Price drop on ebook

The Defending the Kingdom eBook is now just $4. It neatly encapsulates all the best advice found on this site, plus a bit more!

The information on this website will always be free, but I’m betting that many of the 7,000 readers of this site will find it more convenient to get all the best tips in a single book rather than having to search through the 70+ posts in the archive.

However you get your security advice, thanks for reading and making this site a success!

(P.s. Want a free taste of the eBook? Check out the first 5 pages.)

Read more about Uncategorized

Protect data at border crossings

Bruce Schneier has an article in The Guardian that describes some strategies to keep your data private when crossing borders. What do you want customs agents to see when you bring your laptop, USB drive, mobile phone, or PDA across a border?

Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you’re entering the country. They can take your computer and download its entire contents, or keep it for several days.


Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won’t work here. The border agent is likely to start this whole process with a “please type in your password”. Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day.

You’re going to have to hide your data. Set a portion of your hard drive to be encrypted with a different key – even if you also encrypt your entire hard drive – and keep your sensitive data there. Lots of programs allow you to do this. I use PGP Disk (from TrueCrypt ( is also good, and free.

The article goes on to talk about the importance of using strong passwords, as well as the limits of depending on strong passwords to protect encrypted data.

Edited to add (19 May 2008): The quoted sections of the Guardian article have been trimmed due to a complaint from one of the editors.

Read more about offline security,privacy

Virtual kidnapping in Mexico

Where real kidnappings are common, criminals can stage fake kidnappings and get the same payoff:

The phone call begins with the cries of an anguished child calling for a parent: “Mama! Papa!” The youngster’s sobs are quickly replaced by a husky male voice that means business.

“We’ve got your child,” he says in rapid-fire Spanish, usually adding an expletive for effect and then rattling off a list of demands that might include cash or jewels dropped off at a certain street corner or a sizable deposit made to a local bank.

The twist is that little Pablo or Teresa is safe and sound at school, not duct-taped to a chair in a rundown flophouse somewhere or stuffed in the back of a pirate taxi. But when the cellphone call comes in, that is not at all clear.


Authorities say hundreds of different criminal gangs are engaged in various telephone scams. Besides the false kidnappings, callers falsely tell people they have won cars or money. Sometimes, people are told to turn off their cellphones for an hour so the service can be repaired; then, relatives are called and told that the cellphone’s owner has been kidnapped. Ransom demands have even been made by text message.

Read more about security