This last weekend we had another incident where celebrity nude pictures made it to the Web, and a whole bunch of people got embarrassed largely by doing a series of things they shouldn’t have done. There is a decent analysis up on how many of us think the attack was carried out, and it appears that the hole in Apple’s (News - Alert) services has been patched so it shouldn’t happen this way again. However, other services aren’t as secure and it is likely hackers will continue to find a way through most security systems to get at stuff you want private.
1984
Right now, most of the on-line background records search programs go back to 1984. They hit a hard wall, so if there is something before then that you are concerned about it likely will remain private unless someone else has a copy and puts it on the web or it has put it on the Web previously. Going forward, date records have been aggressively scanned in, and anything after 2005 was likely put on the network in one way shape or form when it was created. Figure anything you put in the “cloud”, our latest name for a Web storage service, will be accessible by at least one government and a future employer at the very least.
Naked Pictures
One easy fix is don’t take them. If no picture exists it won’t go anyplace. If you take them with a film camera the company developing the film may see and make copies of the pictures, if you take them with a digital camera and your partner has a copy of the files either they or you could be hacked or the relationship could go south and they’ll share them in revenge. This last seems to happen to celebrities a lot. Pictures like this could be worth a lot of money to everyone but you and why would you keep an asset that was more valuable to thieves then it is to you?
I realize that many of these are taken when judgment is compromised, but if you have it in your head to say no to the camera it might stay there when inebriated. But, if you do take pictures like this don’t use a phone.
A phone is a connected device, and chances are it will copy the pictures to the Web and you’ll be tempted to use social media or email to share them. Once in an email or cloud service they won’t be secure and you might as well have put them of Facebook (News - Alert) if someone knows they are there and wants them.
Realize you can be tricked into giving out your password and ID, attackers can often trick support people for that information (that is how my own Xbox account was hacked), and sometimes the support folks haven’t been vetted very well and will access the account themselves. We saw this with the NSA and Snowden recently, and if a three letter agency isn’t secure enough a cloud service provider focused on ease of use certainly won’t be.
Passwords
Back in the 1980s the security folks at IBM (News - Alert) determined that passwords were inherently unsecure and pin codes are just another form of password so they are unsecure as well, yet we continue to use them. Apple and some other providers of cloud services have in place dual factor options. With Microsoft’s (News - Alert) OneDrive you have to both have an authorized device and the password to get in. With iCloud, you can set to have a unique number sent to you on your cell phone which you use to gain access. This is called dual factor authentication and it is far better. Most banks require dual factor authentication to get into accounts.
Challenge Questions
These have been particularly challenging for celebrities where the answers to typical questions like mother’s maiden name and home town can be easily found on the Web. If given a choice, use more obscure challenge questions like what was the name of your first pet or better yet use fake answers. For instance, for your mother’s maiden name put your favorite author or car or breed. Unless you tell someone you do that this makes the challenge question nearly impossible to figure out by an attacker.
Wrapping Up: Don’t Be Stupid
At the end of the day if you don’t want someone to see something like a naked picture of you don’t take them in the first place. This is the easiest way to keep information secret don’t create a physical record in the first place, and always realize that the reason you digitize something is to make it easier to find and access. If you don’t want it to be found and accessed don’t digitize the damn thing to begin with. It seems like obvious advice but there are a few celebrities this week that apparently are rediscovering the obvious.