I ran across this new app called “Wickr,” available from the iTunes store. I haven’t tested it yet, but it sounds amazing. It is supposed to be available for Android soon. Best of all, the basic version is FREE.
What does Wickr do? It’s an app that sends encrypted communications—photos, video, texts, email—to people you trust. Then, at a predetermined time, that communication will self destruct. It uses Advanced Encryption Standard (AES), Elliptic Curve Diffie-Hellman (ECDH), and Transport Layer Security (TLS) algorithms for encryption, which Wickr talks about here https://www.mywickr.com/en/downloads/RSA_Security_Announcement.pdf
Caveat: Don’t lose your password! You lose access to your account. Also, make sure that you read the “Frequently Asked Support Questions” before you install the app, so that you understand how it works.
Twitter recently added a new security feature that allows you to have your phone send a security code that you use as your passcode when you log in. While it’s true that using more than one type of account verification can make your account safer, does Twitter’s new two-factor authentication really make your account safer? Maybe not. Watch Josh Alexander explain it in this YouTube video and decide for yourself: Personally, I agree with Josh Alexander that Twitter’s SMS-based two-factor as presented in the video doesn’t go far enough to protect your information.
What makes a safer log-in? Well, believe it or not, when your bank makes you enter your user name on one screen [hopefully using HTTPS; there should be a lock somewhere on the page] and then the next screen has a picture that you chose and/or asks a challenge question or might even save information about your computer like the IP address. If the picture is wrong or you expected challenge questions that didn’t appear, don’t log in! If you log in from a different computer, you may get one or more challenge questions that you must answer before you’re authorized to enter your account. Adding SMS onto one or more of these authentication methods might make your log-in safer.
Yes, it’s painful, but it’s safer.
Why is what the bank does safer than what Twitter’s doing?
Because if you’re not really at the bank’s site, the hackers won’t know which picture you chose or the correct challenge questions to ask you. Hackers can’t (yet) make a bank website using your picture or the correct challenge questions, so it won’t be your account log-in.
What else makes online banking safer? According to this article http://news.yahoo.com/blogs/upgrade-your-life/banking-online-not-hacked-182159934.html, use WPA2 on your home wireless router, make sure your computer is virus free (OS patched, use an up-to-date antivirus program), and don’t use public Wi-Fi nor public computers. Another tip: Don’t choose challenge questions that anyone could easily find out about you, such as your mother’s maiden name. Under some circumstances, you can use your phone for online banking. Make sure you use a password screen lock on your phone. They also recommended that you have a remote wipe program installed on the phone; if your phone is lost or stolen you can remotely delete all the data off your phone. (Yes, remote wipe actually works. I tried it and bricked my iPhone, but the Apple Geniuses came through like champs!)
What is NFC you say? It’s a card that is intended to work without it having to touch the card reader. The problem is some people are getting charged twice even though they didn’t take the card out of their wallets or purse. It’s a good idea to get a RFID-shielding cover for your debit / credit cards and your passport. Or you can make a cover from aluminum foil, instructions here http://www.rpi-polymath.com/ducttape/RFIDWallet.php
Note: the cover might not keep the card or passport from being read entirely, but it will cut down on the distance that the contents can be read at.
I do not recommend trying to damage the RFID chip.
This story is a timely reminder to keep an eye on your financial transactions!
What’s a “Patent Troll”? One definition of a patent troll is an organization that owns a patent which it intends to use for the sole purpose of suing someone else. A patent troll typically does not market or manufacture the product that the patent covers. The FTC calls them “patent assertion entities” or PAEs, and recently released a 309-page report on patents available here http://www.ftc.gov/os/2011/03/110307patentreport.pdf.
Why would you care? Well, according to articles in Ars Technica, a patent troll recently has been sending letters out to small businesses of between 10-100 employees demanding that they pay a licensing fee per employee for using the scan-to-email function on their multifunction printer because of patents owned by MPHJ Technology. You can read more details of this story in http://arstechnica.com/tech-policy/2013/04/meet-the-nice-guy-lawyers-who-want-1000-per-worker-for-using-scanners/.
What is “medical record theft” and why would someone want to steal your medical information? Simple.
The hospital or clinic a person goes to most likely keeps their records on a computerized system called an “electronic medical record” or EMR. What is a thief looking for? Your medical record contains information like your insurance company information, other identity information, financial information, and drug information. The thieves use this information to steal medical services, obtain prescriptions, and maybe even identity and financial information to use in identity theft.
And what if the hospital or clinic shares information with another business partner, such as a consulting doctor?
Recent health care breaches:
780,000 medical records stolen from the Utah Department of Health on April 9, 2012. The article stated that the cyber-hackers were operating out of Eastern Europe.
Bitcoin is an open-source, peer-to-peer digital currency, using an MIT license. The site http://bitcoin.org/en/ explains what Bitcoin is and how to use it. It’s a very cool idea …
So what’s the downside you ask?
All you have to do is Google “Bitcoin issues” and a bunch of hits will come up dated within the last month:
But maybe one of the worst problems of all is an article published on May 2,2013 by Parity News: http://paritynews.com/web-news/item/1034-esea-league-stuffed-bitcoin-mining-code-inside-client-software. It started as an April Fool’s joke, where the E-Sports Entertainment Association (ESEA) League mined Bitcoins from their users by inserting code in their client software. At least, one of their administrators took responsibility for the “joke,” which wasn’t very funny in the end. Several users even claimed that their video cards were damaged because of overheating caused by the ESEA malware.
A cool idea, but maybe not a mature enough technology to use yet. Sometimes it’s a good idea to wait and see, especially if it involves your money or your privacy.
Intentional Privacy 