[sf-lug] Safety Online

Rick Moen rick at linuxmafia.com
Fri Mar 1 17:01:35 PST 2019 

Quoting Tom Turner (seameadowlake at gmail.com):

> For clartity,
> 
> Here is the page of Firefox safety and other links provided by Michael
> Paoli:
> https://www.mozilla.org/en-US/?utm_campaign=2internetbrowsers_all&utm_medium=email&utm_source=SecurityTips

Maybe it's just me, but the resulting page seems _extremely_ unfocussed
-- and to not actually say much.  Also, the URL suggests that they're
(mostly) keenly interested in tracking what publicity campaign got you there.

> The website that tracks hacks and provides notification of same:
> https://haveibeenpwned.com/
> 
> The Firefox page that uses the above page to provide reports of hacks:
> https://monitor.firefox.com/

I think the founder of haveibeenpwned.com (Australian security expert
Troy Hunt) is trying to do a generous thing and should be applauded for
that.[1]  At the same time, based on my own experience, I would advise
reading reports issued from their database _skeptically_.

Several times, I've gotten somewhat breathless reports sent to me from
that site, advising me that my 'personal information' had been exposed
in a recent data breach.  In every case so far, that's been something
like my name and e-mail address having been recorded in a publicly
archived mailing list on the Web, because I was a member of that mailing
list and posted to it.

This has been the case so far, concerning 'rick at linuxmafia.com' having
been included in 'compromised data' from four major data breaches:  

Data & Leads on Nov. 14, 2018
Exactis on June 1, 2018
Apollo on July 23, 2018
Patreon on October 1, 2015

In each case, yep, indeed my e-mail address is in there.  If my e-mail
address had been a national secret, that would have been a problem.  ;->

FWIW, there are a couple of old SVLUG talks (slides and lecture notes
from those) that might still be of some interest despite being a bit 
outdated, now.  Both are linked from http://www.svlug.org?

Feb. 2011:  The Wild, Wild Web: Web Browser Security, Performance, and
Privacy

Dec. 2012: Real-World Linux Security


[1] Background:  https://en.wikipedia.org/wiki/Have_I_Been_Pwned?

More information about the sf-lug mailing list