Skip to main content

Mike McBride's Library tagged Security   View Popular, Search in Google

Jan 28, 16

"Until a year or 2 ago, the best-known program for creating and using encrypted container files was TrueCrypt, which was open source and widely supported with millions of users. Then the project was abruptly shut down. No one quite knows why, but rumours persist that the developers were formally discouraged from maintaining something that could allow law enforcement agencies to intercept information.

Luckily, the project now lives on in the form of VeraCrypt, which is based on the TrueCrypt code. It's still open source and it's still free, and it works just the same. It includes some minor new features, some bug fixes, and ongoing support. And it will work with your existing TrueCrypt container files if you have any."

Anyone used this fork of the Truecrypt code? I'm definitely going to check it out soon for some archived data I've got laying around. At least when I get home and have a chance.

Jan 15, 16

"According to research 77 percent of people said that they did not feel that public Wi-Fi was any less secure than their own personal internet connection, 75 percent also said that they wouldn’t curb their activity on public Wi-Fi and they weren’t conscious of anything they may need to avoid doing whilst using it, showing a lack of awareness of the potential risk when using public Wi-Fi."

We are clearly failing to educate people on the risks of using public wifi.

I'm not saying you should never use it, as much as I travel there's no way I could claim that, but be aware of what you do when connected to a public network and plan accordingly. If you're on a public network, like a hotel, and not taking any steps to use a VPN or other type of encrypted connected, then every you send from your computer goes across that network. Someone with a little tiny bit of knowledge can grab a copy of all of it simply by being connected to the network at the same time as you.

So wait to do any online banking or shopping until you're not on a public network, change your passwords frequently, and turn on two-factor authentication whenever you can.

Do you use public wifi networks? How do you keep yourself safe? Let's get a good collection of professional techie tips going!

Jan 15, 16

"Also appearing to be correct were reports that the "hacking" that took place in this instance was of the less hack-y variety and more of the let's-try-the-guy's-old-password-y. "

Yeah so, let's learn a lesson here people. Don't start a new job with the same password you used at your old job, OK?

Yes, using the password to access the Astros data was illegal, but something as simple as not using the same password that you just turned over to the old employer would have thwarted this hacking attempt.

Jan 10, 16

"Once again, it appears the only way to make our nation's intelligence oversight committees care about surveillance is to include them in the "fun."

Unfortunately, our elected officials aren't any better than most Americans. It's all fun and games to violate the privacy, or prevent the practice of free speech, or other Constitutional freedoms when it's other people. But when it gets turned around on themselves, suddenly it's the most awful thing in the world.

Jan 06, 16

" You define e-mail address(es) for those you trust and a timeout period. Should something happen to you, the person identified can send a request to access your LastPass vault. LastPass then contacts the owner to make sure everything is okay and starts the timer. If the owner of the vault doesn't respond to LastPass within the timeout period, the requester is given access. It is an optional feature that must be enabled, but it sounds like a good idea to me."

I like it too. I might just be enabling this pretty soon on my LastPass account.

Dec 30, 15

"Our psychology of e-mail doesn't match the reality. We treat them as ephemeral, even though they're not. And the archival nature of e-mail -- or text messages, or Twitter chats, or Facebook conversations -- isn't salient."

It's so easy to fire off an email, comment, or tweet, without thinking about someone reading it years later.

But we should really think about it.

Dec 28, 15

My advice? Always check your credit card bills. Get online access to your statement and check what is being charged to your account on a weekly basis, especially if you travel and use your credit card often as part of your work.

Report anything that doesn't make sense. Chances are your credit card details have been leaked somewhere. Treat that as a reality.

Dec 12, 15

"77% of firms are more concerned about security threats than they were just two years ago: In addition, the majority of respondents to the survey indicated that their security concerns have increased over the past year, with none indicating a decrease in concern over the past year;"

It's about time. Everyone who has any private data of any kind should be concerned about keeping that data safe, law firms are no exception.

Nov 25, 15

"According to the statement issued by Jim Holthouser, Executive Vice President of Global Brands, "unauthorized malware" was used to gain access to Hilton's point-of-sale systems resulting in the theft of payment card information of some of its guests. The attacks are said to have occurred between November 18 to December 5, 2014; and April 21 to July 27, 2015. Customers who used their cards at any of the Hilton Worldwide hotels - including its subsidiary brands, such as Waldorf Astoria, Conrad Hotels & Resorts, Double Tree, Embassy Suites, and others - during these periods have been recommended to monitor unusual activity."

Not that I don't already keep a close eye on my credit card transactions. As much as I travel, and use my card, I know better.

Nov 24, 15

An online quiz that illustrates the words you use the most on Facebook as a "word cloud" has gone viral -- and it's a great reminder of why you should be wary of connecting ostensibly fun games with your account. UK-based VPN comparison website Comparitech has delved into how it collects not just your name, but also your birthdate, hometown, education details, all your Likes, photos, browser, language, your IP address and even your friends list if you link it with Facebook. Too many details for a simple game, right? If you agree, you may want to think hard before linking any other FB quiz in the future, because most of them require you to give up a similar list of information.

Nov 19, 15

Yes, you should probably do this. If you've stored a credit card with Amazon, now that they are supporting two factor authentication, you need to enable it.

I will be!

Nov 04, 15

I've said it before. Google is a company that sells advertising. Anything that will help them target advertising to users will be done, including keeping track of what you search for.

I have resisted the urge to use a VPN all of the time, but I may need to revisit that idea.

Oct 24, 15

"There's been a lot of data breaches lately, and the numbers seem to be constantly increasing. From the high profile attacks against the likes of Ashley Madison and Sony Pictures, to the lesser known breaches like Kmart Australia and Systema Software, it's practically becoming routine to read a headline that says, "Company X breached; data on millions of users stolen," and there doesn't appear to be a way to stem the tide.

But what if I told you that these breaches are better than what we're likely to see in the future?
...
Think about the recent OPM breach, where data on every United States Federal employee was stolen. Not only were social security numbers taken, but also sensitive data like fingerprints. Now imagine that instead of the attackers stealing all of the data, they instead modified fingerprint data. Maybe they put their own fingerprints in place of an undercover agent's. Or maybe they simply change the fingerprints so that when an agent tries to confirm their identity, they're seen instead as a convicted felon. Perhaps instead of breaking someone out of a prison by force, an attacker modifies the convict's data to issue them an early release. Or in a more mundane use, simply change your credit card account to "paid in full" or reverse a payment of someone you don't like.

Considering it takes nearly a year to detect the average security breach, is it really that far-fetched to think that impacting data integrity will soon be more advantageous than simply attacking the confidentiality of the data?"

This is when things will get ugly. Unfortunately, I think something this bad is going to have to happen before the average person really starts to think seriously about data security. Too many people are taking a "I have nothing to hide" approach to data storage and even surveillance. How well will that approach work when someone manipulates the data to make it appear that you really do have something to hide?

This is why many of us are against collecting the data in the first place. If it's not being tracked, it can't be targeted.

As far as the stuff that does need to be kept, we need better security in place, as well as better ways for individuals to have the ability to check the data being collected about them, and see what it actually says. I shouldn't have to wait until I find myself in trouble to find out there is erroneous data out there about me. I can always pull my credit report and challenge that information, I can't do that with "secret" databases being accessed by the government.

Oct 22, 15

Your government at work. These are the people responsible for protecting all of the personal information that is included with your taxes, and they can't even find all of their own computers in order to upgrade them, and some of the ones they have found, are still running 12 year old versions of Windows Server.

That's just fantastic.

Oct 18, 15

"Such concerns didn’t strike me as farfetched, but I was reluctant to air them in mixed company. I knew that many of my fellow citizens took comfort in their own banality: You live a boring life and feel you have nothing to fear from those on high. But how could you anticipate the ways in which insights bred of spying might prove handy to some future regime? New tools have a way of breeding new abuses. Detailed logs of behaviors that I found tame—my Amazon purchases, my online comments, and even my meanderings through the physical world, collected by biometric scanners, say, or license-plate readers on police cars—might someday be read in a hundred different ways by powers whose purposes I couldn’t fathom now. They say you can quote the Bible to support almost any conceivable proposition, and I could only imagine the range of charges that selective looks at my data might render plausible."

I don't necessarily recommend becoming paranoid, but it'd be silly to continue walking around without recognizing how much of our behavior, especially online, is being monitored, recorded, and interpreted out of context. Right now it's more likely that Apple, Google, Facebook et al, are using the information to push ads to you, but don't discount how much government agencies are doing the same tracking, and potentially making decisions about you based solely on that information.

The article is a long read, but worth the time. Unless you want to continue living in blissful ignorance.

Oct 14, 15

Yet another reason you should not, repeat NOT, just plug in a USB drive that you find laying around! Only use ones that you, or someone you trust, has used to store data.

Also, ones that your instructor gives you at training classes I teach should be safe too. I plug those into my laptop in order to copy the class files first, so if there's a massive problem, it'll hit me! ;-)

Oct 08, 15

Honestly, I haven't given much thought to boarding passes. When I have a printed one, I typically hang on to it and throw it away once I reach my destination, assuming that once the flight has been completed, it has no value. (I am crazy about not losing it before a flight, out of what is probably an irrational fear of someone else boarding the plane in my place, but hey, it's my fear.)

Given all of the information about me that is available in the text, let alone the barcode, I should probably hang on to all of them until I get home and shred them though, instead of tossing them at the hotel. Or, always just use electronic ones, which stores them on my phone, but really,aren't we all taking precautions to protect all of the other data that's on our phones anyway?

Oct 05, 15

"As the Internet of Things continues to expand, so too will the sources of potentially material evidence. Xively, a part of LogMeIn, claims to connect 400 million devices, from usual suspects like computers down to individual light switches. The usefulness of that information those devices collect will continue to increase as IoT manufacturers improve their ability to connect device interaction with individuals. Just last Thursday, LogMeIn announced Xively Identity Manager which seeks to link device usage to individuals.

Take a nap? Turn off a light? Turn down the A/C? The Internet of Things knows and it's keeping a record."

This will be interesting to watch. Lawyers are already struggling with eDiscovery from mobile devices and things we've already had for years. As the Internet of Things starts tracking lots of information about us, how will that data play out, and how will we verify that the data is correct? How many people really think about whether the reporting can be hacked, making it appear that our car was in a specific area, when it really wasn't, for example?

Never a dull moment!

Oct 05, 15

This article reminded me of a statistic I saw during a presentation on insider threats last week. In a recent survey, over one third of employees would willingly sell their passwords/access to anyone, some for as little as $150.

See the problem here is that while so many people are starting to wake up to the data security problem that we have, and some are even starting to realize that the people who have access to that data are the most important link to that data when it comes to keeping it secure, I don't know that many are correlating that fact with just how disengaged some of their employees are.

An employee who would sell their access credentials for cash, is an employee who doesn't care at all about the organization they work in, and in many cases, why should they? Yes, it's unprofessional, and illegal, and I can give you a host of other reasons why anyone should at least care enough not to do this, but I also understand it. I've worked at jobs I've hated, for organizational "leaders" I had no respect for, for managers who showed no respect for the people doing the actual work, and so on. It's a miserable existence, and after I left, I felt zero sympathy for the company when bad things happened.

Given those sort of working conditions, is it any wonder your employee would sell you out?

Oct 05, 15

"Fingerprints are another type of data entirely. They're used to identify people at crime scenes, but increasingly they're used as an authentication credential. If you have an iPhone, for example, you probably use your fingerprint to unlock your phone. This type of authentication is increasingly common, replacing a password -- something you know -- with a biometric: something you are. The problem with biometrics is that they can't be replaced. So while it's easy to update your password or get a new credit card number, you can't get a new finger.

And now, for the rest of their lives, 5.6 million US government employees need to remember that someone, somewhere, has their fingerprints. And we really don't know the future value of this data. If, in twenty years, we routinely use our fingerprints at ATM machines, that fingerprint database will become very profitable to criminals. If fingerprints start being used on our computers to authorize our access to files and data, that database will become very profitable to spies."

This is bad, and really we have to question the government for storing all that fingerprint data in one central location. This is the main problem for those of you who think you have nothing to hide and the government can collect whatever data they want. When they don't protect it properly, now some bad actor has a copy of personal information and potentially a fingerprint to go along with it. That opens the doors to a lot of things we normally assume as being secure. It also opens the door to that data being planted in various places as well. Who wants to have to worry about that?

1 - 20 of 191 Next › Last »
20 items/page

Highlighter, Sticky notes, Tagging, Groups and Network: integrated suite dramatically boosting research productivity. Learn more »

Join Diigo