Tuesday, May 31, 2016

LinkedIn Warns Members of Data Breach Fallout Four Years After the Fact


Um, what?

Seriously. This is no joke. LinkedIn sent out a note from their legal department and it is as real as the words on this page. You can even read it on the LinkedIn site.


On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.

Member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.

We invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach. In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities.

LinkedIn has taken significant steps to strengthen account security since 2012. For example, we now use salted hashes to store passwords and enable additional account security by offering our members the option to use two-step verification.

We have several dedicated teams working diligently to ensure that the information members entrust to LinkedIn remains secure. While we do all we can, we always suggest that our members visit our Safety Center to learn about enabling two-step verification, and implementing strong passwords in order to keep their accounts as safe as possible. We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well.


This is Hacker 101. Hack website, steal information, sell on the dark web. This would have been a no-brainer in 2012. It's almost laughable that it took LinkedIn this long to figure it out.

The bottom line is, you really need to change your passwords often on the sites you use the most, a minimum of every six months. I know I've changed mine several times over since this breach happened, and most definitely when we were alerted to the Heartbleed bug. You need to take care of your own security.  

Seriously, if I were LinkedIn's brain trust, I'd be firing the ass of its security and legal teams. In 2016, if you have a business where you access a computer or mobile device, you are negligent and should lose your business license if you are putting everyone in your network at risk by keeping a security breach secret and not upgrading your IT.

Tuesday, May 24, 2016

The Login Ceremony

It’s the one thing about the Internet that drives us all batty: passwords.
If you click the wrong keystroke, nothing happens. Platforms are also becoming more and more insistent that users create more complicated passwords — all the better to protect you with — but how the heck do you remember them all?
There are reputable websites that offer to store all your passwords, to keep them safe. Well, then you need a password to get your passwords. Who can be sure that site can’t be hacked any more than the sites your other passwords belong to?
There are no guarantees.
You DO need complicated passwords: a combination of upper/lower case letters, numbers, and symbols or phrases. You need a unique password for every site you visit, especially the ones you visit the most, such as FacebookTwitter, and Google.
When it comes to storing those passwords, I say do what is easiest for you. If you need a hard copy, fine, but make sure it doesn’t get into external hands, and always, always, always have an electronic backup saved somewhere in the Cloud. Otherwise you risk not knowing how to complete the login ceremony.


Originally published November 1, 2015, freelancepublishing.net, Debbie Elicksen

Tuesday, May 17, 2016

Software From Hell

There is a lot of great software out there, along with user-friendly and necessary apps. Sometimes it isn’t always the free downloads that do it. Your paid programs can also become software from hell, launching an all-out attack of freeware, adware, and God knows what into your system.

Eliminate the risk by only downloading directly from the main site, such as the antivirus company, Google Play, Apple. They have already pre-screened and checked that the download will be safe. Then no matter what, do not add any of the suggested products offered up during the download process.
A credible website, when it offers third-party free downloads of the software or apps you’re looking for, can also become a nightmare. I made this mistake twice.
For example, there is a website that is the go-to for learning about how software and apps rate with users. On the same line as the review, it offers the download of the program direct from their site. You are better off opening a new tab to go directly to the original source. Your computer will thank you.
In the case of software (even anti-virus software), a lot of times when you click through the prompts, it automatically downloads toolbars and all sorts of crap into your computer. Some of it is impossible to remove. You can remove the problem, but there is often a residue that reminds you every time you start up that next time, don’t download third-party stuff. The good thing about Google is, when you key into the search engine the name of the problem and how to remove it, you’ll find a wealth of tutorials. Pick the one that seems the easiest step-by-step.


Originally published January 13, 2016. freelancepublishing.net. Debbie Elicksen

Tuesday, May 10, 2016

Are You A Troll or a Spammer?

If your digital media profiles (Facebook, Twitter, LinkedIn…) look like any of the ones below, fix them now or get off the Internet. First impression is you look like a troll or a spammer. We are not going to give you the time of day if you can’t give your network the time of day.
It’s amazing how many times you see a connection request from someone on LinkedIn or Facebook or a new follower in Google+ who have absolutely no information in their profiles at all — people you personally know. But if you don’t know them, how do you know they’re not a serial killer? You have to wonder why they reached out if they’re not a spammer or phisher.
The sad thing is, some of these belong to real people. Although I may still connect with them if it’s a friend, I will advise them as diplomatically as I can to get a profile picture. I’ll say something like this: “Hey, nice to see you here. Now put up a photograph or you look like a spammer.”
Because social sites are used more to connect with potential business prospects, if you have nothing in your profile but your name, you’re leaving a lot of money outside of your computer. Consider your LinkedIn, Facebook, and Google+ profile/about pages your resume. The more information you put here about yourself — like what you do, the type of work or customers you’re looking for, links to project examples that back up your work or other ways to connect — the greater chance of you getting an unplanned referral or prospect to connect with you.
It’s time to do our part to improve digital media (I’ll get to the literacy aspect another time). If any of your profiles look like these, fix them now or get off the platform. Otherwise, are you a troll or a spammer?
Facebook-non-profile
Are you a serial killer?
Twitter-goose-egg
Bad spelling screams fake profile
LinkedIn-non-profile
Google-non-profile
The following video is more about personal connections, but the message is the same. No picture, not information = you’re CREEPY.


Originally published December 14, 2015. Debbie Elicksen. freelancepublishing.net.

Tuesday, May 3, 2016

You Are What You Publish


+David Meerman Scott wrote The New Rules of Marketing and PR, which is more than a book; it's reality. It's the future. It's who we have become.

We can believe that each digital media is only a social platform where you hang out with your friends. We can throw a hissy fit every time Facebook or YouTube changes its algorithms. We can choose who we want to accept into each of our tight little circles. 

Ignore the realities all you want.

Digital platforms, yes even Facebook and Twitter, are publishing platforms. You have access to this media only because the companies (you know, Zuckerberg and all the guys who own them) let you. Whether you privatize your settings or not, it is still a public forum. If anyone in your "friends" list can see your posts, that is a public post. It's why we use direct messages and emails to have private one-on-one conversations.  

You essentially rent a page from a public membership-based website for free. What you do with that page is up to you, unless it crosses any of the platform's set boundaries. You can bitch all you want about the platform doing this or not doing that, but you don't own it. You rent a small one-billionth of a space for free.

The page you have rented, depending on the platform, shows up in a Google search, even if your individual posts do not. That said, whether or not you've privatized your settings or if you only "friend" people you have met in person, your content can find its way to your employer's desk, the government, and the police, if you've been especially naughty.

What you post on this free public platform is equal to publishing a page in the local (or rather international) newspaper. If it's salacious enough to rankle enough feathers, make it a billboard on a Los Angeles or Toronto main thoroughfare. 

There are people who are the Debbie Downers of social media. They publish hate, ugliness, and continually troll other people's feeds with negative comments. They are in your private digital community. When you see their name in your home feed, your first reaction is to roll your eyes and maybe get ready to click the "hide" option before you've even seen the post.


You may like the person, but hate their post or comment. If they do it on your page, you may rent that page, but you determine what goes on that page. You have the right to delete.

In publishing, everyone is entitled to their opinion, even your friends. When that opinion isn't constructive, is mean-spirited, or is just made because they don't respect your opinion, you have the right to delete.

If you are the person who posts negative and mean-spirited comments, who continually fills their own feeds with it, is that really the permanent impression you want to leave on your public digital footprint?

I love Facebook's On This Day, a look back at your previous posts through the years. It gives you a do-over. I go through them every day. If there is a post that no longer fits my present editorial guideline (post no harm) or something that is irrelevant, like the ongoing diatribe I used to make while watching football and hockey games, or dead website links, I will delete them and clean up my Timeline. Regardless of the platform, there are posts I re-evaluate, sometimes right after I've published them, and then delete them.

This is a website created for schools but a lot of adults could use a refresher course on how to act online (code word for "in public").

The three things that each human craves are safety, belonging, and mattering. We can go a lot further as a human race and as role models if we practice exercising restraint and create a world that lifts our fellow friends and strangers up rather than tear them down. It begins one computer at a time.

When you are online, you write your history.