Radio Amateur W4KWH

Card skimmers, in some respects, are rather impressive devices.  Designed to be invisible, they can be installed by criminals on ATMs, gas pumps, or essentially anything else with a card slot.  The principle is easy…your card gets scanned when you insert it into the machine and generally a camera will be located nearby to record your PIN when you type it in.  With this information, a criminal is able to simply reproduce your card for his or her own use.

As far as I know I’ve never actually seen one.  Just be safe and be observant…if a machine doesn’t look quite right then go somewhere else.

Source: Would You Have Spotted the Fraud? — Krebs on Security.

My hope is that most of you have already seen this information but it’s worth a repeat as we roll into 2010…

“The big question is – how do you tell the difference between a U.S. Census worker and a con artist? BBB offers the following advice:

“If a U.S. Census worker knocks on your door, they will have a badge, a handheld device, a Census Bureau canvas bag and a confidentiality notice. Ask to see their identification and their badge before answering their questions.  However, you should never invite anyone you don’t know into your home.

“Census workers are currently only knocking on doors to verify address information. Do not give your Social Security number, credit card or banking information to anyone, even if they claim they need it for the U.S. Census.  While the Census Bureau might ask for basic financial information, such as a salary range, it will not ask for Social Security, bank account or credit card numbers nor will employees solicit donations.

“Eventually, Census workers may contact you by telephone, mail or in person at home.  However, they will not contact you by e-mail, so be on the look out for e-mail scams impersonating the Census. Never click on a link or open any attachments in an e-mail that are supposedly from the U.S. Census Bureau.”

Source: BBB Alerts Consumers about U.S. Census Workers: Be Cooperative, But Cautious! – BBB News Center.

A short read on a few myths surrounding your safety and security while online.  The bottom line is that you are responsible for your own safety and your own security.  Government can do things to help, but the effectiveness of government efforts rely upon the efforts of private citizens in their day-to-day activities.

Source: ExecutiveBiz Blog» Blog Archive » Five Myths About Cybersecurity.

A followup on the article I posted yesterday…

This describes a presentation that was given during a security conference where the presenter went through the steps he took to obtain the data necessary to steal an identity.  Not altogether easy he said, but there are tools available that make it simpler.  Search engines themselves do a lot of the work.

Bottom line is that you must resist the urge to share personal information that we generally just don’t think of as personal.  We try to be social and have fun but don’t always think of the risk.  It’s easy to say “who would really want to steal my identity?”  After it actually happens I don’t think that’s what you’ll be saying…

Source: Infosecurity (UK) – RSA Europe: Identity theft is too easy and can even be automated says IT security expert.

This is a great article about the dangers of social networking.  I’ll agree, it’s fun and I enjoy making connections with people I haven’t seen in years.  It is, however, a risk.

Post a birthday here, a mother’s name there, place of birth on another site…pretty soon you’ve given out all the information needed to steal your identity as soon as someone connects all the dots.  Even worse, many parents have already done it for their kids also.

Source: Identity theft a growing menace to social networkers – The Irish Times – Fri, Oct 23, 2009.

I find these RFID tags rather scary…The possibility exists for you to be tracked wherever you go.  This is what has happened as a result of fear in America.  We are sacrificing our freedom for supposed security offered by the state.  The interesting thing is that the security we are being offered is a lie…it’s actually nothing but attempted control over the population.  Nothing but a simple grab for power over the masses.  By whom and for what purpose…I can’t really say…but I know that it doesn’t feel right…

We have to remain vigilant and not allow our freedoms to be taken away from us out of fear.  We are supposed to be the masters of our governing officials…not the other way around.  Never forget that elected officials serve at our discretion…they need to remember this also…

Source: Chips in Official IDs Raise Privacy Fears – Science News | Science & Technology | Technology News – FOXNews.com

A keysigning party? What?

Well here’s a brief explanation. Encryption is a process, in basic terms, where data of some kind is scrambled beyond recognition to keep prying eyes from reading the information. Data can also be “signed” which doesn’t obscure the information but will provide indication in the event that the information is been tampered with.

For either of these processes, keys are required. Much like those you have in your pocket, encryption keys will allow or prevent access to information. In public key cryptography, each key is split into two parts. The secret part is kept by the owner and is not shared but the public part is shared with everyone else. This system allows a variety of functions.

Someone possessing your public key can encrypt files to you or verify your signature on a file you signed. With your secret key you can decrypt files encrypted with your public key or digitally sign files.

The last part of this process is “trust.” You must have some way of determining that a particular key belongs to a particular person. Just because it has their name and email address identified in the key does not mean that the key actually belongs to them. If your good and reputable friend brings you a key, and tells you it’s his key, you can most likely trust that it is his. What happens when you exchange information with someone you don’t know?

The trust model helps to sort through some of this. When you sign your friend’s key, you’re saying that you’re sure that the key you signed actually belongs to the friend identified on the key. If your friend knows that you will not sign a key without verifying the owner then he could identify your signature as trusted. This means that he would place a higher level of trust on any keys signed by you even if they are held by someone that he’s never met before.

As time goes on this process begins to form a “web of trust” where keys can be identified as trusted as a result of the verification signatures attached to the key. Keysigning parties basically allow an environment where people share identification to prove their identity and then digital signatures are exchanged to increase the trust placed on their keys.

This is a really quick and dirty description of a rather complex process and I’ve made some very general statements in regard to trust. Hopefully I have at least raised your interest and desire in wanting to find out more information about the process.