My vote was for sale for the upcoming Canadian election. As a suburban working mother of three young boys, I understand it’s a pretty valuable vote, too.

My first priority was to simply vote against the Conservatives. As a working mom, child care is one of my number-one issues, and I’m still bitterly disappointed over the Universal Child Care Benefit plan which was neither Universal nor Child Care.

Tories say they want to put money in the hands of families to let them make their own choices. Well that’s all very well and good, if there are options out there for families to buy into. Unfortunately, in many neighbourhoods across the country that’s simply not the case. Waiting lists for licensed child care can be years long, and unregulated child care is unreliable at best. (Don’t get me wrong, it’s what I’ve been relying on all along, but I don’t believe it’s the best option.)

I’d have liked to vote Liberal, but they simply haven’t shown me that they care for my vote. What do the Liberals stand for in this election? I haven’t quite been able to figure that one out.

I’d considered voting Green. I love an underdog.

And then the NDP offered me $250 per child per month until my boys are 18 years of age. That’s when I sold my vote to the NDP. What closed the deal was when I read that the NDP is proposing a National Child Care Act, something that would try to make child care accessible and regulated – something I strongly believe in.

Phew, finally got the kids to bed. I can’t believe it’s the first day of school tomorrow! Do I pick him up tomorrow at 11:15 or 11:30? Or is it 11:45? Where the heck is that piece of paper with the school hours on it. (Rifles through stacks of paperwork on the end table, the kitchen counter and the shelf in the bathroom.) Where the hell is that paper?

Oh, here it is. Right, 11:25. Got it. Oh wait, what’s this? Oh crap. It’s a checklist of things I’m supposed to send on the first day. Holy hell, I completely forgot about this. And the cheque for the activity fees – that slipped my mind entirely. Okay, I can do this stuff. Don’t panic.

Chequebook…. chequebook… ah, leave it for now. What else? Oh right – labels. I ordered the labels for the shoes and the hats and the coat, they’re in here somewhere. (More rifling.) Here they are. I’ll let the iron heat up while I stick these stickers into his shoes.

Oh crap. This says I have to leave a pair of shoes at the school. I read this the other day, but I completely forgot about it. Honest to god, I’m so disorganized sometimes it’s a wonder I even graduated grade school myself. Okay, fair enough, it’s been a tiny bit of a hectic week this week, but really – it’s not like I haven’t seen this day coming!!

Okay, whatever. The boy needs to leave a pair of shoes at school. We only have one pair of shoes. Maybe I can cram his feet into the ones from last year, just for today? Hey, tomorrow there is a 40% chance of rain forecast. What if I send him in his rubber boots, and we’ll leave his regular Scooby runners at the school. That will work. Please god, let it rain tomorrow. Biblical proportions would be nice. Then we’ll just have to remember to run out to WalMart tomorrow so he’s not wearing his sandals for the rest of the week. Good plan. Except – will the kids mock him through high school because he showed up for his first day of kindergarten in rubber boots? That kind of label tends to stick for life… nah, forget it. They’re all four. He’ll be fine.

Next – iron-on labels. I’ve been meaning to get around to this for weeks, why am I doing it after bedtime the night before his first day? WHY? Ouch! Dammit, I just burned my finger trying to hold that tiny little label against the seam of the inside of his Thomas hat. Shake it off, no time for bactine right now. Hmmm, I wonder if maybe I should turn down the iron when I put the label on this polyvinyl coat? Nah, the instructions on the label say to use high heat, and I’m sure this fleece lining will insulate it. Oh CRAP! I just melted fleece AND polyvinyl all over the iron. What the heck am I going to use to iron my work clothes tomorrow? Note to self: add new iron to shopping list when going to WalMart for new shoes tomorrow.

Good enough on the labels. Okay, what’s next on the list? Oh, right. Donated supplies of a large box of ziploc bags, a box of kleenex and a family size hand sanitizer. I bought the ziploc bags last weekend, and the kleenex, but I forgot about the hand sanitizer. Shall I run out to the drugstore now? Should I attach an IOU and send it Tuesday? Am I now labelling my child not only as Rubber Boot Boy, but as the one whose mother isn’t a team player and didn’t send the hand sanitizer on the first day??

Whatever. Next week will have to do. Next? Right, change of clothes to leave at the school in case of accident. At least I thought to organize this on the weekend. Oh oh. It says I’m supposed to put them in a labelled ziploc bag. I only have sandwich-sized ziplocs left. Can I open the box I’m donating to the class and pilfer one? That seems wrong. Oh the angst. I’m the mother who has no taste in footwear, forgets the hand sanitizer AND steals ziploc bags from the children. Next week, I promise I’ll send a whole new unopened box in addition to the box-minus-one that I’m sending tomorrow. And a jumbo hand sanitizer.

And finally, the cheque. The cheque. Oh for the love of god, where is my chequebook? I can’t remember the last time I wrote a cheque for something. Can I send cash? Do they take debit? (sound of massive amounts of paperwork being displaced) Why can I find a chequebook for an account I closed in 1994, but not my current one? That’s just wrong.

Okay, here it is. I’m supposed to send $25. Will they like me better and forgive my first-day transgressions if I add an extra $5? Is it bad to bribe the teacher? Okay, $25 – done. An hour and a half later, we’re finally organized and ready for the first day of school.

Scratch that – Tristan is ready, but I don’t think I’m even close to ready…

(This is a favourite re-run from my blog Postcards from the Mothership.)

The net is buzzing about Republican Vice President candiate Sarah Palin’s email account being hacked, and if you somehow missed it, this Wired blog post is a good starting point.

I won’t engage in spreading rumours about who might have done it. The bottom line is that he or she, at best, did something dumb. While there still appears to be a cool factor surrounding the commission of high tech crimes, the result is really no different than breaking into somone’s home, office, or car. And doing it to a VP candidate is just pain dumb. Given the high profile of this case, the authorities will make an example of whomever is responsible, resulting in a disproportinate sentence. It’s too bad that the perpetrator thought about the FBI after the fact, instead of before.

But this story is about much more than that. It’s about weak authentication, poorly designed password recovery, poor business practices and a negligent Governor.

Security professionals have been telling people for decades that passwords are a bad idea and that they suffer from numerous weaknesses. People choose passwords that are easily guessed, they are all too often rapidly obtained through technical and social attacks, and many password systems have serious, fundamental technical flaws. But we continue to use passwords because they’re easy and cheap.

We can choose complex passphrases that are hard to crack, but doing so also makes them harder to remember, especially for those of us with dozens of them. So, to help users, companies like Yahoo provide automated reset mechanisms. The problem is that these are, for the most part, weaker than the password itself, as was clearly demonstrated in Palin’s case. Many of these systems are fundamentally flawed and fail to take target familiarity into account.

As threat levels and asset values increase, so does the need for stronger security controls. Those in the spotlight are explosed to a larger threat, and information such as their email has a higher perceived value to potential attackers. However, because it is generally easier to obtain person information about such people, password reset mechanisms that rely upon personal information provide a lower level of security. In other words, they protect people like Palin less than they protect you and me. They fall clearly into the “really bad idea” category, and surely the security people at Yahoo know it. These flawed password reset systems make it significantly easier to reset and obtain the password of someone you know than a random stranger. And let’s face it, an email account belonging to your boss, ex, or another kid as school is far more interesting than a strangers. Shame on Yahoo (and others who do the same dumb things) for implementing such a poor security system.

Perhaps Yahoo and hundeds of others will wake up, smell the coffee and fix their reset mechanisms. But until they do, there is a solution for users: When providing “answers” to password reset questions, don’t “answer” the question they ask. For example, you might be asked the first school you attended or your first pet’s name. Be funny, be silly, be random. Make something up, and write it down if you have to. If Palin had simply answered that she met her husband “UnderThePinkOakTree”, her Yahoo account wouldn’t be in the news.

Of course Governor Palin shouldn’t have been using a free Yahoo email account to conduct government business in the first place. Not only is it a well-known way to dodge information retention and access legislation, but free email accounts, as this incident demonstrates, simply don’t provide the level of security required for government business or political campaigns. Palin and her handlers should have known better. In fact, according to news reports, she has previously been criticized for conducting state business via her personal email account, so I think it’s safe to say that not only should she have known better, but she in fact did know better and continued to do so.

So where does this leave us? A dumb criminal, a negligent Yahoo, and a VP candidate that doesn’t learn from her own mistakes, none of which bode well for the American voter.

I’ve been re-reading Douglas Adams’s Hitchhiker’s Guide to the Galaxy books again. I’ve read them a couple of times now, but not in the last 10 or 15 years. The whole “a trilogy in five parts” bit has always tickled me. As I was reading, I kept thinking that “Don’t Panic” would be an excellent title for the manual that didn’t come with my kids. Especially if it were written, as Douglas Adams describes, in “large friendly letters” on the cover.

I have three boys whose ages range from seven months to six years, so panic is pretty much my default state of being. From BPA in the baby bottles to listeria in the lunch meat to Bratz dolls and Bakugan, raising a family at the beginning of the 21^st century is fraught with peril.

Any parent who has ever watched an adventurous preschooler try to navigate the climbers solo for the first time, or has sent a shy six-year-old off to his first sleepover play date, or has tried to find a single meal that pleases five fussy and completely different appetites knows that this parenting gig is not for the faint of heart. When are they old enough to get their own cell phone? Are videogames better or worse than TV? How much homework is too much homework? What do you do when the dog eats Lego Luke Skywalker’s lightsaber?

These, and many more, are a few of the topics I’d like to examine in this space over the next little while. Your comments and insights are always welcome, as I believe everyone benefits from a broader perspective. Plus, I really don’t have any idea what I’m doing, either. I’m writing my parenting manual as I go along.

Justice Paul Perell of the Ontario Superior court ruled yesterday that Bell ExpressVu’s administrative charge to customers who fail to pay their monthly bill on time is illegal. In summary, the $25 late fee was found to violate the Canadian Criminal Code provision that makes it illegal to charge an interest rate in excess of sixty percent. As the Vancouver Sun article points out, this ruling sends a strong message to other companies that charge similar fees.

A Carleton University student has been charged with the criminal offenses of “Mischief to a computer and criminal use of data.” The charges came after he allegedly broke into Carleton’s computer system and grabbed confidential information about 32 students. He then reportedly used the information to show Carleton’s administration how insecure their computer system is. There has been no suggestion that he used the information for financial gain.

But, there has been no word whether the privacy commissioner will investigate or whether Carleton University will simply face public humiliation as a school that offers degrees in computer science, and been shown to have a computer system so insecure that a 20 year old undergrad could break into several accounts.

I also don’t recall seeing an apology from Carleton for their failure to keep private information private.

The only “crime” of the student in question is that he found the records of 32 students, and sent the info to the students. Most of those students are in Carleton’s Journalism program.

The school is considering additional penalties which could include a reprimand, suspension or expulsion. There is no word on whether they are considering fixing their computer system.

Mention computer security to most people and the ensuing conversation inevitably involves viruses, spyware, spammers, and teenage hackers. Yes, it’s true that criminals are heavily involved in identity theft, foreign governments are stealing intellectual property, and pedophiles are trolling the Internet. But if we’re really looking for the number one threat to our money and information, let’s start with a good look in the mirror.

Backups

Computer hard drives consist of one or more metal disks called platters that usually spin at 5400 or 7200 RPM. Tiny heads move over the surface of the disks, reading or writing magnetic impulses as the platter spins by. To put it in perspective, the edge of a platter running at 7200 RPM is travelling at over 100km/h. While modern drives are very reliable, and often boast Mean Time Between Failures (MTBF) of up to five years, all it takes is a small particle of dirt, a bearing failure, or enough of a shock to cause the head to touch the platter, and it could be all over for your data. So even if you have the best antivirus protection money can buy, and you’re confident that you could never ever (ahem) accidentally delete the wrong file or folder, not backing up important files is playing the MTBF odds, and if you play long enough, you will loose.

Viruses

I think it’s safe to say that most of us are sick of hearing about viruses. Every year criminals (and have no doubt – virus writers are criminals) turn out a large number of them. Some are brand new, and occasionally one has a serious impact. However, the vast majority of virus infections are preventable, and while I hate to be accused of blaming the victim, the reality is that viruses are out there and your computer will be infected if you don’t take four simple precautions: Use a firewall between your computer and the Internet, install antivirus software and keep it up to date, don’t open email attachments that you aren’t expecting, and don’t surf the web looking for free software or porn.

Phishing

It’s getting real old, but scammers are still tricking people into logging into look-alike sites just to get their usernames and passwords. If you follow two simple rules you are unlikely to become a victim: First, financial institutions don’t email asking for updated information, and they don’t email about fraud or account suspensions. If you get email asking you to urgently update your information or log into your account due to fraud, just delete it. Second, don’t click links in email to any web site that requires you to log in. Instead, open the browser yourself, type in the URL, or select it from your bookmarks. It may take a bit more time, but it will prevent you from following links to bogus sites and giving away your username and password.

Financial Scams

If I walked up to you on the street and asked to borrow your bank account to move ten million dollars into the country in exchange for a ten percent fee, you’d probably laugh. But for some reason when the same solicitation arrives by email, people are happy to oblige, pay “fees” in advance, and are surprised when they get ripped off. The Internet gives you access to a vast amount of information around the world. It also gives fraud artists worldwide access to you. Your best defence is common sense – nobody is going to pay you millions (or even hundreds) to move their money for them. If they have millions of dollars, they don’t need your help to move it, no matter how good their excuse.

Spam and Chain Letters

A lot of people get offended when I lump spam and chain letters into the same category, but let’s be honest – while spam is sent for commercial advertising and chain letters are forwarded by well-meaning (yet gullible) family, friends, and acquaintances, the result is the same: Trash in our inbox.

Spammers collect email from web sites, mailing list, and anywhere else they can find them on the Internet. Then they sell the addresses to others, who, being like-minded, aggregate and resell their lists to others, ad infinium. In a very short period of time, your email address is widely distributed. So our first line of defence against spam is avoidance: Don’t post your email address on the Internet. If you must do so, use a secondary email address or a disposable email address from one of the dozens of companies on the Internet that provide them. Some of the disposable email address services offer addresses that automatically expire after 24 hours, which are perfect for those companies that require an email address to download a “free” document. Along the same lines, another strategy is to give family, friends, and those you personally know one address, and use another address from Gmail or Hotmail for everything else. In the event that spam levels become uncontrollable, you can then abandon it without loosing touch with family and friends. (As an aside, Gmail’s free spam filtering is top notch.)

Of course the problem may be your family and friends forwarding chain letters. If you’re lucky, a polite request may do the trick. If not, you may have to resort to the “reply-to-all with a link to snopes” technique and hope that a bit of embarrassment helps them to think next time.

On the other hand, if you like to forward chain letters, perhaps you’re the problem. Next time you get one check out snopes.com before you forward it. Chances are you’ll find it there, along with information on why it’s not true. Then hit your delete key.