Monthly Archives: September 2009

Web Browsers Have Major Privacy Flaw

While it is true that the most recent versions of Microsoft’s Internet Explorer, Mozilla’s Firefox and Google’s Chrome all offer a privacy mode, the modes require an opt-in status by the user.

By opt-in I mean that these are features that are offered in addition to the basic, standard browsing modes of those applications. Users can delete cookies; browsing history or even block cookies entirely with the latest browsers.

Internet Explorer 8 has an “InPrivate” mode in which you can prevent cookies and your browsing history from being stored in the browser and therefore from being viewed by someone looking into the history of where you have been with that browser.

Firefox’s private browsing option will prevent cookies, your browsing history and passwords you use from being stored. On top of all of that, there are Firefox add-ons from other software creators that offer additional privacy options.

Chrome will prevent data from being stored on your computer and will prevent cookies from being active during “Incognito Mode” sessions.

But the one thing that none of these browsers will do is mask your IP. This is a major privacy flaw with all of today’s browsers.

If your IP is not masked then any web site you visit, no matter what level of security you activate with your browser, will still be able to record your IP address and a host of other information about you.

Your IP address is your online identity and can be used by hackers to break into your computer, steal personal information, or commit other crimes against you. Advertising companies get to know your every move; your every desire; your every fantasy whenever you visit any website with your IP address exposed.

Today’s browsers cannot stop that from happening. It is a major privacy flaw that they have. Learn how you can protect your privacy here.

Oh For The Love of Spam

Spam is about consent, not content.

But just because someone sent you an email that you did not ask to be sent, does not necessarily make it spam. Generally speaking, an email is considered spam if it fits 2 criteria:

1. It is unsolicited and
2. It is sent in bulk

If you have posted your email address in an online forum, a chat room, even on your own website, you’re going to get spam. If you’ve done any of those things, don’t complain. Why the spammer is wrong for improperly using your exposed email address, why did you put it out there for everythone to see if you don’t want to get email? Just so you can complain about something?

But also realize that spammers use viruses, Trojans, email mail list purchases and bots that collect email addresses to make and create their improper bulk mailing lists.

Typical spam-scams usually have subject lines like:

– Update your account
– Warning [something bad is about to happen to you]
– Free TV [or computer or something expensive]
– I’m General Obi Wan Kenobi and Need Your Help [Nigerian emails]

There is one Cardinal Rule when it comes to replying to spammers: DON’T!

Don’t tell them to take your email address off their list; don’t write back an angry email telling them you’re going to personally see them all in jail; don’t write them back and tell them they’re going to burn in hell (even if they are). Because if you do any of those things, then the spammer has “gotcha” and knows he or she has a real, live email address.

Reply to that spam email and guaranteed you’ll get a ton more. Well, maybe you like that? Oh for the love spam!

Who Do You Trust?

The Ponemon Institute, an information security research company, and TRUSTe, a privacy trademark company, just completed a survey to gauge the privacy policies of leading consumer brands. Along with the survey, criteria used to rate these companies included:

– clarity and readability of privacy statements
– notice
– access to account information
– cookie management
– in-and out-of-network data sharing practices and
– availability of customer service staff.

1. eBay (the most trusted site for privacy)
2. Verizon (first telecommunications company to make the top 3)
3. US Postal Service (first government agency to make the top 3)
4. WebMD
5. IBM
6. Procter & Gamble
7. Nationwide
8. Intuit
9. Yahoo!
10. Facebook (first time in the top 10, despite its privacy issues).

So what do you think? The postal service? Facebook? Yahoo? Do you trust them?

I Can Guess Your Social Security Number

Armed with with your date and place of birth, your Social Security number can be found.

This is according to a study by researchers at Carnegie Mellon University in Pittsburgh. And it is based upon the predictability of the way the SS numbers are assigned.

Information about an individual’s place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs.” Carnegie Mellon University

The first 3 numbes of your Social Security are known as the “area numbers” and are determined by zip code at the time the SS number is assigned.

The middle 2 numbers, called “group numbers” are given within a region and that region number may be the same for years. Lists of these numbers are easily available through web sites associated with the Social Security Administration.

The final 4 numbers are called the “serial number” and are assigned to people in sequence.

According to this report, if you obtain the SS numbers of deceased people (easy to do through death records) then that information can help narrow down the possible SS numbers for people who were born around the same time and who are still alive.

If you were born after 1988 its even easier to guess your Social Security number because that was the time when the U.S. Government began promoting the effort to assign numbers shortly after the birth of someone. And if you were born in a small state, it is also easier to guess your Social Security number.

Peter Swire, a former Presidential advisor on privacy issues, told the New York Times that “Social Security numbers are an aging technology, and we have to do serious planning for what will come next.”

According to the Times article:

The findings, published Monday in The Proceedings of the National Academy of Sciences, are further evidence that privacy safeguards created in the era before powerful computers and ubiquitous networks are increasingly failing, setting up an ‘architecture of vulnerability’ around personal digital information.”

Are WiFi Spots Really Safe?

No.

When you’re in a WiFi you’ve got you’re trusty laptop and all the “anti” software loaded for bear. But what about the WiFi spot you’re in? Consider this:

– Anything on your screen can be seen by others that are near by.
– Are the people around you, who are using their laptops, really there to do business, or watching for unsuspecting patrons?
– Watch out for the “over the shoulder” peekers. As you hunt-and-peck your password, you can be sure someone is trying to watch those keystrokes and the keys that are being hit.
– The owner of that WiFi spot just may have a sideline in the identity theft business.
– Are the security cameras in that WiFi spot recording your screen?

Whenever you’re in a WiFi spot, and trying to access a site that require your user name and password, make sure the URL starts with HTTPS (and not HTTP). If it starts with HTTPS then your information is being encrypted before transmission and the data you send or receive from that URL is protected from cyber snoopers.

If you’re sending unencrypted information over any WiFi spot you can unknowingly turn your computer into an open book about your life and your personal finances.

And you become the perfect candidate for identity theft.