Security and Privacy Guide
Believe it or not, unlike before, we're now in a new age in which basic security software no longer protect our valuables, because the new threats either disable or corrupt them.
So in addition to taking the usual security precautions (using up-to-date two-way firewall, antivirus and antimalware, and installing updates), I strongly encourage you to read the sobering quotes in every section of this page carefully and then do as recommended, if you haven't already, to minimize your risk of theft of your identity, money, accounts and domain name and website, if you have them.
Disclaimer: By checking out the security resources on this page, you acknowledge and agree that I will not be liable for any loss or damage resulting from those actions.
Risks & How to Minimize Them:
"If you're not knowledgeable or aware of the dangers of social networking, you can leave yourself wide open to identity theft and all the scams that go with it." - BeyondIdentityTheft.com
"When people hear about identity theft, they tend to think of credit card fraud and not what's happening to me. I cannot believe how easy it was for my former classmate to steal my good name and use it as his own..."
"If I've learned anything from all of this, it's that it's my job - and my job alone - to protect my own identity. It's a sad world when the only thing someone has to do in order to commit a crime against you is hear someone else wish you a happy birthday." - IdentityTheft.com
"You make it easier for identity thieves when you make lots of information about yourself public like your birthday, address or phone number because these are often used by call centre workers at your phone company, bank, insurance company. etc. as security questions before they change your password or postal address." - Neerav Bhatt
"ZIP code, [gender], and birth date are enough to determine your exact identity 87 percent of the time, as noted by Latanya Sweeney of Harvard's Data Privacy Lab." - Kevin Gold, Slate.com
"The first five digits of your Social Security number are derived from your birth date and your hometown. So if you post your birth date and hometown - and many people do - you could potentially be revealing over half of your Social Security number." - UT Dallas
"Are you an aspiring Internet affiliate marketer? ... Are you using your Social Security number as your Taxpayer ID Number? If so, you [are] exposing yourself to the risk of identity theft." - Xiao Huaz
"With identity theft on the rise, it's important to keep personal information (such as your Social Security number) private. However, the [U.S.] government requires that anyone who pays you more than $600 in a calendar year needs to report it to the IRS."
"That reporting must include either a Social Security number or an EIN. If you don't want to give ... affiliate programs your Social Security number, you will need an EIN." - strategicofficesupport.com
"When you sign up with a company to become an affiliate they will likely ask for [your Social Security Number, if you're an American]. If [you are,] it is important that you obtain an employer identification number or EIN. It... can protect you from identity theft."
"You do not have to employ anyone to get an EIN. You only need to have a business... It takes seconds, is free, and very important." - Arthur M., 6ways.blogspot.com
"This type of rogue application silently injects malicious code from infected ads on legitimate websites. Staying safe online needs a rethink of the battle plan. It’s no longer about just one thing, like a good antivirus."
"AV and malware level protection is an essential, but not front line defence – anymore."
1. A Strong Router Password
"Recently we have seen a browser re-direct that is installed not in the PC, but in the router. Each request in Google search redirected to an unrelated website. The reason the bug was able to install into the router was because it had a default password. When setting router passwords or any password the usual advice is to use complex and difficult passwords." - wiredoffice.com.au
2. A Secure DNS
"Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing." - Praveen Kumar, freshersplane.com
Using [a secure DNS service] helps protect you from phishing sites and infected websites.
3. A Browser in a Sandbox
"This is the problem… over the past couple of months, we have noticed an increasingly viscous class of infection. It is able to get past any and all virus protective systems. It doesn’t matter whether you run Norton, McAfee, AVG, Trendmicro, anything. No [purely] antivirus software can stop this type of bug."
"The most important tool to use is Sandboxie [or Comodo Antivirus, which includes antivirus, a sandbox and a secure DNS service]. Sandboxie approaches malware protection from a whole new angle. It doesn’t attempt to block anything. What sandboxie does is run your browser from within a contained space on your system and its hard drive."
"Anything transmitted to your machine from the web while browsing is unable to escape this container. When you close your browser, the container is obliterated." - Bryant, quickfixgeek.com
4. Trusteer Rapport
This browser plugin creates a secure pipeline around your connection to a trusted website, that blocks all malware, keeping your private data and money safe and secure. (See the shopping and online banking section below for more.) skip
The U.S. Department of Homeland Security and many cyber security experts advise users that they’re safer and better off without Java.
Please Note: You need Java for attending webinars. Unfortunately, it's not possible to disable the latest versions of Java completely when it's not needed - even in Windows (see below). So I strongly recommend you disable Java support in your browsers until you need it or uninstall it if you won't be attending webinars or using other Java-based applications.
For Mac OS, I recommend disabling Java in two places: in your browsers as instructed in the link above and in System Preferences.
Unfortunately for Windows users, despite what tech websites say and even Oracle, Java's creator, says, disabling Java in Internet Explorer is no easy task; which means re-enabling it is too. So I recommend disabling Java support in another browser and using it for safe web browsing, and leaving Java itself enabled so you can still attend webinars.
Browser "plug-ins don't automatically update, so over time, your plug-ins may get outdated as new versions are released. Keeping your plug-ins up to date is important since many exploits on the web target outdated plug-ins with security flaws." - Google
"Make sure your desktop software is updated because that's where people are being attacked today - Java, Flash, Adobe Acrobat, Windows Media Player, QuickTime."
"These types of client-side vulnerabilities are being exploited. There is a free product by Secunia called a "Personal Software Inspector" you can download for free. It helps mitigate the risk." - Kevin Mitnick, FBI's most-wanted hacker-turned security expert.
"I disable [browser] extensions when I am using high-risk, public networks (airports and hotel Wi-Fi)." - Adrienne Porter Felt, security consultant
"Only install [extensions] from websites that you trust. Web browser [extensions] allow webpages to display things like toolbars, stock tickers, video, and animation. However, [extensions] can also install spyware or other malicious software. If a website asks you to install an [extension], make sure that you trust it before doing so." - Microsoft
"Coffee shop wireless is like playing Russian roulette: one day the bullet will be in the chamber." "Never use public wifi [wireless] without a VPN." - Stach & Liu, security consultants to the Fortune 1000, high-tech startups and financial institutions
"If you're on an open wireless network, use VPN." - Kevin Mitnick, FBI's most-wanted hacker-turned security expert.
Get notified when this page changes.
Please read my disclaimer before visiting the following top sites.
Brent's Place at brentsplace.info
©2000-2006 All rights reserved.