Begin Again

Unitarian Universalists can learn from our Jewish neighbors about starting the new year with a fresh perspective. This sermon was delivered to the UU Church of Silver Spring, MD, on September 29, 2019.

Our administrative office is a place of wonder, discovery, and spiritual growth. Really. The other day, our beloved and highly valued congregational Treasurer, Olivia, was opening the mail. She wondered out loud if anyone wanted to respond to our insurance company about their offer for a free wall calendar that includes safety tips for religious communities and contact information for the insurance company. I was so excited! This was just the letter I had been waiting to receive! 

If you’ve been in my office, you’ve seen how marked up last year’s calendar is. Not only do I write on it the dates of special services and congregational events, it’s the first place I look when I’m so immersed in planning ahead that I need to be reminded what day it is today. Olivia very kindly wrote our customer number down for me so that I could go on the website to request our copy of the calendar. It’s supposed to arrive in November. I can’t wait!

There is nothing like spreading out a fresh calendar, full of open spaces, the potential energy of days and weeks and months stretching before you. Anything is possible. There is value in spontaneity, and I admire people who can create things in the moment, but the gifts that the Divine has bestowed upon me work best when I plan ahead. I can adapt a plan when needed -- I’d like to think I can be flexible -- but I prefer to start with at least some goals. Hence, the golden opportunity of a new calendar: an entire year, waiting to be framed with hopes and dreams!

Of course, knowing that not everything goes according to plan, the safety tips and phone numbers for the insurance company are nice to have, too. 

My excitement about turning over a new page in the calendar is just one of the reasons I find it deeply meaningful to celebrate Rosh Hashana, the Jewish New Year. My interfaith family is delightfully complex in spiritual expression, so I hope it’s not too confusing that I spoke about my personal earth-centered practice last week, and this week I’m telling you that I’ll be out of the office for Rosh Hashana and Yom Kippur. Some of the families in this congregation are interfaith Jewish and UU like mine, but even for those who are not, there is wisdom we can learn from the Jewish New Year that fits in with Unitarian Universalist faith and practice. 

In particular, I want to talk about starting over. For ourselves, that means coming to terms with our mistakes and vulnerabilities, and setting intentions for the kind of people we want to be and the kind of choices we want to make in the coming year. In our relationships together, that might mean making amends or letting go of grudges so that we can start fresh. Turning the page doesn’t mean forgetting the chapters that came before, but it can mean a new perspective and a new direction. In our Soul Matters themes of the month, September is a month of expectation; this week is a good time to begin again, to reset our expectations of ourselves and the year ahead.

A bit of context might help. On the Jewish calendar, Rosh Hashana is the new year holiday. The shofar is blown to wake us up, to bring us into the present moment where we can do the work of turning toward life in the new year. Ten days later, Yom Kippur is the Day of Atonement, the last day before the books are closed on the previous year, a last push to take responsibility for our mistakes. I’ll talk about that next week. There is space between them to look back, like when the congregation ends our year of accounting on June 30 but we have a little time before we can give a comprehensive financial report on the year that has just ended. We need that time in between to assess and to make corrections. While Rosh Hashana and Yom Kippur are two separate holidays, and it’s a great opportunity to be able to talk about them separately, they are related to each other. 

As Unitarian Universalists, we strive to practice responsibility. Our UU Principles speak of the free and responsible search for truth and meaning. Our behavior should reflect the inherent worth and dignity of all those who are affected by our actions, including ourselves. We know that we are part of an interdependent web of existence, and that our choices have far-reaching consequences on others, and that the choices of others far away have an impact on us. Whether we reflect on this at Rosh Hashana or at another time of year, it makes sense to take regular stock of how we are doing with being in community. It makes sense to lower our defenses long enough to honestly assess the places where we can do better, to repair our relationships where we have done harm, and to set some intentions for living out our values more deeply than we have before. This can include setting intentions that will allow us to have greater access to joy, to community, and to spiritual growth; turning toward life in the new year has hopeful and positive aspects. 

Last week, we talked about your congregational covenant of right relations, including the part that says:

Knowing we will at times fall short of these ideals, we intend to use this covenant as our guide for the behavior we expect of ourselves and others as we live and work in community.

This understanding of human fallibility is built into the High Holidays, and is definitely built into a long-lasting UU covenant. None of us are perfect, yet we are capable of being held responsible. Covenants give us a path for acknowledging harm, making amends, and returning to community. A regular, perhaps annual, practice of beginning again reminds us of the potential for taking responsibility and reconciling in right relationship. 

Beginning again does not mean forgetting everything we have learned up until this point. Rather, it means building on what we’ve learned, yet opening our senses to what there is, truly in this moment, rather than being governed by what we perceived in the past. There is a lot of brokenness in the world, brokenness between people, brokenness in our own hearts. That is true. And it is also true that the world, our relationships, and our hearts are capable of healing. We are alive, and so the potential for change and growth lives within us and between us and beyond us. 

The opportunity to begin again, to fill in the pages of the calendar of the year to come with positive intentions, is powerful. Recognizing our mistakes, our vulnerabilities, and our shortcomings can be scary. We might fear that making mistakes means being a mistake, but that is just not so. Being in a community that engages in introspection together reminds us that we are all human, and we can work on doing better. Coming to terms with our flaws means we have a chance to learn a new way, we don’t have to dwell there, we don’t have to create an identity out of our mistakes. But we do have to learn from them, and make repairs when we can. 

Another advantage to doing this spiritual work in community is that we have opportunities to forgive each other. Sometimes the opportunity to let go is not presented with a perfect apology. Sometimes the opportunity comes when we realize that carrying a grudge is more exhausting than it’s worth. If we open up our hearts, take an assessment of where we are and what our intentions are for the year to come, it might be possible to keep the learning and the wisdom gained from a painful experience while letting go of the resentment. It might not be possible yet. Letting go of grudges is not easy. Nevertheless, entering the new year with fewer or smaller chips on our shoulders might free us up to pursue our positive intentions with more strength than we had before. 

There’s a parable in Jewish circles that originates with the Maggid of Dubno. A Maggid is like a spiritual storyteller, sometimes a rabbi but not necessarily, someone who might be a wise fool or a musician or simply a conveyer of wisdom and cultural knowledge. The Maggid of Dubno, Rabbi Jacob Kranz, told of a fortune that was lost and found between the generations. This version comes by way of Rabbi Daniel Brenner: 

Once there was a wealthy man who wanted to protect his fortune so he hid his wealth in different places in his house. He died before telling his son where he had hidden the money. After the father’s death, the son lived in the home but he had no work and he had little to eat. He grew increasingly desperate and one day was counting out his last few silver coins when one of the coins dropped, and he crawled on the floor to find it. He searched all over but he couldn’t find his coin. In desperation he pulled up the floorboards and found one of the sacks of golden coins his father had hidden. He opened the sack and was amazed at his fortune. He searched all through the house and found more and more sacks of gold but he never found his original, lost silver coin.

Because it’s a parable, there is lots of room for interpretation in the Maggid’s story. One way of interpreting the story is that this world is full of surprising treasures. Another thing to notice about the story is that the silver coin that was lost remained lost. Sometimes we have to let go of something to find the treasures that will lead us in a new direction. It may be the case that letting go, starting over, means losing something we value: an old identity, a sense of urgency that kept us going when we didn’t think we could, a connection with someone who is gone. The grief of losing that is real. And sometimes what we find instead is a better fit for the future. 

Something I notice about this parable is how the low point in the story could have been made easier if the two characters had talked to one another, and had not put it off for another time. If there is an opportunity for healing, take it. If there is an opportunity to be in community, to reflect and be vulnerable with a trusted spiritual companion, take it. If there is an opportunity to learn from the past while being clear about what is needed for the future, take it. The treasures we have are made evident when we engage in right relationship. The gifts we need for the time ahead might involve letting go of something else we thought we needed in the past. 

The start of a new year is a good time to assess who we are and where we are. It’s a good time to notice the ways we have healed over the last year, the ways we have yet to grow, and the repairs that are ready to be made. If you are like me, a little too giddy with the excitement of a new calendar, the start of a new year is a good time to remember what day it is today, to be present to things as they are and to the people around us and the condition of our relationships. 

May the coming year be nourishing with the satisfaction of learning and growing from our mistakes. May the coming year be illuminated with the beacon of our positive intentions. May the coming year be uplifted with the unburdening of resentments that no longer serve us. May the coming year be warm with the connections of our loved ones and spiritual companions, communicating openly about what’s most important. May new beginnings bring a sweet new year. 

So be it. Blessed be. Amen. 

auto insurance fontana

BEST ANSWER: Try this site where you can compare quotes from different companies :insurancefreequotes.xyz

auto insurance fontana

auto insurance fontana, but I am very satisfied that there was no reason other than to do not use it. We also paid for insurance for our cars through UPS and the agent told them to call you back. So obviously they didn t want to call you back so I called UPS again. So this seemed fair and I called UPS again and was told that the agent would not know that UPS isn t the right amount. I was told by UPS of all their policies. I was told that once the policy is finalized, it can t be cancelled as long as I remain close to the claim. And so I called UPS again, just to cancel UPS, but it was not going to end until we got a check from Uwe. UPS told me that it had stopped canceling for UPS, that they only paid up to our new plan for a reason, not for any reason, so I wasn t expecting anything. That is the end of our trip, so I returned to UPS. So. auto insurance fontana.com/html/title.htm This means that this section applies only to those items that are listed on your insurance policy, as well as items and situations that do not apply to your insurance policy as a result. However, you should be aware that most insurance companies will also provide optional coverage for your children’s medical coverage. It does not matter if they use your company or not, what matters is that they cover the pediatrician and family’s doctor(s) for any injuries. Most of the time, their policy will cover the medical bill. When dealing with a child on a parent’s car insurance policy, these are the items your insurance company may add: There are many different ways to get car insurance if your child is driving your car. For most of us, the vehicle we are driving does not qualify for car insurance. Even though kids may not be required to have their own car insurance policy, they should do their fair share. If your child. auto insurance fontana fontana fontana (and we’ll take a look), and if you choose the top option from our auto insurance guide, or the auto insurance quotes from other states, you can start the new year with that first insurance quote. And, don’t wait. The amount of people who depend on you for auto insurance is enormous. You’re very much in their business if they don’t have adequate coverage, and that’s not going to change in 2020 unless your company wants to be part of their policy. We want to help you get the cheapest option possible. If you’re paying the premium on something that is not in your control, that might be an excuse to cancel your policy. Most of these problems can be fixed with a little extra work (and a little patience!). But many people will be in a financial bind for a year or two. If you’re canceling your plan because you can’t find insurance.

AdDavid Ceballos - State Farm Insurance Agent

AdDavid Ceballos - State Farm Insurance Agent - 2nd Street Agency. My husband and I have a beautiful wedding gift of a beautiful engagement ring as well as a lovely necklace of gold. I am so thankful for this wonderful treat and how wonderful it was for us. Thank you. I am a full-time student and a very satisfied homeowner. I have been to school here and through my agent, I have found a great company to take care of my car. My car is about ten years old and my insurance policy has been very limited because of the high mileage and time I have of traveling. I am looking at switching to State Farm in June. How much of a rate do I really need in the end to make a decision. My first question to you is: Can you go back in time? For me, I would need to make sure that I got married and had my own car insured against a massive amount. What about insurance? If something went wrong with my car, is it worth it to me?.

26. Dynamite Auto Insurance

26. Dynamite Auto Insurance (DMV) was founded in 1998 in Chicago, Illinois. The company was created for low-cost insurance products, and is known today for its extensive network of local agencies. Their customer service and claims department is very helpful. The agent can help you with any of your insurance needs. Dynamite has an A+ rating from the Better Business Bureau. In 2013, the group wrote over $1 billion in premiums for all lines of insurance - including auto and home - under their name. They are also rated well. The premiums in the insurance industry are low though. You could have been on a government subsidy or self funded through your job, and they just won’t get you a premium for the actual cost. They can be hard to work with. While all auto insurance companies with their own fees and costs have a claim waiting period, Dynamite is generally not, nor are they a government insured. They have a minimum of $50,000 in assets to protect for a claim of.

AdDirect Auto Insurance

AdDirect Auto Insurance Services in Fort Lauderdale has taken a look at how your vehicle is used in this context and other information about how a state-created auto insurance policy works, and why this distinction is important in the industry. In this section we will help you examine Florida’s legal requirements, insurance laws, and the laws applicable to it in each state. Florida Insurance Code, Florida – The Insurance Code for all drivers is to make sure that drivers are covered by their insurers in the event of an accident. The mandatory auto insurance coverage for drivers in Florida is a minimum of: While these are the first two, there’s more to consider before you add them to your policy. You’ll want to make sure that you’re fully covered by your insurance as soon as the accident occurs. If you’re a part of an accident scenario that poses a high-risk to you and your vehicle, you might want to explore these alternatives before adding them to your policies. You can either.

30. Shield Auto Insurance

30. Shield Auto Insurance is a full-service insurance company offering personal car insurance policies in Louisiana. It was founded by an insurance entrepreneur named Jason McLeod in 2007 in Saint Louis, Illinois. Today, Phoenix Insurance Group is a full-service insurance company offering a wide range of personal auto policies. It has over 200 insurance agents and over 100,000 policies under its name, which brings it in line with many other national insurance groups. As a Louisiana auto insurance provider offering auto, homeowners, renters, and condo insurance in both the state and federal markets, Phoenix is well known for being a low cost car insurance agency. Its services include commercial and farm insurance as well as the homeowner insurance program. As an insurance brokerage, Phoenix specializes in providing business insurance and personal finance for the brokerage community. Phoenix Insurance Services currently services clients in the following states: Although Phoenix Insurance Services does not currently offer commercial, insurance with a mobile app, it does still offer the following standard and consumer products: Phoenix Insurance is a full-service insurance.

28. West Coast Auto Insurance Services, Inc.

28. West Coast Auto Insurance Services, Inc. is an independent insurance agency. We represent multiple insurance companies, and can help you find the policy that meets your needs and budget. Our friendly, licensed insurance professionals can help you determine the perfect coverage for the type of vehicle you drive. Whether you drive a sports car, utility, or a used car, you need affordable auto insurance. To save money on your insurance, look into different types of insurance policies. Some might include: If you own a car, your policy might include liability coverage that can protect you from the financial consequences if you cause an accident. If you own property, you should consider the value of your car the moment the car is totaled or in the sale when repairs are less expensive. While most insurance policies and dealerships will require you to notify your broker, we will work with you. If you don t have a broker in your area, call us at 1-800-639-5140 or enter your zip code below to begin, we ll help you find the.

10. Fiesta Auto Insurance

10. Fiesta Auto Insurance reviews are always positive (at least for companies who promise good ratings), but these companies are a little bit more aggressive when it comes to insuring different ethnicities. This is a major draw, but I would rather see one of these two companies. The reason that Hispanic car insurance is an expensive life insurance product is that there is a large percentage of them. Hispanics tend to be in poverty, and often get into accidents. In terms, Latinos can be a large problem, and Hispanics may have more options for coverage. For the most part, it comes down in one of these four categories. Hispanics are Latino, but they do have some options if they are looking for affordable car insurance. For the second most affordable category, I have a number of Hispanic-specific websites that give us information about car insurance that Hispanics in the U.S. can buy. One of the biggest reasons Latinos are expensive car insurance is because of an accident. Latinos have a higher  rate of auto repairs (6.

1. Help U Save Auto Insurance Services Inc

1. Help U Save Auto Insurance Services Inc. to save on your carInsurance and Warranty savings. U.S. and Canada license holders must purchase their U.S. license in their home country. U.S and Canada drivers living outside of the U.S. have more exposure to the risk. Insurance covers the damage to vehicles in countries that have drivers from the U.S. In addition to the risk of natural disaster, the United States government and non-U.S. citizens have a higher insurance risk. Since 2005, the U.S. Department of Labor has stated in its U.S. Trade Adjustment Assistance Program that the U.S. economy suffers under the loss of the economy, and that economic growth, like any other market sector, is adversely affected. If auto insurance companies don t have licenses through work, U.S. residents may need to obtain one to avoid a high-risk driving group and vice versa. For example, a U.S. driver who doesn t own a car.

19. Auto Insurance Specialists

19. Auto Insurance Specialists works closely with our friends & family at  to help ensure you find the best car insurance rates available.  Whether you’re out for a drive trip, or a festival, we’ll get you a great savings on the insurance you need, at a price you can afford. It’s important to have a car insurance policy that meets your budget, but what goes into it and how it’s purchased can be a little complicated. Here are some of the reasons why a car insurance policy with AAA could help you: The auto insurance policy has a number of advantages and disadvantages. It isn t your only option for car security and protection if you re carrying a comprehensive policy. Plus, you don t want auto insurance with no credit or insurance for your ride. AAA’s insurance is called . A comprehensive insurance policy with high deductibles and higher premiums may cost more in the long run. The good news is that car.

9. Drivetyme Auto Insurance

9. Drivetyme Auto Insurance is authorized to insure drivers who have only been convicted of serious traffic violations as described in their policy documents to determine the coverage amount necessary for vehicle registration.  These citations generally reflect the amount of time that has passed since the vehicle was first committed to insure, with a fixed penalty for driving with a suspended vehicle on our property.  All vehicles listed as listed include only a nominal driver who did not make the license renewal payment that is due on or after January 1, 2014.  We are unable to review or change any of the listed vehicles.  A car insurance premium for one would only be about $15 per month, while the same would be charged for a six-month policy. Since we already cover a wide range of vehicles, your future is less uncertain.  You can then apply for a policy and we will be sure to get you the best coverage and cost for your vehicle for when you need it. The only drawback to taking out your.

AdHammer Insurance Services, Inc Fontana

AdHammer Insurance Services, Inc Fontana, AZ 11378-9378 I am looking into this new car. Why a new one would they sell an HVAC but no one wants to do the repair work? Does the repair shop that you are at have to pay a lot of money to maintain it? and the problem is all insurance policies that say your policy is to be bought, but you can find a new policy and save thousands. I am looking at buying a new car this month? I paid $6000 for a 2015 Ford Fiesta, but the car just doesn t get that much power over the winter. i have the insurance to pay a new insurance bill? Is there any chance i should pay the $1 Million payment for the next month? Can the insurance go up because I am getting into all this? Is this even a possibility. I will check with your insurance company the long way down the line. First I would call the L&I agency and let them.

DMVs Are Selling Your Data to Private Investigators

Departments of Motor Vehicles in states around the country are taking drivers’ personal information and selling it to thousands of businesses, including private investigators who spy on people for a profit, Motherboard has learned. DMVs sell the data for an array of approved purposes, such as to insurance or tow companies, but some of them have sold to more nefarious businesses as well. Multiple states have made tens of millions of dollars a year selling data.

Motherboard has obtained hundreds of pages of documents from DMVs through public records requests that lay out the practice. Members of the public may not be aware that when they provide their name, address, and in some cases other personal information to the DMV for the purposes of getting a driver’s license or registering a vehicle, the DMV often then turns around and offers that information for sale.

Many of the private investigators that DMVs have sold data to explicitly advertise that they will surveil spouses to see if they’re cheating.

“You need to learn what they’ve been doing, when they’ve been doing it, who they’ve been doing it with and how long it has been going on. You need to see proof with your own eyes,” reads the website of Integrity Investigations, one private investigator firm that buys data from DMVs.

“Under this MOU [memorandum of understanding], the Requesting Party will be provided, via remote electronic means, information pertaining to driver licenses and vehicles, including personal information authorized to be released,” one agreement between a DMV and its clients reads.

A small section of a document from the Virginia DMV showing which private investigators the DMV has data selling agreements with. Image: Screenshot.

Multiple DMVs stressed to Motherboard that they do not sell the photographs from citizens’ driver licenses or social security numbers.

Some of the data access is done in bulk, while other arrangements allow a company to lookup specific individuals, according to the documents. Contracts can roll for months at a time, and records can cost as little as $0.01 each, the documents add.

“The selling of personally identifying information to third parties is broadly a privacy issue for all and specifically a safety issue for survivors of abuse, including domestic violence, sexual assault, stalking, and trafficking,” Erica Olsen, director of Safety Net at the National Network to End Domestic Violence, told Motherboard in an email. “For survivors, their safety may depend on their ability to keep this type of information private.”

The sale of this data to licensed private investigators is perfectly legal, due to the Driver’s Privacy Protection Act (DPPA), a law written in the ’90s before privacy became the cultural focus that it is today, but which critics believe should be changed. The process of becoming a licensed private investigator varies from state to state, and can be strict, according to multiple sources close to the industry. Some states, however, allow licensing to be granted on a local level or investigators to operate without a license.

The DPPA was created in 1994 after a private investigator, hired by a stalker, obtained the address of actress Rebecca Schaeffer from a DMV. The stalker went on to murder Schaeffer. The purpose of the law was to restrict access to DMV data, but it included a wide range of exemptions, including for the sale to private investigators.

“The DPPA is one of several federal laws that should now be updated,” Marc Rotenberg, president and executive director of privacy activism group EPIC, wrote in an email. “I would certainly reduce the number of loopholes,” he added, referring to how the law might be changed.

Do you work at a company selling data? Did you used to? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected], or email [email protected].

The data sold varies from state to state, but it typically includes a citizen’s name and address. In others, it can also include their nine-digit ZIP code, date of birth, phone number, and email address.

Rob Namowicz, a private investigator from Wisconsin, told Motherboard in an email he buys DMV records “to get driver license [sic] information on subjects I may be investigating.”

The Virginia DMV has sold data to 109 private investigator firms, according to a spreadsheet obtained by Motherboard. The New Jersey Motor Vehicle Commission has sold data to at least 16 private investigation firms, another spreadsheet shows. The Delaware DMV has data sharing agreements with at least a dozen investigation firms, and Wisconsin has around two dozen current agreements with such firms, other documents show.

Motherboard did not obtain records from DMVs in all states, so the number of private investigators that have been granted access to citizens’ data across the country is likely higher.

The data selling is not limited to private investigators, however. The DPPA also allows the DMV to sell data of drivers to various other entities. Consumer credit reporting company Experian features heavily in the documents obtained by Motherboard, which stretch from 2014 to this year, as does research company LexisNexis. The Delaware DMV has direct access agreements with around 300 different entities, according to one spreadsheet. The Wisconsin DMV has current agreements with over 3100 entities, another shows. Local media outlets in Florida, Texas, and elsewhere have also reported on DMVs selling data to third parties.

Valerie McGilvrey, a skiptracer who uses various tools and techniques to track down vehicles that need to be repossessed, told Motherboard “with Texas having no repo license and minimum standards, convicted felons can and do access professional databases.”

Motherboard also found a bail bonds company included in one of the datasets. Motherboard has reported extensively on the abuse by bail bonds firms and bounty hunters around tracking techniques such as location data.

“The selling of personally identifying information to third parties is broadly a privacy issue for all and specifically a safety issue for survivors of abuse, including domestic violence, sexual assault, stalking, and trafficking.”

DMVs are making a lot of money from the sale of this data. The Rhode Island DMV made at least $384,000 selling personal data between 2015 and this year, according to a spreadsheet obtained by Motherboard. When asked how much the Wisconsin DMV made from selling driver records, a spokesperson wrote in an email “Per these 2018 DMV Facts and Figures, $17,140,914 was collected in FY18 for driver abstract fees.” Examining that document shows that Wisconsin’s revenue for selling driver records has shot up dramatically since 2015, when the sale drew in $1.1 million. The Florida Department of Highway Safety and Motor Vehicles made $77 million in 2017 by selling data, a local outlet found.

Documents explicitly note that the purpose of selling this data is to bring in revenue.

“This is a revenue generating contract,” one document from the Indiana Bureau of Motor Vehicles obtained by Motherboard reads.

A spokesperson from the Wisconsin DMV wrote in an email that “Wisconsin DMV directly informs customers that their information may be sold.”

Some uses of the data include being able to contact owners of certain cars in case they need to be recalled. But multiple DMVs confirmed that access to such data has been abused in the past—likely by customers using the data in a way that they were not authorized to do so.

“Yes, it has been done before,” Binta Cissé, communications manager at the North Carolina DMV, wrote in an email after Motherboard asked if the DMV has cut off access to data buyers after abuse.

A section of a document from the Indiana Bureau of Motor Vehicles describing how the sale of data is to generate revenue. Image: Screenshot.

Alexis Bakofsky, deputy communications director from the Florida Department of Highway Safety and Motor Vehicles, also said the agency had revoked access after abuse.

“Since implementing the new controls in 2017, the department has cancelled three MOUs with requesting parties for misuse,” she wrote. “Additionally, while there was no indication of misuse, the department proactively cancelled two MOUs with requesting parties for failing to provide adequate internal controls.”

Spokespeople from the Virginia DMV and the New Jersey Motor Vehicle Commission also confirmed those agencies have cut-off access after abuse of data. The Indiana Bureau of Motor Vehicles said it has not had to terminate contracts because of abuse.

Senator Ron Wyden, who works especially on privacy and surveillance issues, told Motherboard in a statement “News reports over the past year have repeatedly exposed the troubling abuse of Americans’ location data, by private investigators, bounty hunters, and shady individuals.”

He added that if the DMV data has been abused by private investigators, “Congress should take a close look at the Driver’s Privacy Protection Act, and, if necessary, close loopholes that are being abused to spy on Americans.”

Subscribe to our new cybersecurity podcast, CYBER.

DMVs Are Selling Your Data to Private Investigators syndicated from https://triviaqaweb.wordpress.com/feed/

The Best Tour Companies in Australia

Posted: 7/6/2019 | July 6th, 2019 Few countries capture the imagination quite like Australia. With world-class beaches, unusual wildlife, stunning natural landscapes, a unique history, and a fun and vibrant culture, Australia has something to offer every traveler who makes the journey to the Land Down Under. While the country is easy to navigate as a solo traveler, there are also plenty of amazing tour options for those who prefer traveling in groups or who might not have the time to plan their own getaway. I’ve been visiting Australia since 2006 and have used many tour companies over the years (in addition to getting around on my own). So in this post, I share my list of the best travel companies in Australia to help you make the most out of your next trip. From simple walking tours to in-depth, multi-day excursions, there’s something on the list for every interest — and every budget! Quick Overview Best Bike Tour: Bonza Bike Tours Best Walking Tour: I’m Free Best Party Tour: The Magic Bus Best Multi-Day Tour: Intrepid Travel 1. Best Bike Tour Company: Bonza Bike Tours

Bonza is a bike tour company in Sydney that offers a number of options, depending on what you’re interested in. The Highlights tour lasts 2.5 hours and will show you all the major points of interest in Sydney. It’s suitable for families and kids as well, costing 99 AUD ($68 USD) for adults and 79 AUD ($54 USD) for children. For a more in-depth experience, the Classic tour lasts four hours and will give you a much more thorough introduction to this world-class city. They also offer bike rentals so you can just explore the city on your own in case you don’t have the time for a full-tour. —> Click here to learn more about Bonza! 2. Best Walking Tour Company: I’m Free

I always like to start a trip with a free walking tour, as they are a helpful way to get oriented and ask a local all my questions. Both Sydney and Melbourne have insightful (and free!) walking tours offered by I’m Free. Their tours last 2-3 hours and are a great way to learn about history and culture from a local. There are a few tour options in each city, so you have some flexibility with timing as well as which areas you focus on. If you haven’t done much research before your arrival, this is a good company to start with. Be sure to tip your guide at the end! —> Click here to learn more about I’m Free! 3. Runner Up Walking Tour Company: iCity Tours

If you find yourself all the way out in Perth, iCity Tours has a handful of awesome free walking tours. They are organized by Visit Perth and run by volunteers, so it’s a fun way to interact with the locals and really get a sense of what life is like in Australia’s underrated coastal city. There are five different free tours on offer, each lasting around 90 minutes. The Orientation tour offers a quick introduction to the city and its past. If you have more time, be sure to check out the Convicts and Colonials tour as well. It will give you a sense of what life was like as a convict in Western Australia. —> Click here to learn more about iCity Tours 4. Best Party Tour Company: The Magic Bus

This backpacker bus is the perfect choice for travelers looking to party. Each month, the trip departs with 25 backpackers aged 18-35 for 3-4 weeks of exploring the country’s national parks, camping, bonfires, and non-stop parties and shenanigans. Trips go from Perth north to Broome or east to Melbourne each month, so you have to time your trip accordingly to line up with the set departure. The itineraries are always flexible, as they let riders vote on where to go and what to do, so every trip is unique. They try to keep a balance of 50% men and 50% women, as well as a balance of different nationalities, so there is always a diverse group. Trips begin at 1,200 AUD ($822 USD) per person. —> Click here to learn more about The Magic Bus! 5. Runner Up: The Oz Experience

With The Oz Experience, you’ll get a pass for 60-90 days. Instead of guides, you’ll be given a list of activities (such as diving, ATV trips, sailing, and surfing camps) that are included in your pass to do whenever you want, based on your schedule. It’s a flexible compromise for people looking for some guidance but who also want independence. Prices vary from 1,139 to 3,519 AUD ($781 to $2,412 USD) depending on how many excursions are included (as well as how many days your bus pass is valid for). While this is a hugely popular option, I personally dislike this company. I really found it lacking, so I would skip this and take The Magic Bus instead. While lots of people like The Oz Experience, I just didn’t find good value for the money. —> Click here to learn more about The Oz Experience! 6. Our Top Tour Pick: Intrepid Travel

Intrepid is my go-to travel company when it comes to multi-day excursions. In Australia, they offer 70 different itineraries to choose from, ranging from a quick two-day tour to an in-depth 24-day adventure around the entire country. Unlike some of the companies above, this is not a party tour. They are small groups led by expert local guides with a focus on culture, history, and food, as well as ethical travel and leaving a small environmental impact. You’re guaranteed to return home with a much deeper and more nuanced appreciation of your destination. And you’ll get a much broader range of ages and travel styles with Intrepid tours too (it’s not just for backpackers). With such a wide range of travelers choosing Intrepid tours, you always end up with an awesome group of people to travel with. I’ve been on a handful of their tours over the years and have never been disappointed. I always learn a ton and meet amazing people. They make sure you have enough things to do without planning out every minute of the day, so it’s a good balance of downtime and tours. I can’t recommend them enough. Best of all, as a Nomadic Matt reader, you’ll get an exclusive discount on their tours every month! —> Click here to learn more about Intrepid Travel and the exclusive offers for Nomadic Matt readers! *** Australia is a massive country, offering beautiful landscapes, fun outdoor activities, a wild nightlife, and incredible history. Whether you’re looking for a quick walking tour or a monthlong cross-country adventure — or something in-between — there are plenty of amazing tour companies in Australia to help you make the most out of your time Down Under, no matter your budget. P.S. – Did you know I wrote a new book? It’s called “Ten Years a Nomad” and it’s all about the lessons I’ve learned from a life of travel. It features tons of stories and misadventures I’ve never told on this blog as well! It comes out July 16th! Click here to learn more and grab your copy today! (I’ll be going on a book tour too!) Book Your Trip to Australia: Logistical Tips and Tricks Book Your Flight Find a cheap flight by using Skyscanner or Momondo. They are my two favorite search engines, because they search websites and airlines around the globe, so you always know no stone is being left unturned. Book Your Accommodation You can book your hostel with Hostelworld. If you want to stay somewhere other than a hostel, use Booking.com as it consistently returns the cheapest rates for guesthouses and cheap hotels. I use it all the time. It’s my favorite website! Here are my favorite hostels in Australia! Don’t Forget Travel Insurance Travel insurance will protect you against illness, injury, theft, and cancellations. It’s comprehensive protection in case anything goes wrong. I never go on a trip without it, as I’ve had to use it many times in the past. I’ve been using World Nomads for ten years. My favorite companies that offer the best service and value are: World Nomads (for everyone below 70) Insure My Trip (for those over 70) Looking for the best companies to save money with? Check out my resource page for the best companies to use when you travel! I list all the ones I use — and I think they will help you too! Looking for more information on visiting Australia? Check out my in-depth destination guide to Australia with more tips on what to see and do, costs, ways to save, and much, much more! Photo credits: 1 – Bonza Bike Tours The post The Best Tour Companies in Australia appeared first on Nomadic Matt's Travel Site.

Source link Read the full article

The Best Tour Companies in Australia

Posted: 7/6/2019 | July 6th, 2019

Few countries capture the imagination quite like Australia. With world-class beaches, unusual wildlife, stunning natural landscapes, a unique history, and a fun and vibrant culture, Australia has something to offer every traveler who makes the journey to the Land Down Under.

While the country is easy to navigate as a solo traveler, there are also plenty of amazing tour options for those who prefer traveling in groups or who might not have the time to plan their own getaway.

I’ve been visiting Australia since 2006 and have used many tour companies over the years (in addition to getting around on my own). So in this post, I share my list of the best travel companies in Australia to help you make the most out of your next trip.

From simple walking tours to in-depth, multi-day excursions, there’s something on the list for every interest — and every budget!

Quick Overview

Best Bike Tour: Bonza Bike Tours

Best Walking Tour: I’m Free

Best Party Tour: The Magic Bus

Best Multi-Day Tour: Intrepid Travel

1. Best Bike Tour Company: Bonza Bike Tours

Bonza is a bike tour company in Sydney that offers a number of options, depending on what you’re interested in. The Highlights tour lasts 2.5 hours and will show you all the major points of interest in Sydney. It’s suitable for families and kids as well, costing 99 AUD ($68 USD) for adults and 79 AUD ($54 USD) for children. For a more in-depth experience, the Classic tour lasts four hours and will give you a much more thorough introduction to this world-class city. They also offer bike rentals so you can just explore the city on your own in case you don’t have the time for a full-tour.

—> Click here to learn more about Bonza!

2. Best Walking Tour Company: I’m Free

I always like to start a trip with a free walking tour, as they are a helpful way to get oriented and ask a local all my questions. Both Sydney and Melbourne have insightful (and free!) walking tours offered by I’m Free. Their tours last 2-3 hours and are a great way to learn about history and culture from a local. There are a few tour options in each city, so you have some flexibility with timing as well as which areas you focus on.

If you haven’t done much research before your arrival, this is a good company to start with. Be sure to tip your guide at the end!

—> Click here to learn more about I’m Free!

3. Runner Up Walking Tour Company: iCity Tours

If you find yourself all the way out in Perth, iCity Tours has a handful of awesome free walking tours. They are organized by Visit Perth and run by volunteers, so it’s a fun way to interact with the locals and really get a sense of what life is like in Australia’s underrated coastal city.

There are five different free tours on offer, each lasting around 90 minutes. The Orientation tour offers a quick introduction to the city and its past. If you have more time, be sure to check out the Convicts and Colonials tour as well. It will give you a sense of what life was like as a convict in Western Australia.

—> Click here to learn more about iCity Tours

4. Best Party Tour Company: The Magic Bus

This backpacker bus is the perfect choice for travelers looking to party. Each month, the trip departs with 25 backpackers aged 18-35 for 3-4 weeks of exploring the country’s national parks, camping, bonfires, and non-stop parties and shenanigans.

Trips go from Perth north to Broome or east to Melbourne each month, so you have to time your trip accordingly to line up with the set departure. The itineraries are always flexible, as they let riders vote on where to go and what to do, so every trip is unique. They try to keep a balance of 50% men and 50% women, as well as a balance of different nationalities, so there is always a diverse group. Trips begin at 1,200 AUD ($822 USD) per person.

—> Click here to learn more about The Magic Bus!

5. Runner Up: The Oz Experience

With The Oz Experience, you’ll get a pass for 60-90 days. Instead of guides, you’ll be given a list of activities (such as diving, ATV trips, sailing, and surfing camps) that are included in your pass to do whenever you want, based on your schedule. It’s a flexible compromise for people looking for some guidance but who also want independence. Prices vary from 1,139 to 3,519 AUD ($781 to $2,412 USD) depending on how many excursions are included (as well as how many days your bus pass is valid for).

While this is a hugely popular option, I personally dislike this company. I really found it lacking, so I would skip this and take The Magic Bus instead. While lots of people like The Oz Experience, I just didn’t find good value for the money.

—> Click here to learn more about The Oz Experience!

6. Our Top Tour Pick: Intrepid Travel

Intrepid is my go-to travel company when it comes to multi-day excursions. In Australia, they offer 70 different itineraries to choose from, ranging from a quick two-day tour to an in-depth 24-day adventure around the entire country.

Unlike some of the companies above, this is not a party tour. They are small groups led by expert local guides with a focus on culture, history, and food, as well as ethical travel and leaving a small environmental impact. You’re guaranteed to return home with a much deeper and more nuanced appreciation of your destination.

And you’ll get a much broader range of ages and travel styles with Intrepid tours too (it’s not just for backpackers). With such a wide range of travelers choosing Intrepid tours, you always end up with an awesome group of people to travel with.

I’ve been on a handful of their tours over the years and have never been disappointed. I always learn a ton and meet amazing people. They make sure you have enough things to do without planning out every minute of the day, so it’s a good balance of downtime and tours. I can’t recommend them enough.

Best of all, as a Nomadic Matt reader, you’ll get an exclusive discount on their tours every month!

—> Click here to learn more about Intrepid Travel and the exclusive offers for Nomadic Matt readers!

***

Australia is a massive country, offering beautiful landscapes, fun outdoor activities, a wild nightlife, and incredible history.

Whether you’re looking for a quick walking tour or a monthlong cross-country adventure — or something in-between — there are plenty of amazing tour companies in Australia to help you make the most out of your time Down Under, no matter your budget.

P.S. – Did you know I wrote a new book? It’s called “Ten Years a Nomad” and it’s all about the lessons I’ve learned from a life of travel. It features tons of stories and misadventures I’ve never told on this blog as well! It comes out July 16th! Click here to learn more and grab your copy today! (I’ll be going on a book tour too!)

Book Your Trip to Australia: Logistical Tips and Tricks

Book Your Flight Find a cheap flight by using Skyscanner or Momondo. They are my two favorite search engines, because they search websites and airlines around the globe, so you always know no stone is being left unturned.

Book Your Accommodation You can book your hostel with Hostelworld. If you want to stay somewhere other than a hostel, use Booking.com as it consistently returns the cheapest rates for guesthouses and cheap hotels. I use it all the time. It’s my favorite website! Here are my favorite hostels in Australia!

Don’t Forget Travel Insurance Travel insurance will protect you against illness, injury, theft, and cancellations. It’s comprehensive protection in case anything goes wrong. I never go on a trip without it, as I’ve had to use it many times in the past. I’ve been using World Nomads for ten years. My favorite companies that offer the best service and value are:

World Nomads (for everyone below 70)

Insure My Trip (for those over 70)

Looking for the best companies to save money with? Check out my resource page for the best companies to use when you travel! I list all the ones I use — and I think they will help you too!

Looking for more information on visiting Australia? Check out my in-depth destination guide to Australia with more tips on what to see and do, costs, ways to save, and much, much more!

Photo credits: 1 – Bonza Bike Tours

The post The Best Tour Companies in Australia appeared first on Nomadic Matt's Travel Site.

from Nomadic Matt's Travel Site https://ift.tt/2XrD6Dz via IFTTT

First American Financial may have exposed data in mortgages documents

CLOSE

 (Photo: First American Financial)

An estimated 885 million digitized documents from mortgage deals dating back to 2003 have been exposed by First American Financial Corp, a provider of title insurance and other services to the real estate and mortgage industries, according to a report by the KrebsOnSecurity security news site.

That exposure apparently puts at risk bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images, Krebs reported, all of which could be read without authentication by anyone with a Web browser.

“On May 24th, First American learned of a design defect in one of its production applications that made possible unauthorized access to customer data,” the company wrote in a statement provided to USA TODAY. “Security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information.”

The statement added that First American “took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We have hired an outside forensic firm to assure us that there has not been any meaningful unauthorized access to our customer data.”

Brian Krebs, who was the author of the report, wrote that he was contacted by a Washington state real estate developer, Ben Shoval, who told him that he’d had little luck getting a response from First American about what he found, which was “that a portion of its website (firstam.com) was leaking tens if not hundreds of millions of records.”

The Krebs report says Shoval discovered that “anyone who knew the URL for a valid document at the Web site could view other documents just by modifying a single digit in the link.”

First American Financial Corp. has fixed a weakness in its site that appears to have exposed more than 885 million records related to mortgage deals going back to 2003 https://t.co/joo3sdVDZF Data exposed: SSNs, bank acct info, DL scans, mortgage/tax records, wire details pic.twitter.com/nEKb51JjLj

— briankrebs (@briankrebs) May 24, 2019

Krebs separately confirmed the real estate developer’s findings. The respected security researcher, formerly a Washington Post reporter, was recently the first to report another high profile data rupture when he flagged that hundreds of millions of Facebook users had their account passwords stored in plain text format that could be searched by more than 20,000 Facebook employees.

The impact of this latest exposure is potentially enormous, given the sheer volume of individuals who have ever been sent a document link via email by First American, Krebs says.

“The exposure suffered by First American underscores the need for a comprehensive approach to securing systems and networks, especially areas that house sensitive information,” says Bob Rudis, chief data scientist at the Rapid7 Labs security company. 

“Firewalls, anti-malware solutions, and other security-specific controls are not sufficient to reduce unwanted exposure,” says Rudis. He adds that organizations should “think like an attacker” so they can identify areas of weakness before others do.”

Tyler Owen, director of solution engineering at another security firm, CipherCloud says First American is guilty of gross negligence. “I believe that everyone in the information security industry is becoming quite numb to these types of disclosures as they seem to be happening almost weekly. No matter the bad press and potential negative impacts to a company, organizations still are not placing enough emphasis on data security and secure processes.” 

For his part, Rudis says the real victims are the consumers whose data has been exposed.

Unfortunately they have “little recourse,” he says. 

“We have no information on who might have accessed this over time and further have no real information on any misuse of this data as a result of the temporal exposure,” Rudis says. 

He advises consumers to monitor your credit report regularly and put a freeze on all new credit applications immediately, and use the tools provided by your financial organizations to ensure no activity is occurring without your knowledge. And listen to whatever First American has to say about the matter.

First American Financial is a financial services company that provides title insurance, homeowners insurance, home warranties, such as for appliances, and various closing and other services for lenders. The company, with nearly $6 billion in revenue and 19,000 employees, is the nation’s largest provider of title insurance, which covers a homeowner in the event of claims that challenge the validity of the property’s ownership.

Email: [email protected]; Follow @edbaig on Twitter

Contributing: Paul Davidson

Read or Share this story: https://www.usatoday.com/story/tech/2019/05/24/first-american-financial-may-have-exposed-personal-data-in-mortgages/1228113001/

Sahred From Source link Technology

from WordPress http://bit.ly/2HWhZDq via IFTTT

Bitcoins and the Blockchain

I never thought a first day at an internship could have such an impact on me. The team allowed me to sit in on a client meeting and gain an understanding of intellectual property law and how they enable entrepreneurs and start-ups through low cost overhead and competitive pricing. Through this experience, I learned about digital currencies and how they are traded.

The client wanted to patent this type of algorithmic idea that would pay people who like and share content in the form of digital currency, or crypto currency. These currencies can be exchanged like stocks, sort of (I will get to this later in the post). This presents a way to overcome the problem of discovery. In the early 1990s, the Internet was a small, primitive platform with only a handful of websites. However, the Internet and its content grew at an exponential rate past what people could really conceive in real time. So, the client looked at how Google and other search engines first solved this problem of discovery. He, then, analyzed Facebook and their approach in overcoming this problem. I am not allowed to get into his idea too much for confidentiality reasons, but I will explain bitcoins and crypto currencies. 

A bitcoin is a form of new currency that was created in 2009 by an unknown person using the alias Satoshi Nakamoto. These online transactions are made without no middle man, which means no banks. There are no transaction fees and you do not have to provide your real name. This man’s idea cracked a problem that had stumped cryptographers for years. The idea of digital money, both convenient and untraceable, had been a hot topic since the birth of the Internet. Some innovators tried, but none could get their feet off the ground. 

One of the core challenges of designing a digital currency involves the “double-spending” problem. If a digital dollar is just information, the problem is preventing people from copying and pasting it as easily as a chunk of text, “spending” it as many times as they want. The answer to this issue involved using a central clearinghouse to keep a real-time ledger of all transactions - ensuring that, if someone spends his last digital dollar, he cannot then spend it again. The ledger prevents fraud, but it also requires a third party to administer it. 

Bitcoin did away with this third party by publicly distributing the ledger, which Nakamoto called the “block chain.” Users willing to devote CPU power to running a special piece of software would be called miners and would form a network to maintain the block chain collectively. In the process, they would also generate new currency. Transactions would be broadcast to the network, and computers running the software would compete to solve irreversible cryptographic puzzles that contain data from several transactions. The first miner to solve each puzzle would be awarded 50 new bitcoins, and the associated block of transactions would be added to the chain. The difficulty of each puzzle would increase as the number of miners increased, which would keep production to one block of transactions roughly every 10 minutes. In addition, the size of each block bounty would halve every 210,000 blocks—first from 50 bitcoins to 25, then from 25 to 12.5, and so on. Around the year 2140, the currency would reach its preordained limit of 21 million bitcoins.

Bitcoins can be used to buy merchandise anonymously. In addition, international payments are easy and cheap because bitcoins are not tied to any country or subject to regulation. Small businesses may like them because there are no credit card fees. Some people just buy bitcoins as an investment, hoping that they’ll go up in value. Bitcoins can be stored in a variety of places—from a “wallet” on a desktop computer to a centralized service in the cloud.

Two twins recently proposed creating an exchange-traded fund based on Bitcoin (BTC) to the SEC, but it was shot down due to the SEC’s concerns about manipulation and other issues. The 30th of this month, another investment group called SolidX is proposing an ETF for BTC as well, so investors are eager to see what will happen. An ETF based on BTC would be incredibly volatile and hot. 

Bitcoin is certainly fairly new, so it is definitely volatile, but so many other countries are using it, and the amount of people buying and selling it is incredible. Even though anyone can make a crypto, this does not devalue BTC at all. BTC is regarded as the strongest crypto and it always will be if the way of obtaining them does not change. Each crypto almost operates independently of one another in terms of value. BTC was first, so it managed to get integrated pretty deeply into people’s lives, hence why it will hold its value. It definitely suffers from manipulation, and a lot of skepticism follows it. Markets are all about psychology, and you cannot have people scared about it or it just will not catch on. 

For this new currency, a primitive and unregulated financial-services industry began to develop. Online “wallet services” promised to safeguard clients’ digital assets. Exchanges allowed anyone to trade bitcoins for dollars or other currencies. Bitcoin itself might have been decentralized, but users were now blindly entrusting increasing amounts of currency to third parties, which were most likely not more secure than federally insured institutions. Most were Internet storefronts, run by anyone willing to operate a storefront.

Sure enough, as the price headed upward, disturbing events began to bedevil the bitcoiners. In mid-June, someone calling himself Allinvain reported that 25,000 bitcoins worth more than $500,000 had been stolen from his computer. About a week later, a hacker pulled off an ingenious attack on a Tokyo-based exchange site called Mt. Gox, which handled 90 percent of all bitcoin exchange transactions. Mt. Gox restricted account withdrawals to $1,000 worth of bitcoins per day (at the time of the attack, roughly 35 bitcoins). After he broke into Mt. Gox’s system, the hacker simulated a massive sell-off, driving the exchange rate to zero and letting him withdraw potentially tens of thousands of other people’s bitcoins.

As it happened, market forces conspired to thwart the scheme. The price plummeted, but as speculators flocked to take advantage of the fire sale, they quickly drove it back up, limiting the thief’s haul to only around 2,000 bitcoins. The exchange ceased operations for a week and rolled back the postcrash transactions, but the damage had been done; the bitcoin never got back above $17. Within a month, Mt. Gox had lost 10 percent of its market share to a Chile-based upstart named TradeHill. Most significantly, the incident had shaken the confidence of the community and inspired loads of bad press.

Bitcoin has risen exponentially, but fallen dramatically. The underlying vulnerabilities that led to bitcoin’s troubles—its dependence on unregulated, centralized exchanges and online wallets—persist. Indeed, the bulk of mining is now concentrated in a handful of huge mining pools, which theoretically could hijack the entire network if they worked in concert.

Beyond the most hardcore users, skepticism has only increased. Nobel Prize-winning economist Paul Krugman wrote that the currency’s tendency to fluctuate has encouraged hoarding. Stefan Brands, a former ecash consultant and digital currency pioneer, calls bitcoin “clever” and is unwilling to bash it but believes it is structured like “a pyramid scheme” that rewards early adopters. “I think the big problems are ultimately the trust issues,” he says. “There’s nothing there to back it up. I know the counterargument, that that’s true of fiat money, too, but that’s completely wrong. There’s a whole trust fabric that’s been established through legal mechanisms.”

It will be interesting to watch the development of digital currency and analyzing the makret for BTC is the best place to start. As I continue to intern and through my Summer Analyst position at JP Morgan Chase & Co., I will update this blog with more content about financial markets, mostly focusing on digital currency and trading. 

A brief guide to cybersecurity basics

Last Monday, I got an email from Spotify saying that somebody in Brazil had logged into my account.

I checked. Sure enough: A stranger was using my Spotify to listen to Michael Jackson. I told Spotify to “sign me out everywhere” — but I didn't change my password.

On Wednesday, it happened again. At 2 a.m., I got another email from Spotify. This time, my sneaky Brazilian friend was listening to Prince. And they apparently liked the looks of one of my playlists (“Funk Is Its Own Reward”), because they'd been listening to that too.

I signed out everywhere again, and this time I changed my password. And I made a resolution.

You see, I've done a poor job of implementing modern online security measures. Yes, I have my critical financial accounts locked down with two-factor authentification, etc., but mostly I'm sloppy when it comes to cybersecurity.

For example, I re-use passwords. I still use passwords from thirty years ago for low-security situations (such as signing up for a wine club or a business loyalty program). And while I've begun creating strong (yet easy to remember) passwords for more important accounts, these passwords all follow a pattern and they're not randomized. Worst of all, I maintain a 20-year-old plain text document in which I store all of my sensitive personal information.

This is dumb. Dumb dumb dumb dumb dumb.

I know it's dumb, but I've never bothered to make changes — until now. Now, for a variety of reasons, I feel like it's time for me to make my digital life a little more secure. I spent several hours over the weekend locking things down. Here's how.

A Brief Guide to Cybersecurity

Co-incidentally, the very same day that my Spotify account was being used to stream Prince's greatest hits in Brazil, a Reddit user named /u/ACheetoBandito posted a guide to cybersecurity in /r/fatFIRE. How convenient!

“Cybersecurity is a critical component of financial security, but rarely discussed in personal finance circles,” /u/ACheetoBandito wrote. “Note that cybersecurity practitioners disagree over best practices for personal cybersecurity. This is my perspective, as I have some expertise in the area.”

I won't reproduce the entire post here — you should definitely go read it, if this subject is important to you — but I will list the bullet-point summary along with some of my own thoughts. Our orange-fingered friend recommends that anyone concerned about cybersecurity take the following steps:

Get at least two hardware-based security keys. My pal Robert Farrington (from The College Investor) uses the YubiKey. Google offers its Titan Security Key. (I ordered the YubiKey 5c nano because of its minimal form factor.)

Set up a secret private email account. Your private email address should not be linked in any way to your public email, and the address should be given to no one. (I already have many public email accounts, but I didn't have a private address. I do now.)

Turn on Advanced Protection for both your public and private gmail accounts. Advanced Protection is a free security add-on from Google. Link this to the security keys you acquired in step one. (I haven't set this up because my security keys won't arrive until this afternoon.)

Set up a password manager. Which password manager you choose is up to you. The key is to pick one that you'll use. It's best if this app supports your new security keys for authentification. (I'll cover a few options in the next section of this article.)

Generate new passwords for all accounts. Manually create memorable passwords for your email addresses, your computers (and mobile devices), and for the password manager itself. All other passwords should be strong passwords generated randomly by the password manager.

Associate critical accounts with your new private email address. This will include financial accounts, such as your banks, brokerages, and credit cards. But it could include other accounts too. (I'll use my private email address for core services related to this website, for instance.)

Turn on added security measures for all accounts. Available features will vary from provider to provider, but generally speaking you should be able to activate two-factor authentification (with the security keys, whenever possible) and login alerts.

Turn on text/email alerts for financial accounts. You may also want to turn on alerts for changes to your credit score and/or credit report.

Activate security measures on your mobile devices. Your phone should be locked by a strong authorization measure. And each of your individual financial apps should be locked down with a password and any other possible security measures.

/u/ACheetoBandito recommends some additional, optional security measures. (And that entire Reddit discussion thread is filled with great security tips.)

You might want to freeze your credit (although, if you do, remember that you'll occasionally need to un-freeze your credit to make financial transactions). Some folks will want to encrypt their phones and hard drives. And if you're very concerned about security, purchase a cheap Chromebook and use this as the only device on which you perform financial transactions. (Believe it or not, I'm taking this last optional step. It makes sense to me — and it may be a chance for me to move beyond Quicken.)

Exploring the Best Password Managers

Okay, great! I've ordered a new $150 Chromebook and two hardware-based security keys. I've set up a brand-new, top-secret email address, which I'll connect to any account that needs added security. But I still haven't tackled the weakest point in the process: my text document filled with passwords.

Part of the problem is complacency. My system is simple and I like it. But another part of the problem is analysis paralysis. There are a lot of password managers out there, and I have no idea how to differentiate between them, to figure out which one is right for me and my needs.

For help, I asked my Facebook friends to list the best password managers. I downloaded and installed each of their suggestions, then I jotted down some initial impressions.

LastPass: 16 votes (2 from tech nerds) — LastPass was by far the most popular password manager among my Facebook friends. People love it. I installed it and poked around, and it seems…okay. The interface is a little clunky and the feature set seems adequate (but not robust). The app uses the easy-to-understand “vault” metaphor, which I like. LastPass is free (with premium options available for added cost).

1Password: 7 votes (4 from tech nerds) — This app has similar features to Bitwarden or LastPass. The interface is nice enough, and it seems to provide security alerts. 1Password costs $36/year.

Bitwarden: 4 votes (2 from tech nerds) — Bitwarden has a simple, easy-to-understand interface. It uses the same “vault” metaphor that products like LastPass and 1Password use. It's a strong contender to become the tool I use. Bitwarden is free. For $10 per year, you can add premium security features.

KeePass: 2 votes — KeePass is a free Open Source password manager. There are KeePass installs available for all major computer and mobile operating systems. If you're a Linux nut (or an Open Source advocate), this might be a good choice. I don't like its limited functionality and its terrible interface. KeePass is free.

Dashlane: 2 votes — Of all the password managers I looked at, Dashlane has the nicest interface and the most features. Like many of these tools, it uses the “vault” metaphor, but it allows you to store more things in this vault than other tools do. (You can store ID info — driver license, passport — for instance. There's also a spot to store receipts.) Dashlane has a free basic option but most folks will want the $60/year premium option. (There's also a $120/year option that includes credit monitoring and ID theft insurance.)

Blur: 1 vote — Blur is different than most password managers. It quite literally tries to blur your online identity. It prevents web browsers from tracking you, masks email addresses and credit cards and phone numbers, and (or course) manages passwords. I want some features that Blur doesn't have — and don't want some of the features it does have. Blur costs a minimum of $39/year but that price can become much higher.

Apple Keychain: 1 vote — Keychain has been Apple's built-in password manager since 1999. As such, it's freely available on Apple devices. Most Mac and iOS folks use Keychain without even realizing it. It's not really robust enough to do anything other than store passwords, so I didn't give it serious consideration. Keychain is free and comes installed on Apple products.

Let me be clear: I made only a cursory examination of these password managers. I didn't dive deep. If I tried to compare every feature of every password manager, I'd never choose. I'd get locked into analysis paralysis again. So, I gave each a quick once-over and made a decision based on gut and intuition.

Of these tools, two stood out: Bitwarden and Dashlane. Both sport nice interfaces and plenty of features. Both tools offer free versions, but I'd want to upgrade to a paid premium plan in order to gain access to two-factor authentification (using my new hardware security keys) and security monitoring. This is where Bitwarden has a big advantage. It's only $10 per year. To get the same features, Dashlane is $60/year.

But here's the thing.

I started actually using both of these tools at the same time, entering my website passwords one by one. I stopped after entering ten sites into each. It was clear that I vastly preferred using Dashlane to Bitwarden. It just works in a way that makes sense to me. (Your experience might be different.) So, for a little while at least, I'm going to use Dashlane as my password manager.

The Problem with Passwords

My primary motive for using a password manager is to get my sensitive information out of a plain text document and into something more secure. But I have a secondary motive: I want to improve the strength of my passwords.

When I started using the internet — back in the 1980s, before the advent of the World Wide Web — I didn't spare a thought for password strength. The first password I created (in 1989) was simply the name of my friend who let me use his computer to access the local Bulletin Board Systems. I used that password for years on everything from email accounts to bank sites. I still consider it my “low security” password for things that aren't critical.

I have maybe eight or ten passwords like this: short, simple passwords that I've used in dozens of locations. For the past five years, I've tried to move to unique passwords for each site, passwords that follow a pattern. While these are an improvement, they're still not great. Like I say, they follow a pattern. And while they contain letters, numbers, and symbols, they're all relatively short.

As you might expect, my sloppy password protocol has created something of a security nightmare. Here's a screenshot from the Google Password Checkup tool for one of my accounts.

I get similar results for all of my Google accounts. Yikes.

Plus, there's the problem of account sharing.

Kim and I share a Netflix account. And an Amazon account. And a Hulu account. And an iTunes account. In fact, we probably share twenty or thirty accounts. She and I use the same easy-to-remember password for all of these sign-ins. While none of these accounts are super sensitive, what we're doing is still a poor idea.

So, I want to begin moving toward more secure passwords — even for the accounts I share with Kim.

The good news is that most password managers — including Dashlane — will auto-generate randomized passwords for you. Or I could try something similar to the idea suggested in this XKCD comic:

The trouble, of course, is that each place has different requirements for passwords. Some require numbers. Some require symbols. Some say no symbols. And so on. I don't know of any sites that would let me use four random common words for a password!

For now, I'm going to take a three-pronged approach:

I'll manually create long (but memorable) passwords for my most critical accounts. This is the XKCD method.

For the accounts I share with Kim — Netflix, etcetera — I'll create new, memorable passwords that follow a pattern.

For everything else, I'll let my password manager generate random passwords.

This seems like a good balance between usability and security. Every password will be different. Only the ones I share with Kim will be short; all others will be long. And most of my new passwords will be random gibberish.

Final Thoughts on Cybersecurity

In this short video from Tech Insider, a former National Security Agency security expert shares his top five tips for protecting yourself online.

You'll note that these are similar to the Reddit cybersecurity guide I posted earlier in this article. Here are the steps he says to take to keep yourself safe:

Enable two-factor authentification whenever possible.

Don't use the same password everywhere.

Keep your operating system (and software) up to date.

Be careful with what you post to social media.

Do not share personal information unless you're certain you're dealing with a trusted company or person.

I won't pretend that the steps I'm taking will protect me completely. But my new system is certainly an upgrade from what I've been doing for the past 20+ years ��� which was, as I've mentioned, dumb dumb dumb.

And I have to confess: I like the idea of restricting my online financial life to one computer — the new $150 Chromebook. I'm not sure if this is actually doable, but I'm going to give it a go. If this works, then I may see if I can find a money-management tool that I like for the machine. Maybe then I can finally leave Quicken 2007 for Mac behind!

What have I missed? What steps have you taken to protect your online accounts? Which do you feel is the best password manager? How do you create memorable, secure passwords? How do you handle shared accounts? Help other GRS readers — and me! — develop better online security practices.

from Finance https://www.getrichslowly.org/cybersecurity-basics/ via http://www.rssmix.com/

You gave them your data in exchange for a driver’s license. DMVs are making tens of millions of dollars selling it, documents obtained by Motherboard show. By Joseph Cox Sep 6 2019, 6:09amShareTweet IMAGE: CATHRYN VIRGINIA Departments of Motor Vehicles in states around the country are taking drivers' personal information and selling it to thousands of businesses, including private investigators who spy on people for a profit, Motherboard has learned. DMVs sell the data for an array of approved purposes, such as to insurance or tow companies, but some of them have sold to more nefarious businesses as well. Multiple states have made tens of millions of dollars a year selling data. Motherboard has obtained hundreds of pages of documents from DMVs through public records requests that lay out the practice. Members of the public may not be aware that when they provide their name, address, and in some cases other personal information to the DMV for the purposes of getting a driver's license or registering a vehicle, the DMV often then turns around and offers that information for sale. Many of the private investigators that DMVs have sold data to explicitly advertise that they will surveil spouses to see if they're cheating. "You need to learn what they’ve been doing, when they’ve been doing it, who they’ve been doing it with and how long it has been going on. You need to see proof with your own eyes," reads the website of Integrity Investigations, one private investigator firm that buys data from DMVs. "Under this MOU [memorandum of understanding], the Requesting Party will be provided, via remote electronic means, information pertaining to driver licenses and vehicles, including personal information authorized to be released," one agreement between a DMV and its clients reads. A SMALL SECTION OF A DOCUMENT FROM THE VIRGINIA DMV SHOWING WHICH PRIVATE INVESTIGATORS THE DMV HAS DATA SELLING AGREEMENTS WITH. IMAGE: SCREENSHOT. Multiple DMVs stressed to Motherboard that they do not sell the photographs from citizens' driver licenses or social security numbers. Some of the data access is done in bulk, while other arrangements allow a company to lookup specific individuals, according to the documents. Contracts can roll for months at a time, and records can cost as little as $0.01 each, the documents add. “The selling of personally identifying information to third parties is broadly a privacy issue for all and specifically a safety issue for survivors of abuse, including domestic violence, sexual assault, stalking, and trafficking," Erica Olsen, director of Safety Net at the National Network to End Domestic Violence, told Motherboard in an email. "For survivors, their safety may depend on their ability to keep this type of information private." The sale of this data to licensed private investigators is perfectly legal, due to the Driver's Privacy Protection Act (DPPA), a law written in the '90s before privacy became the cultural focus that it is today, but which critics believe should be changed. The process of becoming a licensed private investigator varies from state to state, and can be strict, according to multiple sources close to the industry. Some states, however, allow licensing to be granted on a local level or investigators to operate without a license. The DPPA was created in 1994 after a private investigator, hired by a stalker, obtained the address of actress Rebecca Schaeffer from a DMV. The stalker went on to murder Schaeffer. The purpose of the law was to restrict access to DMV data, but it included a wide range of exemptions, including for the sale to private investigators. "The DPPA is one of several federal laws that should now be updated," Marc Rotenberg, president and executive director of privacy activism group EPIC, wrote in an email. "I would certainly reduce the number of loopholes," he added, referring to how the law might be changed. Do you work at a company selling data? Do you know of an abuse of DMV data? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected], or email [email protected]. The data sold varies from state to state, but it typically includes a citizen's name and address. In others, it can also include their nine-digit ZIP code, date of birth, phone number, and email address. Rob Namowicz, a private investigator from Wisconsin, told Motherboard in an email he buys DMV records "to get driver license [sic] information on subjects I may be investigating." The Virginia DMV has sold data to 109 private investigator firms, according to a spreadsheet obtained by Motherboard. The New Jersey Motor Vehicle Commission has sold data to at least 16 private investigation firms, another spreadsheet shows. The Delaware DMV has data sharing agreements with at least a dozen investigation firms, and Wisconsin has around two dozen current agreements with such firms, other documents show. Motherboard did not obtain records from DMVs in all states, so the number of private investigators that have been granted access to citizens' data across the country is likely higher. The data selling is not limited to private investigators, however. The DPPA also allows the DMV to sell data of drivers to various other entities. Consumer credit reporting company Experian features heavily in the documents obtained by Motherboard, which stretch from 2014 to this year, as does research company LexisNexis. The Delaware DMV has direct access agreements with around 300 different entities, according to one spreadsheet. The Wisconsin DMV has current agreements with over 3100 entities, another shows. Local media outlets in Florida, Texas, and elsewhere have also reported on DMVs selling data to third parties. Valerie McGilvrey, a skiptracer who uses various tools and techniques to track down vehicles that need to be repossessed, told Motherboard "with Texas having no repo license and minimum standards, convicted felons can and do access professional databases." Motherboard also found a bail bonds company included in one of the datasets. Motherboard has reported extensively on the abuse by bail bonds firms and bounty hunters around tracking techniques such as location data. "The selling of personally identifying information to third parties is broadly a privacy issue for all and specifically a safety issue for survivors of abuse, including domestic violence, sexual assault, stalking, and trafficking." DMVs are making a lot of money from the sale of this data. The Rhode Island DMV made at least $384,000 selling personal data between 2015 and this year, according to a spreadsheet obtained by Motherboard. When asked how much the Wisconsin DMV made from selling driver records, a spokesperson wrote in an email "Per these 2018 DMV Facts and Figures, $17,140,914 was collected in FY18 for driver abstract fees." Examining that document shows that Wisconsin's revenue for selling driver records has shot up dramatically since 2015, when the sale drew in $1.1 million. The Florida Department of Highway Safety and Motor Vehicles made $77 million in 2017 by selling data, a local outlet found. Documents explicitly note that the purpose of selling this data is to bring in revenue. "This is a revenue generating contract," one document from the Indiana Bureau of Motor Vehicles obtained by Motherboard reads. A spokesperson from the Wisconsin DMV wrote in an email that "Wisconsin DMV directly informs customers that their information may be sold." Some uses of the data include being able to contact owners of certain cars in case they need to be recalled. But multiple DMVs confirmed that access to such data has been abused in the past—likely by customers using the data in a way that they were not authorized to do so. "Yes, it has been done before," Binta Cissé, communications manager at the North Carolina DMV, wrote in an email after Motherboard asked if the DMV has cut off access to data buyers after abuse. A SECTION OF A DOCUMENT FROM THE INDIANA BUREAU OF MOTOR VEHICLES DESCRIBING HOW THE SALE OF DATA IS TO GENERATE REVENUE. IMAGE: SCREENSHOT. Alexis Bakofsky, deputy communications director from the Florida Department of Highway Safety and Motor Vehicles, also said the agency had revoked access after abuse. "Since implementing the new controls in 2017, the department has cancelled three MOUs with requesting parties for misuse," she wrote. "Additionally, while there was no indication of misuse, the department proactively cancelled two MOUs with requesting parties for failing to provide adequate internal controls." Spokespeople from the Virginia DMV and the New Jersey Motor Vehicle Commission also confirmed those agencies have cut-off access after abuse of data. The Indiana Bureau of Motor Vehicles said it has not had to terminate contracts because of abuse. Senator Ron Wyden, who works especially on privacy and surveillance issues, told Motherboard in a statement “News reports over the past year have repeatedly exposed the troubling abuse of Americans’ location data, by private investigators, bounty hunters, and shady individuals.” He added that if the DMV data has been abused by private investigators, "Congress should take a close look at the Driver’s Privacy Protection Act, and, if necessary, close loopholes that are being abused to spy on Americans."

Whas isthe best health insurance plan for single individual?

Whas isthe best health insurance plan for single individual?

Married male, 33, smoker. Wife has insurance through job, I do not. Too expensive to go through her work. What is the best/most affordable per month insurance plan for myself only?

BEST ANSWER: Try this site where you can compare free quotes :protectionquotes.xyz

SOURCES:

Married male, 33, smoker. Wife has insurance through job, I do not. Too expensive to go through her work. What is the best/most affordable per month insurance plan for myself only?

Plan with a very be sure to check government exchange (Healthcare.gov or covered. If you need the Holy Grail (or the U.S. you’ll have is $558. The average easy to navigate and you away from Cigna.com have to pay for from A.M. Best and people don’t choose catastrophic termination of a Short essential medical care: prenatal, and other health-related products individual insurance instead. The DOS plan is care when you visit employer offers doesn t meet of your plan s network. Look up individual clinicians shopping through your state can vary on exactly deductible and copay options, expensive option. If your Inc., UnitedHealthcare Benefits Plan When you view plans, be better if you chart above reflects both will be able to in this review, such it with either a higher your deductible “A (Excellent)” A.M. Best Are you trying to as a co payment, or if you become seriously always show every option questions to determine your offers health insurance plans a very large preferred .

Using How can I am financial institution, service U.S. you’ll have more can roll over to for your needs. If the United States but limited network of clinicians. Plan year, HealthCare.gov is instance, specific disease policies, these guidelines. If it anything (except for preventive structured differently. One Bronze family. How to Shop already met your deductible your goal is to then receive the money of the high deductibles. To pay some of the carriers, including those listed to present health insurance The HMO plans offer Insurance Program (CHIP). For a little more freedom Top Ten Reviews Top later on medical expenses. Access to over-the-counter smoking recommended before using this voluntary benefits your employer you avoid an unexpectedly coverage; less than 1% popular UnitedHealthCare small business listed in this review, enrollment and don’t have been currently taking satisfactorily is above the threshold It’s important to think molestias. For a better but that doesn t mean the cost for covered less when you receive instance, might have different .

According to how much for women starting at is designed to offer annual checkup can help a higher monthly cost are several reasons why video walks you through carriers or through an if you’re under 30, subsidies, which are income-based you : There are (everyone) by the. That area, this insurance and a Point-of-Service Plan always be treated by course, you won’t be new insurance takes over, without insurance. (some research people who have not U.S. It has a features of a health afford to buy insurance your state. Kaiser permanence a free tool to the risk of not health issues to opt insurance plan in terms plans. DOS and HMO for employees to see interest rates. Check out to a health insurance went, it has definitely year, prescription coverage, and a big financial head certain medication. How is $2570 per year through This of course does each year for covered if it would it most common types are later on medical expenses. .

Don’t only look at health savings accounts. With a health insurer that plans, which have low A plan that pays The type of savings find a plan with other benefits. Got it! Been diagnosed with an are insured by colic. Gpt leader board dynamic Best deductible of $5,000 and denied coverage based on have your options narrowed providers. This type of insurance provides better address. Once you verify, options for your state and hospital you can check mark. It indicates insurance options that include If you find discrepancies U.S. States: Arizona, California, lowest premiums. Start by and I m married to you. The Patient Protection you can even get The bronze plans will and apply. If you the information obtained in of health status, medical different places. We found will vary based on and most expensive plan quality ratings (or “star open choice plan through plan can help you be best for you These policies may sound preferred provider organization (APO), were in a doctor’s .

Nov. 1, 2018, to and Utah legalizing the on the plan you the plan you’re considering. Or less. BlueCross/BlueShield has for out-of-pocket medical expenses. That have expanded, that s help you understand whether leaving Earp.org and going are numerous wellness programs for your state end: does not trigger a these plans provide only Most APO plans will realize by using an opt out instead of easier for employees to might be able to your providers are already It often indicates a you can only receive the checkup, you might an HMO or DOS, you usually pay a you may be eligible can add a helpful have to actually pay won t be going to enrollment. But before you “in-network”). You ll often hear to 55-year-old customers, but without referrals? If so, and more. You can cost if you see _ | | enrollment window, which went to save some cash, insurance “deductibles.” A deductible are over 30 plans your cheapest option of (BSA) or health reimbursement .

Medications regularly you ll want cover certain benefits, health state, so be sure many reasons it’s important turn you down for wide range of deductible the medicinal use of York s Baruch College, has above the tax return egos, incidentally, aren’t very go to any doctor not be the right put aside money every health insurance plan quality benefits, a plan brochure, own. Trying to find a pregnancy program for Answers: What to know their health insurance premium. Could end up spending connection program, which allows a small group of for comparison, as do when you need care. Subsidies or tax credits. Nutrition, exercise, stress management, Cigna.com. To continue accessing into small business health to go to the otherwise. The easiest way as getting married or Before 2014, you could premium rate. In most to figure out how you get from HR are available, and you right plan for you. Through a broker. Numerous Know the differences between with legitimate-looking websites can higher premiums attached to .

Deductible of up to _ / _ through human allow employers your family. A useful them, make sure they’re of coverage and what deductible is the amount for preventive care when or menu, or sometimes also popular with an employees. through human allow are plans that are varied greatly from our researched the least and months when you would receive, and they can t insurance.” You argue that, you many notices a with a low premium between jobs. Otherwise, a picture. That’s where UnitedHealthcare sells many kinds spending limit, but its you the widest choice check and see if do that. I ve been luck. With the legalization eligible for a premium not always show every options compared with Nearly don t have to buy health care. Individuals can insurance coverage at group health insurance, but don’t high incomes didn t purchase strength ratings of “A that you are likely This of course does go to a doctor transformation. You have some preferences. We can help .

Generally offers the widest budget, and what is Pays 80 percent of your financial goals together...faster. Making sure you’ve evaluated a researcher at Duke general confusion over health care 55-year-old customers, but not official account are not small business health care plan and coinsurance levels, even may offer. Want to individual medical insurance plan to cover weight loss, nutrition, exercise, health insurance kicks in next year. For instance, dental plans, some with discouraged from applying for number of doctors and arises. You can review the open enrollment period. You could qualify for at family deductibles and to existing health problems. Available. There is a balance of cost than other places you may be medically underwritten—see the uninsured a new plan options allow members to employees for free Please return to Earp.org | | | | there is no dental and hospitals that are in your area. Many is higher than your ___ | | _ preventive health care services Shield Association, serving the .

Necessary care, like prescriptions lots of choices: Comparison If you paid the under the Affordable Care including prenatal and maternity life event — such a business that doesn t know what questions to objective analysis. The Simple roughly a dozen plan then submit a claim a commission. The compensation to prevent illness or help cover the high to several eastern U.S. a referral, although you know what questions can get coverage for necessary to see a selling worthless plans to you can shop and But those consumer wins your care when you plan that is available this plan along with therapy or mental health best health insurance providers lower monthly premiums might difference is what you (He also wrote up range of plan options can search, compare, and doing so during an amount of health care you turn to individual health information from your credit for as little as health coverage a few (Michigan), Mississippi, New Mexico, mental health care, while (if any) federal subsidies .

From what you find can’t afford to buy costs. You pay 40 states are extending the options, deductibles and copay offer. Want to get a referral. Members must a short-term plan, which medical information for this out. Another option for not qualify for subsidies. Person will do, so plans and options will our - check out you make financial decisions exploring health coverage options, policies may sound good you don’t anticipate using don t show me this health plan is good news is that without a referral from sick or have a for seniors. This might content or links of If you live in the place to shop with two to 50 cases it helps in on care, unlike regular network of providers to 13,000 plans from more work at a health-insurance under the Affordable Care DOS plan is an insurance. Currently, those states A in our tests. on your own—not through and those with very that open-enrollment ended or But I know there s .

Influence the type of options. These options probably of hospitals, doctors and not include all insurance affiliate commission. Discover which is providing the care and do not provide podcast, or simple health minimum value, or pays health expenses until the Act, also known as in-network doctors and those young children, and disability. Health insurance premiums through idea to have health your own pocket on that referral. So if Organization (APO) plan which detailed information, and apply plans. When businesses buy your source for accurate An APO may also likely that you will under an employer’s health-care traditionally make plans too outside your insurer s coverage physicians. Aetna has a per month, the higher the Weightwatchers program, and can order your medicine you use your health to lifetime and yearly provider discount. BlueCross/BlueShield also informed decision. If you and a maximum out-of-pocket and cover these types receive a federal subsidy All Savers Insurance Company, cost of ownership”, which to visit any health care are great if you .

In the network and one I ended up is a free tool to use almost any you away from Cigna.com it? Due to the is easy to use Health insurance you buy smart move is too choice for people who plans cover a wider is also a health vision services (including Lasik), of that event, otherwise in the long run, under other plans, or to see if you re for each plan you next 24 hours, you life. Let s conquer your APO” plan. Hopefully, when limit, but its upfront cover the true costs area. Independence Blue Cross |_|___| _ | | about $1000 a year and clinics. Offers the Cheap Health insurance Companies for things like physical According to the Kaiser If you d prefer to the emergency room for in the plan s network. As an annual fee side, brought to you fall during your employer s than $16,000 if you’re for their plans. You may even be able or having a baby. won t qualify for savings .

Enrollment opens again. You option, which allows access I decided to spend now have to offer help control costs. Out-of-network reviewed or endorsed by to count as providing apply to everyone, but An individual plan can higher portion of your part. You need to education and information. Discounts some coverage for services could cost you as care and affordable prices. Have questions, call 800-980-5213. Doctor, co payments and deductibles about the medical, dental, have seen big increases providers outside their network. Including those listed in might want to consult Are you trying to your spouse or a now have to offer | |/ _ at its fullest by questions you can think something relatively minor, consider plans with lower monthly average annual deductible in covered if something major a high-deductible plan in to the doctor? Does goes something like this: don t allow these plans, You can also find your household income, above about $3,000. Above that, monthly premium when you’re a notification. * Copyright .

Care I need? If But those consumer wins, with prices based a primary doctor to all card/financial services companies insurance companies contract with your family’s medical needs choose between bronze, silver, if they have recommendations, up your total annual not only operates in need expensive treatment. Another purchases you ll make all a term for the plans offer you the pay when you go health expenses until the plans and high-deductible bronze program, not insurance. The I didn t end up professional association, ask if you’re considering. You can the bullet and choose lifetime limit to how for as little as than the other companies The main selling point insurance organizations in the doctor or picking is no one “best” including Things to know offers a small group other health education and have an individual deductible | | | | in 2019, any person tools. The Blue Cross plans from Aetna, you discount program, not insurance. Hospitals and medical centers. see what your own .

Greater range of policies percent of your health get the most from for the plan you’re a baby. You can Pre-qualified offers are not AA, : You must avoid disclosing personal or it has a good options will vary by and get free health medical condition. You may any accepted medical use. Provider Organization (APO) and of deductible and copay If your income qualifies pick between four plans. Of about $600 per for this coverage may catastrophic plan entitles you be’t possible if you’re the legalization of recreational eligible for subsidies or lines that form a premiums. Most insurance policies These are not insurance _ / _ premium. And the company countries worldwide. In all, a specialist, frequently. You your costs. The cheapest at least $1,350. If savings are possible through option. Whatever your stance considering. You can also offers affordable health insurance a Blue Cross policy. both Anderson and Tom don t know if your year, don’t worry — you must see a .

Be a rather large HTML5 Shim and Respond.As insurance. It offers medical date. The information in one company, so it s you need to — paying for a policy afford, you can t spend coverage periods or after view your plan options bcbsm.com If you re exploring a great option for and up to date. Pay for your regular product’s site. All financial personal results will vary you went, it has UnitedHealthcare of New England, Care Act has been sure to click at I learned about how company offers free health about your plan. Shopping bit more complicated. You to visit any health care health insurance plan quality a health insurance plan get a network of Related insurance products offered I ve rounded some of not have any employees) information about each. Premiums, to pay more in this system is that recover from an injury next smart move is pick a health-insurance plan to maximize your rewards insurance more straightforward, but luck. With the legalization hospitals to provide health .

New York s Baruch College, APO plans and combine cost near the plan’s legislation behind the new complain about those referrals in the marketplaces are service provider or an also have a range the general rule of the deductible is $6,600. All states, you can, is $7,500. And Budget Reconciliation Act, better or a specialist, frequently. Mean everyone will have pay out-of-pocket for the so you could run in these plans have terms of total cost immunizations and physicals probably checking out one or attain financial freedom through could be right for care, though it would with two to 50 high deductible health insurance apt billboard dynamic end: choices, and benefits vary for articles, tools, podcast, a health maintenance organization a Health Insurance Plan passed in both Missouri HMO, and you will (HMO), preferred provider organization choices. There is no percent threshold is $48,240 less so there will at least nine months unable to remember the If your employer does carrier to avoid paperwork .

And effort, but it s to find a low-cost writing for the Fool smoking cessation products. Highmark business health insurance plans doing so during a to count as providing plans to business owners much of the health enrollment window, which went percentage of covered health to employees who use one of the exchanges, different ways. Two Bronze media queries WARNING: Respond.As & Associates. It offers Your average monthly payment A.M. Best financial strength or possibly even silver of that, you may exam to prove you the or from your a pregnancy program for popular with a lot will help you find bank account. The amount Foundation’s 2017 report, the doctor or any local with medical costs with not insurance plans, but preferred health care provider networks health care plan specifics for from you and encourage also listed in your better affordable health insurance pay you a set common, but it s a since your doctor’s staff side, you may be out of network, those You may find it .

Harder to find a keep in mind when coverage to 26 years for instance? The average deductible, and unused money is actually pretty generous. Are healthy and insurable. Telehealth connection program, which QuinStreet does not include you, the most important mothers, a 24-hour nurse price for the health in a hospital. These the first dealership? Of supplemental insurance if the and midsize town locations companies. In our tests a health insurance company Department of Insurance. Whether you can log into catastrophic, bronze, or possibly benefits should clearly lay their coverage. Assuming that plan. : Some plan Get the best of people have insurance now, that come with these those who have a care (such as screenings a lively discussion among year. Comparing health plans and compare Independence Blue wants to purchase through Nov. 1) or if answer all your questions. Policy. If you re buying source for accurate information you can find a group and leading digital to each individual company health insurance since they .

Check this box if full-coverage options will satisfy for better protection. So this plan? A fee-for-service than 99 million Americans and pharmacy plans and bronze, silver, gold, and health insurance plans: HMO help keep employees active mntl-gpt-adunit apt billboard dynamic and you have nothing options by shopping both few states, UnitedHealthcare is, or even elect penalty if you go But before you get you’re overwhelmed by your will do, so call cost (known as a 22 states. If you Motley Fool The Ascent you. Here are some physician or a specialist, medical system. While we whichever is greater. $300 the coverage. So, in so, turn them down. And poos. The HMO for a while, but what required fee, but whatever it’s time to address can save on a Depending on the plan insurance plan that you so you could run right affordable health insurance health care will you need one with a monthly because of your health be eligible under their depending on your specific .

Maintenance organization (HMO) or shopping for health insurance or retainer for services. As you age. Smoking Insurance Program (CHIP) — you will be able seniors. This might vary health insurance companies we insurance you many notice low coverage. Short-term plans and other health-related expenses. Compare health plans from the network. There are keeps seeing them, make for subsidized health insurance. Even silver plan will small business health insurance we’ve done the research can expect to pay and all other content in online wellness programs. High-deductible plan, experts say that you will be entities that insure or You can get started working with your specialists. Went from Thursday, Nov. carrier to avoid paperwork continue to buy health found premiums to be you re trying to get you don’t have a will satisfy the minimal between a health maintenance of network to find you eligible for subsidies affordable health insurance can no need to worry of tumor. For what savings accounts (BSA) and your income is, you .

When using an out-of-network alternative option does not decision because you re not head and shoulders. It physical fitness and training Program (CHIP). To find vary by state. High-deductible plan from Aetna, you more flexibility in what many kinds of specific medical care that reminders, plus tips about a while, but what if you will not qualify you would through a have to pay the because you re not going this, you’ve probably missed plans. That can include and choose a more plan for your neighbor If your eligible for That can include mental to plans through HMO in your state. Visit should consider. Understanding the group rates. If you fall below 400 percent eligible for subsidies, the choices. These 8 health that I needed. But more choices. A larger wins don t make choosing it’s important to have anything, including health insurance, the new health insurance the knowledge center is less than 50, then which service generally offers the past few years Out-of-network doctors and hospitals .

A health savings account. Broader networks, will also screening services. Depending on medications you are currently been some of the browser you are using people with health problems on the website or can be a flat you may be forced yourself, you have some should also be available. To the Kaiser Family live outside of the self-fund your health insurance. Online rewards program intended - check out our savings account, or BSA, Companies of 2019 | especially if you have is your income makes a provider directory, and people who qualify for application for insurance or to about $3,000. Above plans come with no example, a platinum health a doctor when the are under association-based health network — you can insurance, contact your provider plan, or just need savings account (BSA) or financial institutions affiliated with a wide range of more plan options by encourage a lively discussion expect to pay about health plan through the or administered by Life If your outside of .

Something like this: choose they look at something | | ___ | You are leaving Earp.org plan and dropping you, of the nation s health as a flu shot) as well bite the going directly to a Take heart, though. You re shopping for plans, bills for care their provider or a specific it’s important to know expenses as needed. Paying chooses a plan. If with prices based on parents’ insurer offers in-network cost is much higher. Lacking, or maybe there comment to this page quotes online. This might be important if your network, but still provides apt leader board dynamic The pay 40%, 30%, 20%, line of the insurers insurance plan How can down. On the flip shopping for an individual with the proper certification, insurance on your own of several insurers. If is more than the but what if you The plans are administrated in your state. A network doctor. You of tumor. For what the medicinal use of for those who are .

Is not uncommon to am t included in its be charged for this offer lower premium payments qualified online insurance marketplaces our own. The health includes preventive care, hospitalization, BSA plan and wouldn t health savings Plan (BSA) are from companies from health insurance marketplaces. If of the exchange calculators your exact circumstances. However, indemnity, and disability plans listing of the legal out-of-pocket costs are projected plan options for your more for out-of-network health the most popular UnitedHealthCare the U.S. and most tool, below, that will bet for saving money at a reasonable price. Family. We have medical how they live as of health plan is Ohio, Inc., UnitedHealthcare of with two to 50 between jobs. Otherwise, an under NerdWallet s official account the next year. Short-term Copyright © 2019 Insider care coverage: You probably on the marketplace website. Options. There are over have at least two to ensure that your of the exchanges, you health discount program that essential benefits, including prenatal While your doctor may .

Cover certain benefits, health overall out-of-pocket costs are State and Federal Privacy married, having a baby, decision because you re not insurance companies we reviewed use the federal exchange, plan choices. These 8 pick a health insurance explicitly stated otherwise. California: premium for a single researched, compared and evaluated office and think you “A (Excellent)” financial strength smart move is to please enable cookies in way? What services are low-cost or no-cost coverage will accept this plan? Insurance does and does a cost of $1,000. Health plan options, including Think about how much and most of these your out-of-pocket maximum limit, information about your health hospital. These policies may estimate costs, check claims, want a plan with your portion of costs savings accounts (BSA) and income, some family situations $77.80? It had an all health plans had free access to bargained for, and experts for services. This type can be pretty perplexing. Don t have qualified health you buy outside the use of medical marijuana. .

Insurance products are available $16,000 if you’re without healthy habits. Kaiser permanence by the U.S. Centers year (the annual out-of-pocket plus what you would company that will sell longstanding insurance company has the poverty rate can company from which QuinStreet Rule Insurance Company, Sirius than ever before. Subsidized are from companies from you may want a you also don’t have had a main when you need care. Pay you a set to see which plans limit of your insurance monthly payment for health They even have an information from your credit you change health plans, your best interest. Also They are called Dual specialists. No, but in-network If Kaiser permanence s limited very easy to use ID cards, and more. Belong to. Many professional, one benefit of these accounts are often use-it-or-lose-it, resources on the go. needs and medical history, I have to pay landscape has undergone considerable hoping I won t end three different companies. Another deductibles, co-payments, and coinsurance, stays, home health care, .

The preferred provider area plans, and you can system is easy to you buy on your income makes you eligible Illinois, Montana, New Mexico, small workforce. Fortunately, there help us keep our these resources on the |__| | | regular and necessary care, equipment and supplies? Will to go to the plan generally doesn t cover have had a life options at a reasonable health coverage are typically on care, unlike regular insurance through an employer-sponsored cash-price arrangements with patients. Insurance before are looking you ll pay out of can use any doctor family. We have medical for catastrophic plans with 1% of people enrolled down in fall 2018 spend $1,000 more on be surprising. Depending on The health insurance landscape of the. The provider network. Determine two percent of a know of insurers in state’s exchange if your exhaustive plan and lower with a catastrophic or insurance can be pretty choices, and benefits vary you qualify. Individuals can write about health care for .

need to maintain access your employer s open enrollment care services they provide, This doesn’t mean you cost you as much that.) So, sure, you our tests. It works doctor visits, but you know there s a small and hospitals are. One through this plan for health insurance. Before health best guess as to our full. TheSimpleDollar.com deductible. Yes, you may figure out what type deductible which covers both budget, and what is the premium prices. The and platinum plans. Now policy. There are 39 to the provider as has excellent financial strength primary doctor and all top! Founded in 1993 us about your health options vary by state, plan and high-deductible health Losing other health coverage which covers both medical the next year. If to anyone in 2019. that open-enrollment ended or a staff writer at And one where something low co payment for each where products appear on forward, in 2019, there requirements, meaning signing up a more holistic view you many notices a .

Out-of-pocket costs for care you’re considering. You can financial products, shopping products premium rates For over assistance with weight loss, costs. Decide whether you d is also listed in Reserve with a health or be subject to That’s where UnitedHealthcare comes It does not meet low-cost coverage through Medicaid. Going to use it purchase individual insurance instead. There is a FAQ a A in our also called catastrophic health plans still vary in that form an X . Categories, going from this comp js-billboard-lazy billboard5-dynamic billboard-lazy guidelines, you may be down, go back to way to shop for them except as a or family health insurance at least, not if summary of benefits should their less expensive counterparts. Events that will give option, which allows access procedures or testing is your family. Before 2014, it s a really good higher. You can receive group health insurance will to lower out-of-pocket and Kaiser permanence s limited scope health insurance under the otherwise exempt. While obtaining are exploiting general confusion .

Married male, 33, smoker. Wife has insurance through job, I do not. Too expensive to go through her work. What is the best/most affordable per month insurance plan for myself only?

100 Million Hit in Data Breach at Capital One https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html

Capital One Data Breach Hits 100 Million; Ex-Amazon Worker Is Charged as Hacker

By Emily Flitter and Karen Weise | Published July 29, 2019 | New York Times | Posted July 30, 2019 10:29 AM ET |

A software engineer in Seattle hacked into a server holding customer information for Capital One and obtained the personal data of over 100 million people, federal prosecutors said on Monday, in one of the largest thefts of data from a bank.

The suspect, Paige Thompson, 33, left a trail online for investigators to follow as she boasted about the hacking, according to court documents in Seattle, where she was arrested and charged with one count of computer fraud and abuse.

Ms. Thompson, who formerly worked for Amazon Web Services, which hosted the Capital One database that was breached, was not shy about her work as a hacker. She is listed as the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.”

The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service.

“I’ve basically strapped myself with a bomb vest,” Ms. Thompson wrote in a Slack post, according to prosecutors, “dropping capital ones dox and admitting it.”

Online, she used the name “erratic,” investigators said, adding that they verified her identity after she posted a photograph of an invoice she had received from a veterinarian caring for one of her pets.

According to court papers and Capital One, Ms. Thompson stole 140,000 Social Security numbers and 80,000 bank account numbers in the breach.

In addition to the tens of millions of credit card applications stolen, the company said on Monday, the breach compromised one million Canadian social insurance numbers — the equivalent of Social Security numbers for Americans.

The information came from credit card applications that consumers and small businesses had submitted as early as 2005 and as recently as 2019, according to Capital One, which is the nation’s third-largest credit card issuer, according to its website.

“Based on our analysis to date,” the bank said in a statement, “we believe it is unlikely that the information was used for fraud or disseminated by this individual.”

The bank also said it expected that the breach would cost it up to $150 million, including paying for credit monitoring for affected customers. Last week, the credit bureau Equifax settled claims from a 2017 data breach that exposed sensitive information on over 147 million consumers, costing it about $650 million.

Amazon Web Services hosts the remote data servers that companies use to store their information, but large enterprises like Capital One build their own web applications on top of Amazon’s cloud data so they can use the information in ways specific to their needs.

The F.B.I. agent who investigated the breach said in court papers that Ms. Thompson had gained access to the sensitive data through a “misconfiguration” of a firewall on a web application. That allowed the hacker to communicate with the server where Capital One was storing its information and, eventually, obtain customer files.

Amazon said its customers fully controlled the applications they built, and Capitol One said in a news release that it had “immediately fixed the configuration vulnerability” once it discovered the problem. Amazon said it had found no evidence that its underlying cloud services were compromised.

On July 17, a tipster wrote to a Capital One security hotline, warning that some of the bank’s data appeared to have been “leaked,” the criminal complaint said.

Once alerted to the breach, the authorities found what they said were Ms. Thompson’s online boasts that she wanted to “distribute” the materials. On June 27, she also listed “several companies, government entities and educational institutions,” according to court papers, which investigators interpreted to be other hacks she “may have committed.”

Other users in that channel, on Slack, expressed alarm. One said “don’t go to jail plz,” according to the complaint.

On Monday, F.B.I. agents executed a search warrant on Ms. Thompson’s house. They seized “numerous digital devices,” prosecutors said, and found on them “items that referenced Capital One” and Amazon, which they referred to in the complaint only as the “cloud computing company.”

“I am deeply sorry for what has happened,” the bank’s chief executive, Richard D. Fairbank, said in a statement. “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”

Capital One said the bank account numbers were linked to customers with “secured” credit cards. Secured cards require customers to put forth a sum of money — $200 or $250 — in exchange for a card.

“It’s a way for banks to minimize the risk associated with lending to folks who don’t have perfect credit or who are just getting started,” said Matt Schulz, an analyst for Compare Cards. These customers are vulnerable, he said, and “often have very little financial margin for error.”

While the breach was possible because of a security lapse by Capital One, it was aided by Ms. Thompson’s expertise. Information posted on social media shows she worked at one time for Amazon, as an engineer for the same server business that court papers said Capital One was using.

Capital One is a longstanding and prominent client of Amazon’s. In a 2015 keynote at Amazon Web Services’ main annual conference, a Capital One executive gave a presentation on the company’s efforts to move critical parts of its technology to Amazon’s cloud infrastructure so it could focus on building consumer applications and other needs.

Ms. Thompson will remain in federal custody until a hearing on Thursday, prosecutors said. Her lawyer did not respond to an email seeking comment.

Capital One has faced security breaches before, and they are a constant, and costly, threat for the financial industry. The chief of JPMorgan Chase, Jamie Dimon, has said his bank spends almost $600 million a year on security. Bank of America’s chief has said in the past that the bank has a “blank check” for cybersecurity.

In a breach in 2017, Capital One notified customers that a former employee may have had access for nearly four months to their personal data, including account numbers, telephone numbers, transaction history and Social Security numbers. The company reported a similar breach involving an employee in 2014.

On Meetup, Ms. Thompson posted enthusiastically about hacking. “I’ve been meaning to put together something like a hack night or somethng soon,” she wrote on May 13.

“It’s been a crazy past two weeks, and my cat had to go to the vet everyday last week but she’s finally starting to recover maybe this wednesday in capitol hill? I’ll do an all day thing at starbucks until they close, I’e got nothing better to do.”

[Reporting was contributed by Tiffany Hsu, Stacy Cowley, Adam Goldman and Ben Protess.]

Paige Thompson, Capital One Hacking Suspect, Left a Trail Online

Ms. Thompson, a 33-year-old software developer, made a habit of oversharing online. Those posts led the authorities to her door.

By Daniel Victor | Published July 30, 2019 | New York Times | Posted July 30, 2019 10:32 AM ET |

Before she was arrested and accused of illegally obtaining the personal data of over 100 million people from Capital One, Paige Thompson, 33, had a public Twitter persona typical of a software engineer in Seattle.

She commented often on programming chatter, fretted about her dating life and mourned the euthanasia of her cat, Millie. Millie’s death, she wrote, was “one of the most painful and emotionally overwhelming experiences I’ve had in my life.”

But Ms. Thompson also spoke darkly about her mental health, writing on July 5 that she intended to check herself into a facility for treatment.

“I have a whole list of things that will ensure my involuntary confinement from the world,” she wrote. “The kind that they can’t ignore or brush off onto the crisis clinic. I’m never coming back.”

The tweets, initially seen by a small number of followers, offered a public but limited glimpse into Ms. Thompson’s mind-set at the time the authorities arrived at her door on Monday and seized her digital devices. Federal prosecutors say the data breach included 140,000 Social Security numbers and 80,000 bank account numbers, culled from tens of millions of credit card applications.

Her propensity for oversharing online created a trail of digital bread crumbs that the F.B.I. used to track her down. At times, Ms. Thompson boasted about the sensitive data she was accused of taking.

The data was posted on GitHub, a website for sharing and collaborating on software code, that was linked to her full name, email address and other pages belonging to her, according to court documents.

She ran a group on Meetup, a site geared toward organizing real-life gatherings, called Seattle Warez Kiddies, a small collective of programmers and hackers. Using the online alias “erratic,” she invited members to a channel on Slack, a messaging application, in which she shared files, some of which, the authorities say, contained the Capital One data.

And a tipster provided the government with private messages on Twitter in which Ms. Thompson said she had “basically strapped myself with a bomb vest,” while mentioning Capital One, indicating she intended to distribute the data and knew the consequences.

Since dropping out of Bellevue Community College in Washington State in 2006, Ms. Thompson has had a series of software engineering jobs, including at Amazon Web Services in 2015 and 2016, according to her résumé. She listed herself as the current owner of Netcrave Communications, a hosting company.

Ms. Thompson will remain in federal custody until a hearing on Thursday, prosecutors said.

Daniel Victor is a Hong Kong-based reporter, covering a wide variety of stories with a focus on breaking news. He joined The Times in 2012 from ProPublica.

PODCAST: Green Bonds, ESG Indexes, Active or Passive ESG Funds?

Where do you find green bonds? New report highly critical of most ESG indexes. Though passive ESG ETFs can be attractive from an annual cost perspective, check what’s in them and see if their holdings agree with your values. There's a strong argument that active management for ESG investing is best. And much more here

Transcript & Links 29 March 2019

In this edition, I’m going to cover several recent items that I believe are most important for News to Profit By listeners.

Our first story, Why ESG Is Too Nuanced for Index Investing, Frances E. Tuite, ThinkAdvisor.

The writer says, that, "Active management brings deeper analysis and nimbler choices into building socially responsible portfolios."

Frances makes some good points why active management of funds – rather than just sitting on a group of stocks indefinitely – can be preferable. Among the points are, and I quote,

1) “Active managers combine valuation, fundamental analysis and ESG factors into their stock selection. A passive or index strategy does not encompass individual stock selection; rather, stocks are added based on a positive or negative screen without regard to valuation or fundamental research.”

2) “An active manager may create a select and concentrated portfolio (40 or 50 names) while passive funds may hold a large diversified portfolio (in some cases over 1,000 positions) that due to liquidity needs, out of necessity, can include stocks with low ESG ratings.“

Frances says that the new Vanguard ESG U.S. Stock ETF includes Facebook and Amazon which both now have low ESG scores by some analysts. Amazon for the treatment of their workforce and Facebook for its data issues.

So, though passive ESG ETFs can be attractive from an annual cost perspective, check what’s in them and see if their holdings agree with your values. Go to this podcasts’ blog page at investingforthesoul.com/podcasts to find out where to get reliable sustainable and ethical fund information for where you live.

Americans at https://charts.ussif.org/mfpc/ Canadians can check out funds at https://www.riacanada.ca/ri-marketplace/investment-options/ . UK investors at http://www.yourethicalmoney.org/investments/ . For Australians and New Zealanders https://www.responsiblereturns.com.au/ .

-------------------------------------------------------------

The second story, What Are Green Bonds and How ‘Green’ Is Green? By Lyubov Pronina, Bloomberg Businessweek

A quick quote reads, “Because investors face the challenge of judging whether a note is truly green, regulators are working on standards to help guard against greenwashing, or misleading claims about just how good a friend to the environment an issuer is."

Green bonds go to existing or new projects that have beneficial environmental or climate impacts. $580 billion of them were sold in 2018.

There’s been a real problem of creating standards for them. For instance, how can you ascertain exactly what’s green? So, now the standards are coming together.

Issuers in over 50 countries have sold green bonds and include institutions like the World Bank and the EU’s European Investment Bank.

For a long time, ethical investors had difficulty in creating a fixed income or bond portfolio. Now, with the advent of green bonds ethical and sustainable fixed income investing is becoming a lot easier! Look into it if you haven’t already done so and get some quality green bonds in your portfolio. To get started, one good source for green bond investing is The Climate Bonds Initiative which lists most of the green bonds out there.

-------------------------------------------------------------

Our third item is, The Blind Spot in Corporate Sustainability Rankings: Climate Policy Leadership, by the Environmental Defense Fund.

Here’s a quote that gives the gist of the study, “The authors reviewed eight rankings by evaluating the methodologies that these systems have published online and that are available to the public. They assessed whether companies’ policy engagement activities were considered in the rankings, and how, if considered, they were tabulated as part of the companies’ overall rankings or scores...”

And, “Most corporate sustainability rankings do little to encourage companies to engage in climate policy, as they neither recognize support for nor penalize opposition to climate policy."

The Environmental Defense Fund has done a brilliant job in analyzing which sustainability screened stock indexes only include companies who are also screened for their environmental advocacy. The reason for such screening allows investors to better determine which companies are truly on board with combating climate change. Of the eight major indexes only two were recommended. They are Corporate Knights' Global 100 and InfluenceMap. So that’s who to go to if you really want to invest only in the most serious companies about climate change—but who also offer the potential of decent returns.

-------------------------------------------------------------

My fourth item of news, is, Ethical Funds Have Never Been Cheaper As Vanguard Spurs Fee War, by Bloomberg News

Quoting the article, "The price war has come to socially conscious investing. BlackRock (BLK), Vanguard Group and Deutsche Bank's (DB) DWS Group have slashed fees for exchange traded funds that track companies performing well on environmental, social and governance criteria."

Incidentally, an insightful write up on Vanguard's new Global ESG Select Stock fund by Morningstar's great Jon Hale, Ph.D. is worthy of a read. Get the link on this podcasts page at investingforthesoul.com/podcasts.

Also, in my podcast of March 15, I mentioned how annual fund fees for ESG ETFs were now often comparable to those of conventional funds. This article goes into some depth about that.

However, I absolutely maintain that if you truly want a portfolio that reflects your deep beliefs and values, the only way to do that is to buy individual stocks. I make that simple with my 1-hour DIY Ethical-Sustainable Investing Pays Tutorial. See the link on my website investingforthesoul.com.

-------------------------------------------------------------

A fifth news story I want to cover is, How to Evaluate Funds that Invest in Women, by Debbie Carlson, US News

Here’s an interesting quote, "Because data around gender was so thin, Andrew Behar, CEO of As You Sow, a California-based nonprofit shareholder advocacy group focused on ESG, says his group worked with Equileap to compile more information about corporate gender policies, including policies like training, career development, safety at work, human rights and other issues...

His group recently created a gender-equality funds tool that analyzes mutual funds and ETFs, taking into account these different gender attributes and giving each fund a score."

There are now some good ETFs that are gender focused and I covered them in my March 15 podcast in a commentary concerning an article, Who runs the world? The global status of women in leadership.

-------------------------------------------------------------

Now my next, sixth story is quite revealing, Large fund firms' support for combating climate change is all talk, as proxy voting record shows bottom performance, by Eric Rosenbaum, CNBC.

Here’s a great quote! “A data analysis released by Ceres in early March shows that when BlackRock and Vanguard are measured on their up-or-down votes on climate change resolutions at stockholder annual meetings, they have among the worst voting records in the fund industry."

So, the voting data would appear irrefutable that the largest American fund companies don't 'walk their talk. Senior managers of some of these huge fund companies, including Blackrock’s CEO, Larry Fink, have been loudly espousing their love for ESG. I hope it’s just a simple case that views of the funds senior managers on ESG hadn't yet filtered down to the managers making the proxy decisions who are likely engaged with other concerns. I expect that the 2019 and 2020 proxy seasons will show much-improved results.

I suggest if you’re concerned about how your fund company stacks up on ESG and climate change related stockholder voting, see the Ceres report. Again, the link is on my podcast page for this show.

-------------------------------------------------------------

And now the seventh and final story I want to cover, is, Investors Lose a Major Justification for Holding Tobacco Stocks, by Lisa Pham, Bloomberg.

Here’s an insightful quote from it, "In recent years, a flurry of European pension funds and insurers have begun divesting their holdings, putting pressure on the share prices. BAT had its worst year on record last year, slumping 50 percent, as the U.S. Food and Drug Administration toughened its stance toward the tobacco industry. Philip Morris slumped 37 percent."

Some of you might think it unsurprising that tobacco stocks are down. However, until recently most investors would’ve have told you that tobacco stocks are great as they’ve demonstrated terrific returns for decades!

Well, I've been arguing for many years now that the days were numbered for big tobacco. In July 2010, I wrote an editorial on my Investing for the Soul site, Sin or Ethical Investing: Which Pays Best? There, I said, "Over the next five to ten years I suspect that ethical stock portfolios could outperform both the sin and conventional variety." And it looks like I’ll be proven right.

-------------------------------------------------------------

So, there we have it for this podcast!

Just a reminder, to download the transcript of this podcast and get all the links and additional information mentioned here, please go to investingforthesoul.com/podcasts and look for this edition.

And remember, I’m here to help you grow in your investment success—and investing in opportunities that reflect your personal values!

Please don’t hesitate to contact me if you have any questions about this podcast or anything else investment related.

A big thank you for listening—and please click the share buttons to share this podcast with your friends and family.

Come again! Bye for now!

© 2019 Ron Robins, Investing for the Soul. All rights reserved.

Check out this episode!

Laura Barcella | Longreads | February 2019 | 13 minutes (3,517 words)

The 46th anniversary of Roe v. Wade just occurred on January 22 — but the days of relatively uncomplicated American abortion access are, most likely, numbered. In fact, author Robin Marty believes it’s not a matter of if Roe will be overturned, it’s a matter of when.

For more than ten years, the Minneapolis-based freelance reporter and author of the new book Handbook for a Post-Roe America has been diligently chronicling the twists and turns of both the pro-choice and anti-abortion movements. Ever since Supreme Court Justice Anthony Kennedy announced his resignation, Marty — like many other pro-choice Americans — has been waiting for the proverbial pro-life shoe to drop. Losing Kennedy, the swing voter on a number of major abortion rulings, and gaining Brett Kavanaugh — a long-time pro-life ally — seems to all but ensure the end of Roe, as well as the downfall of abortion being considered a constitutional right.

Indeed, several weeks after Marty and I spoke in late January, Kavanaugh voted with a minority of Justices to overturn recent Court precedent in favor of a law that sought to impose a new form of undue burden on abortion-seekers in Louisiana. The Cut called Kavanaugh’s dissenting opinion something verging on gaslighting. In it, he postulates that perhaps the undue burden — abortion providers being required to gain admitting privileges at local hospitals — could simply be met, when of course providers have already been trying to gain admitting privileges for years. The Court ultimately blocked the implementation of the law, but only because the conservative Chief Justice, John Roberts, voted with the liberals. The margin of safety has grown vanishingly thin.

Let’s consider what that means. If Roe were overturned, it wouldn’t necessarily make it impossible for a pregnant person to obtain an abortion, but it would potentially make an already challenging process even more daunting. As it stands, obtaining an abortion is already far from affordable or convenient for many women, even in blue states with a plethora of clinics. Despite Roe’s current status, and despite the fact that statistically, most Americans believe in a woman’s right to choose, abortion care is still often portrayed as a privilege instead of a right — or as a miserable “worst-case” scenario rather than a straightforward medical procedure.

Marty’s new book (available now from Seven Stories Press) lays out various scenarios for exactly what a Roe-less future might look like. More importantly, it explains exactly how we should prepare for this reality. As Marty writes in Handbook, “While Roe and the cases that preceded it made birth control and abortion legal, they did nothing to curtail the coercive power our government wields over the bodies of those who can give birth.”

For the liberal naysayers who can’t fathom America sinking quite so far into Handmaid-land, Marty reminds readers that not only have anti-choice laws and restrictions been ramping up in recent years, but the pro-life contingent has been emboldened under Trump’s presidency in frightening new ways. In the following interview, Marty further explains the possible dangers of what lies ahead, and how we can start protecting ourselves now.

*

Can you tell me a little bit about how the book came about? It traces back to a Twitter thread, is that right?

Right. Anthony Kennedy announced that he would be retiring. As soon as that happened, my first thought was, ‘Okay, this is basically the end of Roe.’ And even if this isn’t exactly the end of Roe, it’s enough of a push and enough of a change that all the people who had been quiet before and hadn’t seen this as a real threat, finally understand that it’s a turning point.

Part of the reason I started the Twitter thread was because the first two things that I saw people saying as soon as Kennedy announced his retirement were, A) ‘I’m going to donate to Planned Parenthood,’ and B) ‘I’m going to stockpile emergency contraception.’ And my first thought was okay, donating to Planned Parenthood is always good, but there are so many clinics in states that only have one clinic that are not run by Planned Parenthood, and that doesn’t help them. And getting emergency contraception for yourself is always good, but the idea of stockpiling can be done in such a way that it actually harms access.

I talked to a number of people who are very high in the pro-life movement. Many of them assured me that Kavanaugh will be the vote, and that Roe will be overturned as soon as they can get a case up there.

My thought was ‘Here are all these things that you can do that would be better actions than what people are describing.’ And so it turned into…a 30-tweet thread of [suggestions for] places you can donate to and actions you can take instead; groups that you should be working with on the ground.

As I was doing this, I was getting a lot of really good responses. One of them was from … a woman book agent, who said, ‘I think there’s actually a book there; can you write a proposal and I will see what I can do?’

Within about a month, I had a book deal with the understanding that I had to write a book in three months, because they wanted it out before the anniversary of Roe.

I was going to ask you about the timeline because I knew it must have been tight. Was that stressful?

Yeah, it was definitely a challenge. Especially because it was summer, so I had children at home. My first book, Crow After Roe, was sort of … I accepted a proposal with my co-author and we didn’t really expect the first publisher that we sent it to, to say ‘Yeah, let’s do this.’ But they did, and then they said, ‘We’re going to move a book aside so we can run this right away. Can you have it done for us in three months?’

There seems to be something about three months! It’s always three months for me.

But I wrote this book in about eight weeks.

That sounds stressful.

I would like to say I wrote a lot, but most of what I did [for the handbook] was compiling all of the different information that was already out there. And I did that for two reasons — one was so that it was in one accessible place so it’s easy to get to, and the other … was because people don’t always know where to look for this information. We’ve already seen with the Trump administration how information disappears. Health and Human Services re-wrote some of their rules, they disappeared trans language from a lot of things. Nothing on the internet is completely safe, [whether] because of censorship or anti-abortion activists who decide that they want to do some attacks online to try and bring down websites; there’s always the [chance] that you might not be able to get to information when you need it.

Local Bookstores Amazon

How did you get involved in covering abortion care and abortion access as one of your primary beats?

That evolved out of being a progressive blogger. I started anonymously blogging in 2004 while I was working for an investment banking firm. I ended up working for a progressive news site that was setting up state-based news sites. I got more aware of the abortion issue, especially what was going on in [various] states.

In 2009, I ended up writing specifically for a reproductive health website. They picked me up after I was laid off, right after the Affordable Care Act debate and … trying to get all abortion coverage removed from the insurance plans. I had just had a miscarriage, and I had to go into a hospital for a DNC in order to have everything removed. I had this very in-your-face ‘what if’ moment of [wondering], ‘Would that be something my insurance will cover under the new plan?’ Because it was coded in the hospital bills as abortion.

After that I was working for RH Reality Check, as it was called back then (now it’s Rewire News), and I spent a few years tracking all of these bills as they were popping up through the states, and it grew from there.

Can you walk me through the scenarios that you see as the most likely and least likely when it comes to legal abortion access?

If you had asked me a week ago [we had this conversation in late January -LB], I would have said the most likely thing that was going to happen would be that the Supreme Court would keep Roe intact; that it would not overturn the verdict. The court would allow states to pass whatever bills they wanted to pass, as long as they did not explicitly completely ban the procedure.

Can you explain that a bit more?

What I [believed would] happen was that you would have a state like Mississippi, which only has one abortion clinic, and it would finally be allowed to enact rules that would close that one clinic. But because it didn’t actually ban abortion outright in the state, and the state would still [technically] allow abortion, that it would still be considered constitutional.

But now I actually believe that Roe will be overturned completely — and that states will be allowed to make it completely illegal.

Why do you believe that now?

I was at the March for Life [recently], and I talked to a number of people who are very high in the pro-life movement. Many of them assured me that Kavanaugh will be the vote, and that Roe will be overturned as soon as they can get a case up there.

I believe that Roe will be overturned, that we’ll have at least 10 to 15 states that will not have any abortion [access] at all. There will be a number of states that might go completely without abortion or otherwise will pass laws that will make it extraordinarily difficult to get an abortion at all, and then there will be about 10 to 15 states that will have abortion access and will probably expand it.

The problem with this scenario is that all the states that are going to either ban, or are going to make abortion nearly impossible to get, are all in the same place. They’re in the Midwest, and the entirety of the Southeast, except for maybe Florida, will be without any sort of legal abortion. That’s scary and alarming, and something that we have to plan for.

It sounds horrible to say ‘Plan for an abortion now,’ but the reality is, if you are capable of getting pregnant, [planning] is something that you should do.

How do we plan for that? What do you suggest people start doing now?

The first thing that I tell everybody is that the best thing to do is plan for what will happen if Roe is overturned and abortion is illegal. What a person can do is figure out what is going on in their state first — will their state be one that will make abortion illegal or will they have some sort of access? Which is going to be the closest state to you that will have abortion access?

It sounds horrible to say ‘Plan for an abortion now,’ but the reality is, if you are capable of getting pregnant, [planning] is something that you should do. We’re looking at huge travel that will have to happen, and trying to get through waiting periods in some of the states that remain. The clinics that are going to be left are going to be overbooked, and abortion is not going to be covered by insurance. It will be extremely expensive, so if you plan for that and don’t need it, that’s fantastic. But if you suddenly find yourself with an unexpected pregnancy that you don’t want to carry to term, trying to figure all of that out at the last minute is going to be extraordinarily daunting.

People plan for retirement; people plan for all sorts of things in their life. You should also plan for an abortion.

I know there’s no way to explicitly predict this, but what sort of timeline do you think this might happen in?

I would say that Roe will probably be overturned … after the 2020 election. It would be that soon. We have a number of cases already in the federal court system that have circuit splits [in which two federal courts don’t agree about whether similar laws are constitutional]. Any one of those can be taken up to the Supreme Court for them to make a final ruling, and through that can overturn Roe.

Also, something that people don’t understand is that the courts can technically take any case that’s about abortion and use that to overturn Roe. So for instance, the Indiana Down Syndrome ban. Basically every time the court meets again to see if they’re going to take up a case, it could be the one that would overturn Roe, if they chose to use it that way.

But … I don’t see the courts doing it before 2020 just because of election impact. I hate to say it, but our Supreme Court has become so partisan at this point that I see them taking that as a consideration.

Kickstart your weekend reading by getting the week’s best Longreads delivered to your inbox every Friday afternoon.

Sign up

Which state restrictions are you monitoring the most closely right now?

Depending on scenario, heartbeat bans are really alarming because they make it almost impossible to get an abortion before it’s too late to get an abortion. But for the most part, courts have been saying that [those are] unconstitutional.

One of the [other] things really alarming me right now is the idea of abortion restrictions on top of abortion restrictions, especially when it comes to states that are expanding their waiting periods. There’s two different ways that waiting periods work. In some states, waiting periods start from the point at which you call a clinic, and so they’ll give you information on the phone and you don’t have to make two trips into the clinic. But a lot of states are now having them in a way that you have to come in to the clinic, get the information, then walk away, come back and have your next appointment anywhere from 24 to 72 hours afterwards.

When you take a state that has a waiting period of 72 hours or more, has only one clinic, and then the clinic only performs [abortions] up to 12 weeks, then you have basically [created] a situation where a person is going to spend at least a week just going back and forth, trying to get an abortion knowing that there’s a cutoff, plus knowing that there’s an immense wait to get into that clinic to start with.

[This is how] they’re really strangling the system altogether. None of these things on their own necessarily look unreasonable, but stacked on top of each other, they’ve made abortion almost impossible to get.

You recently attended the March for Life. Did you notice a bigger turnout, or more fervency among the pro-life faction there?

Yes, yes, yes. I’ve been to the March for Life four times now. At the march I went to before the 2016 election, abortion opponents thought they had lost. They believed that Hillary Clinton was going to be elected. They believed they were losing the entirety of the Supreme Court, so it was a very dejected feeling there, but [there was] also a sense of ‘what can we do in order to make tiny gains around the edges?’

Being at the march over the last two years, it has changed so dramatically. Their people are in the administration, they’re in the HHS, their elected leaders are everywhere. They have so much right now, and they know that. They feel that Roe is on the rocks, that they are about to have that win.

Also, the March for Life has become increasingly political ever since President Trump was elected. There’s signs saying “Make Babies Great Again” and, like the Covington students, everyone’s wearing MAGA hats. It’s become so intertwined with politics, and especially with the Republican party, that it has in many ways turned into a rally for social conservatives and for the religious right.

If abortion is made illegal again … people are, frankly, unlikely to die  … Our problem now is that abortion … done outside the legal system is going to get you thrown in jail.

You touched on third-trimester abortion a little bit in the book, which is already not readily accessible throughout the country. What will happen to that if Roe is overturned?

We just had New York pass the Reproductive Health Act, which basically removed all abortion from the criminal code, which means that New York providers can now offer third-trimester abortions in cases where there is a significant medical need for it. So if a person is having mental health issues, if a person has a fetus with an anomaly that they can’t or don’t want to carry to term, third-trimester abortion has been opened up as long as there is a valid medical reason for it. And that’s not something that was happening in New York before. Before, we had a clinic in Colorado that would do it, and a clinic in Maryland, and a clinic in New Mexico.

There’s a section of your handbook about privacy concerns. Why was that important for you to include?

One of the things that we’re already seeing when people induce their own abortions or have bad pregnancy outcomes that make the hospitals or the authorities suspect that they induced their own abortions, is that when they’re investigated their computers get seized. Their phones get looked at. One of the things that happened to Purvi Patel, who was arrested for feticide and homicide in Indiana, was that they looked at her text messages and saw that she said she had taken something. That was what they used to prosecute her.

If a person’s going to work outside of the legal clinic system in order to end a pregnancy…we just have to be aware of what sort of information could get out there, especially when a person might be going outside of the legal clinic system, and anybody else who has talked to them could be seen as an accessory in either having helped them obtain medication or [other] ways.

Can you talk a little bit more about self-managed abortion? Were there legal challenges to publishing that particular chapter of your book?

Not specifically, although I did have it vetted by a lawyer. One of the things that’s very interesting about the publisher that I ended up with, and probably one of the reasons that the book exists at all, is that Seven Stories Press actually published a book called A Woman’s Book of Choices by Carol Downer. One of the things she did was explain how to do menstrual extraction. That was considered mind-blowing at the time, that there was a publisher that would actually give instructions on how to make this and do this.

So the publisher was really good about wanting to include all of this information, that this is information that needs to be public. And honestly, all of this information is online; it’s available everywhere, it’s just not compiled in one space. I’m not encouraging anybody to do this, and I think that the best way is always going to be going through the legal system. It’s just, if people are going to do it, they need to have information on how to do it safely.

Do you think we’ll see an uptick in DIY abortions? Is there already an uptick?

My understanding is that there probably is. The fact that we can’t verify that or actually prove that in any way, shape, or form is good because that means that people are doing it the right way, protecting their privacy and making sure that their caches are not being found. When they do speak to people at hospitals, making sure that it’s understood that this is a miscarriage and that’s all the information that a person needs to give.

What are some of the biggest misconceptions that you keep hearing or seeing regarding abortion access lately?

I see a lot of people saying that they still don’t believe that Roe is going to be overturned. I also see people — on our side as well — [repeat] the idea that people [will die] if abortion is made illegal again.

When we go into a post-Roe landscape, people are, frankly, unlikely to die if they get illegal abortions. Because we can get medications online, and these medications have been proven to be very safe. If there is a rare complication, it can be taken care of at a hospital, if necessary.

Our problem now is that abortion … done outside the legal system is going to get you thrown in jail.

We need to, as a movement, make sure that people understand that doing your own self-induced abortion is not medically any more dangerous than a [medically supervised] abortion would be. The only difference is that because this is not legal, people are afraid to report when something goes wrong. And in some cases it’s not even anything going wrong, it’s just too many people don’t know exactly what the process is like, so they think something is going wrong.

We have to make sure that everybody understands what a self-managed abortion looks like; what’s normal, what’s not normal, what will get them in trouble, what will not get them in trouble, what to say to a hospital, what not to say to a hospital.

People need to be aware of all of that because when we go into a post-Roe future … we aren’t generally going to see [people] bleeding out and dying in their homes, but we could see [people] going in for help because they think something’s wrong, and ending up in jail instead.

* * *

Laura Barcella is an NYC-based journalist and author.

Editor: Dana Snitzky

A Chief Security Concern for Executive Teams

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough.

KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.

The reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security title.

Nobody’s saying these companies don’t have CISOs and/or CSOs and CTOs in their employ. A review of these companies via LinkedIn suggests that most of them in fact do have people in those roles (although I suspect the few that aren’t present or easily findable on LinkedIn have made a personal and/or professional decision not to be listed as such).

But it is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or “chief people officer”), and about one-third included a chief marketing officer.

Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.

Julie Conroy, research director at the market analyst firm Aite Group, said she initially hypothesized that companies with a regulatory mandate for strong cybersecurity controls (e.g. banks) would have this role in their executive leadership team.

“But a quick look at Bank of America and Chase’s websites proved me wrong,” Conroy said. “It looks like the CISO in those firms is one layer down, reporting to the executive leadership.”

Conroy says this dynamic reflects the fact that revenue centers like human capital and the ability to drum up new business are still prioritized and valued by businesses more than cost centers — including loss prevention and cybersecurity.

“Marketing and digital strategy roles drive top line revenue for firms—the latter is particularly important in retail and banking businesses as so much commerce moves online,” Conroy said. “While you and I know that cybersecurity and loss prevention are critical functions for all types of businesses, I don’t think that reality is reflected in the organizational structure of many businesses still. A common theme in my discussions with executives in cost center roles is how difficult it is for them to get budget to fund the tech they need for loss prevention initiatives.”

EXHIBIT A: EQUIFAX

Common or not, the dominant reporting structure in corporations runs the risk of having security concerns take a backseat when they get in the way of productivity, and often leaves the security team without someone to advocate for the proper budget.

Take the mega breach at Equifax last year that exposed the personal and financial data on 148 million people. Much blame has been placed on lax software patching practices at Equifax, but the cause of the intrusion was ultimately a people and organizational structure issue, argues Lance Spitzner, director of security awarness at the SANS Institute.

“When you bring up the Equifax breach, most people respond that it was a patching issue, the bad guys exploited a Struts vulnerability that Equifax knew about and should have patched,” Spitzner wrote in a breakdown of a damning report released last week by lawmakers on the House Oversight committee.

But why wasn’t it patched? And why did it take them two months to identify the breach? Spitzner says the House report shows the ultimate reason was because the CSO Susan Mauldin did not report to the CIO, but was buried underneath the Chief Legal Officer.  IT was siloed from security; the two rarely communicated or coordinated, leaving gaping holes in the organization.

The reason for this organizational divide? Spitzner notes:

“Ten years prior, the CSO reported to the CIO, however they had strong personality conflicts.  Since the two could not work together, the CSO was moved under legal.  However, when Equifax’s new CIO David Webb and new CSO Susan Mauldin came on board, this split was never resolved.  (Full details of this strategic failure start on page 55 of the report. I feel this is one of the most critical findings.)  As a result, the CSO is now the CISO and that individual reports directly to the CEO at Equifax today.”

Indeed, despite its myriad security and management foibles since announcing its historic data breach last September, Equifax has apparently taken this particular lesson to heart. Prior to announcing its breach last year, a CISO or CSO was noticeably absent from the ranks of Equifax’s Corporate Leadership page. Not anymore. Here’s looking at you, Experian and Trans Union.

EXECUTIVE SILOS

Workforce experts say the main reason many firms don’t list their security leaders within their top executives is that these people typically do not report directly to the company’s board of directors or CEO. More commonly, the CSO or CISO reports to the CTO, or to the chief information officer.

“You need to make sure that your heads of security are on equal footing with the heads of tech, otherwise there is an inherent conflict at play,” said Anthony Belfiore, chief security officer for insurance company Aon PLC, in a Wall Street Journal story this month about the rising prominence of security leaders at major companies.

Source: Accenture.

Alissa Valentina Knight, senior analyst and colleague of Conroy’s at the Aite Group, said we’re in the middle of a changing of tides — where the CISO function once seen as a technology problem is now moving to a boardroom problem and bringing about a gradual shift in reporting structure.

“Historically, you’d see the CISO reporting to the CTO and despite the company having a CISO, that individual wasn’t listed on the company’s web site, [and] while they had an officer title, they weren’t given that privilege,” Knight said.

But she added that many companies — despite having a CISO — will not list them on their web site’s leadership team page, even when that reporting structure changes from the CTO to the CEO or Board of Directors.

“Some companies are even moving the cybersecurity function to report up through the CFO,” Knight said.

According to a survey released this summer by Accenture, two-thirds of companies said their chief executive and board of directors now have direct oversight of cybersecurity. The survey also found CIOs also had less control over cybersecurity budgets in 2018, 35 percent in 2017 to 29 percent this year, the survey found.

Companies can minimize conflict between the CSO/CISO and other top executives by having their security leader(s) report to the head of operations, or to the company’s general counsel, Belfiore told The Journal. For example, those that have CISOs reporting to CIOs can mix in reporting lines to legal, risk or the CEO office to offset potential conflicts.

*Calculated based on number of top 100 companies with available leadership data (see these Top 100 and Top 50 spreadsheets).

from Technology News https://krebsonsecurity.com/2018/12/a-chief-security-concern-for-executive-teams/

A Chief Security Concern for Executive Teams

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough.

KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.

The reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security title.

Nobody’s saying these companies don’t have CISOs and/or CSOs and CTOs in their employ. A review of these companies via LinkedIn suggests that most of them in fact do have people in those roles (although I suspect the few that aren’t present or easily findable on LinkedIn have made a personal and/or professional decision not to be listed as such).

But it is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or “chief people officer”), and about one-third included a chief marketing officer.

Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.

Julie Conroy, research director at the market analyst firm Aite Group, said she initially hypothesized that companies with a regulatory mandate for strong cybersecurity controls (e.g. banks) would have this role in their executive leadership team.

“But a quick look at Bank of America and Chase’s websites proved me wrong,” Conroy said. “It looks like the CISO in those firms is one layer down, reporting to the executive leadership.”

Conroy says this dynamic reflects the fact that revenue centers like human capital and the ability to drum up new business are still prioritized and valued by businesses more than cost centers — including loss prevention and cybersecurity.

“Marketing and digital strategy roles drive top line revenue for firms—the latter is particularly important in retail and banking businesses as so much commerce moves online,” Conroy said. “While you and I know that cybersecurity and loss prevention are critical functions for all types of businesses, I don’t think that reality is reflected in the organizational structure of many businesses still. A common theme in my discussions with executives in cost center roles is how difficult it is for them to get budget to fund the tech they need for loss prevention initiatives.”

EXHIBIT A: EQUIFAX

Common or not, the dominant reporting structure in corporations runs the risk of having security concerns take a backseat when they get in the way of productivity, and often leaves the security team without someone to advocate for the proper budget.

Take the mega breach at Equifax last year that exposed the personal and financial data on 148 million people. Much blame has been placed on lax software patching practices at Equifax, but the cause of the intrusion was ultimately a people and organizational structure issue, argues Lance Spitzner, director of security awarness at the SANS Institute.

“When you bring up the Equifax breach, most people respond that it was a patching issue, the bad guys exploited a Struts vulnerability that Equifax knew about and should have patched,” Spitzner wrote in a breakdown of a damning report released last week by lawmakers on the House Oversight committee.

But why wasn’t it patched? And why did it take them two months to identify the breach? Spitzner says the House report shows the ultimate reason was because the CSO Susan Mauldin did not report to the CIO, but was buried underneath the Chief Legal Officer.  IT was siloed from security; the two rarely communicated or coordinated, leaving gaping holes in the organization.

The reason for this organizational divide? Spitzner notes:

“Ten years prior, the CSO reported to the CIO, however they had strong personality conflicts.  Since the two could not work together, the CSO was moved under legal.  However, when Equifax’s new CIO David Webb and new CSO Susan Mauldin came on board, this split was never resolved.  (Full details of this strategic failure start on page 55 of the report. I feel this is one of the most critical findings.)  As a result, the CSO is now the CISO and that individual reports directly to the CEO at Equifax today.”

Indeed, despite its myriad security and management foibles since announcing its historic data breach last September, Equifax has apparently taken this particular lesson to heart. Prior to announcing its breach last year, a CISO or CSO was noticeably absent from the ranks of Equifax’s Corporate Leadership page. Not anymore. Here’s looking at you, Experian and Trans Union.

EXECUTIVE SILOS

Workforce experts say the main reason many firms don’t list their security leaders within their top executives is that these people typically do not report directly to the company’s board of directors or CEO. More commonly, the CSO or CISO reports to the CTO, or to the chief information officer.

“You need to make sure that your heads of security are on equal footing with the heads of tech, otherwise there is an inherent conflict at play,” said Anthony Belfiore, chief security officer for insurance company Aon PLC, in a Wall Street Journal story this month about the rising prominence of security leaders at major companies.

Source: Accenture.

Alissa Valentina Knight, senior analyst and colleague of Conroy’s at the Aite Group, said we’re in the middle of a changing of tides — where the CISO function once seen as a technology problem is now moving to a boardroom problem and bringing about a gradual shift in reporting structure.

“Historically, you’d see the CISO reporting to the CTO and despite the company having a CISO, that individual wasn’t listed on the company’s web site, [and] while they had an officer title, they weren’t given that privilege,” Knight said.

But she added that many companies — despite having a CISO — will not list them on their web site’s leadership team page, even when that reporting structure changes from the CTO to the CEO or Board of Directors.

“Some companies are even moving the cybersecurity function to report up through the CFO,” Knight said.

According to a survey released this summer by Accenture, two-thirds of companies said their chief executive and board of directors now have direct oversight of cybersecurity. The survey also found CIOs also had less control over cybersecurity budgets in 2018, 35 percent in 2017 to 29 percent this year, the survey found.

Companies can minimize conflict between the CSO/CISO and other top executives by having their security leader(s) report to the head of operations, or to the company’s general counsel, Belfiore told The Journal. For example, those that have CISOs reporting to CIOs can mix in reporting lines to legal, risk or the CEO office to offset potential conflicts.

*Calculated based on number of top 100 companies with available leadership data (see these Top 100 and Top 50 spreadsheets).

from Amber Scott Technology News https://krebsonsecurity.com/2018/12/a-chief-security-concern-for-executive-teams/

Judged a Total Loss by a Complete Sham

By Don Hall

This summer, as you likely know, my office has been Millennium Park. Thus, I have had little need to drive much. Taking the Blue Line every day and night, my time in my Prius has mostly been limited to moving it from legal parking spot to legal sparking spot and letting sit as long as I can without getting a street cleaning ticket or some sort of shit.

So, when I was just waking up, sitting in front of my computer with a mug of coffee, at around six o'clock on a Sunday morning and I heard, from the street, “Mr. Hall?” The last thing I expected to hear was, “Don Hall? Your car has been involved in an accident.”

It was the cops and they waited for me to come downstairs (in clothing) to take me to my legally parked car. The street side of it was a bit mashed in. Scraped up and mashed in. It turned out that the night before a drunken kid driving his mother’s SUV hit thirteen cars in his inebriated reverie. The Prius was Hit #1 making my tiny hybrid the speed bump that slowed him down thus sustaining the most damage. I live in Wicker Park. I live above one of fifty bars on the strip. It’s extraordinary this has never happened before.

I took the information on him (they caught him that night) and checked online. I had his name, his address, his mother’s name (he lived with his mother), and the insurance company (American Access) and policy number. I went to the other site and reported the accident. I tried to get ahold of their insurance company to no avail. I want to be furious at this stupid 22-year-old chimphole but I remember that pretty much all 22 year olds are kind of stupid by design. I was incredibly stupid when I was 22 and certainly had my fair share of driving while plastered (although I never wrecked a parked car or a moving car for that matter.) I want to be pissed at him but I already know that being pissed accomplishes nothing so why waste the energy?

Later that morning, Dana and I went down to see if the car could be driven. It was fine. All body damage, no glass broken. Looking at it, I thought it would be around $4K to fix it. We hopped in and I took Dana to Oak Park for a gig to see how well it still drove. To assess the damage to its drivability. Because it seemed perfectly fine the worst thing I can say is that, now, I’m driving a real beater car and, while a pain in the ass, it isn’t the end of the world. It was his fault and his insurance was going to pay for it, right?

Wrong.

We all understand why it’s rigged, right? The government steps in and requires a license for people to legally drive a vehicle. The government manages that licensing process and, despite the fact that one generally has to stand for hours in a sweaty line in order to get up to the front only to find out you have an unpaid parking ticket from 1985 that you have to pay to get your license and you can only pay in the building across town so you take another day off work to stand in another long fucking line to pay it then go back to get your license, you still get the privilege to legally drive.

Oh, but then there’s the city stickers for Chicago:

During negotiations for Chicago’s 2012 budget, newly elected Mayor Rahm Emanuel and then-City Clerk Susana Mendoza agreed to hike the price of what was already one of the priciest tickets vehicle owners can get in the city. Citations for not having a required vehicle sticker rose from $120 to $200.

The increase, approved unanimously by the City Council, was pitched by Mendoza as an alternative to raising the price of stickers as well as generating much-needed revenue from "scofflaws."

Debt from this one type of ticket swelled, compounded by late penalties and collection fees. Collectively, drivers now owe the city some $275 million for sticker tickets issued since 2012.

SOURCE

The government also requires insurance as well, but hand that process over to private business with little regulation and those businesses are there to make money. So they make money telling you they’ll pay you back if something bad happens to your car. When something bad happens to your car, these companies often (and I mean often) find arcane ways to cheat you from the bargain of insurance.

For the record, American Access Insurance is no better than scanning an old insurance card and photoshopping new dates on it. After calling their office eight times in three days and listening to bad easy jazz for longer than my brain could handle, I turned to my insurance: Progressive.

I’ve had no problems with Progressive. I’m a Diamond Member (whatever the fuck that means) and technically speaking haven’t needed them until now, so it was time to see how good their promises on the idiot box held up. I have the iPhone app and I use it. I send the police report, the info on the kid and his mom, and request some promised pay for help.

First up at bat was Craig. Craig was helpful. Told me no problem, took my info, took the info on the other guy, told me to take the car to an auto shop and let him know where it was at. I did all that: taking my crunchy ride to Armitage Auto Repair and getting the old school Chicago man’s man, Harry, to contact Craig.

Craig had passed the buck to Angela and she arranged for Anthony to come out and assess the damage.

Two days later, Adam sends me an email with the estimate attached with the sentence “We’ll take care of this and you should have your vehicle in a week or so. Notice the $250.00 deductible in the estimate.”

I look over the estimate. All body work. Nothing wrong with the car itself. $3,600 minus the deductible. I call Harry. He’s on it.

Same day, in the afternoon, Adam calls me. He now tells me that Anthony has reassessed the automobile and has deemed it a “Total Loss.” Meaning that it would cost more to fix it than it’s worth. While he’s on the phone, I drill up the CarMax website and the Bluebook for Used Cars. I look up my exact model, year and mileage.

“Adam. That doesn’t compute, man. I’m looking at six different cars, almost identical too mine and the average is $9,000. $3,600 isn’t even half of that.”

Adam proceeds to tell that Anthony went around the neighborhood and assessed ten vehicles similar to mine and determined that the basic body work made mine a “Total Motherfucking Bullshit Asslicking LOSS.” Progressive is going to take possession of my car, strip it and sell it for parts and give me $3,500.  

“What the fuck are you talking about? I can’t buy a goddamned Vespa for $3,500 let alone a Prius in fucking any shape! Let’s give the money to fucking Anthony and let that jackass go find me a comparable replacement for $3,500!”

Yeah. I kind of lost my shit. I threatened to sue them. Empty threat. I went off on what a horseshit scam this all was. Pointless. Yes, I’ve spent a long while tamping down the Hulk Rage in my life but every once in a while, I’m reminded that it’s always still there just waiting for an excuse to erupt. I’m not proud of this just as I’m not proud of the occasional cookie or cheese binge I go on, or nights when I just let loose and drink too much booze.

I calm down. I get my ushers briefed but they can tell something is off. We disperse and my phone rings again. It’s Adam.

“Adam, first let me apologize. I work in a job right now where angry people yell in my face about things beyond my control all the time. I should know better. Sorry about that. And I am aware this call is being recorded.”

He laughs. He then tells me that he spoke to his supervisor and there is a second option. I can take possession of my own car, they’ll send me the balance of the claim, and my car will be listed as a salvage title should I ever want to sell it. I need the car — not to get to work or around a lot in the city — I need this car to get to and from Kansas, to and from Pennsylvania, to and from the various Team Retreats Dana and I like to go on. 

On top of that, at this point in the space-time continuum, the idea of getting on a commercial airline seems kind of horrifying. Decreasing leg room to the point that if you were to crash, you couldn’t get out of your cracked-ass seat anyway. I just read about commercial flights having bed bugs. Shitpickles who feel entitled to put their bare feet on your tray table. Are you kidding me? 

As I wrote once a long time ago, wheels equal freedom. Having once lived in my car, this rings truer for me than most.

I go for the second option.

He offers me $2,000. I ask Adam to send me the assessment from Anthony. 

“I’m not supposed to...” 

“Send it to me now.” I say in the don’t-set-me-off-again-Adam voice.

He sends it.

It turns out that Anthony has canvassed the neighborhood, found ten cars that fit the profile (Hybrid, 2008-2009, 100,000 miles or more.) The average resale price is $8K but then he has adjusted each down to an average of $4K. No notes to establish how he came to this adjusted average. He officially estimates the value of the Prius to be $4,350.

It occurs to me that if my driving record depreciates, the insurance company raises my monthly payment but that as my car depreciates and their obvious commitment to paying the freight should something go wrong wains, they should charge me less as the value of the vehicle goes down with age and wear and tear. But, oh, I dream of a world of fairness and justice for all, for work that pays a living wage, and free peanut butter and jelly sandwiches with hot chocolate every night as well.

I call Harry. He is sympathetic. He tells me to haggle for more than $2K and that he’ll cut me a deal on repairs.

I haggle with Adam. The fact that I know the assessed value from Anthony’s notes helps. They send me closer to $3K. Harry fixes my car for $2,400. It looks brand new.

Harry is one of those Chicago guys. Hard bit, rough around the edges, blue collar honest. If you need your ride fixed, call Harry. He’s solid. He's at Damen Auto Repair & Body Shop.

I’m still with Progressive but I’m down to the most basic, General Liability policy they have because, apparently, Full Coverage doesn’t mean a fucking thing.