Posts Tagged ‘identity’

Facebook and your privacy online

Thursday, July 29th, 2010

Facebook is in the headlines again today. The reason, as usual, concerns privacy and the personal data of facebook users. A man named Ron Bowes used a program to scan facebook and collect personal data from user accounts. The catch this time is that the personal data was all publicly available under each user’s profile.

By revealing the personal data of 100 Million users (100,000,000 – that’s a lot of zeros), Mr Bowes wanted to highlight the privacy issues associate with facebook. Note that the data he collected was all available to anyone searching the Internet. He just had a fancy tool do the heavy lifting for him. The information was available based on the settings each of the facebook users had for his or her account.

The solution that he and others propose for the issue of data available is to save all the users from themselves. That is, facebook (and presumably other social networks) should by default have all settings set to hide all personal data from view from others.

While this may not in general be a bad idea, it loses sight of the bigger issue which is that most people just don’t make the connection between privacy and the information they make available on social networks. In addition, having all settings switched to ‘maximum secrecy’ is not going to change human nature. It may actually make things worse. Instead of making people think twice about the information they are making available online, they may be upset at the barrier set up to sharing with their friends, and they may simply go and flip all the settings off.

While facebook could do a much better job explaining what it’s privacy settings mean to the user, the task of privacy still remains with the user.

We must be careful with ANY information we put online.

Peter L

Tags: , ,
Posted in News and Commentary, Passwords and Security | No Comments »

Back to basics – protecting yourself online

Monday, July 26th, 2010

Basic advice for staying safe while staying connected on vacation. Actually – it’s very good advice for your everyday usage, also! As with the great majority of advice you’ll see here, or on the Sticky Password facebook page or stuff that we link to, you’ll notice that most of this involves common sense.

Two big issues with being active on …the Internet are 1) that people often think that they’ve built a bond with someone they’ve never just because they both play World of Warcraft online. The truth is that you don’t know who is on the other end of the discussion. Just as you wouldn’t share your personal info with a stranger in the subway who was also wearing a Yankees jersey just because you are also a fan, you should never make your info available online. Someone may misuse it. (Getting away with it 9 times out of 10, won’t take the pain out of getting burned that 10th time!) And 2) the idea of anonymity. Somehow, because we are using a computer, we think that there is a veil of anonymity over anything we do. Nothing could be further from the truth. Unless you are careful, that computer can easily reveal anything and everything you’ve entered – all the sites you’ve visited, your personal data and more.

Taking basic precautions may take a few minutes (really, only a few minutes), but it can save you from the anguish and real problems of identity theft. AND, by taking those few precautions, you’ll probably get even better use of your computer as you learn to use it better.

Peter L

Tags: , ,
Posted in General, News and Commentary, Passwords and Security | No Comments »

How password management is performed by a friend of mine

Wednesday, July 21st, 2010

One night my landlady told me, that she had some ”Notification failures” in her Hotmail inbox and if I can help her, since I work for a software security company. So of course I agreed and had a look at her Inbox. It was full of “Notification failure” messages, that some email was not delivered, that some mailbox doesn’t exist and so on. So I had a look at her sent messages and I saw a lot of sent emails to many many emails in BCC (blind carbon copies). Wow, it was the first time I have seen some hacker just hacking someone’s email account and using it for spamming. That was scary. Really scary.

So I told her to immediately change her password and also to tell me her password and guess what, it was the most common password ever!! 123456. Oh my gosh! I was shocked! And then when we tried to change the password I have realized that she had been using this password since  she created her email account. Since 1998! That’s right! She had the same poorest password for 12 years. She is lucky that someone hacked her email just 2 weeks ago. So I tried the password changing process and it stopped me with the message: “Please update your browser and system” because she hadn’t updated her browser and system for 2 years! Yes, 2 years. So we had a lot of updates to go through and after 3 hours I was finally able to change her mail account password. So I asked her what password she wanted to use and she told me “Well, if 123456 is not secure enough, lets go with my other password happyhappy.” Oh my gosh again! Come on!

So I told her the basics of selecting a strong password and, of course, I told her about Sticky Password and all of its benefits. She was so surprised about all the password management topics and she also told me, that she has been using 2 passwords for all of her accounts all her life.

Now she is in the middle of starting her new online life.

Petr P

Tags: , ,
Posted in General | No Comments »

Taking passwords seriously

Sunday, January 31st, 2010

A few recent articles have revealed (again) that most people don’t take their online security seriously. Maybe a better way of saying this is that most people don’t seem to connect the dots between their passwords (online logins) and how they help keep their personal data secure. At a time when everyone is talking about identity theft protection and personal data privacy, a huge number of Internet users still use very weak passwords (anything that is predictable or can be easily guessed) or repeat the same password in multiple accounts.

The purpose of passwords is to keep others ‘out’. By using predictable passwords, you’re making it easier for someone to get ‘in’. That doesn’t mean that someone will get in, or even that someone will try to get in, but you’ve made it easier for him. It’s worthwhile identifying two basic categories of wrongdoers: those we know and those we don’t know. When thinking about security, most people think about a threat that they can imagine. When I was about 10 years old, I had a safe in which I kept my allowance and a few small prized possessions (actually, it was a piggy bank with a very simple combination lock). My only concern at the time was to keep my sister out. I had no concept of other threats and so my security system focused on the threat I could picture in my mind. (Confident that she would never be able to guess it, I probably used something like my birth date as the combination!) With online logins and passwords – when thinking about threats at all – the picture of bad guys for most people is someone trying to access their account just as they themselves would: sitting at a computer and trying combinations of numbers and letters. That’s not always the case.

Most people are generally trusting and don’t think that their friends and family would try to access their online accounts: maybe they wouldn’t, but relationships do change and people are curious, so why open yourself to the risk!? In general, it’s because of the people who know us that we shouldn’t choose passwords tied to our children’s or pets’ names, birthdays, and other personal and family information that may be known by others. These people know your details and would probably start trying to get into your account with this info.

As for the other group – the guys who are usually dressed in black in the movies – people think that really bad guys aren’t interested in their accounts. But these are the bad guys that we all need to protect ourselves against. They don’t care who you are, they just want data – your personal data! These are the bad guys who use brute computing force to access, or hack, accounts. They don’t personally go from one account to the next – patiently trying to get into a specific person’s accounts. They have powerful computers that try millions of combinations of logins and passwords every hour all over the World Wide Web. And, here’s where strong passwords with combinations of numbers, letters (upper and lower case) and special characters come into play. Each little twist to a password makes it that much harder to crack. It doesn’t matter whether you think the info in your email account is valuable, someone out there does. He probably doesn’t want to read your email – but your login and password are $valuable$. Valid logins and passwords are worth more on the black market today than a valid credit card number!

It bears repeating: the purpose of passwords is to keep others out! Make sure you use passwords that will keep others out.

Tags: , , , ,
Posted in Passwords and Security | 6 Comments »

Your online identity – dead

Tuesday, January 5th, 2010

I just found about the web 2.0 suicide machine. Wow! That’s what I call finding a need and filling it.

Once you get past the gallows humor – and, even though it is really only one graphical page, it took me a good while to do so, because they’ve done a great job of playing on the theme in the look and feel of the site.  The terminology used (‘sign out forever’, ‘commit’, ‘resting in a better a life’, etc.) and using a noose as the main graphical element are used consistently without overdoing it. The site gets the message across without being morbid: like watching the Addams Family, but with a moral.

Anyway, once you get past all that, you discover that they are serious about providing a service: they disconnect or ‘kill’ your online connections is various social networks (LinkedIn, Twitter, etc.). As far as I can tell, they aren’t doing anything that any of us couldn’t do on our own. They are simply automating the process for us. That seems legitimate to me. In fact, even if they were doing something that we couldn’t do ourselves (because of our own limited know-how, or time, or even because of EULA restrictions from the social networking sites), I think it is legitimate that we be able to own our information and identities online, and do with them what we want. And that is the underlying concept to all of this. It is a serious matter that companies and organizations can claim or suggest that they own information that is personal to us.

Kudos to web 2.0 suicide machine for helping us take a stand on our own behalf!

And they’ve scored quite a marketing coup: the web 2.0 suicide machine service has been banned from Facebook. Visit their website and see the great banner ad they’ve posted on their site. Other than Oprah promoting them on her show, I can’t think of a more powerful marketing tool at this early stage of their existence.

Did I mention that I really like the way they’ve designed their site!?

Peter L

Tags: ,
Posted in General, News and Commentary | 3 Comments »