Patch Lady – 31 days of security

Topic

New Reply

October is the national cyber security awareness month and I’m kicking off the month by linking to another author.  John Opdenakker posts about why ev
[See the full post at: Patch Lady – 31 days of security]

Susan Bradley Patch Lady/Prudent patcher

10 users thanked author for this post.

abbodi86, Bluetrix, Cayennejim, SueW, CADesertRat, David F, woody, Myst, Alex5723, WildBill

Reply | Quote

Replies

Susan-Susan-Susan … tsk~tsk

I haven’t fully recovered from last years (October – 2018 31 days of paranoia) 😀

 

Reply | Quote

The first bit of advice I give anyone shopping online is to never set up an account if avoidable. Always check out as a guest. At least I hope it helps a little.

= Ax Kramer

1 user thanked author for this post.

OscarCP

Reply | Quote

shopping online is to never set up an account if avoidable. Always check out as a guest.

I don’t understand. You need to have the payment processed and give a shipping address. How do you manage to do this as a guest?

You can stay offline and still be unsafe. My sister-in-law, who doesn’t own a computer nor a smartphone and knows nothing about browsers, texting, etc. received a phone call yesterday from someone who knew her credit card balance, address, obviously her cellphone number because he called her, and who offered her a deal on a no interest credit card for “only” $600! She knew enough to not accept. She hung up but the guy called back.  She  got scared and called my husband. He told her to check her bank accounts. The bank closed her credit card and is sending her a new one. I told her to at the least block the phone number he called her on. I’m not sure that she knows how to do that.

People get her information from the internet, credit card company, credit reporting sites (like Experian and Equifax who have had data stolen) and places she shops (brick and mortar) that stores everything. Who knows perhaps an unscrupulous former bank employee stole records.

 

Got coffee?

Reply | Quote

Hi plodr, I’m not Kramer, but your sis-n-law’s story prompts me to write. First on your question, I too have done some light shopping here or there without registering an account at those vendors sites. Method and availability will vary from one to the next. I think Kramer was advising to cut back on willingly giving out information when you do not have to.

But I really want to give a thought on confidence artists, grifters, and other various scum. You have already correctly identified this caller was not working in her interests. You may go from there and suspect they may be willing to Lie to accomplish their goals. The goal was $600. There would not have been any service given for that $600. And it would be surprising if she only lost that $600 if she had actually given up more information.

It is very possible that sis answered a “cold call”. If she had not answered, the very next person who did answer would have heard the exact same script presented as Their very private details. Remember criminals lie. If you have already accepted that they will lie to get the $600 (or more), then you can see that they are also lying about knowing any real information. it was a bluff to trick her into believing that sale con. If they actually got any detail veritably correct they were guessing and got lucky. Glad you both took all the right steps to protect her. Just in case there was any element of reality in the con.

Reply | Quote

Most online merchants will allow you to make a purchase, and when you are finished, will try hard to get you to set up an account. But they offer the option of checking out as a Guest which does not (hopefully) leave afterward detailed information that is stored on their computers for hackers to steal. I like to think that the fewer crumbs I leave behind, the better. Also I use a different email address for online purchases than I do for serious personal communications… such as this one.

= Ax Kramer

Reply | Quote

My main concern lately is about emails sent from [insert bank name here] and [insert credit card company here]. They insist on sending you a Bill Pay Notice with;

Account Number (last few digits)
Due Date
Minimum Amount Due
Amount Due
Account Balance

Email is not a secure platform. I really don’t want to put this information in the public domain via Outlook.com, Google or my ISP. An email with the Account Name and the Due Date would do just fine.

In the course of a year, these companies can create a complete finical profile on you and share it with a few ‘Select’ partners (have you read the Terms and Conditions); basically anyone that pays for the information.

Reply | Quote

Susan, while the idea of “cyber security sounds great, It is to my mind an oxymoron. It a question of not what you do, but what the sites you go to do. Computer data is out there, and if the cloud ( I pray this is a fad ) becomes a bigger deal, there will be more of it. This becomes a target that data thieves can not resist and thus, the cloud becomes a target for them to break in and steal data. And even if your computer is the equivalent of a Jail cell ( the idea of Perfect security of the Freedom vs Security Debate), unless everyone else is just as secure, then still Malware of all kinds can still spread. Even your own computer can get Zero day Virus (Virus or Malware that is not yet know to Antivirus companies).

The only “safe” thing to do is make sure that your data “does not exist” to steal. I believe in true anonymous computer use, so no one can figure out who is who (the Idea of freedom). Multi layered security will not  stop the thieves, and it WILL remove your privacy and maybe your freedom as well. People can “spoof” phone numbers and Email can be stolen. Thus IMO you are not really gaining any security and you are giving up more data to steal. It might give you a FALSE sense of security. Remember if it is worth stealing, someone WILL try to steal it, and some just do it for the challenge. My point is it is better if you do things on line to be like the Swiss and use long numbers. Also a word about passwords, with time any password can be cracked. People might be lazy and make the passwords simple and easy to remember. The catch is those are also easy to crack. and passwords like this 4$hghgF467b.,}+3Ft5457567+_DgfhfghfghFGTbgHJhh12376dfgdft547 are more secure and will take longer to crack, again with time it can happen! Also entering those kind of passwords make it much easier to make a mistake when entering them. As for fingerprint, face features, DNA those are going to make sure that indeed you are you, but still not completely safe if the data is on a computer somewhere. After all anyone can get into any computer if they have direct access to it and again encrypting ideas like passwords with time can be cracked. You want to be safe? STAY OFFLINE!

Reply | Quote

Anonymous  #197202 , about those biometrics you list: fingerprints and facial features.

This gives me a chance to ask some questions I’ve been wondering about for some time now.

Just two questions, for now:

(1) What happens if you hurt your finger or your face, while they are bandaged and looking quite different from the image of “you” the recognition algorithms are trained to recognize?

(2) What happens later on, if they heal with such scars that make the computer algorithms fail to recognize them as being “yours”?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote