Dr. Mohamed Kamel is a graduate of Cairo University School of Dentistry in Egypt. He later obtained his Certificate of Prosthodontics from Rutgers School of Dental Medicine. He currently serves as an Assistant Professor in the Restorative Department at Rutgers. Dr. Kamel is a two time recipient of the “Excellence in Teaching Award” at RSDM and has numerous publications.
Occlusion is perhaps one of the most challenging facets of prosthodontics. Although Occlusion is one of the basic dental sciences, it is very hard to understand. Occlusal assessment is not only essential in planning any dental restoration but also essential at restoration delivery. It is imperative for the dentist to have the basic knowledge of the occlusal concepts and develop the skills to properly identify any occlusal interference and fabricate restorations with ultimate stable functional occlusion. In this lecture presentation, we will discuss the masticatory system, mandibular movements, occlusion concepts, diagnosis of TMD, the ultimate stable functional occlusion, and review of some clinically demanding cases.
There was no MCDS Board Meeting or General Meeting in May, so there are no meeting minutes, pictures, and no Treasurer’s report in this newsletter. The usual newsletter format and content will return for the October issue.
Text Message 2 Factor Authorization is not as secure as we have been led to believe, by Bob Silverstein
It is now a relatively common practice for web sites to either require or strongly recommend 2 Factor Authentication (2FA) to secure your online account. Banks and other password-protected sites like Google have been doing this for some time.
Places where you have online accounts have always required you to login with a username and password. This is a “1 factor” system - your password is the only “secret” part about it that theoretically, only you and your account knows. What if your password gets stolen (relatively common these days...)? Then the thief can login as you, pretend they are you, and do nefarious things. Once they are logged in as you, they could change the password to something only they knew, and locked you out of your own account. 2FA via SMS (“short message service,” commonly known as text messages) was supposed to be a way to overcome stolen passwords and to verify changes to your password. The second “factor” would be a one time code with an expiration, that was sent to the cell phone number. Assuming it really was you making the request to login or change your password, the assumption was that since only you would be in possession of your cell phone, that if a text message with the one time code was sent to your cell phone for verification, then it must be you. However, 2FA was never meant to be secure on its own; it was just meant to supplement password authentication, and hackers have figured out multiple ways to circumvent 2FA over SMS.
Thanks to data breaches like with Equifax, the “dark web” has lots of our personal information. If a potential thief has your address, last 4 of your SSN, and maybe credit card information on you, they can call your wireless provider and have your cell number transferred to a different SIM card. When the SMS is supposed to get sent to your phone, it gets sent to theirs instead. If this were to happen, you would know about it right away because your cell service would be cut off.
If you have a malicious app installed on your phone, it could capture and intercept SMS messages and send them to the cyber criminal. The best practice to prevent this is to not “jailbreak” your iPhone, and to make sure that your Android phone has the most up to date software installed (this tends to be more of an issue with Android phones than iPhones).
Another issue is that an outdated telecommunications protocol (SS7) is still in use. It was developed in 1975 and is so widely used that it is not easily replaced. Sophisticated hackers can use the flaws in this system to listen in to almost any telephone conversation.
Web developers sometimes don’t include limits on the number of times someone can enter an incorrect validation code that was sent to you by text. If they haven’t done this, then hackers can use “brute force” to just keep trying codes until they find one that works. With most verification codes being 4-6 characters long (and these are most often just numbers in my experience), this results in about 152,000 possible variations that any hacker can easily go through using a computer and a script.
Some sites let you login using a third party site (like allowing your to use your Google or Facebook credentials to log into their site or make a purchase). If an attacker has your Google or Facebook credentials, they could log in to the third party site and do something malicious.
The most common way to get hacked is via a phishing attack. For example, you get an email that looks like it is from linkedIn. You don’t look closely enough to notice that it was actually sent by “llnkedIn.” Clicking the link in the email takes you to the fake page, which looks exactly like the LinkedIn page. You wind up putting in your login credentials into a phishing site and having 2FA used against you. (By the way, this is called “typo-squatting.” Hackers buy domains that are common mis-spellings of common web sites, and hope that you don’t notice that either you typed the address incorrectly, or don’t notice when they send you a phishing email).
Google now has a product called “Advanced Protection.” Instead of sending verification codes via SMS, they require you to buy 2 physical security keys (they suggest purchasing them from Amazon). One is a wireless key that works on your phone, tablet, and computer (you also need a cable), and this costs about $30. You are instructed to carry this with you at all times so if you want to log in to your Google Account, you have to physically attach the key to your computer with the cable or connect it to your phone or tablet. The second is a USB backup ($20) that attaches to your computer. The keys also work with other services like Twitter, Facebook, Dropbox and Dashlane, and are designed to circumvent the hacks above that can occur with SMS 2FA. You’ll have to decide for yourself if it is worth this level of inconvenience.
As I have recommended in the past, you can do a lot to protect yourself by NEVER clicking on a link in an email that requires you to provide login credentials. If you get a message that you think is from your bank that you need to act upon, don’t click on the link in the email; open up your web browser yourself, type in the link (and check to make sure that you have not made any typos) or use a saved link in your “favorites.” I would still recommend using 2FA. It does put up an additional obstacle, and is still worth doing. Just realize that it has flaws, and don’t think that by using it, you are completely secure.
On another note: If you want to find out if your email address has been compromised due to a data breach (called being “pwned”), go to https://haveibeenpwned.com. If it says you have been (mine was invovled in 5 breaches: Adobe, Dropbox, etc.), scroll down to see which breaches your accounts were involved in and what was compromised. You can then change your username or password or security questions for those sites.
Last tip: Never honestly answer security questions like where you were born, dog’s name, where you met your spouse, etc. If you do, and share the same information across multiple sites, if one site gets compromised, they all get compromised. Just make up random gibberish for the answers and use a password manager like 1Password or LastPass to archive the answers.
DENTAL OFFICE AVAILABLE TO SUBLET
Modern, high end office located in a professional building in North Brunswick available to sublet part time. Great opportunity for a new dentist startup, satellite office or specialist. Please email inquiries to email@example.com.
Dentist - Full Time position with future buyout.
All phases of general dentistry.
2 years experience or residency.
Please call 732-735-0220 or
Email to firstname.lastname@example.org
Like MCDS on Facebook!
Visit our Facebook page and like us!