Saturday, October 28, 2017

Document Shredders for Home Use

 
 
To safeguard your personal privacy and help protect yourself from identity theft, fraud, and stalking; you should have a document shredder in your home. The type of shredder that you should buy depends upon your personal security requirements and the number of things you need to shred on a regular basis.
 
First let’s consider security levels. The security level of a shredder is broadly defined by how small the shredded pieces are and thus how difficult it would be for an adversary to reassemble a document or read information from shredded pieces of a document. The security levels also take into consideration the type of material being shredded (microfilm requires much smaller shredding than paper documents). For home use, and for most users in general, we will consider three general types of shredders: Strip-Cut, Cross-Cut, and Micro-Cut. Security levels run from P-1 (the lowest level) to P-6 (the highest level). Most shredders intended for home use have P-2 security if they are strip-cut, P-3 security if they are cross-cut, and P-4 if they are micro-cut.
 

Strip-cut shredders cut paper into long, thin, strips. Strip shredders can handle high volumes of paper and are good for low-level security documents (to include some home use). A better option however is a Cross-cut shredder which cuts documents into small pieces, usually less than two-inches in length. Cross-cut shredders are the most commonly used in both home and commercial environments. A cross-cut shredder will provide excellent security for almost any home use. Micro-cut shredders are like cross-cut shredders, but cut documents into even smaller pieces. If you need to destroy very sensitive documents, or believe you are being directly targeted by a corporate or state level adversary, then a micro-cut shredder is recommended.  
 
Next let’s consider usage levels. How many documents do you need to shred at one time? Do you need to shred optical media such as CD/DVD, and other non-paper items such as credit cards? What volume of material do you need to shred at any one time (i.e. how long do you need the shredder to run for before it needs a cool-down period)? Most home use does not require a high-volume shredder, since we are probably shredding fewer than twenty sheets of paper at any one time. We may not need to shred documents for hours on end, but being able to simply drop junk mail into the shredder without having to open it is useful. Choosing a shredder that has the ability to shred at least eight sheets of paper at the same time allows you to shred folded documents (i.e. a folder letter) without having to open them first. Having the ability to shred CD/DVDs and credit cards is also useful if you have a computer in your home and store any type of personal or sensitive information on CD/DVD.
 
Examples of good document shredders for home use include:
 
 
It is possible to find documents shredders for a little bit less money ($30 - $50), but these cheaper shredders tend not to hold up to continuous use. Still, if you are looking for a home shredder for occasional use, the Amazon Basics 12-Sheet Cross-Cut Paper, CD, and Credit Card Shredder is a reasonable choice.
 
The Privacy Rights Clearinghouse (https://www.privacyrights.org) recommends shredding the following documents:
  • Monthly bills. Even if you bank online, also shred payment coupons, which might contain your full account number, even if the bill did not.
     
  • Receipts or other papers that show your signature, which ID thieves could use to forge other documents.
     
  • Employer pay stubs.
     
  • Documents that contain account information, such as statements from your bank, credit-card companies, 401(k) administrator, and broker and other investment statements. Don't forget courtesy checks from your credit-card issuer or bank. Call that source and ask it to stop sending the checks.
     
  • Anything that contains your Social Security number, including annual statements from the Social Security Administration. Don't forget old identification cards, including an expired driver's license.
     
  • Expired credit cards, and prescreened credit-card offers and applications, even if they contain incorrect personal information. All can be used to obtain fake credit cards.
     
  • Explanation-of-benefits forms from your medical insurer. They usually include your member ID number, which leaves you vulnerable to medical-ID theft. Also shred papers and labels with prescription numbers on them.
     
  • Tax forms and tax-related documents more than seven years old.
     
  • Any documents that list a password or PIN, and anything else with personal information that you wouldn't want a stranger to see.
     
  • All mail from your financial institution, including change-of-terms notices. Even documents that don't have account information can tell fraudsters a little more about you than you might want them to know.
     
  • Documents from companies you've done business with recently, including those from recent travel. Thieves could call you masquerading as a representative from one of those businesses to try to trick you into disclosing personal information.
 
 


Wickr Privacy Survey



Wickr is one of my favorite communication apps. It is strongly encrypted and does the right things to support individual privacy. Wickr is conducting a short (10 question) privacy survey to gather current opinions on the state of privacy. You can participate in the survey here: https://www.wickr.com/privacy-survey-oct-2017
 
If you don't currently use Wickr you can download it for free from here: https://www.wickr.com/personal/.  Wickr is available for Android, iOS, and Desktop.
 
 
 
 

Thursday, October 26, 2017

Foreign Travel

To travel overseas you will need a passport. If you have a current passport, great... if not you should get one as soon as possible. The US Department of State explains how to apply for your passport here (you cannot apply online). Once you have obtained the necessary documentation and completed the required forms, you take all of this to a local passport office and apply for your passport. The passport agent will make sure that all required paperwork is complete, take your applications fees, and submit your application. In a few weeks you will receive your passport in the mail.

With a passport in hand, you can travel internationally. Country entrance requirements are listed on the State Department’s web-site: https://travel.state.gov/content/passports/en/country.html.
 
International Driving Permit
 

 
In the United States there are two organizations authorized to issue International Driving Permits. These organizations are the American Automobile Association (AAA) - http://www.aaa.com, and the National Auto Club - http://www.thenac.com. The International Driving Permit is not a driver’s license in and of itself, rather it is a translation of your driver’s license and is a recognized and often required piece of identification when driving an automobile overseas. According to the National Auto Club,  "International Driving Permits are a recognizable form of identification which can help you communicate with foreign authorities. The IDP provides an official translation of your U.S. driver’s license into 9 foreign languages and is acknowledged as valid identification in 174 countries around the world. IDPs are not a replacement for your U.S. license, but should be used as a supplement to it. Experienced travelers always carry the International Driving Permit while traveling outside the USA."

Even if you don’t plan to drive while overseas, the International Driving Permit can serve as a useful piece of secondary identification when dealing with officials in a foreign country. To obtain an International Driving Permit from either AAA or the National Auto Club, simply fill out an application and mail it along with a copy of your driver’s license and two passport type photographs to the address on the web-site. At the time of this writing the cost for an International Driving Permit was $20.00, and processing time was between one and two weeks. From the date of issue an International Driving Permit is valid for one year. 
 
Travel Alerts & Warnings


 
Before travelling to a foreign country it is important to have an understanding of what the situation in that country is like, and that understanding should extend well beyond the brochures at your local travel agency. Being aware of long-term threats and short-term problems can keep you out of trouble. Knowing what risks you may face in a specific country or area of the world can help you mitigate those risks. It always pays to know before you go, because what you don’t know can kill you. 

The United States Department of State publishes country information and travel guidelines on its web-site: http://travel.state.gov/. The United Kingdom, Foreign Office publishes foreign travel advice and country information on its Gov.UK web-site: https://www.gov.uk/foreign-travel-advice. The Government of Canada provides country travel advice and advisories on its web-site: http://travel.gc.ca/travelling/advisories. The Australian Government, Department of Foreign Affairs and Trade publishes similar information on its web-site: http://smartraveller.gov.au/countries/; as does the Government of New Zealand on its 'Safe Travel' web-site: https://www.safetravel.govt.nz/.  The United States Center for Disease Control & Prevention (CDC) provides traveler health information on its web-site: http://wwwnc.cdc.gov/travel, as does the World Health Organization at http://www.who.int/ith/en/.
 
For additional details about a country, the CIA World Fact Book also provides general information about every country in the world. Each of these country information and travel advisory web-sites is run by a country’s State Department or Department of Foreign Affairs and will be colored somewhat by the current politics of the country providing the information. The information may seem a bit general and vague at times - we would always like more detailed information - but overall the information provided on these web-sites will be of value to anyone planning to travel overseas, especially if you have never travelled to that specific country or area of the world before.
 
The Overseas Security Advisory Council (OSAC) has prepared an eleven-page ‘Travel Security Form’ to help individuals prepare for overseas travel. OSAC says  "More U.S. private-sector employees, students, and staff are traveling abroad than ever before. At the same time, the overseas security landscape has grown increasingly dynamic, with threats posed by terrorists, insurgents, and criminals, as well as non-human forces like natural disasters and diseases. The objective of this guide is to equip international travelers with tactics and procedures that may reduce the risks inherent to overseas travel." The form can be downloaded from the OSAC web-site at: https://www.osac.gov/pages/ContentReportDetails.aspx?cid=19177 
 
OSAC Crime and Safety Reports https://www.osac.gov/pages/ContentReports.aspx provide information about current crime patterns in various countries and cities, and offers safety tips and advice for travelers to those areas. 
 
Foreign Language
 
 
Speaking the language of the country or area to which you will be traveling is always a significant advantage. Speaking the local language allows one to communicate with others in order to meet basic needs, show courtesy to others, and build relationships and friendships in the local community. Furthermore, someone who speaks the local language will be less likely to stand out and attract attention. 
 
There are several on-line foreign language courses that can be found with a simple Internet search. Some of these courses are free, while others can cost up to several hundred dollars for basic language instruction. The quality of these on-line course range from just OK to absolutely outstanding, but also depends on one’s learning style and ability to learn from an on-line program. Regardless of how you choose to learn a foreign language, learning even just a few basic words, phrases, and courtesies can make for a more enjoyable and ultimately safer foreign travel experience.
 
International Medical Insurance
 


What will you do if you become sick or injured while away from home? At home your medical insurance may cover hospitalization, treatment, a recovery programs. Off in some remote corner of the world "western-style medicine" may not be readily available, and even if it is your insurance coverage may not be valid there. Other forms of medicine (i.e. Traditional Chinese Medicine, or Ayurvedic Medicine) may also provide effective treatments, but again doctors don’t always work for free. If you need medical treatment it is essential that you have a way to pay for it. Your current health insurance plan may be able to add coverage to pay medical and emergency services while you are away from home. You may also want to choose a short term policy to cover you while you are traveling.
 
There are several insurance companies that can provide travel insurance. Some of the better known of these companies are:
 
Regardless of the company you choose, do your research and ensure that it meets your specific needs, and most importantly that it will be accepted by medical establishments in the specific area to which you will be traveling.
 
In remote and unstable areas of the world you may also want to have a medical and security evacuation plan. Companies such as
can provide emergency evacuation services from remote areas of the world. These emergency evacuation service plans work much like other travel insurance, but are focused on getting you back home in case of emergency.
 
Robert Young Pelton’s web-site , Edward Hasbrouck’s web-site, and the Lonely Planet web-site all provide excellent information for planning travel to remote and dangerous areas. Both Pelton’s site (Black Flag CafĂ© Forum) and the Lonely Planet (The Thorn Tree Forum) offer an on-line forum where one can exchange information with other people who are planning similar travel, or perhaps who are currently at your planned destination. The Daily Telegraph Expat site offers information for individuals traveling, living, and working overseas. The Escape Artist web-site is focused on Americans and provides information about living, working and retiring overseas. Just Landed is a similar web-site providing information for the expatriate communities in several countries.   
 
 
 



Wednesday, October 25, 2017

EPIC Privacy Browser

 
 
"Epic is a private browser that's fast, simple and actually works. When you're using Epic with our encrypted proxy on, your data is encrypted and hidden from the government, from your ISP, from Google, from your employer, and from hundreds of data collectors. On close of Epic, there's no easily accessible record of your browsing history left on your computer. We believe what you browse & search should always be private."
 
 
 


Tuesday, October 24, 2017

Encrypting File System (EFS)

 

Many businesses share computers between multiple employees, and even if you have an assigned computer at your office it is probably connected to a network. Any networked computer can be accessed over the network given the proper permissions. Laptop computers are often used while traveling and thus have an increased risk of being stolen and having criminals gain access to sensitive business data stored on the computer.
 
One way to protect data on your computer is to use the Encrypting File System (EFS). The EFS on the business and professional versions (i.e. Windows 10 Pro, Enterprise, and Education) of Microsoft Windows provides file-level encryption to help protect data from attackers who have physical access to your computer. EFS encryption is tied to your user log-on credentials (password or access token), so if another user logs on to your computer, files protected with the EFS will not be accessible to that person. EFS also protects against off-line attacks, such as booting the computer from a CD or USB; or removing the hard-drive from a password protected computer and putting it in another computer to bypass operating system security.
  
To protect a file or folder with the EFS:
  1. Right-click a file or folder that you want to encrypt.
  2. Click Properties.
  3. Click Advanced, on the ‘General’ tab.
  4. Click the checkbox next to Encrypt contents to secure data.
  5. Click OK.
  6. Click Apply. A window will pop up asking you whether or not you want to only encrypt the selected folder, or the folder, subfolders, and files.
  7. Click either Apply changes to this folder only or Apply changes to this folder, subfolders, and files.
  8. Click OK.
 
Right click on the folder again, and choose the 'Security' tab. In the 'Group or user names:' box ensure that only 'SYSTEM' and your own user name are present. If an ‘Administrators’ group is listed in this box you may want to remove it to prevent system administrators from being able to access these encrypted files.
 
The EFS is a useful tool on a network when you need to restrict access to specific files to specified users. Files and folders encrypted with the EFS are accessed normally when you are logged in with the proper account or token, but if you are not properly logged in you will be denied access to any EFS encrypted document. It is important to note however that if your log-on credential changes (i.e. you get a new access token or delete your user account) you will lose access to any files encrypted with your old credential. In Windows 10, EFS encrypted have a small padlock displayed on the file icon. In Windows 7, EFS encrypted filenames are displayed with green letters.
 
For more information about the EFS, I recommend the YouTube Video: MCTS 70-680: Encrypting File System (EFS).


 


National Gang Report - 2015

 
 
 
 
After I posted the link to the 2017 National Drug Assessment, some readers asked if there was a similar assessment for gangs in the United States. Yes, there is, but the latest public version of that report is 2015. It should be noted that the 2015 National Gang Report is not an extension of the 2013 or 2011 installments. Rather, it is an independent overview of data obtained between 2013 and 2015.
 
I recommend that you read each of these reports 2011, 2013, and 2015 to gain the most complete understanding of the national gang threat.

 


Monday, October 23, 2017

National Drug Threat Assessment - 2017

 
 
 
The Drug Enforcement Administration (DEA) released the 2017 National Drug Threat Assessment today.
 
You can download a PDF copy of the assessment here:
 
Over the past 10 years, the drug landscape in the United States has shifted, with the opioid threat (controlled prescription drugs, synthetic opioids, and heroin) reaching epidemic levels, impacting significant portions of the United States. While the current opioid crisis has deservedly garnered significant attention, the methamphetamine threat has remained prevalent; the cocaine threat appears to be rebounding; new psychoactive substances (NPS) continue to be a challenge; and the focus of marijuana enforcement efforts continues to evolve. Drug poisoning deaths are the leading cause of injury death in the United States; they are currently at their highest ever recorded level and, every year since 2011, have outnumbered deaths by firearms, motor vehicle crashes, suicide and homicide.
 
 



SecureDrop

 
 
SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. It was originally created by the late Aaron Swartz and is currently managed by Freedom of the Press Foundation.
 
Review the SecureDrop web-site (listed above), and try the demo to see how the system works. A few news agencies that use SecureDrop are listed below. Reading their SecureDrop pages will provide additional tips for providing information anonymously.

Although SecureDrop is intended for media organizations to receive information from anonymous and confidential sources, any organization with the ability to set-up and run a server can install and use SecureDrop. Of course, it helps to have the clout and infrastructure of a major news service to maintain your SecureDrop and ensure that it isn't seized or otherwise compromised. Still, if you have an organization that needs to communicate with anonymous and confidential sources, SecureDrop may be an option.