Facebook usage to drop 80% by 2017?

Facebook to lose 80% of its users?

While the Princeton study that this prediction is based on has not been peer-reviewed, it is an interesting prediction.  Recently we’ve seen high school students, college students, and those who have recently graduated from college (millenials?  ages 22 to 30) start abandoning FB for other social media sites, or at least complementing their use of FB with the other sites.  Why?

One valid reason is that their parents (me?) are using FB.  And even if their parents aren’t their friends, it’s just “not cool” to use the same media as people in their 50’s.  Another reason might be the importance prospective employers place on the use of FB to vet prospective employees.

While the future might hold a drop in the rate of new users to FB (what’s the ceiling to its membership, anyway?), as long as Zuckerberg and his team keep finding new social media outlets to purchase and integrate into FB in order to keep it relevant, and the advertising revenue continues to flow into Menlo Park, this is still an iffy projection at best. 

And besides, those of us who are over 40 and use it generally use it for a different purpose than our children – not necessarily as a means to make plans to get together (as our children use social media), but to keep in touch with distant relatives, friends (real friends, not FB “friends”) and people from our past who actually mean something to us.

Identity theft vs. online tracking

Most Americans more worried about identity theft than online tracking

I ran across this article from dark READING online back in late December, and I found the results of the study in the article fascinating.  The results of the study claimed that:

“Overall, 75% are worried about their personal information being stolen by hackers and 54% are worried about their browsing history being tracked for targeted advertising,” the study says.

“However, when voters are forced to choose which one is more important to them, their focus is almost unanimously (87%) directed on the need to protect their personal information from those who would use the info to harm them,” the study continues. “Even those worried about tracking (the 54%) are more worried about hacking by an overwhelming majority (84% to 8%).”

To me, these results are somewhat contradictory.  We like to presume that most online tracking is done by legitimate businesses, whose cookies we have enabled.  We want them to provide us with information about their products, and, indeed, we almost certainly cannot buy anything from them without cookies being enabled.  But we cannot always be certain that the online tracking being performed against us is being done by legitimate sites.  If users of online services and businesses are serious about the safety of their identity, then they must also be concerned about who is tracking their activiities online as well.

One takeaway from the article that was positive is that more respondents of the study are taking their own online security seriously, and taking it into their own hands, for example, 73% of the respondents have chosen not to allow a service to remember their credit card information, and 53% have chosen to prevent an app from remembering or recording their location.  That’s praiseworthy, but one interesting result was that 65% of the respondents have chosen to disable cookies.

It’s an unfortunate aspect of online business, but as I tell my students, you have to “give in order to get.”  If you want to purchase that airline ticket from Delta, that hotel room from the Hilton group, or that jacket from LLBean, at some point you’re going to have to not only enable cookies (at least for those sites), and you’re going to have to submit your credit card information online, even if you don’t store it on their sites.

You just have to be careful about (1) who you do business with and (2) maintaining the strongest security posture you can on all of your devices.  And the positive outlook from the article is that more people are doing just that – being more proactive about their own security.  No one’s going to protect you, except you.

90% of SCADA systems could be exploited by Metasploit

From cyberwarzone.com:

Mr Tarasov said: “If this happens in IT systems, the worst that can happen is your system stops working, but when you’re talking about power plants, then your power stops working.
“Anything that’s connected to critical infrastructure is very serious, basically the consequence can be from really small to really huge and catastrophic.

“The main problem is that this world of ICS and SCADA systems was historically offline, so if you put the system in place, you could control your train and it was not in any way connected to your office network or corporate network or the internet, but now the situation is changing. Most of the equipment is now connected to your corporate network, which in turn is connected to the outside world.”

A really scary thought – that Metasploit could 90% of SCADA systems tested.  Now that so many SCADA systems are intertwined with other IT systems, it’s not just a matter of bringing down your business, it’s a matter of bringing down other businesses or systems as well.  Just think of it this way – students are taught how to use Metasploit for white-hat hacking in cyber security courses.  So it wouldn’t take someone conducting cyber warfare to pull this off – and even more frightening, the article states that the hackers were running a demo kiosk to access other SCADA installations, but were just told not to carry through with the attacks.  What if they had done that?  What if someone accidentally did that?  Not a pleasant thought.

This article truly brings home the need for cyber security and information security education.

Metasploit exploited 90% of SCADA systems

Vehicle traffic analysis – computers to the rescue!

A traffic analysis doesn’t require people as guinea pigs

Somehow you knew this one was coming – that all it took to do a “traffic study” on the George Washington Bridge was some existing sophisticated traffic modeling software that is readily available.  From Computerworld:

Real traffic engineering is a meticulous, safety-focused undertaking with some powerful software tools to work with.

“You certainly do not have to close lanes physically,” said Joseph Hummer, chair of Civil and Environmental Engineering Dept. at Wayne State University. The impact of a lane closure can be modeled. Those models are accurate in the short-term, plus or minus a couple of percent, on measures such as travel time and delay, he said.

There is software available to project traffic changes 30 years out and give “good enough” answers for long-range planning purposes.

So I guess this lends more credence to the presumption that Governor Christie’s aides arranged for this haphazard “study” as political payback as opposed to an organized, statistically valid analysis of traffic patterns.  Whether he was involved is obviously beyond the purview of Computerworld.

A new type of RAM would make us rethink how we teach computer science

A new type of RAM

Too bad the CES is this week instead of next week, when school starts.  Because this article from Computerworld about a new type of RAM being researched by Micron and Hitachi and being talked about at the Consumer Electronics Show this week in Vegas would turn what we know and what I teach in ITEC 2530 (operating systems) on its head.  Called MRAM, for magnetoresistive RAM, this chip would no longer be volatile RAM.  It would use a magnetic charge, rather than an electrical charge, to set the binary ones and zeroes in RAM. Since an electrical charge will only charge the chip when the computer is on, the contents of the chip are volatile and lost when the power is off.  This new chip, charged magnetically, has the capability to store the data even when the power is off, giving the chip permanent storage capability, just like flash memory.  But . . . and here’s the kicker . . . the new chips would outperform flash.

But there’s a significant problem to this that still would have to be overcome, or at least, would have to have a “work-around.” 

“A lot of people, in order to recover from system crashes and problems, will restart their computers. Well, it’s usually something bugged up in the memory, so if my memory stays even when I turn it off, then I have to find new ways of doing that,” said Coughlin.

As a result, computer makers might be forced to make more reliable systems, he said.

More on security for 2014 . . . encrypting files

In my last post, I discussed the importance of password security.  It’s going to be some time before the userid / password combination is replaced with anything else, so you’ve got to be careful about how you create, maintain, store, and secure your passwords.  Now it’s time to discuss another topic . . . the encryption of your files.

Sure, you may think that there’s not a lot on your PC that you need to encrypt, and maybe there isn’t. Your credit card bills may come in your e-mail, but they all have only the last four digits of the sixteen (Visa, MC) or fifteen (AMEX) displayed.  But let’s say you do have important documents that you want to keep on your PC, including bank and credit card statements.  Bank statements, why would you keep those?  Well, if you’re like me, and you do all of your banking online, your bank statements are online too.  So maybe you don’t need to download them to your PC, but if you’re going to balance your statement, you at least need to print them out.  So if you’re only going to print them, and not going to store them, you probably just need a good cross-cut shredder to dice them when you’ve balanced your checkbook.  But let’s say you do want to keep them on your PC, perhaps for convenience’s sake.  How can you keep them safe and secure?

You could place them in an encrypted Windows folder, and that’s not that hard to do.  Or you could download TrueCrypt, which is free software that allows you to create an encrypted volume (I recommend that you create it at least 1 GB in size) that, using public key (asymmetric) encryption via an RSA hash, allows you to mount the volume as an extra drive on your PC, secured by a password known only to you.  The drive (any of the letters provided in TrueCrypt, for example, an M drive) is invisible until you literally “mount” it with your password.  Then you move files into and out of it, just like you would any other drive (e.g., your C drive) or folder in Windows Explorer.  Once the files are moved into the drive, you “dismount” it, and it’s invisible again.  The beauty of TrueCrypt is that you can copy the volume to another media, such as a USB drive, download TrueCrypt onto another machine, and mount the drive off of your USB drive, and all of the files are available to you, secured on that drive.

There are many other encryption solutions, but this is one that I teach my students, because it’s easy to use, it’s flexible and portable, and it IS secure.

Another common-sense, easy to use, solution for securing yourself in the coming year.  The “bad guys” are coming, so you have to be ready for them.

A new year . . . what you should do to stay secure

So we rang out 2013 with hacks of Snapchat and the ginormous hack of Target.  While snapchat may not have affected millions, it was estimated that Target affected potentially 40 million credit/debit accounts.  It’s not going to end with these hacks . . . we’re going to be facing a never-ending series of attacks on our privacy and security.  So what can you do in 2014 to protect yourself?  Here are some good tips:

  • It sounds crazy, but do you even know how many different userid/password combinations you use?  Of course you don’t.  So the first thing you need to do is inventory your userids/passwords.  That’s right, inventory them.  Make a list (preferably off-line, on paper) of all of the userid/password combinations you use, and their corresponding websites.
  • If you store these userids/passwords in a browser (IE, Firefox, Chrome) get them out of there!  It’s a little harder in Google Chrome, but it can be done.  Indeed, the best place to start your inventory of userid/password combinations is to look into the passwords you stored in your browser.  After writing them all down, delete them from the browser.
  • At this point, you might want to change these passwords.
  • Get an online password manager, like Lastpass.  Create a unique, unbreakable, long (12+ characters) memorable password for that password manager site.  Check the strength of your new password using a site like www.passwordmeter.com
  • Enter your passwords into Lastpass.  What you are actually entering is the URL for the login page for each site, and your userid/password.  For a financial site that needs extra security, you might want to Require Password Reprompt, so that every time you access that site, you have to reenter your Lastpass password.
  • Note that you can also have Lastpass generate a unique, non-meaningful, scrambled password for your sites.  I would recommend this only if you are always going to only use Lastpass to access your sites.
  • In FF, you can download the Lastpass toolbar right into the browser.  When it’s on, it’s red.  When it’s not, it’s grey.  When you are done using FF, and you shut it down, it’s best if you turn off Lastpass.
  • What about your mobile devices?  You can use Lastpass for free on an iPad, but if you want to have the functionality of Lastpass from an Android phone or an Apple iPhone, you’re going to have to pay for it.  It runs about $3 a month, but if you’re going to be using it frequently from those devices, you might want to consider it.  It’s probably OK for the device to store your userid, but ALWAYS ensure that you have selected that the device NOT remember your password.  So it better be something you can remember, but something that’s really unique.

So these are some good ideas for passwords.  There are other password managers, and I’m not a shill for Lastpass, but I like the way it works, and especially the way it organizes my passwords into categories.

For my next post, I’ll discuss encryption of data, but for now, let’s get started toward better security in 2014 by securing our passwords.