WhiteHat Consulting

Just a helpful tidbit for those that use public computers. When I’m on a public computer I always open up a notepad-like application and then type all the letters in the alphabet into it. After that, when I’m typing a password or something else sensitive, I’ll copy and paste individual letters into the password field. This stops keyloggers, makes you no longer “low-hanging fruit,” and should take care of any paranoia issues you might have as far as keyloggers go. Now you just need to worry about sniffers when there’s no encryption of your data across the wire 

It’s been a long time since I’ve used a virus scanner at home, and I’ll tell you why:

1. Well, I’ve been using Linux since 1998. However, let’s put that aside as this still applies to before I completely converted to using strictly Linux in 2002.

2. It eats up system resources like you wouldn’t believe. Thanks, but I’d rather put my processor to better use – something other than doubling the processor power it takes to open a spreadsheet. FreeAVG seems to be the only decent anti-virus solution for Windows that doesn’t kill the processor usage by default.

3. They can only find known viruses. Maybe being “protected” from tens of thousands of viruses comforts you, but I’m worried about the few no one knows about yet, and AV software provides no protection against those.

4. They are only partially successful in removing viruses. How many times have you seen “Delete Failed! click here for more info”? I saw it a few times too many. I SHOULD NEVER EVER SEE THIS MESSAGE! This is a design failure.

5. AV software is not effective as a means of prevention. Virii come in two flavors, trojans and worms. Trojan – idiot user clicked on BrittneySpearsNaked.jpg.pif.bat.js.exe; AV cannot prevent this. Worm – Windows security issue; AV cannot prevent this. This is an over-simplification, and may not be 100% technically accurate, but you get the picture.

6. If AV software can’t prevent infection, and if it sometimes can’t even remove the infection, what good is it again? It’s good for Symantec, its good for Macafee, and its good for IT professionals who get to say “its not my fault, I did everything i could to prevent it” next time a code red happens.

The Social Security Administration doesn’t accept paranoia as a criterion for granting a new card, but it recognizes cultural objections and religious pleas. One stratagem: Contend that your credit has been irrevocably damaged by a number-related snafu, or that you live in fear of a stalker who knows your digits.

Once you switch your SSN, never use it. Then use the fake one of 078-05-1120. It’s a specimen number from the Eisenhower era. No need to give your correct number to the cable or phone company. They don’t need it. Period. Of course it’s possible that someone else has used this number already, but so what.

The only people who need your SSN is your employer because they have to make the contributions. Your bank doesn’t need it – they, as well as your mortgage company, broker, etc., can use a Taxpayer ID # to create 1099s and such for the IRS. And health insurance companies have no shittin’ business with your SS#, not to mention the galactic stupidity of putting it right on your ID card. When someone asks me for the last 4 digits of my SSN, I ask them to use another secrity key. if they can’t, I don’t do business with them.

Anyway, using a SSN+address for authentication is as ridiculous as using a username+IPAddress alone for online banking. I wonder why more companies/organizations don’t realize this, and any step to educate them is a step in the right direction.

The answer is easy: They do realize it.

They just don’t care because the current system minimizes their financial losses by transfering those losses to the individual who has his/her identity “stolen”. Making any changes would cost money which reduces profits. Any changes that improved the situation could be used to find them responsible when/if their new system is defrauded.

So, fixing the system is, from the individual company’s point of view, all loss and no gain.