How To Give Away Your Personal Information

Identity Theft and Your Personal Information
--------------------------------------------
Identity theft is apparently the "in thing" these days. By media accounts, hackers and evildoers lurk everywhere trying to steal your personal information. In the past few months, one company after another is being forced to admit customer data has been lost or stolen.

In many cases, they have then come forth repeatedly over the next few weeks, or even months revising the estimated number of impacted customers. To date, I don't think any have ever lowered those numbers.

Identity Theft and Respected Companies
--------------------------------------
Generally speaking, these aren't fly-by-night organizations. These are respected companies who we've come to trust. In many instances, the loss wasn't even the work of a "malicious hacker" or other mystical force beyond their control; it was simple carelessness. The frequency of such reports of identity theft is making it difficult for consumers to feel confident in those with whom we do business. Customers are outraged that companies are not doing more to protect their information from the forces of evil.

You and Your Personal Information
---------------------------------
What about you? How are you at keeping you personal information under wraps? Some of these high profile incidents were the result of a trivial mistake that could have happened to anyone, including you.

Let's consider two events that didn't make the front page of C|Net or CNN.

The Keys To The Castle
----------------------
I consult for a client who doesn't trust me. It's nothing personal, they don't trust anyone. Whenever I visit this site, I am forced to contact the client throughout the visit to have them type a credential, or password, to grant access to a server or router. It's really annoying.

I really respect this client.

They don't really know me; I'm "the consultant". They're taking the proper steps when dealing with a consultant, providing the absolute minimum amount of information required. They would never give me unsupervised access to the network, and certainly wouldn't consider giving me passwords to their servers or routers. Not on purpose anyway.

Then there was the day I was working alongside the client and needed to reconfigure a router to complete a task. It's a long walk to the client's office to get the password for that particular router. Yes, this is a client who apparently has a unique password for every piece of equipment they own. Conveniently the client does keep a password protected file on a USB key that contained the needed information. The client was completely appropriate and even asked permission before using my laptop to fetch the file. I consented, and even made the gesture of turning away while he unlocked the file and retrieved the required password.

Have you ever used Google Desktop Search? It's a very cool, and aptly named, program that is a Google for your PC. It will index your files and make them searchable through a fast, flexible, and easy to use interface. It'll even cache the contents of files so if you move it off your hard drive, you'll still be able to see the contents of what was once there. Normally it does all this in the background when you computer is sitting idle. It also does it anytime you open a file.

Your Personal Information Is The Prize
--------------------------------------
You guessed it. Logins, passwords, public and private IP addresses. You name it, I had it. The client who would never give me a single password had turned over all of them at once.

What kind of wondrous data was now available? Personnel records, salary data, trade secrets? Maybe, if this was a corporate client. What about an academic, a University even? Student records, financial aid forms, and grant information. The possibilities were endless.

I promptly deleted the cache. The customer didn't want me to have the information, nor did I.

Would You Hand Your Credit Card To A Stranger?
----------------------------------------------
The previous example showed how simple it is to inadvertently reveal a large amount of data. It's funny how easily a person can dismiss this type of loss. After all, it's not your data, right?

So let's get a bit more personal.

Convenience And Computer Security Are Rarely Compatible
-------------------------------------------------------
I have a good trust relationship with my next client. She is quite comfortable with me administering and securing the corporate network. When it comes to her personal credit card information however, well, not so much.

Pretty much every web browser available these days has quite a few convenience features designed to make your day to day "net experience simpler". One of these convenience features came into play in this example, specifically the Firefox browser's auto-completion feature.

Not too long ago, I was tasked by this client to make arrangements for transfer of an internet domain to their ownership. Not a difficult task, she could have handled it herself. She was quite a capable computer user; she just didn't want to be bothered with the process.

I set aside 20 minutes to go through her domain registrar's step-by-step transfer wizard. I summoned the client to explain the details of the transfer displayed on my laptop screen. Facing the payment options screen the client asked if she could proceed. I relinquished control of my laptop and she entered the credit card information required to complete the transaction.

Web Browsers Cache Your Personal Information
--------------------------------------------
Most modern web browsers, for convenience, will cache information entered into web forms. The intent is to be able to recall this information if it's requested by another form. The following day, I was in the process of registering another domain with the same registrar and was surprised, for half a second, when the payment screen pre-populated using the same information used the day before. In addition to the credit card information I also had my client's personal home address, and telephone number. This was quite a bit of personal information the client never had any intention of giving me.

So What's Your Point?
---------------------
These two examples are very different but do share two important attributes. First, data the client intended to keep private was revealed to me. Second, the reason for the "compromise" of the data was due to the "victim" working with said data on a computer they neither owned nor were familiar with. Under different circumstances, the end results could have been quite devastating.

Conclusion
----------
When using a computer system you do not own, perhaps at a kiosk, or Internet Café, be aware that the computer itself is going to remember a lot of what you've done as part of basic functionality. Additionally, most entities that are going to provide you with access to a computer, including your employer, probably have systems in place that could collect additional data you don't desire to share. Even WiFi hotspots that allow you to use your own notebook or PDA to surf the web while sipping coffee can be a potential information collector.

The moral of the story is, when dealing with computer systems that aren't your own, never handle data or documents that you wouldn't want left behind unprotected. In all odds, once you walk away from that computer, you've done just that.

About The Author
----------------
Erich currently specializes in providing network and security solutions for small to medium businesses that frequently have to resolve the conflict of need versus budget. His commitment to precision and excellence is eclipsed only by his fascination with gadgets, particularly ones that are shiny, or that blink, or that beep. Erich is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Erich you can e-mail him at erich.heintz@gmail.com or DefendTheNet@ParaLogic.Net.

Radio Iowa

Top immigration official outlines security database changes Chicago Tribune, United States - 5 hours ago AP CHICAGO - A top US Immigration official says it's necessary to increase fees to fund a security database that tracks foreign students. ... Video: ICE Agents Raid Meat Packing Plant AssociatedPress Illegal immigration raid strikes heartland Kansas City Star Iowa immigration raid is largest in US history Arizona Republic New York Times - Waterloo Cedar Falls Courier all 657 news articles

Harper Must Answer Canadians’ Questions on National Security Liberal.ca (press release), Canada - 4 hours ago Prime Minister Stephen Harper must assure Canadians that all possible security checks were followed with regard to the latest gaffe of Minister of Foreign ... Security Check On Port Workers Tighter Than That For Cabinet Members AHN Port workers and their spouses face more scrutiny than cabinet ... Globe and Mail Bloc calls for Bernier security probe Toronto Star The Canadian Press - Globe and Mail all 366 news articles

UN News Centre

US: Security Council should address Lebanon fighting AFP - 56 minutes ago ABOARD AIR FORCE ONE (AFP) — The United States is expecting the UN Security Council to take action next week on the issue of unrest in Lebanon, ... DEVELOPING EFFECTIVE, ACCOUNTABLE SECURITY INSTITUTIONS ‘OUR ... ReliefWeb (press release) Security Council hears call for more coherent approach to security ... UN News Centre Security Council presidential statement emphasizes security sector ... ReliefWeb (press release) all 8 news articles

Javno.hr

US expects little from Iran on world problems AFP - 2 hours ago Iran must in any case yield to UN Security Council resolutions, which demand it halt the enrichment of uranium, McCormack added. ... Iran says puts package of proposals to EU's Solana Reuters UK US declines to help present nuclear deal to Iran International Herald Tribune 5 nations may present new Iran offer in person The Associated Press all 144 news articles

Security Officer Seattle Times, United States - 1 hour ago The role of the Medical Center Security Officer is to assure a safe and secure environment for the patients, visitors, staff and property of Swedish Medical ...

Alalam News Network

Security Council strongly condemns rebel attack near Khartoum International Herald Tribune, France - 58 minutes ago AP UNITED NATIONS: The UN Security Council on Tuesday strongly condemned the rebel attack near Khartoum, warning against any retaliation and urging Sudan ... UN Security Council condemns rebel attack on Khartoum Xinhua Security Council condemns JEM attack against Sudan’s govt Sudan Tribune Security Council slates weekend attacks by Darfur rebels near ... UN News Centre Monsters and Critics.com - International Herald Tribune all 2,325 news articles

Seagate Secure(TM) Self-Encrypting Laptop Hard Drives Earn ... FOXBusiness - 12 hours ago NSTISSP No.11 defines requirements for a wide variety of products that "satisfy a diversity of security requirements to include providing confidentiality ... Wave Q1 2008 Revenues Rose 32% to $1.7 Million on Continued Growth ... Business Wire (press release) all 14 news articles

Mock attack defeats lab security San Francisco Chronicle,  USA - 15 minutes ago By SCOTT LINDLAW, AP Writer Mock terrorists defeated security personnel in a recent drill at Lawrence Livermore National Laboratory, where nuclear weapons ...

Eruces gains US patent for security software Bizjournals.com, NC - 5 hours ago A Lenexa-based software company has garnered its first US patent for its data security software. The US Patent and Trademark Office granted Eruces Inc. a ... ERUCES Awarded US Patent for its Cryptographic Key Management Emediawire (press release) all 7 news articles

The Southern Ledger

Israel to transfer security in Jenin area to Palestinians Ha'aretz, Israel - 1 hour ago By Barak Ravid and Avi Issacharoff, Haaretz Correspondents Israel and the Palestinians have been discussing an almost complete transfer of security ... Video: Palestinian villages lost in 1948 war - 13 May 08 AlJazeeraEnglish Palestinian PM ties better security to more jobs The Associated Press Mideast envoy proposes turning part of West Bank into economic ... PR-Inside.com (Pressemitteilung) New York Times - Times Online all 222 news articles