Archive for the ‘Twitter’ Tag

Refrain from Infantilizing

Social network sites risk infantilizing the mid-21st century mind, leaving it characterized by short attention spans, sensationalism, inability to empathies and a shaky sense of identity, according to a leading neuroscientist. So keep old media alive. See interesting books available at the community library. Find ways to entertain yourself without your e-reader or Pandora. Act like a kid. Swings are fun and playgrounds are everywhere. Go hiking. Just find some free places to hang out outside. Go to bed early. Get into bed and don’t check your phone. You’ll fall asleep faster and have more energy the next day. Leave your phone home for a day. Don’t even tempt yourself by bringing it with you. If you are with someone, you don’t need multiple phones. Be spontaneous. Whether it’s a weekend or day trip, do something with friends, family or even by yourself that you’ve never done before. Don’t plan, just hit the road. You’ll remember it forever. Just because you are not posting live in the moment doesn’t mean you can’t share it or blog about it later on social media. The conversations you’ll have with friends can be enjoyed anytime. Consider how you can disconnect from distractions in your life to ensure a better performance come Monday morning.


Gender & Multitasking

I have never understood the appeal with whether women or men are better at multitasking. That’s because multitasking is something that’s best avoided for any task that needs concentration. Humans don’t multitask well, unless one of the activities is automatic and doesn’t require much conscious processing. One of the reasons the question keeps coming back is because of the media obsession with the battle of the sexes. Media likes to report anything that shows even the most minuscule psychological gender differences.

Consequently, what we get is the news that, one week, women are better at multitasking and the next week it’s men. Part of the reason you see these articles is that some studies do indeed find a small superiority for women and some find a small superiority for men, depending on the exact tasks. But let’s take a real-world activity like driving. What if you compare how good men and women are at driving while talking on a mobile phone? Now, somewhere at the back of your mind, perhaps, there may be prejudices brewing. Stifle those thoughts, though, because Watson and Strayer have found no difference between men and women on this sort of multitasking.

It turns out that this is the case in general for multitasking. Overall studies struggle to find strong, consistent evidence one way or the other. Certainly, some people, both men and women, are better multi-taskers than others, and that is interesting. But as for the difference between men and women, the truth is there is much more variation amongst men and women than there is between men and women.

The balance of evidence may change in the future, but at the moment the best guess is that the differences are very small or non-existent. So, there are no proven differences between men and women at multitasking.

There Is No One More ‘Youier’ Than You!

Keep your eyes wide open for inspiration. Look for a beautiful sunset. Feast your eyes on the perfection of flowers – the perfection of their colors and of their conformation. Realize that none of the colors in nature clash with each other. See the world through the camera’s lens and you will be inspired by the beauty that you have chosen to record. It will also help you to focus on your subject with clarity. This will give you an appreciation for form.

Listen for the sound of the birds singing on a new spring day. Hear the 23rd Psalm word for word. Sit back and hear a Beethoven Symphony in your heart and wonder that he was deaf. I think you will experience joy. Feel that experience; let it soak into your inner being; let it imprint on you. When you need inspiration you can call up the memory of how you felt during those moments.

Inspiration is just around the corner, it is so important to be in touch with your feelings so you will recognize it. Permit yourself to feel and then prepare yourself to express your special gifts.

As Dr. Seuss said, "There is no one more ‘youier’ than you!" Be your own best friend and be very kind to yourself. Most of us tend to be very critical of ourselves and that can strangle inspiration. Laugh at your self. Life is an amazing journey. Approach it with humor and love.

Sharing your gifts with others will fill your heart and reward you in so many ways. Your cup will run over with good things. I believe that we are called on to be the very best representatives of God that we can be. We are given so much and I think the happiest people are the ones who are very thankful for what they have and who do not focus on what they do not have.

My favorite quote is from Oscar Wilde. He says, "If you don’t get everything you want, think of the things that you don’t get, that you don’t want". It takes a little while for that to sink it, but it is so very true. Doing random acts of kindness will enrich your soul and help you realize how blessed you are.

Take time to smell the roses. Their fragrance is so sweet. It will ground you to do this. Pet a dog, love a child, do not miss an opportunity to soak it all in. Express thanks in all you do and practice healthy habits and thoughts. I think you will be inspired. Not only will you be inspired but you will be energized. You will be creative.

End of Medicine As We Know It

I’m trying to zoom in on critical aspects of how the digital world will create better healthcare. George Orwell once said that the hospital is the antechamber to the tomb. That was written decades ago, and unfortunately there’s still truth to that today. It’s really sad to think that 1 in 4 hospital patients in America have a problem with medical errors or that they have problems like nosocomial, or hospital-acquired, infections and medication errors.

There’s a book that was recently published called Unaccountable, by Marty Makary, MD, a surgeon at Johns Hopkins Hospital, and it’s quite an alarmist view of this problem with lack of accountability in hospitals and in the medical profession in general. The digital world could potentially help this; we’ve seen some disappointing aspects with respect to electronic medical records, which haven’t really been shown to markedly reduce medical errors. They certainly haven’t done anything to reduce hospital-acquired infections.

What will be interesting to see in the future are things like scorecards of hospitals. You saw, in recent months, Consumer Reports’ cover article about rating hospitals. This is just the beginning of where we can go to give direct information, transparency, accountability, and data to consumers and that Consumer Reports story is just going to be amplified over time, and not just through one particular magazine.

When we give a window to the consumer using real data, they can select a physician. Consumers can go to Google Scholar and figure out who the experts are in a particular field, just as we in the medical community can when we’re trying to find a physician to refer to and we can pick anywhere in the world. This is the sort of thing that can be digitally available for consumers. We as peers can put together the information that’s necessary for the proper transparency, selection of physicians, and selection of hospitals. Hopefully, that’s one way to make improvements in the future.

One of the interesting things why trustees volunteer to serve on hospital boards is that when you talk to them, they say they volunteer to be trustees so they can get access to information on which doctor is the right doctor to go to when they have a problem and, of course, there are very few people who can serve as hospital trustees, but that’s the equivalent of where we need to go with transparency, accountably, and scorecards in the future.

Consumer-Driven healthcare is a concept that a lot of physicians are very uncomfortable with. If you go back to the Gutenberg printing press, it was only then in the Middle Ages when the Bible and all the printed information could be read by others besides the high priest. In fact, that’s an analogy of what is going to happen in medicine, because until now there has been this tremendous information asymmetry.

Essentially, all the data, information, and knowledge were in the domain of doctors and healthcare professionals, and the consumer, patient, and individual was out there without that information, not even their own data. But that’s changing very quickly.

Patients will have the capability of accessing notes from an office visit and hospital records, as well as laboratory data and DNA sequencing — and on one’s smartphone, for example, blood pressure and glucose and all the key physiologic metrics.

When each individual has access to all this critical data, there will be a real shakeup to the old way that medicine was practiced. In the past, the Internet was supposed to be empowering for consumers, but that really didn’t matter because what the consumer could get through the Internet was data about a population. Now, one can get data about oneself, and, of course, a center hub for that data-sharing will be the smartphone.

Even critical information based on one’s genomic sequencing, such as drug interactions, will have a whole different look. We’ve already learned so much about the direct-to-consumer movement from the pharmaceutical industry in which patients were directed to go to their doctors and ask them for a prescription drug. That had a very powerful impact.

But in the future, with each person potentially armed with so much data and information, the role of the doctor is a very different one: It is to provide guidance, wisdom, knowledge, and judgment and, of course, the critical aspects of compassion, empathy, and communication. That is a whole different look for the consumer-driven healthcare world of the future.

We can get rid of the randomized trial and here is a better way. How we can Schumpeter or reboot the future of healthcare by leveraging the big innovations that are occurring in the digital world, including digital medicine. But one of the things that have been missed along the way is that how we do clinical research will be radically affected as well. We have this big thing about evidence-based medicine and, of course, the sanctimonious randomized, placebo-controlled clinical trial. Well, that’s great if one can do that, but often we’re talking about needing thousands, if not tens of thousands, of patients for these types of clinical trials, and things are changing so fast with respect to medicine and, for example, genomically guided interventions that it’s going to become increasingly difficult to justify these very large clinical trials.

For example, there was a drug trial for melanoma and the mutation of BRAF, which is the gene that is found in about 60% of people with malignant melanoma. When that trial was done, there was a placebo control, and there was a big ethical charge asking whether it is justifiable to have a body count. This was a matched drug for the biology underpinning metastatic melanoma, which is essentially a fatal condition within 1 year, and researchers were giving some individuals a placebo.

Would we even do that kind of trial in the future when we now have such elegant matching of the biological defect and the specific drug intervention? A remarkable example of a trial of the future was announced in May. For this trial, the National Institutes of Health is working with Banner Alzheimer’s Institute in Arizona, the University of Antioquia in Colombia, and Genentech to have a specific mutation studied in a large extended family living in the country of Colombia in South America. There is a family of 8000 individuals who have the so-called Paisa mutation, a presenilin gene mutation, which results in every member of this family developing dementia in their 40s.

Researchers will be testing a drug that binds amyloid, a monoclonal antibody, in just [300] [1] family members. They’re not following these patients out to the point of where they get dementia. Instead, they are using surrogate markers to see whether or not the process of developing Alzheimer’s can be blocked using this drug. This is an exciting way in which we can study treatments that can potentially prevent Alzheimer’s in a very well-demarcated, very restricted population with a genetic defect, and then branch out to a much broader population of people who are at risk for Alzheimer’s. These are the types of trials of the future and, in fact, it would be great if we could get rid of the randomization and the placebo-controlled era going forward.

One of things that I’ve been trying to push is that we need a different position at the FDA. Now, we can find great efficacy, but the problem is that establishing safety often also requires thousands, or tens of thousands, of patients. That is not going to happen in the contrived clinical trial world. We need to get to the real world and into this digital world where we would have electronic surveillance of every single patient who is admitted and enrolled in a trial. Why can’t we do that? Why can’t we have conditional approval for a new drug or device or even a diagnostic test, and then monitor that very carefully. Then we can grant, if the data are supported, final approval.

I hope that we can finally get an innovative spirit, a whole new way of a conditional and then final approval in phases in the real world, rather than continuing in this contrived clinical trial environment. These are some things that can change in the rebooting or in the creative destruction, or reconstruction, of medicine going forward.

Social networking is having big impact on medicine. Social networking is changing the practice of medicine. Everybody is familiar with Facebook, which soon will have 1 billion registrants and be second only to China and India as far as a community or population. What isn’t so much appreciated by the medical community is that our patients are turning to online health social networking. These are such Websites as PatientsLikeMe, CureTogether, and many others.

Interestingly, patients with like conditions — often chronic conditions, such as multiple sclerosis, diabetes, or amyotrophic lateral sclerosis — will find patients with the same condition on these networking sites, and these virtual peers will become very much a key guidance source. This is so different from the past, when all information emanated from physicians. In fact, now many of these individuals who use social networks trust their virtual peers more than their physicians, so this is a real change that’s taken place. In addition to this, the social networking platforms, which are free, offer an opportunity we haven’t seen before.

If you combine the capability of monitoring such things as blood pressure or glucose with social networking, then you can have managed competitions with your friends, your family, or your social networking cohort, and you can start to compete for such things as who has the best blood pressure or who has the best glucose level. This, of course, is beyond competitions as simple as who has the best weight or does the most activity in terms of number of steps.

What we’re going to see going forward is the leveraging of social networking for improving healthcare. This is really taking advantage of a preexisting platform of digital infrastructure, and something that we did not anticipate would be so popular in the medical sphere. This is superimposed on Facebook, for example, which has already had individuals who at least claim that their lives were saved on the basis of pictures of themselves and their condition.

In fact, there was a young boy who was desperately ill and undiagnosed, but a Facebook friend of the mother of this boy made the diagnosis of Kawasaki disease. Historically, this is the first case in which social networking supposedly led to saving one’s life. There have been many other cases like this one that have been subsequently documented.

This is really an interesting trend, social networking. I’m really big on Twitter. My handle is @ nishanil1, and I get my most useful information in the whole biomedical research digital health arena through that mechanism. I’d encourage you to try it out or get active on it if you haven’t. Social networking is having a big impact on medicine at multiple levels.

Five devices physicians need to know about in digital revolution occurring in the practice of medicine and how this revolution can radically improve the healthcare of the future. I’d like to show you many of the devices that I think are transforming medicine today. These devices represent an exciting opportunity as we move forward in the practice of medicine.

This is 2012, obviously, and this is something that we’re going to build upon. You’re used to wireless devices that can be used for fitness and health, but these are now breaking the medical sphere. One device you may have already noticed turns your smartphone into an electrocardiogram (ECG). The ECG adaptor comes in the form of a case that fits on the back of a smartphone or in a credit card-size version. Both contain 2 sensors. With the first model, you put the smartphone into the case and then pull up the app — in this case I’m using the AliveCor app — and put 2 fingers on each of the sensors to set up a circuit for the heart rhythm. Soon you’ll see an ECG. What’s great about this is you don’t just get a cardiogram, which would be like a lead II equivalent; using the "credit card" version, you get all the V-leads across the chest as well. I have found this to be really helpful. It even helped me diagnose an anterior wall myocardial infarction in a passenger on a flight.

The second device I will enumerate is another adaptation of the smartphone, but this one is for measuring blood glucose. Obviously we do that now with finger-sticks, but the whole idea is to get away from finger-sticks. I’m wearing a sensor right now that can be worn on the arm. It also can be worn on the abdomen. What’s nice about this is that I can just turn on my phone, and every minute I get an update of my blood glucose right on the opening screen of the phone. It’s a really nice tool, because then I can look at the trends over the course of 3, 6, 12, or even 24 hours. It plays a big behavioral modification type of a role, because when you’re looking at your phone, as you would be for checking email or surfing the Web, you also are integrating what you eat and your activity with how your glucose responds. This is going to be very helpful for patients — not only those with diabetes, but also those who are at risk for diabetes, have metabolic syndrome, or are considered to be in the pre-diabetic state.

The third device I’d like to talk about is another device from the cardiovascular arena that comes in the form of an adhesive patch. It’s called the iRhythm, and I tried this out on myself. It’s really a neat device, because the results are sent by mail to the patient. You put it on your chest for 2 weeks, and then you mail it back. It’s the Netflix equivalent of a cardiovascular exam. The company then sends the patient 2 weeks’ worth of heart rhythm detection. I think it’s a far better, practical way, as compared to the Holter monitor wireless device. It’s not as time-continuous as the ECG or glucose device, but it’s in that spectrum.

I want to now explain a fourth device, which I use on my iPad. This device allows physicians the ability to monitor patients in the intensive care unit on their iPads. I use it to monitor patients at the ICU. You can use it for any ICU that allows for the electronic transmission of data. Right now, I’m monitoring 4 patients simultaneously. You can change the field to monitor up to 8 patients simultaneously. This is a great way to monitor patients in the ICU because you can do it remotely and from anywhere in the world where you have access to the Web. This is just to give you a sense of what this innovative software sensor can do to change the face of medicine.

Finally, I wanted to describe is something that I’ve become reliant upon, and that’s this high-resolution ultrasound device known as the Vscan. I use this in every patient to listen to their heart. In fact, I haven’t used a stethoscope for over 2 years to listen to a patient’s heart. What’s really striking about this is that it’s a real stethoscope. "Scope" means look into. "Steth" is the chest. And so now I carry this in my pocket, and it’s just great. I still need a stethoscope for the lungs, but for the heart this is terrific. You just pop it open, put a little gel on the tip of the probe, and get a quick, complete readout with the patient looking on as well. I’m sharing their image on the Vscan while I’m acquiring it and it only takes about a minute. It is validated of its usefulness in an Annals of Internal Medicine paper, in July 2011, [1] describing how it compares favorably to the in-hospital ultrasound echo lab-type image. This could be another very useful device in emergency departments, where the wireless loops could be sent to a cardiologist. Another application it could be used for is detecting an abdominal aortic aneurysm. Paramedics who are out in the field, or at a trauma case, could use this to wirelessly send these video loops to get input from a radiologist or expertise from any physician for interpretation.

These are just a few of the gadgets that give you a feel for the innovative, transformative, and really radical changes that will be seen going forward in medicine.

Password: A Broken System


Credits: Mat Honan (senior reporter for Gizmodo)

You have a secret that can ruin your life. It’s not a well-kept secret, either. It is just a simple string of characters maybe six of them if you’re careless, 16 if you’re cautious that can reveal everything about you: your email, your bank account, your address and credit card number, photos of your kids, or worse, of yourself, naked. The precise location where you’re sitting right now as you read these words. Since the dawn of the information age, we’ve bought into the idea that a password, so long as it’s elaborate enough, is an adequate means of protecting all this precious data. But in 2012 that was a fallacy, a fantasy, an outdated sales pitch, and anyone who still mouths it is a sucker or someone who takes you for one.

No matter how complex, no matter how unique, your passwords can no longer protect you. The way we daisy-chain accounts, with our email address doubling as a universal username, creates a single point of failure that can be exploited with devastating results. Thanks to an explosion of personal information being stored in the cloud, tricking customer service agents into resetting passwords has never been easier. All a hacker has to do is use personal information that’s publicly available on one service to gain entry into another.

Our digital lives are simply too easy to crack. Imagine that I want to get into your email. Let’s say you’re on AOL. All I need to do is go to the website and supply your name plus maybe the city you were born in information and that is easy to find in the age of Google. With that, AOL gives me a password reset, and I can log in as you. First thing I do? Search for the word “bank” to figure out where you do your online banking. I go there and click on the Forgot Password? link. I get the password reset and log in to your account, which I control. Now I own your checking account as well as your email.

The common weakness in these hacks is the password. It’s an artifact from a time when our computers were not hyper-connected. Today, nothing you do, no precaution you take, no long or random string of characters can stop a truly dedicated and devious individual from cracking your account. The age of the password has come to an end; we just haven’t realized it yet. Passwords are as old as civilization and for as long as they’ve existed, people have been breaking them. The first computers to use passwords were likely those in MIT’s Compatible Time-Sharing System, developed in 1961. To limit the time any one user could spend on the system, CTSS used a login to ration access. It only took until 1962 when a PhD student named Allan Scherr, wanting more than his four-hour allotment, defeated the login with a simple hack. He located the file containing the passwords and printed out all of them. After that, he got as much time as he wanted. During the formative years of the web, as we all went online, passwords worked pretty well. This was due largely to how little data they actually needed to protect. Our passwords were limited to a handful of applications like an ISP for email and maybe an ecommerce site or two. Because almost no personal information was in the cloud; the cloud was barely a wisp at that point and there was little payoff for breaking into an individual’s accounts; the serious hackers were still going after big corporate systems.

So we were lulled into complacency. Email addresses morphed into a sort of universal login, serving as our username just about everywhere. This practice persisted even as the number of accounts, the number of failure points grew exponentially. Web-based email was the gateway to a new slate of cloud apps. We began banking in the cloud, tracking our finances in the cloud, and doing our taxes in the cloud. We stashed our photos, our documents, and our data in the cloud. Eventually, as the number of epic hacks increased, we started to lean on a curious psychological crutch the notion of the “strong” password. It’s the compromise that growing web companies came up with to keep people signing up and entrusting data to their sites. It’s the Band-Aid that’s now being washed away in a river of blood. Every security framework needs to make two major trade-offs to function in the real world. The first is convenience: The most secure system isn’t any good if it’s a total pain to access. Requiring you to remember a 256-character hexadecimal password might keep your data safe, but you’re no more likely to get into your account than anyone else. Better security is easy if you’re willing to greatly inconvenience users, but that’s not a workable compromise.

The second trade-off is privacy. If the whole system is designed to keep data secret, users will hardly stand for a security regime that shreds their privacy in the process. They have wanted the act of signing up and using their service to seem both totally private and perfectly simple—the very state of affairs that makes adequate security impossible. So they’ve settled on the strong password as the cure. Make it long enough, throw in some caps and numbers, tack on an exclamation point, and everything will be fine.

For years it hasn’t been fine. In the age of the algorithm, when our laptops pack more processing power than a high-end workstation did a decade ago, cracking a long password with brute force computation takes just a few million extra cycles. That’s not even counting the new hacking techniques that simply steal our passwords or bypass them entirely—techniques that no password length or complexity can ever prevent.

How do our online passwords fall?

In every imaginable way: They’re guessed, lifted from a password dump, cracked by brute force, stolen with a key-logger, or reset completely by conning a company’s customer support department.

Let’s start with the simplest hack: guessing. Carelessness, it turns out, is the biggest security risk of all. Despite years of being told not to, people still use lousy, predictable passwords. Our other common mistake is password reuse. Password reuse is what really kills you. There is a very efficient economy for exchanging that information. Hackers get our passwords through trickery. The most well-known technique is phishing, which involves mimicking a familiar site and asking users to enter their login information. The hacker phishes his way in by sending an email that linked to a bogus page, which ask for password. You enter it. An even more sinister means of stealing passwords is to use malware (hidden programs that burrow into your computer and secretly send your data to other people). They are epidemic on Windows and, increasingly, Android. Malware works most commonly by installing a key-logger or some other form of spyware that watches what you type or see. Its targets are often large organizations, where the goal is not to steal one password or a thousand passwords but to access an entire system. Clicking a rogue link, usually from a phishing email installs Malware on your computer. Then, like a good human hacker, it sits and waits for you to log in to an online banking account somewhere. As soon as you do it grabs your password and sends it back to a server accessible to the hacker.

Until we figure out a better system for protecting our stuff online, here are four mistakes you should never make and four moves that will make your accounts harder but not impossible to crack:


1. Don’t reuse passwords. If you do, a hacker who gets just one of your accounts will own them all.

2. Don’t use a dictionary word as your password. If you must, then string several together into a pass phrase.

3. Don’t use standard number substitutions. Cracking tools now have those built in.

4. Don’t use a short password—no matter how weird. Today’s processing speeds mean that even passwords like “h6!r$q” are quickly crackable. Your best defense is the longest possible password.


1. Do enable two-factor authentication when offered. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it’s better than nothing.

2. Do give bogus answers to security questions. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a “Camper Van Beethoven Freaking Rules.”

3. Do scrub your online presence. One of the easiest ways to hack into an account is through your email and billing address information. Sites like Spokeo and offer opt-out mechanisms to get your information removed from their databases.

4. Do use a unique, secure email address for password recoveries. If a hacker knows where your password reset goes, that’s a line of attack. So create a special account you never use for communications and make sure to choose a username that isn’t tied to your name—like m****—so it can’t be easily guessed.

If our problems with passwords ended there, we could probably save the system. We could ban dumb passwords and discourage reuse. We could train people to outsmart phishing attempts. Just look closely at the URL of any site that asks for a password. We could use antivirus software to root out malware. But we’d be left with the weakest link of all: human memory. Passwords need to be hard in order not to be routinely cracked or guessed. So if your password is any good at all, there’s a very good chance you’ll forget it; especially if you follow the prevailing wisdom and don’t write it down. Because of that, every password-based system needs a mechanism to reset your account and the inevitable trade-offs (security versus privacy versus convenience) mean that recovering a forgotten password can’t be too onerous. That’s precisely what opens your account to being easily overtaken via social engineering. Although socializing was responsible for just 7 percent of the hacking cases that government agencies tracked last year, it raked in 37 percent of the total data stolen.

Have you thought about your LinkedIn account?

Have you thought about your Facebook page?

Have you thought about your kids’ pages or your friends’ or family’s?

If you have a serious web presence, your answers to the standard questions—still often the only options available—are trivial to root out. Your mother’s maiden name is on, your high school mascot is on Classmates, your birthday is on Facebook, and so is your best friend’s name—even if it takes a few tries. The ultimate problem with the password is that it’s a single point of failure, open to many avenues of attack. We can’t possibly have a password-based security system that’s memorable enough to allow mobile logins, nimble enough to vary from site to site, convenient enough to be easily reset, and yet also secure against brute-force hacking. But today that’s exactly what we’re banking on—literally.

Who is doing this? Who wants to work that hard to destroy your life? The answer tends to break down into two groups, both of them equally scary: overseas syndicates and bored kids.

The syndicates are scary because they’re efficient and wildly prolific. Malware and virus-writing used to be something hobbyist hackers did for fun, as proofs of concept; not anymore. Sometime around the mid-2000s, organized crime took over. Today’s virus writer is more likely to be a member of the professional criminal class operating out of the former Soviet Union than some kid in a Boston dorm room. There’s a good reason for that; money.

Given the sums at stake—in 2011 Russian-speaking hackers alone took in roughly $4.5 billion from cybercrime—it’s no wonder that the practice has become organized, industrialized, and even violent. Moreover, they are targeting not just businesses and financial institutions but individuals too. Russian cybercriminals, who have ties to the traditional Russian mafia, took in tens of millions of dollars from individuals last year, largely by harvesting online banking passwords through phishing and malware schemes. In other words, when someone steals your Citibank password, there’s a good chance it’s the mob.

But teenagers are, if anything, scarier, because they’re so innovative. A 14-year-old kid who goes by the handle “Dictate” isn’t a hacker in the traditional sense. He’s just calling companies or chatting with them online and asking for password resets. But that does not make him any less effective. He and others like him start by looking for information about you that’s publicly available: your name, email, and home address, for example, which are easy to get from sites like Spokeo and Then they use that data to reset your password in places like Hulu and Netflix, where billing information, including the last four digits of your credit card number, is kept visibly on file. Once they have those four digits, they can get into your AOL, Microsoft, and other crucial sites. Soon, through patience and trial and error, they will have your email, your photos, your files.

Why do kids do it? Mostly just for fun: to fuck shit up and watch it burn. One favorite goal is merely to piss off people by posting racist or otherwise offensive messages on their personal accounts. Racism invokes a funnier reaction in people. Apparently, sociopathy sells.

A lot of these kids came out of the Xbox hacking scene, where the networked competition of gamers encouraged kids to learn cheats to get what they wanted. In particular, they developed techniques to steal so-called OG (original gamer) tags from the people who’d claimed them first. It’s precisely because of the relentless dedication of kids that the password system cannot be salvaged. You can’t arrest them all, and even if you did, new ones would keep growing up. Think of the dilemma this way: Any password-reset system that will be acceptable to a 65-year-old user will fall in seconds to a 14-year-old hacker.

For the same reason, many of the silver bullets that people imagine will supplement and save passwords are vulnerable as well. For example, last spring hackers broke into the security company and stole data relating to its SecurID tokens, supposedly hack-proof devices that provide secondary codes to accompany passwords. The company never divulged just what was taken, but it’s widely believed that the hackers got enough data to duplicate the numbers the tokens generate. If they also learned the tokens’ device IDs, they’d be able to penetrate the most secure systems in corporate America.

On the consumer side, we hear a lot about the magic of Google’s two-factor authentication for Gmail. It works like this: First you confirm a mobile phone number with Google. After that, whenever you try to log in from an unfamiliar IP address, the company sends an additional code to your phone: the second factor. Does this keep your account safer? Absolutely, and if you’re a Gmail user, you should enable it this very minute. Will a two-factor system like Gmail’s save passwords from obsolescence?

This past summer hacker decided to go after Prince, CEO of a web performance and security company called CloudFlare. They wanted to get into his Google Apps account, but it was protected by two-factor. What to do? The hackers hit his AT&T cell phone account. As it turns out, AT&T uses Social Security numbers essentially as an over-the-phone password. Give the carrier those nine digits or even just the last four along with the name, phone number, and billing address on an account and it lets anyone add a forwarding number to any account in its system. Getting a Social Security number these days is simple: They’re sold openly online, in shockingly complete databases.

Prince’s hacker used the SSN to add a forwarding number to his AT&T service and then made a password-reset request with Google. So when the automated call came in, it was forwarded to them. Voilà—the account was theirs. Two-factor just added a second step and a little expense. The longer we stay on this outdated system—the more Social Security numbers that get passed around in databases, the more login combinations that get dumped, the more we put our entire lives online for all to see—the faster these hacks will get.

The age of the password has come to an end; we just haven’t realized it yet. No one has figured out what will take its place. What we can say for sure is this: Access to our data can no longer hinge on secrets—a string of characters, 10 strings of characters, the answers to 50 questions—that only we’re supposed to know. The Internet doesn’t do secrets. Everyone is a few clicks away from knowing everything.

Instead, our new system will need to hinge on who we are and what we do, where we go and when, what we have with us, how we act when we’re there and each vital account will need to cue off many such pieces of information; not just two, and definitely not just one.

This last point is crucial. It’s what’s so brilliant about Google’s two-factor authentication, but the company simply hasn’t pushed the insight far enough. Two factors should be a bare minimum. Think about it: When you see a man on the street and think it might be your friend, you don’t ask for his ID. Instead, you look at a combination of signals. He has a new haircut, but does that look like his jacket? Does his voice sound the same? Is he in a place he’s likely to be? If many points don’t match, you wouldn’t believe his ID; even if the photo seemed right, you’d just assume it had been faked.

This should be the future of online identity verification. It may very well include passwords, much like the IDs in our example. But it will no longer be a password-based system, any more than our system of personal identification is based on photo IDs. The password will be just one token in a multifaceted process. Jeremy Grant of the Department of Commerce calls this an identity ecosystem.

What about biometrics? After watching lots of movies, many of us would like to think that a fingerprint reader or iris scanner could be what passwords used to be: a single-factor solution, an instant verification. But they both have two inherent problems. First, the infrastructure to support them doesn’t exist, a chicken-or-egg issue that almost always spells death for a new technology because fingerprint readers and iris scanners are expensive and buggy, no one uses them, and because no one uses them, they never become cheaper or better.

The second, bigger problem is also the Achilles’ heel of any one-factor system: A fingerprint or iris scan is a single piece of data, and single pieces of data will be stolen. A software engineer on Google’s security team points out that pass codes and keys can be replaced, but biometrics is forever. While iris scans look groovy in the movies, in the age of high-definition photography, using your face or your eye or even your fingerprint as one-stop verification just means that anyone who can copy it can also get in.

Does that sound far-fetched? It’s not. Kevin Mitnick, the fabled social engineer who spent five years in prison for his hacking heroics, now runs his own security company, which gets paid to break into systems and then tell the owners how it was done. In one recent exploit, the client was using voice authentication. To get in, you had to recite a series of randomly generated numbers, and both the sequence and the speaker’s voice had to match. Mitnick called his client and recorded their conversation, tricking him into using the numbers zero through nine in conversation. He then split up the audio, played the numbers back in the right sequence, and—presto.

None of this is to say that biometrics won’t play a crucial role in future security systems. Devices might require a biometric confirmation just to use them. Android phones can already pull this off, and given Apple’s recent purchase of mobile-biometrics firm AuthenTec, it seems a safe bet that this is coming to iOS as well. Those devices will then help to identify you: Your computer or a remote website you’re trying to access will confirm a particular device. Already, then, you’ve verified something you are and something you have. But if you’re logging in to your bank account from an entirely unlikely place—say, Lagos, Nigeria—then you may have to go through a few more steps. Maybe you’ll have to speak a phrase into the microphone and match your voiceprint. Maybe your phone’s camera snaps a picture of your face and sends it to three friends, one of whom has to confirm your identity before you can proceed.

In many ways, our data providers will learn to think somewhat like credit card companies do today: monitoring patterns to flag anomalies, and then shutting down activity if it seems like fraud. A lot of what you’ll see is that sort of risk analytics. Providers will be able to see where you’re logging in from, what kind of operating system you’re using.

Google is already pushing in this direction, going beyond two-factor to examine each login and see how it relates to the previous one in terms of location, device, and other signals the company won’t disclose. If it sees something aberrant, it will force a user to answer questions about the account. If you can’t pass those questions, it sends you a notification and tells you to change your password; because you’ve been owned.

The other thing that’s clear about our future password system is which trade-off—convenience or privacy—we’ll need to make. It’s true that a multifactor system will involve some minor sacrifices in convenience as we jump through various hoops to access our accounts. But it will involve far more significant sacrifices in privacy. The security system will need to draw upon your location and habits, perhaps even your patterns of speech or your very DNA.

We need to make that trade-off, and eventually we will. The only way forward is real identity verification to allow our movements and metrics to be tracked in all sorts of ways and to have those movements and metrics tied to our actual identity. We are not going to retreat from the cloud—to bring our photos and email back onto our hard drives. We live there now. So we need a system that makes use of what the cloud already knows: who we are and who we talk to, where we go and what we do there, what we own and what we look like, what we say and how we sound, and maybe even what we think.

That shift will involve significant investment and inconvenience, and it will likely make privacy advocates deeply wary. It sounds creepy. But the alternative is chaos and theft and yet more pleas from “friends” in London who have just been mugged. Times have changed. We’ve entrusted everything we have to a fundamentally broken system. The first step is to acknowledge that fact. The second is to fix it.

Credits: Mat Honan (senior reporter for Gizmodo)

Live With an Attitude of Gratitude

  Live With an Attitude of Gratitude


Live With an Attitude of Gratitude

I think one of the greatest obstacles we grapple with is learning how to accept what is instead of moaning and groaning about what we don’t have.  It’s like we’re sitting there one hand full of riches and the other hand open full of potential. But we don’t see it.  We’re too focused on the fact that the other hand is empty and not filled yet.  “Why is it not filled yet?” we ask.  It causes us to transform back into our 2-year-old selves, throwing punches to the air, crying out for all the things we deserve to have, but don’t. Praying about how much we need it, how much better our lives would be with it, and there we are so focused on our poor, wounded souls that we neglect the jewels that fill us, surround us and already make us whole.

If you ever need to be reminded of that, check in with your nearest and dearest furry child. Notice how they seem utterly forgetful about all the mishaps you do. Analyze how a mere treat, a pet on the head or a cuddle could make them silly with joy. See how they seem to pass up the chance to moan about their loss sibling that you had to adopt them away from or the fact that they don’t have a mate, kids or even anyone that even slightly resembles them. They just move on.

Accepting your situation can feel hard. It can be like welcoming an uninvited guest or settling for less.  But it’s not.  Learning how to accept whatever you’re going through and wherever you are is a gift.  It’s about returning to a state of vulnerability in realizing you have less control over life than you think, and that is okay.  It’s about loosening your grip over the outcome and opening your heart up to possibility instead of forced intention.  It’s about seeing your life as a large red carpet unfolding in front of you instead of a predetermined path.  It’s about releasing the rigidity of adulthood that sometimes tricks us into believing we know everything.  It’s a lesson in gratitude for what you have instead of what you still haven’t received.

It’s a muscle being flexed to exercise resiliency.  It’s a reminder that the events of your life ebbs and flows like waves. No matter what you’re going through it will not always be this way.  More importantly, it’s about relinquishing the need to know what’s next. It’s about continuing to relax and release when we feel the need to grasp on harder. It’s about giving up our ego and just letting things be…

Acceptance isn’t easy, but if we let go into the wave of difficulty rather than force our way through it, we will find the ride much easier, and almost always it will take our breath away.

Abuse of Social Media

Ikram Choudhury

Ikram Choudhury

Victim, Craig Williams

Victim, Craig Williams

Scottish teen tweets pictures of man dying after hit-and-run, He doesn’t call for help.  Scottish teen Ikram Choudhury, 17, has been widely condemned after he tweeted images of a man dying in the street after a hit-and-run accident, but failed to contact emergency services to save the man’s life.

Choudhury snapped a picture of 35-year-old Craig Williams, of Clermiston in Edinburgh, as he lay dying on the side of the road. It was just after 2AM when Williams was struck as he slept in a bus lane by a silver vehicle.

Williams, who worked for a local Marriott, had been out with friends when he fell asleep waiting for a bus. He was struck, and in the crucial minutes afterwards, Choudhury spotted him while a passenger in a passing vehicle. Choudhury snapped the pic and posted it to Twitter, commenting:  “Eeeehm WTF? Some guy just casually lying outside Ocean Terminal.”

Fellow Twitter users criticized Choudhury for leaving the man lying in the street, and the teen responded:  “What if like I went over and he like tried doing some dodgy shit to me?”  Ultimately, emergency services were called to attend to Williams, who later died of head and internal injuries at an area hospital.  It took between ten and fifteen minutes from when Choudhury’s tweet hit Twitter until assistance arrived to aid Williams.

Following the accident, Choudhury deleted his Twitter account — which he says was at the request of local police.

%d bloggers like this: