Dancing the Two-Step

With the recent Adobe security breach we should all be reminded how vulnerable our data really is in the hands of hundreds, sometimes thousands of data providers and online businesses. We are relying on others to keep our information safe and out of the hands of these bad guys. Going back 20 years, would you ever have thought to trust so much personal information to so many? Not me. It has almost become 2nd nature for us to hand over personal info without a  thought. It is a little scary to think how complacent we have become with not only our own personal information, but also our employer’s and client’s information.

I have the pleasure of being in great communities of investigators and security professionals, who for the most part will give you free advice that for many is invaluable. Most professional groups have some type of Listserve or online group through which they communicate. But, being a member of a Listserve can come at a price. Listserves are a convenient way for malware to be spread to thousands of people via one single email address. When one person is complacent and allows their email account to be hacked, it puts many of us at risk. Not to mention yours and your client’s data. What should be done?

There is something called Multi-Factor or Two-step authentication that has been around for years, but has just in the recent few become mainstream and widely available. Multi-factor authentication provides a second layer of security to online accounts in addition to your standard password. This 2nd layer could be a hardware device like Yubikey, or a 4 digit code that is sent to your cell phone. I use both. Multi-factor authentication is now available through most major online service providers such as; Google, Yahoo, MSN, Facebook, Twitter, PayPal, etc.

My question is…why not? It’s very much like your bank asking you for your telephone password in addition to your name or locking the deadbolt on your front door in addition to the handle lock. These two things have become acceptable to us, and so will securing your online accounts. We just need to place the same importance on those accounts as we do our homes and finances.

This Gizmodo article does a good job at getting you started: How to Enable Two-Factor Authentication on All Your Accounts

Stay safe and keep following those virtual breadcrumbs. ~ The Hi-Tech P.I.

A Virtual Ghost Town

When the sub-prime mortgage crisis hit the US in 2007, many people lost their homes, either due to financial issues with their mortgage, unpaid taxes or both. This naturally created abandoned real estate, or ghost towns. These empty properties continue to make nice neighborhoods look not-so-nice and in turn, drive down property values.

I am no financier, mortgage broker or salesman. I am an Internet investigator. So the real estate I deal with is not “real” at all, it is more like Virtual Estate. Lately, when I  walk around my neighborhood (the Internet), I increasingly find ugly, unkempt ‘Virtual Estate’ everywhere. You see, when sites like Geocities (of 80’s & 90’s fame), or more recently Myspace, discontinue proper upkeep of their websites, it creates an abundance of pages with broken links and improper formatting. This equals ugly.

Now until these slumlords of the Internet decide to fix-up or shut down their abandoned Virtual Estate, the task is left to the user.

The average user may not necessarily care that their old Myspace or Bebo profile lay in disarray. But the unsightliness of these webpages is not the only reason a person should close down unused profiles. The other is the big ‘P’, Privacy. You would not think it prudent to drop a copy of your driver’s license and credit card in envelopes all around town, would you? By leaving these abandoned profiles online, data is left open to not only investigators like myself, but also criminals. Think for a minute about how much data is stored in your online accounts (ex. Name, Address, Phone, E-mail, Secret Questions, etc.)

If you look at the extensive list of companies and their customers that were recently effected by data breaches, you will see just how susceptible we all really are. As Internet users, we need to be responsible, keep our lives somewhat private and be careful with whom we share our details. I personally do not accept friend requests on Facebook from those who I only consider acquaintances. After all, they are called ‘Friend’ requests for a reason. I also closed my Myspace account over a year ago, due to the same non-use as described above.

As an Internet investigator and privacy fanatic, I implore everyone to sit down and make a list of all websites they have ever created a profile or account with, then determine which ones are no longer in-use and start spring cleaning. Just go to the target website, where you will likely find instructions on how to close your account, which are usually searchable in the FAQ or Help sections.

For additional reference you may also utilize a helper website like www.deleteyouraccount.com, which assists in finding the instructions for you.

Now help make our Virtual World a nicer place in which to live and place that trash at the curb! ~The Hi-Tech P.I.