I ran across this new app called “Wickr,” available from the iTunes store. I haven’t tested it yet, but it sounds amazing. It is supposed to be available for Android soon. Best of all, the basic version is FREE.
What does Wickr do? It’s an app that sends encrypted communications—photos, video, texts, email—to people you trust. Then, at a predetermined time, that communication will self destruct. It uses Advanced Encryption Standard (AES), Elliptic Curve Diffie-Hellman (ECDH), and Transport Layer Security (TLS) algorithms for encryption, which Wickr talks about here https://www.mywickr.com/en/downloads/RSA_Security_Announcement.pdf
Caveat: Don’t lose your password! You lose access to your account. Also, make sure that you read the “Frequently Asked Support Questions” before you install the app, so that you understand how it works.
Twitter recently added a new security feature that allows you to have your phone send a security code that you use as your passcode when you log in. While it’s true that using more than one type of account verification can make your account safer, does Twitter’s new two-factor authentication really make your account safer? Maybe not. Watch Josh Alexander explain it in this YouTube video and decide for yourself: Personally, I agree with Josh Alexander that Twitter’s SMS-based two-factor as presented in the video doesn’t go far enough to protect your information.
What makes a safer log-in? Well, believe it or not, when your bank makes you enter your user name on one screen [hopefully using HTTPS; there should be a lock somewhere on the page] and then the next screen has a picture that you chose and/or asks a challenge question or might even save information about your computer like the IP address. If the picture is wrong or you expected challenge questions that didn’t appear, don’t log in! If you log in from a different computer, you may get one or more challenge questions that you must answer before you’re authorized to enter your account. Adding SMS onto one or more of these authentication methods might make your log-in safer.
Yes, it’s painful, but it’s safer.
Why is what the bank does safer than what Twitter’s doing?
Because if you’re not really at the bank’s site, the hackers won’t know which picture you chose or the correct challenge questions to ask you. Hackers can’t (yet) make a bank website using your picture or the correct challenge questions, so it won’t be your account log-in.
What else makes online banking safer? According to this article http://news.yahoo.com/blogs/upgrade-your-life/banking-online-not-hacked-182159934.html, use WPA2 on your home wireless router, make sure your computer is virus free (OS patched, use an up-to-date antivirus program), and don’t use public Wi-Fi nor public computers. Another tip: Don’t choose challenge questions that anyone could easily find out about you, such as your mother’s maiden name. Under some circumstances, you can use your phone for online banking. Make sure you use a password screen lock on your phone. They also recommended that you have a remote wipe program installed on the phone; if your phone is lost or stolen you can remotely delete all the data off your phone. (Yes, remote wipe actually works. I tried it and bricked my iPhone, but the Apple Geniuses came through like champs!)
What is NFC you say? It’s a card that is intended to work without it having to touch the card reader. The problem is some people are getting charged twice even though they didn’t take the card out of their wallets or purse. It’s a good idea to get a RFID-shielding cover for your debit / credit cards and your passport. Or you can make a cover from aluminum foil, instructions here http://www.rpi-polymath.com/ducttape/RFIDWallet.php
Note: the cover might not keep the card or passport from being read entirely, but it will cut down on the distance that the contents can be read at.
I do not recommend trying to damage the RFID chip.
This story is a timely reminder to keep an eye on your financial transactions!
What’s a “Patent Troll”? One definition of a patent troll is an organization that owns a patent which it intends to use for the sole purpose of suing someone else. A patent troll typically does not market or manufacture the product that the patent covers. The FTC calls them “patent assertion entities” or PAEs, and recently released a 309-page report on patents available here http://www.ftc.gov/os/2011/03/110307patentreport.pdf.
Why would you care? Well, according to articles in Ars Technica, a patent troll recently has been sending letters out to small businesses of between 10-100 employees demanding that they pay a licensing fee per employee for using the scan-to-email function on their multifunction printer because of patents owned by MPHJ Technology. You can read more details of this story in http://arstechnica.com/tech-policy/2013/04/meet-the-nice-guy-lawyers-who-want-1000-per-worker-for-using-scanners/.
What is “medical record theft” and why would someone want to steal your medical information? Simple.
The hospital or clinic a person goes to most likely keeps their records on a computerized system called an “electronic medical record” or EMR. What is a thief looking for? Your medical record contains information like your insurance company information, other identity information, financial information, and drug information. The thieves use this information to steal medical services, obtain prescriptions, and maybe even identity and financial information to use in identity theft.
And what if the hospital or clinic shares information with another business partner, such as a consulting doctor?
Recent health care breaches:
780,000 medical records stolen from the Utah Department of Health on April 9, 2012. The article stated that the cyber-hackers were operating out of Eastern Europe.
Bitcoin is an open-source, peer-to-peer digital currency, using an MIT license. The site http://bitcoin.org/en/ explains what Bitcoin is and how to use it. It’s a very cool idea …
So what’s the downside you ask?
All you have to do is Google “Bitcoin issues” and a bunch of hits will come up dated within the last month:
But maybe one of the worst problems of all is an article published on May 2,2013 by Parity News: http://paritynews.com/web-news/item/1034-esea-league-stuffed-bitcoin-mining-code-inside-client-software. It started as an April Fool’s joke, where the E-Sports Entertainment Association (ESEA) League mined Bitcoins from their users by inserting code in their client software. At least, one of their administrators took responsibility for the “joke,” which wasn’t very funny in the end. Several users even claimed that their video cards were damaged because of overheating caused by the ESEA malware.
A cool idea, but maybe not a mature enough technology to use yet. Sometimes it’s a good idea to wait and see, especially if it involves your money or your privacy.
B-Sides Austin March 21-22, 2013, kicked off the night before with Jeremy Zerechak’s 82-minute documentary about the origins and present reality of computer privacy issues.
Code 2600 introduces modern cyber security via Sputnik and the Cold War which brought about the Defense Advanced Research Projects and the first computer network. The film also weaves in the threads of telephone systems and phone phreaking, and the transmutation of the computer from the behemoths of corporations and governments to the homebrew hacks that birthed the Apple computer. The result was an assault on your privacy which is magnified today by government agencies and private companies that compete for the control of the information that you create about yourself.
More subtly, in the Cold War, we could see our attackers. We would know who launched the missiles. Today, the clues left by a cyber-attack are harder to trace. The war is going on right now with the governments of the USA and China hacking each other, as well as Britain hacking Norway. And corporations are really the leading edge players: everyone – civilian or military, government or corporation – uses the same operating systems and applications programs. The military is no longer the leading edge of technology: they buy it from the same places that you do.
The success of AOL was a milestone. When the computer information service bought Time-Warner it heralded the blossoming of the information age. But we are still in the middle of the story. We will not know for 50 years how this plays out.
“What should we be teaching young people about computers?” is the wrong question. Young people should be teaching us about how they use their devices, apps, and media, because that is the future.
Read this article at http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/ about how the Department of Homeland Security (DHS) can seize and search your electronic devices at the border without cause. The border as defined by DHS extends 100 miles inland from the physical US border.
How long can they keep your devices? It’s not really defined, although according to the Electronic Frontier Foundation (EFF), devices are usually return within 5 days. How long can DHS keep your data and what can they do with it? Again, according to the EFF, procedures are not clear for handling sensitive or confidential data.
If you need to travel with electronics, the EFF has a guide on how to “make your data less vulnerable at the border” at https://www.eff.org/deeplinks/2010/11/effs-guide-protecting-devices-data-border. Always make sure that you back up your data before traveling, just in case any of your electronic devices are confiscated, lost, stolen, or damaged.
If you value your privacy, the EFF website is worth reading on a regular basis.
Intentional Privacy 