Leaving home? Don’t tweet about it!

Common sense tells you not to advertise the fact that you're not at home. Surprisingly, everyday thousands of people advertise this very fact on Twitter. A new website appropriately named PleaseRobMe.com shows tweets that specifically contain keywords such as "not at home" and "on vacation".

How dangerous is this? Just for fun, I closely examined one of the tweets. It was from a young entrepreneur in Salem, OR advertising the fact that he had just settled down at the local Starbucks. A couple of Google searches quickly revealed his iPhone number, websites, and various social media accounts. His website also uses foursquare.com, which gave me a map of his exact location.

One website, intelius.com, offered to sell me his full name, address, age, date of birth, home phone number, relative’s names, address history, average income, and home value for just $0.95...all of the information a burglar would just love to have. For criminals, it doesn’t get any easier than this!

James Bell

Lifestrand: A new digital afterlife service

Lifestrand is a new social utility for sharing memories about your departed loved ones. This new digital afterlife service brings together people for purposes of celebrating the lives of those no longer with us.

A memorial is created for the deceased consisting of free space to upload photos, post written memories, and publish timelines that refer to events in your loved one's life.

James Bell

Understanding file security

Lots of websites offer upload space for you to store files. A few even claim to store your files securely. Even fewer explain how exactly what secure means. A securely stored file must have at least three characteristics. It must be unreadable to unauthorized parties, it must be tamper resistant, and it must be available when needed.

Making a file unreadable to unauthorized parties requires encryption. The encryption algorithm used must be strong, such as 256-bit AES. The file must be encrypted while it is being moved (in-flight) between computers using SSL. More importantly, the file must remain encrypted while it is stored (at- rest).

Making a file tamper resistant requires taking a digital signature. This signature is created using a hash function, which is a mathematical procedure that converts a large amount of data (your file) into a small unique data value (your signature). This same procedure is used by criminal forensic specialists to ensure that digital evidence remains tamper free. A digital signature of your file should be taken immediately after it’s uploaded and again just before it’s downloaded. If the two signatures do not match, your file must not be downloaded.

Making sure your files are available when needed requires that a regular backup be taken. In most cases a periodic (i.e. weekly) backup may suffice. However, under high volume conditions this method may be inadequate. A more robust approach requires that data files be stored within an infrastructure that is both redundant and distributed. This means that multiple copies of data files (redundant) are stored in geographically separate locations (distributed). If a file is lost or destroyed in one location it is immediately available from another location.

Make sure that your service provider clearly states how your files are stored. If nothing is mentioned about these safety measures, it’s highly likely that no precautions are being taken. If your file is intercepted by a hacker, you may not get a second chance.

James Bell

Keyloggers pose biggest threat of identity theft

You may be shocked to learn how easy it is for another person to monitor everything that you are doing on your computer. Keystroke logging software (known as keyloggers) tracks your keystroke activity, typically in a concealed manner so that you are completely unaware of being monitored.

When a keylogger is installed on your computer with your knowledge (which is legal), it’s known as Internet Monitoring and Surveillance software. This is usually done by employers who monitor their employees computer usage or by parents trying to limit their children’s Internet activity.

When a keylogger is installed without your knowledge (which is illegal), it’s known as spyware. The keylogger is usually installed along with shareware or when your computer becomes infected by a Trojan.

By operating in stealth mode, you have no idea that this software is active on your computer. It completely compromises your privacy by transmitting your activity to others through your Internet connection. Even worse, most antivirus scanners fail to detect this type of intrusion. In fact, most scanners fail to detect 70% of keyloggers available on the market.

What can be done? Several software products, such as Identity Patrol and Spy Reveal, are currently available that exclusively focus on detecting keylogger activity. We highly recommend that your run this type of software in tandem with your antivirus scanner.

James Bell