Personal Security

[Diana]

Hi all,

I"m starting the thread in the hopes that it will grow over time. If it disappears from the main page, I may bring it back with new information now and then. For now, I'm going to post a couple of links for those who wish to read.

Article about the European Unions digital signature requirements for doing business there

Repost of link to GnuPG for personal sig info

see ya,

[Diana]

Options for Secure Personal Password Management
by T. Ranalli


White Paper in PDF, provided by SANS

It's not Mac specific, but the info is good anyway

[Highmac]

Hi Diana - lot of info there that folk may well want to refer to later. Could this thread perhaps be pinned, so you don't have to worry about bumping it?

[Diana]

 It's pinned! Thank you Highmac, I would never have thought to ask...and another thanks to the person who pinned it. I'll try to add to it regularly.

Anyone who want to add something is welcome, them more the better.

[Diana]

mmmm cookies,

Learn what they are, what they are for and how to disable them if you need to.

Two excellent tutorials to get you started.

http://www.cookiecentral.com/ccstory/

http://www.junkbusters.com/ht/en/cookies.html

[Mayo]

Cookie Dog is a great cookie manager that is OS 7.5-10.3 compatible and works with Internet Explorer, Safari, Mozilla/Netscape, Camino and Omniweb. I've been using it for several years without a hitch.  $10

[Diana]

Here is a story about the latest 'Phishing' techniques and how easy it is to be fooled.

(quote)
Phishing attacks are reaching a point of sophistication where even the most Internet-savvy user could be fooled, said the Anti-Phishing Working Group (APWG) on Wednesday....

...
Jevans said that for less sophisticated users, the safest method of accessing their bank's or ISP's Web site is to type in the URL: "For a consumer right now, type in the Web address by hand. That is the best way," he said.
(/endquote)

ZDNet UK article

Besides typing a link in by hand, it may be wise to tell your ISP/Bank/Financial institution that you no longer wish to receive e-mail communications that contain account information. If an institution needs to communicate with you about your account, a better means would be for them to send you an e-mail that indicates you have a secure message waiting for you on their web site. If you type (or use a secure "favorite" link), to the site, then you will be presented with the secure message that you can read over the Secure Socket Layer (SSL) connection.

Remember too that these 'phishing' techniques aren't really new, they've just found a rebirth of sorts on the Internet. Don't give out personal/credit/banking information to anyone who calls you on the phone. Granted this isn't as prevalent as it once might have been, but it is still a problem. If someone calls you on the phone asking for account details. Ask for their name/employee ID and tell them you'll call them back. Look up the phone number yourself, (_Do Not Use One They Give You_), and call the company back. Verify that the person who called you really works there and has the authority to access the personal information in your account. IF it turns out to be a scammer who called, notify the institution and give them as many details as you can.

[Diana]

Personal security relates directly to personal privacy since a lack of security can cause privacy compromises. With that in mind, I submit this story. I think it relates to security because many times 'technology' has the hardware/software bits doing things we don't know about behind the scenes. It behooves us all to be aware of the capabilities of our equipment...even if it is a "futuristic" sorta thing.

TiVo watchers are uneasy after Post-SuperBowl reports

[Diana]

--Microsoft Releases Hidden Data Removal Tool

Microsoft has released Remove Hidden Data Add-In Tool, which will remove data such as change tracking and comments from documents.  The tool works with Microsoft Word, Excel and PowerPoint files for Office XP/2003.

Article at TheRegister

Microsoft download area

The big problem is that there are many people who haven't upgraded to this latest version where the tool works. And, this isn't specifically related to Macs, but there are probably many here who use Windows/MSOffice at work or have friends who do. Luckily, you don't have to be a hacker to learn how to remove this "metadata" from your Office documents. Go to office.microsoft.com and do a search for metadata. There are instructions for removing this trash from your documents without the above tool. Check your Office for Mac documents to make sure they don't also have the hidden data embedded in them.

[Mayo]

Diana, I hope I'm not straying too far from the original intent of the topic...!

Regarding destroying CDs containing sensitive data...

I have conducted my own limited and very subjective experiments on how to permanently erase data from CDs that are being discarded.  My Findings:

Burning CDs is smelly, possibly toxic and while undeniably effective a pretty disgusting way to do the job.

Zapping the CDs in a microwave is a relatively clean way to erase data.  At least six seconds on full power (1000 watt microwave) seems to do the trick.  I place the CDs with the silver/writeable layer facing up.  The longer you zap, the more the silver layer disintegrates.  Different brands of CDs require more or less time to do the same amount of damage.  Keep in mind that the longer you zap, the more fumes that are produced.

It's actually rather neat...as the silver layer heats up it creates crackling blue lightning-like effects on the surface of the CD, just like in Star Trek.

CDs so treated don't appear to be readable at all and are just spit-out by a computer.  At least that is what my 7300 does when presented with a freshly-nuked CD...

My microwave seems to suffer no ill effects but you know what is coming next:  you do this at your own (and your microwave's) risk!

[Diana]

Hi Mayo,

I would consider your post to be right in line.. Dealing with data that is old/outdated/no longer needed is very important...especially if it could be used against you.

I find myself questioning my own topic title. I see security all tied up with privacy so even though the topic would seem to be security, personal privacy is also a valid topic.

As the poor Windows people don't even seem to understand, allowing those awful viruses to infect a computer leads to personal loss of privacy, including identity theft. Think secure, keep your data your own, and protect your privacy. In this since I'm not advocating you lock yourself in your house and refuse to wave at the neighbors,     I'm only pointing out that as we if we forget security..(locking our doors), the thieves will arrive and steal not only physical objects, but personal/private data. These thieves come in many disguises..marketing companies, spammers, unscrupulous businesses and even governments...and their modes of operation don't always look as suspicious as they should...(see TiVo operation above)

I've always wanted to nuke a CD just to see what would happen, I may have to do it when I'm ready to buy a new microwave..current one is 18+ years old and I'm not ready to kill it..

[Mayo]

QUOTE

I would consider your post to be right in line.. Dealing with data that is old/outdated/no longer needed is very important...especially if it could be used against you

This morning I was thinking about how many times I have heard someone say that they don't have anything "really important" on their computers, so why should they be concerned about the security of their data?

I wonder what these people actually DO on their computers?  Do they never use e-mail?  Or connect to the Internet?  Don't any of these people own a copy of Quicken?  Do they only play solitaire and work on the next Great American Novel that never actually gets submitted to a publisher?

When I first started my computer journey I wrote all my passwords and log-in IDs on a sheet of paper and kept it in a filing cabinet.  Within a year or so I must have had log-in info for at least twenty websites.  The information was more or less accessible depending on whether it had been written at the start of a day or very late at night... The variety of penmanship, writing implements (pen, ink, crayon) and positions on the paper would have no doubt been of interest to a student of psychology.

Sure, the file was kept in a lockable file cabinet when it wasn't on my computer desk.  The operant word here is "lockable," not "locked."

Now I have a single program on my Mac that contains ALL my online passwords (68 as of this morning...), plus credit card and social security numbers and other essential personal data.  It makes dealing with the online world Oh So Much Easier, and you can bet your booties that its automatic encryption feature is activated.  And the password that opens that encrypted file isn't written down anywhere and is totally different than any of the passwords secreted away in Web Confidential.

I don't know what other people backup on their computers (you DO backup, don't you???) but I tend to backup...The Important Files, natch.  Yesterday I was doing some office cleaning (coming back from a bout with a bug...so I was taking it easy) and I found myself looking at a small stack of outdated backup CDs.  Hence, my little microwaving experiment...

All future CD backups will be encrypted; in the past I encrypted only certain files.  The easy portability of CDs makes me want a little tighter lock on those babies.

Computers should make life EASIER.  That's the theory behind all this expensive gadgetry, let's not forget that...  And yet I know people who won't keep sensitive information on a computer because they think that it is less safe than in a file on their desk.  I thought that the main advantage of a computer is the easy management of information?

Or maybe most people just forget how much sensitive information they really do have on their beloved Macs...

So encrypt those files and do whatever else seems prudent and repeat the following mantra after me...

What, Me Worry?

[Diana]

Here is a good story about the use/abuse of broadband connections and the very real necessity that all users secure and maintain their personal machines.

I realize that again this isn't a Mac-specific or even a Mac-possible issue, but if we all learn and tell our Windows friends, we'll make progress.

Spammers Exploit High-Speed Connections

Hopefully these articles will stick around as this thread ages. If someone notices that they are disappearing, please let me know and I'll start archiving them myself

see ya,

[Diana]

TUTORIAL - Good for Windows buddies

 -- How to Safeguard Your Computer on a Budget (Windows)
This tutorial examines the possibilities of your computer being infected and what you can do to fix the problem and set your computer up so as to prevent future attacks without having to spend a fortune.

http://www.wired.com/news/infostructure/0,...7,62222,00.html

[Diana]

Security relating to cell phones

Bluetooth enabled phone users at risk

Security issues are being raised in many corners. The last lines of the article seek to ease fears, but remember, very few foresaw early on the Internet as it is today, fewer still were worried about spam/viruses and other baddies just a couple of years ago. Keep up on these issues even as they relate to PCs and all your mobile devices. When fixes are available, be sure to apply them as your situation requires.