How To Give Away Your Personal Information

Identity Theft and Your Personal Information
--------------------------------------------
Identity theft is apparently the "in thing" these days. By media accounts, hackers and evildoers lurk everywhere trying to steal your personal information. In the past few months, one company after another is being forced to admit customer data has been lost or stolen.

In many cases, they have then come forth repeatedly over the next few weeks, or even months revising the estimated number of impacted customers. To date, I don't think any have ever lowered those numbers.

Identity Theft and Respected Companies
--------------------------------------
Generally speaking, these aren't fly-by-night organizations. These are respected companies who we've come to trust. In many instances, the loss wasn't even the work of a "malicious hacker" or other mystical force beyond their control; it was simple carelessness. The frequency of such reports of identity theft is making it difficult for consumers to feel confident in those with whom we do business. Customers are outraged that companies are not doing more to protect their information from the forces of evil.

You and Your Personal Information
---------------------------------
What about you? How are you at keeping you personal information under wraps? Some of these high profile incidents were the result of a trivial mistake that could have happened to anyone, including you.

Let's consider two events that didn't make the front page of C|Net or CNN.

The Keys To The Castle
----------------------
I consult for a client who doesn't trust me. It's nothing personal, they don't trust anyone. Whenever I visit this site, I am forced to contact the client throughout the visit to have them type a credential, or password, to grant access to a server or router. It's really annoying.

I really respect this client.

They don't really know me; I'm "the consultant". They're taking the proper steps when dealing with a consultant, providing the absolute minimum amount of information required. They would never give me unsupervised access to the network, and certainly wouldn't consider giving me passwords to their servers or routers. Not on purpose anyway.

Then there was the day I was working alongside the client and needed to reconfigure a router to complete a task. It's a long walk to the client's office to get the password for that particular router. Yes, this is a client who apparently has a unique password for every piece of equipment they own. Conveniently the client does keep a password protected file on a USB key that contained the needed information. The client was completely appropriate and even asked permission before using my laptop to fetch the file. I consented, and even made the gesture of turning away while he unlocked the file and retrieved the required password.

Have you ever used Google Desktop Search? It's a very cool, and aptly named, program that is a Google for your PC. It will index your files and make them searchable through a fast, flexible, and easy to use interface. It'll even cache the contents of files so if you move it off your hard drive, you'll still be able to see the contents of what was once there. Normally it does all this in the background when you computer is sitting idle. It also does it anytime you open a file.

Your Personal Information Is The Prize
--------------------------------------
You guessed it. Logins, passwords, public and private IP addresses. You name it, I had it. The client who would never give me a single password had turned over all of them at once.

What kind of wondrous data was now available? Personnel records, salary data, trade secrets? Maybe, if this was a corporate client. What about an academic, a University even? Student records, financial aid forms, and grant information. The possibilities were endless.

I promptly deleted the cache. The customer didn't want me to have the information, nor did I.

Would You Hand Your Credit Card To A Stranger?
----------------------------------------------
The previous example showed how simple it is to inadvertently reveal a large amount of data. It's funny how easily a person can dismiss this type of loss. After all, it's not your data, right?

So let's get a bit more personal.

Convenience And Computer Security Are Rarely Compatible
-------------------------------------------------------
I have a good trust relationship with my next client. She is quite comfortable with me administering and securing the corporate network. When it comes to her personal credit card information however, well, not so much.

Pretty much every web browser available these days has quite a few convenience features designed to make your day to day "net experience simpler". One of these convenience features came into play in this example, specifically the Firefox browser's auto-completion feature.

Not too long ago, I was tasked by this client to make arrangements for transfer of an internet domain to their ownership. Not a difficult task, she could have handled it herself. She was quite a capable computer user; she just didn't want to be bothered with the process.

I set aside 20 minutes to go through her domain registrar's step-by-step transfer wizard. I summoned the client to explain the details of the transfer displayed on my laptop screen. Facing the payment options screen the client asked if she could proceed. I relinquished control of my laptop and she entered the credit card information required to complete the transaction.

Web Browsers Cache Your Personal Information
--------------------------------------------
Most modern web browsers, for convenience, will cache information entered into web forms. The intent is to be able to recall this information if it's requested by another form. The following day, I was in the process of registering another domain with the same registrar and was surprised, for half a second, when the payment screen pre-populated using the same information used the day before. In addition to the credit card information I also had my client's personal home address, and telephone number. This was quite a bit of personal information the client never had any intention of giving me.

So What's Your Point?
---------------------
These two examples are very different but do share two important attributes. First, data the client intended to keep private was revealed to me. Second, the reason for the "compromise" of the data was due to the "victim" working with said data on a computer they neither owned nor were familiar with. Under different circumstances, the end results could have been quite devastating.

Conclusion
----------
When using a computer system you do not own, perhaps at a kiosk, or Internet Café, be aware that the computer itself is going to remember a lot of what you've done as part of basic functionality. Additionally, most entities that are going to provide you with access to a computer, including your employer, probably have systems in place that could collect additional data you don't desire to share. Even WiFi hotspots that allow you to use your own notebook or PDA to surf the web while sipping coffee can be a potential information collector.

The moral of the story is, when dealing with computer systems that aren't your own, never handle data or documents that you wouldn't want left behind unprotected. In all odds, once you walk away from that computer, you've done just that.

About The Author
----------------
Erich currently specializes in providing network and security solutions for small to medium businesses that frequently have to resolve the conflict of need versus budget. His commitment to precision and excellence is eclipsed only by his fascination with gadgets, particularly ones that are shiny, or that blink, or that beep. Erich is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Erich you can e-mail him at [email protected] or [email protected].

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

SFGate

Bitcoin a shadowy realm as US weighs security clearances
SFGate
"There are a lot of good things about cryptocurrencies, but at the same time there are these security risks," said Param Vir Singh, director of the PNC Center for Financial Services Innovation at Carnegie Mellon University. "Think about a knife: It ...


WIRED

Security News This Week: T-Mobile Web Portal Exposed 74 Million Accounts
WIRED
T-Mobile has about 74 million customers, and the company added a credential login to protect the tool after receiving the alert from security researcher Ryan Stevenson. Per its bug bounty program, T-Mobile awarded Stevenson $1,000 for the discovery.


Washington Post

Scott Pruitt's security detail cost nearly $3.5 million his first year, agency reports
Washington Post
The round-the-clock security detail for Environmental Protection Agency Administrator Scott Pruitt cost taxpayers almost $3.5 million during his first year in office, according to figures published Friday by the agency. The EPA spent more than $2.7 ...
EPA spent $3.5 million to protect Scott Pruitt, nearly twice the typical security costCNBC
EPA chief's security bill soars, agency cites death threatsReuters
EPA spent nearly $3.5M on Pruitt security - CNNPolitics - CNN.comCNN
CBS News -ABC News -Politico -Politico
all 118 news articles »

WBAL Baltimore

Security guard fatally shoots man in Catonsville
WBAL Baltimore
A security guard fatally shot a man who fired his own gun after refusing to leave a Catonsville business Saturday, Baltimore County police said. County police said security guards were asking people to leave the parking lot because the business was closed.
Man killed after gunfire exchange with security guard at Catonsville ...Fox Baltimore

all 9 news articles »

Voice of America

Top Afghan Security Officials Visit Pakistan for Crucial Talks
Voice of America
A high-level Afghan delegation began a daylong official visit to neighboring Pakistan Sunday to discuss bilateral matters, border management and regional security. Afghan National Security Adviser Haneef Atmar is leading a team of top security ...
Afghan, Pakistani Security Officials Meet In IslamabadRadioFreeEurope/RadioLiberty

all 19 news articles »

South China Morning Post

Nato's second-in-command to address Asia security forum as North Korea looms large
South China Morning Post
Nato Deputy Secretary General Rose Gottemoeller will attend a major security forum in Asia next month, aiming to bolster the Western alliance's ties with the region amid lingering fears about North Korea's nuclear ambitions, a diplomatic source said on ...


Kansas City Star (blog)

Security of the midterm elections needs attention now
Kansas City Star (blog)
When top intelligence officials went to Capitol Hill one morning last week to give House members a classified briefing on the security of the upcoming elections, only 40 or so bothered to show up. In other words, nine out of 10 lawmakers thought they ...
Homeland Security announces 15000 additional seasonal visas for companies at risk of failureThe Hill
Homeland Security issues 15000 more H-2B visas amid crab industry labor shortage in Maryland, elsewhereBaltimore Sun
Homeland Security releases 15000 additional H-2B visasThe Boston Globe
UPI.com -Paulick Report
all 79 news articles »

Middle East Monitor

Iran security forces to confront unrest that serves US
The Jerusalem Post
"Judicial and security bodies ... will resolutely confront any group or individual that wants to compromise the country's security," said Gholamhossein Mohseni Ejei, the judiciary's news website Mizanonline reported, adding that fomenting unrest was ...
Iran says security forces to clamp-down on protestsReuters

all 3 news articles »

FOX 4 News

Downtown Dallas security team stepping up patrols after violent attacks
FOX 4 News
The Downtown Dallas security team is increasing its patrols after a woman was violently robbed and other recent crimes. Red Ledbetter was walking home with a friend around 3:30 Tuesday morning when three men attacked and robbed them near Ervay ...

Google News

How Can Someone Get Private Information From My Computer?

From the "Ask Booster" column in the June 17, 2005... Read More

The Never Ending Spyware Story

It's been with us since 1993, it's gotten more intrusive,... Read More

Secure Your PC From Hackers, Viruses, and Trojans

Viruses, Trojans and Spyware: Protecting yourself.No user on the internet... Read More

Corporate Security for Your Home Business

The words Corporate Security may conjure up images of a... Read More

HackAttack

P C. owners are constantly at risk from attacks by... Read More

Its War I Tell You!

There are ways to insure security though. You can get... Read More

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that... Read More

Wireless Network Security

Working from home has its advantages, including no commute, a... Read More

Protecting Your Home Both Inside and Out

If you are a parent, you have probably wondered at... Read More

Personal Firewalls - Secure Your Computer

There has not been a time in the history of... Read More

Hacking Threats and Protective Security

The 1998 Data Protection Act was not an extension to,... Read More

Virus and Adware - Fix them Both!

We all get the odd virus now and then, but... Read More

The Truth About Hiding Your Tracks on the Internet

Ok, ok, I know you've seen them. All those pop... Read More

Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is

A week or so ago, I received an inquiry from... Read More

Viruses, Trojans, and Spyware - Oh My!

Have you ever had to call Symantec or McAfee to... Read More

What to Look for before You Purchase Spyware Software

Huge number of spyware software applications are available in the... Read More

Securities

NETWORK SECURITIES: IMPORTANCE OF SECURITIESComputers and securities must form a... Read More

Another Fine Mess!

I'm in the Anti-Spyware business, and I'm doing a lot... Read More

How To Prevent Spyware Attacking Your Computer

Spyware is software or hardware installed on a computer without... Read More

Breaking Into Your PC: News...

You'd better learn news from media, not from emails, security... Read More

How to Get Rid of New Sobig.F Virus?

As you know, this time the virus under the name... Read More

Is The Internet Over Regulated

Today's Internet or World Wide Web is being over regulated.But,... Read More

Its Time to Sing the Encryption Song - Again!

Yes, I'm wearing my encryption hat again. Why you may... Read More

Lottery Scam, What It is and how to Avoid It?

Internet scams and frauds are on the rise! The quantity... Read More

How to Fight Spyware

If you are wondering how to fight spyware for safe... Read More