Category Archives: ID Cards and Identification

ACLU Brings Important Freedom-to-Travel Lawsuit

The ACLU’s blog post is actually not over the top here: We’re Suing the Government for Violating the Rights of Passengers on Delta Airlines 1583 in Police-State Fashion.

The full complaint in Amedei v. Duke is online.

Some key bits below the fold: Continue reading

Posted in Civil Liberties, ID Cards and Identification, Law: Right to Travel | Leave a comment

Windows 7/8/8.1 Is Spying on You. This Batch File Will Reduce It.

Concerned by sneaky updates to Windows telemetry on my Win 7 boxes … the object of which seems to be to degrade their privacy to a level equal to Window 10 minus the always-on eavesdropping of Cortana (No Thanks!)…I am running this batch file from an elevated command prompt to clean things up. I adapted it and slimmed it down from the to my eye excessive version at wildersecurity.com.

Text of the key parts of the file below if your system blocks downloads of .bat files, as well it might.
Continue reading

Posted in ID Cards and Identification, Law: Privacy, Software | 3 Comments

Sums Up the Case for Pseudonyms

Posted in ID Cards and Identification | Leave a comment

Should I Surrender?

There’s this company that calls my office over and over. And over. And leaves messages asking me to go on their site and ‘claim my profile” that they have already concocted for me. It’s been going on for weeks, always at times I happened to be out. Note that it never sounded like robo-calling, but rather like call-center humans.

Finally, I happened to be in the office recently and answered a call from them (it was a human). I asked, begged, pleaded, to be put on their Do Not Call list.1

Begging didn’t work. There’s a message from them on my voice mail again today.

So far, I’m standing strong, not giving in, not registering on their web site. Even if would shut them up. But I’m also a bit afraid to name them here, because it seems to me that that given their less-than-perfect authentication methods–which include linking to social media on which I do not have accounts–there is a substantial impersonation risk.

Should I just give in and ‘claim my profile’?


  1. This leaves aside the question whether the calls violate state or federal ‘do not call’ rules; I’m signed up for both, but since they are not actually selling anything or asking for money, they might be off the hook? []
Posted in ID Cards and Identification, Internet | 1 Comment

Change Your LastPass Master Password

We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

An email is also being sent to all users regarding this security incident. We will also be prompting all users to change their master passwords. You do not need to update your master password until you see our prompt. However, if you have reused your master password on any other website, you should replace the passwords on those other websites.

Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.

Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts.

We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection. Thank you for your understanding and support.

Joe Siegrist
& the LastPass Team

 

Frequently Asked Questions

Why haven’t I been notified by email? Emails are being sent to all users regarding the security incident. While this takes a bit longer than posting on the blog, we are working to notify users as fast as possible.

Do I need to change my master password right now? LastPass user accounts are locked down. You can only access your account from a trusted IP address or device – otherwise, verification is requested. We are confident that you are safe on your LastPass account regardless. If you’ve used a weak, dictionary-based master password (eg: robert1, mustang, 123456799, password1!), or if you used your master password as the password for other websites you need to update it.

via LastPass Security Notice | The LastPass Blog.

Posted in Cryptography, ID Cards and Identification | Leave a comment

Tracking Protection Greatly Speeds Firefox

Firefox’s optional Tracking Protection reduces load time for top news sites by 44%.

How to turn on Tracking Protection:

  1. In the Location bar, type about:config and press Enter.
    • The about:config “This might void your warranty!” warning page may appear. Click I’ll be careful, I promise! to continue to the about:config page.
  2. Search for privacy.trackingprotection.enabled.
  3. Double-click privacy.trackingprotection.enabled to toggle its value to true.

This will turn on Tracking Protection. If you later want to turn it back off, repeat the above steps to toggle the preference back to false.

Posted in ID Cards and Identification, Internet, Software | Leave a comment