SOFTWARE: DROPBOX and TRUECRYPT

Thursday, January 13, 2011

http://www.lewrockwell.com/rounds/rounds15.1.html

How To Use Dropbox and TrueCrypt To Securely Transfer Files Privately
by Bill Rounds

*** begin quote ***

USING DROPBOX AND TRUECRYPT

Using Dropbox and TrueCrypt should appear fairly self-evident by now. For example, you can travel with a laptop that contains no information across borders and when you arrive at your destination just install Dropbox and sync with your files from the cloud. Because Dropbox has control of the encryption key you can use TrueCrypt for an added layer of protection. That way if the Dropbox servers were compromised for whatever reason the your files would still be encrypted.

Another wonder aspect of setting up your information architecture to use TrueCrypt and Dropbox is that you no longer need to worry about backing up the files. This can save lots of time and headache.

*** end quote ***

So much for the child pornographers being caught at the border crossing.

I’m advising that all international travelers NOT carry ANY computing platform through “security”. (Not that it makes us any more secure; it’s just theater to amuse the rubes.)

That means phone, ipads, netbooks … … nothing.

You can’t know what they will “find” when they do their “data proctology” exam. Or, what they will place on your hardware when it’s outside of your control.

Come to think of it that’s good advice even inside the US.

Argh!

# # # # #


TECHNOLOGY: Questions about hardware / software engineering

Thursday, December 23, 2010

http://www.itnews.com.au/News/241265,techies-revenge-lands-her-in-jail.aspx

Techie’s revenge lands her in jail
By Liam Tung on Dec 10, 2010 9:25 AM

*** begin quote ***

Four days after being fired from the Suncoast Community Health Centers’ for insubordination, Patricia Marie Fowler exacter her revenge by hacking the centre’s systems, deleting files, changing passwords, removing access to infrastructure systems, and tampering with pay and accrued leave rates of staff.

*** end quote ***

This story begs a number of questions about hardware / software engineering.

(1) Firewalls, hardware, and software are NOT designed to avoid the “King” effect. One example. The SWIFT funds transfer network in the 80′s had the concept of split authentication. The contract with SWIFT and the institution REQUIRED two separate “supervisors of an administrator” and “technology administrators”. There had to be collusion between FOUR people to subvert the security system. Bosses were NOT permitted to access the system but did receive the couriered envelop with their half of the institution’s code. They gave it to their administrator. Once the two haves were used, a new pair was generated and sent to the bosses. Either “administrator” could lock the “kingdom”. (I forget how long the “keys” were, but I remember typing it in was a giant pain.) Surprisingly, even honchos, who were openly hostile to “security”, meekly went along with this kabuki.

(2) It seems like there was very little separation of duties. The IT administrator apparently has access to the firewalls, other platforms, and data tables in applications. Seems like the place was an accident set up to happen. Where were the internal and external auditors? At the very least, with suitable automation, rebuilding components of the infrastructure should be near trivial. You wonder where was their disaster recovery plan; probably locked up in the head of the rogue administrator.

(3) “Passwords” in and around a serious “security” situation. Guess they never heard of two factor authentication?

Nice to know we don’t need no stinkin’ security!

Seasonal Greetings,
fjohn

# # # # #


ISP: Verizon / Yahoo email is insecure

Tuesday, December 21, 2010

verizon.net
incoming.yahoo.verizon.net (No SSL, port: 110)
outgoing.yahoo.verizon.net (No SSL, port: 25 or 587, use authentication)
Your Verizon Yahoo! Mail ID (your email address without the “@verizon.net”)
Email Address: Your Verizon Yahoo! Mail address (e.g., user@verizon.net)
Your Verizon Yahoo! Mail password

# # # # #


SECURITY: LASTPASS (Recommended with a big caveat)

Thursday, December 16, 2010

https://lastpass.com/

LastPass is a password manager that makes web browsing easier and more secure

# – # – #

Recommended, with a caveat.

I would never ever trust anyone with passwords to “financial” or “key email accounts”.

So, then by definition, passwords for “financial” services and their dedicated email accounts are NEVER shared with anyone, any service, or put on any machine. Written down in a secret spot. Not carried in a wallet or anything you’d expect.

(Handwritten and rolled up in a pen.)

Since there are very very few of these, they are easy to remember.

Yeah, under my tin foil hat, I’m paranoid!

And, you must use unique passwords for everything. It’s a pain, but necessary!

# # # # #


TECHNOLOGY: New form of spam begins. It looks like a standard LinkedIn invite.

Wednesday, September 29, 2010

New form of spam begins. It looks like a standard LinkedIn invite.

201009290912.jpg

But the URLs point to strange sites. Don’t worry I’m an Open DNS User (free) and they don’t resolve.

“Default” Users, who don’t take any precautions, should NEVER click on any link in ANY email.

# # # # #

LinkedIn Users Targeted with Fake “Contack Requests” to Spread Malwa
Posted by: “Joseph”
Tue Sep 28, 2010 7:38 am (PDT)

LinkedIn Users Targeted with Fake “Contact Requests” to Spread Malware
By Mike Lennon on Sep 27, 2010

On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users.

Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link.

According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says “PLEASE WAITING…. 4 SECONDS..” and then redirects them to Google, appearing as if nothing has happened. During those four seconds, the victim’s PC was attempted to be infected with the ZeuS Malware via a “drive-by download” – something that requires little or no user interaction to infect a system.

When Zeus infects PCs, users rarely notice any harm, and those who click on a link will may even have a chance manually download the executable file, as the malware first runs a series of browser exploits. ZeuS, also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent banking malware platform for online fraud, and has been licensed by numerous criminal organizations. The program then waits for the user to log onto a list of targeted banks and financial institutions, and then steals login credentials and other data which are immediately sent to a remote server hosted by cybercriminals. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc. A new variant recently emerged that targets mobile devices – ZeuS in the Mobile or “Ztimo”- used to overcome two-factor authentication.

“Criminals are misusing brands familiar to business users to trick them into becoming infected by data stealing malware,” said Cisco Security Researcher Henry Stern. “They want to infect those users with access to large-dollar online commercial bank accounts. This attack is most interesting because of its scale. While there have been many previous attacks that impersonate social media sites, the scale of this attack, tens of billions of messages, makes it notable. The criminals behind this attack are among those who stole over US$100m from commercial bank accounts in 2009,” Stern added.

Back to top Reply to sender | Reply to group | Reply via web post

# # # # #


INTERESTING: Corporations shift their IT costs

Wednesday, April 21, 2010

http://www.forbes.com/2010/04/20/smartphone-mobile-iphone-technology-cio-network-blackberry.html

JargonSpy
The End Of The BlackBerry Elite
Dan Woods, 04.20.10, 06:00 PM EDT
Companies are increasingly allowing workers to use their personal smartphones for work.

*** begin quote ***

And now that smartphones are relatively inexpensive and many workers own one, companies are encouraging employees to use their personal phones for work. One retail executive told me that most of his employees were eager to use their personal phones to stay in touch with work e-mail, and some workers could be reimbursed for their phone and texting charges.

Increasingly, companies are attempting to bring personally owned smartphones into the fold of corporate IT, which in practice usually means providing access to MS Exchange or Lotus Notes. This fits into the vision of Organic IT in which corporate IT is delivered through personal technology.

*** end quote ***

This brings up some interesting questions like ownership, liability, wage ‘n’ hour, and exhaustion. All questions that the CxOs really don’t want to recognize.

When corporate data leaks onto an employee device with the corporations blessing, who owns it? Customer lists take to a competitor by a job changing employee leaps to mind.

What are the liability issues with agreeing to this? An employees answers a email while driving and crashes defends with “the boss made me do it”.

If an employee has to support “off-hours”, what’s the wage ‘n’ hour implications?

If an employee is exhausted and burnt out, what is the costs of the mistakes and replacing them?

And I’m not even a lawyer; just a fat old white guy injineer who has had to “do” it.

# # # # #


GOVEROTRAGEOUS: Homeland Security couldn’t secure its own butt!

Thursday, March 25, 2010

http://www.schneier.com/blog/archives/2010/03/bringing_lots_o.html

Schneier on Security
A blog covering security and security technology.
March 19, 2010
Bringing Lots of Liquids on a Plane at Schiphol

*** begin quote ***

5. Department of Homeland Security Theater calls an emergency meeting with the National Security Council, after which it is decided that all bottle-shaped objects (and all Dutch reporters) should be banned from flights.

*** end quote ***

From the blog that coined the phrase “Security Theater”, here’s a funny extension. Despite the fact that the incident occurred overseas, it couldn’t happen here in the USA. Right!

# # # # #


POLITICAL: Classified to protect the interests of whom? Not you and me, for sure!

Sunday, February 28, 2010

http://campaignforliberty.com/article.php?view=625

02/20/10
Hushing Up “Conspiracy Theories”
by Jeff Riggenbach

*** begin quote ***

When Cass Sunstein and others seem most worried about is historical narratives that undermine the government.

*** end quote ***

“Classified information” is classified to protect the interests of Big Gooferment and the ruling elite; not us serfs. Why isn’t everything automatically declassified after say 50 years?

# # # # #


MONEY: Beat Airline Fees

Sunday, February 21, 2010

http://www.forbes.com/2010/02/18/nanofiber-clothing-iphone-technology-cio-network-travel.html?partner=technology_newsletter

Travel
How To Beat Airline Fees
Quentin Hardy, 02.18.10, 07:00 PM EST
Garments and gadgets that let you travel light and avoid extra charges on your next trip.

*** begin quote ***

This was before plausible roller bags, Web sites for lightweight travelers, and all the digital folding headphones, smart phone stands and nanofiber clothing that make the light life easy. It was also before the cursed baggage fees–now beating them is almost like flying for free.

*** end quote ***

Of course, I would only fly if I couldn’t get an appointment for a colonoscopy!

It also makes the “safety” case that all that junk dragged into the cabin makes us ALL unsafe should an emergency occur. The TSA should be the bad guy, (It is already.) By enforcing the number and size restrictions on carry ons. The airlines SHOULD charge for all the carry on crap. That’s what SHOULD be discouraged! Make checked bags free; carry on costs!

Argh!

If I were “king”, I’d proclaim the diktat throughout the land. And the serfs would rejoice.

If not for that, then for the fact we’d be using gold as a monetary standard and the gooferment would be cut down to size. (And, the airlines would be running the terminals, schedules, and “security”. Where passengers could sue in the “king’s” court for damages.)

And, peace and prosperity would be the rule though out the “kingdom”.

I can only wish!

# # # # #


TECHNOLOGY: WEP is worthless!

Saturday, January 30, 2010

How To Hack Wireless


Safe for work

Warning for WEP users. Don’t do your banking, or anything important, on that connection.

Don’t you just love command line stuff? How long until it is packaged for the script kiddies?

# # # # #


POLITICAL: “Zero Tolerance” for stupidity

Sunday, October 18, 2009

http://www.schneier.com/blog/archives/2009/10/the_bizarre_con.html

Schneier on Security
A blog covering security and security technology.

October 15, 2009
The Bizarre Consequences of “Zero Tolerance” Weapons Policies at Schools

*** begin quote ***

The problem, of course, is that the global rule trumps any situational common sense, any discretion. But in granting discretion those in overall charge must trust people below them who have more detailed situational knowledge. It’s CYA security — the same thing you see at airports. Those involved in the situation can’t be blamed for making a bad decision as long as they follow the rules, no matter how stupid they are and how little they apply to the situation.

*** end quote ***

Security needs the ability to distinguish between true threats and everything else.

When it can’t, it’s worthless. It gets overwhelmed with “noise” and the bad actors slip by.

Argh!

# # # # #


POLITICAL: Terminate the TSA

Saturday, August 15, 2009

http://online.wsj.com/article/SB125012447548327753.html

Airlines to Require More Passenger Data
By CAM SIMPSON

*** begin quote ***

WASHINGTON — Airlines this week will begin requiring some people making reservations for domestic flights to submit their dates of birth and genders as part of a screening process aimed at keeping boarding passes out of the hands of suspected terrorists, the Transportation Security Administration said.

*** end quote ***

I’ve got a novel idea. Let’s nuke the TSA. Make airlines responsible for security. Could they possibly do a worse job than the gooferment?

And, we won’t have to pay salaries and gooferment pensions to all these folks.

Why is the taxpayer in the business of running airport security? Why is the taxpayer in the airport business? Why is the taxpayer in the airline business?

You get the idea!

# # # # #


TECHNOLOGY: Booting from removable media

Friday, June 19, 2009

http://www.pcworld.com/businesscenter/blogs/bizfeed/166570/new_macbook_pro_can_boot_from_an_sd_card_duh_so_can_pcs.html

BizFeed
Smart tech advice for your small business
Robert Strohmeyer, PC World | Friday, June 12, 2009 7:17 AM PDT
New MacBook Pro Can Boot From an SD Card. (Duh. So Can PCs.)

*** begin quote ***

In the wake of this week’s WWDC keynote, in which Apple announced that new MacBook Pro laptops will finally include an SD slot, the tech press is all aflutter about what they seem to think is a new possibility: booting from SD. Sorry to break it to you all, but this isn’t a new idea, and many PCs have been doing it for years.

*** end quote ***

I STILL don’t understand.

We could NOT have malware that embedded into the boot records if we used removable media for the boot process.

One of the great weapons that the bad guys have against us is that “reinfection” vector.

Microsoft has done us a great disservice if the whole architecture of the “personal computer”.

That’s why I’m moving to Linux.

# # # # #


GOVEROTRAGEOUS: The Gooferment; do you trust it?

Thursday, May 28, 2009

http://www.schneier.com/blog/archives/2009/05/on_the_anonymit.html

May 21, 2009
On the Anonymity of Home/Work Location Pairs

*** begin quote ***

“On the Anonymity of Home/Work Location Pairs,” by Philippe Golle and Kurt Partridge:

   Many applications benefit from user location data, but location data raises privacy concerns. Anonymization can protect privacy, but identities can sometimes be inferred from supposedly anonymous data. This paper studies a new attack on the anonymity of location data. We show that if the approximate locations of an individual’s home and workplace can both be deduced from a location trace, then the median size of the individual’s anonymity set in the U.S. working population is 1, 21 and 34,980, for locations known at the granularity of a census block, census track and county respectively. The location data of people who live and work in different regions can be re-identified even more easily. Our results show that the threat of re-identification for location data is much greater when the individual’s home and work locations can both be deduced from the data. To preserve anonymity, we offer guidance for obfuscating location traces before they are disclosed.

*** end quote ***

Bruce Schneier highlights that “anonymous data” ain’t so anonymous. AND, the Census is going to collect geo tracking data in the next census. Good bye privacy.

Who authorized the gooferment to do more than count?

# # # # #


SERVICE: Generate random passwords

Wednesday, May 6, 2009

http://www.thebitmill.com/tools/password.html

Generate random passwords

# # # # #


TECHNOLOGY: Passwords and secondary questions

Friday, April 24, 2009

http://www.electronicpulp.net/2009/04/24/salma-hayeks-apple-mobileme-account-hacked-couldnt-have-been-easier/

*** begin quote ***

As I write this, people are accessing the personal Apple MobileMe account of Hollywood actress Salma Hayek, after its login details were posted earlier today on Anonymous imageboard 4chan.org. Hacking into a famous celebrity’s e-mail account might sound like it would take an awful lot of work and experience and knowledge in hacking, but as it turns out, the evil deed could be carried out with just a few keystrokes. The Anonymous poster who started it all left the following bits of information for all to see and use to access Salma Hayek’s MobileMe e-mail account.

   Her email address is shayek@mac.com

   Go to me.com, forgot password, type shayek@mac.com

   Her birthday is Sept. 2

   Answer to change password question is: frida

*** end quote ***

My non-critical passwords are 16 random alphanumeric characters. I have pages of them developed with ROBOFORM’s “PASSWORD GENERATE” function. My critical ones are long mnemonics of my favorite sayings.

AND, I treat secondary questions as exactly what they are — backdoors.

SO if you see my Grandmother C9HJLPQVK say hi. Say hi to my little dog KEZNBF6N9. And, I will be at my first school — VRT9ZWDX6.

If you know these “answers”, then you own my account at the New York Times. The free one. That they make you set up to read the slanted stories of the day.

Bottom line, security is for everyone. And, it’s easy.

# # # # #


LIBERTY: What percentage of a slave are you?

Monday, April 13, 2009

http://www.worldnetdaily.com/index.php?fa=PAGE.view&pageId=94199

A Minority View Walter Williams
Government deception: The rule not the exception
Posted: April 08, 2009 1:00 am Eastern

*** begin quote ***

Today’s politicians are not likely to take measures to avoid the coming chaos because senior citizens, the major beneficiaries of Social Security and Medicare, vote in large numbers and will exact a high political price. Plus, neither today’s senior citizens nor today’s politicians will be alive in 2050. I’d be more optimistic if my fellow Americans were simply suffering from congressional deception as opposed to their not caring about the economic calamity that awaits tomorrow’s Americans. I’d be even more optimistic if today’s seniors started putting heat on Congress to allow those Americans who want nothing to do with Social Security to opt out.

*** end quote ***

# – # – #

Like that is ever going to happen. Politicians and bureaucrats will never release the “wage slaves” without a fight.

# # # # #


RANT: Medical treatments will be tracked electronically by a federal system {Breaking News}

Tuesday, February 10, 2009

http://www.bloomberg.com/apps/news?pid=20601039&refer=columnist_mccaughey&sid=aLzfDxfbwhzs

Ruin Your Health With the Obama Stimulus Plan
Commentary by Betsy McCaughey
reported on Bloomberg

*** begin quote ***

Feb. 9 (Bloomberg) — Republican Senators are questioning whether President Barack Obama’s stimulus bill contains the right mix of tax breaks and cash infusions to jump-start the economy.

Tragically, no one from either party is objecting to the health provisions slipped in without discussion. These provisions reflect the handiwork of Tom Daschle, until recently the nominee to head the Health and Human Services Department.

Senators should read these provisions and vote against them because they are dangerous to your health. (Page numbers refer to H.R. 1 EH, pdf version).

The bill’s health rules will affect “every individual in the United States” (445, 454, 479). Your medical treatments will be tracked electronically by a federal system. Having electronic medical records at your fingertips, easily transferred to a hospital, is beneficial. It will help avoid duplicate tests and errors.

But the bill goes further. One new bureaucracy, the National Coordinator of Health Information Technology, will monitor treatments to make sure your doctor is doing what the federal government deems appropriate and cost effective. The goal is to reduce costs and “guide” your doctor’s decisions (442, 446). These provisions in the stimulus bill are virtually identical to what Daschle prescribed in his 2008 book, “Critical: What We Can Do About the Health-Care Crisis.” According to Daschle, doctors have to give up autonomy and “learn to operate less like solo practitioners.”

*** end quote ***

Surprise, surprise, surprise.

We’re like the Jim Neighbor’s character, the village idiot, and we’ll be “suprised” that this “stimulus bill” has a lot of “interesting ideas” in it.

DownSizeDC is right: Read The Bills (make the congresscritters read what they are voting on), One Subject At A Time (No mash ups), and all their other suggestions. (www.downsizedc.org)

This is a disaster. It has NO —- none, zero, nada —- redeeming value.

It’s going to send us down the road to debt and a ultimately societal collapse. Not in the next thirty minutes. Thankfully, I won’t have to pick up the pieces, but a terrible legacy to leave behind.

I wonder if the citizens of the Roman Empire saw it coming as well? Debt, Inflation, Circuses, collapse.

Privacy and security down the tubes. There are no computer break ins or leaks. The gooferment can’t secure its prisons, but your medical records will be just fine. Ask ARod how it feels to have private medical records discussed by the President on National TV!

# # # # #  

# # # # #


SERVICE: FACEBOOK pops and an unusual message and I’m locked out

Monday, January 26, 2009

From: Facebook <password+frohghzf@facebookmail.com>

Date: January 26, 2009 2:20:49 PM EST
To: FJohn Reinke
Subject: Security Warning From Facebook
Reply-To: Facebook <password+frohghzf@facebookmail.com>

We have detected suspicious activity on your Facebook account and have reset your password as a security precaution. It is possible that malicious software was downloaded to your computer or that your password was stolen by a phishing website designed to look like Facebook. Please carefully follow the steps provided:

1. Run Anti-Virus Software: If your computer has been infected with a virus or with malware, you will need to run anti-virus software to remove these harmful programs and keep your information secure. For Microsoft:

http://www.microsoft.com/protect/viruses/xp/av.mspx
http://www.microsoft.com/protect/computer/viruses/default.mspx

For Apple:

http://support.apple.com/kb/HT1222

2. Reset Password: Be sure that you use a complex string of numbers, letters, and punctuation marks that is at least six characters in length.

To reset your password, follow the link below:

http://login.facebook.com/reset.php?
(If clicking on the link doesn’t work, try copying and pasting it into your browser.)

3. Never Click Suspicious Links: It is possible that your friends could unwillingly send spam, viruses, or malware through Facebook if their accounts are infected. Do not click this material and do not run any .exe files on your computer without knowing what they are. Also, be sure to use the most current version of your browser as they contain important security warnings and protection features.

4. Log in at Facebook.com: Make sure that when you access the site, you always log in from a legitimate Facebook page with the facebook.com domain. If something looks or feels suspicious, go directly to http://www.facebook.com to log in.

5. Report Suspicious Activity: Please visit the following pages for further information about Facebook security and information on reporting material: http://www.facebook.com/help.php?page=420 and http://www.facebook.com/security

Once you have performed all these steps, your account should once again be secure. Please be sure to visit the Facebook Help Center for further information regarding these security issues and let us know if you need assistance.

Thanks,
Facebook Security Team
# # # # #


SERVICE: Generate safe passwords

Wednesday, January 21, 2009

http://www.safepasswd.com/  

I like it but I’d prefer if it would generate a page at a time.

Like a one time pad.

# # # # #


Follow

Get every new post delivered to your Inbox.

Join 1,033 other followers

%d bloggers like this: