Weekly output: cybersecurity, pay-TV satisfaction, U.S. vs. Huawei, personal air transport, open-source SaaS, Collision conference

I don’t have to fly anywhere Monday, which seems a cause for joy after the last six weeks of travel.

5/21/2019: Cybersecurity: In search of the Holy Grail?, Collision

This somewhat broad description yielded a talk on what we’re doing wrong in infosec with defy.vc managing director Trae Vassallo, Veracode co-founder Chris Wysopal, 4iQ CEO Monica Pal, and Emerson Collective managing director (and former Democratic National Committee CTO Raffi Krikorian. I will add a link to video of this (and the other panels I moderated in Toronto) whenever the organizers post it; in the meantime, enjoy the picture by my friend John Ulaszek.

5/21/2019: Comcast, DirecTV and others suffer another round of low customer satisfaction scores, FierceVideo

I wrote up the latest findings of the American Customer Satisfaction Index survey for my occasional trade-publication client FierceVideo.

5/21/2019: U.S. vs. Huawei, Al Jazeera

I talked to AJ’s Arabic-language news channel about the growing isolation of the Chinese telecom firm via Skype from the Collision speaker-prep lounge; if you watched this hit live, that setting should explain the dull backdrop.

5/22/2019: The race to rule the skies, Collision

My second Collision panel featured Gwen Lighter, founder and CEO of the GoFly competition, and Ben Marcus, co-founder of the drone-cartography firm AirMap, talking about efforts to enable personal air transportation.

5/23/2019: Open source in the SaaS era, Collision

Panel number three of this week called for me to interview MongoDB CTO Eliot Horowitz, and that proved harder than I’d expected: The stage acoustics made it difficult for mo to hear complete sentences from him.

5/24/2019: At Collision conference, Facebook and the rest of tech gets taken to task once again, USA Today

I wrote a recap of the conference for USAT that noted the general distaste for Facebook’s reach and conduct as well as the lack of certainty over what, exactly, we should do about that company.

Advertisements

Weekly output: #DIV/0!

For the first time since two Augusts ago, I have no new bylines in a week. I did file one story, not yet posted, and get much of the reporting done for two others–after losing much of the first two days from having our schools closed after last weekend’s snowstorm–but it’s still annoying to have this post equate to a divide-by-zero error.

And that happened even though I worked for a good chunk of this weekend: I spent most of Saturday at the Shmoocon cybersecurity conference in D.C. I connected with people much better-informed than me, picked up some useful insights that I hope to turn into a post, caught up with an old friend, and enjoyed spotting the hilarious National Security Agency recruitment ad pictured at right. (No, I did not plug in my phone.)

Having this con take place at the Washington Hilton provided a bonus level of amusement. I’ve been at the venue Washingtonians call the Hinckley Hilton for many other events, but none had involved so many people with hair dyed interesting colors and on-message t-shirts (e.g,, “Crypto means cryptography”). That was an excellent change-up from this hotel’s usual overdressed look.

2018 in review: security-minded

I spent more time writing about information-security issues in 2018 than in any prior year, which is only fair when I think about the security angles I and many of other people missed in prior years.

Exploring these issues made me realize how fascinating infosec is as a field of study–interface design, business models, human psychology and human villainy all intersect in this area. Plus, there’s real market demand for writing on this topic.

2018 calendarI did much of this writing for Yahoo, but I also picked up a new client that let me get into the weeds on security issues. Well after two friends had separately suggested I start writing for The Parallax–and after an e-mail or two to founder Seth Rosenblatt had gone unanswered–I spotted Seth at the Google I/O press lounge, introduced myself, and came home with a couple of story assignments.

(Lesson re-learned: Sometimes, the biggest ROI from going to conference consists of the business-development conversations you have there.)

Having this extra outlet helped diversify my income, especially during a few months when too many story pitches elsewhere suffered from poor product-market fit. My top priority for 2019 is further diversification: The Parallax is funded by a single sponsor, the Avast security-software firm, which on one hand frees it from the frailty of conventional online advertising but on the other leaves it somewhat brittle.

I’d also like to speak more often at conferences. Despite being half-terrified of public speaking in high school, I’ve become pretty good at what think of as the performance art of journalism. This took me some fun places in 2018, including my overdue introduction to Toronto. (See after the jump for a map of my business travel.)

My focus on online security and privacy extended to my own affairs. In 2018, I made Firefox my default browser and set its default search to DuckDuckGo, cut back on Facebook’s access to my data, and disabled SMS two-step verification on my most important accounts in favor of app or U2F security-key authentication.

At Yahoo, it’s now been more than five years since my first byline there–and with David Pogue’s November departure to return to the New York Times, I’m the last original Yahoo Tech columnist still writing for Yahoo. My streak is even longer at USA Today, where I just hit my seventh anniversary of writing for the site (and sometimes the paper). Permanence of any sort is not a given in freelance journalism, and I appreciate that these two places have not gotten bored with me.

I also appreciate or at least hope that you reading this haven’t gotten bored with me. I’d like to think this short list of my favorite work of 2018 had something to do with that.

Thanks for reading; please keep doing so in 2019.

Continue reading

Black Hat priorities: don’t get pwned, do get work done

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.

Weekly output: net neutrality, cybersecurity advice, Photobucket

In an alternate universe, I’d be heading to New York Tuesday for CE Week, but I had a panel invitation here and none there. I also recalled how low-key last year’s conference was, so I decided to stick around here after I’d already put in for a press pass. To everybody who’s pitched me about their CE Week exhibits or events (which seem to be more numerous than last year’s): Sorry!

7/3/2017: How open-internet rules are actually helping consumers, Yahoo Finance

Yet another net-neutrality post? Yes. This one covered two angles I had not addressed adequately before. One is how Internet providers’ own deployment figures show they’ve kept on expanding their networks after the advent of open-Internet rules. The other is the poor odds of a small ISP getting the time of day from a major streaming-media service, much less inking a paid-prioritization deal that would yield enough money to finance broadband buildout.

7/3/2017: ICD Brief 47, International Cybersecurity Dialogue

This group’s newsletter quoted my critique of the cybersecurity lessons offered in a French TV report. I didn’t find it much more helpful than much of the infosec advice you’ll see in mainstream coverage.

7/7/2017: The big lesson from Photobucket’s ‘ransom images’ debacle, Yahoo Finance

It’s been years since I last uploaded any pictures to Photobucket, but only a decade ago it led the market for online image sharing. Its subsequent descent into a) becoming an ad-choked hell and b) demanding that free users who had accepted its invitation to embed their photos elsewhere switch to paying $400 a year is sad on a lot of levels.

Weekly output: HP and ink, cybersecurity, journalism and biz-school PR, unlimited data, EMV chip cards

Once again, the Nationals are headed to the postseason. Since our last two bouts of October baseball ended badly–the excruciating game 5 of the 2012 NLDS still haunts me–and the team has gotten whacked with injuries lately, I’m not super-optimistic about this one. Fortunately, I have the election to distract me by providing an alternate source of stress.

9/26/2016: How HP’s decision to reject some ink cartridges reflects a much bigger problem, Yahoo Finance

First I thought this post would be a great opportunity to use a still image of the printer-execution scene from “Office Space,” then I realized there was a good point to be made about the risks of using automatic security updates to deal with business-model problems. Two days later, HP confessed that it “should have done a better job of communicating” about the software update that disabled some third-party ink cartridges and said it would provide an optional patch to disable the offending feature.

9/27/2016: Here’s the cybersecurity debate Clinton and Trump should have had, Yahoo Finance

I wrote a quick recap of the cybersecurity issues that Hillary Clinton and Donald Trump could have gone over during Monday’s debate. Will these topics get a reasoned discussion during the two other debates? I’m going to say no.

bam-media-panels9/29/2016: Media Panel, Business Access Media

My role in this conference for business-school PR and communications types was to speak briefly about what I cover, then answer questions from attendees. As the one freelancer speaking, I could offer a different perspective than my fellow panelists, all full-time staff: Economist finance editor Tom Easton, the BBC’s Anthony Zurcher, CNN national correspondent Ryan Nobles and Marketplace Radio education reporter Amy Scott.

(Zurcher and I not only went to Georgetown, the conference venue, but worked together at the Georgetown Voice. You can imagine my disappointment that nobody in the audience asked “how did you all get into journalism?”)

10/2/2016: Why you may be able to finally ditch that old unlimited plan, USA Today

Right after my editor asked me to revisit this question, I had two different people show per-app data usage details on their iPhones that had not been reset since 2013, making them useless for getting a sense of how much data they should get. Apple, please fix that feature so the count resets once a month.

10/2/2016: Why the chip card isn’t the disaster everybody says it is, Yahoo Finance

I don’t know if I’m going to convince anybody with this, but the small extra wait to have an EMV chip-card payment read–far less time than I lose to checkout lines–doesn’t bother me much. I do, however, appreciate being able to pay with plastic overseas without getting funny looks or (most of the time) having my card rejected by a ticket-vending machine.

Weekly output: e-mail security, unlimited 2G wireless data, Verizon’s new plans

This has been an exhausting week in all the wrong ways. I won’t miss it.

Yahoo Finance Clinton e-mail post7/6/2016: The worst thing Hillary Clinton did with her email, Yahoo Finance

I started writing this story months ago as a general guide to staying secure while staying connected overseas, but I kept putting it off. And then FBI director James Comey’s conclusion of the Bureau’s investigation of Hillary Clinton’s reliance on a private e-mail server as Secretary of State noted that she used this mail service while traveling “in the territory of sophisticated adversaries.” Boom, news peg.

I tried to make clear in the piece how many mysteries remained about the security of this setup, but all of those subtleties apparently went over the head of the commenters accusing Clinton of treason or worse. (For a while, the comments were topped by a particularly unhinged gem from an avowed 9/11 Truther.) Clinton Derangement Syndrome seems alive and unwell.

7/8/2016: Those massive data overage charges may soon be a thing of the past, Yahoo Finance

Verizon Wireless’ announcement of new price plans that add the option of unlimited 128  kbps data even after you exhaust your data cap reminded me of a thought I’d had at a telecom policy panel this winter: This kind of slow-but-unlimited fallback service represented a content-neutral, user-empowering form of “zero rating.”

7/10/2016: Verizon’s new plans don’t have to cost extra, USA Today

I did the math for those plans and identified a few cases in which a current VzW subscriber could save some money by switching to them. This story, unlike Wednesday’s, featured a non-toxic comments thread that already includes some replies by me.