"Any society that would give up a little liberty to gain a little security will deserve neither and lose both." ~ Benjamin Franklin

If a Secret Service agent can get hacked, so can you

>> Friday, January 14, 2005

Let's talk about computer security. Now before you fall asleep on me, take a look at how you are reading this right now. Are you using a computer? Yes? Well then you should be worried about computer security. Right now I can find out your IP address, what city, state and nation you are computing from, what operating system you are using, what browser you are using, screen resolution, and how you found this article. This information is sent every time you request a new web page.

But that's not what I wanted to talk to you about. What I mentioned above is the equivalent of caller ID on phones. You know; has a handset…you dial a number and talk to people…using your voice. Yes, only one conversation at a time. I know, I know quaint isn't it? What you should really be worried about is what else can be found out about you. Specifically things that you really, really don't want unethical people to know, like bank account information, credit card numbers or your password to your email account.

Read this story. The title, "Hacker read Secret Service e-mails" should be enough to get your attention. The corresponding story is at Security Focus. In a nutshell, a 21-year-old hacker cracked a T-Mobile server that a Secret Service agent happened to use as a personal account [meaning that he paid for it out of his own pocket]. However, he didn't follow Secret Service guidelines, which state that government files cannot be used on personal computers. He sent files pertaining to ongoing investigations to his T-Mobile Sidekick account. Yep, on the same server that was hacked. The hacker had 400 names, Social Security numbers, birthdays, usernames/passwords, camera-phone pictures and the like, but that didn't get him noticed. What got him noticed was when he shared two classified Secret Service documents on a message board.

What does that mean to you? It means that there are security rules for a reason. Most people lock their doors when they leave the house, lock their car when parked at the mall, and make sure the person behind them can't see whilst getting cash at an ATM. You should follow a few rules while on the computer as well.

  • Email is easily intercepted. It's just a stream of text and if I know your IP address [see the first paragraph above] and have the right tool, I can read that stream from anywhere in the world. Don't use email for anything that you wouldn't want posted on a bulletin board where everyone can read it. This means that you shouldn't use email to make rude remarks about your boss. It also means that you should never, ever send credit card, username/password, bank account, or other sensitive personal or corporate information by email.

  • Replying to requests for more information. Have you ever received an email stating that you "must reply to this message" to keep XXXXX account active? It could have been from big sites like eBay, PayPal, Yahoo, or AOL. Guess what? It was probably "spoofed". Someone sent a message that appeared to come from one of these companies, but the links send you somewhere else. So what do you do if you get one of these messages? First, don't click the link provided in the email. Go to the web site using your own bookmark or typing in the address. Log in normally and any important messages should be readily apparent. You should ignore almost every request for personal information via email.

  • You have a password for everything and it's tempting to make it easy for you to remember. How many of you use the name of your child, spouse, or pet as a password? How many of you use your address or date of birth somehow? BAD, BAD computer user! No cookie for you. Ideally, your password should not be something so easily guessed. It should include numbers, and not just a single digit. Using your child's name and the number 1 would take me 20 seconds to figure out. Really, I've sat down at a person's desk, looked at their pictures and guessed their password. "Is it Brenna1? Brenna2? When was she born? Is it Brenna2004?" Ooops, three tries and I figured it out. A safer password would be "1B2r3e4n5n6a7". It's still fairly easy for me to remember, but much harder for someone to guess [note: I do not use my baby's name as part of my password – just wanted you to know]. Notice that I didn't say impossible to guess, just harder. The best passwords are not words and include letters, numbers and the characters above the numbers on your keyboard. "T$1xh7&uX" is a great password. Another way to go is a sentence, with characters thrown in, like "I4Love^Brenna!"

  • Only buy things on-line from places that you are sure about. Big name companies are the best, followed by places in which you can see feedback from other purchasers. When in doubt, use PayPal. Then, if it's a scam, you're only out the purchase price and not your entire credit limit. The second thing I would like to point out is be sure that your connection is secure when paying for things on-line. Look for "https://" in the address bar. The "s" means that you are using an encrypted connection to the web site. Do NOT check the box saying something like "remember this card for future use". The easier it is for you, the easier it is for someone else too.

  • Monitor your credit cards and bank accounts. You should reconcile every month. Question every transaction that you don't remember or agree with. There should be a phone number to call with every purchase on your credit card. Call it if you don't know what it is. A favored tactic of hackers is to charge less than $50 on every card they stole. Most people won't question a small amount and just pay it. Don't fall for it. Question every transaction you don't recognize.

  • Get a firewall, if you don't already have one, and make sure it is turned on. In Windows XP, click Start/Control Panel/Network Connections and right mouse click the connection you are using right now (might be "Local Area Network" or "Wireless Network" or the name of the dial-up service). Select Properties and click the Advanced tab. Check the box that says "Protect my computer…" If you are really paranoid, there are several good firewalls on the market.


The most important advice I can give is don't be a victim. You should not only stand up for yourself, but also present as small a target as possible to hackers. Using your own common sense will keep you out of trouble much of the time. If you are in doubt, give the company a call...you know, with a phone…you dial and speak to another human. I know, I know, quaint isn't it?

Powered By Blogger
Wikio - Top Blogs - Politics
Happy to be at Home 1 Powered By Ringsurf
Proud Mommy Webring
© WebRing Inc.
Proud Mommy Webring
<< Prev | Ring Hub | Join | Rate| Next >>

WidgetBox Network


  © Blogger templates Shiny by Ourblogtemplates.com 2008

Back to TOP