Hart to Hart(nett): Some free advice about security

When I met Dr. Chris Hartnett during TRAFFIC Orlando in 2008, I enjoyed his stories of success; an early adopter of the new Internet era, Dr. Hartnett is part of the elite, old guard of domain entrepreneurs.

Having read the incident of his identity theft situation, I can’t but sympathize – but could that situation have been prevented?

NEW: Read about the incident in a comic book fashion – the entire story told in just 2 frames!

Today’s chatter seems to be about “security” at Registrar or overall industry level, with a lot of assorted “finger pointing” outside of the single source of the problem: the operator/owner – Dr. Chris Hartnett himself.

Most likely – per his own admission – the culprit has been a keylogger that somehow installed itself onto the primary computer that Dr. Hartnett uses; it then tracked his activity and remotely relayed it to the hackers, who had a feast perusing his files and assuming his identity on Namejet.

Here are some quick tips about security – what to do and what not to do:

  • Don’t install questionable software: funky new chat software, a “free” program your relatives and friends rave about, definitely not pirated software
  • Don’t install instant messenger software – period. Security holes are often announced in the hacker circles and before you download the new version your system is vulnerable and quickly infiltrated.
  • Install the best antivirus you can buy and schedule it to run daily scans.
  • Install a firewall and harden security to the max. Keep your operating system up to date, especially when using Windows: turn automatic updates to on.
  • Never use unencrypted wireless networks; never share free networks at conferences, if you need Internet access use your own wireless card with full encryption.
  • Don’t allow others to share your computer; always log off or shut down when in use, with password protection turned on.
  • Never share sensitive personal data with the general public.
  • Always use lengthy, upper/lower case passwords with special characters. Never share the same password across different accounts. Don’t store your unencrypted passwords in one location or file. Change your passwords often. Always define security phrases and never give true responses, e.g. “Mother’s maiden name: Superman”.
  • If you suspect that your system is infected, immediately take it offline. Disconnect it from the Internet and do not use it again – until you install a new drive or wipe out the one in use. Continuing to use an infected system online will only render you more vulnerable.
  • If you suspect foul play, contact the places you transact with: your bank, your credit card issuers; have them canceled and get new numbers. Contact the credit bureaus and ask them to place a lock so that no new lines of credit can be acquired for a set period of time. Report the incident to the police.
  • Contact your primary registrars and ask them to keep an eye for any non-standard attempts to alter your information or to obtain your information. If they offer increased levels of protection, such as the provision of additional credentials to perform account changes, turn that feature on.

The bottom line is, that most likely the source of all your woes falls back to your own self. If you cannot maintain the security of your own assets, then delegate the task to others that can do this for you.

Some additional reading about the hardware security provided by Fabulous.com – my domain registrar of choice.

Speak Your Mind

*