Staying Safe on the Internet

Featured

Just in time to catch the last few days of National Cybersecurity Awareness Month, my long-time colleague and friend John Bennett has written a helpful and inexpensive ebook about staying safe on the Internet for lay people. Its name is Safety Net, and it is available for the Kindle here:

I was one of the reviewers and I think John did a great job of covering the essentials for Internet safety, and explaining how the bad guys think and work to steal your money and your personal information. I highly recommend it.

Disclaimer: John interviewed me for the book, so I may gain publicity for my consulting practice as a result of your purchase, and, he and I are discussing other information that we might publish together in the future. I do not receive any part of the money that you pay for the book, however.

Video Teleconferencing Tips

Here are some tips that can help your video teleconferencing experience be a pleasurable one.

1 – Check it out ahead of time. Make sure your audio and video work, and so forth. If you wait till the last minute your experience may be suboptimal.

2 – Let others in your household know that you are in a video meeting. It has happened in the past that people have had family members be surprised when they accidentally wandered onto camera.

3 – Check out your lighting. Please don’t have all the light in your room be directly behind you. The meeting participants won’t see you, they’ll just see the halo :-) I myself have lights to each side that reflect off the walls (although, if you have walls that are painted green, the results may be below par :-)

4 – Check your camera angle. A low camera angle often gives other participants a less-than-flattering view of your countenance. You might want to place your laptop or monitor on a pile of books or reams of printer paper to get the camera high enough for the ideal view.

5 – Open the chat window. Most conferencing software has a chat facility. You can use it if there is an audio problem, or to ask questions.

6 – Be conscious of background noise. People clearing dishes or using a leaf blower or a TV in an adjacent room can be distracting. If that happens, the meeting host may mute your microphone. You can use the chat window to ask to be unmuted. You can mute your own mike if you wish, using the on-screen controls. If you are hosting a large meeting it may be best if your start all the participants with their microphones muted, and let them unmute when they need to speak.

7 – Experiment! I am a big fan of the “grid” view – it reminds me of the old Hollywood Squares program.

8 – If you are going to share your screen, make sure you look it over carefully ahead of time. There might be something on there that you don’t want the other meeting participants to see.

9 – Another tip for screen sharing. Some computers will pop up little message windows when you receive text or email messages, or when it is time for an appointment. You will want to turn those off. They are distracting at best and might be embarrassing to boot. On a Mac you can control them at Apple Menu > System Preferences > Notifications > Do Not Disturb . If you know how to do this on a Windows system, please leave a comment and I’ll add that to this item and give you credit.

10 – A headset can make your voice easier for others to understand and vice versa. If you have a headset, give it a try and see how you like it.

11 – Center your video window below your camera so that when you look at the other participants, it will appear to them that you are looking them in the eyes.

12 – Real time media streams like live video and audio are sensitive to other traffic on your Internet connection, so it may help if other users abstain from using the net during your conference. This can be particularly true if you have a relatively low-bandwidth connection such as 3G wireless or DSL.

13 – When you schedule new Zoom meetings, please make sure that the “Require Password” box is checked. There is an existing situation (called Zoom-bombing) where attackers are able to identify active public Zoom meetings (i.e. non-password-protected meetings) and join them uninvited, then deliberately disrupt the meetings in various ways, like playing loud music, shouting streams of invective and profanity, or displaying disturbing / pornographic images. This type of attack can be avoided if you use a password with the meeting.

14 – Remember that if one uses a free Zoom account to host a meeting with three or more participants, the meeting will be limited in length to 40 minutes. At the 40 minute mark it shuts down abruptly and without warning. So it might be best if these meetings are planned to be 35-ish minutes long, and that the host set a timer to warn them when the end is near.

15 – Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people via email or text message.

16 – Unless your meeting requires screensharing by participants, change screensharing to “Host Only.”

17 – Make sure that you and your meeting participants are using the updated version of remote access/meeting software. In January and March 2020, Zoom updated their software, adding security and privacy bug fixes and features that you will want to have.

As time goes by you will become accustomed to the software and you’ll appreciate the convenience of this technology.

Product Security Reviews – Where To Start

If your development team is reviewing your product for security vulnerabilities, start where everyone else’s products are vulnerable. In work funded by the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), MITRE Corporation maintains the Common Weakness Enumeration (CWE), a formal list of software weakness types. It was created to:

  • Serve as a common language for describing software security weaknesses in architecture, design, or code.
  • Serve as a standard measuring stick for software security tools targeting these weaknesses.
  • Provide a common baseline standard for weakness identification, mitigation, and prevention efforts.

Each year, MITRE publishes the Top 25 Most Dangerous Software Errors, a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. This year’s list is now available:

2019 CWE Top 25 Most Dangerous Software Errors

Lessons Learned Operating Uber’s Payment System

Gergely Orosz wrote this article on the lessons he learned operating Uber’s payment system. I enjoy reading about other people’s experiences and perhaps you do as well. Some of the things that Gergely presents here resonate with my experiences running systems for Cengage Learning and InSpeed Networks, and performing reviews of the systems of my consulting clients. At least a few these lessons I learned operating nuclear power plants on submarines in the Navy. Yes, I still have the scars, both mental and physical.

Operating a Large, Distributed System in a Reliable Way: Practices I Learned

HTTP Security Headers and Security Scorecards

If you wander around the exhibition floor of your favorite Information Security conference, you will certainly find companies that sell a security scorecard service for web applications and web sites in general. My first question to these folks is always “how do you score the sites?” In this handy article, Charlie Belmer explains the connection between HTTP Security Headers and Security Scorecard scores, and provides a convenient reference to HTTP Security Headers as well.

HTTP Security Headers – A Complete Guide

Sleep Deprivation

Sailors and other military personnel. Medical residents. Students. Truck drivers. Software developers. All are known to experience extended periods without sleep, required by their jobs or circumstances. Others can’t sleep even when they want or need to. But lack of sleep can have serious implications for the affected individual and for those around them, and often, the sleep-deprived person doesn’t even realize that they are performing at a sub-par level. How to Sleep

What’s happening here?

Since June 1995 I’ve operated my own domain on the Internet. Running web, email, and DNS servers has turned into a full time job, at least if you want them to be reliable and secure, and I already have a full time job. During the month of December 2013 I am shutting down my servers and moving to commercial providers in order to spend more time with my family, and not have to make hard choices when hardware fails or critical patches are released. What you see here is the new mellis.com web presence, hosted by WordPress.