|
Author: Erich Heintz Article source: http://castlecops.com/. Used with author's permission.
Identity Theft and Your Personal Information
--------------------------------------------
Identity theft is apparently the "in thing" these days. By
media accounts, hackers and evildoers lurk everywhere trying
to steal your personal information. In the past few months,
one company after another is being forced to admit customer
data has been lost or stolen.
In many cases, they have then come forth repeatedly over the
next few weeks, or even months revising the estimated number
of impacted customers. To date, I don't think any have ever
lowered those numbers.
Identity Theft and Respected Companies
--------------------------------------
Generally speaking, these aren't fly-by-night organizations.
These are respected companies who we've come to trust. In
many instances, the loss wasn't even the work of a
"malicious hacker" or other mystical force beyond their
control; it was simple carelessness. The frequency of such
reports of identity theft is making it difficult for
consumers to feel confident in those with whom we do
business. Customers are outraged that companies are not
doing more to protect their information from the forces of
evil.
You and Your Personal Information
---------------------------------
What about you? How are you at keeping you personal
information under wraps? Some of these high profile
incidents were the result of a trivial mistake that could
have happened to anyone, including you.
Let's consider two events that didn't make the front page of
C|Net or CNN.
The Keys To The Castle
----------------------
I consult for a client who doesn't trust me. It's nothing
personal, they don't trust anyone. Whenever I visit this
site, I am forced to contact the client throughout the visit
to have them type a credential, or password, to grant access
to a server or router. It's really annoying.
I really respect this client.
They don't really know me; I'm "the consultant". They're
taking the proper steps when dealing with a consultant,
providing the absolute minimum amount of information
required. They would never give me unsupervised access to
the network, and certainly wouldn't consider giving me
passwords to their servers or routers. Not on purpose
anyway.
Then there was the day I was working alongside the client
and needed to reconfigure a router to complete a task. It's
a long walk to the client's office to get the password for
that particular router. Yes, this is a client who apparently
has a unique password for every piece of equipment they own.
Conveniently the client does keep a password protected file
on a USB key that contained the needed information. The
client was completely appropriate and even asked permission
before using my laptop to fetch the file. I consented, and
even made the gesture of turning away while he unlocked the
file and retrieved the required password.
Have you ever used Google Desktop Search? It's a very cool,
and aptly named, program that is a Google for your PC. It
will index your files and make them searchable through a
fast, flexible, and easy to use interface. It'll even cache
the contents of files so if you move it off your hard drive,
you'll still be able to see the contents of what was once
there. Normally it does all this in the background when you
computer is sitting idle. It also does it anytime you open a
file.
Your Personal Information Is The Prize
--------------------------------------
You guessed it. Logins, passwords, public and private IP
addresses. You name it, I had it. The client who would never
give me a single password had turned over all of them at
once.
What kind of wondrous data was now available? Personnel
records, salary data, trade secrets? Maybe, if this was a
corporate client. What about an academic, a University even?
Student records, financial aid forms, and grant information.
The possibilities were endless.
I promptly deleted the cache. The customer didn't want me to
have the information, nor did I.
Would You Hand Your Credit Card To A Stranger?
----------------------------------------------
The previous example showed how simple it is to
inadvertently reveal a large amount of data. It's funny how
easily a person can dismiss this type of loss. After all,
it's not your data, right?
So let's get a bit more personal.
Convenience And Computer Security Are Rarely Compatible
-------------------------------------------------------
I have a good trust relationship with my next client. She is
quite comfortable with me administering and securing the
corporate network. When it comes to her personal credit card
information however, well, not so much.
Pretty much every web browser available these days has quite
a few convenience features designed to make your day to day
"net experience simpler". One of these convenience features
came into play in this example, specifically the Firefox
browser's auto-completion feature.
Not too long ago, I was tasked by this client to make
arrangements for transfer of an internet domain to their
ownership. Not a difficult task, she could have handled it
herself. She was quite a capable computer user; she just
didn't want to be bothered with the process.
I set aside 20 minutes to go through her domain registrar's
step-by-step transfer wizard. I summoned the client to
explain the details of the transfer displayed on my laptop
screen. Facing the payment options screen the client asked
if she could proceed. I relinquished control of my laptop
and she entered the credit card information required to
complete the transaction.
Web Browsers Cache Your Personal Information
--------------------------------------------
Most modern web browsers, for convenience, will cache
information entered into web forms. The intent is to be able
to recall this information if it's requested by another
form. The following day, I was in the process of registering
another domain with the same registrar and was surprised,
for half a second, when the payment screen pre-populated
using the same information used the day before. In addition
to the credit card information I also had my client's
personal home address, and telephone number. This was quite
a bit of personal information the client never had any
intention of giving me.
So What's Your Point?
---------------------
These two examples are very different but do share two
important attributes. First, data the client intended to
keep private was revealed to me. Second, the reason for the
"compromise" of the data was due to the "victim" working
with said data on a computer they neither owned nor were
familiar with. Under different circumstances, the end
results could have been quite devastating.
Conclusion
----------
When using a computer system you do not own, perhaps at a
kiosk, or Internet Café, be aware that the computer itself
is going to remember a lot of what you've done as part of
basic functionality. Additionally, most entities that are
going to provide you with access to a computer, including
your employer, probably have systems in place that could
collect additional data you don't desire to share. Even
WiFi hotspots that allow you to use your own notebook or PDA
to surf the web while sipping coffee can be a potential
information collector.
The moral of the story is, when dealing with computer
systems that aren't your own, never handle data or documents
that you wouldn't want left behind unprotected. In all odds,
once you walk away from that computer, you've done just
that. About The Author
----------------
Erich currently specializes in providing network and security
solutions for small to medium businesses that frequently have
to resolve the conflict of need versus budget.
His commitment to precision and excellence is eclipsed only by
his fascination with gadgets, particularly ones that are
shiny, or that blink, or that beep. Erich is a
staff writer for http://www.defendingthenet.com and several other
e-zines. If you would like to contact Erich you can e-mail
him at erich.heintz@gmail.com or
DefendTheNet@ParaLogic.Net.
Internet Marketing - You Have to Give a Little to Make a Little
Everyone wants to make money without investing time or capitol. Here are three ways where spending money will in turn make you money.
How to Make the Real Estate Market Work For You and Get The Most Money
Advertising and selling your home on the internet can save you a bundle.
Mouth Watering for a Juicy Hamburger?
Hamburgers are a lot like sex. When they are good, they are very, very good. When they are bad, they're still pretty good. An internet guru who specializes in p...
How To Make Money In Real Estate Without Buying Any Property: Become A Mortgage Broker
Learn why you should become a mortgage broker even if you have a good job...
Common Waterbed Sheet Materials
Several materials are used to make waterbed sheets. Waterbed owners can choose between many different fabric options when buying sheets. Each fabric has its o...
Top 5 Reasons - Should You be Gambling Online?
Why is online gambling the latest craze to hit the Internet?Let's face it the casino business is big bucks. Games played for money have found their way into any...
Eye-Opening Information for Menopausal Women
Susun Weed has some interesting tips for menopausal women in this article.
The Secrets of Cold Tables
It's not hard to find a cold table. Just look for quiet tables with lots of empty spaces and somber looking people with just a few chips in front of them. You ...
Essential Oils and Nail Fungus
When everyone else can't wait for warmer weather to bare their toes, do your feet go into hiding? When it's time to head for the locker room, do you want to he...
Fathers Day Origins and Inspiration
While mothers have had their special day since 1914, fathers have only recently officially received the recognition they so richly deserve. Here are some though...
Screenwriting Essentials: Heros Journey and The Interdictor
One element of the Hero's Journey (during the stage of the Refusal) is the common presence of the Interdictor - a figure of authority prevents the hero acting u...
Mind Your Mind
Affirmations are often suggested as a means of changing how you feel and yet many people use them and get very little benefit from all the time spent repeating ...
How Not Letting Go of Your Past can Hurt Your Future
Experiences, whether good or bad, are sometimes all we
have, and most of them reside in the past. So you may ask,
why should I let go of my past when much of it...
Search Engine Submissions That Boost Link Popularity!
The article explains how and where to submit websites to search engines and directories in order to boost the link popularity. Quality counts, not quantity!
Decorating Kids Bedrooms - Get Them involved!
Let your kids have a say in how their bedrooms are decorated. Give them choices, and guide them along the way. Think how empowered your kids will feel knowing ...
The Nutritional Truth About Irritable Bowel Syndrome (IBS)
The nutritional truth about Irritable bowel syndrome (IBS)
Present Moment Awareness: Lessons From My Dog
I've always waited for the perfect moment: As though time were a flower waiting to bloom. My scruffy puppy-happy dog knows better. Watching his tail wag as he s...
Have Diabetes, But Enjoy Quality Food? Try Diabetic Recipes!
Having diabetes certainly limits some of the food you can eat, but with the right diabetic recipes you can still enjoy fine food. Sometimes, it is hard to know ...
Business Continuity Testing Starts with the Risks
All business continuity plans need to mirror the business and be based on the risks to that business. This article looks at options for dealing with risks in b...
Offense: Beat the Odds
Move the goal post, set your sites on the direction, and put your plan in motion. Strategic planning combined with positive action attains the goal of your dre...
Home Is Where the Gym Is - Tips For Setting Up Your Home Gym
As a society, we just don't get as much exercise as we used to. Fitness centers have done an excellent job of trying to help address this concern, but some peop...
Productivity at Home
Productivity at home makes time available for other activities. For many homemakers, that has opened up an opportunity to earn an extra income and improve the f...
Finding and Fighting Spyware
Never run an anti-spyware program? You are close to guaranteed of being infected.
Dream Lover
Direct Answers - Column for the week of September 1, 2003 I met my wife a dozen years ago and her best friend shortly thereafter. I was always fond of my wife'...
|
Print this page