2109-05-08

Security

Credential Stuffing:

It’s an overly-complicated name for a simpler concept. In credential stuffing, attackers use already-exposed passwords to access new systems. This attack works because many people use the same password for multiple things.

How can you protect yourself?

  1. Signup for Have I Been Pwned. Any time a service or HIBP warns you that your account may have been compromised, reset your password for that site.

  2. Use a password manager (like LastPass or 1Password) as a hassle-free way to create unique passwords for each place you login. Use it for everything.

  3. Enable multi-factor authentication (MFA) for your key accounts. Most major services will have information on their site about how to do this. Note: it may be called “Two-factor authentication” (2FA).

    1. Enable MFA for your password manager first

    2. Next, enable MFA for the email address(es) that you use to sign up for most sites, as this also helps protect your password resets

    3. Finally, consider enabling MFA for critical sites, such as banking

Finally, ZDNet has more about how credential stuffing works at scale.

If our privacy extends only as far as we expect it to, then as soon as we begin expecting companies to collect lots of data about us, we stand to lose our Fourth Amendment protections for that data. The frequent data breaches we are exposed to and the continuous analysis of our information for the purpose of serving us ads may not just be changing our attitudes and ideas about privacy. They may actually be changing our legal rights, simply by rewiring our expectations of how much control we have over our personal data.

from Losing Our Fourth Amendment Data Protection by Josephine Wolff

While it seems bleak, there are many options to address this threat.

Should we learn how to live in a post-privacy society? Work to change our laws? Get better at protecting our data? Stop using ad-based systems?

Lenny Zeltser has created the Cybersecurity Checklist for Political Campaigns, basing the advice on how various campaigns have recently been targeted. Much of the advice is relevant for other organizations, as well.

Do you agree with the steps? Is he missing any key advice?

Society

In contrast to marches or other “top-down” organized protests, these creative nonviolent tactics have the potential to harness the imaginations and dynamism of more people in the community as they take ownership and become co-creators of their actions.

from How creative protests to improve everyday life in Zimbabwe circumvent repression by James L. VanHise

What ideas in this story inspire you? What inventive tactics could you use to make sustainable changes in your community?

Shareholders Demand To Know How Northrop Grumman Will Protect Human Rights While Building Massive DHS Database by Jason Kelley

Private companies aren’t subject to the same pressure as elected officials and government agencies, but it’s unsurprising that shareholders are recognizing the serious harm to civil and human rights the company will be linked to through its work on this project. Transparency is often the first step towards accountability, and we are glad to see shareholders holding the company to account, and pressing it to publicly report how it applies its human rights policy to its work building technology that endangers human rights.

Biometric and behavioral data are easy to lose and abuse. Working with them—or any other powerful and dangerous data—requires a high standard of ethics and accountability.

Where can you be a good steward or advocate for safety of data—and the people behind the data?

"Punch up, not down” might apply to “disruption”, too:

When you’re building a new platform, your targets should be the slow, inefficient mega-corporations further up the food chain. By punching up here, you’re probably removing gatekeepers and democratizing a part of the market that had been previously locked up by one or two established players. Conversely, if your technology disrupts, say, public transport or the social welfare system, you’re punching down: your platform negatively affects people with less power than you. Rather than democratizing, you’re locking up an important resource that was previously owned by the people.

from Always Punch Up by Ben Werdmüller

Had you heard of “Punch up, not down” before? Many have used it as an ethical benchmark for humor and critique. Do you agree it could be useful in other domains?

Self

Generally speaking, our culture does not promote sitting still, and that can have wide-reaching consequences for our mental health, well-being, productivity and other areas of our lives.

from The Case for Doing Nothing by Olga Mecking

Do you practice Niksen, meditation, or other techniques that help with focus, creativity, and mental health? What do you find most helpful?

Whereas ordinary fitness is about size and ordinary sports is about achieving the best performance under the best conditions, functional fitness is about strength, agility, speed, dexterity and achieving the best performance under the worst conditions.

from Modern “Fitness” by Jason

It seems that “functional fitness” is the resilient form of fitness. What’s in your fitness regimen?

Conclusion

Thanks for reading. Pleas share your answers or thoughts in the comments or on anchor.fm!

The next podcast will be about my “Digital Detox” during Lent. If you have questions about it, submit them here or in anchor.fm.

Subscribe now

View comments