Security & Privacy

Infosecurity (UK) – RSA Europe: Identity theft is too easy and can even be automated says IT security expert

A followup on the article I posted yesterday…

This describes a presentation that was given during a security conference where the presenter went through the steps he took to obtain the data necessary to steal an identity.  Not altogether easy he said, but there are tools available that make it simpler.  Search engines themselves do a lot of the work.

Bottom line is that you must resist the urge to share personal information that we generally just don’t think of as personal.  We try to be social and have fun but don’t always think of the risk.  It’s easy to say “who would really want to steal my identity?”  After it actually happens I don’t think that’s what you’ll be saying…

Source: Infosecurity (UK) – RSA Europe: Identity theft is too easy and can even be automated says IT security expert.

Security & Privacy

7 Practices for Computer Security

This web page presents a terrific checklist and primer for being safe on the Internet.  The items listed in the article are the following:

  1. Protect your personal information.
  2. Know who you’re dealing with.
  3. Use security software that updates automatically.
  4. Keep your operating system and Web browser up-to-date, and learn about their security features.
  5. Keep your passwords safe, secure, and strong.
  6. Back up important files.
  7. Learn what to do in an emergency.

Take some time to look over the guidance and follow it at home as well as at work. It will help make your time on-line much safer.

Source: Computer Security – OnGuard Online

Security & Privacy

An Explanation…

A keysigning party? What?

Well here’s a brief explanation. Encryption is a process, in basic terms, where data of some kind is scrambled beyond recognition to keep prying eyes from reading the information. Data can also be “signed” which doesn’t obscure the information but will provide indication in the event that the information is been tampered with.

For either of these processes, keys are required. Much like those you have in your pocket, encryption keys will allow or prevent access to information. In public key cryptography, each key is split into two parts. The secret part is kept by the owner and is not shared but the public part is shared with everyone else. This system allows a variety of functions.

Someone possessing your public key can encrypt files to you or verify your signature on a file you signed. With your secret key you can decrypt files encrypted with your public key or digitally sign files.

The last part of this process is “trust.” You must have some way of determining that a particular key belongs to a particular person. Just because it has their name and email address identified in the key does not mean that the key actually belongs to them. If your good and reputable friend brings you a key, and tells you it’s his key, you can most likely trust that it is his. What happens when you exchange information with someone you don’t know?

The trust model helps to sort through some of this. When you sign your friend’s key, you’re saying that you’re sure that the key you signed actually belongs to the friend identified on the key. If your friend knows that you will not sign a key without verifying the owner then he could identify your signature as trusted. This means that he would place a higher level of trust on any keys signed by you even if they are held by someone that he’s never met before.

As time goes on this process begins to form a “web of trust” where keys can be identified as trusted as a result of the verification signatures attached to the key. Keysigning parties basically allow an environment where people share identification to prove their identity and then digital signatures are exchanged to increase the trust placed on their keys.

This is a really quick and dirty description of a rather complex process and I’ve made some very general statements in regard to trust. Hopefully I have at least raised your interest and desire in wanting to find out more information about the process.