Facebook and your privacy online

July 29th, 2010

Facebook is in the headlines again today. The reason, as usual, concerns privacy and the personal data of facebook users. A man named Ron Bowes used a program to scan facebook and collect personal data from user accounts. The catch this time is that the personal data was all publicly available under each user’s profile.

By revealing the personal data of 100 Million users (100,000,000 – that’s a lot of zeros), Mr Bowes wanted to highlight the privacy issues associate with facebook. Note that the data he collected was all available to anyone searching the Internet. He just had a fancy tool do the heavy lifting for him. The information was available based on the settings each of the facebook users had for his or her account.

The solution that he and others propose for the issue of data available is to save all the users from themselves. That is, facebook (and presumably other social networks) should by default have all settings set to hide all personal data from view from others.

While this may not in general be a bad idea, it loses sight of the bigger issue which is that most people just don’t make the connection between privacy and the information they make available on social networks. In addition, having all settings switched to ‘maximum secrecy’ is not going to change human nature. It may actually make things worse. Instead of making people think twice about the information they are making available online, they may be upset at the barrier set up to sharing with their friends, and they may simply go and flip all the settings off.

While facebook could do a much better job explaining what it’s privacy settings mean to the user, the task of privacy still remains with the user.

We must be careful with ANY information we put online.

Peter L

Tags: , ,
Posted in News and Commentary, Passwords and Security | No Comments »

Not so secret secrets that will keep you safe online

July 27th, 2010

Good article on security ’secrets’ that will help keep you safe.

Start at the end and move to the beginning. The advice about knowing what programs you use and making sure that they are up to date is easy and huge, HUGE – really big! – in keeping you safe. This applies to programs and your operating system. Even though Microsoft and most software developers encourage their users to automate the update process, most people don’t seem to ‘get around to it’. What is it about leading a horse to water…

While they do seem to have a lot of updates, Microsoft doesn’t up-sell in their updates. There is no excuse to not have the latest security patches on a daily basis – or however often they come out. (Whining about Microsoft isn’t going to help, so just get the updates.)

I do see a problem with updates from a lot of the other software vendors. Large or small, a lot of vendors intentionally blur the boundary between security updates and sales pitches for upgrade. This discourages a lot of users – including yours truly – from paying attention to what is included in the latest update. It is easier to say ‘no’ to an update, then to try to decipher whether this is a payable upgrade or something that I need!

It is up to you to know what you have on your computer so that you will know when something fishy is going on.

Peter L

Tags: ,
Posted in News and Commentary, Passwords and Security | No Comments »

Back to basics – protecting yourself online

July 26th, 2010

Basic advice for staying safe while staying connected on vacation. Actually – it’s very good advice for your everyday usage, also! As with the great majority of advice you’ll see here, or on the Sticky Password facebook page or stuff that we link to, you’ll notice that most of this involves common sense.

Two big issues with being active on …the Internet are 1) that people often think that they’ve built a bond with someone they’ve never just because they both play World of Warcraft online. The truth is that you don’t know who is on the other end of the discussion. Just as you wouldn’t share your personal info with a stranger in the subway who was also wearing a Yankees jersey just because you are also a fan, you should never make your info available online. Someone may misuse it. (Getting away with it 9 times out of 10, won’t take the pain out of getting burned that 10th time!) And 2) the idea of anonymity. Somehow, because we are using a computer, we think that there is a veil of anonymity over anything we do. Nothing could be further from the truth. Unless you are careful, that computer can easily reveal anything and everything you’ve entered – all the sites you’ve visited, your personal data and more.

Taking basic precautions may take a few minutes (really, only a few minutes), but it can save you from the anguish and real problems of identity theft. AND, by taking those few precautions, you’ll probably get even better use of your computer as you learn to use it better.

Peter L

Tags: , ,
Posted in General, News and Commentary, Passwords and Security | No Comments »

How password management is performed by a friend of mine

July 21st, 2010

One night my landlady told me, that she had some ”Notification failures” in her Hotmail inbox and if I can help her, since I work for a software security company. So of course I agreed and had a look at her Inbox. It was full of “Notification failure” messages, that some email was not delivered, that some mailbox doesn’t exist and so on. So I had a look at her sent messages and I saw a lot of sent emails to many many emails in BCC (blind carbon copies). Wow, it was the first time I have seen some hacker just hacking someone’s email account and using it for spamming. That was scary. Really scary.

So I told her to immediately change her password and also to tell me her password and guess what, it was the most common password ever!! 123456. Oh my gosh! I was shocked! And then when we tried to change the password I have realized that she had been using this password since  she created her email account. Since 1998! That’s right! She had the same poorest password for 12 years. She is lucky that someone hacked her email just 2 weeks ago. So I tried the password changing process and it stopped me with the message: “Please update your browser and system” because she hadn’t updated her browser and system for 2 years! Yes, 2 years. So we had a lot of updates to go through and after 3 hours I was finally able to change her mail account password. So I asked her what password she wanted to use and she told me “Well, if 123456 is not secure enough, lets go with my other password happyhappy.” Oh my gosh again! Come on!

So I told her the basics of selecting a strong password and, of course, I told her about Sticky Password and all of its benefits. She was so surprised about all the password management topics and she also told me, that she has been using 2 passwords for all of her accounts all her life.

Now she is in the middle of starting her new online life.

Petr P

Tags: , ,
Posted in General | No Comments »

Protecting yourself against hackers of all sorts

June 28th, 2010

Now that security professionals are talking about hacking cars, home security systems, and digital cameras, you’re probably wondering if there is anything that is safe from hackers. At least your home appliances are safe – right?! Well, no. Now, even your high-tech blender is a potential risk.

The goal of the hacker isn’t always to get your personal data. In the case of appliances and GPS devices, the experts are saying that the device will be used to mislead or distract you, opening you up to an attack. When you take a look at the things highlighted in the article that hackers are focusing on, or will soon be focusing on, you’ll see that there is something very simple that you can do to improve your own security.

Simple yet critical: use the built-in security options of your devices.

Many of the items mentioned in the article have functionality that relies on communication via a wireless network, or in some other way uses computer technology. Just by following basic computer security procedures like getting the latest software updates, picking strong passwords and using the basic security settings, you’ll stand a much stronger chance of protecting yourself.

Going back a few years to when major brand name viruses like Melissa ravaged the Internet, a huge number of the infected computers were vulnerable because users simply did not perform the suggested Microsoft security updates.

Hackers then and now count on users NOT following basic security instructions.

Don’t become a statistic! Take the time to learn how to use the security features. In most cases, you’ll see that it’s just as easy to use the security as not, with the undeniable advantage that you’ll be safer.

Also mentioned in the article is the ‘last frontier of hacking’ – the human brain. The author points out that at least part of this is the realm of social engineering: a con-game tricking you to act in some way. The realm of phishing and other email exploits try to trick you to click on something or to send your information to someone for your share of millions of dollars.

Ah, but that’s a topic for a different blog

Peter L

Tags: , ,
Posted in News and Commentary, Passwords and Security | 2 Comments »

Security is manageable – passwords and more

June 24th, 2010

Your security online is made up of little things that each and every one of us CAN manage. Much of protecting yourself involves paying attention and being aware of what you are doing when using your computer. Even the settings that you use for your computer and security programs are designed to allow you to make a reasonable decision based on the way you use your computer. The few minutes of paying attention while installing your security software can make all the difference. Know what the software is doing for you, so that you’ll be able to recognize when something strange is going on.

A password manager is there to do for you those things that take up your time and really are an effort. Creating strong passwords for each website and keeping them straight in your head isn’t easy. And it does take time to use them. We recommend Sticky Password, but whether you use a password manager or not, you should be aware of the basics of safe passwords: unique strings of letters and numbers that can’t be guessed for each site and purpose. And, of course, don’t share your passwords with anyone.

And, as has been written in this blog before, DON’T believe everything you read. That’s generally true, but on the Internet, you are likely to be overwhelmed by offers. If you wouldn’t accept the offer from someone on the street, then there is even more reason to reject it from a mysterious someone who wants to share riches with you. Your odds of winning the lottery are better than getting ‘your share’ of the millions of dollars.

Review these general security tips and you’ll see that protecting yourself is something that you CAN manage.

Tags: , ,
Posted in General, News and Commentary, Passwords and Security | 1 Comment »

A brief history of hacking

June 9th, 2010

Check out this abridged history of hacking.

The history of mankind: there is always someone out there who is interested in getting access to other people’s ‘stuff’. While many of the examples given in the post focus on government systems, that’s not the rule. Breaking into a military system is always a thrill (and embarrassment to the government), but breaking into company and personal accounts is more lucrative. Systems can be hacked, so it is YOUR responsibility to take care of your personal data. Strong passwords are a requirement for protecting your personal data.

Also very interesting is the type of people who are doing the hacking. You may not have seen your Aunt Sally in the list, but a lot of those teenagers and students could have lived just down the street from you. Make sure that you are securing your passwords.

Peter L

Tags: , , , ,
Posted in News and Commentary, Passwords and Security | 1 Comment »

Passwords, personal data and Identity Finder

May 14th, 2010

Here in Essex County, New Jersey, the county is promoting the annual computer and electronics recycling day (this Saturday, May 15), so when I saw the article about Identity Finder on ComputerWorld.com, I was in the right mindset to appreciate the problem.

What’s the problem? Your computer can end up in the strangest places.

Your computer = YOUR PERSONAL DATA

Whether you give your computer to a family member or donate it to a good cause, or someone steals it, all that stuff you put in there thinking that no one would ever see has a way of staying around a long time. And, for as long as the data is there, someone can get to it. (I know that computer recycling projects often claim to wipe all the data clean, but I wouldn’t count on someone else doing it for me.)

Identity Finder (cute logo!) does a deep scan of your computer to locate data associated with your identity – social security and credit card numbers, birthdays, unencrypted PASSWORDS, etc. If you’ve had your computer for any period of time, it is going to have information that you’ve forgotten about. Some of that data should not get into the wrong hands!

The author mentions that Identity Finder can ‘shred’ the files to ensure that the data is unrecoverable, which is very good. It brings up the question of whether Identity Finder can find the data in files that underwent a ‘standard’ delete and therefore are still technically accessible on the hard drive. THAT would be a great service to the average computer user.

All the passwords and personal data that are stored in Sticky Password are encrypted – so even if someone gets access to the computer, he won’t be able to get to your information. Passwords stored in your browser aren’t secure. Neither are passwords in that old Word or Excel file that you labeled with the mysterious title: mypasswords.doc. Knowing where your sensitive data are is a big step in protecting yourself.

I’ll be running Identity Finder scan on my computer this weekend!

My only question: what were all those social security numbers doing on the author’s computer in the first place!?!

Tags: , ,
Posted in News and Commentary, Passwords and Security | 5 Comments »

Identity theft and the average Joe

April 19th, 2010

I’d like to see the next security survey include a follow-up question to the ‘are you afraid of identity theft’ question. Something along the lines of: ‘do you know what identity theft is and how you can protect yourself?’

I’m not trying to belittle the issue of identity theft. But my own experience is that most people simply repeat the phrase because they’ve heard it so many times on TV and the radio. They don’t understand it and therefore they don’t take even the most basic of precautions to protect themselves.

It’s kind of like the idea of ‘panic rooms’. After the release of the Jodie Foster film (2002), it was all the rage to talk about ‘safe rooms’ and all sorts of new fangled security systems. But do you know anyone who actually did anything to increase the security of his or her home? Lots of talk and no action!

With identity theft, the situation is worse because identity theft is something that can impact each and every one of us. If you have a social security number (in the US, or the national ID in other countries), or credit card, or a bank account, or utility bills you are at risk. Each one of us who is living in modern society is a potential target.

Make sure you protect your personal data. As far as computer usage is concerned, at the very least make sure that your computer software is up to date, including security patches. Make sure you have the basic security programs installed and running: anti-virus software, firewall, anti-spam, and a password manager. With email: don’t open it or click on it unless you KNOW who sent it! Be jealous of your privacy!

Do you know what identity theft is? How are you protecting yourself?

What would your answers be?

Peter L

Posted in General | 3 Comments »

Password stealing

April 18th, 2010

I just ran across a little article about a school having its computer system compromised because of a password being swiped. It seems that a student in the 4th grade got the password from a teacher’s desk and then used it to fiddle with the district-wide computer ‘blackboard’ system. No long-term harm was done, but I’m sure the IT folks were scrambling for a while before they figured out what had happened.

Luckily, the alleged child culprit wasn’t prosecuted! While the 9-year old surely misbehaved, in my estimation, the offense doesn’t warrant a criminal punishment. Instead, it should be a call to the school to figure out why passwords are accessible to curious 9-year olds. (Aren’t all 9-year olds curious!?!)

What is missing from the article is any mention of the security policy of the school. Is it standard policy for teachers to write their passwords on post-it notes and to leave them on their desks? Why did this teacher have a password with administrator rights? Do all of the teachers have admin rights? Did the teacher follow procedures for keeping the password safe? Were there any procedures to follow?

We aren’t given any details, but would we be going out on a limb to conclude that the fault or breach is the fault of the teacher, if not the school or district for failing to follow an appropriate security policy for passwords?!

Peter L

Posted in General | 1 Comment »

« Older Entries