l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
July 21: Defensive computing: Information security for individuals
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2009 Dec 18 05:52

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Legal Ethics Tech Question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Legal Ethics Tech Question



On Mon, Dec 14, 2009 at 11:49:30PM -0800, Bill Broadley wrote:
> IMO hostbased firewalls offer very little protection, but if they reduce your
> legal liability then by all means do it.  Pretty much any firewall it turned
> off by any of the popular malware if you happen to run it.  So of course the
> key is to not run any evil software.  That means not responding to emails
> claiming to show embarrassing videos of public figures, earthquake victims,
> or pretty much anything that leads to opening a remote file.  So browser
> plugins, local apps, screen savers, cute little utilities, etc.

Worse is when it's phishing attempts:  "Your facebook account has been
locked due to security reasons. Run the attached EXE to re-enable your
account."  (Replace "facebook" with your ISP, your bank, etc.)

The few times I've seen something that looks even remotely legit
("hey, _I_ have a 'sonic.net' account!"), the email is not usually
coming from where it purports to.  (e.g., why is Wells Fargo emailing me
from a host called xyz.random.co.uk?)

I'm also lucky because I use a plaintext email client (Mutt), so I don't
see HTML email; not as live HTML, at least.  (That helps reduce the chance
of 'beacons' being used to determine that I even ever got the email.
e.g., if the HTML of the email includes
<img src="http://hackers.tld/invisible.gif"; width=1 height=1>, they'd know
the instant a user's browser or email client fetched that remote image from
their server.)

It was fun when I received some facebook phishing email... the form and links
in the HTML all went to  http://www.facebook.com.some.other.domain.tld/
I'm smart enough to not fall for that, but what percentage of the general
public would understand the difference between ".com." and ".com/" in
an URL? :(


<snip>
> Do you have to use IE?  My best guess is that they are recommending whole disk
> encryption, I can't think of anything else that could reasonably be called an
> encryption device.

Perhaps it's some kind of wifi-encrypting tent you erect over your laptop. ;)
This might also be useful:

  http://geek-ware.blogspot.com/2008/04/laptop-privacy-sweater.html

(More seriously, you could also get a cover for your screen that tweaks the
optics such that only you (or anyone _directly_ behind you) can see what's
on the screen.  Most ATMs do this.)

-- 
-bill!
Sent from my computer
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.