Follow by Email

Tuesday, May 22, 2018

There’s been a breach


Note: This post was originally published in 2015. It has been updated with new information relating to the topic. 

Last week Twitter announced a breach of passwords. Twitter claimed that no personal data was released and encouraged users to change passwords. Since the big breaches from the fall of 2014 it seems like every month we have heard about a new breach. If not banks then major retailers or healthcare systems. The private information we entrust others to keep safe is being violated on a regular basis.

Try as you might to stay off the “grid” by paying cash, getting paper statements, or banking in person, eventually you will be a victim of identity theft or some sort of financial intrusion. Either because of convenience or because a company demands you use an electronic system. It is difficult to navigate in today’s world without having some portion of personal data stored on an institution’s computer.

Personal data

Ever check out at a store that you shop infrequently and they ask for your address, phone number, or name, and you’re in their system? Freaky right? At some point you’ve provided them with your personal information. Larger companies own smaller companies…your personal data is bought and shared daily.

Tax season just passed and it’s a good bet that when you filed your taxes, electronically of course, your return was rejected by the IRS because, surprise, the return associated with your social security number has already been filed.  

The IRS estimates that more than 122 million returns were filed electronically in 2017. While the IRS has seen a decline in personal tax fraud, falsified business returns have increased. The IRS identified 10,000 compared to 4,000 fraudulent business returns in 2016.  The IRS doesn’t publish everything it is doing to combat tax identity fraud. Some of the public efforts are tightening access to private sector filing software and more thoroughly scrutinizing refunds. When your SSN has been compromised the IRS issues you an electronic identification number for future filings. This solution should keep your tax information safe, as it is a unique number. But so was you’re your SSN at the time it was generated. 

We use to worry about someone stealing a driver’s license or credit card. If that didn’t happen you didn’t have much to worry about. Years ago, while working as an undercover detective, and when I say “years ago” I mean before there was a computer in every home and a world-wide inter web of computers.  A senior administrator had a briefcase stolen that contained contact information for all of the detectives. Not just name and phone numbers but addresses, birthdays and yes the coveted social security number. Not sure what we called it then, but it wasn’t a breach. But in today’s terminology, the breach compromised so much personal information what could one do? You couldn’t completely change everything. In those days though we were more concerned with operational security than identity theft. Yes, identity theft occurred, but not on the level or frequency as today. The criminals at that time weren’t as sophisticated in that skill set as they are today. Plus, copying and sharing was a literal concept. The documents would have to be photocopied and personally distributed. 

We knew that if we worked hard and fast to recover the documents, we could determine the extent at which the information had been distributed. The faster the culprit was caught, the less chance the information could be distributed. Today, your information can be stolen from a third party vendor’s database by a criminal in another country and uploaded to a distribution network all from a keyboard, in a matter of minutes.

Document, document, document

The tenets of the paper world of long ago still hold true. Identify the breach and work fast to stop the leak.
Once you’ve identified a problem, you need to start working to quickly plug the leak. Contact the source in which you became aware of the breach-credit card, driver’s license, IRS, etc. Get that entity started on resolving the issue. File a complaint with the Federal Trade Commission, your State’s Attorney Generals Office, even the FBI if you seem to be apart of a larger breach. File local police reports also. It may seem for naught but you’ll have a record of the report and a case number to go with any other complaint filings. Most of the entities you will deal with, including law enforcement, have online complaint forms. It doesn’t take long and you can get it done in less than a day.

Document, document, document, everything you do and the entities you’ve contacted. Keep your notes for future reference.

Consider a monitoring program. There are lots of companies out there that perform this service. Of course do your research and choose wisely. If the breach occurred from a major retailer, financial, or health institution, they may offer some sort of credit monitoring or identity repair service for free. Take advantage of it.

Update, update, update

If you get notification of a password breach or hear it on the news, such as the recent Twitter breach, don’t ignore it. Like Twitter, companies publicize that no personal data was infiltrated but passwords “may” have been compromised. It is important to regularly change passwords as a matter of routine. However, when a company has had their password database specifically breached it is important to act quickly and update your settings. It is equally important to update other accounts in which you use that same password. Maybe get in the habit of updating passwords whenever there is a breach in the news. 

We should have different passwords for every account but let’s face it no one does that. So when one password is compromised the other accounts that use that same password are now in danger of being hacked. Cyber-criminals have highly sophisticated search processes. They may not be searching for you, specifically, but once they get your logon or password they can use that to find other accounts. Once they have one piece of the puzzle it is isn’t that difficult to break the rest.

Thursday, May 3, 2018

Odenton Shopping Center: What's under the asphalt?


This article was originally written for the Heritage Times, the news journal of the Odenton Heritage Society, Summer 2014, Number 39. Thought it fit well in this blog as it reflects how businesses and development affect a community and it’s history. For the purposes of this post updates have been made where needed to reflect the current status of the shopping center. Hope you enjoy the article.

Under the Asphalt

The arrowhead shaped piece of land that runs from the Odenton traffic circle up to what was once called Stoney Hill (the location of the present day Wheels Skate Center) and between Annapolis and Odenton Roads has always been a popular area for travelers and trade. The future site of the Odenton Shopping Center (OSC) has more history to it than just a vacant lot developed for modern commercial use. From the beginning, when Native American trails crossed in Odenton, the future site of the Odenton Shopping Center has been an area for trade and commerce that continues.

What we know as Annapolis and Odenton Roads began as Native American trails, which are documented in late 18thcentury maps of Maryland. These trails were used by Native Americans travelling north and south and later by settlers traveling between Annapolis and Frederick. 

A possible, undocumented, reason for why the early trails intersected where they did [near the traffic circle] could be due to the location of a once bountiful spring. The eastern portion of the land on which the OSC now sits once contained a fresh water spring known as Picture Spring. (Approximately the site of the Goodwill store) The spring was a resting area for Native Americans traveling through the Odenton area. In her 1978 publication, Odenton, A Town The Railroad Built, Catherine O’Malley described the site as follows. 
“…,”Picture Spring” was located in Odenton, near the present day A&P, on Odenton Road, in a clump of sycamore and willow trees on which the Indians had carved pictures, totem pole style. It was a resting place for the Indians who came from the North and were on their way to make war with the Southern Maryland Piscataways and the Eastern Shore Maryland Nanticokes. The spring was a strong source of crystal clear water, which flowed into the Severn River. But alas, it was buried when the Odenton Shopping Center area was developed. A very large pile of stone chips, broken arrowheads and Indian artifacts located near the spring is also gone, being buried beneath approximately 20 feet of fill dirt.”

The 2003 Odenton Small Area Plan, Community History, paralleled Mrs. O’Malley’s research stating that the site was popular with Native American inhabitants who were in the area between 8000 B.C. to 1400 A.D. and used Picture Spring for stone tool manufacturing and campsites. As the area became populated with settlers, the Native Americans moved on or died from being exposed to disease. The site of the future OSC remained wooded. 

The train comes to town

Odenton continued to grow and became even more populated as the result of the opening of the Annapolis and Elkridge Railroad in 1837 and the Baltimore and Potomac Railroad crossing the Annapolis & Elkridge RR in 1868; 1868 being the year that the town of Odenton was officially founded. The Annapolis & Elkridge Railroad paralleled Annapolis Road on its way through Odenton and onto Gambrills. The closest stop to the future OSC was Sappington Station, a short walk from Picture Spring. Prior research conducted by the Odenton Heritage Society shows that Civil War Union Soldiers camped not far from Picture Spring near the intersection of Sappington Station Road and Burns Crossing Road, which would have been on the north side of the A&E RR Sappington Station.

Throughout the expansion of population in Odenton the future site of the OSC remained wooded and Picture Spring an active area for drawing water. Oral histories collected by the Odenton Heritage Society revealed that in the late 1800’s through the early 1900’s there was a small enclave of homes near Picture Spring. Families used the spring for water and maintained the access to the spring by protecting it from environmental damage. Residents of Odenton from the 1950’s remember the site to be a wooded area with a natural spring. Locals would draw water and kids would play in the spring in the hot summer days.

Opening Day 

Several families owned the sections of land that would need to be purchased to build the OSC. David Eutsler purchased the wooded lots in the late 1950’s and later partnered with Stanley Yaffe to assemble the lots necessary to build the OSC. There is no definitive documentation of the dates the OSC opened and tenants filled the space. From what has been learned thus far, the Odenton Shopping Center opened in 1958.

The original shopping center spanned from the liquor store to the barbershop. The point where the addition was added can be seen outside of the barbershop.The curb line is straight up to the barbershop and then angles out to continue up the hill. The angle in the curb is where the original OSC stopped. The addition created an angle in the design. At this point, the stores had recessed entryways some twenty feet from the curb and the awning covering the sidewalk was wider. After the angle, the stores entranceways became closer to the curb as they are today. 


Point of expansion to the Odenton Shopping Center
An original tenant was Beacon’s Pharmacy, owned by Stanley Yaffe. Beacon Pharmacy, was documented in a Capital Gazette newspaper article as, “the centerpiece of the Odenton Shopping Center since each opened in 1958”. Beacon’s was sold to CVS in 1995. 

Another of the original tenants, which remains to this day, is the Odenton Barbers, Tanning, and Fitness. The original owner, Bill Burroughs, opened a shop in Fort Meade in 1963. When the OSC was developed and opened, Mr. Burroughs moved the shop to the OSC in 1965 and has been there ever since. Oral histories recall a sandlot ball field at the western end of the property where barber customers awaiting service and local residents would play pickup baseball games. 

Newspaper ads in 1967 announced the arrival of W.T. Grants department store, which originally occupied the space where the Giant grocery store is located. In the mid 1970’s, the A&P grocery store moved from its original anchor spot at the east end of the OSC, to a larger separate facility that still sits perpendicular to the shopping center (Goodwill building). The original out building was connected to the OSC by an awning-covered walkway. The first major renovation took place in 1991, modernizing the fa├žade.

An ad in the 1971 Arundel High School Panorama listed these stores as members of the OSC.*
Arnold’s Shoes
Beacon Pharmacy
Citizen’s National Bank
Gordon’s Clothier’s
Launette Inc.
Odenton Barbers
Odenton Liquors
Princess Shops  
Salon on the Green
Schumann’s Bakery
Western Auto
* A&P grocery and W.T. Grants were part of the OSC at this time. It is not known why those businesses were not included in the ad.

The Odenton Shopping Center has always served its community well. Providing access to a centrally located business environment to serve basic consumer needs with a variety of locally owned as well as national chain stores.

Please read other posts regarding Odenton business history.
Building History July 2016

Please help preserve the history of your local communities. As time passes and development increases we are losing the treasures of our past. This includes our oral history. Your community elders are a wealth of information. Take the time to ask and listen. 
To learn more about Odenton and become involved in local history please visit the Odenton Heritage Society.





Monday, April 16, 2018

Return phone calls


We recently needed some electrical work done. A friend made a recommendation. The electrician was called and several voice mails were left. Messages were also left with an assistant. Never received a return call. It baffles me how small businesses can ignore requests of their services. Apologies for singling out specific professions, but from my experience it seems to happen most often with tradesmen who own their own business, e.g.-electricians, plumbers, masons, etc. More than once, I’ve been referred to a person in the trades for residential work. The call is made but what you don’t get is a return call. You keep trying because of the reference regarding the quality of their skills, to no avail. Eventually you move on. Job lost. How can small businesses afford to ignore potential jobs? It makes you wonder how well their businesses are doing. To ignore potential customers/jobs is tantamount to turning business away. If they can afford that then they must have trucks unloading cash to the bank. Sometimes I think I chose the wrong career path.

My uncle was an electrician and ran a successful business for decades. He was able to sell the business and retire comfortably. When I was young I would spend summers helping with “apprentice” type duties. When I wasn’t at the job site I would help my aunt who ran the administrative side of the business as well as the supply chain. During those summers, I learned a lot about electrical work and running a business. Part of what I learned is how to speak to customers and potential clients. Seek out contracts and jobs. You never know from where your next paycheck is going to come.

Even if the job is outside your purview, call the customer back and offer an explanation-that the job is too small or not the type of work your business does. Give referrals. You may have turned down a job but you established some good will that may come back to benefit you later.

I know successful small business owners who are always hustling for more business. Their calendars are full of work and employees are busy. In busy times they know that they can never sit back, put their feet up, and figure they’re on top. They know that there are trends, up and downs, in any business. You have to keep looking ahead at what is coming. Always improving. Always analyzing what is working and what is not.

I had my own business. Some months it was very busy. During those times consideration was given to either doing the all the work myself or contracting out work. Other months you’re checking the phone lines because you can’t remember the last time there was a call. The point being - feast or famine. You never know when the phone is going to stop ringing.

Owning your own business is a great feeling. You should do what you love and if you can make money at it all the better. But it still takes effort. Just because you have a commodity that is in demand, doesn’t mean that it will stay in demand. Every business has competition, some more than others. If you don’t stay one step ahead your business will start to decline.

As far as my electrical issue. I did find an electrician that answered the phone personally and was eager to help. He passed on some troubleshooting tips that actually solved the problem without a service call. I didn’t formally hire the person but there was good will built for his honestly and eagerness. Definitely saved the contact information and will gladly give him referrals.  


Please feel free to share. See the blog archive for other posts about customer service.

All systems down October 2017
Lasting Impression September 2016

Monday, April 2, 2018

How secure are apps?


Every business is pushing their mobile apps. Some are highly interactive, giving access to secure accounts. Others are merely informational almost static platforms. Everyday we become more and more dependent on our phones. The Pew Research Center estimates that 77% of Americans have a Smartphone. A conglomerate of different studies from 2017 reported that Americans average five (5) hours a day using mobile devices and of that time 90% is spent using apps. Now when you allow that everything on your phone is an app of some sort it kind of diminishes the 90%, but the point being is that we are on are phones a lot.

Why have an app?

Phones are now like appendages. We are rarely without them. This is a big reason why companies push apps. That and because the phones create a focal point for data collection. Most apps require some sort of registration. That provides a modicum of security but it is mostly for data collection. Location services on smart phones allow app users to be tracked and pinpointed where they are using the app. This let’s the business collect, not only, your personal information but how, why and where you’re using the app, and what you are buying. All of this data is used to target advertising and reshape sales.

Since 2014 mobile Internet use has been more common on mobile devices than desktops. You can accomplish so much on your phone now you probably could go days without turning on a laptop or desktop. Apple has a cute commercial where the camera follows a girl throughout her day using her iPad.

A neighbor asks her what she is doing on her computer. She answers, “What’s a computer?”
The procession to apps began with the advent of online access to accounts and shopping. To encourage electronic account access, some companies even threatened higher fees for receiving paper documents through the mail. Then everything moved to our phones. Businesses lure customers into their apps with rewards or deals for using them. Some put more effort into their apps than their websites.

Secure?

How secure are all these apps we’re either using voluntarily or “forced” to use by companies? The transmission of data between the users phone and the app servers usually has end-to-end encryption. Meaning the data being sent and received is encrypted. The problems arise from the users lack of security awareness and hacks into the apps servers.

A high percentage of our phone use is in public. If you’re concerned about data usage you’re always looking for a WiFi signal. Logging into public WiFi is one of the most unsecure actions a Smartphone user can do. If you don’t inadvertently log into a hackers signal then you’re sending a signal that your phone is publically available. Once a hacker zeros in on your phone they can intercept your transmissions to and from the apps you are using. Intercepting the phone’s connection to the router is commonly known as “man in the middle”. While that is still a popular hack it is time consuming and much more work than going after the bigger treasure. Company servers.

Why is it important to frequently change passwords? And not use the same passwords or login/password pair for more than one account? More sophisticated cyber criminals know where the money is. It’s in the servers of big companies. If not the financial records then the personal data. Recently, Under Armour announced that their app had been breached. They assured users that no financial data had been accessed only user names and emails. While that may give some a sigh of relief there’s still a problem. Hackers will sell those users names, emails, and passwords on the dark web. They’re valuable because many users will use the same login information across many accounts. Hackers can use the data gleaned from one breach to access your other accounts.

Using apps are as safe as the host makes their server data and how you use the app. Most of the security issues are out of your hands. If you are not compromised in public more than likely the company’s servers or app itself will be hacked, exposing your data. All you can do is be as safe and aware as possible on your end. Monitor accounts and change passwords frequently.

Please feel free to share. Check the archives for other posts about privacy and online security.
Are you being watched? February 2018
Keys to the vault August 2015



Monday, March 19, 2018

History of leave


With the passing of mandatory paid sick leave by the Maryland legislature in January 2018 the idea for this post began as a look at the history of sick leave in the American workplace. Research revealed the reason why there are paid leave advocates. Leave from work, whether for sick or personal, is a relatively new concept as it applies to the American workplace. Still, this is probably a good topic for a little background.

During the agriculture phase of the America people worked as the farm dictated. Once the Industrial Revolution arrived factories sprung up with no shortage of workers. People lined up waiting for jobs. Employers could set wages and hours are they saw fit. There was little to no regulation. People worked six days a week for pennies an hour in deplorable conditions. If you missed work you weren’t paid or lost your job. These conditions continued well into the 20th century until a president floated a new concept.

Starting a conversation

The idea of employee paid leave in the United States started with President William Taft in 1910 who thought that workers should have three months of vacation per year. Congress never bought into it but the conversation was started. Sixteen years later the work schedule began to change. The Ford Motor Company was one of the first, if not the biggest, company to offer employees a five day, 40 hour workweek. The policy went into effect in may 1926 at the urging of Henry Ford’s son, Edsel, who thought every man needed more than one a day a week for rest.

By the 1930’s, countries around the world had begun adopting paid time off for employees. The U.S. Department of Labor took up the fight again creating the Committee of Vacations with Pay to study why the U.S was so far behind the rest of the industrialized world. Nothing came from this committee.

It would be sixty some years later before the U.S government made significant changes. In 1993 the passage of the Family Medical Leave Act (FMLA) mandated twelve weeks of unpaid time off for workers to attend to their own or a family members medical issues. Leave from work agreements were, and still are, between employer and employee with no mandate for payment. While FMLA provided for leave without retribution from employers, the leave was still unpaid.  

There is not a statutory requirement for paid vacation in the U.S. Individual employers decide on what leave and type of leave to offer employees. Employer’s decisions on leave run the spectrum. A few companies are experimenting with unlimited leave while the majority offer some sort of paid time off. There are still small percentages that offer no leave.

Regarding statutory paid sick leave, currently nine U.S. states mandate it (Arizona, California, Connecticut, Maryland, Massachusetts, Oregon, Rhode Island, Vermont, and Washington). Expect that number to grow in the coming years.


Please share this and any post. See the blog archive for other posts about employee benefits.

Monday, March 5, 2018

Can you buy an AR15 in Maryland?




After a mass shooting, attention is focused on the availability of the weapon used. Most times that weapon is a semi-automatic, assault style, rifle. How did the person obtain the weapon and why is it available to public, are the questions usually asked. As you probably have figured out gun laws in the U.S. are convoluted. Laws on gun possession and sale differ from state to state. Too many to try to and explain in a single post. For this blog the question raised is-Can you buy an AR15 in Maryland? The short answer is no.

Assault style weapons

The federal government and some states have strict laws regarding the regulation and availability of fully automatic weapons or machine guns. What is more readily available are assault style weapons that are similar to what the military uses but in a semi-automatic capacity (firing one bullet and automatically reloading with each depression of the trigger). “AR15” is a type of civilian rifle modeled after what the U.S. military issues. Although it is a specific product the name is also used incorrectly to identify a wider variety of assault style weapons. When, in fact, there are many different manufacturers and models.

The Federal government banned semi-automatic assault style weapons in 1994. However, the ban expired in 2004 and those guns became legal for sale once again. Maryland banned the sale of what is defined as an “assault rifle” or ”assault long gun” in the Firearm Safety Act of 2013. The types of weapons included are what are commonly known as “AR15”s and all variants or copies. However, persons that legally possessed these types of weapons prior to October 1, 2013 could continue to possess them. They just couldn’t be sold within the state.

The Maryland State Police is tasked with regulating firearm sales in Maryland. This link, Maryland State Police Firearm Search, explains what can and cannot be possessed and sold. Other states with bans on the sale of assault style rifles are: California, Connecticut, Massachusetts, New Jersey, New York, and the District of Columbia.

Guns approved for sale in Maryland

In addition to regulating the sale of firearms, Maryland law also determines what guns can and cannot be sold in the State. Handguns manufactured after 1985 can only be sold in Maryland if the Handgun Roster Board has specifically approved it for sale and placed it on the Official Handgun Roster. The Handgun Roster Board is part of the Maryland State Police and consists of eleven members-The Secretary of the State police and ten people appointed by the Governor for terms of four years.

You may search manufacturers to determine if a handgun is on the handgun roster and legal for sale in Maryland thru this link.  Handgun Roster search

Waiting periods

Waiting periods and firearm sale laws are also being discussed in the news. Maryland has some of the strictest firearm laws in the country. 1995, 2000, and 2013 saw major legislation packages passed that restricted the sale and types of firearms that could be sold in Maryland. Even before that, in 1966, Maryland was one of the first states to pass legislation regarding waiting periods for purchasing handguns. Since 1966, a firearm dealer must wait seven days before the gun may be transferred to the purchaser. During this time, the Maryland State Police conducts it’s background check of the prospective purchaser. The Responsible Gun Safety Act of 2000 expanded the waiting period and background checks to include the private sale of handguns between individuals.

Only nine states and the District of Columbia currently have waiting periods-California, Florida, Hawaii, Illinois, Iowa, Maryland, Minnesota, New Jersey, and Rhode Island. Waiting periods for gun sales received a boost on February 20, 2018 when the Supreme Court dismissed a 2nd Amendment challenge to California’s 10-day waiting period as a “reasonable safety” precaution.

Please feel free to share this post. See the blog archive for more information on buying guns in Maryland.








Tuesday, February 20, 2018

One born every minute


You are security conscious and know all the Internet do and don’ts, but sometime it is going to happen. You’re going to fall for click bait, open an infected email attachment, or fall for a social media hoax. You’re not dumb. You’re not gullible. You’re not alone. People of all ages, backgrounds, and intelligence will fall for social media hoaxes. Including this writer.

As with any scam, whether it is a criminal affair or a joke, the perpetrators play on our human nature and how we react to stimuli. Must notably anything that threatens our family or personally well being. Fear. As with any con, the perpetrator uses broad, widely known information, with some truth sprinkled in for good measure. Sometimes, as the case with privacy issues, will use functions of the app to make it believable. Instructing the victim to perform a function within the app that produces a result. When the result happens, it further validates the hoax.

The ones that get you are intelligently written in a generic style or tone that could be from any close friend or relative that you would normally trust. They either forward the item to you, or worse, endorse it with a message that reads something like, “Tried it. It works!” or “This is true”. Most people don’t do research. If so and so posted it must be true, and we quickly click ‘share’. After fourteen years, Facebook is still having trust issues with its users. Anything that hints at a privacy scandal runs wild and users react.

Hoaxes, just like malware, circulate, mutate, and resurface, sometimes years after being launched. The one that got me was the ‘Following me’ security check on Facebook. [Spoiler alert-It’s a hoax] You receive a message from someone you trust that reads like the photo heading of this blog post. And trust me, it will read like the above photo because the original language just keeps getting forwarded. Following the steps outlined in the post you’ll find these unknown people “following” you on Facebook. You quickly go to the next step and start deleting all of these unwanted followers. How dare they intrude onto my highly secure and private Facebook page! The nerve.

After testing the theory and seeing that it does indeed reveal hidden followers, you forward the message on with your own endorsement. Because it does work, it must be true. You have to alert all of your friends. I didn’t go that far. But it did give me an idea for a blog post. A couple minutes of research had me SMH. Got me!

Snopes.com addressed this very hoax in a January 2017 article that was updated in September 2017.(Are Facebook users secretlyfollowing you?) Snopes traced the origin to a rumor post being circulated that Facebook security teams were paid to follow individual accounts. The post read similar to the one pictured except the user was instructed to enter ‘Facebook security’ in the block users search box. While this did return a list of people, it was determined to be people who had used ‘Facebook security’ in their profiles. In September 2017, the hoax took on the form we have pictured. However, now following the instructions returns a list of people that have “me” in their profiles.

In fact, the search box reads


So the hoaxers set you up with instructions that return what they want, a list of people you’ve never heard of, which gives validity to the hoax. Which gets it forwarded. And on and on and on it goes.

Please feel free to share. See the blog archive for more posts about privacy.
Are you being watched? February 2018