Black Hat priorities: don’t get pwned, do get work done

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.

Advertisements

My no-longer-secret Bitcoin shame

Bitcoin has infested tech news lately–the cryptocurrency’s unlikely rise in value, its subsequent and unsurprising fall in value, what complete tools Bitcoin zealots can be in front of a reporter, and so on and on. I’ve watched all of this as an unwitting spectator.

Yes, I’m one of those doofuses who forgot a password to a Bitcoin wallet. At least I have a half-decent excuse: CES.

I didn’t go to the gadget show in 2014 planning on investing in Bitcoin, but one of the first events I attended featured a diverse contingent of BTC startups, one of which had a dollars-to-Bitcoin ATM. How could I not gamble a few bucks to earn an anecdote to throw into a Bitcoin explainer?

I put a $5 bill into this thing and followed an exhibitor’s advice to install the Mycelium wallet app on my phone, scan a QR code off the ATM’s screen, and set a 15-character passcode to protect my stash of .00513 BTC.

Guess what I forgot to do as I headed to my next CES appointment?

I then mostly ignored the app, except for the occasional check to see how my investment had decayed. That habit faded, and when I tried resetting my phone the next fall to fix some touchscreen bugginess, I didn’t even think about the risk of losing access to my tiny Bitcoin hoard.

By which I mean, I didn’t even think to open Mycelium until several months after that unsuccessful phone-troubleshooting exercise. Then I realized that I could no longer remember the 15 characters I’d typed on my phone’s screen two years earlier, without which I could not restore the backup I had made right after my ATM transaction.

That’s where things have remained, even as Bitcoin’s value has soared and then plummeted. It’s annoying, but at least I have two things going for me: The app won’t lock me out as I keep guessing the passcode incorrectly, and at the current exchange rate I’m only out $57 or so. I’ve done much worse gambling in Vegas.

Weekly output: a bum Bitcoin deal, CES recap, Facebook and trusted news

The week after CES is always among my less productive ones–but this year, I can’t blame that on coming down with a CES-transmitted cold. Fortunately, I have the Dealmaker-in-Chief’s accomplishments of the past few days to put my own in a more positive context.

1/15/2018: Kodak bitcoin miner: What this dubious scheme says about technology’s misdirection, USA Today

My last post about CES unpacked a dubious Bitcoin-mining proposition on display in Kodak’s booth.

1/16/2018: Techdirt Podcast Episode 150: The CES 2018 Post-Mortem, Techdirt

I spent an hour or so talking with Techdirt’s Mike Masnick about what we saw at CES and what that suggests about the state of technology. Once again, I was struck by how more than two decades of practice at CES did not stop me from missing some interesting things at the show.

1/20/2018: Facebook and trusted news sources, Al-Jazeera

The news channel had me on to talk–as usual, overdubbed live into Arabic–about Facebook’s announcement that it will survey its users to see which news sites they trust, then prioritize those sources in the News Feed accordingly. I expressed my doubts about that idea, noting that a survey done last summer by the University of Missouri’s Reynolds Journalism Institute found that ranked Buzzfeed less trustworthy than Brietbart News–and that the conspiracy-theory outlet Infowars outranked both.

Weekly output: Meltdown and Spectre, CES 2017 revisited, CES 2018 (x3), TV technology, IoT security, Last Gadget Standing, Volocopter, Facebook News Feed

CES 2018 is done, but I’m nowhere near done recovering from the sleep deficit I ran up during my 21st consecutive trip (!) to the Consumer Technology Association’s gargantuan gadget show. While I try to catch up with that, why not have a look at my Flickr album from the convention?

1/8/2018: That big computer security flaw has one hidden value, USA Today

Not long after this post about the Meltdown and Spectre processor bugs went up Monday, we updated it to note that Apple had since posted a second batch of updates.

1/8/2018: How the hottest gadgets from CES 2017 panned out, Yahoo Finance

This exercise in self-accountability journalism is something I should do before every return to CES… and Mobile World Congress and SXSW and Google I/O and Web Summit, etc. etc.

1/9/2018: CES report, WTOP

I did a live radio interview without having had any coffee, which is always a risk. At least Washington’s news station quizzed me on-air early in CES week, when my voice was still mostly intact.

1/9/2018: CES 2018: The TV set will not be revolutionized, Yahoo Finance

The headline “The television will not be revolutionized” popped into my head as I was sitting in a CES press room Tuesday, and I knew it was the obvious headline for a post about the state of the TV even if there was no way I was the first to think of it. (Indeed, I wasn’t.) And then the copy desk tweaked the hed slightly anyway.

1/11/2018: CES 2018 Day 4 roundup: Self-driving cars and insanely big screens, Yahoo Finance

I shot this video recap with my Yahoo colleagues Dan Howley and JP Mangalindan after a few false starts that would make a great bloopers reel (one of us kept bursting into a stream of curses after flubbing a line, and that person wasn’t me). Looking at the video now, it’s clear that I didn’t tuck in my shirt properly or talk with my hands sufficiently.

1/11/2018: What a security expert thought of a few new smart-home devices at CES 2018, Yahoo Finance

In case people think that all CES pitches are a waste of time, this post started when I got an e-mail from a publicist for a local cybersecurity company that I’d talked to in October. I answered that offer of security insight by saying that what I could really use was a chance to follow the company founder around the CES floor to see him quiz various smart-home companies.

1/11/2018: Last Gadget Standing, Living in Digital Times

For the second year in a row, I helped judge this contest and introduced one contestant. (As you can see from that Facebook Live clip, I momentarily blanked on the name of one of the company founders.) The gadget in question, the Play Impossible Gameball, won the in-person vote–not because of anything I said, but because the founders put on a great presentation and had a fun, reasonably priced product.

1/11/2018: Intel wants this drone to fly you around, Yahoo Finance

Wednesday morning, I got to the Las Vegas Convention Center by 8 a.m.–it was the one traffic-free ride to there I had all week–for an up-close look at the passenger-carrying drone that Intel had shown off at Monday evening’s CES keynote.

1/12/2018: The weirdest tech of CES 2018, Yahoo Finance

I started writing this Thursday night at McCarran Airport before a sequence of flights that brought me to Dulles around 7 a.m. Friday, then finished the post at home that afternoon in a haze of sleep deprivation.

1/13/2018: Facebook’s new News Feed, Al Jazeera

The Arabic news channel had wanted me to talk Friday about Facebook’s coming de-prioritization of public pages in the News Feed. Fortunately, I had a schedule conflict more specific than “I’m so tired I need to sound out my words,” so they pushed this hit to Saturday.

CES 2018 travel-tech report: Ethernet lives!

I survived another CES without having my laptop or phone come close to running out of power during the workday, which is worth a little celebration but may also indicate that I did CES wrong.

One reason for this efficient electrical usage is that I showed up in Vegas for a new laptop for the first time since 2013. The HP Spectre x360 laptop that replaced my MacBook Air couldn’t get through an entire day without a recharge, but plugging it in during lunch and any subsequent writing time freed me from having to think about its battery for the rest of the day.

The Google Pixel phone I bought last summer was thirstier, mainly because I could never really put that down even after dark. But I still never needed to top off the phone with the external charger I bought.

Having both the phone and laptop charge via USB-C delivered an added bonus: Whenever I was sitting near an electrical outlet, I could plug either device into the laptop’s charger.

CES telecom, however, got no such upgrade. The press-room WiFi worked at the Mandalay Bay conference center but often did not in the media center I used at the Las Vegas Convention Center. And having to enter a new password every day–what looked like a misguided episode of IT security theater–did not enhance the experience.

Fortunately, the cheap USB-to-Ethernet adapter that my MacBook had inexplicably stopped recognizing a few years back worked without fuss on the HP so I often reverted to using wired connections. The irony of me offering an “it just works!” testimony to a Windows PC is duly noted.

T-Mobile’s LTE, meanwhile, crumpled inside the Sands and often struggled to serve up bandwidth at the LVCC. More than once, this meant I had to trust my luck in CES traffic when Google Maps coudn’t produce any road-congestion data.

I packed two devices I’ve carried for years to CES but only used one. The Belkin travel power strip I’ve brought since 2012 avoided some unpleasantness in a packed press room Monday but wasn’t necessary after then. The Canon point-and-shoot camera I’ve had since 2014, however, never left my bag. The camera in my Pixel is that good for close-up shots, and I didn’t come across any subjects that would have required the Canon’s superior zoom lens.

I also didn’t come across a worthy, pocket-sized successor to that “real” camera at any CES booths. But with some 2.75 million square feet of exhibits at this year’s show, I could have easily missed that and many other solutions to my travel-tech issues.

How to get a CES PR pitch wrong

2018 is only six days old, and I have already received 725 e-mails mentioning “CES” somewhere–and that’s excluding those from colleagues at various clients.

Something about this gargantuan electronics show makes tech-PR types needier and thirstier than at any other time of the year–which, in turn, makes tech-journalism types crankier than at any other time of the year. It’s not a good look for any of us.

With that volume of pitches, any one CES PR e-mail faces dire odds. Those odds get a lot worse if the message gets some basic stuff wrong.

Undisclosed location: Proximity drives scheduling at CES, because the traffic is so awful, so I need to know where an event is at before I decide if it’s worth my time. If you don’t say where your event is at, am I supposed to think it’s at some venue miles from the Strip?

While I’m on the subject, a five-digit booth number is not that much of a help, since that could be anywhere in several square miles of convention-center space.

Unannounced time: More CES pitches than you’d think forget another Invitation 101 thing, telling me when an event is happening. Please remember to put that in the message–by which I mean in the message’s text, so mail clients can detect it and offer to add it to my calendar.

Micromanaged scheduling: The Pepcom and ShowStoppers receptions are an efficient way for smaller companies to get exposure to the press and for journalists to get dinner and a drink or three to numb the pain. I always attend them. (Disclosure: The ShowStoppers people put together my annual trip to the IFA trade show in Berlin.) I don’t mind PR pitches saying that a client will be at one of these events. I really hate requests to book an appointment at them; please don’t waste my time with them.

Breaking the laws of CES physics: Press-conference day and opening day of CES–this time around, Monday and Tuesday–are the two busiest days of the show. Coaxing journalists to some event that isn’t at the primary venue for each day (Mandalay Bay for press conferences, the Las Vegas Convention Center for opening day) is generally a doomed endeavor. PR folks reading this: I wish you good luck in convincing your clients to not try this next year.

Some of these event invitations come with an offer of a free ride to or from the LVCC. On opening day, that car will have to be of the flying variety.

Standard-issue mail #fail. CES is no better than any other time to forget about the BCC line in your e-mail and instead send a pitch to 258 people on the To: line. Somebody did that this time around, and it worked about as well as you’d expect. One recipient took the time to techsplain to the sender how he should check out the BCC option–“I heard it was rolled out at CES 1977”–and of course did so by hitting reply-all himself.

CES 2017 travel-tech report: My devices are showing their age

 

I took the same laptop to CES for the fifth year in a row, which is not the sort of thing you should admit at CES. I’m blaming Apple for that, in the form of its failure to ship an affordable update to the MacBook Air, but 2016’s Windows laptops also failed to close the deal.

My mid-2012 MacBook Air did not punish my hubris by dying halfway through the show and instead was content to remind me of its battery’s age by running down rapidly once past 25 percent of a charge. Seeing a “Service Battery” alert last fall had me thinking of getting the battery replaced beforehand, but my local Apple Store’s diagnostic check reported that I could hold off on that for a little longer.

2017-ces-gearWhen I had to recharge my MacBook, nearby attendees could also guess its age from the black electrical tape I had to apply to its power cord to cover a frayed area–yes, this is the power adapter I bought not even two years ago. In any darkened room, they might have also noticed the glow coming my from my laptop’s N key, on which the backlight shines through now that this key’s black coating has begun to rub off.

My Nexus 5X Android phone, my other note-taking device, kept bogging down as I was switching from app to app. If I could upgrade the RAM on this thing, I could–but, oops, I can’t. Its camera, however, once again did well for most shots, and T-Mobile’s LTE held up up except for press-conference day at the Mandalay Bay Convention Center.

WiFi was once again atrocious. I’m not surprised by this, only that the Consumer Technology Association tolerated this kind of crap connectivity at its most important event.

Two hardware items I know I can and should easily replace before next year’s CES are the USB charger I took for my phone and my travel power strip.

The remarkably compact charger that came with my wife’s old Palm Pixi almost 10 years ago still functions as designed, but it doesn’t charge my phone fast enough. I only took that item to Vegas because I lost the charger that came with my Nexus 5X (yes, the one I almost misplaced last year at CES) at Google I/O. I should have packed my iPad mini’s charger, which replenishes my phone much faster, but I won’t mind buying a cheap, fast-charging, two-port USB charger. Any endorsements?

My travel power strip also charges USB devices slowly, but the bigger problem is this Belkin accessory’s relative bulk. The Wirecutter now recommends a more compact Accell model; remind me to get that sometime soon.

I’d written last year that I probably wouldn’t take my aging Canon 330 HS point-and-shoot for another CES, but I did anyway. I experienced my usual wishes for better low-light performance and the ability to touch the screen to tell the camera where to focus, but this camera’s lens cover also no longer closes without me nudging its plastic petals into place.

I should have spent more time at CES checking out replacements, but I only had time to verify that the Canon pocket-sized model that looked most appealing doesn’t take panoramic photos.

I’d like to think that I’ll address all of these hardware issues well before next year’s CES. I’d also like to think that by then, I will always remember to note a CES event’s location in its calendar entry.