[AI] security

Sanjay ilovecold at gmail.com
Thu Aug 19 06:42:05 EDT 2010


Online data thieves will jump at the chance to harvest even the most
innocuous
personal information.

ROSEMARY HATTERSLEY demonstrates how to tighten up Facebook security

Facebook friends or foes?

Whether you're a committed telly addict, a tabloid aficionado or a web
surfer
extraordinaire, we're sure you can't help but notice that every couple of
days seems to bring another security scare.  Scare stories make for good
headlines, of course, but some affect you more than others.  Such is the
case
with privacy - something we're increasingly expected to manage for
ourselves.

There are plenty of straightforward ways to claw back some peace of mind.
As we
outlined in our in-depth look at the latest online security threats (
bit.ly/bXLTpW), the little bits of information with which we furnish web
apps
can be collectively turned against us.

A good example is the Facebook app that asks what single topped the charts
the
day you were born.  I don't mind admitting that my answer to this is one of
those dated comedy tracks.  But I'm not about to amuse Facebook's entire
London network (several million-strong and counting) with its details,
particularly when doing so narrows down my date of birth to a seven-day
period.
How many guesses does a hacker need to correctly ascertain and make use of
my
date of birth (DOB) on an official form, such as applying for a credit card?
Not many, given those odds.

Changes to Facebook's interface now promote the idea of searching, Friends
Reunited-style, for old acquaintances based on school years.  Again, you're
semi-publicly drilling down into the detail and then proudly displaying the
results.

If you and five of your friends all went to the same school, it takes only
one
person to list their DOB for a snoop to reasonably deduce that you were all
in
the same school year.

Don't even get me started on the dangers of posting your full address, phone
numbers and myriad other details that only true friends should be privy to.
And
it's no better if you have a blog and post the information there.  Web
crawlers will happily serve it all up on a platter to anyone who knows how
to
use a search engine skilfully.

It's great to share; it's even better to check first who you're sharing it
with.

PLUG FACEBOOK INFORMATION LEAKS

START Click Account at the top right and choose Account Settings from the
drop-down menu.  From here, you can swap your existing password for a
stronger
alphanumeric one.  It's also a good idea to remove your maiden or middle
names
if you included them at registration.

2 Click the Networks tab to check you're happy with the sharing settings for
any network you may have joined.  You're no longer required to join a
network,
however, so you may prefer to remove yourself from it altogether.  Also
consider
unlinking your Twitter and MySpace accounts, your personal blog and so on.

3 The Privacy Settings are equally important; they're also under the Account
menu.  Facebook has tightened up some of its defaults, but it's wise to
check
what you're sharing with whom.  In particular, don't let third parties use
your profile picture in their advertising, which may fool some of your less
tech-savvy friends.

4 If you log into Facebook with a mobile phone number, have signed up for
Facebook texts or listed your number at sign-up, be aware that your phone
number
will be available for all your 'friends' to see (plus networks such as
Foursquare).  If you don't want them to call you or send you text spam,
alter
your settings on the Mobile tab.

5 Hackers often seek out a weak link, such as someone who appears to accept
friends willy-nilly.  Having been accepted, they try to become friends with
that
person's friends, who assume the newcomer must be kosher.  Go to Accounts,
Edit friends for a list from which you can purge anyone you don't actively
know.

6 You'd be surprised what you can learn about people based on their answers
to
Facebook's quizzes.  Most apps request permission to post your answers to
the
Live Feed and to your Wall but, even if you ignore such requests, commenting
on
someone else's results could reveal more than you intended to.

PASSWORDS AND FILE LOCKERS

Two of the most straightforward changes you can make to your everyday
security
setup involve using a password generator to protect your logins, and a
file-encryption tool to scramble your emails and documents so they can't be
intercepted between you and the recipient.

One of the best-known password utilities is KeePass Password Safe (
keepass.info), which enables you to easily keep track of all your logins and
usernames without resorting to the simple but highly insecure practice of
using
a single password for all sites.  Instead, this free, open-source password
generator uses an encrypted database to do the heavy thinking for you.

A similar approach is offered by PGP ( pgp.com) which is short for 'pretty
good privacy'.  This security stalwart makes it easy for you to perform
everyday tasks without compromising your files.  Use it when you need to
send an
important document or a message that you don't want others to be able to
read.
A key is sent along with it that only the intended recipient can decode.

LOCK DOWN YOUR DATA

START Thousands of laptops are lost or stolen each year.  Lock yours down to
prevent data being siphoned off it without your knowledge.  USB flash drives
and
other portable media also pose a significant risk.  Password-protect and
encrypt
the drive, and use a biometric fingerprint reader for access.

2 Vista and Windows 7 Enterprise and Ultimate users can make use of
BitLocker
and BitLocker To Go.  BitLocker encrypts internal drives, while BitLocker To
Go
protects external storage.  You'll need the BitLocker Drive Preparation Tool
to ensure your volumes are properly configured first ( tinyurl.com/yhlfsbx).

3 Once your drive is properly partitioned, you can encrypt it.  Click on
BitLocker Drive Encryption in the Control Panel.  The console will display
the
available drives and indicate whether BitLocker is currently protecting
them.
Note that the display separates the internal and external drives.

4 Click 'Turn On BitLocker' next to any unencrypted drive to begin the
encryption process.  Choose a password or opt to insert your smartcard for
authentication.  BitLocker then offers an opportunity for you to save the
BitLocker Recovery Key - a failsafe for a forgotten password.  Tony Bradley

LOCK UP PORTABLE HARD DISKS

Windows Vista is able to protect internal drives and volumes, but it cn't
encrypt data on removable drives.  Windows 7 addresses that glaring lack of
functionality with BitLocker to Go.

While you're able to continue working as BitLocker runs in the background,
removing a drive during the initial encryption process can destroy the data
stored on it.  If you absolutely must do so, use the Pause button to halt
the
process first.

Using BitLocker to Go, you can protect data on USB flash drives and other
removable media.  If you need to share sensitive information with other
people,
you can give them the encrypted data on the USB drive and give them a
password
to unlock the contents.  You can also require a smartcard to unlock the data
for
additional protection, and deliver the two separately.

BitLocker to Go gives administrators the ability to control how removable
media
can be used, as well as to enforce policies for protecting data on removable
drives.  They can make unprotected removable storage read-only, and require
that
the system applies BitLocker encryption to any removable storage before
users
can save data to it.  How to use BitLocker without a TPM ( bit.ly/dvG68c).


Technical telepathy: 09969636745
Saints are not always saints; sinners are not always sinners.






More information about the AccessIndia mailing list