Print
Email Friend
Add to Favorites
del.icio.us
Digg It!
Slashdot It!
Security of your personal computer and personal data in electronic form has several levels that you can manage to a greater or lesser degree.
Level 1: Homemade safeguards.
Here’s an example of a precaution that can be taken locally by you. Spammers, and worse, know exactly where your e-mail addresses are if you use your browser’s address book. My online internet address book has never been used. The mischief makers out there in cyberspace know where it lives, but it will do them no good because it is empty.
My email addresses live in a basic Notepad .txt file that is unknown to any clever intruder that might outwit Norton or Microsoft (It can happen), and use its content to forward spam, or worse, to those that I am in regular contact with. My address file can be brought up at a moment’s notice via a shortcut on my desktop. It could also be loaded automagically when I fire up my machine.
It’s easy and fast to use it. Simply:
1. highlight an address or address string in your .txt address file;
2. copy it (Ctrl-c) to your clipboard;
3. select the ‘To:..’ field in the outgoing email;
4. paste (Ctrl-v) the email address into it from your clipboard.
By using Alt-Tab to switch back and forth between windows, I can do this almost as fast as the system would do it using the browser’s address book, and my addresses are secure. An alternative is to tile or size the windows ahead of time so that both your address file and the open e-mail are visible.
You can maintain the address file using simple copy and paste techniques.
To add a new address:
1. click right on the sender’s ID in the ‘From:’ field on their incoming e-mail;
2. click left on ‘Properties…’ in the little teeny weeny box w/o a label that has opened;
3. highlight the content of the ‘E-mail address:’ field in the ‘E-mail Properties – Web Page dialog’ box that has opened up;
4. copy the address to your clip board (Ctrl-c) then ‘Close’ the box;
5. switch to your address file and paste (Ctrl-v) the address from your clip board into the appropriate place in your address file.
Note that you can concatenate e-mail addresses using the semicolon (;) separator to create grouped e-mail addresses.
Level 2: with a little help from my friends.
I’ve taken great pains to secure my home computer. It lives within a citadel of defensive software:
o Norton Antivirus
o Norton Personal Firewall
o Spyware Begone
o No Trace
This software mans the parapets and is constantly vigilant. It is eternally active and updated in real-time.
I check for spy cookies frequently during any session, because they can and do materialize regularly in the cookie jar on my computer as I visit websites. They don’t live long on my system.
Another precaution that I take is to check for spy software before using my password to connect with my ISP. It takes a little time and discipline, but it is worth it to keep the keys to my privacy in my own pocket - electronically speaking. It is reassuring to know that my activity isn't being tracked and analyzed from within my own computer.
Of course I can’t do anything about what happens on my ISP’s system, or out there on the internet. I’ve always known that. But, that doesn’t mean I have to be an ignorant victim.
Level 3: Just be cautious and use common sense.
Don't trust the stuff coming into your e-mail queue. The intruders and mischief makers are getting very clever. If you don't know what the subject line pertains to, even though it tells you your loan has been approved, delete it without opening it. Use common sense. If you have forgotten about a loan application, it really doesn't matter anymore. If it is legitimate, the loan organization will contact you by telephone or snail-mail. Probably both.
And if you don't know what the subject line is all about, but you recognize the sender, beware. This may be a naughty thing disguised as a message from a friend, whose on-line address book has been compromised (see above) without their awareness. If you have the sender's e-mail address, send them a query before you open it to see if they really did send it. You can act as your own filter, and if it is a worst case scenario, your friend would probably like to know that their addresses have been stolen so they can get busy and alert people and do damage control.
Level 4: be suspicious.
Sure, on-line banking is convenient and cool. But are you really confident that HTTPS can't be cracked by those clever denizens of Cyberspace on your way to the bank? Your private information may well be routed through Moscow or Peking before getting back to your bank down the street.
During the Cold War the Soviet bloc (especially the Balkans) specialized in the development of Cyberwarfare tools to a very high level of sophistication in the event of hostilities with the West. Since the dissolution of the Soviet Union, the criminal entrepreneurs have taken that development to new levels for fun and profit (ID theft, account raiding and such). My career as a computer professional (hardware and software, systems and applications) has made me trust not at all in any assurances from the computer industry that their systems are secure.
Not only don't I send personal information out across the internet - I don't even keep it on and internet connected computer. While my on-line computer lives in a citadel of defensive software and homegrown procedures, I operate under the certainty that I am still vulnerable. The hackers are working 24/7 around the globe to get past the firewalls and virus checkers, and I don't care to provide them with a reward for doing so. I keep my personal stuff private on a second computer that is not connected to cyberspace (a perfectly good use for the "old" computer when it was replaced with a newer one - it doesn't have to be the latests and greatest to run Excel, Access or other good software tools for doing financial planning, taxes and so forth).
Pull these strings for further information: ChoicePoint Privacy Rights Clearing House
Level 5: Passive threats beyond your immediate control.
OK, so let’s say you don’t bank on-line. Are your transactions safe? What do you think? There have been some outrages cases revealed within the last year or two of banks and credit organizations losing millions and millions of records laden with personal data that leaves the individuals involved open to great risk. Through accident, carelessness or downright criminal behavior by the keepers of your personal data (e.g., the Tucson credit clearing house that created and kept duplicate copies of credit transactions for their own use, against regulations and law, and was caught at it only because they lost millions of records!) you are vulnerable.
While enforcement of security for your personal data here in the United States is as full of holes as a fisherman’s net, consider Planet Outsource. It should concern you that a large and growing number of banks, credit organizations, tax consultants, insurance companies, employers and on and on send your personal data to India (or Jamaica, the Balkans, or… ???) for cheap processing. If the enforcement of laws concerning your data here in the U.S. is lax, consider how lax or non-existent security is on Planet Outsource.
The only advice I can come up with for this level of threat is to be as parsimonious as possible with the data you share. Also, you might want to ask your bank, your tax preparer, and others that handle your personal data whether they ship it overseas for processing by cheap foreign labor. You SHOULD be able to get an answer from someone in the organization. In any event if enough people do it these organizations will take notice of it as a possible issue and tighten security. You do have the option of doing business with organizations that do not offshore your personal electronic records.
You have little control over these files out there in Cyberspace, but there are efforts, legal, political and popular to gain control of our private data out there. We should support efforts to gain control of our private data.
Level 6: Active threats beyond your immediate control.
For instance, what about our government spying on us? It has just been revealed that Google has taken a huge hit on the stock market “… after it rebuffed a federal subpoena seeking data on consumer searches. The Bush Administration says it just wants the info to support its push for on-line child-protection laws to crack down on porn. Yahoo, AOL, and Microsoft have complied with the subpoenas.” (IBD’s Top Ten, Investor’s Business Daily, Monday special, January 23, 2006).
Right! Here we go again, casting the widest possible net to catch a miniscule number of miscreants with total disregard for the vast numbers of uninvolved American citizens scooped up as well. Or, worse yet, with the real intent of gathering that huge collateral data mass to profile vast numbers of unsuspecting American citizens.
Yayhoo, AhOL and Microsofty rolled over compliantly and forked over vast electronic audit trails that may be processed electronically at lighting speeds in huge quantities to track your website interests and build a profile on you, even though the supposed intent of this fishing expedition has nothing to do with you. You can rely on these organizations to have your best interests at heart only at your own peril.
Hang in there tough, Google. It looks like the line of defense is now manned by the few, the brave, the ethical in the private sector.
Level 6 presents an insurmountable threat to your privacy if you use the internet. About all you can do is be careful of the electronic tracks you leave. You want to avoid being profiled as an “illegal enemy combatant” just because you are doing internet research on a paper for your political science class.
May awareness be with you, and your security measures be sufficient.
To touch on a couple points, for one: It's pretty difficult to crack 128 bit rsa encryption, when I say pretty difficult, no one has cracked one yet, and if someone has, it's the nsa, and if they know how, we don't know about it.
The thing with rsa encryption is... if you can easily factor two large prime numbers multiplied together, then you can easily crack rsa encryption... but it's not easy, I assure you.
The second thing is, I highly doubt your packets are going from you to russia, then to your bank. You can watch your packets if you use the "tracert" command on wind0ze. ISP's wouldn't be in business very long if they sent your packets to russia first.
Third, crackers (not hackers) are very crafty in how they get into your systems. Viruses are a common way to get into a wind0ze box, because most people that use wind0ze don't know s*** about computers, so they're easy targets. If they are cracking banks, then they usually have someone on the in or have to bust out their uber l33t social engineering skills.
All in all, if you ask me, online banking is pretty damn safe, your dollars could more easily be wisked away by a bank robber with a gun... but then again, that's what insurance is for.
There are many more things that you should be worried about for your little underpowered wind0ze boxes. For one, just run windows update once in a while, and that'll save you a lot of greef. If you don't, they can get in through sploits that pop up in internet explorer and the weak operating system itself. Such as a recent vulnerability that allowed attackers to get in through your plug n play port!...
You're f'in plug n play port!
So if you are truly insecure (http://www.insecure.org home of nmap!) then you shouldn't be using windows. If you could care less, then keep using your wind0ze boxes.
Good luck n00bs
Report Abuse