Archive for January, 2019

Saving your name

The “Naked Security” blogs published by Sophos remind me how vigilant online publishers – and all organizations, really – have to be to protect their content, their data, even their names. Indeed, the word “vigilance” needs to at the top of our whiteboard every day – and never erased.

When I moved to Vancouver in 1996, I saw that almost no small-cap companies in the exploration and mining business had online presences. This was a good business opportunity. I knew my way around the Internet – coming from Stanford, you had to be – but hadn’t created websites myself. I found a couple of partners who did, and we found a bunch of clients right away.

The first order of business was registering URLs for each client. This typically involved registering four or five: client.com, client.net, clientresources.com, clientresources.net, and clientinvesting.com, for instance. We wanted to make sure that we covered the bases, so to speak. We would use the main URL and make sure that the others “pointed to” the main one.

For a couple of years, on the Internet there was the equivalent of the 19th-century American land rush. Promoters, IT whizzes, managers, communications pros, publishers, inventors, entrepreneurs – everybody, it seemed to me – were staking out their claims to URLs, in essence buying names and making them their own. Whether or not these names were used for actual websites, for some it was just as important that their competitors *didn’t* have these names.

I have a spreadsheet to make sure that I never forget to re-register the “stable” of URLs I own or manage (a few dozen). Two times I missed a deadline; I lost one URL (this still bugs me, as you can imagine) and *miracle of miracles* I got the other one back.

Forgetfuless is one way to lose control of your URL. Having it stolen is another. The other day Sophos blogger John E Dunn published an article called “US gov issues emergency directive after wave of domain hijacking attacks.”

The US Department of Homeland Security (DHS) has issued an emergency directive tightening DNS security after a recent wave of domain hijacking attacks targeting government websites. …

Domain hijacking has been a persistent issue in the commercial world for years, a prime example of which would be the attack that disrupted parts of Craigslist in November 2014.

In that incident, as in every successful every domain hijacking attack, the attackers took over the account used to manage the domains at the registrar, in this case, Network Solutions.

The objective is to change the records so that instead of pointing to the IP address of the correct website it sends visitors to one controlled by the attackers.

This change could have been made using impersonation to persuade the registrar to change the domain settings or by stealing the admin credentials used to manage these remotely. …

Dunn recommends that you verify your company’s IP addresses and “change passwords on all accounts used to manage domain records.” Read his entire post for a longer list of important safeguard measures.

Reposted from nocontest.ca

Funny

“Reading between the tea leaves …” (overheard)

Kwantlen’s ‘onward and upward’

My university is like a shark – it never stops moving! It has just opened its fifth campus – near the end of Skytrain’s Expo line, in what used to be one of the saddest and most dangerous neighbourhoods in Canada. I hope to teach some classes there soon.

Guiding the sick through the system …

kv

My friend Karen Vogel just published a piece called “The Accidental Advocate.” It starts:

Like many patient advocates, personal experience transformed me into a new career. I was prepared and motivated. I had a professional network and confidence that I was smart enough to figure it out as I went along. What I didn’t include in my business plan was ironic shock.

One of my champions was my neighbor Laura, who lived next to me for 20 years. For a while she listened to me whining about my work in health insurance management, my aging parents, the screwed up healthcare system . . . and challenged me to stop complaining and take action. And so I did. The main impetus was my mother’s death. It forced me to become a long distance caregiver for my father, which turned out to be a wonderful adventure for both of us. I quit my soul-sucking corporate job, went back to school and retrained. I started my own company 3 years ago and worried about finding clients. “No problem,” said Laura, “my aunt Jane is sick and needs someone to figure out her insurance.” Client #1.

Four months into my new occupation, on a Friday evening in April 2016, I got a call that Laura was in an emergency room. She had been struggling with memory issues and a coworker dragged her to the hospital under protest. I rushed over yelling “I’m an advocate! Let me document everything!”

Laura had glioblastoma multiforme (GBM) Grade 4, the worst kind of brain cancer, usually terminal within 18 months. On Sunday morning a surgical team was in place to make sure she got a lemon-sized mass removed from her head. Laura became client #7. …

Read the entire thing.

Here is an interview Karen did last year with Vice News on HBO.

What happens to your social media accounts when you pass away?

This piece is tangentially related, in a way, to my December 30 post below.