Daily Bits

Security

Is Your Privacy Online Protected?

by

Practically everyone is online these days, and you can’t really keep track of all the information on you out there.  While you may be careful with what you post and what you do on the Internet, threats to privacy are very much real.  We’ve heard of horror stories about these issues all too often, but for those who haven’t experienced any problems, the threat may not seem that urgent. If you think this way, it is about time that you take a look at how protected you are.

Judging by the number of articles and posts on online privacy you can find, one should really take this issue seriously.  Here are a few ways by which you can make sure that your online privacy is protected.

Be smart with passwords

This is such a basic thing, but the need for solid passwords cannot be emphasized enough. Remember the simple rules: don’t use one password for all your accounts. Don’t use your name, your birth date, etc. If necessary, keep a file of all your passwords so you won’t have to worry about forgetting them.

Do not “engage” spammers in anyway

That means you automatically click SPAM. Do not bother to reply. Do not even click on the link that says “Unsubscribe” or something similar. Just click SPAM.

Don’t forget to log out

We used to own an Internet cafe many years ago, and I cannot count the instances wherein I would use a computer only to see that the previous user did not log out of Yahoo. You may say that you don’t use public computers, but it still is a good habit to develop.

For more tips and details, visit my sources for this post: The Telegraph and EFF.

Photo credit: opensourceway

Is Your Geotag Function Disabled?

by

Tech-savvy individuals would know all about geotags. Initially, the whole idea can make you overly excited. When you hear about what happened to Adam Savage (of Mythbusters fame), though, you might think twice about enabling thing function.

Basically, geotagging allows data to be embedded in different media such as photos and videos. For example, when you use your iPhone to take a picture, the longitude and latitude can be included in the file. When uploaded to a web site, anyone who views the file can extract that data.

That’s what happened to Adam Savage, who posted a photo of his ride to work on Twitter. As a caption, he wrote “Now it’s off to work in my beast. Wait…How’d that DOG get in there?”

Nothing’s wrong with that, right? Think again. The photo included details on the exact location of his home (where it was taken). His caption also revealed the information that the house might be empty in the next several hours. You see where I am going with this?

You’d think that someone like Adam Savage would have known better than to do something like this, but he salvaged the situation quite well by saying that he was not at all concerned about the issue as he is not famous enough to be stalked. Now I am not so sure about that…Oh, and yeah, he moved to another house.

Anyhow, even if you are not a public figure like Adam Savage, you might want to disable that geotag function. After all, you know how ingenious unscrupulous individuals can get.

Photo from The New York Times

Toshiba Wipe Adds More Security for Sensitive Data

by

Paranoid about the sensitive data you have in your hard drive? Toshiba just might have the answer for you with their new technology called Wipe. This technology involves self-encrypted hard drives. Basically, the security lies in the fact that sensitive data can be wiped out from the drive when the system is turned off or when the hard drive is taken out of the system. In case someone tries to steal your HDD, you are safe!

Here’s an excerpt from the press release made by Toshiba:

…Wipe for Toshiba Self-Encrypting Drive (SED) models, a technology that allows special security capabilities, such as the world’s first ability for sensitive user data to be securely erased when a system is powered-down or when a SED HDD is removed from the system. The feature can also be used to securely erase user data prior to returning a leased system, system disposal or re-purposing. Wipe was created as an enhancement to Toshiba’s Self-Encrypting Drive (SED) hard disk drives.

Toshiba announced its latest 2.5″ 7200rpm SED HDD model in July 2010, to address the increasing need for IT departments to comply with privacy laws and regulations governing data security. Designed to the Trusted Computing Group “Opal” Specification, Toshiba’s SED models provide advanced access security and on-board encryption for client systems such as notebook computers.

This technology can be applied to hard drives for laptops and other mobile devices. Businesses that use electronic equipment such as printers and photocopiers with hard drives can also benefit from this new technology.

It is easy to see how individuals and entities who have particularly sensitive information will find great use for Wipe. The question is this: just how much will this set you back? So far, it doesn’t seem like exact figures have been released. We’ll find out soon enough, I am sure.

WoW Players Target of New Phishing Scam

by

World of Warcraft players, beware! You are now the target of a group (or groups) of cyber criminals. The scam’s premise is nothing new – the cyber criminals send e-mails to WoW gamers, asking them to verify their Battle.net account. In order to do so, the gamer has to enter his password. Of course, the web site to which the gamer is directed to is a fake one, and once the details are inputted – poor gamer!

Discovered and made public by F-Secure, a Finnish antivirus vendor, the scam is only one of the tactics that various cyber criminals are using. Another on going thing is someone sends you a chat message on WoW. This is in relation to the new Cataclysm beta. Spam Fighter shares the details:

Tom Kelchner, Security Researcher at Sunbelt, states that his friend Douglas got one message in a chat session from a person who employed the handle “BlizzalCOL” during the WoW game. He told him about the availability of the beta so the Cataclysm on the World of Warcraft map could expand, as reported by Sunbeltblog on July 13, 2010.

Kelchner further wrote that the message spread via an URL that took to Cataclysmtest.net looking like the login page of WoW.

He added that to determine the destination of the Cataclysmtest.net, he fed an unreal username and password to the site. Surprisingly, they were accepted, implying that the site was possibly stealing login information. Hence, it was a phishing site.

With WoW accounts being in high demand – especially those who have well-established characters – these developments are not surprising at all, are they? Needless to say, WoW players ought to be even more careful about using their login details.

A Note of Caution to Safari Users

by

Everyone knows that Apple’s computers outperform Windows-based computer practically in all levels. However, don’t just sit back and think that, since you’re using a Mac, you shouldn’t be concerned about security issues.

Recently, a flaw in Apple’s web browser Safari was discovered by a security researcher. The flaw involves Safari’s auto-fill feature. Because of a bug, malicious web sites can harvest information that the user inputs on the browser. This information can be anything from name, e-mail, phone numbers, address, and more.

Jeremiah Grossman is the guy who discovered the flaw. He is the chief technology officer of WhiteHat Security, a computer security company. He says that he had contacted Apple prior to publishing his findings in his blog. This was back in June. However, he merely got an auto-reply from the company, and no follow up communication ensued.

If you’re thinking that this might just be part of a smear campaign against Apple, think again. The technology giant has acknowledged that the flaw does exist. They gave a statement saying that they are taking the issue seriously and are working towards fixing it at the soonest possible time. Other than that, however, they did not give any information.

What should you do in the meantime? I suggest switching to another web browser till Apple gets things together. Alternatively, if you feel disloyal doing that (I don’t see why, though), disable the auto-fill feature of your Safari. Seth Weintraub provides more information on this.

Pirates Under Attack

by

The Pirate Bay is arguably the best known file sharing web site today. This group has risen to fame over the years due to their service of providing millions of users around the world with all sorts of files – many of them considered to be illegally shared. There was a time when The Pirate Bay was taken down and was temporarily “closed.”

Recently, it has been quite active again, with users continuing their file sharing activities. This time, though, The Pirate Bay came under attack – from a different source. A group of researchers from Argentina took it upon themselves to show the vulnerability of the site.

What they did was to hack into the system, compromising the data of more than 4 million registered users of The Pirate Bay. The group announced its “feat” in their blog, Insilence.biz, and went one step further by outlining the specific details of how they did it. This is what they have to say:

As any other website, as any other system or mechanism, www.thepiratebay.org has robust parts and soft spots. We [believe] that the people behind this [community] always acted with the local laws on their side, and so have we. The community caused problems to huge companies and corporations[,] which turned into threats between this companies and them. What we have done, we did not do it with anger, or for commercial value. As always, we saw the change, the moment and decided to take it. The protocol or procedure done to achieve this wasn’t anything out of the ordinary…

Just like many of the commenters in their blog, I do not totally understand why they hacked the site. Perhaps it was out of a twisted sense of justice? What do you think about this move? Is it justified or is it a mere publicity stunt?