I've used a digital wallet for years to keep track of my passwords (I use Roboform but there are other choices). Recently I found that it serves a purpose that hadn't occured to me: phishing prevention. Here's the deal: I got a message from a friend with a link. Without thinking … [Read more...]
Creating Strong Passwords
The recent theft of confidential documents from Twitter's Google Docs account points out the dangers of insecure passwords. NTEN's blog discusses the details of the break-in and lessons we should learn from it. The chief lesson: good passwords are key to good security. A 2007 NTEN post … [Read more...]
Twitter Hacking and Cloud Security
The front-page headlines read "Hacker steals Twitter's confidential documents," but the real story isn't about Twitter — it's that the stolen documents were stored online, "in the cloud." This could happen to any nonprofit or company storing data this way. As we've seen … [Read more...]
Phishing scam: Dear Webmail User
This is such a lame phishing scam that I can't imagine anyone falling for it. But I received three of these messages in the past two days so I'm passing it along. I reported this account to Google, so I hope they'll disable it. Dear Webmail User, This message was sent automatically by a … [Read more...]
New phishing scam: Please Update Your Email Account
I just received two identical messages with the following text. There's no URL -- the only way to respond is to reply to the message. Replies go to updatweb1 at aol.com I hope no one's foolish enough to fall for this. -----Original Message----- From: apache@net.lg.ua … [Read more...]
Security in-a-Box
The Tactical Technology Collective and Front Line have released Security in-a-Box, which was designed to meet the digital security and privacy needs of advocates and human rights defenders. They describe it as follows: Security in-a-box includes a How-to Booklet, which addresses a number of … [Read more...]
Downadup Worm on the Rampage
Internet security firm F-Secure has estimated that more than 3.5 million computers have been infected with the Downadup worm, a malicious program. The worm, also known as Conficker, uses a major flaw that Microsoft patched in October to remotely compromise computers running unpatched versions of … [Read more...]
New Year’s Resolution: Be Good To Your Data
My friend and fellow consultant John Kenyon is fond of saying that, after people, data is an organization's most important asset. An organization's databases store its history: contact records; people served; donors, funders, and prospects; VIPs, volunteers, and vendors; event attendees, and more. … [Read more...]
Securing USB drives
Last month I posted a list of best practices for managing a database and discussed, among other things, protecting data on USB drives and laptops. A recent discussion on the Information Systems Forum has suggested options for protecting USB drives. Richard Rothwell posted a blog entry on Portable … [Read more...]
Microsoft Issues Critical IE Patch
Microsoft issued a critical patch for Internet Explorer today, described as protection against a "remote code execution" vulnerability. If your computer is set up for automatic updates, you should get the patch, well, automatically. You should also be able to run Windows Update (under Tools in … [Read more...]