Author Archives: louisevinciguerra

This Week In Privacy: Jan 9, 2009

Wired

Weak Password Brings ‘Happiness’ To Twitter Hacker
An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News.

TechNewsWorld

Will 2009 Be the Year of Multiple Digital Identities?
Just days after Twitter was hacked, a group of entrepreneurs and policy activists gathered to discuss “Privacy 2009: The Year Ahead.” The discussion demonstrated that the privacy debate is starting to mature.

InternetNews

New Data Breach, Privacy Bills in Congress
One year after trying unsuccessfully to introduce legislation on data breaches and protection of individual privacy, California Senator Dianne Feinstein is trying again.

This Week In Privacy: Jan 2, 2009

CNET

A Funny Thing Happened On The Way To a Birthday Greeting
An interesting take on privacy and revealing a piece of information that most people wouldn’t think twice about when signing up for a new online account.

WOAI

The 500 Most Common Passwords
1 in 9 people use at least one password from this list and one out of 50 use one of the top 20 most common passwords. Is yours on the list?

ReadWriteWeb

Top Online Security Threats For 2009
One new infected Web page is discovered every 4.5 seconds. Here’s a look at the top security threats you should be looking out for in 2009.

This Week In Privacy: Dec 26, 2008

The Olympian

Watch Out For ID Theft While Online
If you have some gift money burning a hole in your pocket and want to grab online post-Christmas bargains, beware of ID thieves hoping to make you the next victim.

ZDNet

5 Security Precautions To Take For The Holiday Break
The following last-minute precautions should probably be on your To Do list for just before leaving the office this holiday.

The Recorder & Times

Internet Security Tests Show All’s Not Right In The City
Anyone with a laptop and the right software could slip onto someon’s home wireless network to steal bandwidth to get free internet access or worse to steal sensitive information.


This Week In Privacy: Dec 19, 2008

Lifehacker

Lessons Learned From A Hacked Gmail Account
Just as the title says – a few first hand lessons on what to do if you find out your email has been broken into, how to keep your email safe and tips on net security in general.

The Register

Browsers Fail Password Protection Test
Chapin Information Services ran a series of browser security tests and the results are pretty interesting when it comes to browsers such as Google Chrome and Safari.

Identity Theft Resource Center

ITRC’s Identity Theft Predictions For 2009
Every year the Identity Theft Resource Center (ITRC) shares its thoughts for the upcoming year. The following items are ITRC’s predictions for 2009.


Obama Gives Privacy the Spotlight

The 73% of Americans who use the web may be interested in reading just what tech-savvy President-elect Obama has planned for the future of the cloud and how it pertains to an all time Passpack favorite – privacy on the web.

Safeguarding Internet user’s right to privacy in Web 2.0 is not
always top of the agenda – after all the “social web” is somewhat
public ground, isn’t it?

You know how public information on the web can be if you:

  • post pictures to Facebook
  • tweet your mood on twitter
  • post opinion comments on blogs

But did you know this information could be just as public:

  • social security numbers
  • access codes
  • PIN numbers
  • emails/personal messages
  • confidential client info
  • passwords

All of this personally identifying information lives and circulates on the same web as do your holiday photos and favorite Amazon books.

That’s right, the new Chief Technology Officer that Obama will appoint has got his work cut out for him.

Sharing Privately

It may almost seem like a contradiction of terms but you already have an idea of how it works.

Let’s say you put your photos up on Flickr but don’t want everyone seeing them. You go to your Privacy Settings and decide who can read and see your stuff. Most social networking apps have privacy restrictions.

But there are some things that you want to share with everybody and some things that you want to share with fewer people or maybe just one person and no one else. Not even a server : )

*Remember you can limit your personal info down to networks, friends, individuals and even for your eyes only BUT any info you put on the Net, lives somewhere on a server. So how private can sharing really be?

Well, what if you made it so that anything you don’t want everyone seeing leaves your computer encrypted? So your driver’s license number, your PIN number or your passwords actually leave your browser encrypted, travel encrypted and get to your recipient encrypted so that the only person who will ever be able to read it is the person you are sending it to and no one else. Not even a server : )

Oh, shared host-proof hosting – you may have found your voice in the 44th US Presidency.

This Week in Privacy: Dec 12, 2008

Ars Technica

CDT to Obama: Advent of “the Cloud” Makes Privacy Laws Dated

The Center for Democracy and Technology issued a transition outlining measures president-elect Barack Obama should take to restore privacy safeguards… and to promote open discourse and innovation online.

Computer Finance

The value of Your Stolen Identity: About $120

The going rate for a “complete” identity (including name, address, passport, credit card info, driver’s license number, and even banking passwords): 120 bucks. That’s right – even passwords!

IT Pro

Councils Divided Over Data Detection

As many as 90 per cent of the UK’s largest city councils cannot guarantee that all sensitive data held on their laptops is encrypted, according to research released today.

And one more thing…

Shared Host-Proof Hosting

In order to understand how shared host-proof hosting works, we need a quick overview of host-proof hosting – what it is and why it has gained such standing in online privacy matters.

The Need For Privacy Online

Whenever you send anything over the internet, your data is exposed. The sites you visit, emails you send, videos you watch all become part of the vast web. Your info travels across many networks until it finally reaches its destination but how safe is it really when via transit and when it reaches its recipient?

Rule of thumb – information that you send in a standard email is just like writing info on a postcard. It can be seen by anyone with the right tools and the wrong intentions.

The Need For Host-Proof Hosting

Some things can be written on a postcard:

  • appointment reminders
  • birthday wishes/friendly letters
  • casual documents

Some things can’t be written on a postcard:

  • confidential information
  • PIN numbers
  • passwords

This is where host-proof hosting comes in. Host-proof hosting is a security pattern which allows you to encrpyt your data before it even leaves your browser. Client-side encryption ensures 100% data privacy so sensitive info like your passwords, can have a safe trip across the web and remain just as safe on the server.

For more info on host-proof hosting, take a quick look at this post.

Sharing Privacy

It wouldn’t make much sense to have a web based on host-proof hosting or encryption, especially in a social web. Online identities are created by what we post to the net. There are certain things we want to share. There are certain things we want to keep private. And there are certain things that we want to share AND keep private.

Here’s where privacy and sharing become important

  • you and your colleague(s) need to access the same merchant accounts
  • you and your spouse both access online accounts for the ‘household’
  • you manage several different clients and you need to share certain web accounts

What do all of these scenarios have in common? Each one of them sees the need to share sensitive info in a secure way. How do you do that on the web without just sending a password or access code via email or skype?

Ideally you would find a way to send delicate info to one other person so that only you two can read it and no one else. How would that work?

Shared Host-Proof Hosting

Shared Host-Proof Hosting is the basis for Passpack Secure Messaging and Passpack Sending Password Entries where you can send passwords, password entries, notes and more in complete confidentiality. This means that only sender and recipient can read what is sent.

Shared Host-Proof Hosting is a security pattern based on Host-proof Hosting which uses both 1024 bit RSA public and private keys as well as AES 192bit encryption and it works more or less like this:

Jane wants to send Jack a message. First she needs to generate her set of RSA public and private keys and so does Jack. This may sound difficult but not to worry, it is all done automatically
just by pressing a button. Ah, the wonders of modern technology! She and he do this one time only and these keys are how sharing is made possible.

Then Jane needs to invite Jack to her Ring of Trust, a series of trusted contacts that Jane has chosen. Jane sends Jack the AES 192bit key they will use to exchange messages from that point on. She does this by using Jack’s RSA public key.

Once Jack receives this, he decrypts it using his RSA private key. Then both Jane and Jack have the same AES key to forever exchange messages. This means that all encryption is done on the client-side, as well as all decryption.

All of this generating, encrypting and decrypting happens ‘behind the scenes’ so don’t worry, neither Jane, Jack or you need a degree in cryptology in order to feel safe online : )

Say That Again?

In simple terms, if Jane wants to send something to Jack and doesn’t want anyone to read it in transit, or when it is on the server she sends the info encrypted.

Jack needs to decrypt the info Jane sends and vice versa in a way that only he can read it and no one else. So when they first decide to “be friends” and enter into each other’s Ring of Trust, they have personalized “keys” created which they will later use to decipher what the coded/encrypted/private message is they are receiving.

And from then on they are able to easily exchange sensitive info at liberty without worrying about who else can see it.

Now keep your friends close and your passwords closer. And start sharing the right info with the right people.