livebooks blog

I blame my friends who work at three-letter agencies for the United States government. They are the ones who invited me to the Black Hat Technical Security Conference in Las Vegas to drink, have a good time, and learn how completely ignorant I was about online security.

Today, I am a changed person. What I previously deemed to be adequate, if not savvy, security precautions for my quotidian web use, I learned was the same as leaving a full camera bag with the top flipped open on the front seat of my parked car. Sure, the doors are locked, but it would take only the slightest initiative and about six seconds for someone to break the window and walk away with tens of thousands of dollars in gear. I know what you’re thinking. You would never do that. Okay, then take the quiz below. If you answer yes to any of these questions, I’ve got news for you: You’re way more vulnerable than you think.

• Do any of your passwords contain a word that can be found in an English language dictionary or in a dictionary covering pop-culture references from the last 100 years?
• Do you ever close a web window that is signed into an account of some kind without logging out of the account first?
• Ever log in to your bank or credit card account without first checking if the lock symbol is active on your browser window?
• Ever log in to your bank account or 401(k) from a free WiFi access point?
• Ever open an email when you’re unsure where it came from?
• Ever log in to a secure site from a borrowed computer?

Why we are the way we are
In spite of the news stories that circulate daily about online security breaches, we are surprisingly apathetic about the threats they pose to us personally. It’s like backing up your computer — it’s a secondary concern until you’re hit with disaster. Then, suddenly, you’re a convert to the church of redundancy.

Unfortunately recovering from a security breach is nowhere near as easy as recovering from a lost hard drive. With the latter you at least have an idea of what you’ve lost. You can lament it over a glass of wine and move on with your life. A security breach places the control of your social, financial, and photographic life in the hands of someone else. And the ramifications will potentially haunt you long after the initial breach.

Consider the following. A friend of mine had a huge falling out with a close friend, who guessed her email password and sent an inflammatory email to her entire address book. Most of the recipients realized her email address book had been compromised, but those who didn’t know her well were shocked. Ultimately she was able to contact everyone and inform them what happened — but you can imagine how things could have gone worse.

My friend, like many of us, never thought twice about the weak password on her email account. The convenience of an easy-to-type, easy-to-remember password took priority over other considerations. She could not fathom anyone using her email account maliciously.

This is what gets us into trouble. We’re good people and have an inherent problem thinking like criminals. It’s hard for us to see our online assets through criminal eyes and predict how to protect ourselves.

Squatting
A while back I was uploading images to the FTP directory of my web site when I was hit with a disk space error. An examination of my FTP server revealed dozens of unidentified folders, most filled with illicit pornography. My head spun. Given the nature of the material, I contacted my internet service provider, filed an official support ticket, and had them remove the files in case there were any legal protocols involved. A hacker had broken my FTP directory password and was serving up an entire website from my FTP directories for months without my knowledge. Oh man, I was pissed.

Unfortunately there was no way to trace the hacker. Moreover, and frightening to consider, if the authorities had found the illegal site before I did, I could have been arrested. An investigation would have revealed I had been hacked, but who needs that kind of grief?

If you’re utilizing a portfolio service like liveBooks that is monitored by a professional IT staff, you’re safer, but only if your password is strong. Weak passwords are the easiest way for a hacker to access to your account. If you do get hacked, liveBooks keeps a backup of your online portfolio going back a week onsite, and going back a month at a secure offsite facility. Recovery usually takes an hour. But don’t depend on those protocols unless you absolutely have to. Adopting safe practices is a lot easier and less expensive.

Good habits
So here we are at the basic security primer for photographers, or anyone else who spends most of their time online. This is by no means a definitive list, but it will help you think more carefully about your online habits. The information here was gathered from Black Hat, Craig Butterworth at the National White Collar Crime Center, and Carl Slawinski from Agile Web Solutions.

NEW HABIT 1 — Free WiFi: Never, ever, ever log in to your bank account or credit card account when you’re on a free WiFi access point. The reason you have to use a password to access most WiFi networks, especially your own, is because that password encrypts the information floating through the air between your computer and the WiFi hub. If the network is open, so is the information your sending over it.

NEW HABIT 2 — Passwords: The days of passwords drawn from kid’s birthdays, dog names, and Star Wars characters are over. I have seen a brute-force attack crack a weak password in minutes. With today’s powerful computers and free cracking dictionaries and rainbow tables available online, hackers can let computers run for days while they sort out passwords.

One of the most effective ways to keep your passwords strong, like ox, is to invest in a product like the highly regraded 1Password from Agile Web Solutions. I have been using the product for years, but only after my discussion with folks who make 1Password did I take my security to the next level.

1Password generates strong passwords, which it stores for you. When you need the password, the application will enter it for you with an easy key stroke. The generated passwords are so convoluted that you’d never be able to remember them, but that’s the point. 1Password is also on the iPhone so you can take your passwords with you. The file that they use to store your passwords is heavily encrypted and would take a supercomputer 128 years to crack it. More »

“We want to make sure we are as specific as possible to keep our business safe.”

Prix Pictet announced yesterday that the winner of this year’s photography prize for environmental sustainability goes to British based Israeli photographer Nadav Kander, whose project Yangtze, The Long River Series documents the changing landscape along China’s Yangtze River. Pictet also awarded a photography commission to RESOLVE contributor Ed Kashi, who will fulfill Pictet’s annual commission this year in Madagascar.

Vincent Laforet released his latest short film, Nocturne, shot with a prototype Canon 1D MKIV on Monday, but was asked by Canon to take it down the following day, he explained on his blog. Photo Business News and Fake Chuck Westfall both took Canon Japan to task for the move. If you didn’t catch Nocturne before it was taken down, it’s on YouTube, of course.

And the drama goes on. After Shepard Fairey admitted last week that he had lied about his source of his Obama image, the Associated Press released a statement on Tuesday that they are challenging Fairey’s account in court as “purposely deceiving.” Excerpts of AP’s most recent court filings and the letter Fairey’s attorneys sent to the AP are available at PDN.

Jen Bekman Projects, the innovative creator of the 20×200 prints store and the Hey, Hot Shot! photo competition, received $800K+ in venture capital funding. The series A funding was led by California-based venture capitalist True Ventures, along with a other angel investors.