Welcome to my personal home page. Here you will find information about causes that are dear to me, how to stay safe online, why hacking is good, links to media, and ways to get in touch. My philosophy is simply this: we are here to do our work and help each other.
Cari Farver's life was cut tragically short by an act of violence. The Cari Farver Memorial Scholarship at Iowa Western Community College (IWCC) keeps Cari's memory and legacy of kindness alive by helping students who aspire to careers in information technology like she did.
The EFF is the leading non-profit organisation defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development.
Médecins Sans Frontières (MSF), or Doctors without Borders, provides medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. Their teams are made up of tens of thousands of health professionals, logistic, and administrative staff whose actions are guided by medical ethics and the principles of impartiality, independence, and neutrality.
The Internet can be a wonderful place to socialise, learn, and have fun. It can also be a dangerous place where cybercriminals pursue their victims.
Learn to protect yourself online with these tips.
Use a different password for each service. This prevents a breach at one website from compromising all of your accounts everywhere.
Longer passwords are always better because they're harder to crack. Use a password manager like the free and open-source KeePass to generate strong passwords for you and safely track them.
Also called multi-factor authentication (MFA), turning on 2FA is one of the best steps you can take to keep your accounts secure.
This means that anyone who wants to login to your accounts has to both know your password and provide a one-time code. You can manage your codes using an app like Authy or Google Authenticator.
Outdated software often contains security flaws fixed by updates also known as patches. Turn-on automatic updates for your operating systems, like Windows and Android OS, and reboot when prompted.
Remember to update your apps too like your web browser. Ninite is a free tool for Windows that can help you easily install popular free software, like the office suite, LibreOffice. Run the Ninite installer again later to automatically update.
Apps like Snapchat allow you to share your location with friends. Consider disabling that option or limiting the app's permissions. Check your Settings app for all the location-related privacy options.
Keep in mind that useful location sharing, like the Apple Find My app which allows you to find a lost phone, could pose a risk in certain situations. In a domestic abuse scenario, the abuser could use this capability to stalk their victim.
Phishing is a form of social engineering attack that attempts to trick you into giving-up your passwords or personal information. Don't trust links you receive by email, social media, or text.
If you're unsure manually type-in the address of a website or call the sender to verify. Be wary of "urgent" requests, and remember phishing websites made to steal your password can look just like the real thing.
All major social media platforms offer privacy and security features you can customise. Use security check-ups offered by Facebook and Google. Read Twitter's safety and security help page.
Practise reducing your attack surface by closing accounts you don't use and being careful of what you post. Remember that criminals and future employers alike will see it someday.
Backups can save you from a ransomware infection as well as computer failure. Free backup software is included with Ubuntu Linux, macOS, and Windows.
Remember that backups connected to your computer may also be lost if you're infected with malware so consider using cloud backups or disconnecting your backup drive when not in use.
When paying in person with your debit or credit card, pick Credit instead of Debit at the checkout. Consumers are better protected against credit card fraud, and it prevents a skimmer from stealing your ATM PIN code.
Always use the chip option, rather than swiping, whenever possible. Swiped cards are easily cloned, but chip transactions are protected by better technology and harder to skim.
If someone gains unauthorised access to your account you should immediately change your password and enable two-factor authentication (2FA / MFA).
If the service allows it also remember to log-out all existing sessions so an attacker cannot continue to use your account after you've reset the password.
If you or someone else is in immediate danger always call 9-1-1.
If you've been the victim of a cybercrime you can report it to your local law enforcement agency's non-emergency number. You can also report Internet scams, fake websites, emails, and malware to the FBI's Internet Crime Complaint Center (IC3).
If you know of a child being exploited or encounter explotation material, sometimes called child pornography, report it to the National Center for Missing & Exploited Children (NCMEC) via the CyberTipline website.
Your CyberTip will be quickly routed to law enforcement. You could save a child.
Hackers built the Internet and fight to keep it secure. Hackers invent creative new uses for technology and understand that everything has hidden features waiting to be explored.
Most hackers are not criminals. They are people passionate about technology and using their skills to help rather than harm. Hackers are infinitely curious.
Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.
Steven Levy
You can learn about hacker culture and the history of hacking from books like Hackers: Heroes of the Computer Revolution by Steven Levy, Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell by Phil Lapsley, and The Cuckoo's Egg by Clifford Stoll.
Season 26, Episode 1 of Dateline NBC, entitled "Scorned", covered the case of the disappearance of Cari Farver. This case was my life for over two years, and it took a lot of work by many people to bring closure for Cari's family and put her killer behind bars. This web segment briefly covers my involvement in the case and includes footage not used in the episode.
In this presentation, given at the inaugural AppSec Village during the DEF CON 27 Hacking Conference in Las Vegas, I covered software security issues faced by small to mid-sized local governments. I also gave examples of vulnerabilities found in three vendors' products. I was honoured to take part in this village as well as Skytalks 303 where I gave an extended talk that included this material.
This virtual talk at the Recon Village during the DEF CON 29 Hacking Conference is about the dangers of lookalike domains, and an experiment to test whether impersonating .gov domains with .com and .org lookalikes yields real world results. See also: https://impostor.domains
In this article from The Daily Nonpareil, reporter Brian McCormack covers my job, my history with hacking, an early brush with the law, and an encouraging talk I received back then about using computer skills for good that I try to pass on to students today. It was humbling to be interviewed and to have this story shared with our community.
Interested in learning more about hacking, law enforcement digital forensics, cybercrime, cybersecurity, or other geeky topics?
I am happy to correspond online and love speaking with students, teachers, cops, criminialists, prosecutors, fellow nerds, and others in the public sector or at non-profits.
Please drop me a line. For speaking requests click here.