Privacy is Dead – be faster than the slowest guy

A viewer on Youtube commented on one of my videos: “Privacy is dead. The minute we are on social network using our real names or not, personal information is already out there floating somewhere, somehow…”

I agree. If someone really wants your personal information and you have put posted something on the Internet, there is a good chance that they can get it. The more you post, the more exposure you have. Even if you use a fake name and fake address.

There is no such as 100% security or privacy. But you can have some level of control that makes it harder for attacker to get you. If you have some controls in place attackers are more likely to go after softer targets.

If it take attacker a longer time to go after you then it does to go after someone easier, they will usually choose the softer target.

Protecting Your Identity from Crazy People Personally identifiable information

As we get more popular we encounter crazier and crazier people. This video is an example of why you should be careful about posting your personally identifiable information online.

Do not use your real name – With your real name, people may be able to find out your address.  Do not show your physical address – Imagine what someone can do if they know exactly where you live?
Do not advertise your real birthday – Your date of birth is another bit of information that will help identify you.

file encryption

file encryption

For file and folder encryption, there are many tools that will do the job.  File encryption can be saved to a thumb drive, hard drive or SD Card.  One free, open-source and useful method of encrypting data is TrueCrypt.

TrueCrypt is freeware that creates a virtual encrypted disk on a file, partition or entire disk drive.  It works on Windows, OS and Linux.

What TrueCrypt does is to create an encrypted area of storage (and encrypted volume) where you can drag unencrypted data for encryption.  This is known as one-the-fly encryption (OTFE aka real time encryption).

To install TrueCrypt go to http://www.truecrypt.org/downloads

 

Once you Double Click the TrueCrypt icon, you will see this:

 

Click the “Create Volume” button for creating the encrypted volume.  This volume will allow file encryption (or folder encryption).

You will see the “TrueCrypt Volume Creation Wizard”.  Since we want file encryption and/or folder encryption, we will select “Create an encrypted file container”.  Note that TrueCrypt also allows full partition and full system drive encryption.

We will choose “Standard TrueCrypt volume” and select next on the TrueCrypt Volume Creation Wizard.

note: The TrueCrypt Volume Creation Wizard allows you to hide the data or just encrypt with a password.  With a higher need for privacy, you may need to hide the fact that there is file encryption at all so no one even questions you about why its encrypted.  If its not hidden, others will see a file that cannot be opened with any application they know of.  And even if they do know that it must be decrypted to view the contents, they must have the password.

privacy tips

8 Tips Protect Privacy

8 Tips to Protect Privacy: from those using your computer or account

2013 has been a big year for privacy issues.  There is a lot of talk about the government’s spying on citizens and usurping certain civil liberties.  While this is definitely a concern regardless of what country/state you live in, a more immediate threat to your personal privacy are the people actually using your computer and or accounts.  Friends, family and co-workers that are using the same computer you are using, for example, can do more damage just from seeing something they are not supposed to see.  At the very least, it can just be embarrassing.

Whether they are just borrowing your system and you trust them is not the point.  TRUST is not the point.  Access is the main concern.  After all they may ACCIDENTALLY see something they are not meant to see.  Or a trusted friend might allow someone ELSE that you Do NOT trust to use your system.  So it is really not a matter of TRUST but ACCESS.  If its easy to access the data then you must assume that they already have or will access, copy, modify this important private data.  If you value your data and if you are security minded then you must control access.

Here are 8 tips to protect privacy of personal data.  

privacy tips

courtesy of cubicle chick – privacy tips

1. Create multiple password protected accounts 

Your local system should have multiple accounts even if you are sure no one else will log-in directly to the system.  Multiple accounts allow you to have separate roles.  An administrator role to install, upgrade and configure and a normal account for surfing the web, creating documents and doing day to day stuff.  You should not surf the web with your administrator account.  Each account should be password protected.  If you surf the web with an admin account you risk your system being compromised by malware that will run as the admin account you are using.

 –> Create Users 

2. Delete Browser History & Cache

Why delete you browsers cache and history?  And how can deleting that info protect privacy?  Your browser track all your browsing activity by default.  So, if for example, your mom or dad jumps on your computer (and your computer is wide open with no accounts or passwords).  They use YOUR account and YOUR computer to quickly search information about “dictionaries”  As your mom/dad types “Di “ and the word “dick” auto-completes and is something you previously typed.  An innocent search can reveal all the places you have gone if you don’t regularly clear the history and cache from all browsers.

 

3. Lock Mobile Device

As of 2013, cell phones, tablets, smartphones and some laptop are the biggest gapping whole in protecting privacy.  Mainly because its fairly new to many people.

If you have a mobile device, chances are high that they have a direct access into your email account.  You must put a automatic lock on your phone so that if you are away from your phone for more than a few minutes.  Or if you lose your mobile device at least whoever finds it won’t have access to all your emails and online accounts.

 4. Use Separate Emails for Separate Uses

To minimize the risk of professional life leaking into personal life (and vice-versa), use separate email accounts for work and home life.  Especially if the email is tied to a social network.  If you have a business, you should keep its email traffic separate as well.  This keep contacts separate, social network posts and the professional and personal life in their own lanes.

5. Encrypt or Delete Files You don’t want Others to See

protect privacy

congress weiner privacy ?

If you have nude photos of yourself its really none of anyone’s business but those you wish to share it with.  Do you have nudes of your significant other? Do you have a drunken video of your BFF’s birthday party?  You should put them in a folder that only you know about and encrypt them.  Better yet, keep them off your computer and encrypted on removable media (thumb drive, CDROM etc).  DO NOT send half nude selfies, titty pictures, nudes or ANYTHING like that over the Internet especially if you have a high profile job.  You really cannot trust anyone to protect your data.  No one cares more about your privacy than you.  If you don’t mind others, your kids, your parents and coworkers seeing your amazing body, then its fine.  Case in point, NY-Congressman Weiner sent very personal pictures of himself to twitter under a different name.  Unfortunately, his opponents found out and used it to get him publicly shamed.  He eventually had to resign as  congressman.   It’s best not to send pictures or sexually explicit text out to anyone.

6. Password protection

Don’t give out your password.  Use strong password (at least 8 characters, UPPER/lowercase, special characters, numbers all mixed in).  Change you passwords immediately if you feel it has been compromised.  Don’t use the same password for every account.

7. Log off

You may need to log-in to your social media website or email from a public or work computer that others will need to use.  You must get in the habit of logging off.  If you can, set up the account to automatically lock or log out.

8. Auditing Your Accounts

privacy audit logs

picture of logs from a computer important in privacy courtest  terminal services log.smartcode.com

Social network accounts allow you to audit the account and send you a message if someone attempts to access your account from a different location or if they              mis-authenticated over and over.  You need to know when someone is attempting to access your personal information.

 

 

 

New surveillance program will turn military satellites on US

An appropriations bill signed by President Bush last week allows the controversial National Applications Office to begin operating a stringently limited version of a program that would turn military spy satellites on the US, sharing imagery with other federal, state, and local government agencies.

read more | digg story

Is Privacy Dead?

Yes.
Privacy is dead and getting deader. So who killed it? We did. We killed it with our nature. We like our tools & technology. We can’t go without our GPS, SIM card loaded cell phones. We don’t really think about how cell Phones can be easily tracked and tell so many intimated details about where you are and who you’re talking to.

We love convenience so how can we go without our Google, Yahoo, MSN searches and our access to the Internet. Never mind the fact that all of these entities track or even record (and send to the government) every thing we do online.

Our nature places privacy last on the list, and convenience and comfort in the top five. I’m not looking down my nose at you. I’m guilty of all of the above privacy sins. I’m not judging your search engine usage or saying you should switch to anonymizers and clusty.com or go phone using an untraceable credit card.. I’ve got my tin foil hat in storage next to my year supply of MRE’s and shot guns.

I’m just pointing out the facts. We give our privacy away, to companies, the government and other organizations.

What is a bit bothersome to me are laws that allow the abuse of what we are willing to give in trust. The protection of the data we entrust to companies, federal, state and local government should not be allowed to be misused neither by

Violations of the 4th Amendment (use of your online history without probable cause) nor by criminal hackers and/or companies selling your information to the highest bidder.

Fair laws that are in favor of the buyer adherence to the 4th Amendment. I don’t think this is a reasonable request. I think the CIO’s who implement opt-out letters sent to clients expect some amount of respect for the information they put out.

Would be pissed if his financial information was stolen.

Challenges of Internet Security

The primary challenges of Internet security have everything to do with balancing accessibility and functionality with the three pillars of information security: confidentiality, integrity and availability.

The Internet has become an in disposable tool for research, commerce, art, education and virtually every part of modern life. It was the inquisitive, intelligent, intuitive and creative nature of humanity that created the Internet and its those same qualities that put individual systems linked directly to the Internet in peril. The three pillars of information security are at stake for all systems with connectivity to the Internet. The challenge is in the implementation of the necessary security controls to achieve those three pillars.

Confidentiality:

Confidentiality pertains to protecting sensitive information. Sensitive information can be anything from private user information to classified defense data. Many organization live and die by the protection of proprietary information from competitors. During wartime, the armed services literally LIVE or DIE based on how well certain sensitive information is guarded. In the US Department of Defense is called Operational Security. Since the Internet is a critical part of the DoD (and defense organizations around the world) the confidentiality is a HUGE challenge for their Information systems exposed to the Internet. Some of the threats to there systems include: social engineering, leaks of information and accidental release of sensitive data. All of these threats can be enabled via the Internet.

Organizations must educate their user who have access to sensitive information. I’ve heard some security professionals say that educating users is bad.

But if your users have access to sensitive information (and need to have that access to do their jobs) it is imperative that they not only know WHAT is sensitive, but WHO it can be give to, WHEN it can be shared, HOW it can be share and WHY it can be shared.


Integrity:

Data integrity is very important to all systems passing data on the Internet. Integrity has to do with whether or not the message on the other end of your connection is the same one you actually sent. Whether its your passwords being passed to your bank or the DoD passing data over the Internet, the integrity of the data is imperative. Its often taken for granted until, we are sending an email and the receiver says they got the email but the message can’t be read. Sometimes if the messages integrity is garbled or malformed it simply won’t reach its destination. If the integrity of a message can not be protected in some way or verified and checked, it is possible for someone to intercept your message, alter it, and send it on its way. Integrity is especially critical in banking and financial transactions which is why encryption and authentication take on such an important role for sensitive transactions such as ATM withdrawals, and online banking.

The challenge to maintaining Internet integrity is to ensure that link is encrypted when necessary.


Availability:

If there is no availability there is no mission, no business, no functionality. One of the major challenges of Internet security has been Denial of Services attacks. A Denial of Service attack is when your system on the Internet (or within a network) is flooded with useless traffic such that no one else (not even you) can use it. With a misconfiguration, a denial of service can happen by accident. Its important to test the availability of an online system. Its also a good practice to see what kind of availability and access you are giving. After all, too much availability can compromise the security of your system.

Most challenges of Internet security can tie into one or more of the big three: confidentiality, confidentiality or availability. With those in mind most challenges can be overcome. But the double edged sword of security.. the very nature of it on the Internet is to constantly change and evolve with the Internet. The constant change of threats to those three aspects of security is perhaps the biggest over arching challenge.

Dangers on the Internet

Dangers on the Internet
This is a follow up to my post Why is Internet Safety Important

Dangers of the Internet are relative to the perspective of those accessing it. That is to say, on the Internet “dangers” are completely dependent on who is accessing what data from where and what their intentions are for accessing it. For example, researching a list of poisons could be a considered “dangers to the Internet” if a seriously disturbed person intends to kill his or her spouse. On the other hand, if a parent is just wondering what house hold products are poisonous with the intention of protecting her children, can that be considered a danger?

So protection from dangers on the Internet should be proactive and involve human judgment at some level. Policies must be written, planned and implemented in advanced or ad hoc to suit the environment and the users accessing the Internet. Children at a school with access from the classroom will more than likely be different from employees at a skating rink.

Even the items commonly considered dangers on the Internet relate directly to how much access individuals and organizations allow to and from the web. Common “dangers” may include (but should not be limited to) the following:

Accessibility to personal – applies to educating users on the dangers of putting personal information on the Internet and protecting organizational data bases

Sensitive data – For a school sensitive data is likely linked to the grades and personal information of staff and student, but for a business sensitive information could include proprietary information that would hurt the bottom line if it were leaked to competition.

Financial fraud & criminal hackers/scammers- This applies to educating users about criminal hacker techniques such as malware, social engineering, email and website phishing

The access of impressionable and/or psychologically disturbed individuals to potentially harmful and destructive information – This is rather subjective however it should be a concern to schools from elementary – colleges, rehabilitation facilities and mental institutions. There are ways to block certain obvious material with web-blocker type applications, but no one can stop them all. Monitoring is a must if this danger is to be handled seriously.

The risks and damage of these dangers are dependent on the environment & the users involved. It is up to the system owners to ensure that the policies are properly planned, implemented and maintained as exposure to any Internet danger can disrupt the safety, mission and/or values of an organization or individual.

Why is Internet Safety Important

Dangers on the Internet
The amazing freedom and availability of the Internet lends itself to a few major dangers: Pr0n, malware and how to perform illegal and/or dangerous activities.

Whether it is a curious person seeking these things out or the child accidentally clinking the wrong link and getting bombard with explicit pop-ups, the items lists can be harmful to an impressionable mind. Policies must be enforced.

There are a few groups that should have limited exposure to certain types of information on the Internet. Children, mentally handicapped or psychologically damaged people in settings such as schools, homes, rehabilitation or correctional facilities and group homes should be blocked, tracked and monitored while accessing the Internet. Certain information could destroy them if they don’t yet have the capacity to understand or put certain information in the proper context.


Protection from Pornography & Malware

In a professional setting there should be a written policy against accessing and/or downloading unacceptable material such as pornography. These items should be actively blocked whether in a working environment or at home among minors accessing the same system. Allowing impressionable or fragile minds unlimited access to certain graphic material is irresponsible. The law is also a good reason why Internet safety is important. If you are the owner or charged with immediate control of the system being used for illegal activity, you could be partially or wholly liable for the activity. An example is substitute teacher Julie Amero

On October 19, 2004, Julie Amero was substituting for a seventh-grade language class at Kelly Middle School in Norwich, Connecticut. The teacher’s computer was accessed by pupils while the regular teacher, Matthew Napp, was out of the room. When Julie took charge, the computer started showing pornographic images.

On January 5, 2007, Amero was convicted in Norwich Superior Court on four counts of risk of injury to a minor, or impairing the morals of a child. Her sentencing was delayed four times after her conviction, with both the prosecution and judge not satisfied that all aspects of the case had been assessed.[1] The felony charges for which she was originally convicted carry a maximum prison sentence of 40 years

– wikipedia

The Kelly Middle School systems were actually infected with malware that allowed the explicit pictures to pop up.

Access to Dangerous information

From the Columbine shooters to the Virginia Tech massacre, most of the killers had a recorded history of mental illness and/or psychologically instability. In many cases, they used public and/or home computers belonging to their parents to research bomb making or even purchase guns.

Controlling access is the best way to get on the Internet safely. Maintaining privacy of users is another important step in Internet safety, however that is a matter of educating users particularly if the frequent Social networks such as facebook or myspace. They need to be instructed about the dangers of stalkers, perverts and predators looking specifically for impressionable minds.

We are the keepers of these impressionable and fragile minds. That is the reason Internet safety is important and why we must be mindful of these subjects.

PRIVACY IS DEAD – GET OVER IT Pt 01, with Steve Rambam

round of applause to Immanuel of 2600 Magazine

PRIVACY IS DEAD – GET OVER IT Pt 01, with Steve Rambam

PRIVACY IS DEAD – GET OVER IT Pt 02, with Steve Rambam

PRIVACY IS DEAD – GET OVER IT Pt 03, with Steve Rambam

PRIVACY IS DEAD – GET OVER IT Pt 04, with Steve Rambam

PRIVACY IS DEAD – GET OVER IT Pt 05, with Steve Rambam

PRIVACY IS DEAD – GET OVER IT Pt 06, with Steve Rambam

PRIVACY IS DEAD – GET OVER IT Pt 07, with Steve Rambam

PRIVACY IS DEAD – GET OVER IT Pt 08, with Steve Rambam

PRIVACY IS DEAD – GET OVER IT Pt 10, with Steve Rambam

PRIVACY IS DEAD – GET OVER IT Pt 11, with Steve Rambam

All ‘PRIVACY IS DEAD – GET OVER IT with Steve Rambam’ Lectures

1 2