Is my personal information really secure online?

Personal information is worth a lot, especially to criminals. Over the last couple of years i have wondered if my personal information is really secure online, so many major website have been hacked, with users personal information uploaded online for all to see. To me it appears like large corporations and major websites you would expect to take the security of peoples personal information seriously, actually couldn’t care less about it, so it appears to me.

Take Sony for example, last year the Sony PlayStation Network and Sony Qriocity on-demand entertainment services were hacked, in what was possibly the largest data breach ever. Intruders had accessed personal data of up to 77 million users, whose real names, email addresses, passwords, home addresses and telephone numbers had all been stored in unencrypted text. Hackers had even posted up Sony-associated credit-card numbers, despite Sony calming credit card details were encrypted. Now that is one massive amount of personal information out there in the wild.

77 million users personal information, stored in plain text. Great to know little effort was put in to securing users data on such a large scare. That makes me think how many other places my personal data is stored insecurely, and how many times my personal data has been stolen in hacks that have never been disclosed.

Another example is LulzSec who hacked into the Arizona Department of Public Safety (AZDPS) and leaked hundreds of confidential law-enforcement documents, including personal information on highway patrol officers, as well as hundreds of private intelligence bulletins and training manuals. Should confidential law-enforcement documents really be on internet connected computers? i guess that cant really be helped, however its annoying to think if you want something to be truly secure then it should be anywhere near an internet connected machine / network.

I have honestly lost count over the last two years of how many times I have read about a service has been exploited, where data has been stolen and passwords have been stored in clear text. Linked-in, Steam, Blizzard, Last FM come to memory, although i’m sure there has been other major hacks too.

The above is all just hacks we know about because groups like LulzSec and Anonymous release information online announcing the hack, that does make you wonder how many times other major online services have had data stolen and never said anything, or even know about it!

Recently i have been getting email’s saying i need to verify my information with Student Finance England, i would say that’s a pretty specifically targeted email compared to say one trying to steal you banking details. That does make me wonder if a database at Student Finance England has been dumped. I also get a lot of email’s targeting the bank i’m with, and never others from any other major bank in the UK, again it does appear to me like i’m been specifically targeted in these two cases. Most of the time the email’s targeting Student Finance and my bank account do end up in my junk email folder which is something.

If i get an email with something like that i would never click a link in it, i would always go to the website and log in there. However i imagine a lot of people would just click the malicious link and happily give there personal details away.

I think all we can really do is think about we upload to the internet, especially to cloud storage services. Unfortunately we have little control over how businesses store our personal data, we can only hope its encrypted and secure.

Forefront Installation on Windows Home Server

So what is Forefront? basically think of it as free antivirus for Windows Server, like Microsoft Security Essentials is for client versions of Windows. As you might know Security Essentials refuses to install on Windows Server, however this will install perfectly on Windows Server with no problems. Once installed you will receive virus definition updates through Windows Update, just as Security Essentials does.

So you have me interested, how do i go about installing?

First you will need to open your en_forefront_client_security_x86_x64_cd_x13-62435.iso which can be downloaded from Technet or MSDN, go in to the /CLIENT/X64/ folder and extract MP_AMBITS.MSI.

A good application that will extract content from ISO’s is WinRAR:

Forefront Security on Windows Server Extract

Next click on MP_AMBITS.MSI and it will automatically install:

Forefront Security on Windows Server Install After Forefront has installed on Windows Server you will be notified no new definitions or updates are available, don’t worry that is normal:

Forefront Security on Windows Server Installed

Now load Windows Update from the start menu and click on “Findout more” where it says “get updates for other Microsoft Products”:

Forefront Security on Windows Server Windows Update

A webpage will load up you will need to agree to the terms for Microsoft Update, then click the install button:

Forefront Security on Windows Server Enable Updates

All been well you should get a message saying Microsoft Update was successfully installed:

Forefront Security on Windows Server Updates Enabled

Now load Windows Update again and you will see Windows Update now checks for Windows Updates along with updates for other Microsoft Products:

Forefront Security on Windows Server Checking for Updates

When Windows Server has finished checking for updates you should now see an update for the Forefront Client Security application, and the latest definitions available to download:

Forefront Security on Windows Server getting Windows Updates

Future updates will just install automatically with Windows Update from now on:

Forefront Security on Windows Server updating via Windows Update

The end result is Forefront Client Security running on Windows Home Server 2011 (or the Windows Server variant of your choice), it will work exactly the same for other Windows Server variants too. I have personally tested Forefront on Windows Server 2008 R2 Standard and it worked perfectly fine.

Forefront Security on Windows Home Server 2011

Whois opt-out for .eu domains

For .eu domains whois opt-out is easy, when you know how. You are not however allowed to use services such as namecheaps “whois guard” which essentially hides the whois information when someone runs a “whois” query on your domain. A whois query will return the personal information of the person who owns the domain, including there name, address, telephone number and email address.

Example of a whois query on Google.eu:

Google.eu whois

As can be seen the registrants details can easily be seen.

For .com, .net, .me domains its easy to use a service, usually offered by the domain registrar to hide these details, however for .eu domains this is not allowed.

.eu domain owners are however allowed to opt-out of there personal details been shown, and you will not even have to pay anything extra like you would with a .com domain.

Basically when a .eu domain is registered, no matter who the domain registrar is the corresponding European Registry for Internet Domains (Eurid) account is created automatically. Eurid handles all registrations and disputes of .eu domains.

This account will allow you to opt-out or select personal information shown on “whois” searches, In order to get access to this account you can go to http://enduser.eurid.eu/public/enduser/EnduserGetRequestPasswordForm.htm – Here you need to enter the domain name and administrative email address you chose when registering the domain, after doing so login details will be sent to that email address.

When you have received your password you are able to log on and mange your domains whois information here: http://enduser.eurid.eu/public/enduser/EnduserGetLoginForm.htm

As you are a non-trading individual you can opt-out of having your address details published, as can be seen below for matthill.me.uk:

Eurid whois opt-out

 

Now you have opted out, if someone runs a whois query on your domain nothing personal will be shown:

MattHillEu Whois

That’s it, quite simple when you know how! Just not that obvious if you have never been through the process before.