The Gift of Fear : Survival Signals That Protect Us from Violence: Gavin De Becker: 9780316235020: Books
(See online!)

Ever had a "gut feeling". Have you ever felt irrationally afraid of a person or a place? What if you learned that fear is a protective mechanism and that paying attention to it could save your life or the lives of your loved ones?

This book is all about intuition (though they call it fear). He doesn't offer any apologies, no theology, or theories, just the simple fact that intuition, whatever it is, exists. And if you pay attention to it, you can prevent some bad, bad things.

My favorite example from the book (paraphrased):

Say you're waiting for the elevator and when the door opens, there's a single man inside. For no reason that you can identify, you feel suddenly very afraid to get in the elevator. "That's stupid", you say to yourself. "I have no reason to be afraid of this person. I'm just being irrational."

Which makes more sense? To get into a sound-proof metal box with a stranger who makes you feel fear, or to wait for the next elevator and risk offending said stranger?

Learn why fear is valuable to protect your personal safety and that of the ones you love.

Protecting the Gift: Keeping Children and Teenagers Safe (and Parents Sane): de Becker
(See online!)

All parents face the same challenges when it comes to their children's safety: whom to trust, whom to distrust, what to believe, what to doubt, what to fear, and what not to fear. De Becker helps parents find some certainty about parents' highest-stakes questions:

• How can I know a baby-sitter won't turn out to be someone who harms my child?
• What should I ask child-care professionals when I interview them?
• what's the best way to prepare my child for walking to school alone?
• how can my child be safer at school?
• How can I spot sexual predators?
• What should I do if my child is lost in public?
• How can I teach my child about risk without causing too much fear?
• what must my teenage daughter know in order to be safe?
• what must my teenage son know in order to be safe?
• And finally, in the face of all these questions, how can I reduce the worrying?

What this book actually does is teach you how to listen to your intuition and stop living in denial. DeBecker found that many instances of child abuse by neighbors, babysitters, and dare care providers were preventable if the parents had just paid attention to the little signals.

For example what if the old man nextdoor starts giving your young daughter candy, but only if she'll kiss him on the cheek first. You say to yourself, "he's just lonely, it's harmless". But if you have to rationalize a behavior, that means you see something wrong! It's a real eye-opener and something I would highly recommend for all parents.

An RFID tag hidden under a label

An RFID tag is nothing more than a little chip attached to a paper-thin antenna. The chip's basic function is to store and transmit a small amount of information, usually just a unique identifier. What good is that? Well:

Pros

• RFID attached to shipping pallets can make it easier for companies to track and monitor shipments.
• By replacing UPC codes with RFID labels on individual products (like a can of soda), stores can track inventory, prevent shoplifting, and develop systems that automatically charge you for whats in your cart without you having to stop and scan each item.
• As a cheap short-range wireless transmission system, RFID is perfect for making printers who can tell you if you install the wrong ink or toner cartridge or cars that can sense the air pressure in your tires.
• Because RFID doesn't require physical contact, pass cards like those used for secure door access or subway systems will last far longer than those that use magnetic stripes. Further, because the cards only need to be waved in front of a reader, people can get through the control points a few seconds faster. Multiply by tens or hundreds of people a day and the over-all efficiency skyrockets.
• RFID chips can be implanted under the skin of animals to make them easy to identify if they become lost or stolen.
• Chips implanted in humans can be used in place of the medical alert bracelets which can come off or become hard to read over time.

Though there hundreds of visionary and useful things you can do RFID, because they typically lack strong security controls there are serious risks that come with them too!

Cons

Don't underestimate how easy it would be to track and monitor people by the poorly-secured RFID tags they carry
(See online!)

• If someone steals a pallet full of products from a warehouse, but leaves the RFID chip, the company probably wouldn't know for days or weeks afterward (however long it takes for a real human to go looking).
• A shoplifter with a handheld RFID blaster can remove the tags and walk right out of the store.
• RFID enabled printers coffee machines can prevent you from reusing or buying off-brand replacement supplies.
• Those quickpay and access RFIDs can be easily copied from a distance. Now the bag guy gets free tolls, free gas, or can walk right into your building while the systems assign the responsibility to you.
• RFID has been debated for mandatory implantation in Alzheimer's patients, illegal aliens, and even the military. Because the chips aren't protected, once implanted, they can be used to track the movements and activities of the subjects causing serious privacy concerns. In addition to the possible cancer risks, the chips have been known to tunnel through the skin over time causing damage as well as making it impossible for you to get an MRI in the future if you should need one.

US passports now have RFID that researchers used to trigger an RFID smart bomb
• And how about the fact that your unsecured RFID chip could get hacked and become a tool for spreading viruses?
• Cameras can be programmed to look for specific kinds of RFID or specific people and snap a photo when you go by
• RFID can and WILL be used to track humans and their daily activities. Research is ongoing
• Making yourself "machine readable" makes it possible for someone to program a bomb with your "number" on it.

Making RFID Safe

On the plus side again, RFID can help prevent infant abduction or hospital mixups.

RFID, like most technology, isn't something that can (or necessarily should) be stopped. Intstead, we need to harness and direct the technology to reduce the threat. To do this, we need to look at three risk aspects of RFID:

1. Poor authentication

One of the primary issues with RFID and the main thing that makes all the nightmare scenarios possible is that unsecured RFID broadcasts to anyone and everyone. For any implementation of RFID to be acceptable, the chips must be programmed only to speak to proper readers who authenticated themselves first.

For example, say you have a refrigerator that scans the food inside. When you put food inside, the fridge should program the food with a one-time code that makes it impossible for the chips in the packaging to respond to any other reader.

Think no one cares what the contents of your fridge are? Think again.

2. Poor (or no) encryption

Even after a chip authenticates a reader, if it sends the data out in the open, anyone else nearby (or not so nearby) can read it too. All communications between a chip and authenticated reader must be encrypted to prevent eavesdropping by others.

3. Use of Long-term RFID

Implantation is permanent. Passports are good for 10 years. Companies plan to replace UPC barcodes with RFID that will transmit ID codes for the life of the product (from creation to landfill and beyond).

Every RFID implementations will eventually be hacked by someone. All it takes is one person in the world to find a way to break the system and the security is no good anymore (like the millions and millions of pounds wasted with the UK passports). Secure implementations can slow it down or help, but the best defense is NO RFID.

I can't see implants ever making sense and you definitely want to be sure the products you wear and carry around can't be used to wirelessly communicate with the world around them.

Let's just get your SSN, a few fingernail cuttings, an elbow-print, a sample of saliva, and fill out this form of all your deepest fears and personal secrets!

(Image is in the Public Domain)

Defending your information doesn't stop when you walk out the front door. How many times when you're at the store, at the doctor's office, or otherwise out and about does someone ask for your private information? Do you provide it? Should you? How can you know?

The defense is simply this: ask. Why do they want to know? What will they do with it? How do they protect it? Ask and depending on the answer, decide what to do. For example:

• When I went to a new dentist, they asked for my social security number. When I asked, they claimed they needed it for insurance purposes, but a quick call to the insurance company confirmed that wasn't the case and I refused. They were able to put a random number instead and everything worked fine: I got service and they got paid.

I was once asked for my SSN at a video-rental store! Obviously they didn't need it for anything, but it made me wonder how many people provided it just because they were asked.


Most stores will take the Jenny number for discounts and such
(See online!)
• Lots of stores have "club cards" or some kind of membership where you theoretically get discounts or they can pull up your purchase history for returns or some such nonsense. Depending on the specifics, I might sign up (leaving everything I can blank — which is usually a lot if not most of it), but sometimes I'll just give them a common phone number that someone else has already set up. Specifically your area code plus one of the following almost always works: 555-1212 (the number to general information) or 867-5309 (the Jenny number).
• Electronic signatures are everywhere, but are you really comfortable giving companies yet another important piece of data to lose? The system isn't going to check what you put in (even if you draw funny or inappropriate pics instead) so it's up to you what to do in this case. If I were of a privacy mind, I might draw the first letter of my signature for myself (so I could tell later it was me who signed it) and then scribble the rest randomly.

Fun fact: I quite literally stopped the nurses at the birthing ward to ask them why they wanted a SSN on the admission paperwork while my wife was in active labor in the wheelchair behind me. Due to the impending baby, we agreed to handle the paperwork later (spoiler alert: they didn't need it either).

Summary

By being stingy with my data, I have avoided letting people put my information into yet another computer system and be at risk from abuse and hacking. It's not a 100% solution of course, but it costs me little other than some time and confused looks from employees who've never been challenged before. For my effort, my data is harder to find, harder to lose, and harder to exploit.

Exercise

Exercise by Nick Youngson - Alpha Stock Images

(Image used under: Creative Commons 3.0 [SRC])

This section doesn't lend itself well to exercises. Just be careful out there ok?

What you can do is check out the resources page (next in the guide) and make sure to click any remaining orange-colored dots next to the lessons in the guide. This will mark them complete and once all are so-marked, you will receive a course-completion badge in your profile. Congrats for making it through 🙂

(Image used under: Creative Commons 4.0 [SRC][Mod])

Maybe now I can stop referring to myself as "paranoid" and just use the term "Security Professional" instead. In a Wired.com essay, Bruce Schneier writes how security professionals just think differently. While engineers try to figure out how to make things work, Security Professionals think about how to break them.

For example:

SmartWater is a liquid with a unique identifier linked to a particular owner. "The idea is for me to paint this stuff on my valuables as proof of ownership," I wrote when I first learned about the idea. "I think a better idea would be for me to paint it on your valuables, and then call the police."

And it's simply thinking in this way that would prevent a lot of bad products (like smart water) from ever being developed in the first place.