Real life test of Internet banking security

I have just read with some interest and quiet amusement that UK TV presenter, author and newspaper columnist Jeremy Clarkson has lost money after publishing his bank account details in the UK national press.  Story goes that he was commenting on the loss of 25 million people’s data on two government CDs which had gone missing, here, apparently writing that:

“All you’ll be able to do with them is put money into my account. Not take it out. Honestly, I’ve never known such a palaver about nothing,” he told readers.

So, he published is own account details and how to find his address.

What happened?

Well, someone has since opened a direct debit for £500 from his account and into the account of the charity, Diabetes UK.  Seems the bank can’t tell him who did it due to the Data Protection Act and cannot prevent it happening again.

My quiet amassment is not that it happened to him but that someone followed this through and highlighted what can happen when you are haphazard with personal details and set yourself up for a fall.  Whether this was a direct result of an anonymous reader getting hold of the details or a close friend “playing a joke” the punishment is fitting. 

Good charitable cause, I hope the direct debit stays !!!

Original BBC report.

Test Shows 41% Of Facebook Users Expose Themselves To Strangers

However interesting this post is about the ease at which some people will part with personal information in the social networking community of Facebook (and no doubt alternative sites) the title alone is worth a mention  😀

Official Vista “performance” and “compatibility” packs released

Microsoft still isn’t commenting on when a beta of Service Pack 1 for Vista will be officially released, but the company has posted two updates that are expected to be part of that final package: the “performance and reliability” update and the “compatibility and reliability” update. These are official releases.

Among other things the Explorer file transfer slowness has been fixed as has hibernate/sleep (well, for some laptops), and a load of video card support issues have been sorted (I will try these on my Dell D810 and let you know).

See KB 938979 (memory performance) and KB 938194 (the one which *finally* lets you play games  😉 )

While this isn’t beta software, you would be advised to read both KB entries and hitting the discussion thread before installing the updates just to see what to expect and what your fellow Vista users are experiencing… and I will install both and let you know ASP.

USB Encryption – a quick look

I had to do some research on both software and hardware based encryption for a project recently and although I had heard of TrueCrypt I had never actually used it.  Although we chose not to use the product for this particular project (company did not like the idea of Open Source, but that’s another story for another time) I wanted to see if I could encrypt a USB drive in such a way that the PCs I used the device on did not need TruCrypt installed.  Well, this is a quick guide to how TruCrypt does just that.

This was done on a XP/SP2 desktop.  TrueCrypt does not work on Vista yet, refer the the venders Web site for details.

Firstly, you cannot use Full disk encryption for this, why not??  Well, the TrueCrpyt.exe file has to live on the USB device and in order for it to run you need to access the volume … if the volume is encrypted then you can’t read it without using TrueCrypt … which is encrypted on the volume !!!  So, we create an encrypted “volume” on the device, which is kinda like an encrypted folder. 

  • Install TrueCrypt
  • Load TrueCrypt Format.exe from the programs folder where you installed Truecrypt
  • Create a standard volume and click NEXT
  • Choose Select File and create a new file of your choice on the USB drive which will become the encrypted volume, remember to give the name a .tc extension,  then click OPEN followed by NEXT
  • The choice of which encryption settings to use is a personal one based on requirements or knowledge .. defaults were fine for me, click NEXT
  • Set the size of the volume to be a few MBs less than the full size of the device … the remaining space will be used to host the TrueCrypt.exe files.  Typically you will need about 3mb for the TruCrypt files.
  • Choose your passphrase **Read the warnings** click NEXT
  • Click Format when you are ready — make sure you are on the correct drive letter for the USB drive in question

That’s the volume created, so now we configure TrueCrypt to mount the volume when the drive is plugged in

  • Launch TrueCrpyt.exe
  • TrueCrypt has a featured called Traveler disk which allows us to finish off the task, so choose this from the Tools menu
  • Create the Traveler disk files on the drive letter associated with your USB drive
  • Choose Auto-mount and then choose the volume file that you created in the steps above
  • Leave the mount drive letter as First Available … this will help stop drive conflicts in the future
  • Click on CREATE
  • This should create the required file structure and autorun.inf.
  • Once done click on the CANCEL button to close Traveler Disk

Remove the USB stick and then plug it back in to test.  Depending on how your PC in setup to handle USB devices you will probably be prompted with a choice on what to do …. if you are then Run TrueCrpyt should be on the list, so select that.

Enter your passphrase into the dialog box and this should mount the volume to the next available free drive letter.

Note: You will have two drive letter pointing to the USB drive, but one will show you the TrueCrypt folder and is therefor the un-encrypted volume, the other will be the encrypted volumes

This worked for me, however please remember I cannot guarantee it will work for everyone…..

Technorati tags: , , ,

IT Security community in the UK

A nice forum for those interested in IT security; those looking to enhance their secruity knowledge and those with generally more sence than money when it comes to IT security