Replies

My bank uses:
Place of Birth (per FreeBMD.org)
Date of Birth (per Birth Certificate)
Mother’s Maiden Name (per FreeBMD)
Plus a memorable place and a memorable date.
Random selection of letters from a Password (all letters),

I found that they require me to truthfully give my date and place of birth, but I can lie about the other “facts” – as long as I can remember that the response to “my memorable place” is (say) “Armistice Day” and to “my mother’s maiden name” is (say) “Park Lane Hotel”.

The place and date of birth has to be “honest” to meet “money laundering regulations”! So they have mixed their transaction security systems and procedures with their account opening systems and procedures!

“I told my colleague that his “unofficial” testing was probably illegal. While under contract, he had permission to connect to and analyze the hospital’s network. But once he’d submitted his report and the contract was complete, he had no right to perform the additional tests. I recommended that he stop his extra curricular activities and instead file a report on the U.S. Department of Health and Human Services (HHS) website.”

That is all very well, but unless he did post-contract testing how would he know that they had not improved security? And is filing a report now effectively admitting to illegal activity? Is there such a thing as a “public interest” defence in the US (I am in the UK), and would it apply in these circumstances?

Alternatively, to file a report with the HHS website at the same time as he filed his final report with the hospital, is probably unprofessional and would possibly lead to problems in getting his final bill paid!

So should he include in his standard terms the right to to perform post-contract tests? How many clients would agree to such terms?

Exactly!

Is this a US fight affecting only the US, or
Is this a US fight that will affect all of us, or
Is this a global fight in which we can all take part?

There’s one surfire way to keep your security questions safe from educated guesses: lie.
I’ve never had a pet, which makes the name of my beloved first puppy quite a challenge to a would-be hacker.
And not even my parents know the city of my birth.

My bank requires me to answer some questions truthfully as they match to the data they hold when they validated me as a customer for the purpose of meeting UK money laundering rules.

I have to tell the truth about:
– my name
– my address (which anyone can look up in about three minutes)
– my date and place of birth (which anyone can lookup in about 30 seconds)
However, I can lie about:
– My mother’s maiden name (does not even have to be a name – just a reliably remembered response)
– My Memorable Address (does not even have to be an address – again just a reliably remembered response)
There was quite a delay in getting them to accept the above two items – put on hold whilst the phone teller “spoke to security”!

The worrying thing is that my bank selects security questions at random and sometimes they only use questions which I have to be truthful about – and which can be looked up.

As #5 says, Linux needs to be considered.

It suffers from not having a single promoter (MS, Apple, Google etc.) and a variety of versions that can be confusing, but:
– It is robust and used by many employers on their servers
– Installation is no more difficult than installing Windows
– It has an ecosystem of applications
– Maintenance is as easy as Windows
– And purchase cost of the OS and the applications is £0

When will a major hardware supplier start shipping PCs with a mainstream Linux distribution? Netbooks aside (remember them?) it’s not happened and the distribution shipped with many was cut-down (sort of Linux RT).

My old netbook is now very happily running full Ubuntu 14.04. And I have Lubuntu really running on my old XP machine. Then on Virtual Box ( http://www.virtualbox.org running under Windows) I have played with numerous other varieties and desktops ( http://virtualboxes.org/images/ ) and Lubuntu may even bring my old Windows 98 machine back from the dead.

The lack of a single promoter means that getting into Linux seems a bit daunting. However, with a lot of old XP hardware around a lot of people have suitable hardware with which to experiment. Much of the variety is for Geeks, so just find a mainstream distribution that suits.

So download a distribution and experiment:

– any *ubuntu ( http://www.ubuntu.com/desktop , http://lubuntu.net/ , http://www.kubuntu.org/ , https://www.edubuntu.org/ )
Version 14.04 LTS is deemed a “long term support version” to be supported for at least two years – when there will be an easy upgrade to the next LTS version. My netbook started on 10.04 LTS, moved to 12.04 LTS and is now on 14.04 (the 14 refers to 2014 and the .04 refers to April)

– or try any Mint ( http://www.linuxmint.com/download.php – any of Cinnamon/MATE/KDE/xcfe – which are varieties of desktop)
Version 17 is the current LTS version.

All should run on XP compatible hardware – to most the main difference is cosmetic differences on how the “Start menu” equivalent etc. works. Personal recommendation from all this variety? Lubuntu – which should feel familiar to Windows Users.

If frightened by the download buy a linux magazine with a “Live CD” on the cover! (‘struth you may end up paying £5!)

I would welcome a more detailed article revisiting the whole question of backups in the light of current threats.

I started (in the days of DOS) using “xcopy /s/e/m” daily with a monthly run after resetting all attribs – and knew what was going on!
Then I moved to dragging data folders onto a CD icon once a week.
I moved a few years ago to a NAS which was meant to be backing up on the fly (fit and forget) – and was never really sure what it was doing.
I tried using SyncToy with the NAS but it would regularly choke on “files in use” or “path too long”
Post Cryptolock and other ransomware I have moved to a weekly USB harddrive backup (that can then be disconnected and moved to another place) – but again I am not really confident what the software (WD Smartware) is really doing. So I take system images using the Win7 Backup/Restore built-in application every month.

It’s not ideal and could be better. I am prepared to pay for software – if I can understand what it is doing and feel confident that it is doing it. Too much software nowadays is both clever-proof and/or idiot-proof; I’m somewhere in between!

I think I want:
1) Regular system images – to go off-site, but they take time so cannot be done too frequently.
2) Frequent “data” backups – to a medium that can then be disconnected (ideally with ability to check individual files)
3) Off-site media to be encrypted – which is why I am using WD external harddrives
Then if the worst happens, I restore from a system image and then copy over each subsequent data back-up in order.
I have a gut feel that the Win 7 backup Control Panel applet provides all I need. So why do so many people advocate applications like Acronis?

I have twice “lost” a hard disk, fortunately back in the xcopy days. Restoration (from multiple floppy disks) took a few hours, but was complete and certain. And putting a floppy disk in the drive each night to take the daily incremental backup (to go home) was quick, easy and dependable. Which is the way it should be.

I have found (Win 7 Home Premium 64bit 4G Ram 2.1GHz Dual Core Pentium) that running with less than about 100GB of spare disk space starts to give me problems – a lot of disk thrashing and Not Responding. Typically I have NIS, Thunderbird, Firefox and one other application (such as Open Office Writer, or Amazon Cloud Player) running.

Right now I am running on about 90GB spare and to avoid problems have switched off Aero (Left click on desktop, select personalise and then select a non-Aero Theme – I use Windows Classic). With Aero off, I am having NO response problems.

Switching off Aero has also – on my machine – made it run a lot cooler: 47C rather than 80C+

On an otherwise fully up-to-date W7 Home Premium set up, I had trouble with this update.

Using Firefox 17.0.1 (in a user account) I lost the ability to store configuration information and everytime I started Firefox the “home” pages for each installed extension was loaded. I could also not get a list of firefox extensions (the extensions tab in the Tools>addons page was empty). To solve this I had to delete all firefox related ‘extensions.*’ files in AppData/Roaming. This gave me back the list of extensions (all disabled). I re-enabled them, restarted Firefox and was back to where I wanted to be.

Uninstalling KB2753842 and then reinstalling it reproduced this problem.

(Thunderbird 17.0 seems unaffected)

Has the ribbon interface driven a lot of Office users to Open/LibreOffice?
Will the Metro UI drive a lot of Windows users to Linux?
(Currently installing Ubuntu 12.04 / OpenOffice / Mozilla Thunderbird/Firefox on an old Windows XP laptop)
or will the power of marketing just steamroller all but the technically competent?