Taking into account recent revelations with Edward Snowdenand government surveillance programs I’ve started to thinking that maybe I should ditch my email provider and host it on my own server. It’s definitely not good when somebody is reading your emails, even if you’re innocent. Or maybe especially?
OK, so I would host my own email server and then what. Well, nothing. All my friends and family members are using Gmail or other email services from big companies.
I value Bruce Schneieras security expert. I love his blog. I like that he’s not fast to make opinion and analyzes everything thoroughly. I’ve enjoyed his book Secrets and Lies: Digital Security in a Networked World. And as he advertised his last book, Liars and Outliers: Enabling the Trust that Society Needs to Thrive, a lot, I’ve decided to give it a try. It was easier decision to me as it’s available on Safari Books Online.
Recently I have started using Chrome as primary browser (and I’m happy so far). Because of that I’ve needed to log into my Google account to be able to use Reader and other Google apps. I’ve typed my login and password, but as I’m using 2-step verification I was asked to input a code I should’ve received by sms message. I was trying to log on August 30th somewhere around the noon and was waiting for code to arrive for a good while, then finally gave up and used Printable backup codes (good that I was already authorized on Firefox as I’ve lost this printout).
I’ve read very interesting text about 3D movie projectors used by cinemas and how bad security design led to worse end-user (viewer) experience. You can find full text here. But I want to write about something I’ve recalled after reading this text.
Few years ago I was working at call center for major Polish telecom (TP SA). I was help-desk for ADSL service called Neostrada. We were divided into two groups:
On Monday I’ve received a call from my bank with information that my credit card details were stolen by third party, so they’ve blocked it and new one would be issued within a week. I was quite surprised and even suspected a fraud at first, but guy hasn’t asked me about any personal information, so no red light.
On Tuesday my mother sent me an email with attached scan of document received from GoGrid.
Today I’ve read article by Bruce Schneier about conception of Internet Quarantines. Scott Charney from Microsoft gave an idea that computers in Internet should be quarantined if they’re infected by malicious software. This method is used by many companies when you want to connect via VPN to their networks. Bruce gave it deep and worth reading analysis so I wouldn’t rewrite what was written already.
From my point of view the idea would be especially bad for one group of people, helpdesk personnel at ISP.
Today I’ve read article on Polish security portal Niebezpiecznik.plabout a guy who was searching for information about his debtor and accidentally found a file with list of over 1000 debtors of PKO BP(Polish bank), more here(unfortunately only in Polish). First he was accused that he obtained this file illegally by breaking into bank’s network, but police found no evidence for that and file was indeed indexed by search engines. So after charges have been dropped bank’s spokesman informed general public that this file was, as he called it, “deep hide” and was indexed just after 4 years.
Looks like really every program can be harm to your computer these days. I’m reading US CERTreports regularly and yesterday I’ve read this one. Long story short software included with the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access. It’s very serious as attacker can gain complete access to machine (however with privileges of currently logged user, so if you’re not using admin account all the time it’s not so serious, but how many Windows users do that).
Bruce Schneieris the person well known to everybody interested in IT security. Recently he published blog postabout why two-factor authentication is not solving all security problems. For those who don’t know what this term means, two-factor authentication is basically system where first you’re giving your “constant” password (password which doesn’t change), then if you’ve provided correct password system is sending you another one which is generated for you just for this single use (this password can be generated also by some small device provided to you by system admin).
Just a quick note. If you are, like me, using WordPress for your blog then you should update it to version 2.8.4 asap. Read more here.