[JSanders]

Quote:

Originally Posted by The Sand

I am chick from L.A. – I don’t eat)

Quote:

Originally Posted by The Sand

Just so people have a little better understanding why I am so upset...

You just need a big ol' piece of pie! Happy pie!

[daphne]

There are many many ways your ID can be stolen besides losing your credit card. Do you give your ATM or credit card to a server at a restaurant to go back to the cash register and pay your bill? It's very easy for them to copy your card information and have a replica card made. Here's what the FTC says about how your ID can be stolen. Notice none of them mention email except for spam/phishing.

About Identity Theft - Deter. Detect. Defend. Avoid ID Theft

Quote:

How do thieves steal an identity?

Identity theft starts with the misuse of your personally identifying information such as your name and Social Security number, credit card numbers, or other financial account information. For identity thieves, this information is as good as gold.
Skilled identity thieves may use a variety of methods to get hold of your information, including:

Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it.

Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.

Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.
Changing Your Address. They divert your billing statements to another location by completing a change of address form.

Old-Fashioned Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records, or bribe employees who have access.

Pretexting. They use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources. For more information about pretexting, click here.

I know a number of people who have had their ID stolen by having a keylogger or password stealing trojan virus on their computers.

It would be just plain stupid to send something like your SSN or credit card number though email, and no legitimate businesses would ask for that in an email anyway.

[The Sand]

Quote:

Originally Posted by JSanders

You just need a big ol' piece of pie! Happy pie!

Dude, you’re killin’ me…

We wear bikinis 9 months out of the year here… and when I put it on – I am real happy I skipped the pie

I am doing better over the shock of all this – It just took a few days…

Thanks Daphne for the tips on indentity security... I know there are so many many ways to be ripped off and I am not saying email was the culprit - I just want it as safe as possible.

Sandy

[daphne]

Another way IDs can be stolen is having the same password for more than one internet site. There's been a lot of phishing scams on Facebook and Twitter to steal passwords. If someone uses the same password on PayPal as they do for Facebook - guess what - they can empty your PayPal account. if you post a lot of personal information about yourself in the interenet, criminals can create a profile of you, your travel and spending habits, where you live and lots more. That's why I hate Facebook and things like Foursquare and Blippy. It makes things easy for criminals who would steal your ID. Did you shop at TJ Maxx or Marshalls? A lot of people had their personal info and credit cards stolen when they had the huge data breach. Even some healthcare institutions have had data breaches with peoples' personal and medical info stolen.

[The Sand]

Quote:

Originally Posted by daphne

Another way IDs can be stolen is having the same password for more than one internet site. There's been a lot of phishing scams on Facebook and Twitter to steal passwords. If someone uses the same password on PayPal as they do for Facebook - guess what - they can empty your PayPal account. if you post a lot of personal information about yourself in the interenet, criminals can create a profile of you, your travel and spending habits, where you live and lots more. That's why I hate Facebook and things like Foursquare and Blippy. It makes things easy for criminals who would steal your ID. Did you shop at TJ Maxx or Marshalls? A lot of people had their personal info and credit cards stolen when they had the huge data breach. Even some healthcare institutions have had data breaches with peoples' personal and medical info stolen.

I agree I hate those Facebook and the like sites as well... even if you don't use them (and I already said, my Yahoo is only a "shell" with NO info) it's very hard to keep what you want private... private. It's a constant struggle.

Thanks for sharing all of this... very useful to know.

Sandy

[daphne]

I really don't think it's that hard. Just be careful what you post on the internet. You've already posted a fair amount of info about yourself right here in this thread, not enough to identify you, but wtih a little more information someone might be able to.

Use common sense in every day life, keep your computer secure, etc.

[The Sand]

I thinks it's hard because of what "others" do. It's the companies I do business with. You already mentioned TJ Max and Marshalls... you wonder how secure websites are that you purchase from - even though you always use https when purchasing. Unless you pay cash there is going to be risk. You hope companies run a good show... but the oil all over the Gulf shows not all do the right thing... and when they don't we all "pay."


Sandy

[SteveO86]

If you are truly that paranoid of about email, my previous post pointed out all the holes, And unless you decide to implement S/MIME or PGP your email will be insecure somewhere down the line.

Or at least get a hosted exchange/BES.

No matter how much security you implement the weakest link is us the user. While this I do give you kudos for finding this, I do not believe it should made into the giant monster this thread has become. SSL on the desktop is one thing it is a lot more suspectible to attack (virus, spyware, packet captures, etc).
Posted via BlackBerryForums.com Mobile

[daphne]

Agree with Steve. You can use PGP for free.
The GNU Privacy Guard - GnuPG.org
Have the people you email with use it also. It's not that hard. Or you can buy it here:
PGP Data Protection Products - Endpoint, Email, File and Server Data Protection

I have PGP on 3 of my computers. You can encrypt files and create PGP disks, or even get whole disk encryption. Do you carry a laptop? I would assume you have your computers password protected. But even then anyone with a bootable Linux disk can peruse your hard drive. Do you just delete files, or do you use an app to securely erase them from the hard drive? My point is there are a lot of other areas for concern over privacy with digital information besides just email. And I've barely mentioned security and privacy online.., websites tracking your IP address, cookies, Flash cookies. Did you know identity thieves can find info about you if you've created gift registries that are searchable online? It goes on and on and on...

[The Sand]

Quote:

Originally Posted by SteveO86

If you are truly that paranoid of about email, my previous post pointed out all the holes, And unless you decide to implement S/MIME or PGP your email will be insecure somewhere down the line.

Or at least get a hosted exchange/BES.

No matter how much security you implement the weakest link is us the user. While this I do give you kudos for finding this, I do not believe it should made into the giant monster this thread has become. SSL on the desktop is one thing it is a lot more suspectible to attack (virus, spyware, packet captures, etc).
Posted via BlackBerryForums.com Mobile

I saw your previous post - the one about the pst not being encrypted. But now we are talking about Outlook. You can password protect Outlook if you are in an environment that calls for that. But this was really about email on the BB not the security or lack thereof for Outlook. It wasn't about stupid users on their computers either...

Before I found this out I was unable to make a good decision about email on the BB. I figured RIM would follow the industry standard and enable SSL if possible.

This thread just lets people know the deal - then they can make well informed decision. That is good for all of us...

Sandy

[The Sand]

I have tried encrypted email... and to say the people I know had a breakdown is putting it mildly. When you send them email that way, it just doesn't go over well...

I know a lot about computer security - and I would use a WinPE to look at the harddrive.... but those are "tactics" for another thread.


Sandy

[jsconyers]

Sandy, did you see this?

Quote:

Email messages and instant messages
Email messages and instant messages that are sent between the BlackBerry® Internet Service and your BlackBerry device use the security
features of the wireless network. Messages that are sent between your messaging server and the BlackBerry Internet Service are automatically
encrypted if the server supports SSL encryption.

http://www.blackberry.com/btsc/micro...00%20744745060

[SteveO86]

Quote:

Originally Posted by The Sand

I saw your previous post - the one about the pst not being encrypted. But now we are talking about Outlook. You can password protect Outlook if you are in an environment that calls for that. But this was really about email on the BB not the security or lack thereof for Outlook. It wasn't about stupid users on their computers either...

Before I found this out I was unable to make a good decision about email on the BB. I figured RIM would follow the industry standard and enable SSL if possible.

This thread just lets people know the deal - then they can make well informed decision. That is good for all of us...

Sandy

Outlook with password protected PST can be easily cracked. I only mentioned the PST because if you encrypt your email and someone you send an email to is using Outlook it is point of entry.

Quote:

Originally Posted by The Sand

I have tried encrypted email... and to say the people I know had a breakdown is putting it mildly. When you send them email that way, it just doesn't go over well...

I know a lot about computer security - and I would use a WinPE to look at the harddrive.... but those are "tactics" for another thread.

Sandy

Ok, So you acknowledge the PGP/SMIME issue. Security is a compromise, anything you make more secure, you will remove the convenience of ease of use. If your not willing to go that extra mile I do not see the point of yelling this to heavens. Yes make people aware of it but let's not beat the dead horse.

I for one am not surprised of these differences between BES and BIS, if BIS was as good BES where RIM really make money. If you really need that much security get BES.

[jsconyers]

Quote:

Originally Posted by SteveO86

I for one am not surprised of these differences between BES and BIS, if BIS was as good BES where RIM really make money. If you really need that much security get BES.

There are plenty of advantages when comparing BES to BIS. Complete control of devices, IT Policies, etc.

[daphne]

Quote:

Originally Posted by SteveO86

Ok, So you acknowledge the PGP/SMIME issue. Security is a compromise, anything you make more secure, you will remove the convenience of ease of use. If your not willing to go that extra mile I do not see the point of yelling this to heavens. Yes make people aware of it but let's not beat the dead horse.

Well said.

[The Sand]

As for encrypted BB email... it's not "ease of use" of my part - it was other people who had the difficulty. As I said, it didn't go over well with "them." And right now I am talking about using programs that encrypt BB mail - not what can be done on a computer.

Sandy

[aiharkness]

Hah! Thinking of the famous Huey Long quote.

Quote:

Don't write anything you can phone. Don't phone anything you can talk. Don't talk anything you can whisper. Don't whisper anything you can smile. Don't smile anything you can nod. Don't nod anything you can wink.

Nowadays it would be, Don't email anything you can phone. Don't phone anything you can talk. . .

Or maybe it should be.
Posted via BlackBerryForums.com Mobile

[The Sand]

Thanks for the thought provoking levity A little of that is always helpful...

Sandy

[CanuckBB]

Did you ever think that the choice may not be RIM's, but the email providers not wanting the BIS servers hammering at the SSL connection?

[The Sand]

Nokia holds a big share of the consumer market... the email providers let Nokia do it, and the rest... why not RIM???

We can't know why RIM decided to "log into the web" for outgoing as opposed to sending it smtp themselves over SSL like is the norm... I don't know why they selected the "least" secure way.

But I don't want to tread ground that we have already gone over...

Sandy