Technology Practice Tips Podcasts

Practical law practice technology concepts in an accessible, conversational manner with Phil Brown and David Whelan

Social Engineering

 Permanent link
Phil and David talk about social engineering and how it can threaten your law practice.  Scams like phishing, vishing, and smishing, and criminals accessing your accounts by using personal information to bypass your account and other security, are disabling law practices all the time.  Learn about what these threats are and how you can avoid being socially engineered.
View Transcript

Speaker Key:      PB Phil Brown, DW David Whelan


PB :      Hi, it's Phil Brown and I'm here with David Whelan and today we're going to talk about social engineering.

DW :     Oh, wait I thought I we were talking about an engineering social life, so engineers getting together and stuff.

PB :      No, we're going to talk about more how this might affect lawyers and paralegals.

DW :     Okay. So, social engineering is maybe not a term you've heard of, but you will have heard of what it is. Social engineering involves people, maybe not even using technology, maybe just using telephones, to use your emotions and your normal inclinations to be helpful and share in order to pry out information from you like your credit card number, like your passwords, like information that you wouldn't otherwise divulge. And so the social part is really the human interaction that leverages that information out of you.

PB :      And it could be as simple as someone arriving at your office with a stack of 10 pizzas for your staff and saying that they're there and everyone's supposed to gather in the conference room. And they think it's a party and everyone goes into the conference room including the receptionist to get their pizza. And the person who delivered the pizzas now walks over and plugs into their server and could possibly insert some sort of Malware or Trojan or whatever through one of the USB ports and it's essentially just been a two minute interruption of service.

DW :     Yeah, it's a funny area because there's so many different things that go on and you'll have heard of phishing, you may have heard of vishing and smishing, farming, water holing. They're all sorts of interesting terms that pop up in the media. But really all of these fall under social engineering.

PB :      And it all has to do with our need to see what's in that email or our need to respond to something. Or someone has told us something's wrong with our accounts so we need to figure out what that is quickly.

DW :     And some of it's very random. Phishing for example, spelled p-h-i-s-h tends to be emails that come in but they're sent to thousands and thousands of people on the hope that someone will see "Oh my bank account has been breached and I need to click through." And when they click on that link they go to a site that either downloads malware to their computer and infects them, or they are prompted to put in information like their user name and their password for their bank but they're not actually on the bank's site.

             That is escalated with things like water-holing or spear-fishing where the email isn't sent to lots of different people it's sent to very specific people. And so, the email feels even more authentic because it's true to the sort of email that that person would expect to get.

             I know recently I've been receiving a lot of emails that have to do with court filings. And so, inside the email there's a document or it looks like it's supposed to be a document that if I clicked it, would appeal to me. So, they are varying levels of tailoring but they're all meant to have you do something to give up some piece of information.

PB :      And vishing, although we both don't like that term, has become more common because of things like VOIP, which is the voice over internet protocol system of telephony.

DW :     There have been some terrible examples this year, it's 2015, in the U.K. two lawyers have gotten in trouble and suffered discipline when they received a phone call from what they thought was their bank, they then took actions based on that phone call. Often, what would appear to be legitimate, but it ended up moving huge sums of money in their trust accounts from one place to another. And, unfortunately, the other place was controlled by the scammers. And so, they were then able to remove all of the money. So, it really is, even on phones where there's no technology involved, it's a matter of using common sense and really thinking about what kind of information am I giving up or what am I doing based on requests from someone who I actually can't see.

PB :      And I think in one of the English examples there's one with a loss of over £700,000.

DW :     Right, yeah, it was really huge numbers.

PB :      And now we need to look at it from the perspective of when you get that email and this is another thing that's common with VOIP, you might have a voicemail, but you're able to access it through your computer and click on that voicemail file that, WAV file to listen to the voicemail that's been left for you.

DW :     Right, you should really be very cautious with anything that looks like it's sending you a link that is taking somewhere else, whether to listen to a voicemail message or to fill out a form or an attachment that looks like it should be something that you should download and listen to or open.

             Go through your same process that you would normally do, even if it's a voicemail and even if you're in a hurry, rather than double clicking on that file "right click" on it and save it as an attachment to your drive and run your virus checker on it because the emails that are coming in are extremely good at - I mean we're well beyond the days when you had typos or people who are addressing you as an Nigerian Prince, although I do sometimes get requests for barristers from the U.K, which I think is quite funny. But the emails have gotten very sophisticated and again, if it's been tailored to you it's going to be something that's going to be very difficult for you to watch. So, without becoming too paranoid, you do really need to watch every email that comes in.

PB :      And you'll get a lot of phone calls now from people claiming to be - the popular one this year was the Revenue Canada call or the CRA call saying there was a warrant out for your arrest and if you paid a certain amount of money by such and such a time, which you could do immediately of course by giving up a few of your credit card numbers. And it was usually a small amount. It was a few hundred dollars or a thousand dollars and if you paid that amount immediately that would be the end of the warrant you could go on your way. I mean CRA doesn't call anyone, but, again, it's that sort of panic response you have when someone calls and says, "We are an authority and you need to deal with this now." And that's what plays into that social engineering aspect.

DW :     Another story that I heard recently is really interesting. Someone who pretends to be your tech support and just randomly calls people at the office and says you had a tech support call, I'm just returning the call and trying to help. And they'll often get someone who doesn't realize that maybe, you know, they hadn't put in a call very recently or they just had a question and so they start to talk to this person and they'll give up their username and then maybe they'll give up their password and thinking that they're dealing with a co-worker.

             And, of course, when you want to get along with your co-workers like Phil and I do, you're willing to give up information that you might not otherwise do. And if that person's now outside the organization in our modern environments where they're often employee portables that you can lock into from remotely or remote networks that you can log into remotely. A username and a password from inside a corporation can be very valuable.

PB :      And it's very easy, not to pick on VOIP, but with a modem and a magic box, very quickly - I mean I received phone calls from my own phone number while I've been on my own phone. So, it's obviously not me calling me. But they can spoof any phone number, they can spoof any organization. So, you'll get a call that purports to be from the Royal Bank, it's not necessarily from the Royal Bank and you still need to zealously guard your information and not just give it up to someone on the phone because they purport to be from a particular agency. None of these agencies and the banks, even the cable companies, none of them will call you up and start asking for your personal information.

DW :     And that's a good point. Both you, and the staff that you train, so that they are as aware as you are about how to deal with these problems should never give up something like a password over the phone or even over email. Those are just not the sorts of things anyone ever will ask for. They'll always reset it if they have a password issue so that they can go and get into your account that way.

             But that is just the sort of normal response where someone calls up and is it's a real emergency I've got to get my password or I'm calling for somebody who you know is out of the office and I need to get their password. That's the time when you slow down and you hang up the phone or delete the email and you don't send that kind of information. You find a different way to accommodate their request or to confirm really that the person who is on the other end of the phone or email is actually the legitimate person.

PB :      And another aspect of this that lawyers were seeing in a different form earlier this year and over the last couple of years have been with regard to collection. And they're getting certified cheques sent to them by someone who's paying off this collection and the instruction will be to put it through their trust account immediately and take a piece of it for their fees and so on. And this certified cheque is often stolen. But quite often the number on that cheque that the lawyer would call to confirm the account and confirm the amounts of the payor or the payee and so on, those would be added to the cheque after the cheque had been stolen.

             And you're really just calling the fraudsters to confirm that the funds are there and to confirm that everything's fine when you should be picking up the phone and looking for and looking on your computer to find out who's behind this? What's their main phone number and let me go through it that way to confirm things or deal with your local banker. You shouldn't just accept things at face value because it's printed on the cheque.

DW :     Yeah, particularly if you're talking - the case of the U.K solicitor who moved almost a million Canadian, that's the time when you're dealing with large sums that you really need to slow down and take as many precautions as you can. If you're getting emails that come in and say your account's been locked or your credit card's been denied or whatever, please click on this link and change it, then instead of clicking on that link go to your bank's website by typing it in your web browser and making sure you're going to the place you think you're going and then attempting to log in and attempting to see if that message is actually under your account. Because it's much safer and it's so easy to click on the link and go somewhere and think that you've arrived and it's just a false facsimile of the place that you thought you were.

PB :      And that's - I mean is really important I think to not click on attachments if you get attachments from someone you weren't expecting or this is different, as David said, that plea for money from a foreign country, this is they know human behaviour, they're working on that human behaviour, they expect you to click on something and if you click on something and maybe it looks like nothing happens on your computer and gee, I guess that's a bad file. But what's really happened is a Trojan or a worm has been downloaded onto your computer that will activate later and you might be sending out all your clients' information or banking information back to someone else. Or it may just be ransom and your computer will be encrypted and you'll be notified by email saying "Oh, by the way, $500 U.S and we'll decrypt your computer, otherwise we'll delete everything in a week."

DW :     So, hopefully that's made some sense to you. And if you have any additional questions, please just send four million dollars in unmarked cash to the Great Library and I will back to you as soon as I can.

PB :      And that's our look at social engineering. Thanks, David.             

DW :        Thanks, Phil.

Lawyers Working with PDFs

 Permanent link
Portable Document Format (PDF) is a default document format in the legal profession, whether you're downloading government documents, providing e-discovery, or just sharing with clients and counsel.  Phil and David talk about PDF tools, how to use mobile tools to capture documents and save them as PDF, and archival standards like PDF/A.
View Transcript

Speaker Key:      PB Phil Brown, DW David Whelan

PB :  Hi, it's Phil Brown and I'm here with David Whelan and today we're going to talk about PDFs.

DW :  PDFs are ubiquitous in the legal world, the portable document format, which is actually kind of funny because pretty much everything is portable these days. But the portable document format is the base for a lot of information sharing. Courts and governments use it on their websites to deliver information. It's a great way to take a document that you might have created in a word processor that would change if you sent it to someone else if they opened it up in their word processor. You can fix it so that it will always look the same. And both the fonts and the pictures and the lay-out, everything will stay the same. So, it's very useful.

PB :  And it makes it a little more hard to edit. So, for instance if you sent something to a client to review, and a little word of advice you should never send a client an open Word document, or anything like that because they can clip your letter head from it and your signature block and all sorts of things and use it nefariously. Because the PDF is a locked down version of that document that you've created in a word processing program, that's the one you want to send to clients.

DW :  Right, there's a great post on the site about why you should always use PDF for your final documents. And so, essentially, you can consider everything in your practice work product if it's in a Word document, not work product as evidence goes, but work product as work goes and then all your finals now are PDFs. So, when you get to the point of closing a file, you know really that you just have to go through and find all the PDFs because that's what you've been sharing with the client, that's what you've been sending to the court or to opposing counsel and now that's what you need to incorporate into your closed file.

PB :  So, it's like a snapshot, but it's not a snapshot.

DW :  Right. It can also capture a lot of information about the file so that if you put metadata into your Word documents that metadata can get transferred over into your Adobe Acrobat or your PDF files. And I just made the terrible slip that we were talking about earlier. Adobe Acrobat is almost synonymous as you can tell from the way I said it with PDF. Because Adobe developed the format and the Adobe Acrobat Reader is ubiquitous. Practically everywhere I think I've seen a reader, they use the Acrobat Reader. But they also are the creators of the Adobe Acrobat product, which is different from the reader. It costs money and allows you to edit or create PDFs. And so when you're dealing with PDFs you really have a lot of tools that you can use to work on them. And Adobe Acrobat is just one of those.

PB :  And the PDF is the cornerstone of the paperless office.

DW :  Absolutely, yes. I mean if you really want to be able to share documents, you don't have to worry about whether the person has Word or Word Perfect or what version they have and how the document will look on the other end. You can be almost 100% confident that the document they get will be something they can open.

PB :  And you mentioned metadata and metadata is created whether you want to or not with a Word document it tells when that document was created and which machine it was created on and at what time it was modified and any number of key words might be pulled from that document and incorporated in the metadata. And a lot of that is removed automatically when you convert it to PDF but you can also remove more.

DW :  Right. And so, that gives you the option then of when you create your PDFs to have as little metadata transported over from a document. So, if you're reusing a precedent you don't want to have metadata that may reflect on the other clients that you've used that precedent for. So, the PDF can help you to clear that out. And the PDF can also have information so that when you have to use it later or other people need to use it, it's easier to find it so you can add keywords or descriptions or properties in the same way you would with a Microsoft Word document.

PB :  And that is one of the beauties of the PDF is you're able to tag all sorts of unique information within it. So, if it's about forensic information, you might put in a forensic keyword or a file keyword or there's a number of things you can put in there. Maybe it's forensic and blood spatter and when you go and do your sort of global searches throughout your stored information you're going to be able to pull up these specific documents.

DW :  That's right. That's particularly useful if you have scanned in the document. And so, the document doesn't actually exist as text. You know, you have created it from a word processor, if I scan it directly in and I don't bother to do any character recognition on it, then it's really just an image. So, although I can read the words if I open up the file, the computer can't read the words because it doesn't know the words in the image mean anything. So, adding metadata particularly to scanned files that are on the images can make those PDFs very rich.

PB :  And maybe while we're talking about scanning, a number of scanners actually come with a program that's a reader or an editor as well.

DW :  Right, you can save a tonne if you find a bundle of Adobe Acrobat, the actual Acrobat editor, with a scanner you can save an awful lot on the overall licence to that software.

PB :  Now Adobe like many other companies is starting to go to a cloud model so you don't get a big box of software anymore if you were to buy the full Adobe Pro or whatever you would get a Creative Cloud license and you'd be paying by the month for that service and you get it automatic updates and things like that.

DW :  It's one of the reasons why I think the cloud's a rip-off. In the old days, you used to have a shelf full of all the old software that you either didn't implement or hadn't implemented in a long time. And now you don't get anything for your shelf.

PB :  You don't get any for your shelf, but you do get regular and automatic updates for your software, which in the old days when you paid $600 or $500 for a chunk of software, you didn't want to spend that again the next year to get your updates for the next version. And you usually didn't know what the big updates were anyway.

DW :  Right. Yeah and it's important to keep the software up to date. So, it's important to understand where you might be able to create or modify PDFs and the kinds of software that you use. Phil and I were talking about a couple of different areas and really I think it's fair to say they fall into the reader category, the writer category or the printer category, and the editor category. Do you want to talk about the reader?

PB :  Sure. So, readers, a PDF reader, there are a number of open source ones. And then of course there's the Adobe Reader and the Adobe Reader comes with just about every device out there. If you're using a laptop you probably have some version of Adobe Reader on it. Or if you're using a tablet, probably has a version of Adobe Reader. And it just enables you - a lot of browsers now come with an add-on so you can just read a PDF file or open it up on your browser and you're able to read it. You're just not able to edit any of those files necessarily with the reader versions. And as I said there's open source versions as well, not just Adobe; there's lots of other players in the game.

DW :  Yeah. Sumatra's a nice one. It's kind of ugly but it's a good open source one. I think the real benefit on the reader side because it is such a baseline, is the ability for people to be able to sign a document or PDF from within the reader. So, if you're looking at readers or whether your client has a particular reader and you're sending them a PDF to sign just be aware that in Adobe Reader you can do it, in Nitro PDF Reader there are ways to attach a digital signature, whether it's a picture of a signature or a little digital stamp or finger drawing on a tablet. That's one of the real benefits of the readers.

PB :  And the writers and editors are more robust.

DW :  Yes, the writers actually, it used to be a big deal to get a PDF writer but now it's built into the Microsoft operating system. So, that if you're ready to save your file, your PDF, and send it off to your client, you just do file save as and choose PDF format instead of .docx and it will generate a PDF file that's new and different from your .docx file, with the same contents but with all the information that you got in at that time. So, the writer really is something you can do file print as.

PB :  And they're also smaller files and take up less space.

DW :  Yes, yeah they'll be compressed over the Word doc. And they're useful too - I just misspoke, what I meant to say was file "save as" in Word. But if you have a printer installed, again I use Nitro PDF, but there are lots of them out there. Many free PDF printers when you go to a website or when you go to something else that doesn't have a "save as" capability into PDF then you just do file print and you print directly to your PDF printer and then you end up with a PDF of whatever the website is or whatever you're looking at.

PB :  And a lot of programs also have an export option as well.

DW :  Yeah.

PB :  Where you would export that document as a PDF.

DW :  Yeah, there's some really interesting tools. And we're going to talk about editors in just a second. But I think there's some other useful ones. One I wanted to mention because it's similar to, although not as powerful as the functionality in the Adobe Acrobat Editor, is something called PDF SAM. And if you Google PDF Sam, it's an open source tool that uses Java, which I'm not really thrilled about, but it allows you to split and merge, that's what the SAM is in PDF Sam. So, you can split and merge an PDF. So, if you receive a PDF you can split it into multiple pages or into parts so that if you only want to share or keep a couple of pages you can do that. Or if, for example, you're doing an expense report and you have multiple receipts from somewhere you can merge them into a single PDF. If you're closing a file, you can merge them into a single closed file for your client.

PB :  Sure. And just before you talk about editors I wanted to mention a lot of tablets and phones now you can download a program for scanning documents. And it's great for things like receipts and other documents, where you can actually just take a snapshot of it; it's immediately converted into a PDF. It's framed. Even if you did it crooked, it will be framed up nicely by the app and there's a number of apps for your phones that are a buck, two bucks, three bucks. And there's free ones as well. But you can convert something, a snapshot of something on a tablet and convert it to a PDF and export it to a client if you need to. And they can presumably sign it and send it back to you.

DW :  Yeah, it's great. I keep my office paperless that way. I use Microsoft Office Lens, which is free on Android and also Genius Scan, both of them are great. Genius Scan is actually a paid app, although I'm so cheap I think I got it free. [laughs] so, editors.

PB :  Yeah, let's talk about editors. What's the difference between an editor and a reader?

DW :  An editor will allow you to read a PDF but it will also allow you to actually make changes to it. So, say I saved a document out of Microsoft Word and I open it up in my PDF reader and I see that there's a typo, I could go back into a Microsoft Word, make the change and do the "save as" again, or now I can go into my Adobe Editor, my Adobe Acrobat Editor. And I think it's called Adobe Acrobat DC now for the latest iteration, the one that sort of quasi-cloud. And I could actually click on the word and use the tools inside it to change the letter from the typo to the correct. So, there's an awful lot of extra functionality built into it. Not just things where you're dealing with the text, but you can add forms, you can create what's called in Adobe it's, only in Adobe Acrobat, portfolios where you bring in a bunch of different PDFs or video or audio into a single PDF file. So, it allows you to do some really fantastic things within the document.

PB :  And if you're worried about a client having a PDF editor on their desktop and altering your document, you should know you can also lock down that PDF so it's a read-only version and it cannot be edited no matter what.

DW :  You can even go beyond that, you can stop cutting and pasting, you can stop printing. I will say, and I won't tell you where I heard it, but there are ways to get around those sorts of restrictions. But I don't know if there's a way to get around a password if someone has just locked down the cutting and pasting. There are ways to get around that. But it really gives you some excellent options. Another thing is the bookmarks or the index, the Table of Contents that's generated with the PDF. If you're in Microsoft Office it will often generate that for you if you're using Microsoft Office styles. But if you're in the document and say you've got 12 exhibits you've all put together into a PDF after your factum. Now you can create that Table of Contents within the PDF editor so that when someone else opens it up they have a nice Table of Contents on the side so they don't have to just page through and see what you have, they can very quickly see all if it in one little screen.

PB :  So, the last thing we can talk about is maybe a bit about archival PDFs and the differences.

DW :  Yeah, there's a long-term concern about how to hold onto these digital files. I mean we were talking on a recent podcast about the yottabyte and whether a practitioner will have all of his or her files on a single disc for his or her entire career. So, how long do you keep these files and what sort of format are you going to keep them in? If you've got old Word Perfect files you're probably already struggling to be able to open them in anything. PDFs will have a longer life and then in the PDF world there are the archivists who are worried about PDF/A and I know you're an expert on PDF/A.

PB :  Maybe not an expert. But PDF/A is something that came in, as David said, to archive documents and still be able to retrieve them a number of years later and I think the standard they were shooting for was six years. And the question is if you save something now in a particular format and you mentioned one product, WordPerfect, some of those documents you can't open now because you may have had an older version that it was created in, you don't have any version now in trying to open it in Word. You will might be able to open it but you might lose a lot of the formatting and possibly some of the content. So, the goal with PDF/A was to come up with something you could open six years from now and wouldn't lose any data. You'd still be able to read it in the form it was saved in and so on.

DW :  The funny thing is I talked to the Law Society archivist about this and he said that there's a real split of opinion over whether that's good because you do lose some of the functionality that makes the PDF useful like embedded links and things like that in order to get that longer preservation. So, even in the real nitty-gritty world they're not 100% sure about how to do it.

PB :  And that's why they've continued to work on versions, a PDF/A version 3, which has a much longer name is the latest iteration of PDF/A and you are able to embed links and things like that within it and images and all sorts of things that you weren't able to do in version one. And there was a bit of a transition through PDF/A2. And I think we'll see a fourth version and a fifth version and so on because archivists are always tweaking with the next piece. And now it's a six year standard. But more and more law firms and libraries and so on are archiving material digitally and I think you're going to look at, because of the cost of physical storage is so high now, more law firms will be struggling to convert to paperless. And they don't want their data to disappear. And they still want to be able to recover it if they have to protect themselves from a lawsuit 10 years from now.

DW :  So, if you're not using PDF, now's a great time to start using it in your practice and hopefully we'll have outlined some of the tools that you'll be able to use.

PB :  Thanks very much David.

DW :  Thanks Phil

Technology Jargon: R through Z

 Permanent link
Join Phil and David for the fourth - and final - technology jargon podcast, where we cover topics from R to Z:  two factor authentication, yottabyte, SMTP, and rooting phones.  Our other jargon podcast - A to F , G to L , and M to Q - are also worth a listen.
View Transcript


Speaker Key:       PB Phil Brown, DW David Whelan

PB :  It's Phil Brown and I'm here with David Whelan and welcome to part four of our Jargon 2015 podcasts. And I would suggest you go back and listen to the rest which would be from A to Q and now we're going embark on the letter R. David what do you have for the letter R?

 DW :  Alright Phil. We're going to get a little bit into the dark depths; we're going to talk about rooting. So you can root your phone or, in the case of Apple devices, you call it jail breaking. And what it allows you to do is to take control of the operating system. Currently, when you buy a device, an Android device or an iOS device, the operating system is actually administered by the operating system or the device. And so you can't make changes, you can't get down into the internal innards in the same way that in Windows you might open a command prompt and then be able to type commands. It limits some of the access that you have to your own device and so if you root your device or jailbreak it, you can apply additional rights, administrator rights that allow you to get access to these other things and in some cases to install additional software and that's why I do it on all of my Android devices. I will root my device and then I will apply a firewall and I'll use the firewall then to block all of the incoming and outgoing traffic that I don't want to have happen on my phone, so that I always know which apps are communicating. So, from that perspective, I like having that extra control. It will invalidate your warranty in almost every case, so I don't know that I'd recommend it for everybody, but, at least you know now that when people talk about rooting a device or jailbreak, really all they're doing is taking administrative control of their actual device.


PB :  And you're also doing the letter T after and I'm wondering if that's going to turn out to be tinfoil hat. But let's talk about the letter S, which is mine. And for the letter S, I have SMTP, which everyone uses and no one really pays much attention to its operating in the background of all of our emails and it's simple mail transfer protocol. It is not the part that actually determines how you receive emails and how they're displayed and so on, but, it really sets up the coordinates to say you know this is the email you've constructed in your computer, now sent it out this particular port, send it over the internet and this is the destination that it's headed to.


DW :  And the S really does mean simple. When I set up my first email server, it will send anything that it receives and so if you don't secure it, you can end up as a spamming source on your email server. So make sure even if it's simple it's not Simple Simon.


PB :  Right, and I think we've talked about in the past in fact we have a podcast about how email works and we've talked about things like POP and IMAP before. So if you're interested in POP and IMAP you might want to listen to our podcast on how email works because we talk a little bit more about the delivery and how you actually receive and display the emails and what happens if you delete one kind and not the other kind.


DW :  Alright so no tinfoil hats for T unfortunately. I'm going to talk a little bit about two-factor. Two-factor authentications are exploding in interests now in part because people are more fearful of people tampering with their accounts online. So we're starting to see that with our online accounts. It started with Google and with a number of the online professional services systems. Now we're seeing it on sites like Amazon. And what it allows you to do is to supplement your user name and your password on these online sites with an additional piece of information. That additional piece of information is usually a number that is texted to you or is generated in an offline app like Microsoft Azure Authenticator, or Google's Authenticator app and so if you've got your phone or your tablet with you, you just open up your device, you open up the app and it will show you the code that you then need to type in and that will assist you in logging into these sites and also slow down the ability of other people to change information about your account or to access your account merely by trying to guess your user name and password.


PB :  And I know we both use two-factor authentications. One of the things I really like about it is if you sign in to your device, or your account rather from a different device or from a different location it notifies you as well by email to say: "Hey you have a new log in from this iPhone which is never been used before into your account. Did you do that?"


DW :  Yeah, it's great to have them watching for you because again you will get surprises sometimes about which devices are accessing it and sometimes it's a kid or somebody else that you intended to get in there and sometimes it isn't. One thing to keep in mind with the apps if you use the Microsoft account app, the only way to get those account numbers is via text. One of the nice things about the Google and the Microsoft Azure Authenticator is that it's totally offline, so you don't need to be able to get a phone signal in order to be able to get your code to put it into your system.


PB :  And since this is an alphabetical jargon podcast, how's the Microsoft app spelled?


DW :  A-Z-U-R-E Authenticator.


PB :  And that's a zed for the Canadians out there listening.


DW :  Alright what do you have for U?


PB :  For U, I have URL. Everybody talks about URL's or has heard the term URL, but might not know that it stands for one of two different things. They couldn't decide. One is the Universal Resource Locator and the other is the Uniform Resource Locator and it's basically the address of the webpage. So, when you type at the top [], it actually points at a particular four component series of numbers which is the internet protocol address that is out there somewhere that connects your URL to the actual computer that you're trying to connect with.


DW :  Right, and it's uniform because if that number changes, if the Law Society got up and moved all of its servers to a different company. Say they left Bell, for example, and went to a different provider that URL would continue to work even though all those IP addresses had changed.


PB :  It's uniform and it's unique as well, although there are often sub addresses and so on. And each device you're using has a unique address as well.


DW :  Alright for V I've got VPN. The virtual private network. VPN's are great, lawyers should use them whenever they leave their offices and they are using devices that have client confidential information on them. It allows you to have a protected connection over the Internet. It's like a little encrypted pipe that only you can access and between you and wherever the VPN terminates, you can get to other places without having to worry about people eavesdropping on you. Some people will use it to get past geo blocks so that they can watch Hulu or Netflix in the US, but it's really good for making sure that when you're doing online transactions and you are in a public place, that you've got a secure connection. You might also use it, you can set up a VPN endpoint in your office so that when you're on the road, you can actually connect back to your office and have a secure connection from wherever you are back to your office and so you don't have to worry about anybody in between.


PB :  And we've talked before about clean devices and things like that and this is the perfect opportunity to use a VPN because if you are on the road quite likely you don't have anything other than a public network to use whether it's a hotel Wi-Fi connection or even a hotel wired connection, it still would be considered to be somewhat public and using that VPN within the public network will protect your data or your clients data, more accurately.


DW :  That's the most important part. Alright what about W?




PB :  And you can see a lot of that coding if you go up to the in your browser and check out the source which no one ever does, but, you can see a lot of that XML coding that's built into that webpage to see what's kind of hidden there if I can put it that way.


DW :  But why would you? What do we have for Y Phil?


PB :  Y; Yottabyte. Y-O-T-T-A-B-Y-T-E. It's unlikely you will ever run across the term Yottabyte other than it being the largest measurement possible for an amount of data which is two to the eightieth power. You may see it someday in terms of the amount of memory available, but, you know laptops have gone up more and more and more and a megabyte used to be a lot. Now it's pretty common to see five and ten terabyte drives available. And I think eventually you'll see a drive that big, one of the things to remember of course is the bigger the drive, the more information you have on it and if it fails you've lost a lot more information than you intended and I don't know if we'll ever see a Yottabyte drive.  It won't be much bigger than the terabyte drives in terms of size, but, the thing to remember is the amount of data you have on there. Especially without any partitions, if you have a drive failure, you're going to lose all of your information which could be more than you expected.


DW :  It's funny to think about too because if we think about a new call this year coming out of law school or a new paralegal coming to the profession, their entire career will be something that is stored on a hard drive where a lot of us have a good amount stored on hard drives, but not everything. So they might actually need a single yottabyte drive to last them their entire career.


PB :  And it's funny to see even if, I'm dating myself here, but, to see how much computers have changed. I know you know at one point the Macintosh classic was considered to be a portable computer. And I think they weighed about sixteen pounds, but, they did fit under an airline seat. If you zipped them in their little bag, but, just barely. And they had a floppy drive and that was pretty much it and then you know we've lost our five and a quarter inch floppies, but, even now if you look at some of the newer machines, they're getting rid of optical drives, they're getting rid of even USB ports. Apple's gone to a new proprietary port that they have on their machines that's meant to replace the USB.


DW :  It's all portable, everything.


PB :  And now you have the letter ZEE or the letter ZED; take your pick. And what does Z stand for?


DW :  Z stands for Zero-day and Zero-day is getting a lot of press in part because I think everybody's much more aware about how computers are attacked on a regular basis or under threat on a regular basis. A zero-day is short for zero-day exploit and what it means is that someone has identified a problem within a software application. Something that they can use to exploit, to attack, and nobody knows about it. And so, they will save that up. It's been documented that governments saved this up for their attacks and, of course, the criminals do it as well and then when the first attack happens, that's the zero-day, that's the announcement that oh we've got this problem and often a zero-day, the problem with a zero-day is that there isn't any patch for it, there's not fix for it. So if you like many people will use Adobe Flash which was patched on this last Tuesday, it's December 2015 and it had seventy eight patches, a lot of those were in response to exploits that they had found on their own. But, the zero-days happen outside of that world and are things that really are of a concern for all of us because it often means that even though we've patched and done everything we can to make sure our law-firm computers are up to date, that these zero-days suddenly put everything at risk.


PB :  And there's a bunch of websites that you or your tech people should be looking at all the time to figure out you know what's going on out there in the world. It's not just enough to do a virus check every day or a malware check every day. You really need to be looking at sites like Symantec, and Krebs and things like that to figure out what's going on out there.


DW :  Right. It really is, it's making using technology practice a lot more complicated.


PB :  And if you're using a computer and you're on a network, you should be doing a tech audit every year to see you know, make sure your licences are up to date; make sure your software's up to date. That you have all the patches for your browsers, your routers and you mentioned recently having your routers up to date because they do eventually become obsolete.


DW :  Yes. And if you don't want to update them then just throw them away and buy a new one, but, definitely don't hold onto the old hardware.


PB :  So that is the end of our look at our Jargon podcast for 2015 and we hope you've enjoyed them as much as we have and thanks very much, David.


DW :  Thanks, Phil.


Technology Jargon: M through Q

 Permanent link
This is our third swipe at jargon, covering M through Q:  open source, queries, and the wireless N standard, among others.  If you haven't listened to our podcasts on A to F and G to L , you can add them to your list.
View Transcript

Speaker Key:      PB Phil Brown

                                DW David Whelan


PB :  Hi, It's Phil Brown and I'm here with David Whelan and today we're going to start part three of our Jargon 2015 podcast.

DW :  Yes, if you've missed them, go back and listen to A through L on the previous two jargon podcasts and today we are going to start with M. What do you have for M?

PB :  M is for megabyte, so we all talk about a megabyte, but, very few people I think understand what the unit represents. It's just over a million bytes, the byte being the smallest unit I suppose available for memory and storage. To ball park it, one byte would be equivalent to about one typed character if we're using text. So if you're thinking about how much storage this is going to take up, you can equate it more or less depending on spacing and things like that on a one-to-one kind of ratio. So, how many pages would that be? Roughly, depending on your font and characters and whether you have any images, a megabyte would be somewhere between two hundred and fifty and five hundred pages of information. What do you have for N David?

DW :  N I have the letter N. When you buy wireless routers or get on wireless networks you used to buy wireless routers that had the letter B and that was the standard at the time so you'd get Wi-Fi 802.11b and that was where it began. And that was sort of a slow speed and then it slowly grew to 802.11a which seems a little bit backwards. And then a few years ago we went to 802.11n and that was the speed that you aimed for or the hardware that you tried to buy. And now we are going beyond N finally. N which never really stood for anything I always thought it meant new, but, it never stood for anything and it was a big leap up from the A's and the B's. And now we're going to AC, so if you're going looking for new wireless hardware, you want to make sure it's going be compatible with the AC protocol that's coming along which is promising and you know hundreds and hundreds of megabits per second throughput which is great if you are using it in your internal network inside your office.

PB :  And hopefully most of the routers and modems are backwards compatible.

DW :  Yes, I think from that perspective you should be fine. The trick or the thing to remember really with Wi-Fi hardware is even if it says you're going to get 800 megabits per second throughput, as soon as it hits your internet connection which is only 1 megabit per second, you lose 799, so it's great as far as internal use if you want to stream files from your server or if you want to stream movies from your server, it's great, but, you need to just keep that in mind that although you're getting higher, it is good, it's positive for internal use, it won't necessarily mean that your internet access gets better.

PB :  And it also just the last one last point I think is if you have a device on your network at home or on your Wi-Fi network, that is an 802.11b, even though you have an N router it's not going to go to that N protocol because it goes to the lowest common denominator on that network.

DW :  Right, yes, if you got 802.11b's or 802.11a's out there you want to make sure that you toggle them so they go to N if they can or frankly just update them because you're got that kind of old equipment you'd get a speed boost if you update it.

DW:  Okay, what's there for O?

PB :  O, I've chosen open source. It's software where the programming code is available to anyone. And you will see one of the advantages is that you're not working with proprietary software so there's no bowing down to one of the big guys if I can put it that way. And the other thing is there is sort of a lot of crowd-sourced improvements to open source software and you can either make your own improvements if that's possible, if you have the knowledge, or you can rely on others to tweak things as the software goes and there's regular updates and in theory can improve things quite a bit.

DW :  And I've heard though the flip side and the reason that law firms might not use it is "Well, I don't have anybody to call if order to get support because since it's open source in its community then I have to rely on the goodness of other people."

PB :  And that matter, I suppose, is one of the major downsides of open source is in terms of the tech support available. You're really going on you know Google searches and looking at boards and trying to find out fixes and workarounds that other people have worked out. Or you can throw your problem out there on one of these boards on the Internet and other people might be able to solve the problem for you as opposed to going through some thirty page FAQ from Microsoft or Apple or someone like that and then the little proviso at the bottom saying "Did this help you with your problem?"

DW :  I think the interesting thing about open source is how much of it we use without really realizing it and so if we use the Mozilla Firefox browser for example we're using open source software and I think we're going to see a trend. Certainly with Microsoft embracing Android and other environments Linux, we will see that they will be open sourcing more of their code as well and so that's the nice sort of sweet spot where you got an organization supporting it that's big enough to actually support it, but, it's still free to us to use or to play around with.

PB :  And I think there will be quite a bit more talk about open source software given some of the concerns people have these days with the larger companies potentially giving up encryption keys to various governments.

DW :  Right. So we'll have both free beer and free puppies.

PB :  That's right. And now the letter P. What do you have for P?

DW :  P: I like the word proxy, proxy is good, lawyers know what proxies are. In the terms of technology, a proxy really does the same thing that a proxy does in real life. It stands in the place of you. And a proxy can do some good things for you; it can allow you to route all of your network traffic through the proxy which will then protect your systems from behind that proxy by filtering out information that may be unique to those web browsers or computers. It will allow you to control how your traffic flows in and out of your environment. So it's a little bit like a security tool where you can funnel things and control what gets to the web and what doesn't. One of the benefits of using a proxy is that you can set it up so that it blocks out inappropriate sites. Web filtering is an obvious one and from a parent's perspective you might do it. But, even more importantly frankly is not the contents so much as the malware sites and bad sites like that where you just don't, you want to eliminate the ability of your staff or people in your law firm to even click out and potentially download malware and things like that. A proxy server can allow you to funnel everything through that and make sure that anything that's leaving your law firm or coming back into your law firm is coming from a place you want it to come from.

PB :  And the proxy doesn't have to be a physical server, it can be a virtual identity.

DW :  Yes. You can actually buy a computer and run all of your connections through it or you can buy a piece of hardware that acts as a proxy or you can just have this virtual identity, so it runs through it and then runs back.

PB :  Right.

DW :  All right. What's up for S? I'm sorry Q, we always forget Q.

PB :  Q is a tough one. And the best I could do was query. Queries are the sorts of things you would use to make inquiries of software for your computer to find out things like which of my ports are open? What's my IP address? Things like that.

DW :  Yeah and it's amazing really, it's one of those terms of art that I think lawyers would probably understand. It really is just asking, you're just asking things and so in Excel you may be using the Excel query language in order to ask what is in different cells and how to manipulate those? Of course, when you use a web search engine like Google you're obviously doing a query there so it's interesting really how many query languages we're surrounded by.

PB :  And that's part three of our jargon podcast. Stay tuned for part four.

DW :  Sounds good.