Thu, 06 May 2010
Computer Insecurity ... A Postscript

As a postscript to the last post ... well known author and journalist Cory Doctorow notes how he was phished recently i.e. fooled into entering his login details to a fake web site ...

As he points out ... can happen to anyone. And the main reason I do not click on URL shorteners! You don't know where they link to.

Wed, 05 May 2010
How I Stopped Worrying About Computer Security

Only kidding ...

Generally, I'm pretty pessimistic about computer security. I think that, on the whole, it's impossible to fully "secure" a computer from local or network attacks, even for a computer professional. You can mitigate the risks but not eliminate them. I think that anyone and everyone is at risk to some degree, whatever level of knowledge and experience, and whether using Linux, OpenBSD, Windows or Mac OSX. People using Unix should not assume they are are safe.

A recent article in The Boston Globe called Please do not change your password says that security advice is not only confusing to the average computer user but that it's often a waste of time.

The "triumphirate" helps of course :

  • Running anti-virus software (or multiples of)
  • Keeping things up to date with vendor patches (OS and applications)
  • Using strong passwords

But what else? We have direct threats from links in emails, crafted PDF files, malicious web sites and web sites normally trustworthy but hacked to infect you with bad software. Taking part in the distribution of SPAM is one (bad) thing, but having your bank details and credit card information exposed via a keylogger is quite another.

And accessing your online banking account?

I'm far too paranoid to do any online banking using a Microsoft Windows based computer. Mitigate the risk somewhat and use something else ... as some people have started to mention, a Linux Live CD might be a good way to make your internet banking more secure.

Bottom-line: Don't do banking using Microsoft Windows!