26 Comments
Inline Feedbacks
View all comments
KAM
KAM
13 years ago

@Jack,

Follow up on the Education topic. At the end you mentioned that kids are being taught to regurgitate information. True, but (to get a bit political for a moment) I think in many cases it is worse than that. They are trained to MINDLESSLY regurgitate CERTAIN information. For example, Global warming (stopping there to avoid can-of-worm-itis.

Teaching kids to learn on their own is the LAST thing that certain people want–that makes them much harder to control/sell to/manipulate/vote-buy/etc.

It’s a real shame.

Jasper
Jasper
13 years ago

Some additional security tips from a prepping nerd….

– If your not a gamer, and just use your computer for surfing the web, checking mail, or doing something with video or pictures……. have a look at Linux (for example Ubuntu). Most hackers target Windows and Mac OS right now and leave Linux alone most of the time. Linux is inherently more secure anyway.

– Always have multiple backups of your important data. Keep one backup nearby, stash the other one away from your home, in case it burns down :-).

– You can plug-in memory sticks or cards you found, but use a dedicated machine for that. Don’t throw out your old PC, but reformat it, don’t hook it up to the network, and your ready to go.

– To make a secure password that you can remember, pick a word or something else you can remember and add some padding to the start and/or end of the password. For example …..::::://///peanut\\\\\:::::…..” is increadibly safe and easy to remember.

– Don’t surf to any website with privacy sensitive information when your on a public WiFi connection, unless you can access that information via HTTPS

If your interested in computer security, also check out the ‘Security Now’ podcast of the Twit network over at http://www.twit.tv/sn, great podcast as well!

Marc
13 years ago

Great interview. Awesome tips for the everyday person on being extra careful when dealing with the internet. We should all be more protective of our info. Security is only as good as your personal practices.

bluprint
bluprint
13 years ago

Biggest threat: “Providing too much information”

I would expand on that and say that people need to reset their own “normalcy” bias. It’s not normal for companies to ask for tons of info so you can buy something. In general when someone asks you something, you should pause before answering and mentally require justification for the question or request.

Passwords:
I’ll contradict Rick on this point. What makes more sense (mathematically) than having special characters, numbers, etc is a long passphrase that is easy to remember. Its a lot harder to crack mathematically and makes more sense in that its easier to remember. This is a common mistake in the IS industry, imo. A lot of systems may have limitations on pw lengths so that’s a consideration also…

bluprint
bluprint
13 years ago
Reply to  bluprint

I meant to say “contradict Jim….” not sure why I typed Rick…must’ve had something going on when I wrote that.

Ross Radford
13 years ago

There’s a saying I like to use all the time.

“Locks only keep honest people honest.”
meaning, if someone wants something badly enough, they will get it eventually regardless of how expensive and fancy the lock is. The definition of “lock” can be used loosely, i.e., passwords, but the point of the sentence stays the same.

Jasper
Jasper
13 years ago

Well….. if your password is really good, and you’ve got your stuff encrypted with it, and of course be aware of any malware that might be sniffing your keyboard when you type in the password, you’re able to create a pretty darn good lock. Remember that with each single character you add to your password you double the time the attacher needs to brute-force your password. More and more cases keep popping up where law enforcement can’t access data from confiscated computers because it has been encrypted.

For those who don’t know yet: A great (free) piece of software to encrypt your files easily is TrueCrypt.

Nadja*isk*en*isk*ie
Nadja*isk*en*isk*ie
13 years ago

Live CD + no hard drive = malicious mobile code cries.

Kinda off topic: I had my computer searched when I entered the USA a few years ago. The wanted me to turn it on so that they could browse my hard drive (Was funny, there being no hard drive installed, just ram). All that there was on the screen was a blinking cursor – the officer looked at the screen, pushed the enter button a couple of times, then gave me back the computer. Geez.

Rick
Rick
13 years ago

Jack – great show as it touches on an area of most people’s lives that is vulnerable to attack. One important thing people can do is have multiple browsers on their computer, whether they are Firefox, Safari, or Chrome (which I use). The main reason for multiple browsers is to allow you to access the internet if your normal browser is compromised. This happened to my wife a few months ago, and I was able to use Safari to download the fix for the malware and get her IE working again.

Joe from the Bay Area
Joe from the Bay Area
13 years ago

I know I am going to be the grumpy guy, but I can’t help it. The guest was not an expert– he didn’t know what he was talking about.

Fortunately, the advice was targeted at non-technical users, and was for the most part sound. However, as someone who actually knows this stuff it was obvious the guy was was dangerously ignorant. He would be an immediate no-hire if this had been an interview.

The only correction to the advice I would make is that the advice On passwords was horrible. Most of the other advice was good for non-technical users even if it did bug me as a security guy. (I have spent the last 10 years doing security and incident response for Microsoft and a couple of three-letter agencies.)

Scott
Scott
13 years ago

Your comment isn’t helpful unless you say why the advice is bad and can offer an alternative. I work in IT with a variety of skill levels and don’t see any of this as bad. If he didn’t know what he was talking about, how come you only had one correction? All this being said, tis is basic info. It is what most people need. If you get to technical, you lose them and they do nothing. Your level of knowledge may be higher, but you can’t communicate effectively to transmit anything of value.

Lew
Lew
13 years ago

Very Insightful stuff. You want to be a hard target. Don’t make it easy for them to get your information. I am not sure of where to go to keep up with the trends of what criminals are doing.

Also i want to take the work Hacker back. I think a Hacker is a guy who does things a different way. Hacking code together getting things to work. A thinker, a innovator. Taking an old computer apart and taking components to reuse them in a new way is a hacker. Writing code that does something good for them is a hacker. I watched a documentary called “hackers are people too” 43 minutes watch for free on Youtube. Or Google it. I can post a link if need be. Writing code or a DIY project and sharing on the internet is hacking at it’s best.

A hacker becomes a criminal when the start breaking the law to hurt people and take advantage of others. When a person uses their hacker skills to hurt others and break laws this is now just a criminal.

Lew
Lew
13 years ago
Reply to  Lew

@Jack, we do need to take back words and not let media put a negative light. I would like to learn more about SEO(Search engine optimization). Your 5 minutes with Jack Podcast was a good intro to SEO. It is silly that you would become an outcast for doing your job in a better way. “come on let me show you a better way”. Maybe we all need a little more humility. Humility is good thing to have.

I am not sure how we can shed light on subjects without sounding like a jerk.(you don’t want to be the “know it all”). I think TSP is doing a great job for putting a positive light on Survival. Doing TV shows that will be about “how crazy survivalist are” but i think it will do some good to get people thinking. I think some people will never accept survival as a live style and the TV show will only strengthen there thinking. A better way is growing a garden. Some people just do not think logical. Story: I told someone about copy canning and they said “will that would cost a lot.”

Nadja*isk*en*isk*ie
Nadja*isk*en*isk*ie
13 years ago

The best hackers are the Amish. Trust me – Google: “Amish Hacker” (I mean, what’s not to like about “Amish Electricity” or pneumatic power.

Curt
Curt
13 years ago

@Joe from the bay area,

You are grumpy. Jack tries to keep a positive spin on his show. An ad hominem attack on a show guest is neither positive nor helpful in any way. Jack is no dummy and wouldn’t have someone on the show that didn’t know their stuff. As a Chief Information Officer for over 20 years, I believe that Jack and the guest tailored the show content for the intended audience not three-letter agencies.

If you truly have the vast experience and knowledge that you claim, we would all be better off if you shared some of it. If you do not want to share, then please listen to my wise Mother’s advice, “If you don’t have something nice or constructive to say, keep it to yourself.”

Sean Kibler
13 years ago

@Joe from the Bay Area Doing security work for Microsoft is not something to brag about pal.

bluprint
bluprint
13 years ago
Reply to  Sean Kibler

I’m a CISSP as well. I’ve done IDS/IPS, intrustion detection and analysis at one of the more complex data outsourcing companies in the world. Jack should be able to figure it out if he knows my location. I doubt MS’s network has shit on what I’ve done.

I thought Jim’s advice was reasonable for the audience. I think his password advice is outdated. The idea of having special characters is, frankly, one of those that has taken on a life of its own in the IS industry. If you can, a long pass phrase is mo’ better, period. Some systems won’t support long passwords. In those cases, special characters, upper/lowers/numbers, etc is second best.

Joe was being a dick.

Mark
Mark
13 years ago

Computer security is about layers, but that being said usability is first, security second, otherwise its just a pain in the arse.

I’d never install McAfee or Norton as their nearly as bad as a virus, reporting data back to their companies, slowing down your PC and making it hard to remove every last bit of them if you want to remove them. Kaspersky is a solid AV and does not seem to slow down a computer much.

Easy steps to securing yourself.
1. Install an antivirus and firewall package.
2.Update your software.
3. Use a router/AP and switch WPA2 on.
4. Don’t give out personal data, unless its a trusted source.

If someone is going to get your details, it is more likely going to be from compromising a website/online shop you use. People go for big targets with lots of information, the only time people go after one person is if you have happened to piss them off.

When your PC get compromised it is not targeted at you, it is targeted at anyone that has gone to a given site. Everyone that gets infected are the people that don’t update and don’t run an antivirus/firewall and don’t update, although 0days are posable.

If you have a memory stick, use truecrypt its free.

http://exoticliability.libsyn.com/ is the only podcast I know on computer security that tell it how it is.

atstriker
atstriker
13 years ago

I wanted to expound on what Jasper touched on with TrueCrypt (+1 to Jasper for mentioning it first!)

I use this encryption tool to make encrypted containers to store my information on any of my drives, or usb flash drives. This is a fairly normal concept. EXCEPT TrueCrypt also lets you name these files whatever you want, like JoesAdic.jpg, and it also lets you choose a “keyfile” (ANY other file that you specify) if you want to add a layer of security to your password setup. In other words, the perp would have to find your TrueCrypt container, know your password, AND know / have access to your keyfile!

Also, another tool that TrueCrypt has is that it let’s you encrypt YOUR ENTIRE HARD DRIVE! When you log in, you enter a password (just after the “black screen” portion (bios) of the boot up cycle) to decrypt the hard drive for use. You can even edit the password prompt to say something like “no OS found” so the person logging into your computer thinks it’s broken!

Adding these layers of encryption to your data can protect you from computer theft, as well as data theft. If your hard drive is encrypted AND your critical data is in an encrypted container, then you’re safe from both offline, and online attacks. (for the most part.) You may even have “plausible deniability” for when you need to cross the boarder back into the US:
http://www.truecrypt.org/docs/?s=plausible-deniability
http://www.cba.org/cba/practicelink/tayp/laptopborder.aspx

*Note: these are the thoughts of a computer super genius, and as such are above reproach from mere mortals, muwahaha!!!

No really, I do work in IT, so I have a little knowledge about that stuff…

229Mick
229Mick
13 years ago

Listened to this today, and had to note that one afternoon I was sitting in a Starbucks waiting for someone and in the 15 minutes I was there, I listened to someone talking (face to face) to their accountant or lawyer or something like that, and they had to call a bank for them, and I got their account number, their address, their mother’s maiden name, and a bunch of other incidental stuff. And that was all not trying, and needless to say, no criminal intent.

TykeClone
TykeClone
13 years ago

Agree on truecrypt – it’s good software.

I disagree about “free software being worth what you pay for it” and the recommendation that you run on of the big boy’s antivirus software.

Microsoft (!) has a product called security essentials that is free, keeps itself up to date, and (like norton and mcaffee) is able to keep the nasties off of a machine. http://www.microsoft.com/en-us/security_essentials/default.aspx

I’d also highly recommend MalwareBytes as a way to recover from an infesta

Clinton
Clinton
13 years ago

Jack,
As I listened to your show on computer and identity security last night, I realized I got suckered… I gave out info I shouldn’t have. I quickly called the bank, who these guys were supposedly representing, and confirmed that it was a fraud. I put an alert in with the bank… Then I signed up for lifelock because I didn’t know what else to do. I also called the 3 credit agencies to report the fraud (Equifax, Experian and Transunion).

The one thing your show didn’t cover that I’d sure appreciate right now is this: What do you do once you realize you’ve been had? I’ve done everything I can think of…

Any other recommendations would be appreciated…

Feeling like a doofus,
Clinton

Nathan
Nathan
13 years ago

@Mark
I would be a little more concerned about kaspersky products. Though they may not be as much of a cpu hog, they have some issues. How many times has that company been hacked? Also if you look at their wider “internet security” products, you will find they make your firewall weaker than the built in windows default firewall, especially when you are on public or company networks. (http://myitpath.blogspot.com/2010/10/personal-firewalls.html)

As a few extra tips for everyone

1) when you are setting up accounts on any service’s website and they ask you password reset questions, Lie. Don’t end up like Sarah Palin.

2) Never use the same password for your primary email account as you use anywhere else. Most services ask you for the address, so if that site is compromised, or your email is compromised…everything can be compromised.

3) Find the unnecessary services that run on your machine and shut them down. This gets a bit more technical, but will increase the performance of your system and greatly reduce your attack surface. If you machine is for personal use only, a lot of services that run by default won’t be relevant for you (such as netlogon, remote registry, computer browser, server, etc). You can google “disabling windows services for personal computers” to get examples per windows OS. For linux machines, some installations set you up with a lot of server services by default like email servers, web servers, etc. Shut down anything extra that you don’t need.