20 April 2012
James Fallows had an article in the Atlantic last year that did a good job of scaring the wits out of me, as any entertaining and informative security article should. Fallows described what happened when his wife’s Gmail account was hacked and she (briefly, before friends of theirs at Google saved the day) lost the entire contents of her Gmail account. The experience got Fallows thinking about how vulnerable we are when we store our information in the cloud.
My passwords are strong — and I’m hoping yours are too after reading the articles on DtheK — but what if your account gets broken into anyway, either through a server problem, hacker, or some other issue? Most of us would be willing to expend considerable effort to prevent the loss of all of our email data in such a worst case scenario, so I’ve compiled a few ways you can protect yourself. Each method is rated by difficulty, using the “Grandma Frustration-O-Meter” gold standard.
Options for backing up your email accounts
- Use a desktop client like Microsoft Outlook, Zimbra, or Mozilla Firebird to download and store copies of your emails on your hard drive. Grandma-Frustration-O-Meter: What the dang is POP3? Aaack!
- If you want to backup a Gmail account, start a new Hotmail account. Then ask Hotmail to store copies of your emails. Or vice versa if you use Hotmail and want Gmail to store your emails. I haven’t looked into Yahoo, but I’m guessing something similar might work for that. Grandma-Frustration-O-Meter: Goes down easier than a warm glass of milk.
- Use Gmail Backup and hope that it is not stealing your password information like the program described here. User beware, but one reason to trust it is that it is featured on the Google Apps Marketplace; another reason is that Softpedia certifies it as a clean program, free of adware, spyware, and viruses. Grandma-Frustration-O-Meter: I have to remember to run the program monthly? Okey dokey. What? Where am I?
- Use Backupify, an online service that claims to be able to store all of your Gmail account information and settings, then restore it to a Gmail account at any time. Sounds great, but of course you have to trust Backupify with your email content. Even if you trust Backupify to keep your information private, you now have to worry about two websites that could potentially get hacked instead of just one. Grandma-Frustration-O-Meter: Remember the warm glass of milk? It’s like that, but pricier.
- Pray. Don’t worry about backups, use the password “Lucky123” for every account on the internet, and pray that trouble won’t befall you. Grandma-Frustration-O-Meter: Ignorance is bliss… while it lasts
While I am uneasy about giving my email password to anyone but Google, I have chosen options 1 and 2 (note that options 3 and 4 require trusting another program, company, or website with your password, too). Make your choice, and may the odds be ever in your favor.
23 June 2008
A few posts from the Defending the Kingdom archive, which summarize well the reasons I keep this blog.
- Why security is a problem that will, unfortunately, always be with us.
- Why we can’t expect technology to solve all of our security problems.
- How to think about security problems as a compromise between security and effort spent getting it.
3 May 2008
Where real kidnappings are common, criminals can stage fake kidnappings and get the same payoff:
The phone call begins with the cries of an anguished child calling for a parent: â€œMama! Papa!â€ The youngsterâ€™s sobs are quickly replaced by a husky male voice that means business.
â€œWeâ€™ve got your child,â€ he says in rapid-fire Spanish, usually adding an expletive for effect and then rattling off a list of demands that might include cash or jewels dropped off at a certain street corner or a sizable deposit made to a local bank.
The twist is that little Pablo or Teresa is safe and sound at school, not duct-taped to a chair in a rundown flophouse somewhere or stuffed in the back of a pirate taxi. But when the cellphone call comes in, that is not at all clear.
Authorities say hundreds of different criminal gangs are engaged in various telephone scams. Besides the false kidnappings, callers falsely tell people they have won cars or money. Sometimes, people are told to turn off their cellphones for an hour so the service can be repaired; then, relatives are called and told that the cellphoneâ€™s owner has been kidnapped. Ransom demands have even been made by text message.
18 February 2008
Add another privacy threat to the list of things you can do nothing about:
A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network â€” perhaps hundreds of accounts or more â€” instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.
The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.
7 February 2008
Going through old Bruce Schneier essays, I came across one that downplays the danger of cyberterrorism:
The worry is that a terrorist would cause a problem more serious than a natural disaster, but this kind of thing is surprisingly hard to do. Worms and viruses have caused all sorts of network disruptions, but it happened by accident. In January 2003, the SQL Slammer worm disrupted 13,000 ATMs on the Bank of America’s network. But before it happened, you couldn’t have found a security expert who understood that those systems were dependent on that vulnerability. We simply don’t understand the interactions well enough to predict which kinds of attacks could cause catastrophic results, and terrorist organizations don’t have that sort of knowledge either — even if they tried to hire experts.
But Schneier says that worrying about cyberterrorism can have useful side-effects:
Luckily, the same countermeasures aimed at cyberterrorists will also prevent hackers and criminals. If organizations secure their computer networks for the wrong reasons, it will still be the right thing to do.