In a list of things in life (blind dates, new sports cars, Spotify playlists, etc.) that should be “fire” (latest slang for “hot”) your laptop and its battery should not be named. Unfortunately, if you happened to have purchased certain HP laptop models between 2013 to 2015, you might be re-introduced to the literal definition of “fire”. Technology manufacturer HP announced a worldwide, voluntary recall of certain batches of batteries that “pose a fire and burn hazard” that have shipped from the factory in 35 different laptop models, and may have been installed after-market in 38 other HP and Compaq models. HP has a full listing of impacted models on their website, and offers both software and physical means to determine if your battery is affected by this recall.
What this means for you:
If you’ve purchased an HP laptop anytime between now and 2013, I recommend flipping it over and checking the battery’s serial number on HP’s site. While you’ve got it upside down, visually inspect the battery and laptop for warped plastic, bulging or discoloration of any surrounding materials. Carefully check if the battery is hot to the touch. Warm is OK, but if it’s too hot to touch with your finger, you may have a problem. Keep in mind that certain laptops may run quite hot during CPU-intensive activities, including working with very large documents, playing video games or watching streaming video, and more so if the laptop is resting on insulating materials like blankets, cushions or even your pants or dress. It may also get hot if vents on the sides or bottom of the laptop are blocked for even short periods of time. Don’t panic if your laptop doesn’t have vents – the manufacturer only puts them in if the design calls for it. If your battery is not part of this recall, shows no signs of warping or heat damage, but still seems unusually hot to the touch even after working with it on a cool, flat surface, consider replacing it, either under warranty if still applicable, or by purchasing a replacement, preferably from the same manufacturer as your laptop. Cheaper, off-brand batteries might be an option, but check reviews as the knock-offs tend to have more problems with reliability and longevity.
For those of you who haven’t seen the Amazon Echo in action yet, it can be quite an eye opener. We are quickly converging on an environment that was not long ago considered science fiction. The Echo can quietly sit in the corner of your room, waiting for anyone in the family to give it a command, whether it’s to play some music, check the weather or order something from (surprise surprise!) Amazon. It’s also a perfect example of technology racing ahead of the law, and unlike the ongoing controversy around email and ECPA, the stakes are much higher because of who is allegedly at risk: our children. I’ll admit that this may seem a bit melodramatic, but the Guardian US isn’t wrong when pointing out that Echo and other products like it (think Apple’s Siri and Google Now) might actually be in violation of COPPA. For those of you in the room who are not lawyers, this is the Children’s Online Privacy & Protection Act of 1998 which, among many things, prohibits the recording and storage of a child’s voice without explicit permission of their parents or legal guardian.
What this means for you:
Even though I am a parent of young child for whom COPPA was enacted to protect, it hasn’t been too hard to suppress the urge to disconnect and discard every voice-activated, internet-connected device we own (which would be quite a few, including my daughter’s precious iPad). As with many technology items that dance on the edge of privacy invasion, I weigh the convenience and value they bring against the loss of privacy and security they inherently pose. I do see the problems technology like this presents: thousands (possibly millions) of parents set down products like Echo and Siri right in front of their children precisely because using them is simple and intuitive, and in the case of Echo, they are actually designed for use by everyone in the family. However, most people probably don’t realize that today’s voice recognition technology relies on pushing recordings of voice commands to the cloud where they are cataloged and processed to improve algorithms. Not only do those recordings store our children’s voices, they are also thick with meta data like marketing preferences, “Alexa, how much does that toy cost?” and location data, “Alexa, where is the nearest ice cream shop?” I’m pretty sure none of us gave explicit permission to Apple before allowing our kids to use Siri on their iPads and iPhones. If you were to adhere to a strict interpretation of COPPA, Apple, Amazon and Google (as well as many others) have an FTC violation on their hands that could cost them as much as $16,000 per incident.
As for your Echo (or smartphone or tablet) – only you should judge whether it’s an actual risk to your child. For the moment, the law is unclear, and knowing our government, likely to remain so long after the buying public makes up its own mind.
The cloud icon has been used to symbolize a larger, connected network in technology diagrams for at least 30 years, so it’s not hard to imagine how the concept has migrated to its modern context: a collection of inter-connected computing and storage resources that can be shared amongst multiple services that can scale up and down as needed. If you are of a generation that recalls mainframes, mini-computers and batch runs (today’s PC is actually a “micro-computer” in the vernacular of the mainframe age), it’s a similar concept, except that instead of a single, gigantic device, the mainframe is now an array of CPU’s, storage devices and network interfaces spread across multiple locations and interconnected by the internet. If your understanding is still amorphous, you have creeping semantics to blame for that as well – the term “cloud” has become synonymous for internet-based resources, which can lead to plenty of confusion and debate about privacy, resilience and security.
Clear skies or storm warning ahead?
Just as being able to tell the difference between thunderheads and fluffy cumulonimbus can help us make decisions about grabbing the umbrella or sunglasses, understanding what is “cloud-based” or “hosted” or “virtualized” (or all three) can help you make informed decisions about what services and resources you utilize for your organization’s technology needs. As “cloud-based” has become something of a marketing hobby-horse that is frequently used out of context, it may be very hard to understand how the “cloud” comes into play in any given offering, if at all. If the “cloud” is mentioned to denote omnipresent resources or availability, it may be worth investigating whether this claim has any substance. Is the company or service in question making use of Amazon’s Web Services or Microsoft’s Azure platform? Those are examples of true cloud-computing platforms – very large endeavors and companies use services like these to power their own services and apps. Is your website or email “in the cloud” or is it “hosted”? For casual conversation, it doesn’t really matter (what matters is you don’t have a server on premise to manage anymore!), but it may be important make that distinction when it comes to evaluating your own organization’s technology security and resilience, especially if you are required to maintain compliance with industry regulations or federal laws.
Image courtesy of Vichaya Kiatying-Angsulee at FreeDigitalPhotos.net
If you’ve never really put much thought into computer security, but recent media coverage has convinced you it’s time to start taking it seriously, it’s easy to feel a bit overwhelmed. Where do you start? Everyone’s being hacked – even the really big companies with entire teams of IT professionals! How can I, “average computer user” even hope to keep my stuff safe? First off, in the immortal words of Douglas Adams: “Don’t Panic.” There are a handful of straight-forward, easy to execute measures you can take that will improve your overall security profile. Consider these your first steps to developing a more secure technology future for yourself and your business. While these are definitely not going to make you hack-proof, it will make you a much harder target, and most hackers will move on to easier prey.
- Use strong, unique passwords where it matters. Keeping your critical passwords different will greatly lessen the impact when an account or an account provider gets hacked. This includes any accounts that handle your finances, but also things like your Facebook or other social media accounts, and definitely protect your email with a good, solid password.
- Change your home router password. This will make your home network less susceptible to hacking. I’d like to think more and more folks will learn how to do this (if only once or twice a year), but I realize it’s not always a walk in the park. Call your ISP – they can usually walk you through it via the phone, or if you’d prefer a more personal approach, call your local computer consultant. You’ve got C2 on speed dial, right?
- Make sure your antivirus software is running and up to date. Know what it is called, and understand how it appears on your computer, including warnings and detections. If you don’t have the time or inclination to manage this aspect of computing, there are plenty of companies (like C2!) that offer something called “Managed Support” that includes monitoring your antivirus software for you. This usually also includes making sure your Operating System stays up to date as well.
- Stay away from strange email attachments and unfamiliar websites. Most viruses are delivered via these two methods. If you receive an attachment you weren’t expecting, don’t open it, even if it looks legitimate. Call the sender and confirm they sent the email.
- Be cautious when installing software or driver “updates” especially when notified via browser pop-ups. These are frequently not legitimate and will lead your computer down a dark path of malware infestation. Be particularly suspicious if the “updates” suddenly appear when visiting a new website, or opening an attachment. That’s your signal to cancel any pop-ups and call for professional technology assistance!
These practices will improve your security stance, but there are still a myriad of other things that you could do to strengthen your defenses. To take it to the next level, you should consider the following questions:
- Do you (or your company) handle other people’s sensitive information?
- Do you work in (or for) a regulated industry? A publicly traded company? (Health, finance, government, etc.)
- Do you have intellectual property that is stored and/or transmitted digitally?
- How much inconvenience and expense are you willing to incur to reduce your risk?
- How much of your livelihood would be jeopardized if your computer was hacked?
Answering these tough questions usually requires assistance from an experienced IT professional, even on a individual basis. That being said, achieving any measure of improved security begins with everyone taking some measure of personal responsibility for security, and they can start that process by following the five simple practices outlined above.
In December 2013, French security hacker Eloi Vanderbeken uncovered what appeared to be a backdoor programmed into several models of DSL routers. The affected devices were built around hardware manufactured by Taiwanese company SerComm and the finished products came from several well known brands like NetGear, Linksys and Belkin, to name a few. This backdoor allowed anyone with knowledge of the hole and local access to the router (say through a nearby Wi-fi access point) to gain administrative access to the router and could lead to a complete takeover of the network controlled by the device. Now, several months later, this backdoor is not only NOT fixed, but appears to have been purposefully concealed behind the digital equivalent of a secret knock, which once given, opens the backdoor right up to the same level of exploitation as discovered in December.
What this means for you:
If you own a DSL router, you should check this list to see if your model appears on it. If it does, I recommend replacing it immediately. Even if it does not, you should check to see if your router is among the many models that are compromised in other significant ways. If you happen to be among the fortunate that uses a router not on any of these lists, you should still review the security settings and passwords used by the device, and if you don’t know how to program or even access your router, you need to get someone who does to review the device for you. The router is the front door to your home or business network, and you should not trust your security to something that can be easily broken down or opened with a readily available master key.
Image courtesy of creativedoxfoto / FreeDigitalPhotos.net