Defending The Kingdom

Up until now, this weblog has focused on two things:

1. Privacy and security news items
2. Tips and tools to stay secure and keep your privacy intact

Both are important. However, only one will continue to receive attention on this weblog over the next year.

Because I will be doing some extensive travelling, I will not have the time or opportunity to make the frequent updates required to keep current with news items.

Periodically, I will continue to post articles and advice on how to stay secure online and off, although these may not come as frequently as they have so far. There are numerous topics I have yet to cover and I will continue to post on those whenever I get the chance. In fact, I haven’t even broached some of the best stuff I want to publish here.

What’s in the bag

Eventually, I will compile all of the tips I post about here that pertain to software and the critical behavioral aspects of security and privacy in a small, downloadable ebook.

Although I will likely charge money for the ebook, one thing is certain: The information on this website has always been and will always be free and accessible in the form that it is now. For those who are willing to sort through the archives, all the information that would be compiled into the ebook will remain free on this website. The ebook would just be a shortcut to a lot of neatly packaged information for those who don’t mind paying for the convenience.

I’ve made up a rough outline for the contents of the ebook and will publish it shortly. Here are a few things that will be included:

1. How to make great passwords
2. How to be sure there is no spyware in software before downloading it
3. What to expect from your bank in terms of privacy and security
4. How to safely accept file transfers through email and instant messaging programs

The list of things I want to include is not yet complete, so I would really like to know what you want to have included. Leave a comment below or send an email to me with your thoughts!

Bruce Schneier easily disarms the argument that says security and civil liberties must always be traded one for one. That’s only true if security is an afterthought for whatever process or project is in question.

Security and privacy are not two sides of a teeter-totter. This association is simplistic and largely fallacious. It’s easy and fast, but less effective, to increase security by taking away liberty. However, the best ways to increase security are not at the expense of privacy and liberty. (continue reading…)

This story is a few days old, so Samsung may have, by this time, evicted the Trojan horse that has been squatting on its corporate website:

Samsung Electronics’ U.S. Web site is hosting a Trojan horse that logs keystrokes, disables antivirus applications and steals online banking access codes, according to Internet security company Websense.

This actually has very little to do with Samsung, and more to do with the state of internet security. I wouldn’t recommend halting your visits to Samsung’s website or any other website that shows up in the news for something like this. There will be many more of these stories to come.

Your strategy

Keeping records of companies that screw up is a losing proposition. Having said that, a public record is necessary because companies should be held accountable for their complacency, as this is probably the only way the situation will improve, but it’s not a useful strategy for you to combat security risks. (continue reading…)

After AOL published its users’ private search data last month, you may be wondering where it’s safe to do your searches. Who Which is the most trustworthy search engine? Is there something you can do so that you don’t have to trust the search engines at all? (continue reading…)

Companies that collect your data won’t act responsibly until they are financially affected by their sloppy and thoughtless privacy practices. When you get the chance, read this fascinating overview of the condition of privacy controls among US companies:

At its core, protecting privacy is an information management issue. With the cost of computer storage plummeting, companies are maintaining more and more data, for longer periods of time, at rock-bottom prices. Executives are driven by the idea that any morsel of information about customer purchases, browsing habits and preferences could someday be valuable, so they simply can’t bring themselves to erase anything. Consequently, personal information and less sensitive details exist side-by-side in the same databases, often accessible by multiple programs throughout the organization, many of which have long been forgotten. Without a complete, up-to-date inventory of what data they possess and how it is being used, which data should be segregated and which can be freely shared, many companies are making privacy breaches a foregone conclusion. (continue reading…)