Rogue Facebook apps can now access your home address and mobile phone number | Naked Security

Time to revisit your facebook privacy settings again:

Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users.

Read more…Rogue Facebook apps can now access your home address and mobile phone number | Naked Security.

Facebook – How To Opt Out Of Instant Personalization

Facebook is getting bigger and sharing more info. It’s time to revisit your privacy settings and make sure you’re not opting into anything automatically.

First stop is “Instant Personalization“, which basically allows FB partner sites to gather your info. Opt out by going to your Account –> Privacy Settings, then click on the Edit Settings under Instant Personalization:

Instant Personalization

Once there, you need to uncheck the setting that allows partners to personalize their site based on your public info:

Uncheck Instant Personalization

Secondly, you’ll need to block each application (partner website) individually. This was harder to find.  Currently, there are only three partner sites. I was able to block them by doing the following:

Click on the following FB FAQ:

http://www.facebook.com/help/?page=1068#!/help/?faq=17105

This will open up the How Do I Opt-Out of Instant Personalization faq. From there, click on the partner links individually, and select “Block Application” from the left column. Remember, you have to do this for each partner:

Block Applications

Once done, you can confirm these sites are blocked by visiting the Blocked Applications section of the Privacy Settings –> Applications and Websites:

Blocked Applications

Finally, block what info your friends can share about you to partner websites by editing the settings in the What your friends can share about you page under Privacy Settings –> Applications and Websites:

Here you can edit what can be shared and what cannot. I unchecked everything so that nothing can be shared about me.

Call me paranoid, but in an age when identity theft is rampant, you shouldn’t be automatically opted into sharing your personal info.

Facebook’s New Features and Your Privacy: Everything You Need To Know – PCWorld

This is getting SCARY. So basically, unless you opt out, when you’re logged into FB, and visit a partner site (Currently Yelp, Docs.com, Pandora – but I’m sure the list will grow), the partner site will know you’re a FB user and will ask you if you want to “personalize” the site. By that they mean, they will custom tailor the site based on your “Likes” and “Recommendations” listed in FB. So they will have access to your FB “Public” data. If that’s not creepy enough, how about knowing that they will not have to delete the info they gather about you, from their servers, ever! Also, they will have access to your friend’s data, unless you’re friends specifically block the partner site.

Read more…Facebook’s New Features and Your Privacy: Everything You Need To Know – PCWorld.

Google Douses Privacy Fire — InformationWeek

Google Douses Privacy Fire — InformationWeek.

Recent remarks by Google CEO Eric Schmidt in a CNBC interview have set off a firestorm among privacy advocates:

Passing on the opportunity to explain to Bartiromo the difference between trusted friends and multi-billion dollar search advertising companies, Schmidt responded, “I think judgment matters. …If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. If you really need that kind of privacy, the reality is that search engines–including Google–do retain this information for some time. And it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.”

And the pretty much sums it up about any online company you deal with. For you Facebookers and Tweeters, and anywhere else you post or upload or download from, you’re putting it out there on a server that get’s mirrored and backed up, and probably indexed by search engines. “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”

Why I’m Not A Fan Of Facebook

I’m still wary about social networking. I’m in LinkedIn for professional reasons, but haven’t gotten into the Facebook, MySpace, Twitter stuff. First of all, they pull crap like changing the Terms of Service without giving you a chance to opt out:

The Palo Alto-based social networking company now says in its terms of service that it will have unending and irrevocable license to use any content uploaded to its service, according to a posting on The Consumerist, a blog owned by the publisher of Consumer Reports

I don’t know who’s looking at the photos or what they’re doing with it. Besides the fact that I like some anonymity on the internet (yeah, I don’t want people, especially the  wierdos from elementary school searching my name and learning everything about me, my family, my work, etc), I don’t need companies changing the Terms of Service on the fly, especially to say they own my content forever. More info here from Neowin.net.

In general, when you put your name out on the internet, your photos, your blog, your messages, your rants…they’re there forever. They are stored on servers that are backed up constantly. What you post now, or write now, can be out there for a very long time, even if you try to delete it.  My suggestion is to stay anonymous. Use multiple email addresses, each for different things, don’t post your name, address, telephone number for all to see.

Data Breach Caused By Limewire at Investment Firm

Washington Post story which clearly illustrates why you need to be careful with file sharing programs like Limewire, despite the peer-to-peer (P2P) application arena having enormous potential.

Sometime late last year, an employee of a McLean investment firm decided to trade some music, or maybe a movie, with like-minded users of the online file-sharing network LimeWire while using a company computer. In doing so, he inadvertently opened the private files of his firm, Wagner Resource Group, to the public.

P2P applications like Limewire, allows you to share and swap files. Most people use it to share and download movies and music with other users. For those of you who have kids that use your computer, or their own computer on a local home network, be aware of P2P file sharing apps like Limewire. Companies should make it part of their corporate security policy to ban the installation and use of P2P apps (unless of course you have a business need). With P2P applications, such as Limewire, it’s pretty simple to, inadvertently, open up folders on your computer for sharing with the rest of the world.

…officials found that more than a dozen LimeWire users in places as far away as Sri Lanka and Colombia downloaded the list of personal data from the Wagner network.

And if your kids are using your computer and Limewire, you may be sharing your folders already.

In the case outlined in the Washington Post article, the McLean investment firm made two very big mistakes. One, allowing the employee to install and use Limewire. The second, not having their client information encrypted and stored in a secure location. Both of which, could  have easily been avoided using simple solutions.

Essential Free Downloads For A New PC (Or An Existing PC)

If you just bought a new desktop or laptop, no doubt it came with 30-Day trials of typical well known AntiVirus, AntiSpyware applications along with a host of other applications whose licenses expires within 30 to 60 days. The good news is, you can let them expire. The reason being, there are plenty of just as good, if not better, freeware applications out there, that can take their place. In this post, I’ll outline a list of freeware applications that I think are essential and should be installed on any desktop or laptop running Windows XP and Vista. Full disclosure, I don’t get paid to recommend these applications. I just use them myself and have found them to be very reliable, without any spyware, adware, or virus attached to them. Now without further ado:

Thirteen Essential Freeware Applications:

  1. Browser: Firefox with AdBlock, WOT, DoNotTrackMe and if you’re really paranoid (like me), get NoScript and FlashBlock – Your PC or Laptop undoubtedly came with Internet Explorer. But Firefox is simply a faster browser with better plugins. Tired of seeing advertisements and bright, flashing banners on the websites you visit? Try the AdBlock plugin and you’ll never (almost) see ads again. WOT stands for Web of Trust and it  warns you of unsafe website links.  The DoNotTrackMe add-on blocks online tracking. It blocks ads and cookies with tracking, and prevents data collection. NoScript basically prevents JavaScript, Java and other executable content from running without your approval. FlashBlock prevents flash content from running. Be warned though. NoScript and Flashblock can basically break a webpage. That is, pages may not look right when the initially load. You’ll have to manually allow scripts and flash content to run.
  2. AntiVirus Software: Microsoft Security Essentials or Avira – With it’s realtime protection, automatic updates, MSE and Avira are  excellent alternatives to paid  antivirus products. A highly configurable application, Avira guards against viruses by scanning downloaded files or email attachments. Similarly, another quality antivirus application is Microsoft Security Essentials. I previously  recommended AVG, but it’s become more bloated. I loved it at  version  7.5 , which will be dearly missed. Microsoft Security Essentials has realtime protection and automatic updates, and just like Avira, you basically install it and let it do it’s thing. In both cases, you can do scheduled scans – which I think is an important feature. For example, I have MSE scan my entire system starting at 1 AM every Saturday morning.  Avira has a fully featured edition which cost money, but the free home/personal edition is  perfect for the average home user.
  3. AntiSpyware Software: Malwarebytes and SuperAntiSpyware – Malwarebytes can scan and eliminate tracking programs, cookies, keyloggers, spyware, hijackers, and trojans. A good program, it unfortunately does not provide realtime protection. SuperAntiSpyware, despite having a name that sounds like a bogus AntiSpyware program, it actually works.  My first experience with the software was when I used it to remove a varient of the Vundo trojan off a friend’s computer.  The only drawback is that updates are manual and there is no realtime protection. Install both and run them manually biweekly.
  4. Browser Hijacks: HijackThis along with the Log Analyzer – An application that actually falls under the AntiSpyware category, HijackThis scans your machine for settings that may have been changed by spyware programs. For example, if you have alot of popups or if your google/yahoo searches lead you to shopping websites, your browser may have been hijacked. HijackThis will scan your machine and create a log file [select “Do a system scan and save a log file”]. You take the log file to the Log Analyzer page to get an interpretation of the results, giving you an idea of what’s good and what’s bad. Just like AdAware, you usually don’t need this program unless you unwittingly installed some “search assistant” or “shopping assistant” program or some third party wallpaper/screensaver that came with some “extra goodies”, that you really weren’t aware of.
  5. Firewall: Comodo Firewall Pro and Zone Alarm– If you have a router at home (if you don’t you should!!), that will protect you from incoming attacks. The router typically has firewall functionality built in, that will make your internal PC invisible to the outside world. A software firewall, on the other hand, installed on your PC, will protect you against malicious outgoing traffic. It will allow you to control which software programs on your computer has access to the internet. By using a software firewall, you can see which programs are trying to get out to the internet, either to access info (such as program updates, antivirus updates) or send info (such as your personal searching habits). Zone Alarm works well in giving you this type of protection, displaying alerts when applications try to connect out. It is good for the novice user who wants a general software firewall without the need to fine tune. Comodo allows a user to fine tune the firewall, with the ability to specify TCP ports, traffic direction (incoming, outgoing, or both). In other words, it’s for the user who wants to get down to the nitty gritty.  If you choose to use Zone Alarm or Comodo, you should disable the Windows Firewall so that they don’t create any conflicts. On a side note, Sygate Personal Firewall was fantastic until Symantec bought them out and canned it (R.I.P.).
  6. Privacy: CCleaner – If you surf the Internet, whether using Internet Explorer or Firefox, of any other browser, you’re bound to have a load of cookies and temporary files. CCleaner will help clean up those unnecessary files in addition to, Windows Temporary Files, URL History, Recycle Bin, Clipboard, Windows Log Files, Recent Documents from the Start Menu, among other temporary files. A good, easy to use cleaner. You can set it to run automatically after the computer boots up, and set it for secure deletion (from 1 to 35 passes). I usually run it after I’m done browsing or going to websites where I need to enter a username and password. The “C” in CCleaner supposedly stands for Crap. NOTE: When you install CCleaner, make sure you uncheck the “Add CCleaner Yahoo! Toolbar and use CCleaner from your browser” option. It otherwise installs the Yahoo toolbar which is not something I recommend.
  7. Archiving: 7Zip – A fast archiving program which packs/unpacks files and directories in 7z format as well as the ZIP, GZIP, BZIP2 and TAR formats. It unpacks only in the RAR, CAB, ISO, ARJ, LZH, CHM, MSI, WIM, Z, CPIO, RPM, DEB and NSIS formats. It integrates well with the Windows shell, and works better than the Windows unpacking utility since you don’t have to deal with the Windows Extraction Wizard which makes something that should take one step, into four steps.
  8. CD/DVD Burner: CDBurnerXP – A CD/DVD Burner program which allows you to burn a data or audio disc, burn an ISO image, copy or erase a disc. Replace your trial version of Nero or Roxio with this free program.
  9. Encryption: TrueCrypt – When you need to encrypt your USB flash drive or create an encrypted “container” or partition on your hard drive, TrueCrypt is the way to go. TrueCrypt provides for “on-the-fly”, transparent encryption allowing you to securely store your files without much hassle. Essential when you store personal information on your computer, such as your tax files, password lists, etc.
  10. PDF Reader: Foxit Reader – A small, fast alternative to Adobe Acrobat Reader (2.55M versus 20M) with no annoying splash window. Required for when you need to download/read user manuals or other documents which only come in PDF format.
  11. PDF Writer: PrimoPDF – Great for when you need to print something (like an online shopping receipt) but don’t have a printer handy, print to a PDF printer. Basically, acts like a printer, but simply “prints” to a pdf file, which you can save and print later, or save and open using your favorite PDF reader.
  12. Image Resizer: Microsoft Image Resizer PowerToy – Nice simple tool to resize pictures that you’ve taken with your digital camera. You simply right-click on the photo (or selection of photos), and select “Resize Pictures” from the menu. Easier than starting another program (such as Photoshop or Elements) to resize pictures.

That’s it!. Of course, if you’re not the type to install “free” wallpapers, screensavers, toolbars, shopping assistant applications, then you probably don’t need any of the above 🙂

Hope this list helps. Comments are certainly welcome!

Encrypt Your Flash Drive Using TrueCrypt

UPDATE (12/29/14):  Arggh! So they shutdown the TrueCrypt for some crazy cockeyed reason. But it’s still a good product as far as I’m concerned and I still use it to encrypt my flash drive. The last version of the software is still available on other sites. Below, I’ve posted the download link to one site I find trustworthy.

Note: Understand that to use TrueCrypt, you need to have administrative privileges [admin rights]. If you are a home user, then most likely, you are already running your PC as an administrator. At work, it might be a different story.  Your system administrator has probably locked down your PC.  The reason you need admin rights is because TrueCrypt loads a driver that enables the “on-the-fly” encryption. To load the driver, you need the administrative privileges. It does not matter that you are running TrueCrypt from your USB Flash Drive. It still loads the driver and you still need admin rights. So, if you are at work, on a PC that is locked down, then you’ll need to have your system administrator install TrueCrypt on your PC in order for you to use your encrypted USB Flash Drive.  If you plug your drive into a machine that requires administrative rights, and doesn’t have TrueCrypt already installed, then you’ll get a message stating “In order to load the TrueCrypt driver, you need to be logged into an account with administrator privileges“. You can read about it on the TrueCrypt website here. Now that we got that out of the way, let’s move on.

Introduction

Portable USB flash drives are becoming cheaper and cheaper every day. Some companies are even giving them away. When they first arrived on the scene, most of the drives had a capacity of less than 1GB. But now, you can find 2GB to 4GB drives almost everywhere, including your local drugstore chain. At these sizes, they can actually be useful. You can use it to store your music, pictures, videos, or documents. Some even use it to store bootable operating systems like Linux. I use it to store a text file that contains the passwords for all of my online accounts, such as for my online bank accounts, my Amazon account, credit card accounts, etc. And since the flash drives are so portable, it makes sense to have one. However, since they ARE so portable, they can easily be lost, stolen, or misplaced. If you are like me, and store personal information on your flash drive, information that you don’t want to fall into the wrong hands, then you need to encrypt your flash drive. By encrypting your flash drive, the files contained within it become password protected and can only be accessed by you or someone who knows your password. There are many different applications that help you encrypt your flash drive. Some drive manufacturers include encryption applications on the flash drive. In this tutorial, I will show you how to encrypt your portable USB flash drive using my favorite freeware application, TrueCrypt.

What Is TrueCrypt?

Using TrueCrypt, you create a password protected encrypted file that is stored on the flash drive. This encrypted file acts as a “container”, within which all the files you want encrypted are stored. When you connect your flash drive into a PC, this “container” gets mounted as a separate hard drive (provided you enter the correct password). And now, everything you save into this separate hard drive is encrypted automatically. This is where TrueCrypt really shines, providing transparent, real-time encryption. Plus, you don’t need TrueCrypt to be installed on the local computer [unless you don’t have admin rights on your computer – see note above].

How To Encrypt Your Flash Drive Using TrueCrypt

    1. Download the latest stable version of TrueCrypt from grc.com: TrueCrypt Setup 7.1a.exe
    2. Install the software on your local computer (accepting all the default options)

install

  • Connect your USB flash drive to your computer. For this tutorial, let’s assume that it is assigned drive letter G:\
  • Start the TrueCrypt application
  • Click on the Create Volume button to start the TrueCrypt Volume Creation Wizard. This is where you create the “container”.

create-volume1

  • Select Create a file container (default option) and click on Next.

Create the \

  • This brings you to the Volume Type window. Here you can specify if you want your “container” to be a standard, visible file or if you want to create a hidden “container” (essentially a “container” within a “container”). For this tutorial, we’ll select the default option, Standard TrueCrypt Volume, and click on Next.

  • This brings you to the Volume Location window. Here you specify the filename and location of the “container”. For this tutorial, let’s call the container MyCrypt. And since your flash drive is mounted as the G:\ drive, specify your location and filename as G:\MyCrypt, placing the container in the root of the flash drive. Click Next.

\

  • Next you need to select the Encryption Algorithm and Hash Algorithm. I won’t go into the details of the differences between the different options, their pros and cons. That would turn this tutorial into a book. For this tutorial, we’ll leave the defaults, as they should be sufficient. Click Next.

encryption and hash algorithms

  • Next, you need to choose the size of the “container”. This depends on the size of your flash drive and how much info you want to encrypt. Personally, I would suggest leaving anywhere between 10% to 20% of the drive unencrypted so that you have room for the TrueCrypt application files (about 6MB) as well as unimportant files that you might want to share or just don’t need encrypted. For this tutorial, using a 1GB flash drive, we’ll set the “container” to be 850MB. Click Next.

  • Next, specify the password you want to use to access and mount this “container”. Select a strong password, that would be easy for you to remember and hard for anyone else to figure out. A strong password usually consists of at least 20 characters, and uses a combination of letters (both lower and upper case), and numbers. But at a minimum, it should consist of 8 characters. Click Next after you enter your password.

  • Next, you are ready to format the container. You can select the type of File System and Cluster. For this tutorial, leave the default values. Move your mouse randomly within the Volume Format window to generate the encryption keys. Don’t worry; you are not going to have to remember these keys. When ready, click on Format to start. Depending on the size of the “container” (chosen in step 8), this may take up to 5 minutes.

  • Once the format successfully completes, you will get a pop up indicating that the “container” has been created. Click OK then Exit.

  • From the main TrueCrypt window, select Tools -> Traveler Disk Setup to start the Traveler Disk Setup Wizard.

traveler-disk-setup2

  • In the Traveler Disk Setup Wizard, we need to set several things. First, specify the root directory of the removable drive, in our case G:\. Uncheck the “Include TrueCrypt Volume Creation Wizard” (we’ve already created the “container” called MyCrypt so we don’t need the wizard). Next, select the “Auto-mount TrueCrypt Volume” button. This will allow you to be automatically prompted to mount the encrypted “container” when you insert your removable drive. Next, specify the name of the encrypted “container”, in our case it’s MyCrypt. Finally, click on Create.

autorun-creation

  • Once the Traveler Disk Setup is complete, you will get a confirmation popup:

autorun-created1

  • Click OK, Close out of the Traveler Disk Setup Wizard and Exit the TrueCrypt application. That’s it! Now, every time you connect your flash drive, you will be asked if you want to mount your encrypted “container”. Select Mount TrueCrypt volume and click OK.

mount

  • Next, you will be prompted to enter in the password you created for your encrypted “container”. Enter your password and click OK.

  • Your encrypted “container” will be mounted as a drive using the next available drive letter. In this case, it is the H:\ drive.

  • Now, every time you put a file into the H:\ drive, it will be encrypted automatically. To “disconnect” the drive, right-click on the TrueCrypt icon in your taskbar and select Dismount:

Hopefully, I made the steps to create an encrypted drive easy. Having an encrypted drive will give you the assurance that if you lost your flash drive, the personal information stored in the encrypted drive will never be exposed.

Comments for this tutorial are welcomed!

Copyright © 2008 JB Network Design LLC. All rights reserved. TrueCrypt and the TrueCrypt logo are registered trademarks of the TrueCrypt Foundation.

Running Windows Apps in Linux

Lifehacker has a great writeup on running Windows apps inside Linux with VirtualBox.