Advice to My 10 Year Old Regarding SnapChat Hack

SnapchatSnapChat was recently hacked. 4.6M user account names and their associated phone numbers were accessed and published on the web and put on dozens of torrent and mirroring sites. Users will be exposed to tons of additional spam and phishing exploits.

This prompted me to give my ten year old budding social media maven the following decidedly boring parental advice:

  • The more accounts you have out there, the more likely this is to happen – it is better to be selective and strategic about which services you and your friends are going to use rather than trying out every single one and then getting bored 5 mins later and leaving a residue account to be hacked.
  • Now that your account info and telephone number are out there, people may call your number or send you messages designed to trick you – they will look like messages from friends, etc. This is going to suck, and you are going to have to be very careful what you click on. I’d strongly suggest confirming by text any link a friend sends you before clicking on it.
  • If you cannot confirm it, never, EVER, click on a link someone sends you in some sketchy way.  99% of the time it is phishing designed to steal from you.
  • Ask a grown-up if you are at all uncertain – talk to your parents or go and INITIATE a separate note to the person (i.e. don’t reply to the orginal one) and ask them if they sent you something.
  • Close down any accounts you are no longer using on a very regular basis – yes, I know this will be a tragic loss for your 3 followers on that system.  Trust me, they will get over it -it is more fun to be mysterious anyway.
  • Now is the right time to change all the passwords on all your accounts (now you understand my advice about having fewer dormant ones, huh?).
  • Digital life sucks and it will almost certainly get worse before it gets better through biometrics or some other means, so be smart out there and try always to tell the difference between something that USEFUL and something that is merely NEW. You are the first generation growing up on the internet where strangers with bad intentions can get right into the least expected places – like your pocket, your purse, your chat stream with friends. Be careful out there.
Comments, questions or reactions to this post? Leave a note below and I will respond to your questions.
If you enjoyed this post, you might enjoy my other posts on Apple / Google / Amazon / Big TechCyberSecurityInternet / Big Data / Internet of ThingsMobile / GadgetsSocial Networking, or my recent curated links you might have missed on: Big Tech & Mobile, or  Internet, IoT, Social, CybersecuritySubscribe – To get an automatic feed of all future posts subscribe to the RSS feed here, or to receive them via email enter your address in the box in the upper right or go here and enter your email address in the box in the upper right. You can also follow me on Twitter @cmirabile and on Google+.

Ralph Sheridan – Angel Video Interview Series

[This post is part of an on-going series of video interviews with members of the start-up community – see a list of links to the full series here.]

A chemist turned turned IT security and clean tech expert, Ralph Sheridan has been buying and investing in companies for over 30 years. For the last five or so, he’s been concentrating on doing it with his own money as an angel investor. Ralph’s a thoughtful and intelligent investor who is always wiling to make time to speak with an entrepreneur (see the video at the 1:30 mark if you don’t believe me!). He’s also been a great source of advice and counsel for me, so when we got together for breakfast recently, I figured it was high time to add him to the video interview series. This conversation was recorded in May 2012. (Email subscribers, click here for video.) [Read more…]

NFC? NFW! (Near Field Communications is Total Hype) [Updated]

The buzz about near field communications (NFC) is totally missing the point.  NFC is just a contactless (or nearly contactless) replacement for swiping a credit card. But who cares?  The swipe really doesn’t need replacing.  It is no more trouble to swipe a credit card than it is to tap a smartphone on a pad.  20 credit cards stacked up in your pocket is still a tenth the size and weight of your smartphone.  Saving that weight or hassle when you are headed to the gym is hardly a compelling vision.  It is just not valuable to consumers or merchants, especially when you consider the hassles one has to go to in order to manage the security risks.

The excitement is misplaced.  The things to get excited about are systems which handle the payment for you by tapping into the smarts of a mobile device and your identity and your context to create a relationship between you and the vendor, to the potential benefit of both.  Currently an NFC tap is every bit as anonymous and devoid of context as the tried & true credit card swipe.  What you want is a system that knows it is you and allows the merchant to relate to you in the form of loyalty awards, discounts and relevant offers.

[Read more…]

A New Cold War? [Updated]

Reuters just released a story about the biggest, longest and most audacious campaign of cyber attacks to date.  I have talked about this here and here, but I remain increasingly alarmed about the deplorable state of cybersecurity in the US (and elsewhere it would appear.)  With the US Department of Defense recently declaring cyber attacks an act of war, the number of attacks and brazenness of attacks increasing, the economic and strategic value of information being stolen increasing, the likelihood that these are state-sponsored acts increasing, and the defiant and in-your-face tone of hacks by groups like LulzSec increasing, it feels to me like we need to make this a bit more of a priority.

[Read more…]

RSA: This Just Keeps Getting Worse

Back in March when I posted about the RSA snafu], I was kind of harsh, because I was worried that this was going to turn into a really big mess.  It sure seems to be turning out that way.  Here’s a few recent headlines for those who have not been following the story:

[Read more…]

RSA: This is Really Bad

RSA SecurID Key FobAccording to the NYTimes, the company responsible for providing a very significant percentage of government and corporate security in the United States has been hacked (the RSA Security division of the EMC Corporation).  OMFG; are they for real?

Few questions come to mind:  When does RSA plan to clarify how bad this really is?  What are they doing to fix it?  What are they advising their corporate and governmental customers?  Was this not kind of foreseeable? (Hint: Um, yes it was).  And perhaps the most burning question of all: when is this country going to get serious about cybersecurity?  I mean, what will it take?

Here’s a few choice quotes from the NYT article:

[Read more…]