Keeping Your (Computers and) Data Safe

I just don’t understand Julia Angwin’s scare story about cookies and ad targeting in the Wall Street Journal [The Web’s New Gold Mine: Your Secrets, July 30, 2010]. That is, I don’t understand how the Journal could be so breathlessly naive, unsophisticated, and anachronistic about the basics of the modern media business. It is the Reefer Madness of the digital age: Oh my God, Mabel, they’re watching us!

. . .

It’s a fine thing that the Journal also tells readers how to “avoid prying eyes.” And if enough people do that, then the value of the advertising-supported web falls. Without cookies, the effectiveness and price of advertising would plummet as ads everywhere turn into remnant junk (smack the money), reducing revenue for media sites and reducing their content to junk.
. . .
Oh, and I neglected to point out that it was the very same Journal that had the wingnutty story about privacy and RFID tags on our pants, quoting as an expert a woman who thinks that RFIDs are – and I exaggerate not – the work of the devil. What the hell is happening there? Are they going out for drinks too often with their new neighbors at the Post?

“Why is The Wall Street Journal So Afraid of Cookies?” by Jeff Jarvis, The Faster Times, July 31, 2010

The study found a strong correlation between ‘minor’ policy violations and more serious abuse. From the report: “Based on case data, the presence of illegal content, such as pornography, on user systems (or other inappropriate behavior) is a reasonable indicator of a future breach. Actively searching for such violations rather than just handling them as they pop up may prove even more effective.”

The Verizon study also takes aim at the hype surrounding the “advanced persistent threat,” or APT — a politically and emotionally charged term that has become virtually synonymous with the term “cyber war”. The concept of APT — which describes attackers who are motivated, skilled, well-funded and patiently directed at compromising a specific target — is not new, but it came into vogue earlier this year with Google’s public disclosure that its intellectual property had been stolen in a targeted attack originating from China.

Hacked Companies Hit by the Obvious in 2009, Krebs On Security, July 28, 2010

Including the [U.S. Secret Service] USSS cases in this year’s report shook things up a bit but didn’t shake our worldview. Driven largely by organized groups, the majority of breaches and almost all data stolen (98%) in 2009 was still the work of criminals outside the victim organization. Insiders, however, were more common in cases worked by the USSS, which boosted this figure in the joint dataset considerably. This year’s study has by far improved our visibility into internal crime over any other year. Breaches linked to business partners continued the decline observed in our last report and reached the lowest level since 2004.

2010 Data Breach Investigations Report, Verizon RISK Team (66-page PDF )

What can you do to keep your data, and your computer, “safe”? The standard advice:

• Install and keep up-to-date a reputable anti-virus program: AVG, Avast
• Have a knowledgeable person check you computer with HiJack This
• Use a new version of your browser and keep it up-to-date: FireFox, Google Chrome
• Use these browser add-ons and keep them up-to-date: NoScript, AdBlock, Better Privacy, Redirect Remover, Beef Taco (Targeted Advertising Cookie Opt-Out), SSLPasswdWarning, Lazarus: Form Recovery
• Install and keep up-to-date a malware program: Malwarebytes Anti-Malware
• Keep your Operating System (OS) up-to -date with the latest security patches
• Keep your programs up-to-date with the latest updates, especially any security patches: Acrobat
• Do not open email attachments that you are not expecting even if they appear to be from people you know
• Be judicious about forwarding mass emails of any kind. I.e., don’t.
• Do not click on unknown links in email – open up your banking, credit card and financial web sites using your trusted bookmarks or a known URL – and check to see if the link displayed at the bottom left of your browser (in FFx) matches what is displayed on the screen in your email.
• Do not give personal information, account names, and passwords to strangers in person, over the phone, in email, or on a web site.
• Do not download porn or illegal downloads – most people have no clue what hidden files they are also downloading.
• Regularly read Krebs On Security

See also:

• Protect Your Computer, from National Cyber Security Alliance
• How to Secure Your PC, from WikiHow
• How to Keep your Computer Secure and Running Smoothly, from eHow

Image Source: Credit Card Theft, from Dan Hankins, used under Creative Commons license

More

• Krebs On Security
• 4 steps to protect your computer, from MicroSoft
• Google Online Security Blog
• FireEye Malware Intelligence Lab
• Security Blog, from Verizon Business
• Cyber Security Tips, from United States Computer Emergency Readiness Team (US-CERT)
• InSecurity Complex, Elinor Mills, cnet

Courses

• Congressional Operations Briefing – Capitol Hill Workshop
• Drafting Federal Legislation and Amendments
• Writing for Government and Business: Critical Thinking and Writing
• Custom, On-Site Training
• Drafting Effective Federal Legislation and Amendments in a Nutshell, Audio Course on CD
• Congress, the Legislative Process, and the Fundamentals of Lawmaking Series, a Nine-Course series on CD

Publications

Legislative Drafter’s Deskbook: A Practical Guide

Pocket Constitution

Citizen’s Handbook to Influencing Elected Officials: A Guide for Citizen Lobbyists and Grassroots Advocates

Congressional Procedure

CongressionalGlossary.com, from TheCapitol.Net