Recycle Safely

Posted in: Security, blog by Jack on 30 December 2009

Image via Wikipedia

Did Santa bring you a new fax machine or computer for Christmas? Are you planning on recycling or donating your old machine?

Here are a couple of security-related issues for your consideration.

Fax machines that use a film, as opposed to an ink or toner cartridge, retain an image of every fax the machine has reproduced. Think of the film as a long roll of carbon paper (those of you, like me, old enough to remember carbon paper). A perfectly readable image of every received fax is preserved on that roll of film. A discarded fax film is a goldmine for identity thieves.

We strongly recommend you destroy the used fax film. However, we have not yet identified the most effective way to do that. I’m not sure that feeding it through a paper shredder would work; in fact it may jam the cutting teeth of the shredder. Burning it is probably not an option, at least in the incorporated parts of San Diego. If your business uses the services of a document destruction company, I would suggest adding your fax roll to the bags of documents awaiting destruction. If that is not an option, perhaps soaking the roll of film in a can of gasoline or bleach will make it unreadable.

If anyone can offer a better or more practical solution, please let us all know in the comments.

It is perhaps more obvious that if you plan on recycling your old computer, you should first remove and then destroy the hard drive, unless you plan on using that drive again in your new computer or as an external drive (cases for this can be purchased from retailers like geeks.com for less than $20).

What may not be as obvious is that simply deleting the content on your hard drive isn’t sufficient. It’s not all that hard to reconstruct deleted data from a hard drive.

This is because when you delete something, you aren’t actually erasing that content. You’re merely erasing the marker that tells the operating system where to find that data on the disk. It’s as if you removed all the house numbers from a block of houses. The houses are still there but an individual house would now be hard to find if all you had to go on was the address. Forensic software can even recover data that has been over-written. There are software companies that sell applications that promise to delete your data “to military specifications”. Sounds pretty good, but the military doesn’t have a single set of specifications for data destruction.

• Clearing: Eradicating data to the extent that information cannot be retrieved through normal operation but may be salvaged in a laboratory.

•Sanitizing/purging: Removing data to a degree that it is beyond the reach of all ordinary and most laboratory recovery methods. This includes degaussing, which employs a special coil tool to demagnetize a drive’s magnetic media, scrambling all contents in the disk.

•Destroying: Disintegrate, incinerate, pulverize, shred, or melt.

Software and/or hardware can perform either of the first two types of deletion, but why spend $30 or more when you can perform that last type of data destruction yourself? All you need is a hammer. The other advantage to this technique is that it’s a great stress reliever. Remove the hard drive from the computer, place it on concrete or some other resistant material and smash the case as much as you can. Your goal is to break the disks inside the case. That should make the drive completely unreadable by even the most advanced forensic software. Then the drive should be safe to recycle with other electronics.

One last suggestion for protecting your information as 2010 rolls around: I know several people who celebrate New Years by shredding all their old paperwork, receipts, bills and correspondence. They keep 3-5 years of archived paperwork and everything older gets shredded. But even shredded paper can be reconstructed by someone determined to do so. If you throw shredded documents out in the trash, consider pouring some liquid into the bag with it to cause the ink to run and make each strip harder to read, or use that bag for used kitty litter. Put the trash out just before pickup to deny someone the chance to get access to it. In most states, once you put your trash can on the curb you no longer have property rights over it. Anyone can go through your trash looking for personal data that will let them borrow your identity.

Related articles by Zemanta

• Grab Your Old Statements, We’re Going To The Shred-A-Thon! [Identity Theft] (consumerist.com)
• PostNet partners with Shred-it to provide industry-leading document destruction business solutions (newswire.ca)

Keep it clean…and be safe

Posted in: Tips & Tricks, blog by Jack on 23 September 2009

Did you realize that failing to keep your electronics clean could actually impact your security?

Back in the ’70s I was fortunate enough to work in both law enforcement and national intelligence. Both taught me that often the most useful intelligence or evidence comes from the most mundane sources. This was in an era when electronic door locks were the height of technology. We would frequently amuse ourselves by guessing the passcode of a door based solely on the wear pattern of the keys.

People tend to be unaware of just how often they type their password (and too many people only have one password for all their online activities) every day. On light-colored keyboards, the keys used most often become more soiled and more worn than other keys. On dark-colored keyboards, the most used keys become shiny. By looking for the most worn, dirty and shiny keys on a keyboard, I can get a reasonable idea of which keys you use to type your password. This method isn’t foolproof nor does it guarantee I would be able to guess a complex password based on which keys were used the most, but it does provide a means of making it easier for me to reconstruct your password.

Users of the iPhone and iPod touch that password protect their devices have a similar problem. The face of the device retains finger impressions clearly visible on the glass. We know that iPhone passwords are 4 characters long, and by seeing where the fingerprints on the glass face line up with the “enter password” screen, we can pretty easily determine which 4 characters are being used. All we have to do then is try various combinations until we get the right one.

I’m not sure that cleanliness is next to godliness, but I can say that electronic cleanliness is a good security practice. Clean off your keyboards with a paper towel slightly dampened with alcohol every day. Wipe off the face of your iPhone or iPod with a lint-free or microfibre cloth daily.

Don’t let dirt compromise your security.

Related articles by Zemanta

• The art of creating strong passwords (macworld.com)
• Top password tips (macworld.com)
• 4 Unique Tools To Generate Strong Passwords (techie-buzz.com)

Malware alert: Gumblar

Posted in: Security, blog by Jack on 4 June 2009

More than 1,500 Web Sites have been Attacked.
Severity: High Risk

What is it?
Gumblar is currently targeting users of IE and Google search, delivering malware through compromised sites that infect a user’s PC and subsequently intercepts traffic between the user and the visited sites. This means that once infected, anything the victim types could be monitored and used to commit identity theft, such as stealing credit card numbers, passwords or other sensitive data. Visitors encountering the compromised website also risk having their subsequent search results replaced with links that point to other malicious websites. The malware can also steal FTP credentials from the victim’s computer and use them to infect more sites, thus increasing the spread of this threat.

Who is at risk?
Users of Internet Explorer and Google’s search engine.

Prevention
Make sure you anti-virus definitions are up-to-date and practice caution when sharing your personal information online. Make sure you only do so on secure sites (https://)

(information courtesy of Zone Alarm via Gmail)

Related articles by Zemanta

• Managing your Passwords: Protection from Phishing / Identity Theft (chris.pirillo.com)
• Google serves up the Top 10 sites to avoid at all costs (thenextweb.com)

Antispyware 2008

Posted in: blog by Jack on 3 April 2009

Related articles by Zemanta

• Computer Experts Brace for Conficker Worm (wired.com)
• More on Anti-Spyware from My Favorite Technical Guru (1-2-3getorganized.blogspot.com)
• Geek Savings on WinPatrol (chris.pirillo.com)
• 9 Tips to Keep Spyware Off Your Computer | Ian’s Messy Desk (ismckenzie.com)