Comments on FreePress article featuring @DrInfoSec

The article (linked below), written by Dan Linehan of the Mankato Free Press, contains a good summary of the discussion I had with Dan about Twitter, Facebook, and online security. This post is meant to provide additional information that didn't make it in the original newspaper article due to the paper's limited column space.
  1. I use an older, but dedicated, computer to check anything dealing with money (bank and credit card accounts). This computer runs what I consider to be a "pristine" environment that I periodically reset (to a "known good state") and then update. If you have an older computer laying around, you can use a free operating system like Ubuntu, as recently recommended by former Washington Post writer Brian Krebs. More recently, the Chief Information Officer (CIO) of a bank recommended that people switch to another operating system to do their online banking (Src: Bank CIO recommends Ubuntu for online banking). Perhaps the announcement by the Director of the FBI's Cyber Crime division that he would stop banking online can help convince people to change their online banking habits.
  2. The special program I use to open links is Firefox with the NoScript add-on. In addition, if using a public Wi-Fi (wireless Internet), I also use another layer of protection in the form of an application-level sandbox tool called Sandboxie.
  3. The "plastic film" used for privacy can be found by searching for "privacy filter" on a major search engine.
  4. On passwords: the three "rings" of security I referred are related to three levels of passwords that I recommend people use. The highest-privilege ring should be a series of complex passwords, to be used for bank and/or credit card web sites. The next ring would be used for medium-importance sites such as personal email accounts or other web sites that contain personally identifiable information (about you or others). The third ring, the lowest level, is used for sites that you regard as low-importance. For most of us, this would include most social networking sites and other just-for-fun logins.
  5. More information about the "hack" of Sarah Palin's account is available online. Specifically, "the hacker guessed that Alaska's governor had met her husband in high school, and knew Palin's date of birth and home Zip code." (Source)
  6. Some of the best information I can recommend for Twitter and other social networking sites can be found at:
    1. http://www.ehow.com/how_5071658_twitter-safely.html
    2. http://twitter.blog.avg.com/2010/02/top-10-tips-to-stay-safe-on-twitter-from-avg.html
  7. Bad passwords can lead to easily compromised accounts. Is your password on this list? If so, whatever account used such well-known passwords could already be in hackers' hands.
  8. Everyone should be careful what they reveal not only about themselves but also about others on social networks. In one case, a home burglary appears to be tied to a Facebook posting. In another case, a faculty member was fired for an improper posting.
More information about my profile and my certifications can be found on my LinkedIn profile.

Src: Staying safe on Twitter, Facebook » Local News » The Free Press, Mankato, MN

No comments: