Keeping Your (Computers and) Data Safe

I just don’t understand Julia Angwin’s scare story about cookies and ad targeting in the Wall Street Journal [The Web’s New Gold Mine: Your Secrets, July 30, 2010]. That is, I don’t understand how the Journal could be so breathlessly naive, unsophisticated, and anachronistic about the basics of the modern media business. It is the Reefer Madness of the digital age: Oh my God, Mabel, they’re watching us!

. . .

It’s a fine thing that the Journal also tells readers how to “avoid prying eyes.” And if enough people do that, then the value of the advertising-supported web falls. Without cookies, the effectiveness and price of advertising would plummet as ads everywhere turn into remnant junk (smack the money), reducing revenue for media sites and reducing their content to junk.
. . .
Oh, and I neglected to point out that it was the very same Journal that had the wingnutty story about privacy and RFID tags on our pants, quoting as an expert a woman who thinks that RFIDs are – and I exaggerate not – the work of the devil. What the hell is happening there? Are they going out for drinks too often with their new neighbors at the Post?

“Why is The Wall Street Journal So Afraid of Cookies?” by Jeff Jarvis, The Faster Times, July 31, 2010

The study found a strong correlation between ‘minor’ policy violations and more serious abuse. From the report: “Based on case data, the presence of illegal content, such as pornography, on user systems (or other inappropriate behavior) is a reasonable indicator of a future breach. Actively searching for such violations rather than just handling them as they pop up may prove even more effective.”

The Verizon study also takes aim at the hype surrounding the “advanced persistent threat,” or APT — a politically and emotionally charged term that has become virtually synonymous with the term “cyber war”. The concept of APT — which describes attackers who are motivated, skilled, well-funded and patiently directed at compromising a specific target — is not new, but it came into vogue earlier this year with Google’s public disclosure that its intellectual property had been stolen in a targeted attack originating from China.

Hacked Companies Hit by the Obvious in 2009, Krebs On Security, July 28, 2010

Including the [U.S. Secret Service] USSS cases in this year’s report shook things up a bit but didn’t shake our worldview. Driven largely by organized groups, the majority of breaches and almost all data stolen (98%) in 2009 was still the work of criminals outside the victim organization. Insiders, however, were more common in cases worked by the USSS, which boosted this figure in the joint dataset considerably. This year’s study has by far improved our visibility into internal crime over any other year. Breaches linked to business partners continued the decline observed in our last report and reached the lowest level since 2004.

2010 Data Breach Investigations Report, Verizon RISK Team (66-page PDF PDF)

What can you do to keep your data, and your computer, “safe”? The standard advice:

  • Install and keep up-to-date a reputable anti-virus program: AVG, Avast
  • Have a knowledgeable person check you computer with HiJack This
  • Use a new version of your browser and keep it up-to-date: FireFox, Google Chrome
  • Use these browser add-ons and keep them up-to-date: NoScript, AdBlock, Better Privacy, Redirect Remover, Beef Taco (Targeted Advertising Cookie Opt-Out), SSLPasswdWarning, Lazarus: Form Recovery
  • Install and keep up-to-date a malware program: Malwarebytes Anti-Malware
  • Keep your Operating System (OS) up-to -date with the latest security patches
  • Keep your programs up-to-date with the latest updates, especially any security patches: Acrobat
  • Do not open email attachments that you are not expecting even if they appear to be from people you know
  • Be judicious about forwarding mass emails of any kind. I.e., don’t.
  • Do not click on unknown links in email – open up your banking, credit card and financial web sites using your trusted bookmarks or a known URL – and check to see if the link displayed at the bottom left of your browser (in FFx) matches what is displayed on the screen in your email.
  • Do not give personal information, account names, and passwords to strangers in person, over the phone, in email, or on a web site.
  • Do not download porn or illegal downloads – most people have no clue what hidden files they are also downloading.
  • Regularly read Krebs On Security

See also:

Image Source: Credit Card Theft, from Dan Hankins, used under Creative Commons license



Computer and Information Security Handbook

Computer and Information Security Handbook

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know

The Myths of Security: What the Computer Security Industry Doesn’t Want You to Know

Network Security Bible

Network Security Bible

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World





Legislative Drafter's Deskbook: A Practical Guide

Legislative Drafter’s Deskbook: A Practical Guide

Pocket Constitution

Pocket Constitution

Citizen's Handbook to Influencing Elected Officials

Citizen’s Handbook to Influencing Elected Officials: A Guide for Citizen Lobbyists and Grassroots Advocates

Congressional Procedure

Congressional Procedure, from TheCapitol.Net

For more than 40 years, TheCapitol.Net and its predecessor, Congressional Quarterly Executive Conferences, have been teaching professionals from government, military, business, and NGOs about the dynamics and operations of the legislative and executive branches and how to work with them.

Our custom on-site and online training, publications, and audio courses include congressional operations, legislative and budget process, communication and advocacy, media and public relations, testifying before Congress, research skills, legislative drafting, critical thinking and writing, and more.

TheCapitol.Net is on the GSA Schedule, MAS, for custom on-site and online training. GSA Contract GS02F0192X

TheCapitol.Net is a non-partisan small business.

Teaching how Washington and Congress work ™

Select publications from TheCapitol.Net