US-CERT Cyber Security Tip ST04-013 -- Protecting Your Privacy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         Cyber Security Tip ST04-013
                           Protecting Your Privacy

   Before submitting your email address or other personal information online,
   you need to be sure that the privacy of that information will be protected.
   To protect your identity and prevent an attacker from easily accessing
   additional information about you, avoid providing certain personal
   information such as your birth date and social security number online.

How do you know if your privacy is being protected?

     * Privacy policy - Before submitting your name, email address, or other
       personal information on a website, look for the site's privacy policy.
       This policy should state how the information will be used and whether or
       not  the  information  will be distributed to other organizations.
       Companies sometimes share information with partner vendors who offer
       related products or may offer options to subscribe to particular mailing
       lists. Look for indications that you are being added to mailing lists by
       defaultâ??failing to deselect those options may lead to unwanted spam. If
       you cannot find a privacy policy on a website, consider contacting the
       company  to  inquire  about  the policy before you submit personal
       information, or find an alternate site. Privacy policies sometimes
       change, so you may want to review them periodically.
     * Evidence that your information is being encrypted - To protect attackers
       from hijacking your information, any personal information submitted
       online  should  be  encrypted  so  that it can only be read by the
       appropriate recipient. Many sites use SSL, or secure sockets layer, to
       encrypt information. Indications that your information will be encrypted
       include a URL that begins with "https:" instead of "http:" and a lock
       icon in the bottom right corner of the window (see Understanding Web
       Site  Certificates for more information). Some sites also indicate
       whether the data is encrypted when it is stored. If data is encrypted in
       transit but stored insecurely, an attacker who is able to break into the
       vendor's system could access your personal information.

What additional steps can you take to protect your privacy?

     * Do business with credible companies - Before supplying any information
       online, consider the answers to the following questions: do you trust
       the  business?  is  it an established organization with a credible
       reputation? does the information on the site suggest that there is a
       concern for the privacy of user information? is there legitimate contact
       information provided?
     * Do not use your primary email address in online submissions - Submitting
       your email address could result in spam. If you do not want your primary
       email  account flooded with unwanted messages, consider opening an
       additional email account for use online (see Reducing Spam for more
       information). Make sure to log in to the account on a regular basis in
       case the vendor sends information about changes to policies.
     * Avoid submitting credit card information online - Some companies offer a
       phone  number you can use to provide your credit card information.
       Although  this does not guarantee that the information will not be
       compromised, it eliminates the possibility that attackers will be able
       to hijack it during the submission process.
     * Devote one credit card to online purchases - To minimize the potential
       damage of an attacker gaining access to your credit card information,
       consider opening a credit card account for use only online. Keep a
       minimum credit line on the account to limit the amount of charges an
       attacker can accumulate.
     * Avoid using debit cards for online purchases - Credit cards usually
       offer some protection against identity theft and may limit the monetary
       amount you will be responsible for paying. Debit cards, however, do not
       offer that protection. Because the charges are immediately deducted from
       your account, an attacker who obtains your account information may empty
       your bank account before you even realize it.
     * Take advantage of options to limit exposure of private information -
       Default options on certain websites may be chosen for convenience, not
       for security. For example, avoid allowing a website to remember your
       password. If your password is stored, your profile and any account
       information you have provided on that site is readily available if an
       attacker gains access to your computer. Also, evaluate your settings on
       websites used for social networking. The nature of those sites is to
       share information, but you can restrict access to certain information so
       that you limit who can see what (see Staying Safe on Social Network
       Sites for more information).
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________
     Produced 2004 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST04-013.html

     For instructions on subscribing to or unsubscribing from this mailing list, visit
     http://www.us-cert.gov/cas/signup.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSs4YTducaIvSvh1ZAQKVTAf+Ktz4eVOIIL2+S/FVZ+Ij0zkkoRF02cBZ
cRlWNvJMMxPiUuwarCnxA2p3gMgtmccRj3nY6+G4udWvTCWqggnGIfRflB09Hbvb
rQ30DUFYL2K364Gn0Gz43fMj3P2H10slcH/JriWICANMhtWBdnQEipEL7i34G/yi
SbgfQkv7GZSRe7i2VbsjcwPCP18HEG478AzHzvP7fOEamuIf77kcKUfFX+P3563d
UIN9qwSllJ45d71bcBwqGKv4tzQ3M59b3amDe0uPbVejgdTATas7KxfulpiAT5/S
PfjEcB5QLtvtiNTVvjs2Nkg1E+06Hv7Dy+sYgBkpA9+b6uFdduG19A==
=yxyq
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux