Slashdot Mirror

← Back to Stories (view on slashdot.org)

Veteran IT Journalist Worries That Online Privacy May Not Exist (Video)

Posted by Roblimo on from the resistance-is-futile dept.

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. And cynicism. Tom is a world-class cynic, no doubt about it. Why? Cover enterprise IT security and other computing topics long enough for big-time industry publications like ITWorld and its IDG brethren, and you too may start to think that no matter what you do, your systems will always have (virtual) welcome mats in front of them, inviting crackers to come in and have a high old time with your data.

Note: Alert readers have probably noticed that we talked with Tom about cloud security back in March. Another good interview, worth seeing (or reading).

5 of 44 comments (clear)

  1. Urg. by khasim · · Score: 4, Informative

    Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?

    NO!!! It does NOT!!!

    1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.

    2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.

    3. Find a bank / credit union that uses real two factor authentication.

    1. Re:Urg. by mlts · · Score: 2

      Bingo. People are throwing up their hands and surrendering, when in reality, the bad guys tend to use fairly simple means to get their data.

      A few things that help privacy for me:

      1: Visit people, and have face to face conversations. Phones should go off, or in a pocket.

      2: Have 2FA. This right here stops all but targeted attacks where an attacker is spending resources just to nail one certain person. To help with recovery, buy the new iPod Touch and copy your 2FA info onto that as well, so more than one device has the 2FA apps and codes.

      3: Separate boot authentication from user authentication. My Windows box requires a hefty password to boot with BitLocker. Similar with my Linux machines and LUKS.

      4: AdBlock, FlashBlock/ClickToPlay, and run your Web browser in a VM. Also work on dealing with Web fingerprinting (visit EFF's Panopticlick for more details.)

      5: Avoid social networks. Once stuff goes there, it stays there.

      6: Virtualize everything. Using Quickbooks or Peachtree? Put it in an encrypted VM.

      7: Since some games will autoban you if you run them in a VM, perhaps consider a dedicated Windows partition just for those.

      8: Here in the US? Go with EMV credit cards with no stripe. Banks are slowly rolling them out. This way, a credit card number can be grabbed, but it would be a card not present transaction, as opposed to slurping the info off the magstripe.

      9: Minimize use of IoT devices. No Wi-Fi deadbolts, etc.

      10: Have a smart firewall. One that blocks outgoing traffic. I used to have one that used a cheap remote that would raise/drop a voltage on a serial port, so when I left, I could hit the remote, and the machine handling the routing duty would insert an "away" ACL set (which basically blocked outgoing traffic except for OS updates.)

  2. translation from dice by nimbius · · Score: 3, Insightful

    Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. his presence, mannerisms, and outlooks are demographically similar to our core audience and in an effort to increase our brands relateability we have enlisted him to elucidate opinions that are so widely shared amongst our core audience as to become cannon to them all.

    Tom will serve as a vehicle through which our customers and audience (but never our community) grow to engage our brand as its shuffled from buyer to buyer like a box of partially melted candies amongst children in a hot minivan on a summer road trip.

    --
    Good people go to bed earlier.
  3. Renovations by PopeRatzo · · Score: 2

    When I buy Slashdot, first thing I'm going to do is tear out all the videos and put in fish tanks.

    --
    You are welcome on my lawn.
  4. Re:Slashdot readers worry that video sucks by Roblimo · · Score: 2

    We have transcriptions for the faster readers. But you enjoy complaining, so we won't let that silly fact stop you.

    Thanks for your input,

    - R