Protecting Anonymity

I had originally planned for my next post to be about further protecting your online experience with two-factor authentication.  While I still plan to cover that topic in the near future, recent actions by the White House prompted me to jump ahead to a more advanced topic.

In the first few weeks of the new President’s term, his administration made it ever more clear that it considered the Press to be the enemy, and in recent days took actions like this and this to limit the latter’s ability to fully perform its duty to the American people. I hope that the following information will prove useful to any readers who may be in a position to report on or research sensitive or controversial subjects, and allow them to do it to the best of their ability.

In order for the American press to perform its Constitutionally protected work completely and without bias, two things must be ensured: first, the freedom to do research without fear of censorship or retribution; and second, the protection of anonymous sources. Without these things, no story can be considered complete, and the cost is the truth.

Technologies exist to combat both of these potential obstacles.

First, the Tor browser allows a researcher to browse to any site on the Internet while at the same time masking both the source and destination addresses from prying eyes. Traffic at an Internet site cannot be traced back to a specific individual while they are using Tor, and furthermore, if a person’s Internet activity is being monitored, the watcher will not be able to see what sites they visit. This technology has proven very beneficial to users in nation states that monitor or restrict Internet activity.

The second is encrypted communication, which provides the ability to securely communicate with other individuals electronically while protecting the message content and the parties involved.  This can be in the form of encrypted email, or secure messaging for mobile devices which can be used for secure chats and calls. has compiled an excellent set of instructions for configuring and using many forms of encrypted communication. (They also provide an essential guide to protecting personal information for anyone that may be attending a political protest.)

It should be noted that these technologies are not without controversy. Encryption and anonymizing tools can of course be used for evil as well as good. The needs of law enforcement are at constant odds with the rights of privacy when criminals take advantage of Constitutional protections for their own illicit practices. However, the nature of encryption is that it cannot be weakened without compromising the entire structure. There is no way to provide a “back door” that can only be used by law enforcement despite what some lawmakers believe. These tools are a weapon of freedom used by repressed people all over the world, and have proven themselves under fascist regimes.

The current administration needs to realize that criticism is not “fake news.” Freedom of the press is guaranteed under the Constitution for a reason.  The Founding Fathers strongly believed that the most powerful check against those in charge of our country is an informed public. Attempting to silence the press sends a dangerous message that the Administration has something to hide. We need the press more than ever, and they need to be allowed to perform their job to the best of their ability. Anonymous sources are not a cop-out.  They provide a way to get the honest truth from someone who might otherwise feel compelled to keep quiet.

The tools I mentioned here allow them to do just that. If you are one of those people, I applaud your efforts and hope that this information is helpful to you.

Let’s Talk Passwords

Yes, I know you have a lot of them.  And yes, I also know that you hate when you have to change them, or when the site refuses to accept your repeated attempts to create one because the one you want to use doesn’t match their password rules. To make matters worse, the next time you visit that site, your chances of remembering that new password are practically nil. The unfortunate result of all of this frustration is that most people reuse the same weak passwords over and over.

You shouldn’t do that.  Why?  Because web sites get breached all the time, and sooner or later, one of those breaches will expose an account and password that belongs to you.  In some cases, the hackers will get passwords in the clear, which obviously makes their job easy. However, even if they don’t, weak passwords are very easy to crack and they will have them in no time.

You say: “So hackers got my Yahoo! account.  I don’t use Yahoo! anymore.  What’s the worst that could happen?” Well, I’m glad you asked!

The worst that could happen, is that particular password is the same one you use on  your banking site, email, Facebook, etc.  So, now the Bad Guys have your master key, and you are left scrambling to remember every site where you use it so you can change the password before they get to something that is important to you.

So what’s the answer? Use a strong, unique password for everything that asks for one, and change it on a regular basis to make sure you stay one step ahead of the Bad Guys. Of course, this creates a new problem: how to manage an ever growing list of complex, hard to remember passwords that change on a regular basis.

The solution? Use a password manager.

Password managers are just what they sound like.  They are special software that act like a secure vault where you can store all of your passwords in one place. In addition, many have features that can auto-fill your passwords when you log into web sites, can help you generate random complex passwords, and can be synchronized across all of your devices, including phones and tablets.

There are many to choose from, but since not all password managers are created equal, ensure that the one you choose meets the following criteria, at a minimum:

  1. Encryption: Make sure the one you choose uses strong encryption for the password vault. Since you will be keeping all of your passwords in one place, it is critically important that it is well protected.
  2. Two-factor authentication for the master password: I plan to dedicate a future post to explaining two-factor authentication in detail, but in brief it means using an extra piece of information in addition to your password when you log into your account. This can be anything from a security code sent to you via text, to a device you plug into your computer that proves it’s you accessing your account and not someone who stole your password. This is especially important for your vault password, since it is now your master key to all of your accounts. Which leads to the next point…
  3. A method for master password recovery: A password manager that uses strong encryption means that only you can access your passwords. Which is a good thing…unless you forget the master one.  Even the company’s support staff won’t be able to recover an encrypted master password, so you need to have a strategy for recovering it in case it is ever lost or forgotten.
  4. Auto-password generation: As I said before, weak passwords are no match for hackers. It’s important to create strong unique passwords, that are long and complex. Password managers can make this easier by generating the password and storing it for you, so you don’t have to type it.
  5. Password synchronization across devices: This is more convenience than requirement, but most people use multiple devices, and having a manager take care of your passwords will encourage you to create better ones.

While it’s true that most modern browsers have the ability to store passwords for you, they don’t typically provide all of the features above.

There are many password managers out there, so you will have to do some reading and decide which one suits you best. Look for the features that matter to you most. Also, consider the various pricing options. Some have free versions, but you may have to pay for more features or more device support.

The manager I use is Last Pass. It has all of the features I listed above, has a very functional free option, and a reasonably priced premium one ($12 per year). Another regularly well-reviewed one is called Dash Lane. You would be well served by either of these.

Of course there are others, and everyone you talk to will have their favorite. If you use one now, and you love it (or hate it), I’d like to hear about it. Let me know what you think.



Just the Basics

As promised in my last post, I want to start with some of the basics. While everyone’s needs for digital security will be different, there are some fundamental things that we all should do to ensure a certain level of security and privacy while online. Like I said before, the online world is an increasingly hostile space when it comes to our privacy, and we can no longer assume a minimum level of safety without taking some additional precautions. There was a time when very few people wore seat belts in the car. Now, most of us realize that we are much safer when taking a little extra precaution whenever we drive. Think of these tips as seat belts for your ride down the information superhighway.

  1. Install Virus (malware/spyware/adware) protection: There really is no excuse for not having virus software any more. Most people have access to some sort of malware protection for free, either from their Internet provider or a number of other options. For Windows users, Defender provides a basic level of protection and it’s included with the O/S. And for those non-Windows users out there (Linux and Mac), I say this; there is no such thing as a secure operating system. If it’s a computer, it can be compromised—and that includes mobile devices.
  2. Make offline backups: Even with malware protection in place, bad things can still happen. Aside from the usual computer failures, there are other more disturbing trends. Ransomware is a relatively new type of threat that can render your system unusable. Bad Guys literally hold your system hostage by encrypting all of your data forcing you to pay the ransom for the key to decode it. One way to combat this type of attack is to have multiple copies of your important data where you can easily recover it. However, don’t leave these backups attached to your system or depend solely on an “always connected” solution, as the Bad Guys can attack that too. USB thumb drives are cheap—get a few and use them to do your backups, then remove them and store them in a safe place. Cloud backup solutions are a good option too, but make sure you read tip #3 first!
  3. Use unique passwords for all sites: Yes, I know this is a pain, and I can guarantee that you have already heard this from someone other than me. That’s because password reuse has become one of the easiest ways for Bad Guys to hack your online accounts. It’s practically a given that at least one of your online accounts will be involved in a data breach at some point. Those breached IDs and passwords get passed around the Internet for fun and profit. If you use the same password for all your accounts, consider them all to be exposed. To more easily manage multiple passwords and keep them secure, you can use a Password Manager. I’ll cover these in an upcoming post, but for now, change your passwords, and if you have to, write them down.
  4. Install Ad Blockers: Yes, pop-up windows and ads on web pages are annoying, but that’s not what I’m talking about. In recent years, ads have also become malicious. Most major web sites don’t put ads on their pages directly. Instead, they outsource the ad space on their pages to a 3rd-party provider who ultimately supplies the code to display ads from paying retailers. Therein lies the problem. Since the web site owner doesn’t oversee the ads on their site directly, they have little control over the content. If that content gets compromised somewhere down the line, the site could unknowingly be distributing malware. And don’t think this only happens on the sketchy pages. It has happened recently to some very well-known sites.
  5. Enable automatic updates: The majority of attacks take advantage of well-known vulnerabilities in major software and operating systems.  In many cases, these vulnerabilities have already been fixed by the software’s creators. However, the attacks succeed because device owners failed to install those fixes in time. One way to ensure this doesn’t happen is to enable the automatic update features available in most of these applications.

Okay, I know that was a lot to absorb for the first post, so I’ll stop there for now. Tune in next time when we will start to go more in-depth to some important topics.

Thanks for reading, and Happy New Year!

Same Site…New Mission

When I first launched this blog in 2008, the world was a much different place. That may sound like an old cliché, but I stand by that statement. Think for a moment about where we were; Obama was poised to become POTUS for his first term, American Idol was in its seventh season, most of us failed to understand the true meaning of the term “sub-prime lending,” and the iPhone was only just beginning its global dominance of the mobile device market.

Fast-forward nearly nine years and technology has all but taken over. Our entire existence is digital, from shopping and banking, to navigation and entertainment, we manage every aspect of our day-to-day lives with technology. Thanks to the ubiquity of hand held devices, all manner of Internet connected gadgets (the “Internet of Things”), and the ability to connect from virtually anywhere, we have become completely dependent on technology for almost everything.

And this dependency comes with a price—our privacy.

As a Cybersecurity professional I know, arguably better than most, just how exposed we are while performing routine tasks in a world where an online presence has become not only commonplace, but a necessity. It is unfortunate, but most Internet-connected businesses are tracking our every online move, attempting to glean every last drop of our digital habits for their own gain. And, let’s not forget an ever growing number of evil-doers who would seek to profit by stealing our private information and selling it the highest bidder.

Furthermore, there are those in the government that would like to infringe on that privacy as well. Some would seek to limit our Constitutional right to free speech. Still others would have you believe that in order to fight terrorism, we should give up more of our own freedom—especially when it comes to technology, by allowing the government to limit encryption methods, or force tech companies to install “digital back-doors” that would allow easier spying by law enforcement.

Add to this the current political climate, where nation state hacking has become a very real and present danger, possibly even aided and abetted by the incoming administration. The same administration that would seek to limit freedom of the press, and curtail other forms of free speech in order to preserve the illusion of its political prowess.

The online world has become a hostile place, and it is likely to get worse before it gets better.

I found myself thinking about my old blog again, within this new context. What if I attempted to provide some timely and useful information that people may want and need to protect themselves in these increasingly unfriendly times? I began to feel compelled to share my own knowledge and experience to provide some helpful guidance and advice for others to use.

So, I’ve decided to start blogging again with a new purpose. I’ll be writing instructional posts aimed at providing the average (read: non-cyberprofessional) person with the tools and knowledge they need to stay safe, and maintain their privacy, in this increasingly hostile world. We’ll start with the basics; the things that everyone should do to protect themselves from everyday threats like malware and online tracking, using and managing strong passwords, or configuring two-factor authentication (2FA) for commonly used web sites. Then we will move on to more advanced things like sending and receiving encrypted communications, and anonymous browsing using the TOR network.

I’ll also be growing a list of relevant links in the blogroll for easy reference. Here you’ll find shortcuts to privacy information, detailed instructions for security tools, and other topics you may find helpful.

I hope you will find this information useful. Of course, whether you choose to implement the protections I propose is entirely your choice—as it should be. But, if you are worried about your decreasing privacy and feel like you have lost control of your digital life, my mission is to provide you with some tools to help you take back control.

End Of The World?

If you’re reading this, you have likely already noticed that the world has not ended. Were the Mayan’s wrong? Well, not exactly.

While it’s impossible to say with certainty that the world will not end on any given day, there is no reason to believe that this one is different from any other. As it turns out, the “prediction” gleaned from the Mayan Long Count calendar was vastly inaccurate and in fact a gross misinterpretation of the facts.

Imagine an archaeologist from 5,000 years in our future finding your 2012 Cutest Baby Animals! wall calendar and jumping to the conclusion that, since there are no more entries past December 31st, our civilization must have been predicting that the world was going to end. Of course, we know that the 2012 edition of our calendar is not our whole calendar – it is simply a one year chunk of it. We just start counting again at January 1st 2013 and go on our merry way. Happy New Year!

Well, the Mayan calendar works the same way. Check out these articles, here and here to see how the Mayan Long Count calendar actually works. It is actually quite sophisticated and has the ability to count into the millions of years and beyond, just like the Gregorian one that we use.

That said, there is still certain significance to today’s date, according to the Mayans. In fact, today marks the end of the 13th b’ak’tun. A b’ak’tun is a long period of time – approximately 144,000 days – and 13 of them was considered by the Mayans to be the “cycle of creation.” It was this terminology that led to the myth of a Mayan Armageddon. What happens when this cycle of creation is over? Does everything end? Well, in a word, no.

Consider that the Judeo-Christian mythology says God created Heaven and Earth in 6 days, and on the 7th He rested. This gives rise to our 7-day week with Sunday as the day of rest. So then, this “cycle of creation” is 7 days long. But does the world end every Sunday? Of course not, we just start over again on Monday and begin working our way to the next weekend.

The Mayan calendar is no different. Of course, there is much more significance placed on the date because the cycle is considerably longer. Thirteen b’ak’tuns is over 5,000 years, so it’s probably more akin to our millennium celebration of the year 2000. In fact, the Mayans would refer to it as a time of “rebirth” and worthy of celebration. But, tomorrow they will begin counting in the 14th B’ak’tun beginning a shiny new cycle of 13.

So welcome to, and Happy New B’ak’tun!

Rock & Roll Hall of Fame – Induction Ceremony 2012

Airdate: May 5, 2012 on HBO

I can remember not too long ago tuning into a Rock & Roll Hall of Fame induction and not knowing most of the acts that were being honored. I’m not quite sure what it says about me that the 2012 ceremony not only highlighted artists that I knew, but that are also some of my favorite acts of all time. I choose not to look at it like time is catching up with me, but instead, that the Hall of Fame is catching up to my musical tastes. Since the qualification for an artist to be nominated is that their first album be at least 25 years old, it is very likely that I am in denial. Nevertheless, I’ll thank you to keep your opinions on the matter to yourself and allow me to continue my delusion.

The honorees were:

  • Donovan
  • The Small Faces/Faces (two versions of the same band)
  • Guns N’ Roses
  • The Red Hot Chili Peppers
  • Beastie Boys
  • Freddie King
  • Laura Nyro
  • Don Kirshner (music publisher, promoter and producer)
  • Cosimo Matassa (producer, studio owner)
  • Tom Dowd (producer, engineer)
  • Glyn Johns (producer, engineer)
  • The Crickets
  • The Famous Flames
  • The Comets
  • The Blue Caps
  • The Miracles

As expected, much of the televised ceremony was spent honoring the big-name acts with celebrity introductions, acceptance speeches and performances, either by the artists themselves or as a tribute. I tuned in thinking I would only be interested in the performances by the acts I already loved, along with a couple of particular interest – namely the Green Day opening number and the Sara Bareilles tribute to Laura Nyro – but I soon found myself drawn in to the full drama of the evening.

I was amazed as I listened to John Mellencamp describe his early obsession with Donovan, at which point he held up his personal, original vinyl copy(!) of one of Donovan’s albums where you could see “Mellencamp” handwritten in black marker on the jacket – surely the mark of a teenager claiming ownership of a prized possession.

I was enthralled listening to the remaining two members of the Beastie Boys reminisce fondly of their teenage years in Brooklyn, myself knowing that the third Beastie (Adam Youch – MCA), who at the time of the ceremony was still battling cancer, had passed away only days before the event was televised.

I laughed when Stevie Van Zandt recalled the moment he and his band mates stared in disbelief at the cover of Rolling Stone magazine which confirmed that the lead singer of FacesRod Stewart – was white!

I laughed again hearing Chris Rock tell the story of the first time he and his friends saw the Red Hot Chili Peppers live. The only problem – they had intended to see Grandmaster Flash who was actually playing in a club a few blocks away. They had never heard of the Chili Peppers before that night.

Each presenter, one after another, paying tribute to the artists they loved, not as one celebrity honors another, but as fans; ordinary people idolizing the artists that motivated and inspired them, touching their lives in all different ways.

The performances were inspiring too. Freddie King and Donovon turned back the clock with a few of their original hits. Kid Rock and a host of hip-hop artists powered through a thundering Beastie Boys mash-up that rocked the house. Sara Bareilles performed a fantastic rendition of Laura Nyro’s Stony End evoking the full power of the Barbra Streisand version. Both Faces and Guns N’ Roses performed without their original lead singers (Rod Stewart was unable to attend, and Axl Rose – who knows?) but soldiered on with replacement vocalists.

There are certain singers whose vocal talents are so strong and so unique that they defy imitation. This is most evident when another vocalist attempts to do just that – imitate. It isn’t always obvious who such singers are until they are copied and the copy fails to stir the emotions as much as the original, but I can now say that Rod Stewart and Axl Rose are those kinds of singers. Their range and vocal power make it seem so effortless, but their substitutes illuminate their true talent. Don’t get me wrong, the performances were good and I still enjoyed them, but the originals are better.

Finally, the show concluded with a performance by the Chili Peppers. As the band took the stage, shirts off, it was hard to believe they have been making music for more than 30 years. They looked like they hadn’t aged a day as Flea and Anthony leapt all over the stage accompanied by all three of the drummers that had performed with them over their entire career. They stormed through full-tilt renditions of By The Way and Give It Away leaving everything on stage and showing why they are still one of the world’s top live bands.

When they finally invited the other inductees to join them on stage for a show-stopping rendition of Stevie Wonder’s Higher Ground, they brought the house down. Watching Flea attack his bass while jamming with Slash, Ron Wood, and Billie Joe Armstrong made for a fantastic ending to an amazing show.

Best and Worst of 2011

Well, it’s been a year since my last blog post, so I’ve got some catching up to do. And since this time of year seems to bring a lot of “best of” and “year in review” lists, I thought I would throw my hat in the ring and post a list of my own. It will give me a chance to review some of my favorite things from the past year, and at the same time bring this blog up-to-date (more or less).

So, without further ado, here’s the list, in no particular order:


  • Adele: 21 – I was a fan of Adele’s first album, 19 for some time, but this album has brought her music to a new level of popularity and acclaim. Of course, her sophomore effort has gained such widespread appeal and radio airplay that the music is coming dangerously close to the saturation point. However, this well is deep, and just as one song approaches the danger zone of ubiquitous airplay, here comes another gem that was waiting in the wings for its chance to shine.
  • Sara Bareilles: Kaleidoscope Heart Tour – I caught this tour twice in 2011 and I was not disappointed. The venues are getting larger, so that tells me I’m not alone in my appreciation of Sara’s live performances. With Kaleidoscope Heart, she now has a second major studio album to provide material for her set list, but she still throws in the occasional song from Cee Lo Green or Mumford & Sons. But don’t just take my word for it. If you’re looking for further proof of the brilliance of her live performances, I highly recommend Live at the Fillmore (DVD/CD combo) – don’t judge until you’ve listened to her live version of (Sittin’ On) The Dock of the Bay.
  • The Walking Dead – I guess technically this belongs in a Best of 2010 list, but I’ve included it here for a couple of reasons: First, it’s awesome! (although I have heard complaints about season 2 being too “talky”); Second, I feel it is largely responsible for mainstreaming the horror genre into serialized television. I don’t know if American Horror Story would have had a chance without it, and for that, I am grateful.
  • American Horror Story – Speaking of which, if you aren’t watching AHS, you should be! I was unsure how well a pure haunted-house story would translate to a serialized weekly, but personally, I was hooked before it even aired the first episode. Those amazingly sparse and cryptic TV spots and print ads did a fantastic job of piquing interest in the show while revealing almost nothing of the plot line. I couldn’t wait to find out what it all meant, and it hasn’t let me down yet.
  • Crazy, Stupid, Love – I know when I first think of “surprise ending” I don’t immediately think romantic comedy. They don’t seem to go together, but the ending of this movie caught me totally off guard. I couldn’t believe that so much could go so wrong, so quickly as it did in this film’s climactic scene. It was truly unexpected – and hilarious.
  • Fringe: Season 4 – In my opinion, Season 4 of Fringe is a gift – considering last year at this time I was nearly convinced that the show would wither and die in its new Friday night time slot. I’ve never been happier to say I was wrong! Not only did it survive the midseason move to Friday, it was quickly picked up for at least one more season – and is continuing to tell an interesting and unique story.
  • Game of ThronesWhen I finally became an HBO subscriber in late 2011, this was at the top of my list and it was well worth the wait. If you are thinking about climbing on board with this show, be warned, it takes some dedication to get all of the families/characters straight. It’s worth doing some homework to get the full impact of all of the cheating and backstabbing that the story has to offer.


  • Anything by Coldplay: but especially Mylo Xyloto
  • Adele’s throat condition: causing her to cancel most of her U.S. tour.
  • The death of Amy Winehouse: The news probably came as a surprise to no one, but still managed to shock the world. The singer, known for her binges of substance abuse and tendency for nearly incomprehensible performances, was found dead in her home on July 23, 2011 at the age of 27, joining the likes of Jim Morrison, Jimi Hendrix, Janice Joplin and Kurt Cobain in the Forever 27 Club.
  • Netflix: I wouldn’t have thought it was possible, but Netflix managed to go from top-of-the-heap status to “why am I paying for this” in one fell swoop. It’s becoming harder for me to justify my monthly fee when I no longer get DVDs, and it seems like every movie I want to watch isn’t available for streaming. Furthermore, it’s only going to get worse if they can’t settle their disagreement with Starz in time for the contract renewal. Can you say “Hello, Hulu Plus?”

So, what do you think?  Agree?  Disagree?  Think I forgot something major?  Let me know in the comments section or on Facebook!