Have you ever looked into researching your family tree? Have you noticed what kind of information you can find out about people, especially older people who have been around since the 1930 census (and pretty soon, the 1940 census)? Upon death, social security numbers are published in the Social Security Death Index, and some of that information is still useful. For example, my father passed away in 2000, my mom still receives social security benefits based on his SSN – which is now public information. All of the joint accounts they had together are mostly still with his social. It would make it easy to steal the identity of a dead person. The SSDI is supposed to prevent that, but[…]
Category: privacy
This has been a debate among policy writers since personal e-mail started to become popular: Can your company monitor/sniff/access your personal e-mail? Up until this week, it was commonly accepted that you didn’t use company resources to access/read/write your personal e-mail if you didn’t want it to be monitored. However, that seems to have changed – in one specific case. In New Jersey, a woman used her company laptop to exchange information with her lawyer over a web-based e-mail over an issue at work that later went to court. The company used her e-mail communications (presumably) cached on the laptop as evidence against her in court. While this is (so far) the first case I’ve heard of like this, it[…]
Last weekend, people from all corners of the technology converged on Austin, Texas for the 2010 South By Southwest Interactive (SXSWi) conference. Much of the coverage has echoed the focus of an old real estate mantra: Location, location, location. In a rivalry dubbed the “geolocation wars,” mobile start-ups Foursquare and Gowalla competed for attention as attendees used GPS-enabled phones to record electronic check-ins at various conference events. And while these two players often come up in reports on location-aware social networking, Twitter has begun letting users record where they tweet (giving new meaning to the word “follow”), and sources indicate Facebook will be rolling out a similar feature soon. Across the Web, sites are adding features that will quite literally[…]
An uproar was recently started in reference to some privacy concerns about the new release from Google, Google Buzz. One of the first to sound the alarm was a blogger who was quite explicit about disliking some of its default options (and by explicit I mean “NSFW language” explicit, the post is here) which prompted some quick changes from Google. In order to start using Buzz, you have to create/modify your Google public profile which will appear next to all of your activity in the Buzz feed. By default, the public profile would display all those you follow. Chances are you’ve followed everyone in your contact list, so you just made your whole contact list public. Now in the new[…]
Recently, Imperva released a study (pdf) of the passwords extracted from the December 2009 RockYou security breach that resulted in the compromise of over 32 million user accounts. This study examined some statistics of the passwords retrieved, including the number and variation of characters use to construct them. The results were pretty bad. Here are the highlights: -30% of users had passwords made up of 6 characters or less. Most brute force attempts are moderately successful against short passwords. -Over 50% of passwords were all lowercase, or all numbers. This is bad because the keyspace is reduced. Even a password that is longer than 6 characters is weakened if it has a small character set distribution. On the surface, these[…]
If you haven’t heard yet, Google has opened up their own public DNS servers. Many people I know would love to use them rather than their ISP’s DNS servers for various reasons – mostly due to lack of availability. I’ve been using OpenDNS’s resolvers for the last year or so now, so this service isn’t exactly new, neither is the free option as OpenDNS has one. So what does Google bring to the table from a security perspective? Google has a great document that they’ve created all about the security of their DNS service. Basically, they’re concerned about the availability (hence the overprovisioning), and the replay, birthday, and Kaminsky attacks. The only thing they might offer above and beyond your[…]