of consumer device that is available these days can be purchased in a “smart” form. Smart phones, smart toasters, smart lighting systems, smart refrigerators, smart TVs–they all are equipped with software, they all are linked to the internet in some way or another, and they allow you to do cool things, like control your lights turning on and off from hundreds of miles away or get messages from your fridge when you’re low on milk.

Recently, though, people have begun focusing on one of the downsides of the “smart” stuff: the fact that, like any software-based product, at some point the manufacturer is going to stop providing technical support, software updates, and patches. The manufacturers call this having an “end of life” policy for their tech. Purchasers of the product get notice of the policy being invoked, and they often feel blindsided when they realize that they are either going to have to replace a perfectly good device that isn’t being supported any more, or, after the end-of-life Grim Reaper visits, they are going to have to run the significant risks involved in continuing to use an outdated internet-connected device that is thereby especially vulnerable to hackers.

The manufacturer-customer push-and-pull of tech end-of-life policies recently played out with a security camera manufacturer called Arlo and its customers. Arlo announced that some of its cameras were reaching their end of life and software support and cloud storage services would be ending, the customers pushed back, and Arlo announced that it was deferring the end-of-life point for the devices–although the end of life will inevitably come.

You can understand why manufacturers want to establish a clear and definite end of life for their products. They want to focus on the new products that are on the market right now and new products that are under development, and not have their software designers and code-writing wizards focused on fixing problems or vulnerabilities with old tech. What some might call planned obsolescence others would call an efficient allocation of workforce resources and brainpower.

But for consumers, the end-of-life issue means thinking carefully about what you really want before making your purchase. We all accept the need to periodically obtain new laptops, smartphones, and other devices where the software and internet access are a core element of the product’s purpose. But do you really want to buy a “smart” toaster, oven, refrigerator, or other major appliance, knowing that one of these days you’re either going to either have to replace a perfectly functional object or run the risk of a security breach? Smart appliances might have some cool bells and whistles, but their dumb cousins might just be the better option as a long-term strategy.

Have A Happy Wi-Fi Christmas

You go to the food court at a mall, a coffee shop, or some other public space over the holidays, open your laptop or power up your tablet, and start checking for available wi-fi.  When you see a “free” network, you click on it with a chuckle, take a hearty sip of your peppermint stick latte, go through your email, and then start making sure your checking account is squared away before you buy gifts for the last people on your Christmas list.

What’s wrong with this picture?

Pretty much everything, say data security experts.  It turns out that fraudsters love to set up fake “free” wi-fi networks at public spaces over the holidays, hoping that busy shoppers taking a break, or the bored people accompanying them, will use the networks and expose their personal data, whether it’s passwords, bank or credit card information, or personal data that could lead to identity theft.  Many people who routinely use “free” public wi-fi networks are altogether too trusting, and are willing to agree to just about any terms to get the internet access they crave.

In fact, as the story linked above reports, an 11-year-old kid in Texas won his school science fair this year by proving that point.  He set up anonymous free internet access portals in shopping mall food court areas that had the most draconian conditions available — including allowing the portals to do things like “reading and responding to your emails” and “monitoring of input and/or output” — and more than half of the people offered those conditions agreed to them.  That’s a pretty stiff price for something that supposed to be “free.”

Hackers are everywhere (just ask Yahoo!) and are eager to get to your personal data.  So please:  use precautions and common sense.  Don’t go onto just any “free” network and start exposing your most important and intimate personal and financial data to whoever might have set up that network, or hacked into it.  Think about whether the network really seems to be bona fide.   And consider whether some activities — like on-line banking — really should be exclusively reserved for a network you know and trust.

This holiday season, don’t get ho-ho-hacked.

Another Email Fail

You’ve no doubt heard people lecture that you shouldn’t put anything in an email that you wouldn’t want to see published on the front page of the New York Times.  Colin Powell is the newest living proof of that statement.

As, indeed, the New York Times and others have reported, Powell has confirmed that his emails were hacked and have been released to the world.  They’re pretty sensational reading, too, as a chatty Powell candidly expresses his opinions about Donald Trump, Hillary Clinton, Bill Clinton, Dick Cheney, and others.  Powell thinks Trump is a racist, an international pariah, and a national disgrace, he thinks Hillary Clinton is greedy, sleazy, possessed by unbridled ambition, and unfairly dragged him into her own email scandal, he thinks Bill Clinton is cheating on his wife with “bimbos,” and he thinks Cheney is an “idiot.”  Colin Powell apparently is something like “Mikey” in the old TV commercial for Life cereal:  he has disdain for everybody.

Powell’s comments are so pointed that the Washington Post has a story just about the “juiciest” comments in his hacked emails, and USA Today has a piece about the “top insults” in Powell’s emails.  I’m sure dinner parties inside the Beltway are buzzing with talk about Powell’s unvarnished views about the high and mighty.

I feel sorry for Powell, that his personal email was hacked, but I’m also amazed that he would share such candid views in emails, without appreciating that once you send an email, you totally lose control over it and have no way to prevent it from being shared, far and wide — or hacked.  I guess he’s not as sophisticated as I thought he would be.  And there’s no doubt, too, that the leaked emails will affect people’s perception of Powell, who has projected the image of being an above-the-fray, statesman-like national figure.  Now we see that he’s as gossipy as a high school kid and not above throwing around crude words for sexual relations.  The emails certainly contradict his carefully cultivated public image and suggest that under that placid demeanor seen on news shows there lurks a brimming volcano of acidic opinions about other national figures.

It’s a good lesson, though, for those of us whose emails aren’t going to make headlines like Powell’s did:  Think about whether you really want to have that email out in the world at large before you hit “send”!

Password Obscenity Roulette

Hacking hackers are everywhere these days, and all at once.  For the IT guys amongst us, that means tinkering with firewalls and new defensive software and systems vulnerability checks and incident response plans and all of the other technical gibberish that makes IT guys boring death at a party.  For the rest of us, we can only groan in grim anticipation, because we know that we’re going to be asked to change our password . . . again.

One of the great challenges of modern life is remembering all of the different “passwords” that we must inevitably use to access our various electronic devices and internet accounts and computer access points.  Unfortunately, we can’t use passwords like Allen Ludden would recognize. In fact, they can’t be a properly spelled word at all.  So that it’s a “strong” password, it’s got to include a weird combination of capitalized and lower case letters, numbers substituting for letters, and random characters, like ampersands and pound signs and question marks.  The result often looks like the sanitized representation of cursing that you might see from the Sarge in a Beetle Bailey cartoon — minus only the lightning bolts.  (@#%*$^@#!)  In a way, that’s pretty appropriate.

Of course, all of these suB5t!tu+ed characters, plus the fact that you need different passwords for different devices and accounts, plus the fact that passwords now must be changed much more frequently, make it impossible for the average human being to remember the passwords in the first place.  How many of us sit down at a computer or pick up our tablet and idly wonder for a moment what the &*%$# the password is?  And there’s the new year/check writing phenomenon to deal with, too.  When a new year comes, how long does it take you to stop automatically writing the old year in the date, because you’d been doing that for the past 346 days?  I had to change my iPhone password several weeks ago, and I still reflexively type in the old password every time I’m prompted, until I dimly realize that I’ve changed it and it’s time to key in the new one — if I can remember it.

There’s a positive aspect to this.  We’re all getting older, and people who deal with aging say that if you want to stay mentally sharp as the joints creak and the brain cells croak you need to play word games or solve puzzles.  Well, this generation has got that covered.  We don’t need silly games, because we’ve got frustrating passwords.

 

Fake Philanderers And Just Desserts

The saga of the “Ashley Madison” website — which used the tagline “Life is short.  Have an affair.” and purported to bring together people looking for confidential extramarital liaisons — just keeps getting better and better from a “just desserts” standpoint.

The whole concept of the website is appalling, obviously, but nevertheless a number of people looking to cheat on their spouses evidently signed up.  Apparently they didn’t have any qualms about giving their personal and financial information to a website that existed solely to facilitate adulterous sexual trysts. That’s pretty amazing, when you think about it, because marital misconduct traditionally has been one of the biggest causes of blackmail and extortion in the world — which means any rational cheater would be pretty dubious of entrusting a third party to arrange for their affair.

But a bunch of unfaithful sleazebags nevertheless did so, anyway, which logically would make the “Ashley Madison” website and its trove of data about cheating husbands a prime target for hackers.  After all, if you were a criminal looking to gather information that could be used to extort money from others, wouldn’t a database that collected the information of millions of philanderers whose very participation in the website was self-incriminating be impossible to resist?  And, that’s exactly what happened.  When the hacking incident was disclosed to the website’s users, how many of those cheating spouses who were titillated by the idea of having an affair began to dread the thought of phone calls from unknown numbers and started to scan their mail for anonymous letters?

But the “chickens coming home to roost” element gets even richer.  The hacking revealed that the website’s membership was decidedly male in makeup, by about a five-to-one ratio — and now there are allegations that a number of the “female” members never actually existed.  Data experts have been looking at the “Ashley Madison” data released by the hackers and tracing it back to root IP addresses, and say they are finding that thousands of the “female” members curiously share the very same IP address.  Others are claiming that the website sent out computer-generated messages from fake female members to the scuzzball husbands who signed up for the website — and then those husbands paid the website for the privilege of responding to tantalizing messages from potential sex partners who didn’t actually exist.

So the faithless guys who tumbled to the lure of “Ashley Madison” have been hacked, exposed, become prime candidates for extortion, and now discovered that they stupidly may have been paying for a pig in a poke (so to speak).  Karma is a bitch, isn’t it?

Weiner’s World

Everybody seems to be talking about the bizarre tale of Congressman Anthony Weiner, a Democrat from New York, and his Twitter photo.

For those sane few who have managed to miss the story, Weiner’s Twitter feed sent a lewd photo of some bulging underwear to a college girl in Seattle whose Twitter account Weiner has been “following.”  He claims his account was hacked as part of a “prank,” but he refuses to call law enforcement authorities to investigate.  He also won’t deny that the photo that was sent actually was a photo of his crotch area.

Weiner keeps hoping that the story will go away, but it hasn’t.  Every day there is some new revelation — most recently that an analysis of Weiner’s legitimate Twitter posts were sent using the same platform that launched the infamous crotch shot photo.  If Weiner thinks that the techno geeks who love to dig into hacking incidents are going to let this drop, he’s dreaming.  They will keep digging, and digging, and digging.

This story is so weird it’s hard to say what the weirdest element is.  Does Weiner really have so many crotch shot photos that he can’t determine whether the photo in question was one of him?  But for me the most curious aspect of this story is that a Member of Congress is spending so much time on Twitter, following the Twitter comments of random women out in cyberspace.  Doesn’t he have something better to do?  Doesn’t he realize that no good can come of late-night, instantaneous communications with unknown coeds?  I think such conduct tell you a lot about this guy’s judgment and character.