| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Get control of your email attachments. Connect all your Gmail accounts and in less than 2 minutes, Dokkio will automatically organize your file attachments. You can also connect Dokkio to Drive, Dropbox, and Slack. Sign up for free.

View
 

Privacy and Security

Page history last edited by ted.coopman@... 9 years, 3 months ago

Here are some tips on privacy and security online as well as interesting information


Top 500 worst passwords of all time

(What's my pass)

 

Your Top 20 Most Common Passwords

5:21 PM - January 22, 2010 by Marcus Yam - source: Tom's Hardware

 


 http://www.wired.com/gadgets/gadgetreviews/magazine/16-10/ts_burningquestion

 

WIRED MAGAZINE: 16.10 

Burning Question: How Much Computer Security Is Enough?

By Cliff Kuang Email 09.22.08
 

Put down that money order and step away from the Internet, sir. You could blow your kid's college fund on computer security doodads: biometric password protectors, remotely erasable hard drives, GPS tracking — every day, there's some new and irresistible offering for the paranoid. But what do you really need to protect your computer? Less than you think.

 

The gospel is familiar: An antivirus program paired with anti-spyware/malware measures will shield your PC from just about anything. In fact, the marketing of those products is so good that security apps are about the only software people still expect to pay for. But the best stuff doesn't cost a dime. Programs like AVG and Ad-Aware are free, and they won't hit you up for upgrades like the big security suites.

 

Those guardians are fine for Grandma's Gateway, but the truly savvy eschew them altogether. Even the most well-meaning program bogs down your box. And it's not hard to dodge infection; just abide by the basic tenets of Internet common sense:

 

• Don't click on mysterious email attachments

• don't bother with the free pr0n, Ch3@p Vi@gr@, and Nigerian millions

• never open .exe files

• Email is still one of the biggest infection vectors, so be cautious and use a good webmail service like Gmail, which automatically scans your messages.

• Don't leave your computer online when you're not on it.

• Beware of anything that immediately asks for personal information. Don't reuse passwords.

 

On the meatspace side, secure your Wi-Fi network and, most important, get a backup drive. Backup may not be the first item on your Web-safety list, but it should be; infection is no big deal if you can just wipe your machine clean. As PC-security demigod Bruce Schneier says, "Any countermeasures are almost optional once you have good backups."

 

Hardware geeks will notice a glaring omission from this list: encrypted hard drives. That's because only a few really add security, and only a few people really need them. "There's a lot of snake oil," says Lance James, who designs anti-phishing software. "Some of it works, but at that level, you're mostly addressing pedophiles." The most secure drives have onboard microprocessors that scramble data before writing it, but if you forget your password, you're screwed — there's absolutely no way to access your information. However, you're probably more than fine using encryption software like Private Disk.

 

But before you even go that far, take a step back. If you're really convinced you need ironclad PC security — and you don't work for a credit card company — you may have bigger issues than some puny computer virus. Freak.


Password Design

We all have multiple passwords to access everything from blogs, to email, to online banking. Often, we use Key Chains so our computer remembers what passwords we use. Of course, there are many sites we do not want to do this for because anyone who steals your laptop would be able to access your most important online data.

 

Usually what we do is to use the same passwords over and over  - which is convenient but not very safe because thieves know we are lazy. Ideally, every password should be unique, but this rarely something we take the time or make the effort to do. Let’s face it –– it’s a hassle (although not as big a hassle as identity theft!). So here are a few suggestions for dealing with passwords.

 

In general, all passwords should have both letters and numbers or even symbols. Avoid common terms or names that appear in dictionaries –– a dictionary attack is when software automatically tries all the words in a dictionary. Also, any easily accessible information about you should be avoided. A good technique is to misspell a word or name. For example, kancun or cancoon instead of Cancun. If you went on vacation to Cancun in May of 2008 (had had a memorable time) you could create a password kancun!52008. You can also substitute symbols for numbers, * instead of 8 or % instead of 5.  So, try kancun%2008 or kancun@00*, whatever you think you can remember.

 

Realistically, not all passwords are equal and the most important. I know most people will use the same password over and over, so for less than critical access at least pick something that is hard to crack to start with. However, access to person records, banking, and so forth, should have more complex passwords. Using phrases is the best way to do this but many systems cannot handle that many characters. In the mean time, devise passwords that are complex but associated with that particular transaction. Also, rather than keeping a text file with al your passwords take a page from many websites and make a list of clues. For example, “Misspelled favorite aunt plus make and model year of my old yellow car.”

 

IMPORTANT: avoid using open wifi networks for important transactions – see WiFi Safety below.


 

WiFi Safety

Accessing wifi networks at home or in public places is convenient, but it poses unique risks compared to wired connections.

 

Basics

Everything you do on a wireless connection is broadcast over a fairly wide range and does not travel straight from your computer to the nearest router. The signal is radiated up to 500 feet in all directons. Anyone with a wireless card within that range could potentially be scanning the WiFi spectrum. If you are connected to an open network that requires no password, the data that flows between your computer and the wireless router is unencrypted. Anyone with technical know how using freely available packet sniffing software will have access to any unencrypted packets of information moving with the network.

 

At Home

While it is cool to be able to jump on your neighbors network (come on, you KNOW you do it), having an unprotected wifi network can cause a variety of problems. These include linking you to any illegal activity, slowing down your connection, or hacking your computer or communications. All wifi routers come with default passwords that few users bother to change. Read the directions and select the strongest password protection that you computer can handle.

Remember, you can configure your computer to remember the password so you won’t have to log on every time –– therefore you can make it reasonably complex.

 

Open/Public Networks

You should avoid banking or other critical activities in public hotspots. However, this is not always practical. First, use or install a firewall. If you have a firewall, set it at its most restrictive settings. Macs come with a firewall as do more expensive PCs.  Do not check your e-mail or access a password-protected account at a Web site that doesn't provide an encrypted Secure Sockets Layer connection. For maximum security when using a public hotspot, use a virtual private network (VPN). Providers such as HotSpotVPN or PersonalVPN require a monthly financial commitment, but they offer effective security for travelers who use public hotspots extensively. Second, if you must enter credit card numbers while using a public wireless network, make sure there is a locked padlock icon at the bottom right corner of the browser window, and make sure the Web address begins with https: ("s" for secure). Finally, if you're not surfing the internet or sending e-mail, but still using your computer in an area where there is a public wireless network, disable your wireless connection. DO NOT simply sleep your computer and leave your wifi hot – it will look for pen networks.


 

These 10 tips are from the Center for Democracy and Technology (CDT)

 

1. Look for privacy policies on Web Sites:

Web sites can collect a lot of information about your visit -- what computer you use, what type of hardware and software you have, what Web sites you have visited. Web sites that ask you to provide even a small amount of personal information can tie the data you provide to your browsing habits.

 

2. Get a separate account for your personal e-mail:

Often, online users do not realize that e-mail sent from their work accounts is likely to be an open book to their employers. Even if you send an e-mail from your home, a copy is often stored on your employer's main computer server. Your boss has a legal right to read any and all correspondence in this account or on your work computer at any time.

 

Getting a separate account for home allows you to check your personal messages without using your workplace e-mail server. Some private accounts can be configured to enable you to check your personal mail from work without downloading it onto your company computer.

 

Ted's Extra Tip #1: If you are concerned about privacy - pay for an email account. Most ISPs provide you with an email address(s). Double check their privacy policies!

 

3. Teach your kids that giving out personal information online means giving it to strangers:

Teach your children that they need your permission before they can give out their name, address or other information about themselves or the family.

 

4. Clear your memory cache after browsing:

After you browse the Web, copies of all accessed pages and images are saved on your computer's memory. While these copies make subsequent visits to the same sites faster, the browsing record has grave implications for personal privacy, particularly if you share a computer or browse at work. You can delete most of your online trail by simply going to the "Preferences" folder in your browser and clicking on the "Empty Cache" button. Sometimes this option is in the "Advanced" menu of the browser preferences. In Internet Explorer, go to "Internet Options" from the "Tools" menu and click on "Clear History".

 

Ted's Extra Tip #2 When using campus, public, or someone else's computer clear the cache and make sure you move any files or documnets to the trash - then empty it.

 

5. Make sure that online forms are secure:

Online forms may be digitally transported in ways that leave them vulnerable to undesired access. Alternatively, online forms may be encrypted so that only the intended recipients can readily translate the information.

 

6. Reject unnecessary cookies:

Cookies enable Web sites to store information about your visit on your own hard drive. Cookies inform site operators if you have visited the site and, if you have obtained a username and password, cookies remember that information for you. Many of the "personalized" search engines use cookies to deliver news topics that users select; sites often use these same preferences to target advertisement. Furthermore, cookies can be used to track you online and enable a creation of a profile without you realizing it. You can search your hard drive for a file with the word "cookie" in it (i.e., cookies.txt or MagicCookie) to view the cookies that have been attached to your computer. Newer browsers allow you to recognize sites that send you cookies and reject them outright by accessing the "Advanced" screen of the "Preferences" menu. In Internet Explorer, delete cookies by clicking on the "Delete Files" button in the "General" icon of "Tools"' "Internet Options" menu.

 

Ted's Extra Tip #3: Many sites - like Blackboard - require cookies and other operate better when they have cookies (Amazon, etc.) - let's face it - disabling and selecting which cookies to accept is a pain. You can use several different browsers (most are free) on your computer. Keep one specifically for cookie heavy operations to sites you trust. For your other browsers - dump/reject cookies.

 

7. Use anonymous remailers:

Anonymity is essential to privacy and free speech. It protects whistle blowers and writers of controversial material; most simply, it may enable one to publish without a forwarding address. The e-mail technology creates problems for the right to anonymous communication since the sender of a message can be traced back through digital paths.

 

Created to address privacy risks and concerns, "anonymous remailers" presently allow you to send anonymous e-mail messages. One very good remailer was created as a joint project of the George Mason Society and the Global Internet Liberty Campaign and is available on the Web at http://www.gilc.org/speech/anonymous/remailer.html

 

8. Keep your e-mail private, use encryption!:

E-mail is not as secure a medium as many believe.

E-mail can be easily rerouted and read by unintended third parties; messages are often saved for indefinite periods of time. Presently, there exist technologies that allow you to encrypt your messages in order to protect their privacy. Some e-mail programs (i.e., Internet Explorer Outlook and Netscape Messenger) have encryption. Pretty Good Privacy (PGP), a popular encryption software, is free for non-commercial use.

Read more on PGP and download the encryption software at http://web.mit.edu/network/pgp.html

 

Ted's Extra Tip #4: Any email, IM, or text communication sent online should be treated as a postcard sent in the mail - easy for anyone to read (unless you have encryption). Do not include anything in an email that you do not want to see on the front page of the local paper or have to explain to a prosecutor in court!

 

9. Use anonymizers while browsing:

From the moment you type in a Web address, a log is kept with information about your visit.

Every day, most of us walk down the street without being recognized or tracked. While anonymity is often taken for granted in the physical world, such luxury is not available online. Tools that strip out user information, thus preserving anonymity, have been created; a few are readily available on the net. Visit http://www.freedom.net and http://www.anonymizer.com.

 

10. Opt-out of third party information sharing:

Many online companies provide you with the option to get off (or "opt-out") the lists that share your information. Some companies enable users to easily opt out -- users are often able to do so online. A number of companies go a step further and ask your permission (opt-in) before sharing personal information that they have collected. Often, however, companies make opting out difficult or virtually impossible: addresses are buried, one cannot opt-out online, etc. CDT has created Operation Opt-Out to help you control how your personal data is collected and distributed.


 

CDTS Questions to Ask about Web Site Privacy Policies

 

1. What information is being collected? Is the information personally identifiable?

2. Why is it necessary to collect this information? Is the data collection appropriate to the activity or transaction? If not, why does the site need it?

 

Ted's Extra Tip #1:  ask yourself - do you REALLY need to do business with this organization? If you don't like their policies (for example -asking for your credit card security code) go some place else with different policies - and make sure to tell them how they lost/got your business!

 

3. How is the data being collected? Does the site set cookies? Does the site maintain web logs?

 

4. How is personal information used once it is collected? Is it ever used for purposes other than those for which a visitor has provided it? (If so, the visitor should be informed of the use.) Has the visitor consented to it? Does the visitor have the option to prohibit such secondary use? Can a visitor prohibit it and still enjoy the site?

 

5. Does the site offer different kinds of service depending on user privacy preferences? Does a user have a choice regarding the type and quantity of personal information that the site collects? Does the site disadvantage users who exercise data collection choices?

 

6. Can users access information that has been collected about them? Are users able to correct inaccurate data?

 

7. How long is personal information stored? Is it kept any longer than necessary for the task at hand?

 

8. What is the complaint and redress process? Whom can users contact?

 

9. What laws govern the collection? Is it a federal government site regulated by the Privacy Act? Is the entity collecting information regulated by another privacy law?

 


 

Privacy Rights Clearinghouse Tips for Dealing with SPAM

 

  1. Never open spam messages.  Unless you block HTML graphics, it’s possible that the sender will be alerted that you have opened the message.  This encourages them to send more messages.  Also, you may be susceptible to malicious code. 

     

  2. Never click on a URL (link) or Web site address shown in a spam e-mail. This could alert the site to the validity of your e-mail address, potentially resulting in more spam. It could also expose you to malicious code inserted on your computer.

     

  3. Set filters in your e-mail program to allow or to block specific senders and/or specific language. Many Internet Service Providers now provide automatic spam filtering; other filters you may need to be set manually. The filters can be set to keep out certain senders, or conversely, to “white list” other correspondents by allowing their specific e-mail address. In either case, filters work by analyzing your incoming mail and attempting to decide which e-mails are genuine and which are spam. But the process — whether automatic or manual, blocking or permitting — is far from perfect.   
  4. If you find that either legitimate messages are being captured in your spam filter or that unwanted messages are continuing to slip through to your inbox, you may need to adjust the spam filter settings.  Many e-mail accounts offer a separate “bulk mail” or “spam” folder where suspicious messages are held.

     

  5. Understand where rejected messages go. If you use filtering software, be sure the rejected messages are sent to a special folder other than your email “trash” basket. That way you can periodically review them to see if a message you truly want was diverted by an over-aggressive spam filter.

     

  6. Have a backup e-mail account(s). Use a free Web-based e-mail account at, for example, hotmail.com, Yahoo.com, or gmail.com (Google) for use when subscribing to magazines, filling out warranties, posting to Internet discussion groups, or in other situations where you are not sure how your email address will be used. While this won’t reduce the amount of spam you receive, it will largely keep it out of your primary e-mail account that you use on a daily basis.

     

  7. Use a combination of letters and numbers in your e-mail address. Many spammers employ “a dictionary attack” — bombarding the Internet with any plausiblecombination of letters and hoping some of those match your email address. If you use numbers and/or symbols in your address, you will likely sidestep such efforts.

     

  8. Never respond to spam. Responding to the messages just confirms that your e-mail address is valid and that you received and read their message. It also encourages them to send more messages. Don’t respond to any “removal instructions” that might be included at the bottom of the message.  And, of course, never buy anything as a result of spam you receive.
  9. Be especially alert for phony e-mails that request personal information from you. Cyber-thieves have gotten very good at mimicking legitimate Web sites of merchants, banks, and government agencies — including their logos and “official”-sounding language — and asking for your Social Security number, bank account data, or other private information under the guise of “updating” their records or “clarifying” your status as a customer. However, legitimate businesses and agencies rarely ask for such information over the Internet. So if you have any doubts — and you should — call the organization instead of responding to the e-mail and use a phone number in the phone book, not a

    telephone number shown in the message or on the possibly phony Web site.

     

  10. Do not rely on spam-blocking services. Many are ineffective and may even cause an increase in the spam you receive. Yahoo recommends the following:  Never sign up with sites that promise to remove your name from spam lists. Although some of these sites may be legitimate, more often than not, they are address collectors. The legitimate sites are ignored (or exploited) by the spammers, and the address collection sites are owned by spammers. In both cases, your address is recorded and valued more highly because you have just identified that your address is active.

     

  11. Consider using disposable online addresses. You can create a unique e-mail address for each e-mail newsletter or forum you subscribe to. Then, when an e-mail address begins getting spam, you can discontinue using it and start using another. This works because the disposable e-mail addresses actually forward to your real e-mail address. For more about disposable e-mail addresses, see http://email.about.com/cs/dispaddrrevs/tp/disposable.htm .

     

  12. Always be careful when making Internet purchases. Read online and offlineforms carefully and check or uncheck boxes as necessary to make sure you are not inadvertently giving your consent to receive spam. Every reputable e-commerce web site offers information about how it processes your order. It is usually listed in the section entitled Privacy Policy. You can find out if they intend to share your information with a third party or affiliate company. Do they require these companies to refrain from marketing to their customers? If not, you can expect to receive spam and even mail or phone solicitations from these companies.

     

  13. Remove e-mail addresses from your Web site. If you list or link to your email address, you are likely to be spammed by address-harvesting robots. If you must include your e-mail address on the site, try posting it written out in words (“example at domain dot com”) instead of example@domain.com. That way a human user can understand the correct address, but a robot may not recognize it as such.

     

  14. Consider subscribing to a spam-prevention service. These vary in effectiveness, but some people find them helpful. Many are “challenge-responseservices,” which means they require people who send you an e-mail to respond by clicking, visiting a Web site, and/or typing in a code that only a human — not a robot — could do correctly. That puts a burden not only on scammers but, unfortunately, also on your friends and legitimate senders who may find the system onerous and rude.

     

  15. Opt out of directories that may put your e-mail address online. For example, if your alumni association or your employer places your e-mail address on its Web site, ask the Webmaster to make sure it is disguised in some way. Always read the privacy policy of sites where you disclose your personal information or e-mail address.  Determine whether they will share your information with others for marketing purposes (this will lead to spam).

     

  16. Report spammers to their domain. Most e-mail accounts have an anti-spam requirement in their terms of service. For example, here is Yahoo’s Anti-Spam Policy:  http://docs.yahoo.com/info/guidelines/spam.html

How Computer Viruses Work

 

Tips on Where to get Free Virus and Spyware Scanning software


Other Useful Links

 

OnGuard Online: U.S. Government Site for Online Safety and Security

 

 

Electronic Frontier Foundation

 

American Civil Liberties Union (ACLU) Technology and Liberty Project

 

CATO Institute Free Speech and Technology Page

 

Search Engines - scary! - They Know all About you - The Guardian (UK)

 

Privacy Rights Clearinghouse Net Privacy Page

 

Also see the PRC's Traveling in Cyberspace Safely Page

 

 

 

 

Comments (0)

You don't have permission to comment on this page.