Security/Privacy

Countermeasures for Identity Theft from Frank W. Abagnale

An article by Frank W. Abagnale, the lecturer and consultant, entitled 14 tips to avoid identity theft details some good advice for protecting your identity.

Abagnale's tips:

1. Guard your Social Security number. It is the key to your credit report and banking accounts and is the prime target of criminals.

2. Monitor your credit report. It contains your SSN, present and prior employers, a listing of all account numbers, including those that have been closed, and your overall credit score. After applying for a loan, credit card, rental or anything else that requires a credit report, request that your SSN on the application be truncated or completely obliterated and your original credit report be shredded before your eyes or returned to you once a decision has been made. A lender or rental manager needs to retain only your name and credit score to justify a decision.

Assessing Internet Explorer Use in Light of Vulnerabilities

I think some of the wrong conclusions are being drawn about the latest exploits for some known vulnerabilities in Internet Explorer (IE). First of all there is NO production level patch for Windows that will protect you from this exploit. SP2 RC2 is a release candidate, thus RC2. Microsoft says, "Customers who are already following our safe browsing guidance significantly reduce their risk from this type of attack." Reduce the risk, not eliminate it.
http://www.microsoft.com/security/incident/download_ject.mspx

Dump Internet Exploder! Get another browser!

Look, it's simple, Internet Explorer (IE) and Outlook Express (OE) are the "targets of choice" for most virus and worm writers. Add to the security argument the fact that Microsoft has made no innovative steps and continues to ingore (even thwart) internet standards and the choice should be simple. Just switch to Mozilla, Opera, Netscape, or Safari. Every one of them is more secure and standards complient than IE. They all are more innovative. Why not pull one down and give it a whirl.

Top Ten Tips to Make Attacker’s Lives Hell

Top Ten Tips to Make Attacker’s Lives Hell - Chris McNab breaks down his top ten tips all network administrators should follow to protect their networks from opportunistic threats and make it hard for the more determined attackers to get anywhere. Chris is the author of the recently released Network Security Assessment. [O'Reilly Network Articles]

Assessing Email Harvester Countermeasures

It should be understood that every solution has trade-offs. Some solutions have such negative trade-offs that they remove themselves from contention.

Think of it like this:

Step 1: What assets are you trying to protect?

  • The e-mail inboxes of people in my community

Step 2: What are the risks to these assets?

  • Spam in the inboxes.

Methods spammers use to gather addresses:

  1. Harvesting e-mail addresses from web pages
  2. Harvesting from search engines
  3. Harvesting from whois databases
  4. Harvesting from newsgroups and bulletin boards
  5. Web forms (like formmail.cgi)
  6. LDAP siphoning
  7. List purchasing from unscrupulous web sites
  8. Lists of leads generated from their own sites
  9. Dynamically generated addresses from a dictionary or based on an organizational nomenclature
  10. etc, etc, etc.

Step 3: How well does the coutermeasure mitigate the risks to the assets?

Schneier's five step process for assessing security

Bruce Schneier, author of Beyond Fear, uses the following five step process to assess security:
  1. What assets are you trying to protect?
  2. What are the risks to these assets?
  3. How well does the security solution mitigate those risks?
  4. What other risks does the security solution cause?
  5. What trade-offs does the security solution require?
Security is not mysterious, with these five steps and some imagination you can assess security and make better decisions about it.

Pages