Veteran IT Journalist Worries That Online Privacy May Not Exist (Video)

← Back to Stories (view on slashdot.org)

Veteran IT Journalist Worries That Online Privacy May Not Exist (Video)

Posted by Roblimo on Tuesday July 28, 2015 @08:17AM from the resistance-is-futile dept.

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. And cynicism. Tom is a world-class cynic, no doubt about it. Why? Cover enterprise IT security and other computing topics long enough for big-time industry publications like ITWorld and its IDG brethren, and you too may start to think that no matter what you do, your systems will always have (virtual) welcome mats in front of them, inviting crackers to come in and have a high old time with your data.

Note: Alert readers have probably noticed that we talked with Tom about cloud security back in March. Another good interview, worth seeing (or reading).

44 comments

Min score:

Reason:

Sort:

Privacy is for cows. by Anonymous Coward · 2015-07-28 08:22 · Score: 0, Funny

You are all cows. Cows say moo. MOOOOOOOOO! MOOOOOOOOOO! Moo cows MOOOOOOOOO! Moo say the cows. YOU COWS!!
1. Re:Privacy is for cows. by Anonymous Coward · 2015-07-28 18:55 · Score: 0
  
  You are all crackers. Crackers say lol. LOOOOOOOOOL! LOOOOOOOOOOL! Lool crackers LOOOOOOOOOl! Lool say the crackers. YOU CRACKERS!!
Urg. by khasim · 2015-07-28 08:27 · Score: 4, Informative

Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?
NO!!! It does NOT!!!
1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.
2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.
3. Find a bank / credit union that uses real two factor authentication.
1. Re:Urg. by TheP4st · 2015-07-28 08:43 · Score: 1
  
  Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.
  
  --
  "I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
2. Re:Urg. by Anonymous Coward · 2015-07-28 08:49 · Score: 0
  
  1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.
  I never give the correct answers just for that reason, which necessitates that I have to use a password manager to keep track them. You could make quite a little profile based on a person's answer to those questions. That is, if they didn't already post that info to their Facebook page.
3. Re:Urg. by Anonymous Coward · 2015-07-28 08:58 · Score: 0
  
  the goal is to make the cost more than the value.
  I am poor, so that much effort will be more than you would get out of me.
  Rich people need more security.
4. Re:Urg. by Anonymous Coward · 2015-07-28 08:58 · Score: 0
  
  Also, bank transfers - as far as I'm aware - don't require two factor authentication. Unless you consider the acct & routing numbers as such.
5. Re:Urg. by Aaden42 · 2015-07-28 09:00 · Score: 1
  
  Ah, there’s nothing like WWIW2FA (We Wish It Was Two Factor Auth) to improve your bank security...
  See this random image we made you choose at sign up? YUP! That’s proves we’re us!!! No chance an MitM could get that!
  And this extra random string you entered after that other random string? That makes it TWICE as secure!!!
  I’m not without simpathy that 2FA balloons support costs from people who lack the mental facalties to understand what 2FA is, much less keep a token with them when they want to access their bank, but the time has long since passed for it to be required for “important” accounts like banks.
6. Re:Urg. by khasim · 2015-07-28 09:11 · Score: 1
  
  Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.
  Yep. Even easier if the information ("correct" answers) are available via Google.
  But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.
  Their thinking seems to be:
  1. So, one username / password isn't enough.
  2. A second password should be enough, but it will use the same username as in #1.
  3. And that second password should be SUGGESTED to be based upon something that can be researched / socially engineered / tricked out of the person.
  4. And entered using the same channel as #1.
  Okay, if you cannot get two factor authentication then at least use a different email address for each bank AND ONLY FOR THAT BANK. Email addresses are free. And always use completely unique passwords. Not bankname1 and bankname2.
  The same for the "security" questions. Always completely unique.
  If you have to write them down, do so. Just keep the paper in a secure location. It's far less likely that someone will break into your house to look for passwords than it is that someone will crack your computer.
7. Re:Urg. by Anonymous Coward · 2015-07-28 09:29 · Score: 0
  
  3. Find a bank / credit union that uses real two factor authentication.
  It's 2015. You guys don't have something like chipTAN or SMS TAN as a practically ubiquitous security measure over there?
8. Re:Urg. by mlts · 2015-07-28 10:11 · Score: 2
  
  Bingo. People are throwing up their hands and surrendering, when in reality, the bad guys tend to use fairly simple means to get their data.
  A few things that help privacy for me:
  1: Visit people, and have face to face conversations. Phones should go off, or in a pocket.
  2: Have 2FA. This right here stops all but targeted attacks where an attacker is spending resources just to nail one certain person. To help with recovery, buy the new iPod Touch and copy your 2FA info onto that as well, so more than one device has the 2FA apps and codes.
  3: Separate boot authentication from user authentication. My Windows box requires a hefty password to boot with BitLocker. Similar with my Linux machines and LUKS.
  4: AdBlock, FlashBlock/ClickToPlay, and run your Web browser in a VM. Also work on dealing with Web fingerprinting (visit EFF's Panopticlick for more details.)
  5: Avoid social networks. Once stuff goes there, it stays there.
  6: Virtualize everything. Using Quickbooks or Peachtree? Put it in an encrypted VM.
  7: Since some games will autoban you if you run them in a VM, perhaps consider a dedicated Windows partition just for those.
  8: Here in the US? Go with EMV credit cards with no stripe. Banks are slowly rolling them out. This way, a credit card number can be grabbed, but it would be a card not present transaction, as opposed to slurping the info off the magstripe.
  9: Minimize use of IoT devices. No Wi-Fi deadbolts, etc.
  10: Have a smart firewall. One that blocks outgoing traffic. I used to have one that used a cheap remote that would raise/drop a voltage on a serial port, so when I left, I could hit the remote, and the machine handling the routing duty would insert an "away" ACL set (which basically blocked outgoing traffic except for OS updates.)
9. Re:Urg. by Anonymous Coward · 2015-07-28 17:34 · Score: 0
  
  I don't understand what kind of bubble the person is in to think that a credit union has more or different authentication from a bank anyway. Ok, so whatever your LAST bank was didn't ask you for more than your username/pass, and sure that was a crappy bank...but because you went to a credit union which suddenly asked for more than that, you attribute this extra security to credit unions? Plenty of banks ask these questions, and they have for at least 10 years.
The headline by TWX · 2015-07-28 08:30 · Score: 1

Veteran IT Journalist Worries That Online Privacy May Not Exist
As if there was any doubt?

--
Do not look into laser with remaining eye.
1. Re:The headline by jdharm · 2015-07-29 02:55 · Score: 1
  
  This. Anyone who doesn't assume their Internet stuff is effectively sitting on the curb waiting for someone to take an interest and pick it up is delusional. Internet security is a utopia - works great on paper, can't exist in the real universe. If there is a door for you then there is a door for anyone who decides they want to walk through. The best you can do is make your door's locks harder to get through than the next guy's so they lose interest in yours. When a bear is chasing me any my buddy I don't have to run faster than the bear, just faster than the other guy.
2. Re:The headline by jdharm · 2015-07-29 02:56 · Score: 1
  
  Jeez dude...care to throw in a few more metaphors?
3. Re:The headline by Anonymous Coward · 2015-08-03 01:50 · Score: 0
  
  Metaphors are like a grapefruit.
translation from dice by nimbius · 2015-07-28 08:34 · Score: 3, Insightful

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. his presence, mannerisms, and outlooks are demographically similar to our core audience and in an effort to increase our brands relateability we have enlisted him to elucidate opinions that are so widely shared amongst our core audience as to become cannon to them all.

Tom will serve as a vehicle through which our customers and audience (but never our community) grow to engage our brand as its shuffled from buyer to buyer like a box of partially melted candies amongst children in a hot minivan on a summer road trip.

--
Good people go to bed earlier.
1. Re:translation from dice by Anonymous Coward · 2015-07-28 20:07 · Score: 0
  
  Canon. Not cannon. Sorry for nitpicking.
Renovations by PopeRatzo · 2015-07-28 08:36 · Score: 2

When I buy Slashdot, first thing I'm going to do is tear out all the videos and put in fish tanks.

--
You are welcome on my lawn.
1. Re:Renovations by xenotransplant · 2015-07-28 08:54 · Score: 0
  
  I support your plans to renovate. I would suggest maybe a couple of kittens. People love kittens.
2. Re:Renovations by turp182 · 2015-07-28 08:55 · Score: 1
  
  I wonder if Slashdot would allow a story about how Slashdot users could best fund the purchase of the site themselves...
  
  --
  BlameBillCosby.com
3. Re:Renovations by Anonymous Coward · 2015-07-28 10:30 · Score: 0
  
  Just like the Green Bay Packers!
Again? by Anonymous Coward · 2015-07-28 08:38 · Score: 0

In 1999, Stephen Manes quoted McNealy as saying, "You have zero privacy anyway. Get over it." Manes criticized the statement in his Full Disclosure column: "He's right on the facts, wrong on the attitude. ... Instead of 'getting over it', citizens need to demand clear rules on privacy, security, and confidentiality."The authors of Privacy in the 21st Century admitted, "While a shocking statement, there is an element of truth in it."
all appropriate attributes are in the wikipedia article about Scott McNealy I copped this from...
1. Re:Again? by Anonymous Coward · 2015-07-28 08:40 · Score: 0
  
  and this was before the FBI got outted for Cobra. (which they didn't care about because they already had a replacement email scraper running in most of the major ISPs)...
2. Re:Again? by Falos · 2015-07-28 14:37 · Score: 1
  
  Paper walls are nice. Collective progress requires coordination, morals, guidance. Everyman's outward efforts should be directed towards these, only these will affect the meta.
  
  Everyman's inward efforts should put up real walls that actually keep shit out and fuck with the rest. Shutter your windows and poison their wells. At this stage the SJWs are invited to call me victim-blamer, while the remainder appreciates wisdom for actual results.
3. Re:Again? by Anonymous Coward · 2015-07-28 23:30 · Score: 0
  
  SJW is just the latest face of SPARTA. Aka. communism.
  Just saying.
Privacy and Keyboards* by fustakrakich · 2015-07-28 08:39 · Score: 1

*How quaint

--
“He’s not deformed, he’s just drunk!”
People don't care about privacy by Anonymous Coward · 2015-07-28 08:40 · Score: 0

They care about cost and convenience. Websites require personal info and tracking cookies in the name of these things.
Translation: by Futurepower(R) · 2015-07-28 08:48 · Score: 1

"Veteran IT Journalist Worries That Online Privacy May Not Exist"

Translation: Don't worry about abuse. Just accept it.
1. Re:Translation: by Anonymous Coward · 2015-07-28 09:25 · Score: 0
  
  "Veteran IT Journalist Worries That Online Privacy May Not Exist"
  Translation: Don't worry about abuse. Just accept it.
  Better... expect it, and plan accordingly. Assume the environment is hostile, and that the systems involved have been compromised.
2. Re:Translation: by Anonymous Coward · 2015-07-28 09:46 · Score: 0
  
  And don't forget to watch out for the cornhole.
Slashdot readers worry that video sucks by Anonymous Coward · 2015-07-28 08:59 · Score: 0

Video "articles" like this are all about the speaker, not the topic.
Also, we can read faster than you can write. Please write, your time is not more valuable than the thousands of people who might be interested in what you have to say.
1. Re:Slashdot readers worry that video sucks by Roblimo · 2015-07-28 10:30 · Score: 2
  
  We have transcriptions for the faster readers. But you enjoy complaining, so we won't let that silly fact stop you.
  Thanks for your input,
  - R
He is worried online piracy does not exist? by sims+2 · 2015-07-28 09:01 · Score: 1

Maybe he ment online acts of piracy as I haven't seen anyone take someone else's ship online lately but the file sharing thing? That's still going strong.

--
Minimum threshold fixed. Thanks!
1. Re:He is worried online piracy does not exist? by Anonymous Coward · 2015-07-28 11:20 · Score: 0
  
  Clearly he should be playing Windward. Yo ho ho, down we go!
Noxt Story: by Anonymous Coward · 2015-07-28 09:40 · Score: 0

Slashdot Tells Veteran IT Journalist "That's Not News".
Also, 8-year-old girl worries Santa may not exist! by Anonymous Coward · 2015-07-28 11:34 · Score: 0

Parent's reassure her that he will be there next Christmas and not to listen to all of those naysayers.
from the resistance-is-futile dept. by Anonymous Coward · 2015-07-28 12:03 · Score: 0

Video slashdot is weak. The stupid ass look on the guy's face in the preview made it even more weak than usual.
Comment removed by account_deleted · 2015-07-28 16:17 · Score: 1

Comment removed based on user account deletion
Hosts file is for cows! by Anonymous Coward · 2015-07-28 17:40 · Score: 0

Hosts file is for cows! Cows say mooooOOOOOO! Cows fear the power of adblock plus. MOooOOOOooOOOOOOO! HoOOOOOssts say the cows! YOU COWS!!
took him this long? by Anonymous Coward · 2015-07-28 23:50 · Score: 0

I was cynical about privacy when I was 12 back in the 90s. Now that I'm in the industry, it has only validate it.
All you can do is recognize it and take steps to reduce this encroachment. It'll never be 100% unless you live off the grid. Just remember this: if you don't do crazy shit, the government doesn't care. The rest are only trying to make money off you and the data is so staggering that you're statistically insignificant or the computing power just isn't there to create an automated and accurate profile from your behaviors.
It's not cynicism. It's realism. by TVmisGuided · 2015-07-29 01:10 · Score: 1

There is not, and never has been, any such thing as "online privacy". Those either unwilling to recognize that simple fact, or incapable of doing so, seem to be either businesses selling "online privacy" services or their customers.
Want a completely secure computer? Never plug it in. Ever.
Anything else is bells and whistles.

--
All the world's an analog stage, and digital circuits play only bit parts.
Wait, it might exist? by Anonymous Coward · 2015-07-29 02:35 · Score: 0

Am I the only one that has basically assumed that online privacy has NEVER existed? I'm transmitting data on other peoples networks, and I'm storing data on other peoples servers. Even if I host the server myself, any traffic to and from it passes through networks I don't own, that I've assumed from back when I was a kid with shell access on an arpanet box, has been monitored and cataloged by the very same folks that put up ECHELON, and who "shut down" Carnivore by moving it to another building and powering it up unchanged under a new name...
anonymity is the only real privacy by Anonymous Coward · 2015-07-29 05:05 · Score: 0

Anonymity is the only meaningful privacy... Google and Govt say anonymity is too dangerous. Most sites require registration to post comments... so that they can market to you via ads... And so every one of the most powerful entities in tech all agree that we shall have no anonymity. Which means we shall have no privacy.