Posts filed under ‘security’

About Mining Employee Health Data

http://blogs.wsj.com/riskandcompliance/2016/02/18/the-morning-risk-report-harnessing-employee-health-data-is-potential-minefield/

The most frightening thing about this article is what it overlooks, as most people and even companies do.  If data is mined for one thing, it is already transformed into a usable state.  With health data, this data is firmly affixed to a name and other identifying data.  The article includes even an observation about shopping habits; I would like to not only invite you to ponder this but tell you that you’re a bit lacking if you don’t.

Someone will hack the data, and everything is there.  Just hope that your good ol’ company–or its data-mining partner–don’t have your credit card number on record.

However, as far as staying off the radar… The world we’re in means that unless you take measures like shopping with cash (and probably using one of the old cars that doesn’t have a built-in tracer, or hadn’t you ever thought of your GPS unit that way?), foregoing usage of ‘loyalty badges’ or whatever your store calls that little identifying card that gives you a discount, not using a cell phone (which also has the potential to have your location at any given moment recorded for an unknown period of time not less than three years), being very careful using land lines, which are very easy to trace, avoiding usage of the Internet except through VPN and then using the correct means of initiating contact, never getting infected with a virus, avoiding having a ‘tracer’ implanted [extent of usage unknown and at this time apparently not available]–pets get them–and also not having any tattoos of course; birth marks are a very bad thing as are scars, limps or other identifying habits, traces or weaknesses…

You’re loud and clear (on that radar screen, I mean).  I haven’t detailed everything because I haven’t thought about it, and there are some things I won’t tell.  I value freedom in my rapidly declining years.  I don’t need incarceration to add with pain.  Although then again they’d most likely screw up on the anti-seizure medication…

February 18, 2016 at 2:26 pm Leave a comment

The Most Vulnerable Browser

Firefox, for now.

–Glenn

P.S.  Which is why I intended the review of browsers this week.  I haven’t forgotten.  I think I only have 8 installed.  The best was the freeware browser with the notepad…that led on a quick & easy search to the moniker for a hacker.  Incidentally, a recent scan turned up badware.  A trojan.  That was apparently installed courtesy of adware on the site he uses for his blog.  I was truly grateful.  I just hide it well.

April 16, 2009 at 3:34 pm Leave a comment

Work at Home and Similar Schemes

Here is an example of very simple detective work.

This is from About.com: http://workathomemoms.about.com/od/writersandeditors/Writers_and_Editors.htm.

This is a “sponsored ad”–2nd one down when I looked, and I’m not fighting with image placeholders and the like.  http://work-at-home-grants.org/?t202id=3511&t202kw=

And here is the small print (make sure to enlarge it if necessary) : https://glpimi.orderlockbox.com/terms.html.  If you’re using WOT I’ve already marked it as a bad site.

About.com is in general a good site.  No one is perfect.  And absolutely no one can review all potential ads.

–Glenn

[links have been disabled on this; it’s a cut-and-paste sort of thing]

April 16, 2009 at 2:53 pm Leave a comment

PC Hell

PC Hell is the name  of a website maintained by a local computer professional that can be of help in, well…PC Hell.

–Glenn

Full Disclosure:  I live about 60 miles away.  Don’t know him.

April 9, 2009 at 1:11 pm Leave a comment

Asians and Embarassment

I’d say the West is slow to learn.  Honor is probably lost completely in the modern world, due the role of the “barbarian”–and the icon goes back to the much-touted (and multiple, actually) Fall of Rome.  Stories like this about failure (of the satellite launch) reek of embarassment.  Loss of face is still a big thing there; it’s sort of a cultural imprint.  The white man is used to being an ass, I guess (speaking as one of them); our anger is generally short-lived.  When it isn’t, our doctors term it psychotic and our legal systems term it an imprisonable offence (along, apparently, with epilepsy).  If someone who can’t stand being embarassed is in the same class you are, and has the potential to be a real pain in the ass, and really doesn’t much like you in the first place–you don’t go out of your way to embarass him and not expect trouble.

Then again, what do you expect?  These guys are all out for the column inch, from reporters to supposed scientists.  Pardon me, their fifteen minutes in the golden sun of television half-life.

–Glenn

P.S.  Full disclosure:  I lived in Japan for two years as a child and for about three years as an adult my home port was there.  I had contact with actual Japanese outside the envelope of governmental dealings.  The average American has no understanding at all of how to deal with the average Asian, and consistently does things that could easily be construed as deliberate offences–constantly.

April 6, 2009 at 4:26 pm Leave a comment

Password Manager Freeware (A Continuing Saga…Search…Whatever)

Next we come to Password Safe, which is by a professional cryptographer and presumably a programmer.  [Note that I just got it installed on the third try.  I used ‘pwsafe-3.16.msi’.  That’s the Windows Installer version, and it’s without the newest support for the USB stick.  Now I’m about to try it a bit.  SOURCEFORGE.NET is utterly safe, in my experience, dating at least from the days when I had just gotten up to a 56K modem and its blazing speed.  I’ve just tried out Password Safe on one password, and its ease of use is better than “Oubliette”–which is bad.  Unfortunately.  However, I give both of them a 5 out of 5.

Via that, I’m going to take another detour and say that Carol’s Vault looks very good.  I haven’t had a chance to check out anything except Password Safe–but I actually know some of the software recommended there.  For instance, she links to Audacity on SourceForge.Net.  That program was originally recommended to me by a professional musician.  It’s not quadrophonic, so it’s freeware, according to him.  It–Audacity, I mean–was complicated enough that I wasn’t going to use it for my only possible purpose, editing noise off records I was recording, so it went with an earlier computer.  The point of mentioning that is readers of this…have found Carol…who seems a good source for programs.

And then we come to PasswordSafe.  You say something like, “You just said that,” and I reply something like, “Yeah, but it’s a different program and a different location on the net.”  This has the capability to have a number of “safes”, and each time one is opened the former is closed.  So this is at least possibly something that could be used with a network and an IT department, although I’d have to admit that I’m skeptical of freeware and such situations.  (As to cloud computing, I think that has something to do with Valentine’s day.)  I do like what I see of the control panel.  I’m also dubious that I would ever try each and every one of these.  So here comes the research part (at 3.02 am).  Fifteen minutes later, I’ve looked for definite comments one way or the other and found none, and the kaspersky online scanner found no virus.  This is a German site, and I have the feeling that these guys at least were the “player” kind of hackers.  I don’t know if they exist any more, but there were people who just couldn’t resist the temptation to mess with the machines.  Or so I understand.  With the size of this it’s ideal for…various things.  This is a tiny program.

Now we have Any Password, with its own handy interface and password generation algorithm.  It is, again, the most secure in the world.  I’m sorry; I shouldn’t have said that.  Anything that involves a pattern comprised of commonly available objects can be repeated.  The reason that phishing is used so much more than password-breaking is that it’s easier and we–people, that is–are gullible by nature.  This is freeware for individuals and philanthropic organizations.

Password Dragon has a lot of neat-looking features and I definitely wouldn’t recommend it.  Why?  First of all, it’s Java-based.  ” Ability to view records from the command line without launching GUI.”  The reason that the feature list brags about its ability to run under a firewall is to assure the user that all their sensitive information isn’t being transmitted to the aliens in the 300-foot machines.  Unfortunately, Java programs are easily corrupted.  However, Roman Lab is an interesting site and I w0uldn’t discount all their software.  Face it, I’m just prejudiced against Java, Active-X and the rest of it.

I haven’t mentioned RoboForm for a simple reason.  It’s actually shareware.  As a paid program, I hear it’s excellent.  After the trial period, max of 10 signons and passwords.

And at nearly 4 a.m. I’m going back to bed to see if I can sleep again.  The reason for the totally unreasonable hours is pain.  Often I’ll stay up until I have to lie down, lie down for a couple of hours and get back up, and end up keeping that up until I’m exhausted enough to actually sleep for a while.  The Ehlers-Danlos Syndrome bit isn’t fun.  [I made a rather long entry about that and the VA and deleted it.  Even I don’t care.]

The next intended entry is KeePass Password Safe.  Gee.  Lots of Password Safes.

–Glenn

April 2, 2009 at 5:57 am Leave a comment

The New, Secure Web

I don’t know if I’ve even mentioned this before.  Theoretically, with the most modern browsers (properly patched) a truly secure site is shown by a green shading in the address bar.  There was a statement late last year that this was a false sense of security.  Now it’s been publically demonstrated.  That’s just an article about it, with links that provide some details.  The real point here is simple and single.

There ain’t no such thing.  The Web is by nature insecure.  Ideally, any computer used for actual work like writing would be insulated from the Web.  That means that you’re not going to conference, or that you’re somehow going to absolutely ensure that no one with whom you conference has access to the Web via that machine–or via another machine to which it’s connected–whether it should be connected or not.

Just an appropriate observation.  I also wonder what’s going to happen in terms of DDoS on April 1st, whether that’s an intended side-effect of a botnet receiving orders or not.  But I believe in my protectors.  The government, or somebody.

–Glenn

March 30, 2009 at 6:16 pm Leave a comment