|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Today’s topic of paranoia is one that I’m already paranoid over. While 2017 had the largest number of public data breaches, there is a bigger risk th
[See the full post at: Patch Lady – 31 days of Paranoia – Day 29]
Susan Bradley Patch Lady/Prudent patcher
Hello Susan,
Day 29.
Susan, you have so hit the nail on the head in terms of this topic. What you didn’t say and which is in between the lines, is whether or not one should sign up for any such monitoring services. Why? Because and in order to do so, one must potentially provide a substantial amount of confidential information.
The upshot is, should I give confidential info to Party A, who I pray six ways from Sunday is really secure, in order to search for “Dark Web” data breach disclosures from Parties B through Z? This isn’t remotely equivalent to a game of Chess. Instead, it is equivalent to a game of Checkers in which one stupid breach allows the opponent to entirely run the board.
So, yeah, I do so totally agree with you.
Riddle me this…
After the Experian data breach, Experian offered free protection services. Yeah, I signed up for my new company cards in order to monitor those cards. Hmm…the very first charges on two of those cards were fraudulent charges. Now, how does that happen when those two cards had never been physically used in any brick and mortal retail location, and were never used online?
Also riddle me this…
I previously had specifically removed, on Paypal, previous cards as payment methods. One would think that those card numbers were indeed removed and gone from Paypal’s system. In the past two days, I have received nine (9) legitimate Paypal emails in which nine (9) have now been removed by Paypal because those cards are closed! Like I said, I had ALREADY removed those cards from Paypal, but only after I had also removed any associated automatic Paypal payments for these cards! This there is an obvious potential class action lawsuit.
The upshot is…
1. Don’t trust anything online as far as you could throw the carcass of a dead horse.
2. Don’t use your cell phone for banking or for payments since cell phones are so easily hacked.
3. Never use the same password twice — EVER!
4. Never use the same PIN number for any card twice — EVER!
5. Set up a verbal password for all activities with your banking institution so that nobody else can impersonate you on the phone.
6. If you keep a list of logins and passwords on your computer, perhaps in a text file, NEVER USE THE WORDS “LOGIN” AND “PASSWORD” anywhere within the file or for the file name! Why, because some malware specifically looks, and can very quickly look (if the Windows indexing service is enabled) for the words “login” and “password” in some or all files on the victim’s computer!
7. With regards to #6 and other important files on one’s computer, one should be using antivirus software which automatically prevents file access whenever any new and unknown program is detected. This prevents unknown malware and ransomware from gaining access to sensitive files. It is surprising to realize how many AV products do not yet incorporate this obviously necessary feature.
Best regards,
–GTP
Good points all, would add that the best method to protect yourselves from future breaches is a full on credit freeze. Monitoring only alerts you after something has happened. Freezes prevent anyone from opening a line of credit using your identity.
Krebs wrote about this recently – they are now free for everyone in the US.
https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/
~ Group "Weekend" ~
Just because you’re paranoid it doesn’t mean they ain’t out to getcha.
Just because you’re paranoid it doesn’t mean they ain’t out to getcha.
There is virtually no real penalty imposed on those institutions whose approach to security has permitted massive data breaches. Until there is a material financial disincentive that can be imposed by government these breaches and the lax approach to security that permits them will continue.
Any company that experiences a data breach that exposes confidential information should be required to pay a substantial penalty that is placed into a trust for the benefit of the victims. The occurrence of the breach establishes liability to those affected; there is no need to establish a causal relationship between any particular breach and the costs incurred by those victimized. The trust should have an unlimited life and the related legislation should require that the company must fund the trust on an ongoing basis sufficient to satisfy the lifetime claims of victims in connection with their need to combat identity theft as well as to absorb the costs of monitoring. That’s right, I said lifetime. The effects of data breaches have an indeterminate life and so the liability that accompanies them should not be limited by time.
Accountability encourages good behavior. Until there is accountability (and consequences), the public will continue to suffer. I’m tired of listening to apologies for one data breach after another. A public apology is the right PR move, but it’s meaningless to the real victims.
Try this. Walk up to people at the office and ask “What’s your password?” That should answer your question.
I was in a job and saw the result of one person ‘lending’ his password. The account was abused. The account owner was sacked.
In a temporary job in a school I was in charge of a fleet of laptops. When they bought their laptop in for repair, some kids would ask, “do you need my password”. Teachers would give me their password on paper with the laptop before I had a chance to say, ‘your password is secret” and fill them in on the reasons. With teaching like that, there’s always going to be easy targets for the hackers. This may help reduce the dangers a little.
Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)
In God we Trust, all others pay cash, and double-check for counterfeit funny money. The Wells Fargo bank and Equifax credit reporting agency data breachs can teach us all about paranoia:
– https://www.bankrate.com/personal-finance/credit/wells-fargo-equifax-hack/ –
It is a good idea to research the pros and cons of setting up a “credit freeze” on accounts:
– https://www.nerdwallet.com/blog/finance/pros-and-cons-freezing-credit/ –
and another good website for staying safe online is:
– https://staysafeonline.org/stay-safe-online/ –
lets all keep our paranoia antenna fine tuned, two more days, thanks Susan !
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Notifications
