Archive for July, 2010

Facebook and your privacy online

Thursday, July 29th, 2010

Facebook is in the headlines again today. The reason, as usual, concerns privacy and the personal data of facebook users. A man named Ron Bowes used a program to scan facebook and collect personal data from user accounts. The catch this time is that the personal data was all publicly available under each user’s profile.

By revealing the personal data of 100 Million users (100,000,000 – that’s a lot of zeros), Mr Bowes wanted to highlight the privacy issues associate with facebook. Note that the data he collected was all available to anyone searching the Internet. He just had a fancy tool do the heavy lifting for him. The information was available based on the settings each of the facebook users had for his or her account.

The solution that he and others propose for the issue of data available is to save all the users from themselves. That is, facebook (and presumably other social networks) should by default have all settings set to hide all personal data from view from others.

While this may not in general be a bad idea, it loses sight of the bigger issue which is that most people just don’t make the connection between privacy and the information they make available on social networks. In addition, having all settings switched to ‘maximum secrecy’ is not going to change human nature. It may actually make things worse. Instead of making people think twice about the information they are making available online, they may be upset at the barrier set up to sharing with their friends, and they may simply go and flip all the settings off.

While facebook could do a much better job explaining what it’s privacy settings mean to the user, the task of privacy still remains with the user.

We must be careful with ANY information we put online.

Peter L

Tags: , ,
Posted in News and Commentary, Passwords and Security | No Comments »

Not so secret secrets that will keep you safe online

Tuesday, July 27th, 2010

Good article on security ’secrets’ that will help keep you safe.

Start at the end and move to the beginning. The advice about knowing what programs you use and making sure that they are up to date is easy and huge, HUGE – really big! – in keeping you safe. This applies to programs and your operating system. Even though Microsoft and most software developers encourage their users to automate the update process, most people don’t seem to ‘get around to it’. What is it about leading a horse to water…

While they do seem to have a lot of updates, Microsoft doesn’t up-sell in their updates. There is no excuse to not have the latest security patches on a daily basis – or however often they come out. (Whining about Microsoft isn’t going to help, so just get the updates.)

I do see a problem with updates from a lot of the other software vendors. Large or small, a lot of vendors intentionally blur the boundary between security updates and sales pitches for upgrade. This discourages a lot of users – including yours truly – from paying attention to what is included in the latest update. It is easier to say ‘no’ to an update, then to try to decipher whether this is a payable upgrade or something that I need!

It is up to you to know what you have on your computer so that you will know when something fishy is going on.

Peter L

Tags: ,
Posted in News and Commentary, Passwords and Security | No Comments »

Back to basics – protecting yourself online

Monday, July 26th, 2010

Basic advice for staying safe while staying connected on vacation. Actually – it’s very good advice for your everyday usage, also! As with the great majority of advice you’ll see here, or on the Sticky Password facebook page or stuff that we link to, you’ll notice that most of this involves common sense.

Two big issues with being active on …the Internet are 1) that people often think that they’ve built a bond with someone they’ve never just because they both play World of Warcraft online. The truth is that you don’t know who is on the other end of the discussion. Just as you wouldn’t share your personal info with a stranger in the subway who was also wearing a Yankees jersey just because you are also a fan, you should never make your info available online. Someone may misuse it. (Getting away with it 9 times out of 10, won’t take the pain out of getting burned that 10th time!) And 2) the idea of anonymity. Somehow, because we are using a computer, we think that there is a veil of anonymity over anything we do. Nothing could be further from the truth. Unless you are careful, that computer can easily reveal anything and everything you’ve entered – all the sites you’ve visited, your personal data and more.

Taking basic precautions may take a few minutes (really, only a few minutes), but it can save you from the anguish and real problems of identity theft. AND, by taking those few precautions, you’ll probably get even better use of your computer as you learn to use it better.

Peter L

Tags: , ,
Posted in General, News and Commentary, Passwords and Security | No Comments »

How password management is performed by a friend of mine

Wednesday, July 21st, 2010

One night my landlady told me, that she had some ”Notification failures” in her Hotmail inbox and if I can help her, since I work for a software security company. So of course I agreed and had a look at her Inbox. It was full of “Notification failure” messages, that some email was not delivered, that some mailbox doesn’t exist and so on. So I had a look at her sent messages and I saw a lot of sent emails to many many emails in BCC (blind carbon copies). Wow, it was the first time I have seen some hacker just hacking someone’s email account and using it for spamming. That was scary. Really scary.

So I told her to immediately change her password and also to tell me her password and guess what, it was the most common password ever!! 123456. Oh my gosh! I was shocked! And then when we tried to change the password I have realized that she had been using this password since  she created her email account. Since 1998! That’s right! She had the same poorest password for 12 years. She is lucky that someone hacked her email just 2 weeks ago. So I tried the password changing process and it stopped me with the message: “Please update your browser and system” because she hadn’t updated her browser and system for 2 years! Yes, 2 years. So we had a lot of updates to go through and after 3 hours I was finally able to change her mail account password. So I asked her what password she wanted to use and she told me “Well, if 123456 is not secure enough, lets go with my other password happyhappy.” Oh my gosh again! Come on!

So I told her the basics of selecting a strong password and, of course, I told her about Sticky Password and all of its benefits. She was so surprised about all the password management topics and she also told me, that she has been using 2 passwords for all of her accounts all her life.

Now she is in the middle of starting her new online life.

Petr P

Tags: , ,
Posted in General | No Comments »