To the law people out there: I work for a small company that recently signed up with a new health insurance company. For various reasons I declined the coverage, but I am getting bombarded by requests for personal information. Here's the actual latest message that I received after I informed them that I do not wish to participate: Hi C13, For any employees at Small Company to get health insurance, you need to complete your application. All employees must complete an application, regardless of whether accepting or waiving coverage. [more inside]
I need to put the fear of God into some foolish, negligent users. I'm looking for examples of organizations that were hit with some kind of horrible malware (like CryptoLocker) or had sensitive data stolen -- all because of a really stupid action by an employee. [more inside]
For at least the immediate future I'll need pass through security in a federal courthouse without the benefit of employee ID, which means going through a metal detector. I need a durable, metal-free belt (leather or otherwise) that fits standard 35mm belt loops and looks reasonably presentable in a casual-end-of-business-casual environment. Thanks!
A stranger's Facebook Ads account was somehow connected to my personal Facebook profile. How do I disconnect it? [more inside]
I'm worried I've done something deeply stupid and potentially made my PC vulnerable. Full details below the fold. [more inside]
My MacBook Pro was stolen last night. The disk was encrypted with FileVault and the login passwords were non trivial (good enough for petty thieves though probably not hackers skilled in the art). I told iCloud to lock it down and erase it on first contact. Will the thief and his friends be able to do anything with this machine, or is it just a paperweight at this point? [more inside]
First world problem: Went to go pack for Holiday flight today. Opened an order I placed from Macy's.com and somebody left the hard tag sensor on it... sigh. I don't have time to take skirt and receipt into the store before flight. Can I pack this in my bag I'm checking so I can bring it into Macy's when I get there? Or do you think it will set off some kind of security thing when they scan it? I'm overthinking, as usual! Pic attached [more inside]
We've had at least two instances of people who are not supposed to be in the apartment building being in the building since we moved in July. One in late October; one yesterday/today. I don't know what, if anything, I need to be doing right now, both from a perspective of "I like my apartment building being secure" and a mental health perspective. So many words inside because what do I do, oh god. [more inside]
Like many people, I've accumulated a stash of documents that are important to me and my family in some way (deeds, birth certificates, marriage certificate, passports) and some are difficult/impossible to replace (immigration paperwork, ancestral information). Right now they all sit in a plastic Tupperware box on the bottom shelf of an IKEA bookshelf. I was thinking that maybe they should be a little better secured. Is a safety deposit box the right answer or a safe? I'm having a hard time choosing. [more inside]
I downloaded gmailnotifier from gmailnotifier.com and setting it up, it requested my password. Obviously it needs this information but how can I be sure that it won't abuse it? How do you know what software to trust? [more inside]
I have a database table with sensitive (read as personal, non-financial) information inside our office locked-down network that I need to expose to users on a website. What's the best way for me to expose this data without exposing us to unnecessary risk? [more inside]
Next Thursday I have a 515a flight (on American née US Air, so Terminal 1 is my point of departure) out of MSP. Assuming I'll go through security at around 400-415, it seems silly to stay at a hotel the night before. The airport is open 24 hours. What I'm curious about is if I can I go through security around midnight and try to catch a few ZZZs in the terminal? If not, can I sleep safely outside of security, or will local law enforcement tell me to move along? [more inside]
Are you a big scaredy cat? Do you live in a house with lots of vulnerabilities anyways, and manage to sleep at night? How did you do it? Please hope me. [more inside]
I was informed by the CIO that an email that I sent out of OWA from Safari, OSX Mavericks had dodgy source code attached. See a text file of source code. [more inside]
I'm going to be traveling a fair amount over the holidays which means I'll likely be on public WiFi a lot more than usual, and with all of the various security and privacy issues that have popped up in the news recently, I figure the time is ripe to figure out a VPN strategy (since not everything I do is over SSL/HTTPS). [more inside]
I used to use Truecrypt to encrypt little enclosures so I wouldn't have to worry about my files so much when I, say, put them on a USB stick or backed them up to the cloud. There was a whole... thing with Truecrypt and now it's hard to say if I should use it anymore. Is there another program that's going to work well for this purpose? [more inside]
Thinking ahead to my eventual retirement, I phoned Sallie Mae earlier this year, and spoke with a rep who was easy to chat with, and seemed well-informed and helpful. I asked her if there was any sort of discount or other concession made for student loan payments once the debtor retired and began drawing Social Security. Her answer was that, good news, once I provide Sallie Mae with documentary evidence that I am drawing Social Security, the balance of my loans would be waived. [more inside]
Trying to understand what IT is doing with my workstation right now. Near-constant prompts to log in to Outlook (I am already logged in) and suddenly, for the first time, most websites (but oddly, not social media) are being blocked with EdgeWave iPrism. What's going on, and should I worry? Details inside. [more inside]
I got a new job (cool!) but have to turn in my MacBook Air from old job (oh well). Since I also used as my primary laptop for personal stuff, like banking and Facebook, it also has a ton of personal data on it. (I plan to buy my own laptop for next job. And no, I did not look at naughty stuff on it -- I do have a tablet.) The company wants the programs already installed left on the computer, which is reasonable -- so leave Photoshop and Word installed -- but I want to clear off any personal data. Is there a good way to scrub an Apple computer while leaving programs behind? Right now you could go to Twitter on my browser and log into my personal account without a problem. (I realize I can just Clear History on browsers, but also looking for deeper scrub, such as WiFi passwords and stuff on keychains).
One of many painful aspects to the James Foley tragedy is that the US attempted rescue, but was in error as to the location of the hostages. I wonder - is there not some geolocating device, maybe even a microchip, that could be required for journalists and tourists/hikers entering a war zone? I can understand that it would be an intolerable risk for soldiers and spies, but Foley was leaving an Internet café when he was abducted - not trying to live a hidden life.
So I recently completed a project, and was sharing the news with people on Facebook - but Facebook blocked the link to my website because it was apparently on some spammy/malware blacklist. I did some investigation, and my site comes up clean on every security scan thing I tried, except McAfee SiteAdvisor. It seems likely that it's a false positive, possibly due to my shared hosting. If there's a legitimate security issue, though, I'd like to find out what it is so I can fix it - but I don't know how I can do that. [more inside]
Recently I noticed a lot of controversy about whether Truecrypt is secure or not. It looks like their webpage is raising concerns about it, even to the point of suggesting that people migrate their data away from it. Arstechnica and others are following the story. What's going on? Might this be a hoax? Are truecrypt encrypted flashdrives not safe? If not, what level of security do they provide, if any? What would be a good alternative if we are to migrate away as quickly as possible?
My apartment building was sold in the past 6 months. The new owners have been completely gutting and renovating units as people have moved out; the work is going on for months. I'm planning to move out at the end of the month and wondering how much I need to worry about cleaning or repairing any minor damage if they're just going to do the same thing to my unit. Additionally, if they do charge me for any damages do I have any recourse to argue that they shouldn't have because they weren't preserving whatever it was any way? Obviously not expecting any binding legal advice on this, more curious if anyone has had similar experiences or any pointers to share.
My mother still gets her bank statements by paper mail. Her latest one failed to be delivered for 2 weeks now, and she verified the bank mailed it, so we assume it was delivered by the mail carrier to the wrong address, or dropped, or something. Nothing has happened yet, but it seems best to guard against the worst-case scenario, namely that someone else now has her home address, bank address, all account numbers (including retirement accounts), possibly other identifying information, and has the willingness to exploit it. What are the prudent steps we should take? [more inside]
I tried to install linux on a win8 laptop and failed although I tried everything to disable UEFI and security boot options in Bios. So I think there is no solution to install Linux on certain win8 Laptops. But someone told me of course I can install Linux on any win8 laptops by using virtualbox. So I'm wondering why can it be done? How exactly is virtualbox/virtual machine works for this issue? can anybody explain this to me in a easy to understand way? Thanks very much.
Are terms and conditions, disclosed after sale, legitimate? What if the associated item is a gift? [more inside]
I'm developing a website where people try to be click number X (sort of like radio call-in contests) to win a prize, and am looking for advice on ways to make it harder for someone to cheat. [more inside]
Car was broken into last night, and again I wondered why I can't seem to find a small HD camera and DVR combo that can be hidden in my car. [more inside]
I am a first time city apartment dweller, and don't have a clue on how/when to use my door buzzer. What is okay, what isn't, and yes, I am over thinking this, but it is bugging the hell out of me because I am already overstressed. [more inside]
I am about to buy some bluetooth speakers to be used in conjunction with a Windows computer and Itunes. I have heard vague rumblings to the effect that bluetooth has security issues that regular wifi devices do not. Ordinarily, I would buy wifi speakers but the few I can find are awfully damned pricey. Would I be putting myself at risk of compromising my computer's security if I set up a pair or two of bluetooth speakers in my apartment? In general, are there any bluetooth security issues I should be aware of, as a new user of this technology? Many thanks for your time.
Microsoft Security Essentials Missing From System Tray. [more inside]
We're going to Vegas in 3 weeks and I want to be able to spend my days walking around without having a purse always looped over my shoulder. My clothes don't have pockets. Fanny packs are the work of Satan. Is it a terrible idea to keep my often accessed stuff (cash, credit cards) in my bra and more important stuff (like health insurance card, driver's licence, etc) hidden in my panties? What should I do with my phone (that is also my camera)? [more inside]
My Dad received a spam email purporting to be from his email provider (BT Yahoo, fwiw) asking him to verify his account. In a moment of utter stupidity, I fell for the scam and entered his email password into a bogus website (I know, I know: STUPID). I was using his iPad at the time, and a ransomware website opened in safari, however the browser didn't lock, and I was able to close it straight away. I immediately logged into his email account and successfully changed his password to something completely different. Google tells me that there is currently no ransomware which can successfully hijack Apple devices, which my experience seems to bear out. I am a bit worried about the risk that I've accidentally compromised his email, though. Is there anything else I should do beyond what I've already done, ie changing the password? Should I contact BT Yahoo about it?
At my place of employment, I have been charged with physically securing our two servers. The decision has been made to bolt them to the concrete floor in a cage. I don't know how to shop for a server rack. We have an old one that they're on now, but it's an open rack, without sides or locks. I need one that's more of a cage, to keep people without the key out. It'll have to fit at least 8U worth of servers, and also accommodate a midsized tower somehow, and be 1000mm deep minimum. How do I shop for this? I can't find any information on whether any of the racks I'm looking at are bolt downable.
I read online that the director did a lot of research and consulted with military experts on how an actual terrorist siege on the white house could work. Of course, he also said that white house security experts have already planned for such an attack. I'm curious what would have been done differently in real life by the white house and DC security?
I am looking into alternatives to Windows EFS to protect sensitive data on a Linux web server. I know practically nothing about EFS, but I get the impression that the files are effectively plain-text if you are logged into the Windows machine as the user who owns the files, so the same level of "encryption" exists in a Linux environment if the files have only read/write perms for file owner and no perms for anybody else. My colleague says "No, it is not the same level of security" but doesn't provide any further info regarding how/why it's different. What am I missing here? [more inside]
Please help me translate the phrase, "Something that you bought at another store has not been cleared. I can fix that for you. Thank you." [more inside]
This has happened twice now, and it is freaky. Google chrome on the iMac I use in my office at work (at a university) will have usernames and passwords for people who have never been in my office ever. The first time it happened it was my father's email, and the second time it was my stepmother's. Why would chrome be filling in these odd emails when it doesn't even save my own login information after closing the browser window? [more inside]
Strangers from adjoining neighborhoods have created a path on private land behind my house. What are some ways I can stop them? [more inside]
Open source software is considered trustworthy because anyone can validate the source code and hold the developer accountable. Usually developers will also make compiled binaries available for convenience. How can we know that these binaries are compiled from the same source code the developer published, and not a malicious variant of it? [more inside]
With email and website passwords, are successful "brute force" attacks still common, where an automated bot tries thousands and thousands of passwords on the same user account until one works? [more inside]
I need to retrieve the SSID of a wifi network that is not in range from either an iPhone or an old hard drive. [more inside]
Help me name my new product, which combines the functionality of popular existing apps, but is specialized with high-security features. [more inside]
I'd like my security deposit back, please. [more inside]
I was checking the security setting on my gmail account this AM and was alarmed to see that govtrack.us had somehow been granted " granted the following services access to your Google Account". Especially concerning since i had never seen that site, or even heard of it. What gives?
I found several "favourited" videos in my YouTube account that were definitely not my or my partner's doing. What could have happened? Was I hacked? [more inside]
Please help me understand the difference (or non-difference) in safety for Firefox vs. Chrome browser extensions (plugins/add-ons). [more inside]
Apparently, I didn't keep the answers to my iTunes security authorization questions. I think I can guess my answers with a few more tries, but I might get locked out before I get there. Will the wrong answer count reset back to zero after a wait time? Meaning, can I try again tomorrow, or will I still get locked out? [more inside]
Secure VPN for a novice? [more inside]
New IPad - very computer savvy - do I need to worry about security on my new IPad? I check my banking accounts everyday on my laptop and would like to use my IPad for this. Is there additional security needed (to download) or am I good to go?