[AI] security

Sanjay ilovecold at gmail.com
Thu Aug 19 06:42:05 EDT 2010

Online data thieves will jump at the chance to harvest even the most
personal information.

ROSEMARY HATTERSLEY demonstrates how to tighten up Facebook security

Facebook friends or foes?

Whether you're a committed telly addict, a tabloid aficionado or a web
extraordinaire, we're sure you can't help but notice that every couple of
days seems to bring another security scare.  Scare stories make for good
headlines, of course, but some affect you more than others.  Such is the
with privacy - something we're increasingly expected to manage for

There are plenty of straightforward ways to claw back some peace of mind.
As we
outlined in our in-depth look at the latest online security threats (
bit.ly/bXLTpW), the little bits of information with which we furnish web
can be collectively turned against us.

A good example is the Facebook app that asks what single topped the charts
day you were born.  I don't mind admitting that my answer to this is one of
those dated comedy tracks.  But I'm not about to amuse Facebook's entire
London network (several million-strong and counting) with its details,
particularly when doing so narrows down my date of birth to a seven-day
How many guesses does a hacker need to correctly ascertain and make use of
date of birth (DOB) on an official form, such as applying for a credit card?
Not many, given those odds.

Changes to Facebook's interface now promote the idea of searching, Friends
Reunited-style, for old acquaintances based on school years.  Again, you're
semi-publicly drilling down into the detail and then proudly displaying the

If you and five of your friends all went to the same school, it takes only
person to list their DOB for a snoop to reasonably deduce that you were all
the same school year.

Don't even get me started on the dangers of posting your full address, phone
numbers and myriad other details that only true friends should be privy to.
it's no better if you have a blog and post the information there.  Web
crawlers will happily serve it all up on a platter to anyone who knows how
use a search engine skilfully.

It's great to share; it's even better to check first who you're sharing it


START Click Account at the top right and choose Account Settings from the
drop-down menu.  From here, you can swap your existing password for a
alphanumeric one.  It's also a good idea to remove your maiden or middle
if you included them at registration.

2 Click the Networks tab to check you're happy with the sharing settings for
any network you may have joined.  You're no longer required to join a
however, so you may prefer to remove yourself from it altogether.  Also
unlinking your Twitter and MySpace accounts, your personal blog and so on.

3 The Privacy Settings are equally important; they're also under the Account
menu.  Facebook has tightened up some of its defaults, but it's wise to
what you're sharing with whom.  In particular, don't let third parties use
your profile picture in their advertising, which may fool some of your less
tech-savvy friends.

4 If you log into Facebook with a mobile phone number, have signed up for
Facebook texts or listed your number at sign-up, be aware that your phone
will be available for all your 'friends' to see (plus networks such as
Foursquare).  If you don't want them to call you or send you text spam,
your settings on the Mobile tab.

5 Hackers often seek out a weak link, such as someone who appears to accept
friends willy-nilly.  Having been accepted, they try to become friends with
person's friends, who assume the newcomer must be kosher.  Go to Accounts,
Edit friends for a list from which you can purge anyone you don't actively

6 You'd be surprised what you can learn about people based on their answers
Facebook's quizzes.  Most apps request permission to post your answers to
Live Feed and to your Wall but, even if you ignore such requests, commenting
someone else's results could reveal more than you intended to.


Two of the most straightforward changes you can make to your everyday
setup involve using a password generator to protect your logins, and a
file-encryption tool to scramble your emails and documents so they can't be
intercepted between you and the recipient.

One of the best-known password utilities is KeePass Password Safe (
keepass.info), which enables you to easily keep track of all your logins and
usernames without resorting to the simple but highly insecure practice of
a single password for all sites.  Instead, this free, open-source password
generator uses an encrypted database to do the heavy thinking for you.

A similar approach is offered by PGP ( pgp.com) which is short for 'pretty
good privacy'.  This security stalwart makes it easy for you to perform
everyday tasks without compromising your files.  Use it when you need to
send an
important document or a message that you don't want others to be able to
A key is sent along with it that only the intended recipient can decode.


START Thousands of laptops are lost or stolen each year.  Lock yours down to
prevent data being siphoned off it without your knowledge.  USB flash drives
other portable media also pose a significant risk.  Password-protect and
the drive, and use a biometric fingerprint reader for access.

2 Vista and Windows 7 Enterprise and Ultimate users can make use of
and BitLocker To Go.  BitLocker encrypts internal drives, while BitLocker To
protects external storage.  You'll need the BitLocker Drive Preparation Tool
to ensure your volumes are properly configured first ( tinyurl.com/yhlfsbx).

3 Once your drive is properly partitioned, you can encrypt it.  Click on
BitLocker Drive Encryption in the Control Panel.  The console will display
available drives and indicate whether BitLocker is currently protecting
Note that the display separates the internal and external drives.

4 Click 'Turn On BitLocker' next to any unencrypted drive to begin the
encryption process.  Choose a password or opt to insert your smartcard for
authentication.  BitLocker then offers an opportunity for you to save the
BitLocker Recovery Key - a failsafe for a forgotten password.  Tony Bradley


Windows Vista is able to protect internal drives and volumes, but it cn't
encrypt data on removable drives.  Windows 7 addresses that glaring lack of
functionality with BitLocker to Go.

While you're able to continue working as BitLocker runs in the background,
removing a drive during the initial encryption process can destroy the data
stored on it.  If you absolutely must do so, use the Pause button to halt
process first.

Using BitLocker to Go, you can protect data on USB flash drives and other
removable media.  If you need to share sensitive information with other
you can give them the encrypted data on the USB drive and give them a
to unlock the contents.  You can also require a smartcard to unlock the data
additional protection, and deliver the two separately.

BitLocker to Go gives administrators the ability to control how removable
can be used, as well as to enforce policies for protecting data on removable
drives.  They can make unprotected removable storage read-only, and require
the system applies BitLocker encryption to any removable storage before
can save data to it.  How to use BitLocker without a TPM ( bit.ly/dvG68c).

Technical telepathy: 09969636745
Saints are not always saints; sinners are not always sinners.

More information about the AccessIndia mailing list