Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security

Video Veteran IT Journalist Worries That Online Privacy May Not Exist (Video) 44

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. And cynicism. Tom is a world-class cynic, no doubt about it. Why? Cover enterprise IT security and other computing topics long enough for big-time industry publications like ITWorld and its IDG brethren, and you too may start to think that no matter what you do, your systems will always have (virtual) welcome mats in front of them, inviting crackers to come in and have a high old time with your data.

Note: Alert readers have probably noticed that we talked with Tom about cloud security back in March. Another good interview, worth seeing (or reading).

Tom Henderson: I like the fact that Apple battles the NSA. I think it's all grandstanding to be honest, don’t you think? It’s so nice that they are able to have at least a PR battle with the NSA, whereas I'm guessing that the NSA is already not only through the backdoor but, well, they have their own entrance. And maybe Apple knows it or maybe they don't.

Robin Miller: But how then, let's assume there's no perfect security protection, business or personal, what can we do business wise or personally -- if anything?

Tom Henderson: We’ll take the consumer side first. Just with some quick recommendations. If you like privacy, separate your life into two different browsers. One of those browsers will be your social media browser. The other browser will be, when you buy stuff or when you do banking. Why? Because the correlations between your online social behavior will be used against you in the buying department, Amazon and Facebook are thick as thieves as an example, and if you want to prove the fact, go to Amazon, shop for a few distinct items, perhaps something out of your normal profile, then see those ads popping up on Facebook, not quite instantly but really soon. It doesn't take long for those guys to correlate what's going on and have a good time trying to sell you stuff, which is where all that ad revenue goes. This is the entire business profit model of Google and Google Analytics.

Robin Miller: It works, it takes less than an hour, and you will be followed everywhere including on Slashdot. I work for ad-supported websites, so I can never advocate using any of the ad blockers. But if I did... sometimes I wouldn't use it because I want to see what kind of ads are being run. I would notice that those ads for something I looked at on Amazon or at Best Buy, Those ads follow me all over the web, from the New York Times to The Washington Post, as it were.

Tom Henderson: In our terms, using the Internet is very heavily funded by ad revenue. Ad blockers block a lot of that revenue automatically. If we all did that, the face of the web would change tomorrow morning. We would have a completely different model based on further cuts in advertizing. But the Direct Marketing Association and all of the organizations make money this way, so we'll never have that, so you’re fighting an enormous block of legislative bribery money – oh I’m sorry; campaign contributions.

Robin Miller: Same thing.

Tom Henderson: Then ensure that unfortunately a lot of this is going to continue to be ad driven.

Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?

Tom Henderson: This is, you know, the credit union trying to use information that you told them about, it will verify that it's you and not somebody else who cracked into your account.

In terms of allowing them to do that, we don't really have a choice. Is it good that some credit unions do this sort of thing? The answer is sure. I prefer credit unions over banks. But that's a personal choice because I believe that credit unions are motivated in a different way than banks are, but that said, using a secondary auth is always a good idea. If you’re a commercial organization, you need to think about using private circuits. That involves using VPNs.

If you use VPNs and the security surrounding them, you can get secondary auth if that's important to you, but you can also vet your users in other ways using access control lists. So there's a way to help keep people from peering in on the conversation. There are ways to be able to ensure the data stored in place is encrypted because you purposefully did it with a key that you know is very difficult to break.

I'm not sure any key is necessarily unbreakable it just takes hardware. Hardware is cheap these days. It's really cheap.

This discussion has been archived. No new comments can be posted.

Veteran IT Journalist Worries That Online Privacy May Not Exist (Video)

Comments Filter:
  • Urg. (Score:5, Informative)

    by khasim ( 1285 ) <brandioch.conner@gmail.com> on Tuesday July 28, 2015 @04:27PM (#50199427)

    Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?

    NO!!! It does NOT!!!

    1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.

    2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.

    3. Find a bank / credit union that uses real two factor authentication.

    • Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.
      • by khasim ( 1285 )

        Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.

        Yep. Even easier if the information ("correct" answers) are available via Google.

        But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.

        Their thinking seems to be:

        1. So, one username / password isn't enough.

        2. A second password should be enough

    • by Aaden42 ( 198257 )

      Ah, there’s nothing like WWIW2FA (We Wish It Was Two Factor Auth) to improve your bank security...

      See this random image we made you choose at sign up? YUP! That’s proves we’re us!!! No chance an MitM could get that!

      And this extra random string you entered after that other random string? That makes it TWICE as secure!!!

      I’m not without simpathy that 2FA balloons support costs from people who lack the mental facalties to understand what 2FA is, much less keep a token with them when they

    • by mlts ( 1038732 )

      Bingo. People are throwing up their hands and surrendering, when in reality, the bad guys tend to use fairly simple means to get their data.

      A few things that help privacy for me:

      1: Visit people, and have face to face conversations. Phones should go off, or in a pocket.

      2: Have 2FA. This right here stops all but targeted attacks where an attacker is spending resources just to nail one certain person. To help with recovery, buy the new iPod Touch and copy your 2FA info onto that as well, so more than one

  • Veteran IT Journalist Worries That Online Privacy May Not Exist

    As if there was any doubt?

    • by jdharm ( 1667825 )
      This. Anyone who doesn't assume their Internet stuff is effectively sitting on the curb waiting for someone to take an interest and pick it up is delusional. Internet security is a utopia - works great on paper, can't exist in the real universe. If there is a door for you then there is a door for anyone who decides they want to walk through. The best you can do is make your door's locks harder to get through than the next guy's so they lose interest in yours. When a bear is chasing me any my buddy I don't h
  • by nimbius ( 983462 ) on Tuesday July 28, 2015 @04:34PM (#50199497) Homepage
    Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. his presence, mannerisms, and outlooks are demographically similar to our core audience and in an effort to increase our brands relateability we have enlisted him to elucidate opinions that are so widely shared amongst our core audience as to become cannon to them all.

    Tom will serve as a vehicle through which our customers and audience (but never our community) grow to engage our brand as its shuffled from buyer to buyer like a box of partially melted candies amongst children in a hot minivan on a summer road trip.
  • by PopeRatzo ( 965947 ) on Tuesday July 28, 2015 @04:36PM (#50199511) Journal

    When I buy Slashdot, first thing I'm going to do is tear out all the videos and put in fish tanks.

    • I wonder if Slashdot would allow a story about how Slashdot users could best fund the purchase of the site themselves...

  • Maybe he ment online acts of piracy as I haven't seen anyone take someone else's ship online lately but the file sharing thing? That's still going strong.

  • What would you do if a site doesn't support https? Is it reasonable to trust a VPN service (not your own box) or is that just passing the buck?

  • There is not, and never has been, any such thing as "online privacy". Those either unwilling to recognize that simple fact, or incapable of doing so, seem to be either businesses selling "online privacy" services or their customers.

    Want a completely secure computer? Never plug it in. Ever.

    Anything else is bells and whistles.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (7) Well, it's an excellent idea, but it would make the compilers too hard to write.

Working...