[extropy-chat] Privacy, Security?? Don't make me laugh.

[BillK]

Security people are increasingly concerned with computer security 
problems. Unfortunately they have lost the battle. The general public 
now has the technology, but has no time for security or privacy worries.


Nine out of ten computers connected to the internet are infested with
viruses and spyware. The general public STILL click on email attachments,
give their data to phishing sites and respond to spam offers. They don't
install software patches and forget to update their antivirus and
spyware defences (if they have any installed at all, that is).
Thousands upon thousands of zombie pcs are available to use for any
purpose you want - and the owners don't even know.

Open your laptop at any WiFi hotspot, or indeed, pretty much anywhere
these days, and your helpful software will immediately tell you what
networks are freely available around you. Most users leave
their laptops with the default security settings, so you will also see
a list of computers ready and willing to connect to you and let you
browse through anything on their hard disk. In a hotel room, for
example, your notebook will automatically connect you to the strongest
wireless signal it finds – which will often be owned by the guest in a
room somewhere nearby, and you might well be able to wander
unrestricted through their hard drive.

At any security conference, a speaker on the platform can open his
laptop, and using perfectly standard software start displaying data
from unprotected laptops in the audience on the screen. Just open
Network Neighbourhood in Windows and begin poking around wide-open
notebooks.

Most of the public risk their company's security by carrying an
unsecured PDA like a Pocket PC or Palm PC. Remember, most of these
devices automatically synchronize their contents with the desktop back
at the office. That data frequently consists of confidential contacts,
records of meetings, budget spreadsheets, and more. Although it's
simple to lock these PDAs with a password, very few people bother.

When someone reports a laptop, PDA or mobile phone has been lost or
stolen, you can guarantee that nothing was password protected or
encrypted. All the data is available to the new owner.

What about mobile phone users, shouting confidential data across the
airport departure lounge?

See: <http://networks.silicon.com/mobile/0,39024665,39125551,00.htm>

Quote:
Companies are spending a fortune on computer security whilst
neglecting the biggest hole in the bucket - the fallibility and
stupidity of their people. Individuals tend to be paranoid about their
private lives and information but shout it out as loud as can be on a
mobile call in a crowded place.

One of my favourite and recurring tricks whilst travelling is to pick
up people's banking details and give it to them written on the back of
my business card. I can generally get the bank branch and sort code
with ease. And for credit cards it is mostly the whole nine yards:
name, number, expiry and start date, plus security number. Home
address, phone numbers and email address are often thrown in for good
luck too. All I have to do is sit and listen.

People's reaction to this is always outrage, as if I was a thief, as
if I had committed a crime. But, I respond, they shouted, I could not
help hearing and at least I am giving them good warning to be more
careful in future. I just wonder if they modify their behaviour as a
result.

End quote.


Security, Privacy? Give up the struggle. The public has won. The
battle is lost.

The public is embracing the open society with open arms and delighting
in their new toys. Unfortunately the bad guys are also taking
advantage of the open doors. In future the mixture of good and bad
usage will only get worse as the capabilities increase.

The only feasible option is to try and protect yourself as best you
can from all the chaos and disruption swirling around you.

BillK