NR Lab

Keep your e-mail on the down-low

www.nrlab.com — Tue, 02 Nov 2010 05:50:42 +0000

When your business requires you to send important documents via e-mail, you should be positive that they are as secure as possible. This can be achieved with e-mail encryption software or secure connection web-mail. EPIC, a public interest research center in D.C., features several of these programs in their “Online Guide to Practical Privacy Tools,” which can be found at http://epic.org/privacy/tools.html.One of the easiest to use is CryptoAnywhere. This program can fit on a USB drive and can be accessed without installing the software on your workstation. It will encrypt your e-mail and hide it from prying eyes, making sure only you and your intended recipient see the goods. There’s nothing to be ashamed about in being cautious, and the best part is the recipient doesn’t need to have CryptoAnywhere himself. You can download a demo version (without revealing any personal information) at developer ByteFusion’s website.Hushmail is an alternative that allows you to create your own e-mail address on their servers. Your messages are automatically encrypted and received messages are scanned for spam and viruses. While not effective for companies with their own e-mail servers, Hushmail (as well as S-Mail and KeptPrivate) is a great choice for students graduating from collegeor anyone else in need of a secure new e-mail address.You can see all of these programs and more at EPIC’s “Online Guide,” along with other tools such as HTML filters and Cookie Busters.

Hackers with their hand in the cookie jar

www.nrlab.com — Fri, 29 Oct 2010 14:27:19 +0000

HTTP cookies were never intended to be invasions of privacy. They were simply markers used by website developers to make users’ lives easier, by storing regularly-entered information or past history on the site. As always, though, the road to hell is paved with good intentions, and in this case it’s easy to see how stored user information could lead to problems.One of the problems with cookies is that they can be tied to user’s public profiles online at social networking sites. Another is that users are not informed when a cookie is stored. Hackers have come up with ways to access these cookies, which the user is unaware of, through cross-site scripting attacks. These attacks inject malicious code into web pages in order to bypass the intended security controls.An easy solution is to disable cookiesa feature included in all major web browsersbut this limits normal functionality on a number of sites. Another solution is to regularly delete cookies, which can also be done through the browser itself. The third option, however, requires an external program referred to as a “wrapper,” which redirects cookies and their associated data to another location. Users should be aware that these programs do not block Flash cookies, or Local Shared Objects. Adobe Flash Player uses these to store information, but most browsers do not offer options to disable these. They can be affected with specially-targeted add-ons, though.

By the numbers: current perspectives on social networking privacy

www.nrlab.com — Sun, 24 Oct 2010 10:25:28 +0000

How safe are kids (and parents) when it comes to their privacy on social networks? Very, in their own opinion. Truste (a privacy certification and compliance company that includes Facebook as a client) recently commissioned a survey of parents and teens on social networking privacy. They came up with some interesting sound bites:

80 of parents and 78 of teens feel that they are in control of private information on social networking sites
84 of parents believe their teen is responsible with their personal info online
95 of parents and 86 of teens on social networking sites use Facebook
86 of parents are friends with their children and 84 have a good idea of how much time teens spend on social networks
80 of parents think their kids have a picture posted; 82 of teen users have a picture posted
55 of parents and 60 of teens at least sometimes use privacy controls
89 of parents believe social networking sites should have default settings for users 13-17
68 of teens have accepted friend requests from people they don’t know
8 of teens accept all friend requests

View the full survey in PDF format at http://safekids.com/documents/truste_survey.pdf.

Breaking news in Internet privacy

www.nrlab.com — Wed, 20 Oct 2010 15:17:01 +0000

Internet privacy doesn’t always refer to encryption and malware. Sometimes it can be as simple as knowing that your anonymous profile online is protected. However, as some people have used their anonymity to bully others (as seen in many recent news stories), lawmakers have had to re-think how far this privacy extends. On October 15, a judge in New York ordered Google to reveal the identity of the troll who called ex-model Carla Franklin a “whore” on YouTube (remember, Google purchased YouTube for 1.65 billion in 2006).Once Franklin knows the identity of her commenter, she will be able to sue him (or her) for damages. Google has already complied in a similar 2009 case regarding model Liskula Cohen. However, this new ruling reveals that the previous one was not a fluke. Online anonymity may soon have to redefine its boundaries, as the law reveals that it can reach previously-hidden corners.