Security, privacy and common sense

A lighter topic for hot summer days (perhaps not necessarily lighter, but surely hot). Recently I was  getting many e-mails from friends, all with accounts in yahoo. Emails looked pretty much the same - "hey, look what I found interesting" and a link to the website. If the text is in English and your correspondent uses Polish, it is easy to immediately be suspicious, but it is not always the case. The link can lead to a page that infects your computer, it may even try to steal your passwords. This phenomenon has already its name  - Spear Phishing.

I also have friends who fall into the other extreme and avoid any online presence – do not join online  communities, do not respond to e-mails (or even do not use the computer, which is a conservative extremism). They throw out the baby with the bath water - the presence in the net has its genuine advantages, as can be seen particularly when you are far away from the people close to you.

Sometimes I have to deal with someone else's computer completely overrun by viruses. Usually the computer runs very slowly, and any attempts to connect to the website redirect to another page (probably even more infected). In this case, the best solution is to copy the valuable materials (and then pass them through a good antivirus program) and completely reformat the hard drive.

It happens often that my mail is rejected by the recipient's server (usually with a lame excuse). This problem is a little complicated – it is seen only by the sender (recipient usually responds "I always get my emails" ...) and it can be fixed only by the recipient.

How to deal with all this? There's no great magic, just common sense. Here are some observations from my own experience:

Passwords

Notesik do zapisywania haseł

Notepad for passwords

While the use of passwords has its faults, there is still nothing better. With the vast number of sites, shops, banks we have too many logins and passwords. Password can not be too simple, because it can be broken with little effort. There are Internet sites with long lists of cracked passwords. The dictionary attack cracks passwords consisting of one word (and now the dictionaries are in many languages) and the alternative is to give a hacker access to your friends list and to the whole collection of letters (including those very private).

  • To deter cracking, you can make a password with two unrelated dictionaries, decorate it numbers and punctuation marks. Inserting a capital letter also helps.
  • Never use the same password in two places. It is tempting - and can cause total takeover by the hacker of all your data in different sites.
    Do not write down passwords down in an electronic form - not on the disk, not online. Once the burglar gets into one place he has instant access to all others. It is recommended to use a 'out-of-band' technique and store passwords in a small notebook, on paper. There are many passwords, memory is fallible and the paper is patient.

Email

If someone has hacked into your account and sends viruses to your friends, you should: a) Immediately change your password and b) Close the account. This second stage can be painful - you got used to your email address, you need to notify everybody, what a bother ;-(. Some do it only after the second attack. But the burglar had access to everything - your contact list, all mail, passwords sent in clear, etc. He can still make damage by pretending to be you and send more emails.

Similar response, although with less urgency, is recommended in the case of service that blocks incoming emails. Complaints sometimes help, but many services completely ignore them. Here I always suggest an alternative email address, especially if th the main one is a business account. Gmail is a viablel alternative - it has a very good (and constantly improving) security. The local service provider can also be a good option for an alternate email address. You can then redirect your mail (to this service which is easier to use), and get your correspondents acquainted with another address. If one goes down, is infected or blocking mail,  the other is ready.

Antyvirus

Although it appears obvious, let me repeat: you should always have an updated antivirus software! There are plenty of free ones in addition to those those paid by subscription. Each antivirus is better than none or one not updated. A virus that infects your computer can steal all your passwords (which is why I recommend writing them on paper), turn it into a 'zombie' which by remote command from China or Russia will start sending bulk packages blocking a bank or a government computer in Estonia (DOS attack), slow down your computer to complete uselessness, erase the hard drive and do a lot of other damage.

Privacy and bread crumbs

We have to accept the fact that in order to operate on the net, we have to say goodbye to full anonymity. Besides, who really wants to be anonymous. All services, shops, banks, portals gather information about us. Social networks such as Facebook lead in collecting our private data. Google also collects information about you - very often it makes your life easier, but can be sometimes disconcerting. Every time you use the Internet you leave behind bread crumbs. However, the amount and quality of information you part with can be easily controlled. If you are upset that the ads are too accurate read on:

  • You can use more than one browser. Some searches or visits can be done in one and some in another. It messes up the data collecting algorithms.
  • Use private browsing mode in the browser (for example, in Firefox: File / New Private Window, in Chrome: Ctrl + Shift + N New Incognito Window). Especially if you watch the things you should not :-))
  • From time to time, look for things completely outlandish. It will also mislead the algorithms serving you advertising.
  • In social networks it is useful to publish basic information about yourself. First name, last name, city, university, also a picture. It helps others recognize you, distinguish you from the others, helps find you in the crowd, establish contact. Other information should be given in private, closed circles. There are also services such as LinkedIn, geared to provide information about business or profession – here giving data about you skills may help you find a job.

Encryption

While it is not used on a daily basis, encryption is invaluable for the transmission of confidential information - passwords, financial information, corporate secrets. PGP software  (Pretty Good Privacy) created by Phil Zimmerman is one of the most widely used cryptographic methods for email. Open Software alternetive called GPG is widely available. Such encryption is virtually unbreakable and does not require the transfer of private key (you annunce only the public key, with which one can encode but not decode the message). Similar techniques are also used to provide authentication of the sender. I do not recommend this on a daily basis, but if someone is concerned with tapping his messages, has reason to suspect someone of reading private mail, etc., it is a ready-made solution that installs in 10 minutes.

Computer and tea

The computer must be kept in order, not too many programs (especially memory resident), remove all foreign browser toolbars, update the software. Even so, the computer stops from time to time, cannot connect to the network, does not do what we want. In such cases, I suggest a universal solution using tea (alternatively coffee) 1) Turn off your computer (using the "start" on a PC with Windows up to version 7, or pressing the power button for 8 seconds or more, if the first solution does not work). 2) brew the tea or cofee. 3 Turn on the computer again – in 90% of cases the computer will work again.

Marek Zielinski, July 14, 2013

PARTNERZY
Ministerstwo Kultury
Biblioteka Narodowa
Naczelna Dyrekcja Archiwów Państwowych
Konsulat RP w NY
Fundacja na rzecz Dziedzictwa Narodowego
PSFCU
NYC Department of Cultural Affairs