Tech Stuff

Smart Meter: A New Spy?

PGE Smart Meter

Portland General Electric let us know we’ll be getting one of these before too long.

I was looking forward to it. I think I still am (because it sure seems like our monthly electric bills are high). But this article greatly dampens my forward look, so to speak:

Computer-security researchers say new “smart” meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.

At the very least, the vulnerabilities open the door for attackers to jack up strangers’ power bills. These flaws also could get hackers a key step closer to exploiting one of the most dangerous capabilities of the new technology, which is the ability to remotely turn someone else’s power on and off.

The attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them. Or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc. The firm was hired by three utilities to study their smart meters’ resistance to attack.

[…]

Unlike traditional electric meters that merely record power use — and then must be read in person once a month by a meter reader — smart meters measure consumption in real time. By being networked to computers in electric utilities, the new meters can signal people or their appliances to take certain actions, such as reducing power usage when electricity prices spike.

But the very interactivity that makes smart meters so attractive also makes them vulnerable to hackers, because each meter essentially is a computer connected to a vast network.

[…]

But many security researchers say the technology is being deployed without enough security probing.

If hackers can get that far, what’s to keep them from hacking into my computers even when they’re off-line? (You know, entering my machines through the power plug instead of the phone jack.)

And what’s to keep governments from conspiring with manufacturers (or secret agents at manufacturing plants) to put “bugs” in electrical devices? The idea of my toaster or my bedside clock or my phone answering machine eavesdropping and tattling on me is not a pleasant thought. Maybe it’s time to come up with a not-so-new lifestyle mantra: Go Amish!

OK, so now I’ve given the kooks more material. Sorry. 🙄

Well, you can read the full article here: New ‘smart’ meters for electrical utilities have security holes

Three Facebook Settings

Got Facebook? Have you adjusted your user privacy settings since December?

Whether you have or not, this may be a good article for you to read.

In December, Facebook made a series of bold and controversial changes regarding the nature of its users’ privacy on the social networking site. The company once known for protecting privacy to the point of exclusivity (it began its days as a network for college kids only – no one else even had access), now seemingly wants to compete with more open social networks like the microblogging media darling Twitter.

[…]

Considering that Facebook itself is no longer looking out for you, it’s time to be proactive about things and look out for yourself instead. Taking a few minutes to run through all the available privacy settings and educating yourself on what they mean could mean the world of difference to you at some later point…That is, unless you agree with Facebook in thinking that the world is becoming more open and therefore you should too.

Source: The 3 Facebook Settings Every User Should Check Now

How Privacy Vanishes Online

Balance Them!

Privacy
Social Media

OK, I know. I’m spitting in the cyber wind again.

But I refuse to accept the premise that privacy no longer matters.

Or even that privacy is more public than it used to be.

Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae — birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched.

Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number.

[…]

In social networks, people can increase their defenses against identification by adopting tight privacy controls on information in personal profiles. Yet an individual’s actions, researchers say, are rarely enough to protect privacy in the interconnected world of the Internet.

You may not disclose personal information, but your online friends and colleagues may do it for you, referring to your school or employer, gender, location and interests. Patterns of social communication, researchers say, are revealing.

[…]

His advice: “When you’re doing stuff online, you should behave as if you’re doing it in public — because increasingly, it is.”

Source: New York Times

You really should read the parts I left out.

Blog Attack

Somebody (from Saudi Arabia, apparently) attacked this blog this morning.

First, someone succeeded in breaching my login. Once in there, he changed my login password as well as the email associated with my account. That was at 11:29.

Then he launched four SQL Injection Attacks at 11:31, 11:33, 11:34, and 11:43. Thankfully, those were detected and blocked by my firewall, which also identified the attacker’s IP as 94.97.85.10.

Thankfully, I tried to log in shortly thereafter.

When I couldn’t do so because my password wasn’t valid, my cranial alarm bells went from dormant to frenzied in a NanoSomethingOrOther.

I went straight to my SQL database, changed the email address on my account back to what it should be, then changed the password. I was done with that by 11:53.

I’ve been unable to detect any other damage done to this blog. But this person could have changed posts, comments, and pictures. So I’m warning you: there may be bad content somewhere here.

If you come across evidence of such tampering, please let me know right away.

Thanks.

And may God bless the attacker. Amen.

Facebook, Google, Carbonite?

Do you store personal data there?

Well, I saw the link to this over at Drudge:

The attack also highlights the inability of the private sector — including industries that would be expected to employ the most sophisticated cyber defenses — to protect itself.

“The traditional security approaches of intrusion-detection systems and anti-virus software are by definition inadequate for these types of sophisticated threats,” Yoran said. “The things that we — industry — have been doing for the past 20 years are ineffective with attacks like this. That’s the story.”

Source: More than 75,000 computer systems hacked in one of largest cyber attacks, security firm says

This story reinforces my disinclination to trust online personal data storage. So I don’t use it. Not even the free gigs provided by my ISP. Not even the space on the two servers I use to run my various sites.

Call me paranoid. Call me safe(r). 😉

No Thumbs

Imagine this!

You’re not going to believe this one: We were out to dinner seated at a table adjacent to a family of five and not a one of them was working a Blackberry, e-mailing or texting. And they didn’t have ear buds jammed in their ears.

It was such a flashback of days gone by, we expected to see Norman Rockwell in the corner with an easel and canvas painting the scene for a cover of The Saturday Evening Post.

And now comes something even more unbelievable — they sat there like that for an hour and a half. That’s right, 90 minutes. Who knew families could still sit together that long and not be parked in front of a television?

But wait — there’s more.

(Might be good for you to read the rest of the article.)

Guard your family time from technology!

Fake Facebook Email

Fake Facebook Email

It is not legit.

It’s spam, and likely of the bad kind.

Do not click any links in it.

In the image above, I made two clues be red font:

  • That first email address doesn’t look real persuasive as a corporate address, does it now?
  • That second email address ain’t me.

The third clue — the most important of all, really — lies in the links contained in the email.

Notice what shows up in the browser status bar (is that what it’s called down below?) when I put my cursor on one of the links:

Fake Facebook Email

Again, notice the red part. If you only read the first part of the URL, it looks like the link points to facebook.com — but you must keep reading till you get to the first forward slash. Then you’ll see the link doesn’t point to facebook.com at all.

If you didn’t know that yet regarding links, learn the lesson and remember it well!

PS: Thanks to the wonders of CSS, the above images are actually the same image. Click on either image above to see the full thing.

Above all, love God!