Book review: Drinking Games by Sarah Levy

My stepson died last year of throat cancer, brought on by years of alcohol and tobacco abuse. I say this because I thought this was going to be a hard book to read — part memoir, part 12-step navigational handbook, part Big Thoughts. That doesn’t sound like I liked the book, but I did, and thought Levy spoke to me about my stepson and his various demons that he fought and lost. She fought and has won, but it was a hard fight, filled with many missteps and disastrous mistakes.
Alcohol abuse isn’t pretty. Those of us who have been touched by it can’t really understand why it happens to the people we love, and our feeble attempts at trying to help are often doomed from the start. Levy’s book shows how she had the strength of character to fight back — and while she had many years of dismal failures, eventually she figured out a plan. It may not be the plan that you can get behind, but like I said, the navigational aspects of this book are useful guideposts. Even if you are lucky not to have someone you know with these circumstances, I think you will find this book interesting, engaging, and at times pretty darn funny. Highly recommended.

Book review: Sam by Allegra Goodman

Sam: A Novel by [Allegra Goodman]In this novel by Allegra Goodman, we follow the life of Sam during 15 or so years of her young life as she grows up in a dysfunctional family with a special-needs younger brother and her single mother who is trying to make ends meet working two low-end jobs. Sam is a talented rock climber: the story takes place on Boston’s North Shore and we see her grow into some prowess as she develops her climbing abilities and strength. Sam is an interesting character: nothing comes without a lot of pain and hard work, which makes her accomplishments all that more satisfying, both to her and to the reader. The family dynamics: the kids have two different but deadbeat dads that come in and out of the narrative. I really enjoyed the plot, characters, and situations as Sam grows up, finds love and adventure. Highly recommended.

Do you need a disposable email address

How many times a day are you asked to provide your email address for something that just generates more inbox junk and adds you to some marketer’s list? If you are getting tired of these email come-ons, you need a disposable email address. The idea is simple: instead of providing your “real” email, you create something that will still forward messages, but gives you some control over how these messages appear in your inbox.

Now, you could use the email filtering feature of your mail software to prevent these messages from ever darkening your inbox, but a more elegant way is to make use of one of the “disposal email service providers” (as I call them) to help you out. The way these providers work is that you set up an account on their service, and start using a special alias to flag the origin of the mail.Before you dive into this product category, realize that there are dozens of semi-shady providers, such as Emailondeck or These have lots of limitations, such as only offering a single alias with very short forwarding lifetimes (such as an hour, which renders them useless for newsletter subscriptions), or don’t allow you to create your own alias, or have paid accounts that only accept BTC. The ideal provider allows you to set up your own alias and keeps the mail flowing as long as the company is in business. Also, some providers don’t protect any replies to the forwarded email, so your real underlying address is now available.

Here are three providers you should check out: DuckDuckGo’s,, and All three are available for free (and the latter two also offer paid plans) and work reasonably well. My favorite is 33Mail, which I have been an avid user of their free account for many years now and have set up dozens of aliases. The setup process is nothing: you just start using “” and the service takes care of getting the message forwarded to your real email. The forever free version has unlimited aliases, which is handy because it shows you the alias used at the top of your message, in case you want to send all inbound mail using that alias to the bit bucket. You can sign into the web portal of your account and view the transaction log shown here as well as the status of the various aliases that have been used to forward mail to you, and those emails that you have blocked. The free account does come with bandwidth limits, which I have never come close to reaching. There are several pricing tiers that remove this along with other restrictions and support other customizable settings.

DuckDuckGo takes a somewhat different tack from 33Mail — they do their work inside a browser extension and they support a wide range of them, including Brave, Chrome and Edge. You’ll need that extension to manage the various configuration features. If you are already using DDG as your search engine or for its other privacy-enhanced tools, then it is worth checking this tool out. Here is a list of its features and FAQs. One downside of DDG is that it doesn’t use aliases, which means you have to filter messages on your own.

Finally, there is Yahoo. Remember them? Remember both of their massive data breaches back in the day? Well, it has been years since I used them for anything other than a spam collector, and the free version immediately begins placing ads in the form of a rolling series of messages at the top of your inbox. (You can remove these if you upgrade to a paid plan.) You can setup three aliases (what Yahoo calls “keywords”) on your account, using this menu shown here. It isn’t as convenient as 33Mail, and of course you need a Yahoo email address for this to work.

Keeping up with Covid misinformation policies

About a month ago, Twitter removed its policies blocking Covid misinformation. This has led to the spread of various flights of fancy, many of which are dangerous if taken seriously. We all know why this was done and by whom. I have written about this topic before in 2020 in this blog post that I urge you to review. Sadly, the situation has gotten worse.

Today in the NYTimes is an article about how misinformation continues to spread across social media. This prompted me to examine the Covid policies of various social media platforms. Let’s take a look at them.

Interestingly, Facebook has the most specific policy set here, running to more than 4,000 words. They address specific false claims (I won’t repeat them here but it is a depressingly long list) and how the content can create potential harm to its users in the real world. The aim is to “reduce the distribution of content that does not violate our policies but may present misleading or sensationalized information about vaccines in a way that would be likely to discourage vaccinations.” That is an important point. One thing that I didn’t like was the way the policies were presented, with web links to other policies (such as bullying and hate speech) that are relevant but making it hard to track and digest.

YouTube has its policies here. Not quite 1500 words, it still goes into specific details about what content isn’t allowed. Again, I am not going into any details but some of this stuff — as with Facebook’s recitation — is just bonkers. Also in the policy is a description of the consequences if you do post this content. That is perhaps the most useful element: three strikes within 90 days and your channel is “terminated.” None of the other platforms have this spelled out.

TikTok has the least helpful information here. Their community guidelines pages has no mention of Covid, and this link (which is really more of a press release) is short on specifics.

Whether or not you agree with how and what the social platforms should do about Covid misinformation, the fact remains that vaccines — especially the Covid ones — save lives, and have lessened the impact of those who have gotten the virus. And spreading false claims about what can protect you from disease is just another way for things to “go viral,” sad to say.

A10 Networks blog: How to Defeat Emotet Malware

One of the longest-running and more lethal malware strains has once again returned on the scene. Called Emotet, it started out as a simple banking Trojan when it was created in 2014 by a hacking group that goes by various names, including TA542, Mealybug and MummySpider. Emotet malware is back in the headlines and continues to be one of the most significant threats facing companies today. In this review for A10 Networks, I describe what it is and how it works and how to defend against it using a combination of network and security tools.

Emotet Malware Timeline

Avast blog: A Bruce Schneier reader

Bruce Schneier’s work has withstood the test of time and is still relevant today.

If you’re looking for recommendations for infosec books to give to a colleague – or even to catch up on some holiday reading of your own – here’s a suggestion: Take a closer look at the oeuvre of Bruce Schneier, a cryptographer and privacy specialist who has been writing about the topic for more than 30 years and has his own blog that publishes interesting links to security-related events, strategies and failures that you should follow. In my blog post for Avast today, I review some of his books.

Book review: A Small Affair by Flora Collins

This was a difficult novel for me to get into for some reason. You don’t really know the four central women that are part of a very toxic and twisted relationship: Two are sisters, both interested at different times in the same man, one of whom she marries and is about to have her second child with when they are both found early on in the book dead in their house. The other two women are friends of the sisters at varying times over the course of ten years. One of them was the murdered husband’s lover shortly before his death, and is eviscerated by the press over that relationship. It took me several tries to get past the first couple of chapters before I could interested in the book, and then the plot thickens. We find out what happened the night of the murder, how the four were introduced, how their lives took various turns and how this novel is really the poster child for bad friendships and relationships. The venality of the women involved is breathtaking and fascinating — it is like watching a huge traffic pile-up on a snowy freeway — but the setting in the modern social media era where oversharing your life can lead to disasterous consequences rings quite true.


Avast blog: An update on international data privacy protection

The 38 member countries of the Organization for Economic Cooperation and Development (OECD) have recently adopted a new international agreement regulating government access to its citizens’ private data. The OECD draws on its membership from countries on several continents, including the US, Israel, Japan, Chile, the Czech Republic, and the UK. The document was released with the rather ungainly title of the “Declaration on Government Access to Personal Data Held by Private Sector Entities.”

There are seven common principles that were adopted, all in the interest of serving to the free flow of data across country borders and promoting trust between citizens and their governments.

You can read more on my post for Avast’s blog today.

Bitcoin for banks takes hold

CBD is not what you think it is. I know many of us think that CBD has something to do with drugs, but another version of the abbreviation has to do with central bank digital currencies or CBDC to be more accurate. As the legal spectacle of  Sam Bankman-Fried of FTX unwinds in various courts, it might be time to focus our attention on CBDC and how the world’s banks are moving quickly into this legal type of cryptocurrency — call it bitcoin for banks if I want to be cute about it.

The idea is taking hold around the world. The Atlantic Council keeps track of these projects and to date 11 countries have active CBDC programs, mostly in the Caribbean plus Jamaica, Bahamas, and Nigeria. Yes, that Nigerian prince wants your bitcoins! How ironic can that be? Another 17 countries are engaged in pilot projects, most notably in China (which intends to expand its pilot from 230M people to cover the remainder of its population in 2023) and other parts of Asia along with several in the Middle East, including Saudi Arabia, UAE and Iran. And Australia, Thailand, Brazil, India, South Korea and Russia intend to continue or begin pilot CBDC testing in 2023.

CDBC has a lot of different reasons for this growth spurt.

  • First off, banks want to be a safer source of crypto. Certainly, a central bank moves slowly because they have to. But there is a lot of appeal and they want to be involved.
  • They also want to promote financial inclusion by providing easy and safer access to money for their unbanked and underbanked populations. Governments and central banks realized they needed a faster way to get money in people’s hands.
  • They can introduce competition and resilience in the domestic payments market, which might need incentives to provide cheaper and better access to money. This is not a new idea: net-based payments have been around since the 1990s. But the central banks could help make payments more efficient and also lower transaction costs.
  • CBDC also can help create a new category of programmable money, through smart contracts and other new payment automation methods.
  • The banks see an opportunity to improve transparency in money flows and make these flows more seamless.
  • The open source community has responded. MIT is spearheading an “Open CBDC” effort that has the US Fed’s interest.
  • Finally, the banks need to have better ways to transfer funds internationally. A cross-country CBDC system could be the solution, avoiding any need for the SWIFT system. The Ukraine war has also motivated banks to get on board with better international tracking methods that a cryptocurrency could provide.

CBDC isn’t for every country: there have been two cancelled projects so far — in Senegal and Ecuador — but that is to be expected.

“A CBDC could be an opportunity for a ground-up redesign of our legacy payment systems, offering a chance to reimagine market roles and incentives and to solve foundational problems in our financial system,” as the OpenCDBC project writes in their FAQ. The trick is navigating the numerous challenges around protecting user and payment data, understanding the resulting impacts to financial stability, and to properly leverage the current innovation in the private crypto sector. Certainly, that is a lot to consider.

Avast blog: DoD supply chain lessons learned

A July 2022 survey of 300 U.S. Department of Defense (DoD) IT contractors shows a woeful lack of information security in the majority of situations. These contractors are part of the DoD’s supply chain that, in typical government speak, is labeled the Defense Industrial Base (DIB). The report should be a warning even for those technology contractors that don’t do any DoD work, as I explain in my latest blog for Avast.