Author Topic: Personal Security  (Read 31323 times)

Offline pendragon

  • TS Addict
  • *****
  • Posts: 7178
    • View Profile
    • http://www.pendragonservices.com
Personal Security
« Reply #15 on: February 21, 2004, 06:16:27 AM »
A Security Primer for Mac OS X by O'Reilly's MacDevCenter. The article is by Francois Joseph de Kermadec. (Thanks MacsOnly!)

A most worthwhile read me thinks...

http://www.macdevcenter.com/pub/a/mac/2004...0/security.html

Harv
Those who can make you believe absurdities can make you commit atrocities. ~ Voltaire

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Personal Security
« Reply #16 on: February 23, 2004, 09:13:40 AM »
Here is utility with a double edge. This could be very useful for those of us who forget passwords on Windows machines. The free utility can recover passwords under the asterisks in password dialog boxes...including those for web pages.

Lostpassword.com

For this to work, you must have set your system or a program to remember passwords.

The problem I see is this: If you leave your computer alone and unlocked for others to use, they can download this free utility in seconds/minutes..(it's very small)..and procede to uncover passwords. It could also be put on a floppy/usb/memory stick and installed very quickly.

This shows yet again how important your passwords are, and even more so the importance of physical security for your machine. It is best if you don't use programs...even the browser...to remember your passwords/logins for you. Granted some passworded areas aren't especially sensitive...(your favorite browser start page for example), but NEVER use the same passwords across multiple sites and NEVER EVER allow your banking password to be the same as your instant messenger password...(examples all). Best practice would be to keep all those most important passwords in your head, don't let anything remember them for you. That makes this utility less useful...and dulls both edges of the blade.

*grin...sorry to keep making this Windows-centric, but I know some here run PCs and Macs.
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Personal Security
« Reply #17 on: February 24, 2004, 07:13:45 AM »
Young people may be targeted for Identity Theft

Here are some links with stories and cautions.
Teen from Eatonville, WA - No checking account or credit cards but ID stolen anyway.

Story about how Penn State is combatting ID theft for their students

U of Penn practices

Good practice:

Use good passwords that are changed often and never written down
Shred all ATM and credit card/bank receipts
Never reveal personal info over the phone or online
Check your credit card statements monthly and credit reports yearly
Make front and back photocopies of all documents in your wallet/purse. Keep these photocopies in a safe/locked place
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Personal Security
« Reply #18 on: February 24, 2004, 07:44:19 AM »
So you think your bank or credit lender is looking out for you?

Think again
How lenders are abetting the ID thieves

and here is a good PDF Whitepaper from Security Focus
Attitudes towards privacy study
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Personal Security
« Reply #19 on: February 24, 2004, 07:56:01 AM »
-- USPS Proposes Modification To System Of Records
Privacy issues
http://edocket.access.gpo.gov/2004/04-3496.htm

 -- Computer Matching Between DOJ, IRS
IRS will provide tax payer addresses to the DOJ for initiation of prosecution of debtors using computer matching
http://edocket.access.gpo.gov/2004/04-3793.htm
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Personal Security
« Reply #20 on: February 24, 2004, 08:02:26 AM »
New requirements for Small Businesses who are covered by the HIPPA rules

http://www.smallbusinesscomputing.com/news...cle.php/3313751

There are so many facets to this stuff..smile.gif We all need to learn about our own personal privacy issues, but also we need to be watchful of how others use or abuse our privacy. Businesses both large and small are in a position to learn and know more about each of us that we ever imagined. Business owners should be aware of their requirements under the law too, especially as the awareness of these issues rises. Don't get caught unprepared.
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline Epaminondas

  • TS Addict
  • *****
  • Posts: 1247
    • View Profile
Personal Security
« Reply #21 on: February 28, 2004, 10:27:24 PM »
Diana,


GnuPG currently seems to be oriented toward MacOS 10.3 users, but not toward MacOSs prior to  MacOS 10.3.

Any suggestions for a good ...PG program for Mac OS 9.x?


Thank you,

Epaminondas

Offline Mayo

  • TS Addict
  • *****
  • Posts: 3215
    • View Profile
    • http://
Personal Security
« Reply #22 on: February 29, 2004, 01:06:54 PM »
Recently my wife and I have been taking some steps to prevent problems associated with identity theft...

1.  We have permanently opted-out from being included on all preapproved credit offering mailing lists utilizing the Equifax, Experian, Innovis and Trans Union databases.  We may continue to receive notices from companies that do not use consumer data to compile lists, but I can tell you that we went from receiving many such offers to almost none in the month since we took this action.  If you are tired of receiving a multitude of preapproved credit card offers, this should be the first thing on your to do list.

2.  We contacted one of the big three credit reporting firms and submitted a fraud alert for both of our accounts.  We used a toll-free number to begin the process.  It costs nothing to do this, and a fraud alert initiated at one of the companies is automatically forwarded to the other two.  The fraud alert temporarily halts any issuance of "instant credit" without confirmation via telephone, which effectively prevents the most common form of fraud associated with identity theft.  The fraud alert does not impede getting credit, except for the verification requirement.  Since we never use instant credit offers, it has no effect on us whatsoever.

People who submit a fraud alert also receive credit reports from the big three, free of charge...

3.  The final step we are taking is to contact the big three (contacting only one may do the trick, but I sent letters to them all...) to place a seven-year fraud alert on our files.  Technically, you have to state that you have been the victim of identity fraud, but instead I simply requested that the fraud alert be placed in our files, and that we would not be responsible for any credit issued in our names that was not verified by telephone.

Information on what to do and contact information can be found here.

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
Personal Security
« Reply #23 on: February 29, 2004, 01:33:23 PM »
Epaminondas have you looked into this?
http://web.mit.edu/network/pgp.html

This Version=  PGP Freeware v6.5.8 is MacOS 7.6.1+

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Personal Security
« Reply #24 on: March 03, 2004, 01:13:05 PM »
Ok..not exactly personal computer related, but a new scam to be aware of

ATMs being modified to skim your card data and collect your PIN

After you look at the pictures, see if you would be able to spot the adapter...I don't know that I could. So, I'm going to be pulling on the pieces parts to see if they come off or wiggle around now..smile.gif

Oh..and for the skeptics like me...Snopes.com says it true.
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Personal Security
« Reply #25 on: March 12, 2004, 09:07:49 AM »
Here is an archive of articles relating to identity theft.

It would probably be good to bookmark this one as the contents will be added to as stories/articles are published. Some will be familiar to those who are concerned, but the nice thing about this page is these articles, although published in other places as well, appear here altogether.

silicon.com's protecting your ID archive
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Personal Security
« Reply #26 on: March 15, 2004, 06:58:55 PM »
Here's an interesting and informative article at SecurityFocus about how hackers use Google to get to your "thought to be private" information. Any one who publishes pages on a server should take note.

Hackers use Google ...

Edit: YIKES!..thanks tons Mayo. I hadn't double checked that like I should..was reading the comments and musta copied the wrong URL. I fixed it here..not to take anything from Mayo's correction in the post below, but because I hate to leave my link wrong..smile.gif Thanks again Mayo.
« Last Edit: March 16, 2004, 08:08:30 PM by Diana »
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline Mayo

  • TS Addict
  • *****
  • Posts: 3215
    • View Profile
    • http://
Personal Security
« Reply #27 on: March 16, 2004, 10:01:28 AM »
Diana, your link takes a person to a comment page related to the Google column.  Maybe this link will work better...

 biggrin.gif

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Personal Security
« Reply #28 on: April 21, 2004, 10:11:33 AM »
Hi all,

I haven't posted anything new here in a while, but I've run across some more good stuff now. I'm going to put in links covering several "topics" instead of creating multiple posts below this one.

A set of good links from Netscape about security basic including privacy, and personal digital certificates.
Understanding Security and Privacy

Here is an editorial about the new Google mail service
Free webmail at Google
I will not be signing up for Google mail, but I'm also going one further. I will not be emailing anyone that uses that service. Please very carefully consider that this service will not be secure so a business entity should not even consider this service for itself nor allow its personnel to do so.

Here is a futuristic look at privacy. Given your political mindset, you will either cringe or drool over the possibilities.
A Post-Privacy Future for Workers
and to show how predictions can come true, read this article as sent to me by my brother-in-law who was sent to Iraq as a reservist, but is now back in Virginia working for the army, still enlisted.
Onward Cyber Soldiers (this is a long one)

And here is a book that is receiving great reviews..(I haven't read it yet) about security for the non-techy person. I'm sure by now that my posts are overlapping in content, but if ever there is something old presented in a new way, it may teach to someone who still doesn't understand..smile.gif
Invasion of Privacy! Big Brother and the Company Hackers (Edited to change URL to Amazon...much cheaper there than the first link I had, and I just ordered mine..smile.gif )

and finally, for anyone interested in actually participating in a Government panel concerning the RFID tags that are becoming prevalent, either because you are close to the meeting site or wish to travel there anyway, here is an open invitation to such a meeting:
Public Workshop: Radio Frequency Identification: Applications and Implications for Consumers; Notice

happy reading
« Last Edit: April 21, 2004, 10:35:14 AM by Diana »
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline kelly

  • TS Addict
  • *****
  • Posts: 17035
    • View Profile
    • http://
Personal Security
« Reply #29 on: April 25, 2004, 11:31:21 PM »
Per Diana's request. smile.gif

MacInTouch Security Resources

http://www.macintouch.com/security.html
« Last Edit: April 25, 2004, 11:32:04 PM by kelly »
kelly
Veteran SuperUser