Security for Dummies

This extremely short post appeared following a meeting with a decision maker of a potential client. During the conversation I realized that this highly respected and well paid top manager knows nothing. He does not understand a single word in a sphere of his duties and should-be knowledge.
Dear vendors, developers and manufacturers, dealers, resellers and agents! Please educate your clients! Even though the deeper understanding can block or cancel the deal, it is much better working with a client that understands. It can save your company a fortune on support calls. Educated client knows what he is looking for. Maybe it is not your product. Maybe he does not need your solution at all. Face it.
Yes you can try to sell something that the client is not looking for. You may use terms that sound nice and attractive to ignorant ear, terms that are very popular but have nothing to do with your product. Be honest with yourselves.
I did not close the deal. I care about my company's reputation. Maybe later, when this client will stop using terms of “digital signature”, “active directory”, ”VPN”, “RSA”, “minutiae”, “templates” and other “magic” words not related to his needs, I will talk to him once again. Not now.

Maybe I am wrong. Maybe I shall not refuse selling to idiots. What do you think?

Yes, we have lots of passwords - bank accounts, e-mails, computers, domains, instant messengers, you name it - and we need them all. We may forget them and we do. I am not talking about those who have only one password for all, they are just not aware of risks. Regular PC user needs at least 10 passwords. It is even more important to those who travel a lot, either for pleasure or on business.
I think that we all agree that we need a Password Manager. The only question is which one to chose.
What to Look for in Password Management Software
Password management software should be easy to use and useful to the most inexperienced computer user. It should also be secure enough to keep hackers out and passwords safe. These are the criteria that one shall consider when selecting a best suitable solution for his money:
Read the full story here

When saying “biometrics” I am not thinking about law enforcement, AFIS systems, national ID and visa projects. I first think about personal solutions that will make my life easier. I can tell you what do I seek in biometric devices:
• I want biometric device to fill my passwords instead of me.
• I want it to encrypt files for me.
• I want it to protect my computer.
• I want it to be small and portable.
• I want it to work without drivers on any PC
There are more “I want” and most of them are answered here. But this is my personal passion. I would like to hear your opinion.

Do you need biometrics? Why?
What features are you expecting to get with biometric devices?
What will make you purchase such device?
Please answer in comments.

PS. My last post on this item somehow disappeared together with comments. Please, post your comment again if you already did. Thank you.

There are much more than 5, but I will start with these main points:

1. You are human... never mind, no one is perfect.
2. We live in modern world with its cons and pros
3. We live in the era of globalization, just admit it
4. We live in the era of internet, Do you understand what this means?
5. There are bad guys there in the web, beware

I am sure you've got the point. But to make it clearer:
1. You are human, aren’t you?
You may forget anything, - your keys, your eyeglasses, your documents and your wallet. You DO forget your passwords. And even if you do remember your password, you can mistype it. “To err is human”. If you type it wrong several times – your account is blocked, and you have to ask administrator to reset it. And how often are you required to change your password to your bank account, web access, corporate VPN, etc? You wish there were no passwords at all. Just open the webpage and you are in.
2. We live in 21st century, aren’t we?
We have MANY accounts. We are using computers. We are working hard in the web. Therefore we have LOTS of passwords to remember. But we are still humans after all. And we do forget. Do you want to bet that you cannot remember 5 strings in a row? Just give it a try. Please remember the following:
Yes, maybe YOU can remember these 5 passwords. Then you are a genius and maybe this reason will not urge you to use our products, but let us look to the next reason.
3. We live in the era of globalization.
You can find yourself tomorrow in Milano, drinking a tiny cup of strong espresso in the internet café on the Via Cosro Porto di Romano and trying to type your password for your Gmail account, but… you cannot find necessary letters, symbols are in the wrong place and the whole keyboard is somehow different… What a mess! And the very next day you appear in Russian beautiful city of Snt. Petersburg and find out that the keyboard is Cyrillic. You wish you could enter your password automatically, just like that - open the webpage and you are in, but at the moment you even do not know how to switch a keyboard to Latin layout. Ha?!
4. We live in the era of the Internet.
We keep information there. We purchase goods and services. We look for a partner or a spouse. We watch movies, we listen to music. We… Everywhere we go there in the web we need to prove our identity (the same username/password). Someone can guess it. Someone can spy it. Someone can get access to our money, documents, entire life. We are exposed to risks! Oh, my god!
What is even more alarming -
5. There are bad guys in the web.
Do you know what identity theft is? Did you ever receive some message from your bank that was never sent? Did you ever get an e-mail, requiring resetting password to your account? These messages are called phishing. If you ever followed their instructions – you’ve lost something. You’ve lost money or information or something even more valuable, like identity. Identity is not virginity, you never enjoy loosing it!
Read more HERE

Yesterday article in PCWorld with reference to the Ponemon Institute survey claims close to 637,000 laptops lost in large US airports each year.
The figure itself is amazing. But travelers’ attitude is more surprising. About 77 percent of people surveyed said they had no hope of recovering a lost laptop. Therefore, they even did not claim the lost laptop. About 53 percent said that laptops contain confidential company information, with 65 percent taking no steps to protect the information.
What these figures say?
1. 53% of 637,000 = 337,610 laptops with confidential information lost each year
2. 65% of 337,610 = 219,446 unprotected laptops with confidential information lost
According to the earlier survey of the same Ponemon Institute the average cost of compromised record in 2006 was $182. I can assume that nowadays it is much higher about $250/record.
3. Assuming that each laptop has only 1 confidential record, direct annual damage is $54,861,625

Laptop theft is fairly prevalent in the U.S., said Mike Spinney, a spokesman for Ponemon Institute. In a study conducted by the institute, 76 percent of companies surveyed reported losing one or more laptops each year, of which 22 percent were due to theft or other criminal mischief. Many people are ashamed of reporting lost laptops as they leave them where they shouldn't be, Spinney said.

Let us compare it to the cost of simple measures for data protection:
1. Encryption of disk - $45 per laptop with software solution or
2. Encryption of disk - $115 per hardware key
3. Dell Laptop tracking and recovery – 1st year free, including
a. Combat Theft – Absolute’s recovery team partners with law enforcement to track and recover your laptop
b. Protect Data – Capability to delete valuable corporate data from the stolen system
c. Track Your PCs – Manage software licenses, equipment leases, machine configurations and usage with remote monitoring capabilities.

What about your laptop?
Is it protected?
Do you keep confidential info on your hard disk?
Do you encrypt?