One Shot Design

According to experts from Accenture, Gartner and the Daiwa Institute of Research, netbooks may be particularly vulnerable to crackers. Cutting costs on netbooks often means doing without optional proprietary applications like firewalls and anti-virus, that would otherwise slow down the processor.

But when a Symantec marketing manager draws on their conclusions to advocate for paid anti-virus software, it is merely laughable. The efficiency of anti-virus software is arguable since the 2006 finding that 80% of malware bypassed the most popular AV software. That’s like playing the Russian roulette with a five-bullet barrel minus one… and thinking that you’re safe. Less advertized-for licensed and free anti-virus software sometimes do perform better than the major league, “So why bother paying for the premium licenses?” one might ask. On Linux, firewalls can be set up for free, an operation that still requires a fair level of computer literacy… not exactly your average user here.

The experts did however outline that crackers attacks tend to focus on servers or networks, so a 300$ netbook with photographs of your last fishing trip and your MP3 song collection might not be their top priority. Still, Trojan horses or malware could threaten to put critical information at risk or turn the computer into a botnet.

Unix-based operating systems are more fool-proof by design than Windows: there is a clear separation between user and administrator mode and in 2003 Linux only had 40 know viruses, while the Windows family had more than 60,000. So Linux-based netbooks are probably less vulnerable than Windows ones.

In any case, computer users should always apply data responsibility patterns by using priviledge-limited sessions, secured and authenticated Internet connections, storing critical information in encrypted databases (Keepass) or encrypted virtual folders (Truecrypt); and ideally accepting PGP-signed emails only.

Facebook CEO Mark Zuckerberg coyly attempted to clarify his company’s policy regarding ownership of user information:

Who owns and controls your Facebook information? This has been a question many have debated over the weekend, but Facebook CEO, Mark Zuckerberg, finally gave us the answer (almost) yesterday.

Monster.com’s database having recently been broken in by crackers for the second time raises the question: is your information safe on social networking servers?

Read the full article at PCWorld.com

Computer infection by viruses either happens because of bad luck (visiting a page concealing malware), poor computer literacy (opening an attached file) or plain negligence (logging with administrator rights to perform mundane tasks). Similarly, identity theft can be encouraged by negligence, especially when one forgets to log out after having used a public or shared computer.

Having found himself sitting in fron of computers with the previous private account sessions still open, Jeff Rosenberg decided to“teach a lesson to negligent students” in a manner of a highly questionable nature and legality:

I can’t tell you how many times I’ve gone to the library or a computer lab and found someone still logged into their user account. It used to make me angry. It used to make me wonder what was wrong with people. I don’t know if they just forget or just don’t care, but either way they deserve to be messed with for their stupidity. It took almost a year of my life to find these and to some degree I feel bad, but I’m pretty sure these people won’t ever forget to log out again.

In the USA, the Identity Theft and Assumption Deterrence Act makes the possession of “any means of identification [...] used without lawful authority” a federal crime. There is probably very little ground for accusing Rosenberg of identity theft since he never came in possession of the students login informations. But there is certainly something against vandalism.

Anyway, take heed and read the entry explaining Why You Should Always Log Out.

It seems Monster.com, the world’s largest job search engine, needs to hire a new sysadmin.

For the second time in 18 months, employment search site Monster.com has lost a wealth of personal data belonging to millions of job seekers after its database was illegally accessed.

In June 2008, the the Bank of New York (BNY) Mellon reported the loss of unencrypted tape sets containing details of 4,500,000 customers. Banks and civil servants generally seem oblivious to the importance of storing data in a form unaccessible to unauthorized parties. In the field of IT and database development, it is standard procedure to store user passwords as an irreversible encrypted string, such as NSA-released SHA hash functions; making it virtually impossible for hackers to decrypt the information.

In the case of Monster.com, the perpetrators could read all the user information except for the passwords; so they sent a phishing email inviting users to log on a fake Monster page, thus providing the cracker with the missing password. One solution to avoid this could have been storing email addresses using reversible encryption.

This story raises question about providing a lot of personal information to web sites (online mail, social networking, media storage and so on). Even if the company has a policy safeguarding the user’s privacy, all the confidental information is at risk if their servers are not properly secured.

Originally published on the 13th of September 2006, this article has been edited, updated and expanded to feature recent Open-Source applications and provide general guidelines on securing digital privacy.

Every week, we hear of laptop computers holding critical information being lost of stolen. Most of us don’t deal with classified government data, but we do own and use on a daily basis devices and storage media that hold a lot of information about us. They could put your privacy at risk if it they got into the wrong hands.

Here are 10 simple golden rules to follow in order to secure your computer and your storage media. Most of those tasks are as mundane as locking your front door or you car, but by combining then you can drastically raise the walls protecting your privacy. All the applications mentioned in this article are open-source, cross platform, and pretty much straightforward (they don’t require a PhD in Computer Science to be used).

Go to the article