I recently saw a post on Twitter where someone extolled their love for the password manager software they use. They also mentioned the information that was stored in it, the type of information that is the secret sauce to a person’s identity: user names, passwords and banking information.
While I think the use of password management software isn’t entirely a bad idea (as long as you have other defenses in place), I do believe it’s a bad idea announcing WHAT YOU USE to store the recipe for your secret sauce, particularly when it’s on a social networking website, for everyone to see. That’s akin to announcing to the whole world the name and model number of the safe I use at home, what’s stored inside and where it is. But I’m still using a safe, so I’m secure right? No!
Posting critical information like that to a social networking website will make you a likelier target for hackers. It will be easy for them to build a profile of people based on their blog, Twitter and Facebook accounts, then plan a social engineering attack. The attack may come in the form of gaining your trust, then sending you a malicious file for you to execute. A general search of 1Password or Keepass on Twitter, will show you lots of users who are using the software.
While the secret sauce maybe encrypted, if a computer is infected with a trojan horse that has key logging features, the encryption no longer protects you and it becomes a moot point. If you don’t keep your operating system up to date, use anti-virus and a firewall that just makes you even more susceptible to your secret sauce being revealed.
The other question to ask yourself is, where do you store this information? Is that encrypted file on a laptop or desktop? What if the laptop is lost or stolen? Hopefully there is a back up. And a back up of that back up.
Rule of thumb: The more information you reveal about your computer’s defenses, the more vulnerable you become.
What concerns me, is how easily this lack of knowledge is spread via Twitter, and it will give people who aren’t as technically savvy, the wrong idea. I can guarante a lot of people will try out the password manager but forget to do everything else, like update their browser, anti-virus, operating system and install a firewall. If that’s the case, they will have all their eggs in one basket, and be ripe for the picking.
Has Your ATM Card Been Skimmed Before? This Is How It’s Done!
Information security is important even when you aren’t in front of your own computer or using your smart phone.
Remember, ATMs are computers as well, except you have no control over them.
In the video you’ll see a before and after picture of the ATM. Notice any differences?
When you are out and about, always try to use an ATM that is owned by an established bank and not the random machines you see in convenience stores etc. Try to be familiar with the location of the ATM as well.
You should really use your own bank’s ATM machines, so you avoid the unnecessary charges.
The video comes from the US version of the show ‘Real Hustle’, as it originally started out in the UK, much like many other TV shows.
Keep in mind, its not just ATM machines that are compromised. ATM pin pads are also affected by thieves attaching a device that is connected to the pin pad, reading all of the pertinent information as you enter it.