Veteran IT Journalist Worries That Online Privacy May Not Exist (Video)

← Back to Stories (view on slashdot.org)

Veteran IT Journalist Worries That Online Privacy May Not Exist (Video)

Posted by Roblimo on Tuesday July 28, 2015 @08:17AM from the resistance-is-futile dept.

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. And cynicism. Tom is a world-class cynic, no doubt about it. Why? Cover enterprise IT security and other computing topics long enough for big-time industry publications like ITWorld and its IDG brethren, and you too may start to think that no matter what you do, your systems will always have (virtual) welcome mats in front of them, inviting crackers to come in and have a high old time with your data.

Note: Alert readers have probably noticed that we talked with Tom about cloud security back in March. Another good interview, worth seeing (or reading).

18 of 44 comments (clear)

Min score:

Reason:

Sort:

Urg. by khasim · 2015-07-28 08:27 · Score: 4, Informative

Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?
NO!!! It does NOT!!!
1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.
2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.
3. Find a bank / credit union that uses real two factor authentication.
1. Re:Urg. by TheP4st · 2015-07-28 08:43 · Score: 1
  
  Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.
  
  --
  "I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
2. Re:Urg. by Aaden42 · 2015-07-28 09:00 · Score: 1
  
  Ah, there’s nothing like WWIW2FA (We Wish It Was Two Factor Auth) to improve your bank security...
  See this random image we made you choose at sign up? YUP! That’s proves we’re us!!! No chance an MitM could get that!
  And this extra random string you entered after that other random string? That makes it TWICE as secure!!!
  I’m not without simpathy that 2FA balloons support costs from people who lack the mental facalties to understand what 2FA is, much less keep a token with them when they want to access their bank, but the time has long since passed for it to be required for “important” accounts like banks.
3. Re:Urg. by khasim · 2015-07-28 09:11 · Score: 1
  
  Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.
  Yep. Even easier if the information ("correct" answers) are available via Google.
  But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.
  Their thinking seems to be:
  1. So, one username / password isn't enough.
  2. A second password should be enough, but it will use the same username as in #1.
  3. And that second password should be SUGGESTED to be based upon something that can be researched / socially engineered / tricked out of the person.
  4. And entered using the same channel as #1.
  Okay, if you cannot get two factor authentication then at least use a different email address for each bank AND ONLY FOR THAT BANK. Email addresses are free. And always use completely unique passwords. Not bankname1 and bankname2.
  The same for the "security" questions. Always completely unique.
  If you have to write them down, do so. Just keep the paper in a secure location. It's far less likely that someone will break into your house to look for passwords than it is that someone will crack your computer.
4. Re:Urg. by mlts · 2015-07-28 10:11 · Score: 2
  
  Bingo. People are throwing up their hands and surrendering, when in reality, the bad guys tend to use fairly simple means to get their data.
  A few things that help privacy for me:
  1: Visit people, and have face to face conversations. Phones should go off, or in a pocket.
  2: Have 2FA. This right here stops all but targeted attacks where an attacker is spending resources just to nail one certain person. To help with recovery, buy the new iPod Touch and copy your 2FA info onto that as well, so more than one device has the 2FA apps and codes.
  3: Separate boot authentication from user authentication. My Windows box requires a hefty password to boot with BitLocker. Similar with my Linux machines and LUKS.
  4: AdBlock, FlashBlock/ClickToPlay, and run your Web browser in a VM. Also work on dealing with Web fingerprinting (visit EFF's Panopticlick for more details.)
  5: Avoid social networks. Once stuff goes there, it stays there.
  6: Virtualize everything. Using Quickbooks or Peachtree? Put it in an encrypted VM.
  7: Since some games will autoban you if you run them in a VM, perhaps consider a dedicated Windows partition just for those.
  8: Here in the US? Go with EMV credit cards with no stripe. Banks are slowly rolling them out. This way, a credit card number can be grabbed, but it would be a card not present transaction, as opposed to slurping the info off the magstripe.
  9: Minimize use of IoT devices. No Wi-Fi deadbolts, etc.
  10: Have a smart firewall. One that blocks outgoing traffic. I used to have one that used a cheap remote that would raise/drop a voltage on a serial port, so when I left, I could hit the remote, and the machine handling the routing duty would insert an "away" ACL set (which basically blocked outgoing traffic except for OS updates.)
The headline by TWX · 2015-07-28 08:30 · Score: 1

Veteran IT Journalist Worries That Online Privacy May Not Exist
As if there was any doubt?

--
Do not look into laser with remaining eye.
1. Re:The headline by jdharm · 2015-07-29 02:55 · Score: 1
  
  This. Anyone who doesn't assume their Internet stuff is effectively sitting on the curb waiting for someone to take an interest and pick it up is delusional. Internet security is a utopia - works great on paper, can't exist in the real universe. If there is a door for you then there is a door for anyone who decides they want to walk through. The best you can do is make your door's locks harder to get through than the next guy's so they lose interest in yours. When a bear is chasing me any my buddy I don't have to run faster than the bear, just faster than the other guy.
2. Re:The headline by jdharm · 2015-07-29 02:56 · Score: 1
  
  Jeez dude...care to throw in a few more metaphors?
translation from dice by nimbius · 2015-07-28 08:34 · Score: 3, Insightful

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. his presence, mannerisms, and outlooks are demographically similar to our core audience and in an effort to increase our brands relateability we have enlisted him to elucidate opinions that are so widely shared amongst our core audience as to become cannon to them all.

Tom will serve as a vehicle through which our customers and audience (but never our community) grow to engage our brand as its shuffled from buyer to buyer like a box of partially melted candies amongst children in a hot minivan on a summer road trip.

--
Good people go to bed earlier.
Renovations by PopeRatzo · 2015-07-28 08:36 · Score: 2

When I buy Slashdot, first thing I'm going to do is tear out all the videos and put in fish tanks.

--
You are welcome on my lawn.
1. Re:Renovations by turp182 · 2015-07-28 08:55 · Score: 1
  
  I wonder if Slashdot would allow a story about how Slashdot users could best fund the purchase of the site themselves...
  
  --
  BlameBillCosby.com
Privacy and Keyboards* by fustakrakich · 2015-07-28 08:39 · Score: 1

*How quaint

--
“He’s not deformed, he’s just drunk!”
Translation: by Futurepower(R) · 2015-07-28 08:48 · Score: 1

"Veteran IT Journalist Worries That Online Privacy May Not Exist"

Translation: Don't worry about abuse. Just accept it.
He is worried online piracy does not exist? by sims+2 · 2015-07-28 09:01 · Score: 1

Maybe he ment online acts of piracy as I haven't seen anyone take someone else's ship online lately but the file sharing thing? That's still going strong.

--
Minimum threshold fixed. Thanks!
Re:Slashdot readers worry that video sucks by Roblimo · 2015-07-28 10:30 · Score: 2

We have transcriptions for the faster readers. But you enjoy complaining, so we won't let that silly fact stop you.
Thanks for your input,
- R
Re:Again? by Falos · 2015-07-28 14:37 · Score: 1

Paper walls are nice. Collective progress requires coordination, morals, guidance. Everyman's outward efforts should be directed towards these, only these will affect the meta.

Everyman's inward efforts should put up real walls that actually keep shit out and fuck with the rest. Shutter your windows and poison their wells. At this stage the SJWs are invited to call me victim-blamer, while the remainder appreciates wisdom for actual results.
Comment removed by account_deleted · 2015-07-28 16:17 · Score: 1

Comment removed based on user account deletion
It's not cynicism. It's realism. by TVmisGuided · 2015-07-29 01:10 · Score: 1

There is not, and never has been, any such thing as "online privacy". Those either unwilling to recognize that simple fact, or incapable of doing so, seem to be either businesses selling "online privacy" services or their customers.
Want a completely secure computer? Never plug it in. Ever.
Anything else is bells and whistles.

--
All the world's an analog stage, and digital circuits play only bit parts.