Lazybit

Feature	1.x	2.x	SIMple	SIM Manager
Read 2G SIM	+	+	+	+
Read 3G SIM	-	+	+	+
Read Nextel cards	-	+	+	+
Read SMS	-	+	+	+
Wipe SMS	-	+	+	+
Import CSV	+	+	+	+
Import vCard	-	-	-	+
Google contacts	-	+	-	+
Yahoo! contacts	-	+	-	+
Facebook contacts	-	-	-	+
Copy SIM	-	+	+	+
Manage PLMN	-	+	+	+
Vista/Seven support	-	+	+	+
Clear SIM card	-	+	+	+
iTunes import	-	-	-	+
View SIM properties	-	+	+	+
Change PIN	-	+	+	+
Print phonebook	-	+	+	+
Multiple readers	-	+	+	+
Prefix management	-	+	+	+
Remove duplicates	-	+	+	+
Improved write speed performance	-	-	+	+
Updates	-	-	+	+
Cost	Discontinued	Discontinued	Coming soon	USD 29

What this means:

• The latest version is the most feature-rich SIM card management program
• The 1.x and 2.x branches are not supported anymore and they will not be updated

If you've made up your mind - you can upgrade to SIM Manager 3.

SIM Manager can retrieve the address-book and SMS from the iPhone, via iTunes' backups.

Depending on the firmware version of your iPhone, you can get lucky and recover deleted SMS as well. Take a look at this video for more details:

This procedure does not require a card reader, so technically you can try it out for free - since the trial version of SIM Manager is fully functional during the evaluation period.

Here is a download link for the current release candidate of version 3.0: dl.dropbox.com/u/3258602/DKbeta/SIMManager3-a.exe

Dropbox is a highly effective tool for file sharing and syncing between multiple computers or users. It offers great portability and easy access to your files from, practically, anywhere.

Dekart offers 2 different solutions to protect files on Dropbox.
Both solutions add a new level of security, which saves you in case somebody found out your Dropbox account's password or it got hacked, leaving your data intact. Each has its set of features that make them unique from one another, at the same time, offering the highest grade of protection and usability.

Keeper
Encrypt files and folders and sync them using Dropbox, and access your secured data from anywhere.

In order to share the sensitive information with users that do not have Keeper, create Self-Extracting Archives and send them the password.

Private Disk
Create encrypted disks for secured file storage, and open private data from work, home or anywhere you have Private Disk installed.

Use the Portable Private Disk feature, to get extra space for your sensitive data to be stored.

We believe people should understand that, nowadays, when information technology is part of everyday life, it is important to keep your data safe.

I often bump into ads in which somebody states that a company can clone your SIM card, or that some wise-guy has the gear needed to clone a SIM card. A slight variation is made by the ads that state that one can make a SIM card hold more than one SIM card [i.e. if you have two SIMs, you can migrate them into one, thus there will be no need to switch cards when you feel like switching numbers or mobile operators].

Why cloning a SIM card is impossible? [for a usual human being like you and me]

Because a SIM card is a smart card, it has an operating system, a microprocessor and a file system. On top of that, it has a great authentication mechanism that allows the card to determine which actions can be carried out [and which ones cannot] by a specific user. Yes – it is similar to an OS with multiple users, in which an administrator [or root] can do anything, while somebody else [say, Guest] can only read a limited number of files.

A SIM card is made of directories that hold files, each file has its own use, for instance, one of them holds your address book, another one – your SMS archive, etc. These files can be read by us – mobile phone owners.

There are also system files, such as the ones that contain information about the secret keys used by the phone to connect to the mobile network. Such data are critical, and they cannot be changed by the user – i.e. by us.

In order to clone a SIM card, every single file must be read, including the ones that hold the low-level secret information. But, as you’ve probably figured out by now – the card’s protection mechanism will simply not allow that data to be read. Just imagine that you’re logged on as a guest, and you want to copy some files that only an administrator can access. For obvious reasons – you will fail.

So, if you really want to clone a SIM card, you need to “log on as an administrator”. Simple - but not possible for the end-user. Here are some extra facts that should help you understand why things are so.

When you buy a SIM card, the operator gives you the SIM card itself, and several codes: PIN, PUK [sometimes also PIN2, and PUK2]. The card is already formatted, meaning that its file system is created and it already contains some data. The PIN is something that allows you to “log on as a guest” and use the resources such as the address book. So there’s no way you can clone the card - insufficient privileges.

But how do mobile operators make changes to the card?

As stated earlier, a SIM card is just a smart card with a special format. Assume the mobile operator buys a thousand smart cards that are 100% empty. From the very beginning, the card manufacturer gives the provider the so called transport key (a.k.a issuer key), which is what is needed in order to perform any operation with the card. Afterwards, a person from the GSM operator formats the cards, creates the needed files, assigns the PINs, etc. and then the SIM cards end up on the shelves of stores and boutiques.

The conclusion is that the SIM card’s transport key is what you need in order to be able to actually clone it. But the problem is that the key is kept secret, for obvious reasons. Think about all the damage that could be done, all the financial scams, and so on.

So, when somebody says they can clone a SIM card, it is very likely to be a false claim, unless that person is an employee of the mobile operator, and has access to the transport keys. Even in that case, you can be sure that it is illegal, because no employee is allowed to disclose such information and use it for personal purposes.

But what about brute-force attacks?

Those won’t work, because a GSM SIM card [like any other smart card] will lock itself if an invalid PIN is entered a certain number of times. Afterwards, you can still unlock the card with the PUK, but if that fails too – the card will permanently lock itself. Meaning that its data are not available, gone, nada, zilch!

Technically, it is possible, all you need is a SIM card reader (or a PC/SC compliant smart card reader), and a hell of a lot of luck – so that you could guess the right key before the card locks itself. But let’s face it; the chance to succeed is probably much smaller than the chance of a pink unicorn materializing right now, right behind you!

You might also want to know some additional facts about PIN and PUK, available on Dekart’s forum.

Back to our money-making wise-guys – most often, the ad goes like this:

“SIM card clones, any operator, any country”.

Now that’s a bold statement! If it was just a once in a lifetime deal, somebody who can clone a SIM card of a single operator (where they used to work, but got fired, and now they fight back) – it would’ve been more credible. But being able to clone any SIM card means that all the transport keys of all the mobile operators have been compromised, and nobody noticed that.

Some pseudo-statistics

No, I am not a statistician, but I did do a minor research, which included questioning almost everybody I know (who is technically literate). It turns out that everybody heard about people who clone SIM cards, but nobody has ever seen the process of cloning, or a home-made^ two-in-one SIM card in action.

With that said, ladies and gentlemen, I rest my case.

^ - Strictly home-made, because it makes sense when the operator itself provides such a service [which is not an uncommon thing]

So, you and your employer are not on good terms anymore and you think it is payback time? Here is a beginner's guide to expressing disagreement.

Disclaimer: the article does not focus on the moral and legal side of the issue, the focus is purely technical.

Note: a complementary article for employers will follow shortly, but if you're sharp enough you can derive the protection methods from this information.

The options are different, but if you're in the IT industry, the common choices are:

• change all the passwords and do not disclose them;
• delete all the data;
• encrypt all the data;
• apply subtle changes to the systems configurations, so that they seem to be working right, but somewhere deep inside a problem is waiting to happen;
• share private data with your employer's worst enemy.

Change all the passwords

It is a matter of time before they find a new person who knows how to apply the password reset procedure - most (if not all) systems have one. Sometimes it is as easy as reading the manual (which they should've told you to write in the first place) and following the instructions.

As an IT expert, you are aware of the fact that if someone has full physical access to a system - they can override pretty much every security measure.

Cons:

• it is a matter of time before they reclaim access to the resources. Since the bridges are already burnt down - your image suffers badly, your future employment opportunities are quite shady. You gained nothing.

Pros:

• easy to implement;
• it is more difficult and time consuming to get past this if there are remote resources (ex: servers) controlled by other companies, in other timezones;
• once they get everything back and sue you, you can say "I didn't want it to be serious, so I chose this trivial method" [then pray they'll buy that].

 

Delete all the data

This is a better approach, because in this case there is nothing to recover. They can have the passwords for every server, the key for every door - but there is nothing to be found behind any of the doors.

Cons:

• there are backups, you'll have to delete those too, thus there is more work to be done;
• there are data recovery techniques, you'll have to make sure they won't work
  • destroy the data (crash the hard disks; burn the DVDs, literally);
  • wipe the data - wiping is the process of deleting data, then overwriting it with other data, to prevent recovery software from being able to retrieve the original files. In spite of the belief that you need multiple overwrite-passes to make a file impossible to recover - even one pass is good enough.

Pros:

• the more time passes since the files were deleted, the more difficult it is to recover them. The employer will feel a lot of pressure because they have to do everything fast, or they'll have to disrupt the service for a while. This should make it evident for them that they should've given you the raise you asked for, it would've cost them less;
• if you were unprofessional enough to not make those regular backups, the employer will understand that they made more mistakes than they originally thought, one of them was that of employing you in the first place.

 

Encrypt all the data

This is an extension of the previous method, and it is psychologically more aggressive, because this time they know they have the files, and "all they need" is the password. This gives them the false feeling that they're almost there.

Cons:

• encrypting data takes time, especially if there are large amounts of it;
• you may be foolish enough to use an encryption program that has backdoors in it - which makes your effort useless;
• the employer may have keyloggers installed on your systems, thus they will be able to find the password - rendering the exercise useless again;
• if you use a weak password - they can guess it or brute-force it.

Pros:

• the method is meaner than simply deleting the data;
• even if they have full physical access to the system - it does not help them;
• if you are sure that you are using the best encryption program that does not have any backdoors and employs the best encryption algorithm, you're safe;
• if you use a smart card to encrypt the data, any brute-force or dictionary attack attempts will be futile.

 

Apply subtle changes to the systems configurations, etc.

If you need an example of this, remember the movie "Office space" to get an idea about how this is done.

Cons:

• they won't know you've had them, because these backdoors are so subtle - thus you lose some of the moral satisfaction;

Pros:

• when the new guy shows up, it may take a long time until the flaws are revealed (especially if you were insightful and weren't kind enough to document what you were working on, making it difficult to understand the system you left behind);
• you can exploit these flaws for many years, and perhaps get some benefits out of it. If you're not greedy and keep everything below the radar, you may never get caught.

 

Share corporate secrets with the competition

If you are not bound by an NDA, they won't be able to use this against you.

Cons:

• if you don't keep this low profile, future employers won't be able to trust you, and your career may not get far from where you're standing.

Pros:

• if there were no NDAs, technically you succeeded in making them suffer without breaking the law.

 

Final thoughts

All the methods above have one thing in common - you'll have to pay for it sooner or later, and there is no approach that enables you to get away scot-free.

I do not encourage employees to cheat their employers (and vice-versa), I consider that a direct dialogue is the best way to solve a problem, as well as to prevent it from happening in the first place. This article must not to be used as legal advice.

From time to time people ask me how to deal with cases of data loss. Usually I tell them about a tutorial that was written for Private Disk - the subtleties of backing up encrypted data. The problem is that data loss can happen to anyone, not only a Private Disk user, so I decided to write another guide, which is more generic, and is about data safety in general. It is true that there are more ways in which things can go wrong with encrypted data (because if you forgot the encryption key you actually lost all the data), there are still plenty of scenarios which can make someone unhappy even if they don't use encryption.

This is a story for those who are aware of the fact that we live in a world where Murphy's laws rule, those who understand the importance of backups, and are looking for a good backup strategy.

If you don't know why backups are important and why you need them, check out the reading material section in the end, or read about Murphy's laws when you have some time.

A good backup mechanism is

• Automatic - copies must be made even if we are asleep, or tired, or not in the mood to do copies. A backup strategy that depends on our not forgetting to do an action is doomed to fail sooner or later, because forgetting is a feature we all have;
• Reliable - a copy that was made must be the equivalent of the original; i.e. if things go wrong, we must be certain that the copy will be able to replace the original (not "this copy will do", but "this copy is as good as the original and I will not feel the difference after restoring");
• Invisible - the copy must be made in the background so that the "files are being copied" window doesn't get in the way. If it does, we will feel tempted to close it because "ah, it will never happen to me anyway" or "just this one time I will close it". By having the copy being made in the background we exclude the possibility that a human will accidentally interrupt the process, or interfere with it.

Additional requirements

These are not mandatory, but having them is a bonus:

• Keeping several old copies, so that you can revert to the state in which the files were at different points in time;
• Limiting the file copy speed, so that the system stays responsive if the copy is made while you are using the computer;
• Compressing the backup, so that less space is used on the storage device where the copy is kept;
• Integrity checks - after the copy is made, it is compared with the original (using a checksum or hash), and you are warned if there is a difference between the two. Such checks will take more time, and most of us will do fine without them; but if you're dealing with mission-critical data, such a check can save lives or millions.

Prerequisites

• Make a list of files and directories that you need to backup.
  
  
  If you have plenty of storage, you will probably want to backup the entire partition or hard disk, but this is not a good idea because:

  • it takes more time to do such a backup
  • if the data is on the system disk you will most likely have to reboot the system in a special mode (which is against the lazy nature of mankind)
  • the backup will contain a lot of data you do not really need (operating system modules, temporary files, programs that you can always download from the Internet, etc)

• Decide where you will keep the backups, these rules must be taken into account:

  • it is better to keep the backup on another partition
  • even better: on another hard disk
  • even better: on another computer
  • even better: on another computer in another physical location (preferably on a different planet, to make sure that your data will survive the impact of Earth with an asteroid)
• Estimate how fast your data grows and how much space you will need.
  
  
  This is very important, because if it is not done right you might be tempted to interrupt the backup processes in the future because you ran out of space.
  
  
  If your original hard disk is 60 GB in size, it is safe to assume the backups will never be larger than 60 GB in size (unless the backup storage device also contains backups from other computers). Take into account that you will most likely compress your backups too - so that will take even less space.

Practical scenario

Here is a sample environment:

• Lappie - a laptop which contains the following data I care about

  • D:\Soft\Trillian - my instant messaging program, I want to keep my conversation history and the
  • D:\Soft\TheBat - my email client and the email archive for several accounts
  • D:\Stuff\TXTs - a directory with various texts (essays, poems); this is what I use instead of the standard My Documents folder (the rationale behind this decision is given in one of the discussions in the reading material section)
  • D:\Stuff\MyNotes - my OneNote repository (again, notice that it does not reside in My Documents)
  • D:\Soft\Palm\Alex - my Palm desktop profile
• Servo - a desktop computer at home, which has a shared folder to which I can write, available as \\Servo\backups. In this folder there are sub-folders for each type of data I am backing up (MyNotes, TXTs, etc).
• Hive - the server at work, which has a shared directory \\Hive\Alex\ to which only I have access; I will store my work-related data there.
• The backup at home must be made once a week, every Sunday at 20:00; and the one at work is done every Monday at 09:30.
• If the target computer is not turned on at the time, the backup will be made automatically next time there is an opportunity (ex: instead of waiting for the next Sunday 20:00, attempts will be made to copy the files every now and then, until the backup succeeds).
  
  The availability of \\Servo\backups can be used as a test: if the share is accessible, it means that both machines are on and the network is up; otherwise the backup is postponed.
• I want to keep several old backups too, to make sure I can revert to them in case I want to take a look at the older versions of the files, see the image below.

Each time a backup is made, the old backups are pushed down, the fresh backup becomes #1, and the oldest backup is deleted. Note that even though the image says "new files", the backup will include the old ones too. Keeping three older copies is more than enough for the average user, but if you want to be able to travel back in time and see how your files looked like back in '45, you will obviously have to keep more than three previous copies.

The tools

To get the 3 features a good mechanism must have, only 2 tools are needed:

• task scheduler
• backup program

Windows comes with a task scheduling mechanism, you can access it via Control panel\Scheduled tasks. There are alternative programs which offer more features, but you will probably want to start with the standard task scheduler because you have it for free and it is already installed. There are reasons that can convince you to choose a different program for this purpose, they will be discussed later.

A backup program can be any program that does what you need. Many of us can be happy with XCopy or Robocopy (which also has a GUI), although this tutorial will focus on another tool.

The tandem is nnBackup and nnCron, both programs come from the same company, they are light and very flexible, providing a broad range of features. They are not free, though there is a special offer for ex-USSR folks, they can get it for free; therefore you might want to take a look at some of the programs described above, or look for alternatives elsewhere.

nnBackup is the program that does the actual copying. You can read about its many settings in the manual, be prepared to make notes on a paper, or in a temporary text file. Once you are done, you will end up with a set of command line arguments that do what you want, for example:

nnbackup.exe verz -n 2 -sdn "onenote" -i D:\Stuff\MyNotes -o \\Servo\backups\Onenote -s -e -sa -zip -v -pc
nnbackup.exe verz -n 2 -sdn "Documents" -i D:\Stuff\TXTs -o \\Servo\backups\Documents -s -e -sa -zip -v -pc

nnbackup.exe verz -n 2 -sdn "trillian" -i D:\Soft\Trillian -o \\Servo\backups\Trillian -s -e -sa -zip -v -pc


And so on... as you can see, all the lines are identical, the only part that varies is the one that concerns the path of the source (where files are copied from) and the target path (where the files will be copied).

For the curious minds, here is what the command line arguments mean in the examples above:

• -i: input directory
• -o: output directory
• -verz: keep several versions of the backup, in compressed files
• -n 2: two backups will be kept
• -s: include the subdirectories too
• -e: include empty directories too
• -sa: copy the access rights (ex: you have NTFS access rights set for your directories, and you want them to be preserved on the target machine)
• -pc: add a new backup only if differences were found between the current one and the old one
• -v: verbose, this will show you which files are being copied - you might be interested in watching what is going on; + it usually impresses the non-tech savvy folk that happens to be around ;-)

In the same manner, I wrote the commands that will backup my other folders. Whenever I have a new type of data I want to backup, I can copy/paste an existing line and alter it accordingly. All these commands are saved in a BAT file, thus they will be executed one after another. All we need now is to launch this BAT file automatically on a weekly basis.

Watch out! some programs lock the files they use, so the files cannot be accessed by other processes (such as nnBackup, trying to make the copy). In this cases you have to make sure that the application is not running (ex: the mail client must be closed before the backup process is started, otherwise the mail archive cannot be read). To counter this, see if the program in question provides command line arguments (or any other mechanism) that allows you to close it correctly. Once you find out how to do that, perform that action before calling the backup script. If you don't know how to do that, then just close the programs by hand - but note that this goes against our philosophy - the backup must not require human intervention of any kind, because we can't trust humans...

nnCron comes into action now, this program will take care of running the backup script at the right time, re-run it if necessary, check if the network is active, etc. Creating a new task with nnCron is very easy, the screenshots below should be more than enough.

You can play with the other settings too, their names are self-explanatory. You will probably want to use the "host exists" feature, to verify whether the target backup machine is online; there are also various plugins that make it possible to use other conditions when evaluating whether a task has to run or not.

nnCron can keep track of multiple tasks; in this scenario, you will want two different scripts (one for backing stuff up on \\Servo, the other one for \\Hive), each script will have different settings for the time it should be run.

You don't necessarily need another computer for the backups, if you have an external disk, you can use it as the target path (i.e. instead of \\Servo\backups use F:\backups, replacing 'F' with the letter that corresponds to the external disk once it is mounted).

In the beginning you will probably not want to run the tasks in the background, because you want to see the progress of the transfer process, spot errors (if any). But after you do this a couple of times and you're sure everything works as you think it does, you can trust the system and let it work in the background.

Conclusions

The tips above are a set of general guidelines that are supposed to help you understand that good backups are a lot more than just copying and pasting files by hand in Windows Explorer.

A good backup mechanism must be thoroughly analyzed and tested before you can actually trust it. Do not let the apparent complexity dampen your spirits (I refer to finding the right command line arguments), once you get it figured out it is easy; but the most important part is that it is worth it. You will realize that when the first crisis comes and you get over it with no pain, trust me on that one.

Feel free to experiment with other similar tools (I will greatly appreciate it if you leave a comment and share your impressions), there are many of them out there.

Happy backups!

One liners

• Do not backup that what can be easily replaced (ex: program installers can be downloaded from the Internet).
• Another computer > another HDD > another partition > another directory.
• Keep system data and user data separate.
• Never send a human to do a machine's job.

Other reading material

• The importance of backups, don't wait until disaster strikes - the guide explains why data loss occurs, what the different types of data loss are and how to deal with them. The article also focuses on the aspects that are specific to backing up encrypted data. Although the primary focus is on Private Disk, the tips apply to other types of encryption software as well.
• Keep your system files and your data files separate - this forum discussion explains why keeping personal data in a dedicated directory is a good idea, and how it helps you solve problems easier if they occur.

Note: all the computer names were made up, coincidences with real world entities are just that - coincidences.

A report published recently by IC3 (Internet Crime Complaint Center), provides a lot of insightful tips to those who often engage in Internet commerce. The study was carried out in cooperation with the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance.

The study is extremely useful, as modern life is a path that will inevitably intersect with the Internet, whether we want it or not. The web helps us - consumers, do things faster and easier; the problem is that fraudsters get the same benefits. As a result, if you fall for an Internet scam, the damage can be of a greater magnitude, and it can be inflicted upon you so quickly that you won't even notice it happened. Here are some numbers that put things in perspective:

• From January 1, 2007 to December 31, 2007, the IC3 website received 206,884 complaint submissions. This is a 0.3% decrease when compared to 2006 when 207,492 complaints were received.
• The total dollar loss from all referred cases of fraud was $239.09 million with a median dollar loss of $680.00 per complaint.
• This was an increase from $198.44 million in total reported losses in 2006.
• Email (73.6%) and web pages (32.7%) were the two primary mechanisms by which the fraudulent contact took place.

It is highly recommended that you look through it and study the charts, and the recommendations section, which explains how to deal with such cases, as well as prevent them from happening. The remaining part of this article focuses on the issue of identity theft, which sadly was not given enough attention in the survey.

It is interesting that the study concludes that identity theft is one of the smaller troubles, as shown in the chart below.

Such a state of things is quite strange, because another study (the Computer Security Institute survey for 2007) found identity theft a much more serious problem. Could it be so that the victims of identity theft are not yet aware of their status?

Another possible explanation is that the scope of the IC3 report is simply different, it focuses on issues that occur after a transaction is complete (i.e. it is assumed that everything was ok before the final click in the process), while the truth is that identity theft has much more serious consequences. There is no need to use fake cheques, there is no need to engage in a long conversation with a "Nigerian scammer", nor there is a need to get involved in auction bidding. With your data in their pocket, a fraudster can do anything in a clean way - the sellers will not suspect that something is wrong, because from their point of view, they are dealing with an honest person, and everything is legal.

Identity theft occurs when someone else uses your personally identifying information without your knowledge or permission, to obtain credit cards, loans and mortgages, buy various products on your behalf, leaving you responsible for the consequences.

To minimize the risk of identity theft, you have to make sure that all the ways in which an identity can be stolen (attack vectors) are taken care of.

• If you use a public computer for online banking transactions (ex: buy merchandise or purchase tickets for travel, concerts, or other services):
• • First of all, avoid using public computers, perform all the tasks that involve dealing with sensitive data on your home PC;
  • If you are forced to use a public computer, you can be the target of a keylogger, or the target of malware running on that workstation. There is no guarantee that the computer does not have any harmful programs installed there on purpose. You need a tool such as Password Carrier, which will automatically fill in the forms on the web-sites and in Windows programs - thus keyloggers won't capture your passwords and other personal information, because you don't have to type anything by hand.
• If you store personal information in your home computer, there is a chance that it will be compromised (ex: if your antivirus or firewall failed), or that someone who uses the computer inadvertently ran an unknown (and malicious) program or an attachment that came with an email.
• • Make sure that all the sensitive files on the system are stored in encrypted form, so that they cannot be copied by someone who connects to the computer remotely. Use Private Disk to encrypt your files;
  • Use additional protection offered by Disk Firewall, to ensure that trusted but compromised programs won't allow an attacker to access private data;
  • As in the previous case, it is a good idea to use Password Carrier, because it takes a lot of expertise to thoroughly study a system and say "this system is 100% clean, no viruses, no spyware, no malware of any kind". If you are not one of those who can check their own computer and guarantee that it is clean, then Password Carrier will definitely help you.
• Social engineering is another instrument an attacker can use to steal your identity. Why install various malicious tools and risk getting caught, when you can just go ahead and directly ask what you want? Due to the way our brains are wired, this approach is very often effective!
• • Be careful when someone asks you for personal information; it is good to be suspicious, so do not be afraid to question what they intend to do with this information;
  • Always double-check the information you are about to submit, sometimes a detail that seems unimportant can actually make a difference. If you don't know whether some data are sensitive or not, treat them as sensitive and do not disclose them;
  • Examine the privacy policy of the services that are used, in order to find out how they store and apply your data. In addition, if you are dealing with an intermediate party, they might request other, apparently not important data; if you know which details are needed by the service that does the actual processing, you will be able to find out whether the intermediate party requested data which they don't normally need;
  • Cautiously share your personal information with your friends and colleagues. You may trust them, but are you sure they won't accidentally (or even intentionally) share your details with other parties? Is your friend aware of the existing threats? If you are not sure, then you should think twice before handing out passport numbers, addresses, phone numbers, etc.

Conclusions

• The Internet is a dangerous place, don't forget that.
• It is a good thing to be a little bit paranoid, when not sure whether you really understand what is going on, take your time to ask someone in the know, or read the available documentation.
• Software can assist you in protecting your privacy, programs such as Private Disk and Password Carrier will make your life safer, and easier.
• Keep track of your expenses, to find out if you are already a victim of identity theft before it is too late.