5G Telecommunications

We bit the bullet a couple of years ago and got rid of the landline for our phone and got ourselves smartphones. With them, of course, comes the ability to make phone calls (I just typed “telephone calls” but erased it…this seems more appropriate) and run applications. I have to smile because my mind hasn’t totally made the switch; I often look to where the answering machine used to sit on a shelf to see if we missed any calls.

My morning reads featured a couple of stories that got me thinking more about telecommunications. I think, like most people, I absolutely am connected at all times now and it’s just part of the life.

And that connection will get a great deal faster the next time I upgrade my phone. For the record, I hope that’s still a long way off; my phone works incredibly well. But it’s not capable of running on the fifth generation of the technology (5G) and that’s the future. Maybe it will be even more affordable when it comes time to buy.

Photo by Shiwa ID on Unsplash

Apparently, the powers that be are hard at work protecting us.

Canada to ban Huawei, ZTE 5G equipment, joining Five Eyes allies

I’m not terribly worried about someone listening to my conversations. They’re few and far between and undoubtedly the least use I have for my phone. It’s the data that connects me when I’m away from home through text messages and my social media accounts that get the lion’s share of my use. I’ll bet most people are like that. Whatever happened to telephones?

There was another serious story that I thought I had bookmarked for the purpose of this post and I can’t find it. It was about a family that was camping in Eastern Ontario and were essentially “off the grid” and so did not get the regular weather warning like so many others did. We rely on it here; just this past week, we were on the patio and saw incredibly dark skies to the south and received a warning of the storm. Also, the Detroit/Cleveland baseball game was cancelled. Looking north to where Comerica Park would be, it was clear skies. That’s usually sign of really bizarre weather. Fortunately, it passed us by. As we know now, others weren’t so fortunate. If we become used to emergency warnings, it seems to me that they should be available to everyone in the province and not just those that are close to cities.

Even that doesn’t work perfectly. We live very close to the US border and it’s not uncommon to drive along Riverside Drive or just sit in a friend’s living room and get the message “Welcome to the United States. Roaming charges apple.” A similar situation happened when the Bring IT, Together Conference was in Niagara Falls and I went looking at the Falls. It just seems to bizarre that, in a world where Google knows exactly where I am within three feet, that the telecommunications field can’t as well.

So, fifth-generation has all these promises and, if I wasn’t so cheap and didn’t run out to upgrade today, I might be enjoying the better service. Our government has promised to make it safer too.

Maybe some day it will reach here.

Protecting yourself

It happened again yesterday.

I received a message from a friend “I’ve been hacked, please don’t accept any friend invitations from me.” I don’t blindly accept invitations to connect anyway; I typically check them out to make sure that they are legit and will be worthwhile connecting with. High on my list are people who share their learning.

This was a typical case of a new account set up with no content shared and, sadly, a bunch of people who had accepted the invitation. I’m not a genius by any stretch of the imagination but even I could smell that something wasn’t right.

A nice discussion about “How to Hack” can be found here. Hacking used to be a noble? venture where someone sits down and finds flaws in the logic in the computer. These days, the flaws are typically those who operate the keyboard.

Passwords and I go back a long, long way. I recall getting my first password at university along with the advice to treat it as gold. Usually, the default password was your student number and you were encouraged to change it immediately. An update at some point forced you to change it upon first login to the system. There was one system, I recall, that you couldn’t change your password yourself but you had to book time with a system administrator to do the deed.

The first computers in school had probably the best security ever. Nothing was stored on the computer but rather on a cassette or a floppy disk that you kept with you. Someone would actually have to access to your gym bag or back pack to hack you.

Photo by Florian Olivo on Unsplash

The first central server that appeared in my classroom was the Unisys Icon system. There was a central server and a hard drive to store everyone’s work. Your account was secured by a login/password. But, kids are kids and it wasn’t uncommon for them to glance at the person next to them to watch them type their password and gain access that way. I also remember some pretty smart programmers who wrote a program that emulated the login screen, captured the details, and redirected it to a file in their own directory. At one time, they grabbed the administrator’s password which gave open access to the system and the master password file was straight forward ASCII which gave them access to everything. Gasp.

These days, your personal computer is probably set up with your own login/password and then you’re connected to the internet where public services are secured by login and password. That’s where it gets serious. It may not be family members or students in a school but anyone anywhere on the internet that you need to be wary of.

Right now, I know about a couple of passwords and the rest are stored away in a password manager. Today’s browsers typically have that function built-in or you can add a third party manager that encrypts and stores passwords on the web somewhere for you.

Everyone seems to have advice about how to create secure passwords – here’s Microsoft’s recommendation. Sitting down and actually creating such a password isn’t an easy thing! A good password manager can help with that task.

A list of available password managers can be accessed here.

That’s a great place to start but there’s another step that will make things even more secure and that’s two factor authentication. There are a number of different ways to implement this and it boils down to a second step beyond just a login and password. That’s pretty much the most secure thing for home users these days. It’s kind of a pain to set up and use but you have the comfort of knowing that as long as you have that second piece of information with you, someone else doesn’t.

In all cases, the same old good advice still applies. Change your password frequently – sometimes the bad guys get it from other places and you’re out of the loop.

And, if your computer is in a public place, having your login and password on a post-it note stuck to the screen is never a good idea.

Forcing security

I’ve been a big fan of a couple of extension from the Electronic Frontier Foundation for a long time.

What I particularly like about both of these extensions is that you just install them and basically forget them. They continue to do what they’re supposed to do.

HTTPS Everywhere, I think, is a pretty important concept. The web can serve up pages with HTTP or HTTPS protocols. It’s the HTTPS that you really want since it forces the sites that you’re visiting to send you information securely. Details can be found here.

I’ve actually wondered if HTTPS Everywhere is even needed anymore. Most modern browsers have that ability built-in. I’m using Opera as I type this and the setting is:

Even if people aren’t using the extension, hopefully that switch is toggled on in their browser settings.

While poking around, plans are in place for the extension to be retired. It’s a signal of the success of the initial concept that other browsers have implemented the features. You can read all about it and how to set up things in your browser here.

I was surprised, this morning, while reading this article that the extension was one of the ones recommended for installation if you’re using the Edge browser. After all, if you’ve ever gone into the configuration for Edge, you’ll see that there’s all kinds of settings for security. But, I couldn’t find one specifically devoted to HTTPS. Hopefully, it’s rolled into one of the other security settings.

It’s definitely a feature that you want turned on in the browser and used through the extension.

You can’t be too safe.

When it’s on the other foot

I’ve been a fan and use two-factor authentication (2FA) whenever possible. If you’re new to the concept, it’s a feature that, when you log in with a new computer or a new browser or something, you enter your login and password and then the service wants a second way to prove that you are who you say you are.

For me, I’ve always opted for the service to send me a text message containing a code which I then put into the browser and the service is then happy to let me in. Another technique that is handy is the Google and/or Microsoft Authenticator app. There probably are others.

I like the sense of privacy and security that it brings to my account.

Over the Christmas weekend, I got a little nervy and tried a Beta feature on one of the browsers on my phone. It seemed to be kind of neat and appeared to work well and do what it says it does. I also have my phone reboot itself first thing in the morning just to keep it fresh and as fast as it can be.

Only, this time when it rebooted, the phone went into an endless cycle of rebooting itself. It would only get so far in the booting process and then give up and reboot. Uh oh.

I grabbed my computer and sure enough, I wasn’t the only person who had ever had this problem so I followed the steps and managed to get it to boot into Safe Mode. That seemed like a good thing. After poking around, the phone suggested that I should reboot to get back to normal and the rebooting restarted. Another launch into Safe Mode and out returned me to the rebooting so I went back to the article and the suggestion was to restore the phone back to factory settings.

All in all, it’s not a bad idea. I don’t know about you but I tend to accumulate stuff on my devices and periodically go on a cleaning binge. This seems to do it all in one shot. And, it did. I couldn’t believe how quickly the restored device booted and was waiting to do stuff for me.

As I logged in, I knew that I was in trouble.

The first block came with Google. It wanted me to verify it with 2FA. If you own an Android phone, you know how it’s kind of important to be able to get to your Google account. I suspect it’s the same way with an Apple device. I’ve been trained for this moment. I just get a text message and then … Wait!

The text message would go to the phone which I was restoring. You’ve got to be able to log in to get it. I did have another old phone handy that I could maybe switch the phone card into but I was in enough trouble to begin with and didn’t want to make it worse.

Fortunately, Google anticipated actions like what I had done and there were “other” ways to prove that it was you. That’s good; the bad part was that a lot of them required a working phone. There was one option to use the Authenticator app. A quick download and I had it on the old phone and it started generating numbers, none of which would work on my mid-boot phone.

Now, I was starting to get a little worried and did some mental math and figured that I might be in line for a phone upgrade anyway. There was one more intriguing option.

It’s available in many sites that use 2FA and that was to use one of the backup codes that I got when I registered. Pfffft. Like I kept those. On a whim, I went to my PC and did some searching to find out how to find these codes. It was actually pretty quick, easy, and straight forward. It’s all described here.

It worked well for Google and then my next step was to reload the applications that I’d lost and reauthenticate. The process was actually fairly quick and simple, if not tedious.

My big takeaway here was to RTFM and not just enough of the manual to get through the first step! I definitely had used the 2FA for browsers but it never dawned on me that I’d end up going the other way on this.

Spamming and scamming

If you’re of a certain age (like I am), you’ll remember a black phone on the wall or on a table with a rotary dial for calling out. The “ring tone” was a bell that went off when someone called. Some of you may even remember the party line concept where two or more households shared the same phone line and a different ring patterns was assigned per household.

In my house, it was the one thing that interrupted everything. Dinner, playing cards, watching television, etc. – when that phone rang you stopped whatever you were doing and answered the phone.

Photo by Compare Fibre on Unsplash

At university, there were four of us living in an apartment and we had one phone line for us. Whoever was closest would answer it and hand the receiver to whoever the call was intended for. It was there that I had my first experience with spamming/scamming phone calls. It used to start with “Hello Mr. Peterson, how are you today?”. Well, nobody calls me that so it was a dead giveaway, much less care about my well-being. My response was just to hang up. One of my roommates was less polite and had an air horn next to the phone and would give the caller a blast. Don’t mess with engineering majors; they have access to a bunch of things that they would use for good purposes.

The other day, I was sitting in an office waiting and the radio station was turned to CKLW Talk Radio and the talk was about how to handle these types of call these days. I was actually quite surprised that the callers that made it to the air shared their stories of engaging with the caller for long periods of time doing bizarre things. It was entertaining but certainly not what I do.

Long gone is the rotary phone and, around here, we have smartphones and they show the number that is calling. If it’s in your address book, it even pops up with the name of the caller to make identification easy. Either Google, Samsung, or Virgin has even gone so far as to give the message “Suspected Spam” to some calls.

I’m never in a hurry to answer the phone unless I’m waiting for a call. My first superintendent did a PD session once about the importance of your time. We had caller id on the phones and access to a voicemail system and his advice was to let calls go to voice mail and then schedule a block of time to go through and return calls as an efficient use of our time. The only exception was if the caller was family or him! It’s a habit that I continue to this day so if you’re calling, expect to leave a message. Or better yet, just text me.

This long winded intro takes me to an article that I read today.

‘Lost package’ scam targeting residents in Mississauga and Brampton

Regular readers know that periodically I look at the spam log on the blog and have fun with some of the nonsense that gets dropped off. I just checked and there are 277 messages there since I last emptied it on the weekend. Time for another post?

Those types of messages are easy to ignore since they get caught in the spam filter and I have to actually make an effort to go and take a look.

Text messages are a different breed. Yes, there is a section where Google, Samsung, or Virgin recognizes that some messages are potentially harmful and tuck them away in an area called “Spam and Blocked”. Others just sit out in the open among the other legitimate text messages that I’ve received. The one thing that always stands out to me is that they always contain a link that would take me to somewhere on the internet if I clicked it.

I understand how I might get the messages on this blog since it’s publically available on the web. I’d like to think that my smartphone would be a bit more difficult to track down since I’m more careful about who I give the number to. But, the computer science teacher in me know that it would be relatively simple to write a program to generate millions of phone numbers sequentially and then program a device to go through that list and see if it’s valid. Valid would be if someone answer the phone or followed the link.

The advice in the article is good for everyone. At times, it makes you realize how good we had it with our rotary phones when the scammer would ask you to press “1” on the phone for further information.