3 Scary Online Security Mistakes to Avoid!
Posted: 11/05/2012 15:50 by herodotusComments: 10
In the online world, terrors aren't reserved for Halloween. Hackers are very real, and they haunt the web like Freddy Krueger haunts people's dreams, looking to use your most personal information against you.
Fortunately, there are plenty of things you can do to protect yourself. Sometimes it's not a matter of making your system impregnable, just of making it a little bit more difficult for hackers to break into yours than into someone else's. With that in mind, here are three scary security mistakes you should avoid:

1. Not masking your social activities.

When it comes to using social networks and other online communities, it helps to "think like a thief," says Brad Gobble, a senior manager of information security at Mozy, an online backup service. In other words, don't divulge information a thief would want, such as your full name, age or place of residence. In the age of oversharing, that may sound impossible, but it's safest to keep identifying information to a minimum in online communities.
When it comes to sharing images, Gobble warns against posting pictures that include your car's license plate, your house number or the street sign for your neighborhood. Similarly, you might consider not wearing clothes in photos that could give away your school or business affiliations.

2. Not protecting your data.

"Data has value -- just like dollars or gems -- and is significantly more portable and easier to put in the hands of attackers," Gobble says.
Your first line of defence is a strong password. Don't use the same login name and password on different devices, and use a different set for each important website -- your bank, your email and so on. Each of your computers and mobile devices should also have its own password.
In addition to password-protecting your electronic devices, consider encrypting individual files. Do you calculate your taxes on your computer? Keep client invoices? Encrypt those files. A free tool such as Pretty Good Privacy can do this for you.
Beyond individual files, there are options for protecting the entire contents of your computer should it fall into the wrong hands. Gobble suggests Microsoft's Bitlocker*** or Apple's File Vault.

3. Not updating your software.

You might not think about it when using desktop software and mobile apps, but these programs can quickly become outdated. Even the best programmers can make mistakes, and when developers discover security flaws in their code, they patch the holes by putting out an update for users to download. Downloading these updates is one of the easiest ways you can protect yourself from intruders, Gobble says.
Consider turning on the auto-update function of your operating system and of any software programs that have one. For anything else, check regularly for new versions and download them promptly, he says.

***Obvious for many users, but not always obvious if you only treat your system as a gaming platform or word processor.

Permalink | Read herodotus's blog

User Comments on herodotus's blog

By herodotus (SI Herodotus) on 11/05/2012 15:54
You might ask: "What is BitLocker?"
BitLocker lets you encrypt the hard drive(s) on your Windows 7 and Vista Enterprise, Windows 7 and Vista Ultimate or Windows Server 2008 and R2. BitLocker will not encrypt hard drives for Windows XP, Windows 2000 or Windows 2003. Only Windows 7, Vista and Server 2008 include BitLocker. BitLocker drives can be encrypted with 128 bit or 256 bit encryption, this is plenty strong to protect your data in the event the computer is lost or stolen. BitLocker protects your hard drive from offline attack. This is the type of attack where a malicious user will take the hard drive from your mobile machine and connect it to another machine so they can harvest your data. BitLocker also protects your data if a malicious user boots from an alternate Operating System. With either attack method, BitLocker encrypts the hard drive so that when someone has physical access to the drive, the drive is unreadable. Now if you are a network admin and you need to harvest data from a hard drive when a machine fails, our tools include the functionality to prompt the admin for the recovery key so the hard drive can be accessed. We've done a good job at ensuring the data does not end up in the wrong hands, while making it easy for authorized users to access the data in the event of a failure.

"What does BitLocker do?"
Again, BitLocker encrypts the hard drive(s) to protect the Operating System from offline attacks. Server 2008, 2008 R2, Windows 7 Enterprise, Windows 7 Ultimate, Windows Vista Enterprise, and Windows Vista Ultimate all include BitLocker functionality. Windows 7 Professional and Windows Vista Business Edition and the Home Editions do not include BitLocker. The RTM versions of Vista only allow BitLocker encryption of the C: drive. SP1 for Vista, and Windows 7 include the ability to encrypt all of the hard drives belonging to the Vista and Windows 7 machine. Server 2008 (and R2) include the ability to encrypt all of its attached hard drives as well. BitLocker on a Server 2008 (and R2) server might not make sense for your servers in the Data Center, but using BitLocker on servers in remote offices makes a lot of sense. How many remote offices have their servers in secure Data Centers? They don't! If you're lucky, your server sits in a locked closet. If you're unlucky, it sits under someone's desk. Deploying BitLocker to these machines makes perfect sense
By SiyaenSokol (SI Elite) on 11/06/2012 02:39
Luckily I enjoy being a private person, so the chances of me posting information online that will put me at risk is quite slim.
By SirRoderick (SI Elite) on 11/06/2012 13:04
I usually just make shit up :P
By herodotus (SI Herodotus) on 11/06/2012 13:16
A one-time professional hacker, now with the AFP Cyber Crimes Unit, was driven around the streets of Melbourne and within 60 seconds was able to break into 5 home PC's, and collect all of the users' private data from the back seat of the car. Even PC's that had been powered down for the night - all through them having wireless network connections.
I just don't believe the majoity of those with internet connections realise just how simple it is to steal all of your personal info, if accessed by someone with a reasonable amount of knowledge and a lot of bad intentions.
Scraed yet?....:)
By SirRoderick (SI Elite) on 11/06/2012 13:46
I filter my network by MAC adress and have a 16 digit password with all kinds of characters.

So that should at least make them move on to an easy one right? :P
By herodotus (SI Herodotus) on 11/06/2012 13:59
Unfortunately no. If they want in the'll get in. Took this guy less than 3 minutes to get into a professionally encrypted system just for the purpose of the test.
This one-time hacker, now a network security advisor, had access to all personal records conatined within the PC including banking details, phone records and anything else he wanted.
The best you can hope for is protection against the casual or occasional hacker. If you get hit by a professional group (and they are professionals, replete with company structures, CEO's, Lawyers and bankers) there is no defence.
By SirRoderick (SI Elite) on 11/06/2012 14:09
Good thing I have nothing critical on there then
By herodotus (SI Herodotus) on 11/06/2012 14:37
Don't tell have a chest in the attic with all of your bank books, scrolls with passwords written in code (in lemon juice), nestled against your 13th Century armour and!
By SirRoderick (SI Elite) on 11/06/2012 14:45
The banking, it is paper based -_-

They'd have to hack the bank. Possible, but at least not targeted for me specifically.
By SirRoderick (SI Elite) on 11/06/2012 14:47
And they're in the basement