Archive for the ‘Financial vulnerabilities’ Category

WannaCry has effectively died down according to Wikipedia < https://en.wikipedia.org/wiki/WannaCry_ransomware_attack&gt;. However, if you do not WannaCry about some other malware, take some preventive actions now to make your systems less vulnerable to future attacks. If it is not easy to attack you or your computer systems, in most cases a thief will look for an easier target.

Organizations

  • Keep system and application versions up to date and patched, especially critical patches
    • If the organization still has to run computers running XP (or older operating systems), get them off the network
  • Keep antivirus software current and scan daily
  • Make regular, consistent backups (and test them to ensure files are recoverable)
  • Create network zones
  • Place public-facing web servers in DMZs
  • Restrict administrator rights
  • Change default passwords and enforce password rules on users
  • Train users in security awareness, especially how to avoid clicking harmful links
  • Take infected machines off the network and clean them up as soon as possible, so that the infection does not spread to other machines on the network

These actions alone will stop a considerable amount of malware and other attacks. They do not require expensive equipment or software, just the time to set them up. And these practices will help any organization better comply with regulatory requirements.

For instance, Microsoft came out with a critically rated security patch for Microsoft Windows SMB Server on March 14, 2017. This patch would have made Windows systems resistant to WannaCry. The WannaCry attack started on Friday, May 12, 2017, almost two months later. While I understand the need to test patches to ensure they will work in an environment, testing for a couple of weeks should be adequate, especially for critical updates.

Individual systems

Many of the same actions will keep your systems safe:

  • Keep system and application versions up to date and patched; in fact, set updates to run automatically and schedule them for  a convenient time frame
    • If you are running an older operating system such as XP, take it off the Internet
    • Uninstall applications that you no longer use from both your phones and computers
  • Keep antivirus software current and scan daily
  • Make regular, consistent backups (and test them to make sure files are recoverable)
  • Do not run with administrator rights
  • Change default passwords on routers and modems, and choose long, strong passwords for all your accounts
  • Do not click harmful links in email, on Facebook, or other websites

Prevention is the key for physical theft also.

Our neighborhood has been experiencing a recent rash of car break-ins and theft of items on porches. Many of these thefts happened when someone forgot to lock their car.

Be a little paranoid! Assume that someone is always watching you. For instance, you might not realize the dog walker walking by your house was watching you put a computer case in the trunk or that the 16 year old who lives next to you tries car doors at one am because he is bored or has a drug problem. Leaving a laptop in the car is not ever a good idea, but if you have to leave valuables in your car, put them in your trunk before you get to your destination. Lock your house and car as soon as you shut the door. Do not leave extra keys on your property or stashed on the car. Do not leave the garage door opener in the car. When you are working on that report in a coffeehouse, take your laptop, phone, keys, and wallet with you when you go to the restroom. Do not leave your purse or phone in a grocery cart when you turn around to pick out items for dinner.

Medical record theft is on the rise, and according to  Reuters ( http://www.reuters.com/article/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924 ), a stolen medical record is worth ten times what a stolen credit card number on the black market. The reason medical records are worth so much more, is because they are used to steal benefits and commit identity theft and tax fraud.

How easy is it to steal medical records?

This morning, I read Brian Kreb’s report on True Health Diagnostics health portal, which allowed other patients’ medical test results to be read by changing one digit on the PDF link. The company—based in Frisco, Texas—immediately took the portal down and spent the weekend fixing it. https://krebsonsecurity.com/2017/05/website-flaw-let-true-health-diagnostics-users-view-all-medical-records/

While I think it is great they fixed the problem so rapidly, I am disgusted that our medical information is so often flapping in the breeze. Health professionals are notoriously lax about protecting their patients’ medical information. A security professional that I know defended medical people by saying they do not understand HIPAA/HITECH. Yes, I know they do not necessarily understand the technical details. But is ignorance an excuse? I do not think so. They have IT people to support those computers and medical professionals are supposed to attend HIPAA training on a regular basis.

For instance, upon reading the FAQs at http://www.holisticheal.com/faq-dna , I noticed that after a patient completes their tests (recommended by my doctor), this practitioner sent results in email. It is not a simple test like cholesterol; it contains information about someone’s DNA.

After I emailed them and told them I would not consider using their service because email is not secure unless encrypted and in my opinion this practice—sending medical results in unencrypted email—is contrary to HIPAA/HITECH, they changed their policy. While they now send the results for US patients on a computer disk through the mail, they still send international clients their results through email.

I have frequently caught my own medical professionals leaving their patient portals open when I am alone in the exam room or even away having tests. During one notable session, without touching the computer, I could see a list of all the patients being seen that day on the left, and the doctor’s schedule across the top (including 3 cancellations). Another medical professional texted me part of my treatment plan. (I thought we were limiting our text conversation to time, date, and location. Otherwise I never would have agreed to text. I had never even met this person!) Another provider grouped three receptionists with computers (no privacy screens) in a circle with windows on two sides. I could read two of the screens when signing in and the third when leaving and I saw them leave their screens open when they walked away from their computers so that the other receptionists can use those computers.

Granted, these incidents may not be breaches, but I think they are violations of HIPAA/HITECH and they could lead to breaches. What are the chances they are using appropriate access control, backing up their systems, encrypting their backups, thinking about third-party access? Are they vulnerable to phishing, crypto ransomware, hackers, employee malfeasance, someone’s child playing with the phone?

Yes, I get that people make mistakes. The problem is they have the ability to make mistakes! Set up fail safes. Require each employee’s phone to be physically encrypted and give them a way to send encrypted emails or texts or do not allow them to text or email patients. Make screens lock after five minutes or sooner. Give them training. Spot check what they’re doing.

I always discuss these issues when I notice them with the practice HIPAA Privacy Officer (and sometimes change medical providers if egregious). Does it help? Maybe. But it always makes me wonder what I have not seen.

Pay attention! Protecting your data helps protect everybody’s data.

The number one rule for safely using a debit card: Don’t! But, if you have to use a debit card, here are some suggestions from two of Austin’s leading computer security experts.

Michael Gough and Brian Boettcher are co-creators of LOG-MD, a sophisticated analytical tool used by computer security professionals. I recently had a conversation with them about how to use credit cards and debit cards more safely.

They said: Limit debit card use to only one local grocery store chain, especially if it has gas stations and stays open 24 hours a day. That way you can get cash without using the card in an outside ATM. Of course, the risk of being robbed is also much higher at an ATM. If you always use the same grocery store, then if the number is stolen, you know where it happened.

They said: Do not ever use a debit card at a self-service checkout, an ATM, or a gas pump. It is almost impossible to tell if the card reader has been compromised.

(Brian Krebs, who writes the blog KrebsOnSecurity, talks about card skimmers in this series of articles. Krebs updates these articles on a regular basis and they are well worth reading. In fact, as I have mentioned before, his column is a great place to find out about security issues.)

They said: You may also be able to buy store gift cards with your debit card to use at their gas pumps without having to pay a fee to use them the way you do with MasterCard or Visa cards. And the cards may even be reloadable. The one drawback? If the card is lost or stolen, the money on it is not replaced the way it would be if you used a credit card.

They said: Do not use a debit card at a restaurant. You have no idea if the person is using a hand-held skimmer on your card. Someone may have placed a skimmer on the restaurant’s card terminal.

 (Restaurants are weak in security because the staff holds your cards out of your sight and out of your control. The authors of this blog each had fraudulent charges placed on their cards after two visits to the same restaurant in the same week. We usually take turns paying. We had different servers each night. We think that they had a little ring going.)

They said: Debit cards are less secure than credit cards because debit cards are directly hooked to a bank account or credit union account. If a debit card gets compromised, your account can be drained. It may take some time—even months—to get the money replaced in your account. And the money may not be replaced at all since it is not insured as it is with a credit card.

They said: Most banks and credit unions are helpful about getting a new debit card, but if a credit card gets compromised, usually a new card can be received in 2 or 3 days, maybe even faster if you can pick it up at your financial institution.

Here are their recommendations for safer credit-card use:

They said: Get a second card with a low limit. This card should be mainly used at less safe locations: public kiosk use (think train tickets or parking) and online shopping, as well as automatic payments. If you have to use self-service checkouts, use the second card. Avoiding self-service checkouts is the best strategy.

They said: That second card can be a handy back-up, in case your main credit card is lost or stolen.

They said: Look over your statements on a regular basis for transactions that you did not make.

They said: Patronize companies that use chip and signature (in the US) card terminals, which in most cases was supposed to be in place in the US by October 2015. Europe uses chip and pin. If a company still has not upgraded from magnetic stripe terminals, tell them why you do not want to shop there. (Or only use cash there.) Gas pump card terminals are required by major credit card brands to be updated to use chip and signature (in the US) by October 2017.

They said: Keep a list of automatic payments, and when they renew. Cancel automatic payments as soon as possible when you switch to another card.

One problem with automatic payments is that they may move to a new card even if you did not authorize it.

They said: Some cards (American Express is one example) will allow you to set a daily limit on spending. They usually alert you as soon as possible if spending goes over that limit.

They said: Replace your cards at least every two years.

They said: Put a credit freeze on your credit. The FTC explains the pros and cons of credit freezes here. There may be a small charge for freezing and unfreezing your credit file, but it is cheaper than credit monitoring, which will not tell you about a breach until after it has already happened.

Michael said: Using credit monitoring is like going to a dentist who only monitors your teeth, but does not fix any cavities found.

They said: Get a copy of your credit report from each of the three credit bureaus yearly. You can cycle them so you get one every four months.

They said: As soon as you hear about a mass data breach that could involve your accounts, call your bank or credit union and request a new card. Do not wait for a notification.

They said: Keep records of each card, the card numbers, the customer service phone numbers and addresses. (It is pretty easy these days to make blow-up copies of the fronts and backs of your cards.)

Michael Gough has worked in the IT and Information Security field for over 18 years. He has a wide variety of experience that includes positions as a security analyst for the State of Texas and the financial and health-care sectors, and security consulting with Hewlett Packard. Michael currently works in the health-care sector as a Blue Team Defender, incident responder, and malware fighter.

Michael has created or co-created several tools used in the security industry, such as LOG-MD, which is a logging tool, and the “Malware Management Framework,” which is used to discover and manage malware. In 2012, Michael discovered a type of malware called Winnti that continues to plague gaming and pharmaceutical companies.

 Brian Boettcher, co-creator of LOG-MD and co-host of Brakeing Down Security, has worked in the IT and Information Security fields for a number of years. Brian currently works as a senior security engineer and incident responder. He is a member of several security groups and presents regularly at security functions.Do not ever use a debit card at a self-service checkout, an ATM, or a gas pump. It is almost impossible to tell if the card reader has been compromised.

I get my hair cut at the local salon of a famous chain of beauty schools that stretches across the US. They are a subsidiary of a much larger, high-end beauty products conglomerate. I have gotten my hair cut at various locations for years. It’s a good value for the money, and the resulting hair cuts are at least as good as and often better than ones I have received at their full-price salons.

Friday, I called to schedule a haircut and a facial. The scheduler asked for my credit card number to reserve my appointment. I asked if this was a new policy. The scheduler said they only asked for a credit card number for services that had a large number of no-shows. I asked when my card was charged, and she tried valiantly to explain how it worked.

I declined to give her my card and asked her to set up an appointment only for the haircut.

The next day, when I went in for my hair cut, I asked for their written policy on storing credit card numbers:

  • How long is the card stored in their system?
  • Who has access to it and what can they see?
  • How and why is a transaction against my number authorized?
  • What other information are they storing with my credit card number? Name, address, phone number …
  • Are they using a third-party application or does a third party have access to my information?
  • Are they following the best practices (for example, encrypted databases and hashing card numbers) recommended by the Payment Card Security Standards Council, in particular, the Payment Application Data Security Standards, which are available from https://www.pcisecuritystandards.org/security_standards/index.php ?

The receptionist referred me to their call center, where I eventually spoke with a manager, who could not answer my questions. She promised to find out and email me the policy, which I have yet to see.

I mailed a letter to the executive chairman of the beauty products conglomerate and the manager of the local school. I am not going back unless they come up with a satisfactory policy. Any organization that stores credit card information should have a written policy that explains how they protect it, and it should be available on customer request. It is not only best practice from a Payment Card Industry point-of-view, but it avoids misunderstandings between customers, employees, and management.

I’ve been a customer for over 20 years. Privacy matters, data security matters, and if your organization doesn’t think enough of my business to adequately protect my information and be able to show me, I am going someplace that will. No matter how much I like your hair cuts.

As I do almost every day, I was looking through security news this morning. An article by Graham Cluley about a security issue—CERT CVE-2015-2865 —with the SwiftKey keyboard on Samsung Galaxy phones caught my eye. The security issue with the keyboard is because it updates itself automatically over an unencrypted HTTP connection instead of over HTTPS and does not verify the downloaded update. It cannot be uninstalled or disabled or replaced with a safer version from the Google Play store. Even if it is not the default keyboard on your phone, successful exploitation of this issue could allow a remote attacker to access your camera, microphone, GPS, install malware, or spy on you.

Samsung provided a firmware patch early this year to affected cell phone service providers.

What to do: Check with your cell phone service provider to see if the patch has been applied to your phone. I talked to Verizon this morning, and my phone does have the patch. Do not attach your phone an insecure Wi-Fi connection until you are sure you have the patch—which is not a good idea anyway.

~

An interesting article in Atlantic Monthly discusses purging data in online government and corporate (think insurance or Google) databases when it is two years old, since they cannot keep these online databases secure. I can see their point, but some of that information may actually be useful or even needed after two years. For instance, I would prefer that background checks were kept for longer than two years, although I would certainly like the information they contain to be secured.

Maybe archiving is a better idea instead of purging. It is interesting option, and it certainly deserves more thought.

~

Lastly, LastPass: I highly recommend password managers. I tried LastPass and it was not for me. I do not like the idea of storing my sensitive information in the cloud (for “cloud” think “someone else’s computer”), but it is very convenient. Most of the time, you achieve convenience by giving up some part of security.

LastPass announced a breach on Monday –not their first. They said that “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”

For mitigation: They have told their user community that they will require verification when a user logs in from a new device or IP address. In addition,

  1. You should change your master password, particularly if you have a weak password. If you used your master password on other sites, you should change those passwords as well.
  2. To make a strong password, make it long and strong. It should be at least 15 characters—longer is better—contain upper- and lowercase letters, digits, and symbols. It should not contain family, pet, or friend names, hobby or sports references,  birthdates, wedding anniversaries, or topics you blog about. Passphrases are a good idea, and you can make them even more secure by taking the first letter of each word of a long phrase that you will remember. For example:

    I love the Wizard of Oz! It was my favorite movie when I was a child.

    becomes

    IltWoO! IwmfmwIwac$

    Everywhere a letter is used a second time, substitute a numeral or symbol, and it will be difficult to crack:

    IltWo0! 1>mf3wi<@c$

  3. When you create a LastPass master password, it will ask you to create a reminder. Let’s say you took your childhood dog’s name, added the number “42,” and the color “blue” because he had a blue collar to make your new master password: osC@R-forty2-Blew! If your reminder is “dog 42 blue,” your password could be much easier to crack. Maybe you even talked about Oscar in a Facebook post. So again, do not use a pet’s name in your password. Then put something in for the reminder that has no relation to your password: “Blank” or “Poughkeepsie” for instance.
  4. Keep your master password someplace safe. Do not leave a copy in clear text on your phone or your computer or taped to your monitor. Put it in a locked drawer or better—your safe deposit box.
  5. Back up your password database periodically to a device you store offline, and printing the list and storing both the printout and the backup in a sealed envelope in your safe deposit box is a good idea as well.
  6. Use two-factor authentication. If you don’t know anything about it, this Google account article will explain it.

I have recently started using the WhiteHat Aviator browser, which uses the anonymous search engine Disconnect. It is available for Windows and Mac here. It works pretty well (although it is sometimes slow). When I use it for sites like Gmail where I use two-factor authentication, I do have to enter both the second factor and the password every time I load the website. It will not save the code like Firefox can for thirty days.

I am planning on installing Disconnect on my phone next. If that works out, I will try the premium version, which includes encrypted Internet, safe browsing, and location control.

Another anonymous search engine is DuckDuckGo.

I also use Firefox with extensions NoScript, Ghostery, Adblock Plus, and Lightbeam. Lightbeam is particularly fascinating to look at; it shows all the sites that track me, even after all those add-ons. NoScript can be painful to use because you have to enable every single site.

After the last set of Adobe Flash 0days (two in a week!), I uninstalled Adobe Flash and Air. After all, if I really need Flash, I can always use Google Chrome, where Flash is built in.

I rarely use Internet Explorer any more.

And while you are updating your browser, make sure your Java version is current.

A friend of mine called me for help after she started getting pop-ups every time she opened her web browser. She asked me how her computer got into this mess. While I could not pinpoint an exact cause (no log files), I suspect she downloaded crapware with a software installation she trusted.

She also wanted to know why anyone would want to inflict this malware on her computer. The answer is simple: Money.

So what can you do to avoid this problem? The consensus advice is to only download programs from a trusted source. Ok! That’s great advice! But what is a “trusted source”?

HowToGeek.com explains in “Yes, Every Freeware Download Site Is Serving Crapware” that all the major free download sites–Tucows, CNET Downloads / Download.com, FileHippo, SnapFiles, MajorGeeks, and yes, even SourceForge–include adware and even malware with their installers. While some sites are better than others about telling you what they’re including and about allowing you to uncheck those additions, they all do it.

What to do instead? Go to the developer’s website and download from there. And support those software authors that do not include crapware by donating to support their development work.

Other steps to take:

  • Back up regularly (at least once a week or oftener), then disconnect the media. Test your backups by periodically restoring a file. I also recommend alternating backup media to offsite storage, such as a safe-deposit box. Backup media–just like any other technology–can break, become corrupted, get lost or stolen.
  • If you back up to a  cloud provider, your back ups can become unavailable if their storage media becomes unavailable for any reason, so use physical backup media as well.
  • On Windows systems, set System Restore Points.
  • Change your IMPORTANT passwords as soon as you can from a computer that is not infected. Use a unique, strong password for each site.
  • Can’t remember all those passwords? Use a password manager. Note: Do NOT lose this password! I use the Professional versions of KeePass and Portable KeePass, and KeePass2Android (available from Google Play), but cloud-based LastPass is also very popular. (LastPass is more convenient, but I am leery of cloud-based services for availability reasons.)

If you have recent back-ups and your files get locked by a version of CryptoLocker / CryptoWall, you may not have to pay to get your files back (depending on how recent your backups are).

For an interesting read, check out Kaspersky’s 2014 Trends in the Internet Security Industry.

Crime in the Workplace

Posted: January 20, 2015 by uszik11 in Security Breach, Vulnerabilities
Tags:

Your need to protect yourself from your co-workers is an unspoken truth. In criminology, we say “crime knows no neighborhood.”  In other words, crime is everywhere, not just in one bad place. People are people everywhere.   At work, we steal inventory and information from our employers.  We steal money and other tangibles from our colleagues.  Of course, I do not do those. Of course, you do not, either.  But other people do.  Here in America, about 20% of us are habitual perpetrators.

If you work in a small shop, you probably are among people you know well enough.  Nonetheless, your company is still in a shared space of some kind, a building, a strip mall, a street. Everyone there is in your world. You cannot know them all.

If you are in a large enterprise, the statistical facts are warnings.  If you have 1000 people in your building, then you meet 200 perpetrators every day.  Background checks only reveal the habitual, compulsive, or genetic predators who have been caught.  But many aggressors are opportunistic and competent. Routine offenders get away with harming others because no one speaks up.  And it is not easy to confront a bully or report a thief.  So, the harms and crimes continue.

Generally, security falls under the control of the facilities manager.  Rarely does an organization have a chief security officer at the same level as the chief financial officer or chief information officer. Facilities managers are concerned only with keeping costs down. Facilities managers seldom have professional training in security. As a result, most buildings have too few guards, posted in the wrong places, at the wrong times, assigned to futile activities.  Security is reactive, not proactive.

Badging and other controls for identity and access tend to be minimal and ineffective. You have no idea who is in your building with you.  Vagrants know all the ways to get in.  Professional thieves have no problem getting through the front door.

Professional thieves work large office buildings with public traffic. They look just like everyone else in our casual dress society.  They walk the halls peeking into offices, and trying doors.  Laptops are an easy grab.

Engineers and programmers are a special problem.  They enjoy getting around locks; and they are good at it.  The statistics apply to them as well. People who make a lot of money steal and bully just like poor people. Crime knows no neighborhood.  Even the 80% of them who are nice, still leave us vulnerable when they gimmick, jimmy, or shim a lock.  They have no control over who the next person will be to come through that door.

Protecting yourself at work begins with a few simple rules.  Lock your desk and your computer when you leave the area.  Always take your purse or wallet with you.  Never leave your laptop, phone, or pad unattended in the cafeteria or restroom.

Generally, if you have a problem with someone, you have six choices.

  1. You can confront them.
  2. You can go to your manager.
  3. You can take it to human resources.
  4. You can report it to security.
  5. You can call the police.
  6. You can ignore them.

The bottom line is that it is better to prevent a problem than to fix one.

 

Let’s look back at 2014 to review events that could impact our information privacy. Some substantial vulnerabilities occurred this year including the Heartbleed bug, Shellshock, and POODLE, along with the usual Microsoft, Java, browser, and Adobe Flash and Reader problems. There have been some notable payment system breeches: Sony, Kmart, Jimmy Johns, Home Depot, Apple, Dairy Queen, Community Health Systems to name a few … even some Goodwill payment systems got hacked.

What can you do to protect yourself? Here are a couple things to do:

  • Protect your information!

Don’t give it out unless it’s absolutely necessary. If your doctor—like mine did—asks you to sign a release so they can use your deidentified data in a study, ask them what information they are sending and who they are sending it to: Does it include your initials, your first name, your zip code, your street, your age and gender, your diagnosis, your treatment? If they frown at you and say it’s deidentified, ask them what that means to them.

According to HIPAA, there are 2 main methods to de-identify patient data, the “expert determination” method and the “safe harbor” method. The safe harbor method is usually safer because it removes 18 specific identifiers from the research data, such as name, age, dates must be year only, telephone numbers, address, full-face pictures, and account numbers. The expert method depends on an “expert” to determine what’s safe to disclose.

For instance, why do you care if someone shares your birth date? The birthday paradox is a probability theory that explains if you’re in a room with 23 other people, the chances that at least 2 people in the room will share a birthday is 50%, and in a group of 70 people, the probability that at least 2 of them will share a birthday reaches 99.9%. However, the probability that 2 people will share the same birth date is considerably smaller.

A recent article in American Medical News explained how Latanya Sweeney, PhD, a Harvard University researcher, was able to attach 241 identities to the deidentified medical information of a database of 1,130 research patients, using birth date, gender, and zip code combined with public records, such as US Census records or voter registration. That’s 22%! Yikes!

To see how identifiable you are by using those parameters, visit the Data Privacy Lab.

  • Make your important passwords unique for each account, change them often—every six months or sooner, especially if the web site is hacked—and implement two-factor authentication on sites that allow it, especially sites like email, banking, or e-commerce.

What is two-factor authentication? Two-factor authentication means that instead of using just a password to access your account, you add an additional method of verifying your identity.

Google Authenticator is a way to add a second factor; it’s easy to use and it sends a code via a text message to your device. You can set it up so that you only have to input a code if a new device tries to use the account or your password changes. In case you don’t have an Internet connection or cell phone service, you can download a set of 10 codes for backup authentication. Make sure you keep these codes safe! I store mine right in KeePass.

  • Back up your personal information on all your devices—documents, photos, music, videos.
  • Lock your devices: Use PINs, passwords, puzzles, or biometrics.
  • Install software like Find My Phone (Windows, Android, or iPhone) or Prey; if your device is lost or stolen, send it a lock and erase it. Be safe, call the police. Do not try to recover it yourself.
  • Don’t save password information in your browser! Here’s an article on how to disable saving passwords in IE, Safari, and Firefox browsers, and Chrome.

Can’t remember all those passwords? Neither can I! You can use a password-protected Excel 2007 or later spreadsheet (do not save in compatibility mode), download a password manager like KeePass, or use a cloud-based password manager like LastPass.

Do not lose the master password! If you might forget, put it someplace safe like your safe-deposit box.

I have used all three options, and I prefer KeePass, although Excel is in some ways more convenient because you can decide on the fields you use. The data is stored on your device (unless you load it in the cloud yourself). I use KeePass’s professional and portable versions, and KeePass2Android. Try to only update the KeePass database on one device and copy it to your other devices so you don’t get confused as to which device contains the most up-to-date copy of the database. I date the database when I add a new account or change a password (BlahXX-XX-XXXX), so I know to move it to my other devices.

It is very important to back up this database and store a copy that you update regularly —as well as a printed copy—in your safe-deposit box.

LastPass is convenient, but I don’t like the idea of not knowing where my data is stored. Also, if the service is down—as happened last August for over 12 hours—can you access your accounts? According to their documentation, you should be able to. However, it is always best to keep a non-cloud-based back up for cloud-based services.

  • Keep your operating system and applications up to date. When an operating system is no longer supported, it is time to either get the device off the Internet or—if the option is available—upgrade to a new operating system or download and install an open-source operating system. If none of those options work, wipe the device and recycle it here or at one of the Goodwill locations that partners with the Dell Reconnect program.

Spring clean your installed apps: if you don’t use it, uninstall it. Fewer apps will free up resources like memory and drive space, and your device might even run faster.

One application to consider installing on a Windows machine is Secunia’s Personal Software Inspector. It makes sure that all your updates and patches are current. I test a lot of software and some apps don’t always have automatic updates; this app is wonderful!

Everyone here at IntentionalPrivacy.com wishes you a prosperous, happy, healthy, and safe 2015! We’re happy you read us.

Christmas Present: The Interview

Posted: December 23, 2014 by IntentionalPrivacy in free speech, Security Breach
Tags: , , ,

The Art House Convergence  offered Sony a way to distribute The Interview, so there will be limited showings of the movie starting on Christmas Day. Here is a list of theaters currently showing the movie according to Variety, which they will continue to update.

In a statement released on Tuesday, 12/23/2014, President Obama praised Sony’s decision to release the movie.

In other news, North Korea experienced massive Internet outages for much of Monday, but Internet access was restored on Tuesday according to Reuters.

I still think this story would make a great plot.

Happy holidays!