IT Security Blog

Choosing which data encryption to use

By

Harddisk-head.jpgOften we think of security in terms of applications that can be used to safeguard our data, but there can always be different approaches to the same problem. Encrypting the data in your hard drive may be the key to keeping it safe in these days of laptop theft.

Data encryption for hard drives can come in two forms. You can either use a software to encrypt your data, or have a drive that required password identification before gaining access to the files inside. The first method can be performed with a selection of open source and licensed software. The files are protected even when the Operating System is not on. This works in different ways. Some software create a virtual drive inside the hard drive to store the data. the virtual drive will take up an allotted amount of space in the drive, but it cannot be accessed unless the password or set of passwords have been given. This type of data encryption can also be performed on drives that had no form of security encryption originally like the computer you’re currently or even thumb drives.

Hard drives with encryption has been available for the past year, most often in the form of external drives that can be brought to different places and handled by more than one user. These hard drives operate with full encryption, where the data in the whole disk is encrypted. Some of them combine password identification with biometrics to give double security to the files inside them. These drives come with a chip containing special software that does the decrypting and encrypting without taking too much time. The problem with this method is that if the password is forgotten, the data can’t be recovered. Seagate had recently announced that they will be shipping hard drives with an improved full disk encryption they call DriveTrust on January. These two methods will protect the files in the hard drive, and it’s only a matter of choosing which suits you best.

[tags]data encryption, data, security, drive encryption[/tags]

Legal Software Updates

By

windows

Anecdotes from people are interesting all the time. There is this one person who was using a pirated copy of Microsoft Windows XP. One time, this person tried getting the security updates. Then something happened: this person had a message on the computer that the copy of Microsoft Windows XP is pirated and if the person wanted to keep on using it with security updates and stuff like that, a legal copy must be purchased. Now the thing is that everytime the computer is booted up, it shows that message. The person told me this: the moral lesson for those using pirated software is to not update!

Then again, how could one keep on using software that hasn’t been updated? There are security updates and sometimes they are critical ones. If you can’t get them for your system, you never know what you are exposing your computer to. Think of the MySpace news some time ago. Internet Explorer had a vulnerability. If you are a user who did not update, you would have probably been a victim.

Now we see from this anecdote that it is important to have legal software. We do not just have something we could use without guilt but we also get whatever updates the developers have in store. It would be bad for productivity to keep on dealing with malware and viruses because of the lack of updates.

If you are someone who can not afford legal copies of software because they are expensive, you could always download free and open source software. That way you have legal software and you could secure your system because you would have legal access to the security updates and all that.

AOL Spam Policies

By

AOL are planning to charge for emails. Mass mailers will be able to pay for a higher priority delivery, bypassing the AOL spam filters and ensuring that mail is received directly in the end users inbox.

This is, obviously, a bad thing since spammers will be able to pay a small offset to ensure that their messages are delivered direct to the end users inbox, whilst legitimate messages will face the AOL spam filter gauntlet. Programmes such as this will only see a rise in spam, and a fall in the success rate of legitimate mail being successfully delivered.

Tips to keep your identity safe

By

http://commons.wikimedia.org/wiki/User:Juntung

Identity theft sounds like it’s mostly done online by hackers who try to scam your information off you, but some of the easiest techniques can be done without even logging in front of a computer.

Frank Abagnale is probably the best example of a successful identity thief. In the late sixties he created different personas to get jobs, free airplane trips, and draw money from various banks before being caught and sent to jail for six years. Since then he’s given his expertise to combatting the same crimes he was charged with, becoming one of the foremost document security experts out there. Here’s several tips from him on how to avoid getting your identity stolen:

  • Shred, shred, shred. Dumpster diving can turn up documents with revealing personal information printed on them. Try to use a cross cut shredder to get Some of the documents you should shred are pre-printed checks and pre-approved credit card mailings. They may have your credit card or account numbers written on them, and it only takes a phone call to order and put that to your account.
  • Check if you’re missing any mail, especially credit card records and bank statements. And while we’re on the topic of mail – go through your statements and make sure all of your purchases are accounted for.
  • Don’t carry anything you don’t need. This applies to Social Security cards, extra credit cards, and any other papers. Leave them in a safe place at home. If you lose them or they get stolen they’ll be more than enough to take your identity.
  • In the eventuality that your credit card or papers are stolen, know what government agencies and bank hotlines you can call to report it immediately. The smaller that window between the theft and the report, the shorter the time they can use your data.

[tags]identity theft, tips, Frank Abagnale[/tags]

Can they offer anonymous browsing?

By

September saw the introduction of two new web browsers focusing on anonymous web browsing. Early this month, Browzar was launched by Freeserve founder, Ajaz Ahmed. It automatically deletes any cookies after each session, does not save save pages in cached folders, and its relatively small size makes it easy to bring along. There has been issues on it being merely an IE shell and that search results lead to sponsored links and adverts. Also, users need to download any security patches from Microsoft once a flaw has been identified for IE. After the two recent attacks on the browser, many are skeptical to its overall usability.A screenshot of browzar

Torpack on the other hand came from Hacktivismo, a group of computer security experts and human rights workers, and is based on Mozilla’s Firefox. No installation is required to run the browser, though the two folders generated from the free download have to be kept together for it to run. This browser encrypts the data passing from the user’s computer and the TOR network, and causes the IP address seen by the website to change every few minutes. Torpack does have limitations; browsing speeds will be slower and it’s suggested not to log-in sites which cannot offer secure log-ins.

Both of these applications are not meant to replace the current browsers you’re using in your computer. It’s interesting to note that they both have privacy and secure browsing as their main selling points. These features are useful for users who are leery of going online in public access locations like schools and Internet cafés, where a secure connection cannot be guaranteed. So far both of these are available for free download, and you might want to see which one will stand the test of continuous use.

How pharming works

By

e-bay splash page
Though we’ve recently covered a few scams about phishing and e-mail, some swindlers have graduated from targeting victims one-by-one to a large-scale scam called pharming. Pharming can reel in potentially millions of unwitting victims to their schemes without anyone realizing it.

Pharmers divert as many users as they can from legitimate commercial sites to malicious ones. These sites look exactly like the genuine site, but when users sign in with their log-in names and their passwords, this information is taken by criminals. Once they have these, they can access your account information and take credit and bank account numbers for their own nefarious use. Pharming are often targeted o auction and banking sites where financial rewards are great.

The most alarming pharming threat involves something called DNS poisoning. All the hosts in the internet are identified by numbered strings called IP addresses, and computers identify different sites using these. Because it’s difficult to remember a string of 32 numbers, the Domain Name System or DNS translates these addresses to a string of text that will serve as its directory entry. A DNS directory gets poisoned when it’s altered to hold false information leading to the bogus site. Typing in the site URL serves as no guarantee, because you will still be taken to the fake site. Even savvy net users can be caught by this technique.

Site users can protect themselves by logging onto their sites using a secure (https://) connection. If you’re suspicious, you can also check your commercial site’s security certificates to see if they are real. Some sites like yahoo offer various authentication methods such as personalized seals on their mail service page, so you can identify the real site from the fake ones.