Documenting online antivax misinformation

Posted on by
2

Whatever your position on childhood vaccinations, a new report provides very solid documentation of the role played by various antivax pressure groups to sway public opinion using a variety of online social media platforms. The report is a joint effort of two non-profit organizations, the Sabin Vaccine Institute and the Aspen Institute. I haven’t read the entire report, “Meeting the Challenge of Vaccination Hesitancy,” (a copy linked to at the end of this post) but want to focus on its last chapter, a paper written by Renée DiResta and Claire Wardle. DiResta is a cybersecurity researcher at Stanford, Wardle is a TED fellow and US director of First Draft. Their paper examines the changing policies of Facebook, Instagram, Twitter and other online platforms towards the antivax movement.

There is no doubt that this movement has created a global health crisis, even before Covid appeared. Doubts about polio and measles vaccines have created new outbreaks of this disease in places such as Brooklyn, Samoa and Italy, among other places. Both of these diseases were considered cured just a few years ago and rarely seen anywhere. That all has changed as a result of increasing opposition to vaccinating children.

Part of the problem is the asymmetric relationship between pro- and antivax groups: the provax folks use mostly medical literature and poorly designed public health websites; the antivax folks use well-thought out videos, catchy Internet memes and powerful personal anecdotes to make their points. Having just a few global social media platforms means the antivaxxers can spread their message more easily too. The antivaxxers also give the impression that they are the sole trusted source of information about vaccines, which isn’t helped by the several missteps over Covid over the past few months from the CDC and WHO. It also helps that several celebrities have been pushing the antivax message, which gets further amplified by mainstream media.

The authors wrote: “To counter online misinformation, we must understand how the rumors, conspiracy theories, and misleading content that we see in digital spaces intersects with existing barriers to vaccination in different countries.” The researchers took screenshots of how people searched for vaccine information in different countries and compared those results with the official policies of the social media platforms. Not surprisingly, things didn’t line up. There are “real concerns which still exist about whether these promised changes to vaccine-related policies are having the desired effect.” For example, a search for the term “vaccines” on Instagram in February 2020  produced top results that were disproportionately pushing antivax positions, even though Instagram instituted changes to reduce this misinformation almost a year earlier.

“Anti-vaccination activists have gained a deep understanding of how to communicate
effectively on social platforms and have developed techniques to take advantage of their unique characteristics, such as groups, ads, and trending topics,” they wrote. That is a depressing situation.

Another problem is that the state health departments are largely in charge of vaccination programs, and the antivaxxers are very organized at the state level to pressure their legislators to enact laws supporting their point of view. “The ability of the pro-vaccine community to tell a more compelling story more persuasively and to spread its evidence-based message to broader audiences online is an imperative for public health,” conclude the researchers.

https://www.sabin.org/sites/sabin.org/files/sabin-aspen-report-2020_meeting_the_challenge_of_vaccine_hesitancy.pdf

Network Solutions blog: How to sell your spare IP address block

Posted on by
Reply

For the past 27 years, I have owned a class C or /16 block of IPv4 addresses. I don’t recall what prompted me back then to apply for my block: I didn’t really have any way to run a network online, and the Internet was just catching on at the time. The transaction took moments with the exchange of a couple of emails, and there was no cost to obtain the block. 

Earlier this year I was reminded that I still owned this block and that I could sell it and make some quick cash. What was interesting is that in all the years I had the block I had never really used it for anything. I had never set up any computers using any of the 256 IP addresses associated with it. In used car terms, it was in mint condition. Virgin cyberspace territory. So began my journey into the used marketplace that began just before the start of the new year. I document some of this journey in a blog post for Network Solutions. I tell the story about what I learned and what I would do differently knowing what I know now. You can see that block transfers have become a thing from this graph.

I also wrote an eBook for them based on this experience if you want to learn more about the address block aftermarket. And in this more personal post,Beware that it isn’t easy or quick money by any means. It will take a lot of work and a lot of your time.

Red Cross blog: A life-long learner, profile of Stan Brasch

Posted on by
Reply

What makes any of us become an American Red Cross volunteer? Does it happen because of a change in our life circumstances, or because of a particular crisis or other event?

Stan Brasch recalls the moment it began for him: it was about three years ago when he retired from federal government service. He had returned to St. Louis after many years in Kansas City where he served with the Kansas National Guard and later the U.S. Army Reserves for a total of over 30 years.

“I wanted to help with the disaster recovery efforts,” he said. Brasch had already had extensive training for the U.S. Department of Transportation in delivering their own rapid response to emergencies.

You can read more about Stan on the Red Cross blog here.

Measuring your Covid KPIs

Posted on by
4

A friend of mine has been noting several of her family’s key performance indicators (KPIs) during the Covid Times. Things like how many minutes her family collectively naps and exercises each day, or the number of days they have cooked dinner together (vs. getting takeout) or total episodes of Tiger King they have watched. At first I thought it was very cute and clever but now I think this idea is worth a closer look. After months under lockdown, we all need some solid data to measure how we are holding up under the strain. And you all know how much of a data nerd I am.

This week the NY Times published its own instructive “pandemic rules”. The piece included accounting for the number of close contacts, managing your exposure “budget” and keeping higher-risk activities as short as possible. All are worthy goals.

Here are a few more of the ones that I have discovered from my wife and I being under lockdown.

  1. Number of bottles of wines remaining before resupply. Early on in the Covid period, we didn’t venture out for anything. I wanted to order at my favorite wine shop and pickup at the curb. Their website was terrible and it took forever to find things that would have taken me about 15 minutes if I was shopping at the physical store. Thankfully we aren’t big drinkers but we will eventually have to restock.
  2. Rolls of toilet paper remaining on hand. No more needs to be said of this.
  3. Instacart fulfillment wait times. When we began in March, we already were big users of Instacart for grocery delivery. Orders which were usually filled within hours of completing the carts suddenly took days or even a week as newbies jumped on board this system. Thankfully they have gotten things back under control and now are back to a few hours to fill.
  4. Teenage eye rolls per day. Thankfully we are empty nesters, otherwise the first metric might have to be adjusted. But hearing from parents of teens who are sheltered together more has been interesting. Some teens are finding out what mom and dad actually “do” during the work day instructive, and perhaps are more sympathetic when sharing the communal “office.”
  5. Number of Zoom minutes consumed by non-work activities. As Zoom has become the de facto connective and social tissue of our lives, its use varies depending on our social needs.
  6. Steps. We have always tracked our daily step count, but finding places to walk where you aren’t dodging folks can be tricky.
  7. Proportion of non-masked people encountered. Across our region this varies by place, time of day and other factors. Hard to have any hard and fast rules here. But we both are using them as much as possible when we are out.

If you have suggestions on other metrics to determine progress, do share in the comments.

FIR B2B podcast episode #138: Keeping it real

Posted on by
Reply

COVID has given new meaning to the value of authenticity. Paul Gillin and I riff on a few examples:

Marketing Week speaks to Salesforce.com’s CMO and what B2B can learn from B2C marketing. One thing is to keep it personal by forgetting about stock photos and telling personal stories. This helps to build trust and deliver better customer relationships. Of course, it helps to have a charismatic and opinionated CEO like Marc Benioff around to inspire the team.

Sprout Social’s Alicia Johnston writes about how to inspire action with your LinkedIn presence. Rather than making your vendor page a promotional smarmy read, take the time to be more aspirational and educational. This can help provide insights and make connections with your community. The piece also discusses ways to experiment to find your best corporate voice and how to time your posts for maximum impact.

Social media influencers are raking in the big bucks, and we think it’s because they build, rather than buy their audiences. But marketers and influencers alike need to keep in mind that paid relationships need to be disclosed, and penalties for failing to do so will grow along with paychecks. But we like this more toward promotion through authentic channels.

Our IT journalist colleague Sally Grotta writes that personal interruptions that once would have been inappropriate are now not just accepted as part of the online conference experience. The interruptions by kids, animals and delivery people make our interactions less formal and more real. Musicians have led the way, with many famous performers inviting us into their living rooms for concerts that seem so much more intimate than when given in a performance hall.

You can listen to our podcast here.

The evolution of the network protocol sniffer

Posted on by
5

Last month I caught this news item about Microsoft building in a new command-line feature that is commonly called a network protocol sniffer. It is now freely available in Windows 10 and the post documents how to use it. Let’s talk about the evolution of the sniffer and how we come to this present-day development.

If we turn back the clock to the middle 1980s, there was a company called Network General that made the first Sniffer Network Analyzer. The company was founded by Len Shustek and Harry Saal. It went through a series of corporate acquisitions, spin outs and now its IP is owned by NetScout Systems.

The Sniffer was the first machine you could put on a network and trace what packets were being transmitted. It was a custom-built luggable PC that was typical of the “portable” PCs of that era — it weighed about 30 pounds and had a tiny screen by today’s standards. It cost more than $10,000 to purchase, but then you needed to be trained how to use it. You would connect the Sniffer to your network, record the traffic into its hard drives, and then spend hours figuring out what was going on across your network. (Here is a typical information-dense display.) Decoding all the protocols and tracking down the individual endpoints and what they were doing was part art, part science, and a great deal of learning about the various different layers of the network and understanding how applications worked. Many times Sniffer analysts would find bugs in these applications, or in implementations of particular protocols, or fix thorny network configuration issues.

My first brush with the Sniffer was in 1988 when I was an editor at PC Week (now eWeek). Barry Gerber and I were working on one of the first “network topology shootouts” where we pit a network of PCs running on three different wiring schemes against each other. In addition to Ethernet there was also Token Ring (an IBM standard) and Arcnet. We took over one of the networked classrooms at UCLA during spring break and hooked everything up to a Novell network file server that ran the tests. We needed a Sniffer because we had to ensure that we were doing the tests properly and make sure it was a fair contest.

Ethernet ended up wining the shootout, but we did find implementation bugs in the Novell Token Ring drivers. Eventually Ethernet became ubiquitous and today you use it every time you bring up a Wifi connection on your laptop or phone.

Since the early Sniffer days, protocol analysis has moved into the open source realm and WireShark is now the standard application software tool used. It doesn’t require a great deal of training, although you still need to know your seven layer network protocol model. I have used Sniffers on several occasions doing product reviews, and one time helped to debug a particularly thorny network problem for an office of the American Red Cross. We tracked the problem to a faulty network card in one user’s PC which was just flaky enough to operate correctly most of the time.

Today, sniffers can be found in a number of hacking tools, as this article in ComputerWorld documents. And now inside of WIndows 10 itself. How about that?

I asked Saal what he thought about the Microsoft Windows sniffer feature. “It is now almost 35 years since its creation. Seeing that some similar functionality is now hard wired into the guts of Windows 10 is amusing. Microsoft makes a first class Windows GUI tool, NetMon, available for free and of course there is WireShark. Why Microsoft would invest design, programming and test resources into creating a text-based command line tool is beyond me. What unfilled need does it satisfy? Regardless, more is better, so I say good luck to Redmond and the future of Windows.”

Avast blog: Why is eBay port scanning my PC?

Posted on by
Reply

Every week brings more security news and this week is  about an interesting piece of Javascript that can run in your browser if you happen to use eBay under a particular set of circumstances. The code can scan your computer and send information back to a security vendor, which could be used to track your movements across the Internet.

You can read my column for the Avast blog where I explain what is port scanning, what information is being collected, why an eBay contractor is doing it — supposedly to reduce fraud — and how security researchers figured out what was going on.

A brief history of lightbulb manufacturing

Posted on by
5

Given that we are all at home, I was thinking the other day of some of my favorite museums that I have visited during better times. As long-time readers might remember, I am a big fan of the Henry Ford Museum outside of Detroit. I was reminded of all the treasures in their collection when the news broke this week that GE was finally selling off its light bulb division to  Savant, a smart home company. GE had this division for more than a century, and it had been losing money on it for several years.

The light bulb is an iconic product for the company that was founded by Thomas Edison. But the real innovation happened not when Edison came up with the initial invention, but about improvements to how they were made. Back in the 1880s, glassblowers were able to create a bulb every 30 seconds if they got good at doing them. Moving forward thirty years, engineers had developed machines that could produce perhaps ten or twenty bulbs a minute. But that wasn’t fast enough, particularly as electrification was growing quickly.

It took a master glassblower working with a mechanical engineer from Corning to come up with a truly novel idea. A heated ribbon of glass went through a machine that could stamp out hundreds of bulbs per minute. The resulting equipment literally replaced entire factories, and this is what is on display at the Ford Museum. (Parts of Edison’s Menlo Park lab are also on display there too.) Of course, this machine also put legions of glassblowers out of work.

A GE engineer would go on to invent the LED bulb in the 1960s, which was the eventual undoing of incandescent bulbs. Actually, there were LEDs before this time, but they only output infrared light. This invention figured out how to output visible light, and sixty years later we have LED bulbs that can output thousands of colors controlled from our smartphones, from Phillips and Savant, the company that acquired the GE lighting assets.

Check out some of these innovative LED designs that I came across online. And if you ever get the opportunity to visit the museum, you will find it a delight and well worth your time.

Avast blog: The latest security trends from Verizon’s annual breach report

Posted on by
Reply

Today Verizon published the latest 2020 Data Breach Investigations Report (DBIR). What sets the DBIR apart is that it combines breach data from multiple sources using the common industry collection, VERIS, a third-party repository where threat data is uploaded and made anonymous. This gives the report a solid authoritative voice, which is one reason why it’s frequently quoted by the security community. Report citations also come from vendor telemetry sources, so it is also a bit self-referential.

I look at overall SMB and ransomware trends, along with the declining popularity of malware in favor of more web app exploits. You can read more about these trends in my blog for Avast.

RSA blog: Do you know where your firewalls are located?

Posted on by
Reply

When I was growing up, the evening news (on one of the five total broadcast channels we could watch) would start with the tag line, “It’s ten o’clock, do you know where you children are?” I know, seems so quaint now, especially since many of us haven’t left home in weeks. But the modern equivalent might be, “It’s whatever o’clock. Do you know where your firewalls are?” This is not a rhetorical question and answering it will give you some insight into how your network infrastructure is governed (or not, as the case might be), and what actionable items you’ll need to fix that pronto.

I wrote in last month’s blog as more of us work from home (WFH) we have to go back to basics. One of those basics is in understanding our network topology and where those firewalls are located. A recent informal Twitter survey by researcher Kate Brew showed that less than half of infosec managers don’t even know the basics of their network configurations. They couldn’t even figure out the raw number of firewalls in their network. That is a depressing thought. Now, granted this isn’t a Gallup-level definitive answer, but still probably undercounts the observed on-the-ground truth.

Why is this a big deal? Mainly because our networks are evolving rapidly. Take the situation of new data flows as we have higher proportions of remote users. Or the situation where smartphones are being brought into healthcare facilities and used in different ways by health workers to communicate with patient families. Given that many infosec managers are juggling numerous crises to keep their business networks running, this very basic fact needs quick attention.

It is important now because the bad guys are already sharpened their phishing lures: numerous vendors (and the FBI) report that Covid-related phishing attacks are on the rise. You have to up your game, before someone finds a wormhole and makes off with your most precious data.

But let’s just take this a step further. It isn’t just the number or location of our firewalls, but also what happens to them. Let’s posit that you have put in place a series of “emergency” exceptions to your well-crafted rule set. (Ahem, do you really want to go there?) You did this as a response to fix your network traffic flows to handle the rise in WFH’ers. Great. But let’s move into the future a few years when these exceptions have remained in place, long forgotten and leaving not just a wormhole but the broad side of a barn for your drive-by attack.

This points out that now is the time to get our risk and data governance act together. If we are going to be a 95% WFH operation, then make sure we plan our networks and our security accordingly. In other words, we need to figure out a network topology that will be more secure and have the right tools and hardware, as I mentioned in last month’s blog.

If you view this in another light, the uncertainty over your firewalls is really a proxy for the conflict between the network and security teams at your company. This is an old issue (see this Sandra Gittlen piece in Network World from several years ago) and I am not suggesting that you should combine them into a single unit. Gittlen cites sources who point out that the two teams can collaborate better when they are separated, because they have different roles and jobs to do. Security should track down issues, vulnerabilities and risks; the network folks should fix things and prevent future problems. And both need to work on security from the beginning of any new project, what is commonly called “security by design.” Still, another source says, “There is value in security teams learning networking’s language.”

Take the time to know where your firewalls are located and use this as a teachable moment to better understand how you have set up their rulesets and other basic configuration details.