Social Engineering on Social Media

Tags

,

Opening my social feeds this morning for a quick browse over a cup of coffee and some toast, it doesn’t take long of scrolling down to find a post asking “What was the first car you owned? No Lying <laughing emoji>”. This post has 61k likes, 959k Comments and 8.4k shares and was only posted on 9th August. And people wonder why they get hacked.

Password systems for a long time have used a similar set of questions as they are usually easy to answer and remember, because they were life events. Questions such as:

  • What is your mother’s maiden name?
  • What is the name of your first pet?
  • What was your first car?
  • What elementary school did you attend?
  • What is the name of the town where you were born?

These types of social engineering data gathering posts are nothing new, but it would seem that people do not understand the greater risks around answering them.

With the large amount of data appearing on the dark web for usernames and a persons details (even if they don’t contain passwords) matching this data with the answers from social posts such as the one above gives a potential hacker more information about you. They now have the ability to reset your password using the answers you have provided to the security questions and take control of your accounts.

How many of you reading this post have answered the question similar to “What elementary school did you attend” or anything to do with education, but forgot that the same information is already lurking in your LinkedIn profile?

One way to check if your in any data on the dark web is to check using your email address at a service such as https://haveibeenpwned.com/

If you see a family member or friend post these types of questions on social media, it may be worth a conversation with them to advise of the dangers of such posts and the consequences of social engineering.

Tips to stay safe

Here are some tips for staying safe with your identity.

  • Don’t answer these types of posts on social media, even if its a friend who has posted it.
  • Check your not using an answer to a security question that is already in your social profile.
  • Use fictitious information instead of real information, but something you can remember.
  • Treat these answers like passwords and think about adding complexity to them.
  • Use two factor authentication where it is available on a system.

Further Reading

BCS Fellows Technical Advisory Group (F-TAG)

Tags

,

I am both excited and honoured at the opportunity to be part of the first cohort for the BCS F-TAG (Fellows Technical Advisory Group). Looking forward to participating and helping to lead bringing my experience and knowledge as part of this group.

Aim of the F-TAG

BCS’ Fellows Technical Advisory Group (F-TAG) is a diverse selection of experts who will distil insights on cutting edge technologies to benefit the entire BCS membership, the wider industry and ‘UK plc’; F-TAG complements the work of existing boards and groups. Source.

F-TAG is made up of 25 BCS Fellows selected from diverse demographic and professional backgrounds; their expertise ranges from software testing to smart homes. Source.

Find out more at : https://www.bcs.org/policy-and-influence/bcs-fellows-technical-advisory-group-f-tag

F-TAG Members: https://www.bcs.org/policy-and-influence/bcs-fellows-technical-advisory-group-f-tag/f-tag-members

Online Meetings – Be yourself!

Over the past year and a bit the world was forced online more that it was before and meetings in the most case became video calls. Some loved it and excelled, some we okay and some shy’d away from the camera completely for a number of reasons.

So not everyone wants to be in front of a camera and not everyone has a film studio set up and is broadcasting from their kitchen table – That’s okay. You use what you have to do the best that you can do. So what can you do to help yourself look better on the calls.

Be Yourself!

Most importantly is Be Yourself.

Relax. You are not presenting the news or interviewing a top senior official (Unless you actually are of course).

Be confident and have a positive mindset.

If you are camera shy, consider joining on camera to do the introductions, then turn the camera off.

Meetings will have a bigger impact when your on camera as your audience can see your reactions and expressions just as though you are in a face to face meeting.

Contribute to the call. Don’t forget to contribute to the call. That’s why your there.

Treat each call as a face to face meeting, it is but using video instead.

Reduce any distractions so you concentrate on the call in hand.

Lighting

Try not to sit with a window directly behind you, especially with the sun shining as this produces a halo effect around you which does not look good to others on the call.

If you can’t move and don’t have blinds or curtains, then consider bring some light in front of you to counter balance the light behind you. You will need to do this even if you are using an in call backdrop.

Search for “led video light” on somewhere like Amazon for some good options. It doesn’t have to be expensive.

If you are using your phone to make calls, consider an “LED Selfie Light Stand”.

Camera

Knowing where your camera is on your device is important, it can make the difference between the audience looking up your nose and seeing your face at a good level.

Clean the lens. It can make a big difference, especially if you are using a phone.

If you are using a laptop and have an external keyboard and mouse, consider using a laptop stand to raise the camera or even an external camera on a stand to get a better shot.

If you are using a mobile, consider getting a stand for it if inside so you can keep the camera steady.

Microphone

Also knowing where your microphone is on your device is and setting its sensitivity can ensure that you are heard okay and reduces any other background noises in your environment. Headsets with mics often have a mic set to only pick up the wearers voice only.

If you have an external mic, consider a windshield or pop shield to help reduce background noises.

This can mostly be controlled via your operating system device settings or for external mics and headsets the appropriate software/drivers may have options.

Remember your microphone has a mute option in the video calls.

Speakers

Software in devices is very good at stopping feedback where you hear yourself speak on a call and the microphone is picking that up and replaying in over the top. Some people prefer to use an headset with inbuilt mic so they only hear the call in the environment you are in.

Background

Most of the main video calling platforms now have the ability to place backgrounds behind you so the audience can’t see the area that you are calling from.

When using these it is important to remember that the software is using your camera to cut around your image and display the background behind you, so if you want to show something on camera, it may struggle and you may have to turn off your background to do this.

Test it out

Once you have a set up you are comfortable, test it out. There are options on most of the video calling platforms to do this, or set up a call with a colleague or friend to test out the set up and get some feedback.

References

Dr Lucy Rogers has produced a set of videos that were for her students, but would help anyone looking for some advice.

Speaking to an Online Audience – Tech
https://www.youtube.com/watch?v=iaKATPbrNhc&t=44s

Speaking to an Online Audience – Voice
https://www.youtube.com/watch?v=3j9TgUh8bQE&t=33s

Speaking to an Online Audience – Content
https://www.youtube.com/watch?v=4TezFfYyXjo&t=180s

Speaking to an Online Audience – You!
https://www.youtube.com/watch?v=ilzhziTdHSk&t=33s

Data Fellowship – BCS Level 4 Diploma in Data Analysis Concepts

Tags

, , ,

As part of my Data Fellowship that I am currently taking, today I sat the first exam for “BCS Level 4 Diploma in Data Analysis Concepts” – QAN 603/0823/0.

The last exam that I took was in an examination centre where you turn up and sit at an already configured computer. This time I sat the exam at home in my dining room with camera and microphones on. Special software ensuring that my only windows open are the exam and meeting room with the invigilator watching me.

Sitting down getting ready for the exam, I hit that unfortunate moment of your laptop is about to reboot and install an operating system upgrade. Great timing! Just enough time to get another device loaded with the right software and logins to the required pages. Not a good start to entering an exam for the mindset, but all went well in the end.

Study for this stage of the Data Fellowship has been part of the apprenticeship course and objectives. For me it was a cementing of the concepts and bringing some areas up to date.

Objectives are: Demonstrate knowledge and understanding of Data Analysis and its underlying architecture, principles, and techniques. Key areas are:

  1. Explore the different types of data, including open and public data, administrative data, and research data
  2. Understand the data lifecycle
  3. Illustrate the differences between structured and unstructured data
  4. Understand the importance of clearly defining customer requirements for data analysis
  5. Understand the quality issues that can arise with data and how to avoid and/or resolve these
  6. Explore the steps involved in carrying out routine data analysis tasks
  7. Understand the range of data protection and legal issues
  8. Explore the fundamentals of data structures
  9. Explore the database system design, implementation, and maintenance
  10. Understands the organisation’s data architecture
  11. Understands the importance of the domain context for data analytics

Source: Syllabus

Exam passed and certificate issued. Now on with the next learning/revision for the BCS Level 4 Certificate in Data Analysis Tools.

Are you patching your network devices at home?

Tags

There is nothing more annoying when your working on your computer and that popup appears saying “Reboot Now to complete the patch”. Thankfully some vendors have got wise to this over the years and have added changes to update at reboot/shutdown or allow to to choose a time. Annoying as it is, these patches are important and should not be ignored or delayed too long before applying.

Padlock Gates

When you think about patching/upgrading what do you think of?

  • PC/Laptop/Tablet
  • Mobile
  • Network

The typical focus of home users is around the end device we use rather than the other parts of the homes IT infrastructure.

A lot of home users these days rely on service provided network equipment such as routers from their internet service provider, but are these kept up to date? A recent study by Which found that millions of routers are not updated to the latest patches or had weak passwords and providers have been stated that they monitor and update their routers.

If you have your own router on the end of a connection, time to check when it was last updated. If its a managed device you can usually log in to it and check the last patch applied date. Is it being updated?

A recent discovery of FragAttacks (attacks that exploit security vulnerabilities that affect Wi-Fi devices) have shown that it is possible to steal data from any WiFi network that’s not patched, however its not an easy attack to recreate and vendors have been issuing patches to protect against this. This highlights the need for patching and updates to not just your end user device, but network devices as well.

As per a previous blog post – Good practices to adopt are

  • Check the manufactures website for firmware or driver updates on a regular basis – All devices within the home
  • If the device software allows a check to be made for updates on a regular basis make use of the tool
  • Use strong passwords
  • Change any default passwords
  • Don’t use the same password on different systems
  • Use passwords on your video calls
  • Use a VPN if working from home
  • Turn on two factor authentication on applications that allow it
  • Use Anti-virus and malware apps

If this is all second nature to you that’s great, however it may not be to others. Reach out to your family and friends and talk them through what they need to do so it becomes second nature to them.

You are only secure as your last update/patch!

Further Reading

Looking at upcycling a mobile phone

Tags

Across the modern developed world, there are draws of old mobile devices in peoples houses and offices that are no longer used or in fashion. In some cases they are very old devices and in others the pull of the latest model has drawn the user to the new version or the software has stopped working on the older version.

By 2024 Statsia states there will be around 17.72 billion mobile devices operating in the world. That’s a lot of devices!

I will hazard a guess here and say there will also be a very high figure around the amount that will be still sat in desk draws.

Before I get onto upcycling I need to cover two areas – Recycling and Keeping up with the Neighbours

Recycling

With the many recycling programs that vendors are putting in place the number of mobiles left outside of these programs is high. Mainly due to age of the mobile and damage to the device which makes it not worth anything for a person to send their phones in (main damage being to the screen). Yes I have a couple of these from family members that I need to get recycled.

“Smartphones are made up of around 30 elements, including copper, gold and silver for wiring and lithium and cobalt in the battery” Source :https://www.independent.co.uk/news/science/mobile-phones-elements-periodic-table-endangered-chemicals-st-andrews-a8739921.html

http://www.indepenent.co.uk

There should be a bigger push to get these devices recycled to help reduce the impact on the earth and increase our sustainability. The main rewards for recycling a phone are for those that are mainly intact and hold some resale value. Once a phone has been dropped and damaged, to some its a thing that no longer holds value and therefore ends in the draw or hopefully not the bin.

There are some things that need to happen for users to help adopt this strategy:

  • Greater publicity around the value of the old phones
  • Guaranteed security of the destruction of data on the phone
  • Giving the user something back for recycling

Keeping up with the Neighbours

With new phones/models being produced each year how often do you hear things like:

  • “Oh the latest XYZ phone is out – I must get that!”
  • “Well I have a bit of damage on this phone so Ill get a new one as its coming out”
  • “We will no longer support that operating system version past dd/mm/yyyy”
  • “The cost of repair is quite high, its more economical to get a new one”
  • “Ohhh Shiny!!!”
  • “<Insert your own here>”
  • etc.etc.

Upcycling

Having had an android based phone for a number of years, I have been keeping an eye on what Samsung have been proposing since 2017 – Galaxy upcycling. However I haven’t heard much until recently with Samsung announcing the use of old mobiles being used with SmartThings Labs.

Reusing my old mobile devices as part of my home automation system to provide a number of screens and control points around the house appeals to me as I’m sure it would for lots of other people.

Rather than phasing out devices with operating systems that no longer work, having an option to reuse the device with a different operating system (changed) so it can operate as part of a home automation system would have massive appeal to the market and help drive the sustainability agenda. Okay, reduce the functionality of the phone to help secure it, but lets keep these devices useful with some code.

Okay so my screen may have a crack in it, but a screen protector over that and put into a cradle on the wall suits me fine.

So whats next? Dig out my old device, put some power in it and see what I can do with Home Automation.

Logical and Creative Thinking

Tags

, ,

Right Side vs Left Side of brain

Our brain is an amazing organ of that learns, remembers, controls, moves, repairs a complex body. It is in control of lots of functions and as part of that it is also responsible for our Logical and Creative Thinking. There are lots of articles that talk about the left side of the brain being responsible for Logical and the right side for Creativity. This was first researched by Roger Wolcott Sperry with his work on the split brain.

There are lots of articles that talk about people being left or right dominant on the brain, hence being more logical or creative, however more recently published articles and research show that the activity in the brain is similar on both sides of the brain regardless of how dominant they are “An Evaluation of the Left-Brain vs. Right-Brain Hypothesis with Resting State Functional Connectivity Magnetic Resonance Imaging“.

Either way the brain is still an amazing thing and you can learn to use both Logical and Creative Thinking techniques, you just need to apply a growth mindset.

“We cannot solve our problems with the same thinking we used when we created them.” – Albert Einstein

Logical Thinking

Logical thinking helps us to make “sense” of things, coming up with solutions and in decision making.

The five W’s and 1 H are commonly used as questioning to help form logical thinking. These are

  • Who
  • When
  • Why
  • What
  • Where
  • How

Some add another H – How Much to the list as cost can play an important factor in decisions.

Creative Thinking

Creative thinking helps us approach things with an out of the box approach and an ability to look at things through different lenses to discover new solutions.

Balanced View

Taking a balanced view across Logical and Creative thinking, the Six Thinking Hats written by Dr. Edward de Bono starts to provide a balanced view by using the idea of parallel thinking to plan and use thinking more effectively. This can include logical and creative thinking.

Blue Hat – Process

  • manage process
  • action plans
  • next steps
  • reviewing thinking
  • summary

White Hat – Facts

  • data
  • facts
  • information needed
  • information available

Red Hat – Feelings

  • feelings
  • hunches
  • instinct
  • intuition

Green Hat – Creativity

  • creativity
  • solutions
  • ideas
  • alternatives
  • possibilities

Yellow Hat – Benefits

  • positives
  • brightness and optimism
  • value
  • benefits

Black Hat – Cautions

  • difficulties
  • potential problems
  • weaknesses

Build on the Skills

Learn different ways of thinking

Learn some new ways of thinking that you have not used before.

Practice and mix it up

As the phrase goes “Practice makes perfect”. Using different methods of thinking can bring different views and possibly different solutions to the problem/challenge.

Personally I have created my own set of cards based on several ways and methods of thinking that I use when I am looking at a problem. See my blog post Playing a Game with Innovation and Thinking.

Work with others

There is nothing better than working with others to bring in different views and ways of thinking that you may not have thought of previously. This is a great way of seeing how other people approach the problem/challenge and help identify if there are areas you can improve/learn on.

Be creative

Spend some time on creative hobbies that will help you build you creative thinking.

Learning a new skill

Learning a new skill will help you develop your thinking.

Further Reading

Experimental Mindset

Tags

, , ,

We have all at sometime done some sort of experiment, from maybe from a young age as to see which cry and actions resulted in the reward of milk to test driving cars to find which is best suited to your needs before you buy it. These are experiments that produced results from things we have tried and may not have thought about it as developing an Experimental Mindset. In this article I am concentrating on how this applies to data.

Here are my notes from my research into the topic.

The main areas for an Experimental Mindset are:

In order to constantly learn you need to be open to learning and develop your Growth Mindset. I have covered this in another blog so wont repeat here: Having the Right Digital Mindset: Business (Change, Agility and a Growth Mindset).

Having an Experimental Mindset is one of the key traits in being a Data Analyst or Data Scientist and it is not a new term. This has been around as long as the field of science and research has. These arena have developed methodologies that have been adopted and taken forward by many other areas such as business and computing that can be used for testing and evaluating.

At a high level this methodology can be shown as:

Observations –> Hypothesis –> Scientific Law

Overlaid with the areas for data this can be shown as:

Observations (Learning) –> Hypothesis (Testing) –> Scientific Law (Evaluating)

or as:

Observations (Data) –> Hypothesis (Product/Service) –> Scientific Law (Predictive Model)

Using this methodology, one of the more common types of Hypothesis Testing is A/B Testing. This sets out a framework for a simple controlled experiment against two versions (A and B) to look at the impact of changes to a thing or product. Some useful articles on A/B Testing are listed below that go into the details of it:

Udacity host a course by Google on A/B testing.

There are some risks to A/B Testing that should be considered when reviewing the results:

  • Sampling Bias
  • Study Population
  • Target Population
  • Segmentation
  • World Time Zones
  • Target Population
  • Data/Privacy Laws

I will go further into the realms of A/B testing in a later blog post.

Further Reading

Data Storytelling

Tags

,

Humans have been using the medium of storytelling since the beginning, but only really recording it from the moment a wet painted hand went onto a cave wall. These days we read stories in books or access stories over the internet on our tablets and other devices.

Photo by Suzy Hazelwood on Pexels.com

The main key to all of storytelling is data in one form or another. From 1 x wooly mammoth and 3 x hunters (thats 4 items of data) in a cave painting to the complexity of how many bits and bytes are in an online book.

For a good explanation on What is data?Cassie Kozyrkov, Head of Decision Intelligence,@ Google has written some great posts and videos on the subject.

So when we have data, we use stories to explain what it is telling us – hopefully not through 1000’s of powerpoint slides…….Make it Stop!!. What are you going to put in those slides that will keep the audience hooked and focused.

Stories are normally based around a simple concept of beginning, middle and end, however there is more to it that that if you want to tell a good story.

The first thing through before getting to the story is to make sure you understand what the data is telling you. If you don’t understand the data and your asked a question, will you be able to answer it or further illustrate your point. Keep in mind – EVALUATE – LEARN – PRACTICE. Then maybe practice some more until you are confident with what your about to talk about.

Decluttered and simple visuals help to tell the story and keep the audience focused on what you are telling them, rather than they spend the time trying to understand what all that text and facts are on the screen. Information is Beautiful is a site that shows some ways to display data visually in easy to understand ways by David McCandless. Here is his TED talk:

Stories normally follow a Heroes Journey which takes the plot line through a series of steps to keep the audience wanting more and to continue to read the rest or listen until the end. When storytelling about data, as similar construct can be used using the Heroes Journey:

SequenceHeroes Storytelling StepData Storytelling Step
1Status QuoWhats the current normal
2Call to AdvetureThe Question (What is being asked of the data)
3AssistanceWhat are the Sources
4DepatureTurn the data into something understandable
5TrailsData Analysis
6ApproachMethods used
7CrisisData Modelling / Wrangling
8TreasureThe Findings
9ResultResult
10ReturnPresentation
11New LifeNew normal
12ResolutionReview
13EndEnd or maybe a different question?
Data Storytelling using a Heroes Journey

There is a good explanation of the different styles of Heroes Journey on Wikipedia. the above table is change a bit. Heres a video that goes through a format:

Now we have a structure, how you tell the story is just as important. How can you pursuade the audience about the data and point of view that you are presenting?

There are, then, these three means of effecting persuasion. The man who is to be in command of them must, it is clear, be able (1) to reason logically, (2) to understand human character and goodness in their various forms, and (3) to understand the emotions–that is, to name them and describe them, to know their causes and the way in which they are excited.

Aristotle

Aristotle set out his Powers of Persuasion in four areas:

  • Ethos – Author/Speaker (Character, Credibility, Authority, Truthfulness)
  • Pathos – How topic effects you – connect and bridge the gap (Current emotional state, Target emotional state)
  • Logos – Why it effects you – story / proposal (Reasonableness, Consistency, Clarity)
  • Karios – Time and place

Ethos – ‘It is not true, as some writers assume in their treatises on rhetoric, that the personal goodness revealed by the speaker contributes nothing to his power of persuasion; on the contrary, his character may almost be called the most effective means of persuasion he possesses.’

Pathos ‘persuasion is effected through the speech itself when we have proved a truth or an apparent truth by means of the persuasive arguments suitable to the case in question.’

Logos ‘persuasion may come through the hearers, when the speech stirs their emotions. Our judgements when we are pleased and friendly are not the same as when we are pained and hostile.’

Rhetoric, Aristotle

Karios is an Ancient Greek word meaning the right, critical, or opportune moment.

How we can use these areas is illustrated in this example:

When preparing for the Storytelling session its worth checking that you are not going to fall into the trap of the “echo chamber effect”.  From my post on the subject I have created the following term to help me remember – STACK

  • Step Back
  • Think
  • Absorb other views
  • Challenge your thinking
  • communicate your Knowledge

Storytelling is more trustworthy than just presenting data on its own. One to consider when you create your next PowerPoint Presentation.

Further Reading

Data Fellowship

Tags

,

Data, it’s everywhere and there are thousands, millions, billions…… lets just say “lots” of data created evry second of the day, from articles and discussions on the internet, to texts and whats apps, to cars, to well anything with a chip in it really. It goes a huge way to ruling our lives and telling us how to live, from what to eat to the carbon footprint of the world. so when I was given an opportunity to undertake an apprenticeship in Data Analytics on a Data Fellowship Apprenticeship over the next 18 months. Of course Im going to jump at that!

A great way to check my understanding and knowledge on things and learn many new things and more importantly for me provide a qualification at Data Analyst Level 4 standard.

So what is the So What? At the moment the programme is starting, so not much to report back so far, however I have started to document some of my journey and bits in my GitHub repo and will use this and my blog to record my thoughts and learnings going forward. Watch this space as they say.