No subject


Tue Jun 21 04:55:03 PDT 2011 

keystroke-logging software to unscramble confidential email
messages. Investigations by Aliso Viejo, California-based eEye Digital
Security Inc suggest that Network Associates' PGP Desktop Security 7.0.4,
PGP Personal Security 7.0.3 and PGP Freeware 7.0.3 products are
susceptible.

For the rest of this article go to:
http://www.theregister.co.uk/content/55/26184.html
also - http://www.wired.com/news/technology/0,1282,53782,00.html

Security-news note: This is NOT a flaw in PGP itself, this is a flaw in 
the use of the PGP plugin by Outlook. To remedy this, de-install the
Outlook plugin for PGP and use a manual encrypt rather than the
auto-feature in Outlook.


*****
How To: Defensive Strategies - How to Limit WWW Search Exposure
by kendra at resist.ca
*****

There's this irritating language trend out there these days - which is
using the word "google" as a verb - as in - "I googled myself" or "I
googled my new partner to see what i could find out about them". 
Essentially what this means is to put yourself or another person's 
name into a search engine to see what turns up. The fact that "google" is
now being used as a verb like this speaks not only to the awesome
dominance that Google has in the search engine scene, but really to the
fact that the act of finding out information about individuals through
simple www search engines is remarkably commonplace these days.

If you haven't ever searched for data on yourself using your full name, I
suggest you go take a try at it right now.... If there's nothing out there
on you yet - excellent! It means you're either new to the web or just good
at covering your tracks. Most people who use the web regularly however
will find this is not the case.

It's surprising how much data comes back when you conduct a simple
search. This is data that not only may be of interest to a new partner or
an employer - but also the police or other investigators trying to analyze
your habits or those of the activist community.

A lot of online information about you may be out of your immediate
control, but there are ways to limit what others can find.

* It's good to periodically do Internet searches on your name and
regular email address to see what turns up. Use mutliple search engines,
since different engines catalogue different data. If there is information
that you prefer not to have publicly available, contact the site
owner. Search engine databases will typically reflect the changes within
six to eight weeks. 

* When making postings to the Internet, Usenet discussion groups or e-mail 
lists that archive messages, use a nickname or an alias rather than your
full name. You may want to post from an email address that is not
publically associated with your legal name. 

* Take steps to prevent a personal Web site or Weblog from being noted by 
the robotic programs that "crawl" and index the Web (for example, a family  
Web page that you want only friends and family members to  
see). Information on how to do that is available at
http://www.robotstxt.org

* If you sign a petition online, understand that the information could
become public and searchable on the Internet. Online petitions are largely
ineffective anyway, so there's not much reason to be signing them with
your legal name.

* If you want to put personal photos on the Internet, consider using an
online photo service that can "share" photos with families and friends 
using a password but are not indexed for search engines.

* If you are handling information or photographs that involve other
people - GET THEIR PERMISSION FIRST.  

* Remember that e-mail sent in confidence can be forwarded, intentionally 
or inadvertently, and even wind up on the Web. If you want to protect
yourself from email forwarding - USE PGP and the Secure Viewer option when
encrypting your mail. For more information on PGP and how to use it -
check out http://security.tao.ca

For more on this topic: 
http://www.nytimes.com/2002/07/25/technology/circuits/25GOOG.html?todayshead

***************************************************************
Security-news <security-news at resist.ca>
Good security is no substitute for good sense!
To unsub go to http://resist.ca/mailman/listinfo/security-news
***************************************************************

More information about the security-news mailing list