[vox-tech] Legal Ethics Tech Question

Bill Kendrick nbs at sonic.net
Thu Dec 17 16:25:24 PST 2009


On Mon, Dec 14, 2009 at 11:49:30PM -0800, Bill Broadley wrote:
> IMO hostbased firewalls offer very little protection, but if they reduce your
> legal liability then by all means do it.  Pretty much any firewall it turned
> off by any of the popular malware if you happen to run it.  So of course the
> key is to not run any evil software.  That means not responding to emails
> claiming to show embarrassing videos of public figures, earthquake victims,
> or pretty much anything that leads to opening a remote file.  So browser
> plugins, local apps, screen savers, cute little utilities, etc.

Worse is when it's phishing attempts:  "Your facebook account has been
locked due to security reasons. Run the attached EXE to re-enable your
account."  (Replace "facebook" with your ISP, your bank, etc.)

The few times I've seen something that looks even remotely legit
("hey, _I_ have a 'sonic.net' account!"), the email is not usually
coming from where it purports to.  (e.g., why is Wells Fargo emailing me
from a host called xyz.random.co.uk?)

I'm also lucky because I use a plaintext email client (Mutt), so I don't
see HTML email; not as live HTML, at least.  (That helps reduce the chance
of 'beacons' being used to determine that I even ever got the email.
e.g., if the HTML of the email includes
<img src="http://hackers.tld/invisible.gif" width=1 height=1>, they'd know
the instant a user's browser or email client fetched that remote image from
their server.)

It was fun when I received some facebook phishing email... the form and links
in the HTML all went to  http://www.facebook.com.some.other.domain.tld/
I'm smart enough to not fall for that, but what percentage of the general
public would understand the difference between ".com." and ".com/" in
an URL? :(


<snip>
> Do you have to use IE?  My best guess is that they are recommending whole disk
> encryption, I can't think of anything else that could reasonably be called an
> encryption device.

Perhaps it's some kind of wifi-encrypting tent you erect over your laptop. ;)
This might also be useful:

  http://geek-ware.blogspot.com/2008/04/laptop-privacy-sweater.html

(More seriously, you could also get a cover for your screen that tweaks the
optics such that only you (or anyone _directly_ behind you) can see what's
on the screen.  Most ATMs do this.)

-- 
-bill!
Sent from my computer


More information about the vox-tech mailing list