10 Don’ts Foreword author @tomjelneck on @Fox35Orlando

In recognition of Data Privacy Day, “10 Don’ts” foreword author Tom Jelneck appeared on Fox35’s “Good Day Orlando” program about ways to keep your data safe from hackers and other thieves.  You can watch the video via the link below — we are especially grateful to Tom for plugging the book on live TV!!

Direct Link: http://www.fox35orlando.com/good-day/83032189-video

SSV Program Audio now available (@cvillepodcast)

The audio from the October 14 meeting of the Senior Statesman of Virginia, focusing on Internet Security, is now available through the Charlottesville Podcast Network.  10 Don’ts author Eric Rzeszut was one of two featured speakers.

Senior Statesmen of Virginia: Internet Security

Seniors Learn About Cybersecurity (@newsplex)

10 Don’ts author Eric Rzeszut was invited to speak to the Senior Statesman of Virginia at their monthly meeting on October 14.  In recognition of Cybersecurity Awareness Month, the program focused on Internet security.  Eric gave a presentation based on selected chapters from the book, entitled “Five Lessons from ’10 Don’ts’: Keeping your Digital Life Safe and Private.”

Full Story: Newsplex

Obama Won’t Seek Access to Encrypted User Data (@nytimes)

In Chapter 6 of 10 Don’ts, “Don’t Let the Snoops In,” we discuss ways that the average user can protect their data from government and corporate spies.  Tech companies like Google and Apple have recently cooperated in that effort, adding encryption protocols to their devices.  More importantly, these companies (particularly Apple) have made it clear that they do NOT hold the decryption keys to unlock their devices.  So if a user refuses to decrypt his/her device for law enforcement, Apple cannot be compelled to do so — and indeed, would be unable to do so.

Federal agencies like the FBI and local law enforcement groups have argued that this makes it easy for criminals to hide data.  Apple, and many security experts, have countered by saying it is impossible to insert a “back door” available only to law enforcement.  Any weak link in the security chain — even if designed only for legitimate use — could potentially be exploited by thieves, unfriendly nation-states, and the everyday basement hacker.

The Obama Administration has now reached that same conclusion:

The Obama administration has backed down in its bitter dispute with Silicon Valley over the encryption of data on iPhones and other digital devices, concluding that it is not possible to give American law enforcement and intelligence agencies access to that information without also creating an opening that China, Russia, cybercriminals and terrorists could exploit.

Full story: The New York Times

Ed Snowden joins Twitter, follows only the NSA (@arstechnica)

In chapter 6 of 10 Don’ts, “Don’t Let the Snoops In,” we discuss in great detail NSA whistleblower Edward Snowden and the documents he released into the public domain.

The former spy, living in exile in Russia, currently only follows one other Twitter account — the NSA’s.  But Snowden has quickly amassed over 1.1 million followers of his own, from all over the world — as shown in this animated GIF released by Twitter:

The @Snowden account carries a blue check mark, indicating that his identity has been verified by Twitter. His only substantive conversation so far has been with Neil deGrasse Tyson, the astrophysicist and all-around science-communicator-guy, who recently interviewed Snowden on his show Star Talk Radio.

Full story: Ars Technica

Designing IT Guidelines for Global Travel, EDUCAUSE Review

10 Don’ts author Eric Rzeszut and Bryan Lewis (both of the University of Virginia’s McIntire School of Commerce) have published a new article in EDUCAUSE Review.  Entitled “Designing IT Guidelines for Global Travel,” the article points out the info security risks inherent in international travel for academics.  The article also offers guidelines on how faculty, staff, and students can better protect their devices and their data, as well as a discussion of the legal ramifications from US and foreign perspectives.

“Global programs present a unique challenge for most universities. In addition to the educational experience, global program coordinators take on the responsibilities of student health and safety while shuttling students across time zones and countries. With the major logistical effort required to transport students around the world for academic pursuits, technology concerns can be an afterthought. By working closely with travel coordinators, IT departments can ensure that all parties are in compliance with operational, security as well as legal requirements as they travel in foreign lands.”

Designing IT Guidelines for Global Travel

Why the Hell Is Windows 10 Sharing My Wifi Passwords? (@gizmodo)

Without the profanity, we discussed Microsoft’s new Wi-fi Sense “feature” in chapter 7 (“Don’t Be Careless with Your Phone”) of 10 Don’ts.  We called it a “potentially enormous security risk,” and Gizmodo would seem to agree:

“Look, Microsoft. Just because I am Facebook friends with someone, doesn’t mean I want to share my wifi passwords with them.

[…]

I’m not really complaining about the existence of the feature in the first place — I can see how it could be helpful, if you’re a non-data-plan-having tween hopping between various wifi-enabled basements. It’s the fact that Wi-Fi Sense is enabled by default, and most people will never know that it’s there.”

Full story: Gizmodo

Sign Up at irs.gov Before Crooks Do It For You (@briankrebs)

If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process.

Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his most recent tax transcript with the Internal Revenue Service (IRS). Kasper said he sought the transcript after trying to file his taxes through the desktop version of TurboTax, and being informed by TurboTax that the IRS had rejected the request because his return had already been filed.

Full story: Krebs on Security