Do You Think Faxing Something Means It's Secure?

Not necessarily. There are vulnerabilities that can make faxing risky. The first, and most obvious, is that faxes are initiated by people. People make mistakes. People punch in the wrong number. People inadvertently fax things to the wrong person. It happens. You can remind people to be careful, but mistakes are just going to happen. Just the other day someone I know received a fax from a Bank that included a list of names, social security numbers, and account numbers. A big oops.

To help address this issue, pre-program the fax numbers for the recipients that you commonly send sensitive information to. Also make sure that you use a cover page that clearly states who the intended recipient is, that the fax is only for that recipient, and provide instructions for an accidental recipient to follow in case they were to receive a fax in error.

The other issue is that many fax recipients are not walking up to the fax machine to pick up the received document. Instead, faxes are forwarded to the organizations email system where they are attached as images or as a PDF document. Why does this matter? You may not have intended for that potentially sensitive fax to be stored in the recipients email inbox on their local hard drive, on their corporate email server, in their email archiving solution, and now stored permanently on the email server backup media. Will the access controls you intended for this document continue to be upheld for these additional digital copies now floating around? Probably not. If that fax included payment card information or personally identifiable information, like social security numbers, then a law or rule was just broken. That sensitive information is now likely stored unencrypted on multiple systems that do not provide the access controls and protection now required for such data.

Just because it's faxed doesn't mean it's completely immune to security risk.

©2008 Kenneth M. Smith

Using Your Credit Card By Phone

©2008 Kenneth M. Smith

Card transactions often take place by phone. This is also a common way for fraudsters to try to rip you off. A few tips to help protect you:

1. Never give your card number to anyone by phone when they have called you. Even if you feel that it's legitimate, just don't do it! Someone calling you to ask for your card number is a little suspicious, but it does sometimes happen for valid reasons. Take down their name and phone number, confirm that they are for real, and call them back if it's appropriate.

2. Avoid giving your card security code, known as the Card Verification Value (CVV), over the phone. This number is only intended to be entered into a computer as a way to confirm that you do have the card with you. If you are giving this number to someone by phone, there is a good chance that they are writing it down or typing it into a database. Neither of these should be done by any merchant.

3. Use a secure phone line. Sniffing and eavesdropping of telephone conversations is possible, especially with wireless devices. If you are using an older 'cordless' phone or cell phone, there is a good chance that someone could listen in on your conversations using equipment that can be readily purchased at electronics stores.



For the best Notebook CPU performance, set power management to 'Always On'

If you use applications that need a lot of CPU cycles, or you use virtualization applications such as VMWare Workstation of Microsoft VPC, the default settings for most notebooks will not result in the best performance. I have found that even when you have your system plugged in and set to 'Maximum Performance' or 'Home Office/Desk' under the power management options, the system will still automatically throttle the CPU according to the needs of the application and the operating system. This throttling has gotten much more intelligent over the years, but you will still probably notice a performance hit in certain situations.

Starting with Windows XP, the CPU throttling functionality became integrated with the operating system. The only setting that will guarantee that your system runs at full speed all the time is if you set the power management scheme to 'Always On'. At least this has been the case on a few Dell notebooks and a Thinkpad I have used. Note that doing this will make the system run hotter, will probably trip the fan more often, and will of course use more power. But a fast and consistent CPU speed is important for virtualization to behave properly. There are a few cool CPU management utilities available that help you to further tune and tweak these things, such as SpeedswitchXP and RMClock.