System7

Spread the word, information is free.

Archive for category privacy

LastPass: My new favorite password manager

Jul 23

Posted by The Gunslinger in news, privacy, security | No Comments

LastPass is a cloud based password manager.  There’s no worries as your master password is used to symmetrically encrypt your information before it it sent to LastPass.  You don’t have to worry about passwords lying around unencrypted on your disk. The really great thing about LastPass is they support just about every known device: BlackBerry, iPhone, Android, Mac, Windows, Linux, Firefox, IE, Chrome, etc……..

LastPass is free!

LastPass Premium (no ads, mobile support) is only $1 a month!

LastPass imports from over 20 password managers

Go check it out now.  I’ve already switched from KeePassX and Firefox Password Manager.  I’ll be getting the rest of my family moved on to it this weekend.  If you still need more convincing Episode 256 of Security Now, Steve Gibson walks listeners through the LastPass architecture.  Also don’t forget to run the LastPass Security Challenge — it will score you based on your average password strength, use of two factor authentication, blank passwords, duplicate passwords, etc.

Tags:

(tool) HTTPS Everywhere

Jun 21

Posted by The Gunslinger in news, privacy, security | No Comments

There’s a new Firefox add-on, HTTPS Everywhere, jointly developed by Tor and the EFF.  If a website has an SSL certificate, the add-on will automatically redirect the user to the page’s https address.  The add-on comes loaded with a default ruleset for some of the more popular websites such as Google, Twitter, Wikipedia, etc.  HTTPS Everywhere allows users to create their own redirection rules with XML and regular expressions.  There’s another H write-up here.

Tags: ,

Ubuntu can bypass iPhone pin to read data?

Jun 12

Posted by The Gunslinger in apple, news, privacy, security | 1 Comment

According to this zdnet article, when plugging your iPod into an Ubuntu machine the device is mounted without ever being prompted for a PIN code.  This is working on non jail broken iPhones.  I’m surprised the article only names Ubuntu — surely this must work for other distributions?  Unfortunately I don’t own an iPhone to test first hand.

On a side note, is Ubuntu taking over the world?  Sometimes you don’t want to make things too easy otherwise all of the idiots will flock from Mac and Windows and plague all of our favorite distributions with requests for ports of ___ (insert favorite fan boi single platform software here).

Tags: ,

How to detect an ATM skimmer

May 25

Posted by The Gunslinger in privacy, security | No Comments

I subscribe to the Privacy Rights Clearinghouse newsletter.  If you’ve not been to this site before and you’re interested in privacy it’s a worth while bookmark.  They recently published their ‘Summer Vacation – Privacy Primer‘ which has an interesting article on spotting ATM skimmers.  Skimmers are hard to detect; your best recommendation is to stick with cashing checks through a teller (or rely on your credit card if you have the self control)  Personally I’m guilty of believing I’m not at risk living in the suburbs; unfortunately it will take a come to Jesus moment (ahem, getting burnt) to slap some reality in me.

You can view the ATM Skimmer Awareness presentation here.

http://www.privacyrights.org/summer-vacation-privacy-identity-theft

Tags: , ,

Google beta’s SSL for web searches

May 24

Posted by The Gunslinger in google, news, privacy | No Comments

According to this H article, Google is beginning to beta a new feature of providing SSL for their standard web search service. As one commenter noted, Google is still collecting the same information from your searches but this will limit 3rd parties from eavesdropping on your search queries. Remember SSL doesn’t guarantee absolute privacy as there’s Moxie Marlinspike’s work, chance of CA intermediaries, and your employer loading their own trusted CA’s into your corporate devices.

Tags: , ,

Google & Privacy

Apr 16

Posted by The Gunslinger in google, news, privacy | No Comments

Bruce Schneier recently posted an article about the erosion of privacy.  Specifically how the social networking sites are accelerating this “privacy decay.”  Along with attacked social networking sites he through in Google.  I just came across an interesting Forbes article where a Google engineer rebukes Schneier. You can find that article here: http://www.forbes.com/2010/04/12/privacy-facebook-gmail-technology-security-google.html

Two interesting tidbits in the article are Google’s privacy control pages which you may not be aware of:

  1. Google Dashboard – Control your Google privacy settings for all of google’s applications
  2. Ads Preferences Manager – Control whether ads are tailored to your viewing habits or not.  You can opt out here.  *Warning this site sneakily redirects through doubleclick.net — bastards!

Google privacy video’s and privacy podcast

Jan 28

Posted by The Gunslinger in news, privacy | 1 Comment

On the way to work this morning I was listening to the Silver Bullet podcast interviewing Dr. Lorrie Cranor (Comp Sci professor at Carnegie Melon).  I recommend listening to this episode if you’re at all interested in privacy in the digital age and how it has been evolving.  Actually, how is society reacting or non-reacting to privacy in a new medium.  There are some interesting studies about how well people can decipher privacy policies and how most companies keep their policies convoluted.  An interesting mention is the idea of having privacy policies follow a “nutritional label” format which would be great for the layman like myself to read :-)

Cranor helped create the P3P Standard: http://www.w3.org/P3P/ It’s been approved by the W3C and has even been supported in IE6-8.  Sadly, I don’t think many webmasters are aware of it.

Dr. Cranor also mentions how Google is making an attempt to clarify their privacy policy as folks start to wonder if Google can reach the point of too much information (Enemy of the State and Minority Report).  Long story short, Google is creating video’s with real people explaining the privacy policies of their different applications.  Kudos to Google on this: http://www.youtube.com/user/googleprivacy

Update: Search engines with best privacy policy

Dec 11

Posted by The Gunslinger in privacy | 1 Comment

I previously posted about search engine Ask.com’s AskEraser privacy feature.  After reading this article from the Electronic Frontier Foundation (EFF), Several Facts about Google and HTTPS, I learned about the ixquick search engine which appears to have an even better privacy policy.

ixquick highlights:

  • doesn’t record your IP address
  • creates NO unique cookie IDs
  • privacy data deleted within 48 hours
  • uses POST instead of GET requests to further mask search data
  • EU endorsed (and EU has some of the best privacy laws in the world)

On a side note, here’s the 2005 CNET article where Google was used to discover several personal details about Google CEO Eric Schmidt.

Try something new…. AskEraser….

Nov 13

Posted by The Gunslinger in google, privacy | 1 Comment

I’ve been looking around for a new search engine besides Google.  I’m worried about giving them all the business and their privacy policy scares me.  They’re collecting more and more of our information and no one seems to notice.  (Take a look at Google’s new Dashboard if you want to see what they’re collecting on you)  I’ll admit, I haven’t started running my own MTA again but I’m getting close. Do you want my public key?  I hope you have one.  There’s guys in Utah and St. Louis looking through your email contents as I write this….

Anyways…back on track….

It’s not the easiest task comparing privacy policies even if you limit your search to the big players (google, yahoo, bing, baidu, ask, altavista).  Besides Scroogle which is a Google proxy — returning scrubbed results cookie free, most of the large search engines are very similar with their policies.  They all store some type of tracking cookie and say they can use this to target specific advertisements towards you and or share with third parties.  HOWEVER, all is not lost, I did come across the Ask.com AskEraser.  Navigate over to Ask.com and in the top right corner you’ll see “AskEraser On | Off”  turn this guy and check your cookies for yourself….it does make a difference…

When enabled, AskEraser will completely delete your search queries and data from Ask.com servers, including: your IP address, User ID and Session ID cookies, as well as the complete text of your search query–all within a matter of hours,

We’ll have to take Ask’s word that they’re actually removing our search data from their servers unless someone has a better idea?  Raid one of their NOCs on a Friday night hoping to bribe the night security guard with a pizza and a hooker? (maybe the pizza and a mountain dew would be enough)

Why I avoid Web 2.0 sites like the plague…

Oct 28

Posted by The Gunslinger in news, privacy | No Comments

In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.

Here’s the complete Wired article

***I apologize, I can’t help it is a Wired writeup.  I’m beginning to dislike Wired more and more due to their contributors’ extreme verbosity.