Comments for Information Security by Eric Jacksch

Comment on Guest Post: Top Free Twitter Unfollow Tools by Evolving Squid

Evolving Squid — Thu, 03 May 2012 19:02:22 +0000

Anyone who honestly believes that everyone they follow should follow back as a condition of being followed should take note:

1. You are missing the entire POINT of Twitter, which is for people to follow others who produce interesting content.
2. You are almost certainly an arrogant twit… or maybe I’m missing an “a” there.

Shallow and vapid as Twitter is, it never amazes me how people will strive to make it shallower and more vapid, like unfollowing people because they don’t follow back.

Comment on Regretsy: Do as we say, not as we do by Eric Jacksch

Eric Jacksch — Mon, 19 Mar 2012 23:21:32 +0000

I don’t recall editing my post. Pointing out that the owner of Regretsy distorts perception by deleting comments that do not endorse her view and highlighting her hypocritical behavior is fair comment.

You will also note that she was given the opportunity to respond prior to the publication of my piece and decline to do so.

I don’t live life in fear of overly litigious Americans or veiled threats from their supporters.

Comment on Regretsy: Do as we say, not as we do by Regretsy Reader

Regretsy Reader — Mon, 19 Mar 2012 22:40:42 +0000

Feel free to delete my comment, as this is your personal blog and you have every right to do so.

It seems to me that if you posted a comment with links to your website and articles, it could be considered spam, which in most cases will automatically get your comments deleted and your account deactivated. That’s not just a Regretsy policy, that’s just about any website you care to visit.

I will commend you, though, on editing your article a bit. When I clicked on the link earlier, you had a bit in there insinuating that Regretsy’s charity was somehow not legitimate, and that’s dangerous territory for which you could be sued for slander.

Comment on InfoSec News 2012-03-15 by Track and Protect for Android review | Android Market

Track and Protect for Android review | Android Market — Fri, 16 Mar 2012 02:31:18 +0000

[...] in a new SIM card. It's a very cool application that you ought to check out. Buy and compare review This is a quick review of Track and Protect, a consumer security application for Android and Symbia…application/x-shockwave-flash" wmode="transparent" width="425" height="355"> This is a quick review [...]

Comment on Regretsy: Do as we say, not as we do by Tomas Pain

Tomas Pain — Fri, 10 Feb 2012 18:53:26 +0000

Unless she’s complaining that PayPal is deleting her posts, there is absolutely no ethical or moral connection between Paypal demanding a counterfeit be destroyed and deleting comments on a blog.

Her blog is her property to allow others to use as she sees fit. Nobody has to like how she sees fit, of course, but it’s not ethically or morally wrong to run it that way, nor is there an ethical comparison to draw with Paypal. It is disingenuous to draw such a comparison. It’s also very wrong, intellectually, to make a free speech argument in respect of a wholly private setting.

Comment on Regretsy: Do as we say, not as we do by Eric

Eric — Thu, 09 Feb 2012 20:05:43 +0000

While Tomas is correct, the point is that Regretsy lambastes PayPal for perceived injustices, acting as if the owner of Regretsy is somehow morally superior. Then she deletes any comment that does not follow suit in order to make it appear that every single comment is aligned with her.

Does she legally have a right to do so? Yes. But it displays remarkably poor ethics and eliminates any credibility she might have.

Comment on Regretsy: Do as we say, not as we do by Tomas Pain

Tomas Pain — Thu, 09 Feb 2012 19:15:37 +0000

Whack: You do understand that “free speech” is a concept that applies to governments, not individuals, right? It is an exercise of freedom of speech when you post something and the government doesn’t arrest you for it.

But if you post on Bob’s forum, and Bob deletes the post because he doesn’t like it, that’s not a free speech issue. That’s simply an interpersonal conflict.

Comment on InfoSec News 2012-01-30 by Privacy Policy Addendum | Worker's Compensation Resources

[...] [...]

Comment on Regretsy: Do as we say, not as we do by Mr. Whack-a-mole

Mr. Whack-a-mole — Sat, 14 Jan 2012 19:40:10 +0000

Welcome to the club! That’s standard operating procedure for Regretsy. NO FREE SPEECH FOR YOU! Regretsy is a whimsical land of make believe and you better play by her rules or you will get blanked. It’s her site and she can do whatever she likes with it but, she uses her army of fans to silence PayPal and any and all detractors on Facebook and Twitter. If she is doing nothing wrong (charity fraud?) then why the need to cyber-wash everyone who provokes her ire? If you ask me, she is a hypocritical grifter.

Comment on PayPal dispute ends in destruction of violin by Regretsy: Do as we say, not as we do :: Information Security by Eric Jacksch

Regretsy: Do as we say, not as we do :: Information Security by Eric Jacksch — Sat, 07 Jan 2012 15:06:29 +0000

[...] I wrote about the alleged destruction of a violin, based in part upon a letter posted on Regretsy. I also created an account on Regretsy to post a [...]

Comment on Don’t take photos you don’t want people to see by Eric Jacksch

Eric Jacksch — Mon, 26 Sep 2011 15:38:32 +0000

Thanks…I’ve been using it for about two months Just need some graphics for the banner.

Comment on Don’t take photos you don’t want people to see by Evolving Squid

Evolving Squid — Mon, 26 Sep 2011 15:37:08 +0000

I like this theme (as of 26 Sep 2011, at 11:37 local). Clean, sort of newsy look.

Comment on Best Facebook status update ever by Alex Coleman

Alex Coleman — Wed, 29 Jun 2011 02:09:40 +0000

hehehe nice!!!

Comment on Garage break-in technique exposed by Liz Shepherd, CEO

Liz Shepherd, CEO — Tue, 08 Feb 2011 00:48:27 +0000

We also saw this YouTube video and were shocked to see how easy it was to get into our garage. It concerned us that we might need to use a ziptie to secure the latch, so we set out to find a different solution. Last July, my late husband and I applied for a patent on our new product, the NO ENTRY LATCH GUARD.
It is a simple, inexpensive cover that holds the rope and handle and slips over the manual release cover and secured with a nylon bolt and nut onto the trolley. Installation requires no special tools and can be put into place in the amount of time it takes someone to break into the garage.
The average insurance claim of a garage break in is over $1900. Our product costs under $25 per garage door.
Please see our product at http://www.noentrylatchguard.com

Liz Shepherd, CEO
Safe Door, LLC

Comment on Garage break-in technique exposed by kingthorin

kingthorin — Mon, 28 Jun 2010 16:42:55 +0000

Hmmm nice one. I’ll be passing that along to a few people.

Comment on The new SPOT by eric

eric — Mon, 14 Jun 2010 00:34:03 +0000

Sorry to hear about the hardware failure. I recently upgraded from a Spot 1 to a Spot 2 and sold the old unit to a friend, who is happily using it.

Is your broken Spot 1 out of warantee?

Comment on The new SPOT by Jim

Jim — Sun, 13 Jun 2010 23:19:58 +0000

My SPOT 1 messenger does not work anymore when it comes to send OK messages. This thing worked great in 2008! now it is worthless to me and they won’t refund any of my money!

Comment on Lightning in Google’s Cloud by Security Apathy | Eric Jacksch

Security Apathy | Eric Jacksch — Mon, 31 May 2010 17:34:20 +0000

[...] column in today’s TECHLife Post is largely about how consumer apathy results in poor security. The question is, what do you [...]

Comment on H1N1: A case study in poor risk decisions by kingthorin

kingthorin — Mon, 07 Dec 2009 21:09:08 +0000

@ Peter

As Mr. Squid has tried to point out it doesn’t seem like people have a firm grasp on how vaccines are meant to work. This seems evident base one your required data elements:

– probability of infection by H1N1
* – probability of serious illness caused by H1N1
* – probability of death caused by H1N1
* – probability of serious reaction to H1N1 vaccine (serious enough to warrant hospitalization/care)

Not matter how sick you get if you carry then you chance spreading it to others. So really these 4 elements are one, it shouldn’t be relevant how sick one might get if you’re infected then it should be a problem not only for you but those around you.

The more people get vaccinated the less people there are the spread the disease, the safer it is for people for which the vaccine is contraindicated.

Comment on H1N1: A case study in poor risk decisions by Evolving Squid

Evolving Squid — Wed, 02 Dec 2009 01:09:04 +0000

Oh, and I can’t get the MMR shot either, so if your kids aren’t vaccinated for MMR, please keep them away from me.

Anti-vaccination woo regarding the MMR shot is killing children in the UK, US and Canada right now because irresponsible parents are listening to lies from Oprah and Jenny McCarthy rather than truth medical professionals.

Comment on H1N1: A case study in poor risk decisions by Evolving Squid

Evolving Squid — Wed, 02 Dec 2009 01:04:23 +0000

>> – probability of infection by H1N1

That has very little to do with why you should or should not get any vaccine. At best, if the rate of death from the virus in the population is significantly higher than the death rate from the vaccine, it’s probably a very good idea to get the vaccine. Influenza vaccines have a MUCH lower injury and death rate than influenza disease.

Vaccines work on populations, not individuals. Each person who sees only the selfish view undermines the program and puts the whole population at risk.

>> – probability of death due to H1N1 vaccine

If you google around, I believe you will find it is less than 1 in 1 million.

>> – effectiveness of vaccine – expected reduction in H1N1 cases per unit population

Theoretically, 100% of people vaccinated should be safe from the disease. With the “herd” vaccinated at a rate of over about 90%, cases should drop to near zero. That’s the way vaccines work…

… except when they’re undermined by people who say “well, I probably won’t get the disease, so I won’t bother”. That lowers the “herd” number, thereby increasing infections per unit population. Worse still, by doing that it endangers people for whom the vaccination is contraindicated (allergic to vaccine components, for example).

>> I was told I shouldn’t, owing to a particular drug sensitivity – hmm, “told” is the wrong word, the form was ripped from my hands by a wide-eyed health worker.

It is also contraindicated for me. Thus, to some degree, your health (and mine) depend on people understanding how vaccinations work and getting them when they’re supposed to, rather than mining trivia, or following the advice of washed-up porn stars like Jenny McCarthy, to rationalize an excuse not to get it.

That you have not had the flu is more a turn of good fortune than it is any magical immunity.

>> Not a comforting approach when attempting to evaluate actual risk levels.

It’s easy to evaluate the risk levels. You just have to want to, and you have to pick the relevant numbers. The H1N1 vaccine is not guess work, although the regular annual flu vaccines are, and sometimes it turns out wrong… not often, but it has been documented.

However, from the globe and mail: http://www.theglobeandmail.com/life/health/h1n1-swine-flu/h1n1-cases-across-canada/article1352013/ …

There have been, in Canada, just under 210 H1N1 hospitalizations per million population, of which 1/6 went to ICU, and 1/24 died (8.4 per million). Obviously, there have been less serious cases as well, but for your calculation, you want the serious stuff, I assume. So this doesn’t take into consideration lost days of work etc. by people who don’t quite get sick enough to go to the hospital.

From this site: http://www.healthzone.ca/health/newsfeatures/swineflu/article/727270–few-adverse-reactions-to-h1n1-vaccine

The serious adverse reaction rate seems to be 5.4 per million – a little over half the death rate.

The highest death rate from H1N1 by age group seems to be men between the ages of 40 and 49 ( http://www.eurosurveillance.org/images/dynamic/EE/V14N33/Pandemic_Fig3.jpg )

Comment on H1N1: A case study in poor risk decisions by Peter Whittaker

Peter Whittaker — Sun, 29 Nov 2009 14:23:33 +0000

Unfortunately, Eric, there are insufficient data available to make an informed decision – and if I’m wrong, please do correct me and provide links to the data.

There are at least seven data elements required, and I’ve only ever seen 3 (marked with asterisks):

– probability of infection by H1N1

* – probability of serious illness caused by H1N1

* – probability of death caused by H1N1

* – probability of serious reaction to H1N1 vaccine (serious enough to warrant hospitalization/care)

– probability of death due to H1N1 vaccine

– effectiveness of vaccine – expected reduction in H1N1 cases per unit population

– all of the above broken down by age, overall health level, etc.

The ones that I’ve marked with an asterisk weren’t actually found in any single useful place, I was able to piece them together from news articles, health care web sites, etc.

Re the first statistic: I have never had the flu, I have never had a flu vaccine (in fact, the only time I ever tried to get one, I was told I shouldn’t, owing to a particular drug sensitivity – hmm, “told” is the wrong word, the form was ripped from my hands by a wide-eyed health worker. Comforting.

Generally speaking, the seasonal flu vaccine is a gamble: Take a best guess as to which particular virii will be virulent, take a best guess as to which protein coats to emphasize in a vaccine, hope to get them out in time.

Not a comforting approach when attempting to evaluate actual risk levels.

H1N1 may be a different, in that researchers have a better idea of the specific virii and protein coats. But where are the effectiveness numbers?

Point of fact, there are none, because flu vaccines are essentially guess work.

Boil it down for: My % risk of getting the flu (healthy mid-40s male in good physical condition), % risk of adverse reaction, % likely effectiveness, % likely impact of the flu itself.

Until I have those numbers, all the blog posts in the world are just words.

ps I invite you to research what health care organizations in other countries, e.g., one of the major nursing unions in France, are saying about the vaccine and the flu and how they are recommending that their members not get vaccinated.

Re your tweet: I am responsible parent. I do not experiment with my children.

Comment on Do as we say, not as we do. by Evolving Squid

Evolving Squid — Mon, 19 Oct 2009 15:09:15 +0000

I get this sort of thing from banks and from Rogers all the time. If they call me, I start this sort of informal script:

Phone_Drone: Hi, I just need to ask you some questions to verify your identity.

Me: Oh, I’m sorry, but you called me. I hope you don’t mind, but I’m going to have to ask YOU some questions to verify YOUR identity. I know it sounds peculiar, but realistically, any moron could call me up and claim to be the bank or the phone company.

P_D: sure.

Me: Please tell me my account number.

P_D: [hopefully] …(reads account number)

Me: Please tell me the amount of my last bill / balance of my account.

P_D: [hopefully] …(gets it right)

Me: Thank you. Please carry on.

I’ve had no problems going through this with anyone so far, and I’ve used it on my phone company, my bank, and one credit card company.

Comment on 30 years of failure by Evolving Squid

Evolving Squid — Wed, 14 Oct 2009 15:03:43 +0000

Open Source offered PGP, but it never caught on as part of the whole “PKI never caught on” thing.

There are problems with a universal authentication system as well…

1. it creates a great risk for identity theft. If the authentication system is compromised, the ramifications are widespread. Throw in a bit of media misinformation and presto! you have a popular groundswell against it. That’s essentially why we don’t have things like cash cards here in Canada even though they’ve been widely used in Europe for over a decade.

2. It creates issues, I think, with privacy legislation in places like Canada. Who is going to validate your identity for issuing your ID token? Who is going to keep track of who’s who? What will that information be used for? What if it’s wrong? Who can subpoena the information and for what purpose? You should watch the movie “Gattaca” to see what I mean here. http://www.imdb.com/title/tt0119177/

3. there’d be a huge PR issue among religious yobbos (a universal ID = the mark of the beast… there are people fighting that battle over things like driver’s licences right now), people who equate universal ID with the Nazi holocaust, weird paranoids who want to be totally anonymous but still live and interact on the planet and so forth (however silly that position may be).

4. A universal ID means loss of competitive advantage in some areas… i.e. “we can’t lock you in to buying our stuff.” Open standards have not been a real cornucopia to the IT world.

I’m not sure we’re at a point, culturally, where a universal ID for the internet (or anywhere else) is likely to be acceptable.

Comment on Windows 7 BitLocker, a practical solution by kingthorin

kingthorin — Tue, 13 Oct 2009 14:17:58 +0000

On the topic of really small USB drives checkout:
http://www.engadget.com/2009/06/24/buffalos-16gb-5mm-usb-thumbkey-its-really-small/

http://www.dpreview.com/news/0501/05010606sandisksdflip.asp
http://www.engadget.com/2005/01/06/sandisk-ces-sd-card-with-built-in-usb-adapter/

Comment on LoJack for Laptops revisted by Evolving Squid

Evolving Squid — Thu, 24 Sep 2009 14:54:50 +0000

That’s definitely cool… but I wonder… how difficult would it be to write malware with those properties?

Comment on Get your stolen computer back by LoJack for Laptops revisted | The TECHLife Post

LoJack for Laptops revisted | The TECHLife Post — Mon, 14 Sep 2009 11:08:38 +0000

[...] year I wrote about LoJack for Laptops, software that periodically checks in with a central server to help locate your laptop if it is [...]

Comment on Evidence Eliminator is a bad idea by kingthorin

kingthorin — Wed, 02 Sep 2009 14:59:24 +0000

Some of this is starting to show up as part of our everyday software. The latest version of Firefox (and IE8 I think) have private browsing modes that do exactly the things you mentioned in your second paragraph.

Of course there’s always the option of using a LiveCD as well.

But I agree things should be built more privacy minded from the start, not as an after thought or tertiary tool/utility.

Comment on Radian6: Monitoring Social Media by Eric Jacksch

Eric Jacksch — Fri, 10 Jul 2009 13:22:27 +0000

I’m by no means an expert, but for example I found I could identify key influencers based upon factors like inbound links and the number of comments on their blogs.

Comment on Radian6: Monitoring Social Media by dominiq

dominiq — Thu, 09 Jul 2009 05:20:23 +0000

I’m curious what type of results you get.

“For example, by choosing the right keywords and leveraging Radian6’s powerful widgets, I was able identify and begin to track key influencers on specific subjects”.

We use a different approach (more topological) and have as an example found the top 500 influencers in cloud computing.

This took us 4 hours and some expertise.

I wonder how you can find influencers with keywords. On cloud computing as an example you have people from different communities talking about the topic: Tech, VC’s, marketers… these different communities have different influencers.

Can you elaborate ?

Thanks