Did Hackers Gain Access to All Your Personal Information?!?

Introduction

“Out of sight, out of mind.” This is true of so many important aspects of life. We know we should do something about them, but we don’t – because we forget about them or the effort seems greater than the benefit.

Unfortunately, sometimes these important aspects of life decide to blow up in our faces. For example, most of us have learned the importance of keeping oil in our cars and performing regular oil changes. We know that while this is “out of sight” it cannot be “out of mind.” But, have you ever been in a that ran out of oil? I have and it is not a pleasant experience. The engine implodes on itself with many strange, loud, and scary sounds while smoke billows from the hood and nauseous odors waft through the vents. The car slows to a stop and never starts again. Cue tears, tow truck, and etc.

Burglar from OpenClipart.org. Thanks to tzunghaor for his generosity.
Burglar from OpenClipart.org. Thanks to tzunghaor for his generosity in making this image freely available.

It is time that our technology security becomes one of these “out of sight” but better not be “out of mind” aspects. It has long been time…but if you are a casual technology (computer, smartphone, etc.) user you probably don’t think much about security – and if you do, I hate to say it, but a good bit of your knowledge is probably based on outdated or downright false information.

Today, LivingSocial, a company with over 50 million users, was hacked. This follows a few weeks after Evernote was compromised with its similarly millions of users. Whether you are or are not a customer of these services isn’t the point. What is the point is this: Your identity, personal information, and financials are not safe.

Don’t wait until your Facebook page is plastered with pornographic images to change your password. Or until you send all of your friends emails explaining how you are really lost in London and need them to send money orders to a bank near you. Or until your credit report shows debts you never accumulated. Or your personal emails and documents are flouted across the web for all to see.

Don’t Unplug

Resist the temptation to unplug the computer. I know what I’m saying is a lot of FUD (Fear, Uncertainty, Doubt) and in general I hate when people use FUD. It is usually uncalled for and unproductive. In this case I think it is both called for and productive – but it will only be productive if you take the right steps. The right steps are not to unplug your computer and abandon technology forever. The right answer is to take the time and energy it will take to learn how to live and act in a more secure way in a technological world.

Why not just unplug? Good question – this is the usual action folks who spread FUD about technology are hoping to provoke. That or they want to convince you to buy expensive technological solutions to resolve your issues. Let me give you a few good reasons not to unplug:

  1. Technology is not going away. To withdraw from it is to withdraw from reality. Yes, technology can be overwhelming, addictive, insecure, and bad – but you have to learn how to utilize technology and not be enslaved to it. This is necessary for your job, for communicating with friends and relatives, and for living a productive life.[1]
  2. This isn’t just about your connection to the internet. Look, part of this is simply an educational campaign, b/c the truth is that technology security is horribly weak everywhere. You can unplug from technology – but you can’t force your bank, your relatives, your credit card companies, or so on to withdraw – and so your information is still out there.
  3. We are on the edge of extinction. By this I mean, don’t allow fear to control your life. Take reasonable steps towards risk management – but don’t stop living. Look, this entire world, this entire universe is crazy. At any moment we could all be dead. Don’t believe me? Look at the earthquakes that hit Haiti and Japan or the tsunamai that wiped out hundreds of thousands of lives in moments just a few years ago. “But Dave, that wouldn’t happen here. We aren’t on tectonic plate faults, etc., etc.” Then look at the Spanish Flu which wiped out millions of lives – many of the young and strong – during the early 1900’s, the millions that died in World War I and World War II in combat, or even better – look at the Black Plague which wiped out perhaps 50% of the world’s population a few hundred years ago.
  4. Manage risk, don’t run from it. Let me reiterate on the above point – everything is a risk. We can’t avoid risk, we aren’t in control. We can manage stupid risks. Don’t run in front of someone with a loaded gun; don’t drive a car at excessive speeds in bad weather[2]; and don’t wait until your identity or finances have been compromised to get serious about security.

What Should I Do?

  1. Remember, we are talking about risk management – not risk elimination. These steps will reduce the likelihood of exposure, but they won’t eliminate it.
  2. Invest some time into learning about technology generally and security specifically. The better you understand what you are working with, the better you can utilize it safely. For learning about computers generally, check out GCF’s Free Computer Training courses. For information on security specifically consider reading materials available from US-CERT[3] They are a government organization focused on technology security and offer a number of documents aimed towards the general reader.
  3. Begin utilizing LastPass to manage your passwords, ensure you have secure passwords, eliminate weak passwords, and so on. It is a little bit of a learning curve – but once configured it’ll make life easier and it is free.
  4. Continue to learn about technology generally and technology security specifically on an ongoing basis. Think about how many hours you spend using technology (not just on a computer but also a phone, tablet, using an atm, credit card checkouts at local stores, and so on) and also about all the ways your information is used technologically (banks, schools, non-profits, government, and so on). Consider the total number of hours you spend each year and then choose a reasonable number (say five or ten…or maybe twenty five…depending on how quickly you pick up on technology subjects) to spend on learning about technology and security in the upcoming year. Note how small of an investment you are making relative to the amount of time and energy you spend with these technologies.
  5. Consider talking to someone who knows technology who can make more personalized suggestions for you and who can review your technology overall for safety. If this individual tells you not to spend any time on security – find someone else. Make sure what they are saying is lining up with what you are learning from US-CERT or similar authoritative sources of security information.
  6. On a similar note, most techs (in my experience), including myself don’t mind talking to people about security – but feel frustrated when asked about security and then ignored. Please make the conscious effort to listen and understand. Far too many technology conversations are started with someone asking me a technology question and immediately letting their eyes glaze over. This communicates two things, “What you are saying isn’t important” (and for many of this, this is our livelihood) and “I didn’t mean I wanted to learn, I meant can I use you to make me secure so I don’t have to learn?” (okay, okay, maybe you wouldn’t put it in those words, but when we regularly get these questions with a regular lack of interested in the answers…it is hurtful).[4]
  7. Consider the practices your employer utilizes for maintaining security. Do they exist? Are they realistic? Many companies are horribly insecure…and it might be time to sit down with your boss (if they are open to that sort of conversation) and talk to them about the need for technology security in the workplace.
  8. Share this article or similar articles and the documents from the US-CERT with friends, family, and co-workers. Help raise awareness about the significant issue that is before us in a way that encourages others to do something about it rather than being overwhelmed by fear and running away.

Conclusion

Technology security is everyone’s concern. This is not a hopeless awareness issue. We’ve brought awareness about drinking and driving, drug addiction, mental illness, and healthy eating to varying levels of public awareness – the same is necessary for security.

You will be safer and more productive using technology securely. You will be a better employee but helping encourage safe technology at work. You will be a helpful citizen by encouraging proper security implementations at local, state, and national governmental levels.

I’m available to answer questions, comments, and criticisms via

the comments on this post. Please feel free to write me with your technology security concerns, if any of this is confusing, or if you find the materials I provided for training in technology or technology security too difficult and I will do my best to assist you in finding materials which will work with your current knowledge level regarding technology.

  1. [1]Those who aren’t convinced might consider reading Kirkpatrick Sale’s Rebels Against the Future: The Luddites and Their War on the Industrial Revolution: Lessons for the Computer Age.
  2. [2]Or at all, but I’m just trying to emphasize the outrageous.
  3. [3]United States Computer Emergency Readiness Team.
  4. [4]Yes, geeks/techs do have feelings, even if they may not express them.

Google Chrome Extensions – A Curated List.

Here is a fairly huge and curated list of Google Chrome extensions. Those I use are bolded, those I have used are italicized, and those which I am considering using have an asterisk. Which ones am I missing that you can’t live without?

Productivity

  • Google Keep – This isn’t an extension, but a web app., but it might as well be an extension. In any case, it integrates with Google Drive making it awesome and simple. There is also a nifty Android app. as well.
    • Sticky Notes – This was my preferred application before Keep, it lacked sync however.
    • Quick Note.
    • Chrome NotePad.
  • Browser Clipboard.*
  • Springpad – For taking notes.
  • Google Calendar Checker.*
  • Meeting Scheduler for Google Calendar.*
  • CleanPrint.*
  • EasyBib Tools.*
  • Lazarus Form Recovery.
  • Google Translate – A useful extension, but one I wouldn’t use frequently enough to make worthwhile.
  • Print Friendly & PDF – Allows you to select actually what you want to print on a page and print to PDF.
  • Google Calendar.*
  • StayFocusd.
  • Ginger – Corrects spelling and grammar.*
    • Spell Checker for Chrome.*
    • After the Deadline.
  • Harvest Time Tracker.

Tabs

  • TabCloud
  • OneTab – This turns your tabs into a list, freeing up memory.
  • Speed Dial – Choose which sites appear on your new tab page.*
  • TabJump – Intelligent Tab Navigator.*
  • IE Tab – Are there really sites you still need to browse in IE? Yes, a few.
  • Incredible StartPage.*
    • FoxTab Speed Dial.*

Phone

Updated: 3/20/13

  • Google Chrome to Phone – Send a page from your computer to your phone’s browser.
  • Google Voice.*
  • SMS to PC Options – Now has an entire page reviewing the various options.

Web Master

  • Google Publisher Toolbar.
  • Create Amazon Affiliate Link (from Travis Illig).*
  • Zemanta – I ended up just installing the plugin into WordPress, it is an excellent way to find related articles for blog posts and Creative Commons licensed images to insert into posts.
  • Buffer.*
  • SEOquake.*
  • Alexa Traffic Rank – I may replace this with something like SEOQuake which provides a fuller view from more services.

Twitter

  • Silver Bird – This is a sleek, streamlined Twitter client. As with all Twitter clients I’ve found, they don’t offer a “mark as read” feature, making them and Twitter, IMHO, essentially useless.
  • Twitter for Chrome
  • TweetDeck

Email

  • Smartr Inbox for Gmail – Made by Xobni, provides integration with social networks and intelligence about relationships using data within email.*
  • PowerInbox – Social network integration, blahh, blahh.
  • Attachments.me for Gmail.
  • ToutApp for Gmail.
  • Streak – CRM in your email.*
  • Cleaner Gmail.*
  • Contactually – Offers CRM in your inbox, but feature set is very limited for free, then moves up to $20/mo/user.
  • Yesware – Tracks who opens your emails.
  • Rapportive.
  • Boomerang for Gmail.
  • Right Inbox.*
  • YouSendIt for Webmail – Allows you to send large attachments via email.

Todo

  • Any.do
  • Google Tasks – Integrates with Google’s official tasks management application, but inferior to most others.
  • Remind Me (by Astrid) – If I didn’t use Asana, I would use Astrid. They are amazing, integrate with Google Tasks, have this app and a mobile app.
  • Toodledo Tasks.
  • Todoist.
  • Taskforce.
  • GQueues.
  • Teambox for Gmail.
  • Google Mail Checker – I just keep a pinned tab with GMail open.
  • Wunderlist.

Clipping

  • Save to Google Drive
  • Diigo Web CollectorMakes it easy to highlight text on webpages, save and clip portions of pages.
  • Evernote Web Clipper – I use Diigo instead.

Image Editing

  • PicMonkey – Allows one to edit photos, can integrate with Google Drive.
  • Explain and Send Screenshots.
  • Pixlr Editor.
  • Awesome Screenshot Capture & Annotate.

Bookmarks

  • Xmarks Bookmark Sync – Once the leader in bookmark syncing it has fallen sadly behind Google Chrome’s native capabilities, though it still rules for cross-browser syncing. Wish LastPass would put some time into this extension/site.
  • Bookmark Sentry – Checks for dead or duplicate links.*
  • Kippt
  • Delicious Bookmarks.*

Discovery/Sharing

  • StumbleUpon – The grand-daddy of site discovery.
  • Pinterest Pin It Button by shareaholic.
  • AddThis – For sharing stuff.
  • Pearltrees
  • Similar Sites Pro – I find it easy enough just to go to their website, no need for an extension.

Security

  • Dr. Web Anti-Virus Link Checker.
  • Ghostery.
  • LastPass – A robust password management solution. A must-have.
  • Web of Trust (WOT) – Helps you to find trustworthy/safe websites.

RSS

Search

  • Wajam
  • Google Personal Blocklist – Allows one to remove specific sites from your Google Search results. I use it mainly to get rid of content farm articles.
  • Google Webspam Report – Allows one to report spammy results via Google Webmaster Tools. I think I wouldn’t use it frequently enough to make it worthwhile, can just manually go to GWT.

Uncategorized

  • Evernote Clearly – Removes distractions from pages you want to read. I don’t find this necessary, and I like to support blogs monetization.
  • Adblock Plus – A favorite of many, I don’t use it b/c I believe in supporting sites that use ads as their basis for revenue.
  • Pulse.
  • Last.fm Scrobbler – For listening to music.
  • Better History.*
  • Send to Kindle (by klip.me).*
  • iMacros for Chrome.*
  • FreshStart – Cross-browser session management.*
    • Session Manager.*
    • Session Buddy – Looks interesting.*
  • Anti-Porn Pro (by clouduacl).
    • Blocksi.
    • FoxFilter.
  • CloudMagic – Search multiple online web apps.
  • Yoono*
  • AppJump App Launcher and Manager.
  • TLDR
  • OneReceipt.*
  • Bitly.*

Bibliography

Great Extensions for Firefox.

Image representing Firefox
Image via CrunchBase

Mozilla has created a robust ecosystem of extensions around their web browser Firefox. In this article I’ll take a look at a few of my personal favorites that I think you’ll find useful as well.

StumbleUpon

Choose topics you are interested in and then stumble away. StumbleUpon helps you find sites that are of interest to you and through rating the sites over time and building a network of like-minded friends you can tune StumbleUpon to a fine science. Really a great tool for finding useful sites and information.

*This tool is a must have for web developers and bloggers.

Alexa Sparky

Alexa is an old site – but still a good one. It allows you to gather information on specific sites – including other sites that are on similar topics to a site and also information about the amount and types of visitors going to a website.

Alexa Sparky integrates this functionality into the Firefox browser. You can quickly see Alexa’s ranking of a site’s traffic compared to other sites and also find related sites.

*This tool is a must have for web developers and bloggers.

Diigo

To some extent, the web has replaced/supplemented traditional literature (magazines, books, newspapers), but it hasn’t always been as easy to “mark up” the web as it is a physical copy of a literary work. Want to highlight some text for later? Yeah, using a highlighter on the screen doesn’t work – in fact, it is a fast way to destroy your computer’s display.

There are now a number of tools for “marking up” the web – my personal favorite is Diigo. Using Diigo I can quickly highlight sections of a web page and Diigo saves the information to My Library on Diigo for later viewing. Now if the website goes down or I want to search all my highlights – I can – from one central location.

Diigo can do a lot more than highlight – it also allows for annotations (notes), saving of entire pages, building of a social network around your information, collaboration, and so on. Its pretty nifty…I actually pay for the premium service (though they have a fairly robust free service as well) because I use it so much.

Zemanta

Zemanta is a must-have for bloggers. As you write a blog post it pulls up related content and links that take your posts to the next level. For example, you’ll get a whole slew of images to choose from to include in your post, related article links, key terms within your post that you can easily hyperlink, suggestions for tags, and so on.

ColorZilla:

Another great extension is ColorZilla. Ever see a color on a website and wish you knew what it was so you could use that specific color to create something else? ColorZilla makes this task a snap. You just choose ColorZilla and then put the eyedropper that appears over the color you want and instantly get the code for that specific color. This will be mainly useful to web designers and artsy types.

MeasureIt:

Similar to ColorZilla in some ways is MeasureIt. It makes it easy to measure the dimensions of objects in the web browser. For example, if you want to figure out how big a photo is or how many pixels the font is, or how wide the utilized portion of the screen is – MeasureIt is your tool.

MinimizeToTray Revived:

For computer power users the frustrations of a crowded taskbar are all too familiar. MinimizeToTray provides the ability to minimize the Firefox application to the tray, thus saving loads of taskbar real estate. This functionality should be included in Firefox natively!

Firefox Sync:

Okay, okay – this functionality is built into Firefox 4.x, no need for an add-on…and if you are using an older version of Firefox you should upgrade immediately rather than installing this extension – but I think it is worth highlighting this functionality. Essentially, it allows you to sync your session data (e.g. cookies, favorites, passwords) between multiple computers. It isn’t quite as slick as it should be…but hopefully it will get there soon (Google’s Chrome does a much more intuitive job currently). This a great tool for those who have multiple computers (e.g. home and work, or desktop/laptop and so on).

LastPass:

A password manager. The idea here is that you create one really robust password for LastPass and then LastPass stores all your other passwords. This way you can generate passwords automatically and not have to worry about remembering them – as long as you remember your master password.

See if you use the same password on all the sites, if one site gets compromised then all your sites get compromised…but with LastPass you can use randomly generated passwords and not worry too much if one account gets compromised.

Of course, if your master password gets compromised – watch out! LastPass recently had a security scare and some folks are staying away from these sorts of services b/c of this…my personal opinion is that the weak link is much more likely to be something you do or your computer than a third party service dedicated to protecting this information.

IE Tab:

I used to use this tab all the time…now I don’t need it much at all…but back in the day a lot of sites only worked in Internet Explorer, and if you didn’t have this extension you had to open up a IE browser window any time a site wouldn’t work correctly in Firefox. These days almost all sites support Firefox, so this isn’t nearly the problem it used to be…but still, a very useful extension. It allows you to view a site with the IE rendering engine even while looking at the site in Firefox.

What are your favorite Firefox extensions? What extensions did I forget that you can’t live without?