Twitter hacked by old technique — again by AP: Yahoo! Tech

This article came out yesterday. The short description is that a compromised personal email account led to a compromise at Twitter.

Although the article is written with the focus on Twitter, this can just as easily happen to you and your organization.

Tip: Keep work email and data separate from personal email and data.

We need to constantly remind folks that there needs to be separation between work and personal email and storage. The selling point is that it protects both the employee and the company in the event the other is compromised.

Once again, the weakest link is The Human.

- Dan

I can remember many, many years ago when my Dad disposed of old tax documents. He just threw them in the trash.

The only redeeming factor was that we lived in the country and burned all of our paper trash.

But, have you ever known anyone to just toss a confidential document in the trash? What is considered “confidential“?

Here are some examples of what you should consider confidential…

• Anything with your Social Security number on it
• Anything with a credit card number on it
• Anything that is a credit application
• Anything with user accounts and passwords
• Anything with bank account numbers

Tip: Purchase a cross-cut shredder and shred confidential documents.

This will help to protect you from identity theft, or someone using your credit to make purchases.

Make you life easier. Shred those documents!

- Dan

You can learn alot by watching people.

I had breakfast this morning and was stunned to overhear someone on their cell phone give the administrative login credentials for the company website to someone else. They also very carefully spelled out the entire URL to the login page.

If I were not trustworthy, I could log into their website and cause havoc.

What’s the moral to this story? You never know who is listening to your conversations. Be careful what you share, and with whom you are sharing.

Let’s keep quiet with confidential information…

- Dan

We’ve all let things slide. You have. I have.

Like the auto mechanic with bad brakes on his car. Or the home remodeler who never quite finishes the woodwork. Or the InfoSec pro who occasionally doesn’t follow his own advice!

Here is a list of some of the things I have advised others to do that I have occasionally not done – and that have caused me grief!

Clicking on unexpected pop-up windows – Yep, I’ve fallen for this one a couple of times. One time it resulted in a virus infestation that was a bugger to clean. Another time I clicked on a pop-up and suddenly my screen began filling with other pop-ups containing images of things that I’d rather not discuss here!

My remedy is two-fold. First, I turn the pop-up blocker on for each browser that I use. Second, if for some reason a window pops up, I generally just close it without clicking any of the buttons. Funny thing is that I use a Mac and most pop-ups are made to look like a Windows dialog box. It’s pretty easy to tell if it is legitimate, or not.

Assuming people know what I’m talking about – I have had many people ask my opinion or help with computer security issues. I used to give a very complete, and often highly technical, answer. The result of this generally is that eyes roll or glaze over and they say something like, “ok, yeah, Uh-huh”, but they really got lost about 10 seconds into my speech.

So, now I try to give answers that are simplified with one or two steps that can be taken immediately. Sometimes I even pull out a business card and write the steps down for them.

Outdated anti-virus – In another post, I made reference to a time when I had a worm that compromised my personal banking information. That was a result of outdated anti-virus on my computer.

I now ensure that the anti-virus software is current with both the application and the virus signatures. In addition, I make sure that anti-spyware software is also running as it should. At some point in the future, these two malware solutions will probably merge, but until then, they must both be kept updated.

Not patching the OS – This is kind of like polishing your shoes. You can see that it needs done, but it is hard to make the time to get it done. But, these patches are important. I used to think that I could manage this on my own and that I needed to let every patch have some time before I put it on my personal computers. But not any more. Too much malware is easily spread when the patches are not applied.

Now I have Automatic Updates turned on for each of my Windows computers. It is set to download the updates, and then install at night. This also covers my Microsoft applications that are installed. On my Mac computers I make sure that Software Updates are enabled and that each application is set to check for updates automatically.

No backups – This one hit me hard a few years ago. I had just converted to a digital camera and had all the new photos stored on a computer at home. It was a new computer and I kept thinking that I would get around to setting up a backup system. I never to this done before the drive crashed and I lost nearly a years worth of family photographs.I learned my lesson.

Now I use Time Machine backups on my Mac, and Shadow Copy on my Windows boxes. With both of these I really don’t have to think too much about backups, just periodically check to see if they are still running. No only are they good if there is a drive crash on the computer, but I can go to my Time Machine backup to recover a file that might have been accidentally deleted.

So, as you can see, I have made my share of mistakes. Learn from them. As Edmund Burke said, “Those who don’t know history are destined to repeat it.”

Don’t repeat the history of my mistakes!

- Dan

If someone is looking for information about you, what’s the first thing they will do?

Yep, they will fire up Google and do a search.

It is good practice to periodically search for yourself on Google. Be sure to include any variations on your name.

Here’s what I would use…

• “Dan Strom”
• “Daniel Strom”
• “Daniel L Strom”

There are some other variations, but I never go by those, so I would not check them.

This might be a particularly wise thing for college students to do, especially if they are looking for a job.

So what do you do if the search returns some pages with inaccurate, or not-so-nice information about you?

• You can contact Google to have the search information purged from their indices.
• You can also contact the authors of the pages to request that they remove the information.
• In the event of serious libel, an attorney specializing in Internet issues might need to be found.
• If nothing else, at least you now know what is out there and you can be ready to address the issue if it ever arises.

So, here’s the warning. Information put on the Internet is available even after it is removed. The Wayback Machine has historical views of many pages on the Internet.

The final bit of advice is that you need to be careful about the information you choose to put on the Internet about yourself. But, you also need to be diligent in checking what others have put out about you.

What else can you think of to protect yourself?

- Dan