Lazybit

Voyager is a bundle that includes a portable email client, and Private Disk. The latter is used to encrypt the email archive, to make sure no one can read your messages if you lose the disk, or if it ends up being stolen. Ther are two flavours of Voyager, the 256 MB one and the 2 GB one; no matter which one you have, sooner or later you will need more space. That can be done easily by migrating your email archive to a bigger removable disk.

1. It is assumed that both USB flash disks are ready; the original one is E:, and the new one is F:
2. Start Private Disk
3. Do not mount your image, instead go to Recovery and press Backup, to create a "compressed, encrypted, password protected backup copy of the Private Disk"
4. Choose a backup file and an encryption password (this password can be, and should be different from the password of the original image; although nothing will break if you use the same password)
5. Create a new encrypted disk, it should be located in F:\image.dpd
6. • Naturally, the new image must be larger than the original one, so that there is plenty of room for new emails
   • The new image should not occupy the flash disk entirely, leave at least 10 MB of space for other data
7. Go back to the Recovery tab and press Restore to "restore the data from a previously made copy of the Private Disk"
8. Select the destination image (F:\image.dpd) and enter the password
9. Choose the backup file made at step #4 and enter its password
10. After the process is done, copy all the files and directories (except image.dpd) from E: to F:

If you did everything correctly, you will see the following in F:

• PD, directory
• autorun.inf
• RunMe.exe
• image.dpd

Done! You will probably want to go through an additional step, and customize these settings of the encrypted image:

• Autorun, to launch Z:\Voyager\Voyager.exe automatically
• Autofinish, to run Z:\Voyager\tbExit.exe automatically when the disk is dismounted
• Disk Firewal - enable it and add the trusted applications (if any) to the white list. Remember that every program inside the virtual disk is trusted by default

A new beta of Logon for Vista is now available for download: http://files.dekart.com/beta/Logon-Vista-2230.msi It is not yet a final, and it does not provide all the features that are available in the non-Vista version. Here are some highlights that will be useful to you if you're planning to play with it:

• You must logon using a key once, in order to make the Dekart credential provider the default one;
• Press Other credential providers to choose key authentication;
• This version does not provide support for biometric authentication as a third factor, but the feature will be available in the next release;
• A restart after the installation is not needed;
• The current version cannot use keys created by the older version, therefore you should make a backup of your sensitive data.

The GUI of the key administration tool is not yet final, there will be changes here and there.

A report published recently by IC3 (Internet Crime Complaint Center), provides a lot of insightful tips to those who often engage in Internet commerce. The study was carried out in cooperation with the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance.

The study is extremely useful, as modern life is a path that will inevitably intersect with the Internet, whether we want it or not. The web helps us - consumers, do things faster and easier; the problem is that fraudsters get the same benefits. As a result, if you fall for an Internet scam, the damage can be of a greater magnitude, and it can be inflicted upon you so quickly that you won't even notice it happened. Here are some numbers that put things in perspective:

• From January 1, 2007 to December 31, 2007, the IC3 website received 206,884 complaint submissions. This is a 0.3% decrease when compared to 2006 when 207,492 complaints were received.
• The total dollar loss from all referred cases of fraud was $239.09 million with a median dollar loss of $680.00 per complaint.
• This was an increase from $198.44 million in total reported losses in 2006.
• Email (73.6%) and web pages (32.7%) were the two primary mechanisms by which the fraudulent contact took place.

It is highly recommended that you look through it and study the charts, and the recommendations section, which explains how to deal with such cases, as well as prevent them from happening. The remaining part of this article focuses on the issue of identity theft, which sadly was not given enough attention in the survey.

It is interesting that the study concludes that identity theft is one of the smaller troubles, as shown in the chart below.

Such a state of things is quite strange, because another study (the Computer Security Institute survey for 2007) found identity theft a much more serious problem. Could it be so that the victims of identity theft are not yet aware of their status?

Another possible explanation is that the scope of the IC3 report is simply different, it focuses on issues that occur after a transaction is complete (i.e. it is assumed that everything was ok before the final click in the process), while the truth is that identity theft has much more serious consequences. There is no need to use fake cheques, there is no need to engage in a long conversation with a "Nigerian scammer", nor there is a need to get involved in auction bidding. With your data in their pocket, a fraudster can do anything in a clean way - the sellers will not suspect that something is wrong, because from their point of view, they are dealing with an honest person, and everything is legal.

Identity theft occurs when someone else uses your personally identifying information without your knowledge or permission, to obtain credit cards, loans and mortgages, buy various products on your behalf, leaving you responsible for the consequences.

To minimize the risk of identity theft, you have to make sure that all the ways in which an identity can be stolen (attack vectors) are taken care of.

• If you use a public computer for online banking transactions (ex: buy merchandise or purchase tickets for travel, concerts, or other services):
• • First of all, avoid using public computers, perform all the tasks that involve dealing with sensitive data on your home PC;
  • If you are forced to use a public computer, you can be the target of a keylogger, or the target of malware running on that workstation. There is no guarantee that the computer does not have any harmful programs installed there on purpose. You need a tool such as Password Carrier, which will automatically fill in the forms on the web-sites and in Windows programs - thus keyloggers won't capture your passwords and other personal information, because you don't have to type anything by hand.
• If you store personal information in your home computer, there is a chance that it will be compromised (ex: if your antivirus or firewall failed), or that someone who uses the computer inadvertently ran an unknown (and malicious) program or an attachment that came with an email.
• • Make sure that all the sensitive files on the system are stored in encrypted form, so that they cannot be copied by someone who connects to the computer remotely. Use Private Disk to encrypt your files;
  • Use additional protection offered by Disk Firewall, to ensure that trusted but compromised programs won't allow an attacker to access private data;
  • As in the previous case, it is a good idea to use Password Carrier, because it takes a lot of expertise to thoroughly study a system and say "this system is 100% clean, no viruses, no spyware, no malware of any kind". If you are not one of those who can check their own computer and guarantee that it is clean, then Password Carrier will definitely help you.
• Social engineering is another instrument an attacker can use to steal your identity. Why install various malicious tools and risk getting caught, when you can just go ahead and directly ask what you want? Due to the way our brains are wired, this approach is very often effective!
• • Be careful when someone asks you for personal information; it is good to be suspicious, so do not be afraid to question what they intend to do with this information;
  • Always double-check the information you are about to submit, sometimes a detail that seems unimportant can actually make a difference. If you don't know whether some data are sensitive or not, treat them as sensitive and do not disclose them;
  • Examine the privacy policy of the services that are used, in order to find out how they store and apply your data. In addition, if you are dealing with an intermediate party, they might request other, apparently not important data; if you know which details are needed by the service that does the actual processing, you will be able to find out whether the intermediate party requested data which they don't normally need;
  • Cautiously share your personal information with your friends and colleagues. You may trust them, but are you sure they won't accidentally (or even intentionally) share your details with other parties? Is your friend aware of the existing threats? If you are not sure, then you should think twice before handing out passport numbers, addresses, phone numbers, etc.

Conclusions

• The Internet is a dangerous place, don't forget that.
• It is a good thing to be a little bit paranoid, when not sure whether you really understand what is going on, take your time to ask someone in the know, or read the available documentation.
• Software can assist you in protecting your privacy, programs such as Private Disk and Password Carrier will make your life safer, and easier.
• Keep track of your expenses, to find out if you are already a victim of identity theft before it is too late.

It is not known to the wide public, but the truth is that for quite some time a version of Private Disk Light for Windows Vista, as well as for 64-bit versions of Windows XP has been available.

It can be downloaded: http://files.dekart.com/beta/PrvDiskLight-Vista.exe

It is unofficially called Private Disk Light 1.23, and here are the changes:

• Support for Windows Vista (32-bit and 64-bit)
• Support for Windows XP 64-bit
• Prettier icon
• Surprise - a new feature that hasn't been present in the earlier versions of Private Disk; it is not likely to get noticed. But if you do notice it, you can get a free license for the full version of Private Disk, and I am absolutely serious about this one ;-) Good luck!

I am on Private Disk v 2.09. I close my files and every time I try to disconnect a drive letter I get the message:

There are files currently opened on disk Z:\

I feel that my data is not closing correctly. My question is how do I find out what file(s) are still open and how do I close them?

Quite often a volume can be used by a service, or another process that is running in the background - which makes it difficult to detect. In such cases, the best approach is to use a tool that monitors all the file activity that goes on in the system, and examine the list of processes that interfere with files located on the specific volume.

One such tool is Process Monitor; among many things, it can show which programs are working with data on a specific volume.

• Start Process Monitor and make sure the File System Activity monitor is enabled
• To simplify the task, create a new filter that will only show the activity that involves the volume you are interested in. The screenshot below illustrates how to add a rule that will only show which files are open on disk D:\
• As you can see, in this example the non-system programs that are using files on disk D:\ are TheBat, Trillian.

All you have to do is close these programs, and try to dismount the volume again.

If you see an unknown program accessing the volume, and you don't know how to close it (or you are not sure whether "killing the process" will have any serious consequences or not), look up the name of the program in a search engine and that will give you enough details to make a correct decision.