Step by Step Guide To Changing the Windows XP Product Key By Tim Fisher, About.com Guide 1 of 15 Previous Next Click on Start and then Run   Windows XP Start Menu The main reason you might want change the Windows XP product key is because your key is pirated or otherwise incorrect but you don't want to reinstall Windows XP to activate your new legal product key. Note: I created this step by step guide in addition to my original How to Change the Windows XP Product Key Code guide. There are several very specific steps in this process, many of which involve editing the Windows Registry, so this visual tutorial should help clear up any confusion. Changing your Windows XP product key should take you less than 15 minutes. The first thing you need to do is click on Start and then Run....

Step by Step Guide To Changing the Windows XP Product Key By Tim Fisher, About.com Guide 4 of 15 Previous Next Click to Modify the OOBETimer Registry Value   Registry Editor - OOBETimer Modify In the results that appear in the window on the right, locate OOBETimer. Right-click on the OOBETimer entry and then click Modify from the menu that drops down.   Step by Step Guide To Changing the Windows XP Product Key By Tim Fisher, About.com Guide 5 of 15 Previous Next Select Part of the OOBETimer Value   Registry Editor - Edit Binary Value The screen you should see now is the Edit Binary Value window with OOBETimer in the "Value name:" field. As part of the process to change your Windows XP product key, you'll need to deactivate Windows XP. Deactivating Windows XP is accomplished by changing the value of OOBETimer, something you're about to do. Select any part of the OOBETimer value by double-clicking on it. Note: I've distorted much of the hexadecimal series for OOBETimer in this and other screenshots but you'll see several letters and numbers on your computer.

---

Step by Step Guide To Changing the Windows XP Product Key By Tim Fisher, About.com Guide 5 of 15 Previous Next Select Part of the OOBETimer Value   Registry Editor - Edit Binary Value The screen you should see now is the Edit Binary Value window with OOBETimer in the "Value name:" field. As part of the process to change your Windows XP product key, you'll need to deactivate Windows XP. Deactivating Windows XP is accomplished by changing the value of OOBETimer, something you're about to do. Select any part of the OOBETimer value by double-clicking on it. Note: I've distorted much of the hexadecimal series for OOBETimer in this and other screenshots but you'll see several letters and numbers on your computer.

---

Step by Step Guide To Changing the Windows XP Product Key By Tim Fisher, About.com Guide 6 of 15 Previous Next Change the OOBETimer Value   Registry Editor - Change OOBETimer Value Enter any value you want over the selection you made in the previous step. Note: The OOBETimer value just needs to change - it doesn't matter what it's changed to. As you can see in the screenshot above, I changed the first part of the value to 11 from FF. Click the OK button to confirm the change.

---

---

---

---

---

Step by Step Guide To Changing the Windows XP Product Key By Tim Fisher, About.com Guide 13 of 15 Previous Next Wait While the New Installation ID is Generated   New Installation ID Generation After updating your Windows XP product key, the Windows XP Activation Wizard will generate a new Installation ID which will be used to activate Windows XP. This screen is only momentarily displayed. If you don't see it, don't worry. It probably just happened too quickly to notice.

---

---

---

8 Core Beliefs of Extraordinary Bosses

The best managers have a fundamentally different understanding of workplace, company, and team dynamics. See what they get right.

Getty

A few years back, I interviewed some of the most successful CEOs in the world in order to discover their management secrets. I learned that the "best of the best" tend to share the following eight core beliefs.

1. Business is an ecosystem, not a battlefield.

Average bosses see business as a conflict between companies, departments and groups. They build huge armies of "troops" to order about, demonize competitors as "enemies," and treat customers as "territory" to be conquered.

Extraordinary bosses see business as a symbiosis where the most diverse firm is most likely to survive and thrive. They naturally create teams that adapt easily to new markets and can quickly form partnerships with other companies, customers ... and even competitors.

2. A company is a community, not a machine.

Average bosses consider their company to be a machine with employees as cogs. They create rigid structures with rigid rules and then try to maintain control by "pulling levers" and "steering the ship."

Extraordinary bosses see their company as a collection of individual hopes and dreams, all connected to a higher purpose. They inspire employees to dedicate themselves to the success of their peers and therefore to the community–and company–at large.

3. Management is service, not control.

Average bosses want employees to do exactly what they're told. They're hyper-aware of anything that smacks of insubordination and create environments where individual initiative is squelched by the "wait and see what the boss says" mentality.

Extraordinary bosses set a general direction and then commit themselves to obtaining the resources that their employees need to get the job done. They push decision making downward, allowing teams form their own rules and intervening only in emergencies.

4. My employees are my peers, not my children.

Average bosses see employees as inferior, immature beings who simply can't be trusted if not overseen by a patriarchal management. Employees take their cues from this attitude, expend energy on looking busy and covering their behinds.

Extraordinary bosses treat every employee as if he or she were the most important person in the firm. Excellence is expected everywhere, from the loading dock to the boardroom. As a result, employees at all levels take charge of their own destinies.

5. Motivation comes from vision, not from fear.

Average bosses see fear--of getting fired, of ridicule, of loss of privilege--as a crucial way to motivate people.  As a result, employees and managers alike become paralyzed and unable to make risky decisions.

Extraordinary bosses inspire people to see a better future and how they'll be a part of it.  As a result, employees work harder because they believe in the organization's goals, truly enjoy what they're doing and (of course) know they'll share in the rewards.

6. Change equals growth, not pain.

Average bosses see change as both complicated and threatening, something to be endured only when a firm is in desperate shape. They subconsciously torpedo change ... until it's too late.

Extraordinary bosses see change as an inevitable part of life. While they don't value change for its own sake, they know that success is only possible if employees and organization embrace new ideas and new ways of doing business.

7. Technology offers empowerment, not automation.

Average bosses adhere to the old IT-centric view that technology is primarily a way to strengthen management control and increase predictability. They install centralized computer systems that dehumanize and antagonize employees.

Extraordinary bosses see technology as a way to free human beings to be creative and to build better relationships. They adapt their back-office systems to the tools, like smartphones and tablets, that people actually want to use.

8. Work should be fun, not mere toil.

Average bosses buy into the notion that work is, at best, a necessary evil. They fully expect employees to resent having to work, and therefore tend to subconsciously define themselves as oppressors and their employees as victims. Everyone then behaves accordingly.

Extraordinary bosses see work as something that should be inherently enjoyable–and believe therefore that the most important job of manager is, as far as possible, to put people in jobs that can and will make them truly happy.

What The Most Successful People Do Before Breakfast

BY Laura Vanderkam | 06-12-2012 | 8:00 AM

Mornings are a great time for getting things done. You’re less likely to be interrupted than you are later in the day. Your supply of willpower is fresh after a good night’s sleep. That makes it possible to turn personal priorities like exercise or strategic thinking into reality.

But if you’ve got big goals--and a chaotic a.m. schedule--how can you make over your mornings to make these goals happen?

Because I write about time management frequently, I’ve gotten to see hundreds of calendars and schedules over the years. From studying people’s morning habits, I’ve learned that getting the most out of this time is a five-part process. Follow these steps, though, and you’re on your way to building morning habits that stick.

1. Track Your Time

Part of spending your time better is knowing how you’re spending it now. If you’ve ever tried to lose weight, you know that nutritionists tell you to keep a food journal because it keeps you from eating mindlessly. It’s the same with time. Write down what you’re doing as often as you can. Use my spreadsheet, a Word document, or a pad and pen.

While measuring your mornings, try tracking your whole week. The reason? The solution to morning dilemmas often lies at other times of the day. You may be too tired because you’re staying up late. But if you look at how you’re spending your nights, you’ll notice that you’re not doing anything urgent. The Daily Show can be recorded and watched earlier--possibly while you’re on the treadmill at 6:30 a.m.

As for the mornings themselves, you can be organized but still not be spending them well. Question your assumptions. You may believe that “a man who wants to keep his job gets into the office before his boss” because that’s what your father did, but your boss may be disappointed that he doesn’t get the place to himself for an hour first! If you decide that something is a top priority, do it, but understand that we have to do few things in life.

2. Picture the Perfect Morning

After you know how you’re spending your time, ask yourself what a great morning would look like. For me, it would start with a run, followed by a hearty family breakfast. After getting people out the door, I’d focus on long-term projects like my books. Here are some other ideas for morning enrichment:

For personal growth:

• Read through a religious text: Sacred texts can teach us about human nature and history, even if they’re not from a religion you subscribe to. If they are, pray or meditate and get to know your beliefs in a deeper way.
• Train for something big: Aiming to complete a half-marathon, a triathlon, or a long bike ride will keep you inspired as you take your fitness to the next level.
• Do art projects with your kids:. Mornings don’t have to be a death march out the door. Enjoy your time with your little ones at a time of day when you all have more patience.

For professional growth:

• Strategize: In an age of constant connectivity, people complain of having no time to think. Use your mornings to picture what you want your career and organization to look like in the future.
• Read articles in professional journals: Benefit from other people’s research and strategic thinking, and gain new insights into your field.
• Take an online class: If a job or career change is in your future, a self-paced class can keep your skills sharp.

3. Think Through the Logistics

How could this vision mesh with the life you have? Don’t assume you have to add it on top of the hours you already spend getting ready or that you’ll have to get to work earlier. If you fill the morning hours with important activities you’ll crowd out things that are more time intensive than they need to be. Map out a morning schedule. What time would you have to get up and what time do you need to go to bed to get enough sleep? As for the mornings themselves, what would make your ritual easier? Do you need to set your easel next to your bed? Can you find a more cheerful alarm clock or one you can’t turn off so easily?

It’s easy to believe our own excuses, particularly if they’re good ones. Come up with a plan and assemble what you need, but whatever you do, don’t label this vision as impossible

4. Build the Habit

This is the most important step. Turning a desire into a ritual requires willpower. Use these fives steps to optimize your routine:

• Start slowly: Go to bed and wake up fifteen minutes earlier for a few days until this new schedule seems doable.
• Monitor your energy: Building a new habit takes effort, so take care of yourself while you’re trying. Eat right, eat enough, and surround yourself with supportive people who want to see you succeed.
• Choose one new habit at a time to introduce: If you want to run, pray, and write in a journal, choose one of these and make it a habit before adding another.
• Chart your progress: Habits take weeks to establish, so keep track of how you’re doing for at least thirty days. Once skipping a session feels like you forgot something--like forgetting to brush your teeth--you can take your ritual up a notch.
• Feel free to use bribery: Eventually habits produce their own motivation, but until then, external motivations like promising yourself concert tickets can keep you moving forward. And keep in mind that your morning rituals shouldn’t be of the self-flagellation variety. Choose things you enjoy: your before-breakfast ritual has the potential to become your favorite part of the day.

5. Tune Up as Necessary

Life changes. Sometimes we have to regroup, but the goal is to replace any rituals that no longer work with new ones that make you feel like every day is full of possibility.

That is ultimately the amazing thing about mornings--they always feel like a new chance to do things right. A win scored then creates a cascade of success. The hopeful hours before most people eat breakfast are too precious to be blown on semiconscious activities. You can do a lot with those hours. Whenever I’m tempted to say I don’t have time for something, I remind myself that if I wanted to get up early, I could. These hours are available to all of us if we choose to use them.

So how would you like to use your mornings? This important question requires careful thinking. But once you decide, small rituals can accomplish great things. When you make over your mornings, you can make over your life. That is what the most successful people know.

Secure Flash Drives Lock Down Your Data

By Jon L. Jacobi, PCWorld

Hollywood makes secure flash storage look easy. If the bad guy steals a thumb drive, it either blows up or some secret counterintelligence agency marshals the nation's resources in a no-holds-barred data hunt--most likely with Bruce Willis or Tommy Lee Jones working the streets. If the good guy steals the drive, it goes to a special-needs, special-deeds sidekick in a basement somewhere who cracks the code in 5 minutes.

Similar Articles:

• How to Carry Any Operating System in Your Pocket
• Free Tools to Wipe Your Drives Securely
• How to Encrypt a Hard Drive
• Safely Remove USB Drives Just by Unplugging Them
• Restore Access to a Write-Protected Hard Drive
• Encrypt USB Flash Disks for Free

That's the Hollywood treatment, but--exaggerations aside--it contains some elements of truth. Flash drive security is readily available, and some of it is free. Ease of use, however, is another matter.

Secure flash drives give security-conscious users a great way to transport sensitive information. And you can work directly off of such drives so that their top-secret data never resides in another location--except on a secure online backup service, of course.

Hardware vs. Software

The three basic approaches to securing data on a flash drive involve using software, hardware, or a combination of both.

The simplest, least expensive way to secure your data is to use a program such as 7-Zip to create encrypted archives on your flash drive. The obvious drawback of this method is that you must have the appropriate decryption software on any PC that you want to access the data from. (A portable version of 7-Zip is available, however.)

A slightly more elegant solution is Encrypt Stick, which also resides on the flash drive as a portable application but is designed solely for secure storage.

Easier yet is a secure flash drive that, upon being inserted into a PC's USB port, automatically runs software by tricking the operating system into thinking that you've inserted a CD. This software resides on a small CD emulation partition; the rest of the drive is used for storage. Variations on this approach run the gamut from simply providing access to the encryption program (as with the CMS Vault OTG) to hiding the data partition until you've run its control panel and entered a password to enable it (which is the method that IronKey Personal S200 uses).

A hardware-only product has special appeal to businesses and other security-conscious organizations that don't want and won't allow users to insert any type of executable file from a flash drive into their systems. Any type of software on a flash drive is vulnerable to tampering.

Hardware-only options include the Lok-It drive from Systematic Development Group, which requires the user to enter a PIN, using the buttons on face of the drive. Though it's a nice product, Imation's Defender F200 is the hands-down winner for cool, softwareless ease of use. The drive has a biometric finger scanner on top, which requires no software intervention when used alone. The F200 also uses the CD trick, but only for the configuration software or for additional password protection.

How Many Bits Are Enough?

No matter which hardware or software product you choose, it pays to know what type of security the item uses.

Any number of programs offer AES 128, 192, or 256. AES (Advanced Encryption Standard) is a symmetrical ciphering system--which means that it uses the same password or key to encrypt and decrypt data--and 128, 192, and 256 represent the number of bits in the key. The greater the number of bits, the larger the number of possibilities a cracking program must try to ensure that it will come up with the right one.

Because of the current choice between 32-bit and 64-bit computing and operating systems, you may know that an unsigned 32-bit binary number can be anything up to about 4.3 billion (4G, and an unsigned 64-bit number can be up to about 18.4 quintillion. It follows that 128-bit, 192-bit, and 256-bit numbers areimmense, and they have names you've probably never heard of.

Though computers are fast, they aren't fast enough to crack numbers at those sizes in a reasonable amount of time. At today's processing speeds, a brute-force attack that tried every possible solution would take billions of years (on average) to crack a 256-bit number--assuming that the person who created the password chose a full-strength password that used all of the bits. The larger the number, the slower the encryption or decryption--but for the modest amounts of data we're talking about here, that's generally not an issue.

Government Standards

If you're planning to transport a working recipe for cold fusion, you might want to confirm that your portable drive satisfies a high level of FIPS 140-2 (Federal Information Processing Standard, Publication 140-2). FIPS 140-2 isn't a technology, but a definition of what security mechanisms should do.

The Imation Defender F200 offers controls in a Web interface.There are four FIPS 140-2 levels. Level 1 involves using an approved encryption algorithm (such as AES 256). With level 2, the encryption is supplemented by a means to reveal tampering. Level 3 adds protection for the encrypting mechanisms and algorithms themselves. And with level 4, you add physically daunting packaging and fry the data and decrypting mechanisms if a breach occurs. At last, Mission Impossible!

The Imation Defender F200 has been validated for level 3 security, as has Lexar's JumpDrive Safe S3000 FIPS. Validation is an expensive process performed by a trusted partner that can take 12 to 18 months. More commonly in the product packaging or advertising, you'll see an indication such as "FIPS compliant," as with the IronKey Personal S200, which simply means the device follows the government's 140-2 guidelines.

What You Want

For most users, the free software approach is adequate, though not particularly convenient. Auto-run flash drives are a bit easier, and they carry only small price premiums. Full on, software-less, Hollywood-like magic such as the Defender F200 costs you four, five times or more per gigabyte than a plain drive, but the convenience and wow factors are huge.

 

Imation Defender F200 Flash Drive Has Spy Appeal

Imation Defender F200 USB 1GB Biometric Flash Drive Review, by Jon L. Jacobi December 10, 2010

Everyone wants to feel a little James or Jane Bond-ish every once in a while. And nothing beats Imation's Defender F2000 Biometric Flash drive when it comes to spy-like sex appeal. Pull your flash drive out, jack it into your notebook, and swipe your finger across its biometric fingerprint reader it to enable it. How cool, not to mention convenient, is that?

Mind you, the F200 is not the first flash drive with biometric reader built-in. But it is the first we've seen that's validated to level 3 of FIPS 140-2 government security guideline. Not compliant, not designed to meet, but actually validated--a lengthy and expensive process.

This drive comes in five sizes and prices, with the 1GB option starting at $90, all the way up to around $300 for the largest capacity of 32GB, as of the publication date.

The device uses hardware AES 256-bit encryption and may be configured to use the biometric scanner, a password, or both for a double layer of security. You may define two fingers for validation, and excuse the morbidity, but it's recommended that you use one from each hand in case you lose the use of one arm. The device, you see, is designed for military use-and as such, it can withstand extremes as well (including cold, heat, and impact).

Unfortunately, the F200 does not allow you to hide or disable the CD emulating boot partition that it uses to deliver and auto-run (PC-only) its configuration and password software. Some workplaces don't want any type of executable file on removable drives that will be plugged into their PCs, so that might be an issue for some office environments.

The Access Standard software that comes with the drive is portable, so it runs from the flash drive without installation and supports both the PC and Mac. It's also easy to use and efficient. You configure the scanner, passwords, and can even reset the drive with it--given the proper authority that is; you can manage multiple users with it.

You might rightly expect biometrics to carry a heavy premium, but the price for larger-capacity versions of this drive scale particularly poorly, as in government-procurement poorly. As of Dec. 15, plain 1GB to 32GB flash drives ran from under $10 to just over $50. A 1GB Defender F200 cost $109 and a 2GB model $129, understandable premiums for what you get; but a 32GB cost $369--way beyond the extra cost of the memory.

Despite the high price, the F200 will have many takers; It's good looking, the finger-swiper is extremely convenient, and it's highly secure.

 

How can I make a flash drive more secure?
January 19, 2006 12:02 AM   Subscribe

How do I make a flash drive more secure?

My father recently bought himself a flash drive, and now uses it for transferring all sorts of work documents to and from home. He asked me if there was any way of putting a password on it, or securing it somehow to stop someone reading all his work documents in the event it was lost / stolen.

I had to admit I was stumped.

So the question is, is there some way of making a generic flash drive more secure? I would like something fairly simple, maybe something where you pop the flash drive into the USB port and it prompts you for a password. I don't even know if this is really possible.

I did a bit of googling but never managed to find quite what I was looking for.

posted by tomble to computers & internet (18 answers total)

Ads by Google

Symantec Web Security
www.Symantec.com/EndpointProtection Secure Laptops, Desktops & Servers from Threats w/ Symantec Solutions.

USB Key Password Software
www.RoboForm.com Free - Easy - Fast - Secure. Over 32 Million Downloads - 5 Stars

Get Database Encryption
vormetric.com Download a Free White Paper That Explains Data Security & Encryption

http://google.com/search?q=flash+drive+encryption
posted by pompomtom at 12:10 AM on January 19, 2006

 

PGPi -- useful for more than just flash drives.
posted by krisjohn at 12:26 AM on January 19, 2006

 

If it's your dad, you probably want it to be dead simple.

Assuming we're talking PC here, I would suggest this solution. WinZip is also useful and pretty much foolproof for creating password protected folders.
posted by insomnia_lj at 12:48 AM on January 19, 2006

 

http://www.truecrypt.org/
posted by raaka at 12:56 AM on January 19, 2006

 

If it's Windows XP you'll have encryption for NTFS volumes built in. I've not used it myself though.
posted by ed\26h at 1:17 AM on January 19, 2006

 

Ads by Google

#1 USB Device Security
www.Lumension.com/USB-Security/ Leader in USB Device/Port Control. FIPS 140-2 Encryption. Free Trial.

 

I second the WinZip solution.

It's not wise to use NTFS on a flash drive, because you might be in a situation where you have to connect it to a non-Windows 2000/XP computer and it will not be able to read it (some OS's have read support), and almost suredly will not be able to write to it.
posted by Mijo Bijo at 1:22 AM on January 19, 2006

 

To expand on that a little, my suggestion would not work on Windows 2000 either, as it requires an encrypting file system on top of NTFS - it's purely an XP solution.
posted by ed\26h at 2:45 AM on January 19, 2006

 

I also second the Winzip (or Winrar) solution. You can run winrar right off the flash drive, for that matter. And Winrar has an option to mask/encrypt the filenames in the compressed file as well, making it a little more secure than winzip.
posted by tiamat at 3:01 AM on January 19, 2006

 

Assuming your Father is running Mac OS X (you didn't specify so I get to assume whatever I want), then the easiest way is to use Disk Utility and create a password protected sparse disk image. The disk image is AES encrypted - which is good, and by using a sparse image the disk image wont take up any more room than it has to.
posted by schwa at 5:24 AM on January 19, 2006

 

Do not forget to zero out (or better yet, radomize) the data on the flash drive first! If you don't, the old, unencrypted documents will still be easy to access with the right tools. I believe the DOD standard is to wipe it seven times with a random pattern.
posted by shepd at 5:48 AM on January 19, 2006

 

Ads by Google

Custom Flash Drives
greenthumbdrives.com/FlashDrives More Models, Options & Services Free Logo, Load, Ship - Min. 25 Pcs

 

Yes, 7. Gutmann recommends 35, though I think that was based on old hard drive technology.

Seconding TrueCrypt - it's surprisingly easy to use, once set up.
posted by blag at 6:09 AM on January 19, 2006

 

Secure Deletion of Data from Magnetic and Solid-State Memory

some people have treated the 35-pass overwrite technique as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data
posted by Sharcho at 7:40 AM on January 19, 2006

 

Thirding truecrypt if he's serious about the security. Amazingly easy to use and setup, much better than PGP in that regard. Windows built in encryption won't work unless his home machine is on the domain his work machine is on.

Note that the nature of TrueCrypt, or any truely secure encryption alogrithm, is there will be increased wear on his flash drive.
posted by Mitheral at 7:42 AM on January 19, 2006

 

Windows built in encryption won't work unless his home machine is on the domain his work machine is on.

You'd need to add the certificates to the logon you're using if you're transporting the files to a separate network, as I understand it.
posted by ed\26h at 8:42 AM on January 19, 2006

 

One note about Truecrypt - it needs to have a device driver installed on the destination computer in order to access the encrypted files. This might be an issue if you need to access the secured files from a system where you don't have administrator privileges (since non-administrators can't install device drivers). This is noted in the Truecrypt FAQ.
posted by gwenzel at 8:56 AM on January 19, 2006

 

You can buy flash drives that have security/encryption mechanisms built into the hardware. That's probably the simplest and most secure.
posted by winston at 10:29 AM on January 19, 2006

 

I wouldn't trust the built in encryption on a flash drive. Who knows what method they are using, how secure it is, or whether the implementation has a flaw.
posted by Mitheral at 11:41 AM on January 19, 2006

 

My vote goes to Keynesis Lockngo Pro. Simple interface, solid encryption -- this is an exceptional product.
posted by JudgeBork at 12:55 PM on January 19, 2006

 

« Older What is the best pool cue I ca...   |  CondomFilter: What is the best... Newer »

Ads by Google

Hard Drive Recovery Software
www.DataRetrieval.com Most Successful Data Recovery Rate Free Diagnosis & Free Drive Pickup!

StorageCrypt v4.1.0.386
www.magic2003.net Encrypt and password protect usb flash drive, external hard drive.

Windows Azure Security
www.windowsazure.com/free-trial Discover Microsoft® Windows Azure. Sign Up for a Free 90-Day Trial!

 

Flash drive security

Three basic rules

The most important rule for flash drive security -- or for the security of any portable storage media -- is also the simplest to state: 

• Minimize the amount of sensitive information you keep on it.  The ideal amount is zero.

If you can follow the first rule, you don't need to read any further.  If you must keep sensitive information on a flash drive, then the second and third rules are critical:

• Keep the flash drive safely in your possession or otherwise locked up in a safe place, just like any valuable object.
   
• Use a drive with built-in access control and encryption protection, and use that feature.  Don't count on your ability to never lose the drive, or never have it stolen.

Passwords and fingerprints

Secure flash drives control access by using passwords or, in the case of some newer models, fingerprints.

Such drives usually allow you to divide up their capacity into a "public" area that can be used by anyone who has the drive -- and a protected "private" area that requires the password/fingerprint.

In addition to limiting access to the private area, secure drives use an encryption algorithm to encode information stored there.  The password (or fingerprint) is mathematically converted to be used as the encryption key.

If you use a model with a password, the usual password selection and protection considerations apply.  Using a bad password defeats the protection.  On the other hand, if you choose a password so good that you forget it yourself, you may never get the information out of your device.  (Some drives allow you to store a "hint" phrase or question, that's provided when an incorrect password is entered.)

Fingerprint models eliminate the need for passwords.  Most drives allow you to "enroll" multiple fingers of your own (in case of injury), or you can use that capacity to enroll other persons' fingerprints (e.g., to share access with family members if you're using it for emergency document storage).  Some models also allow a password to be set, allowing access other than by fingerprint.

Costs and benefits

You will pay a bit more for protected USB drives.  How much is the confidentiality of your information worth?  If it's your personal information, that's your call.  If it is UM's information, we can tell you the answer:  Secure USB drives are required any time you use one to carry around copies of sensitive work-related information.

In addition to paying a bit more for the drive, there is an "operating" cost.  Use of the unsecured area of a secure flash drive works just like a regular drive.  You simply copy (or drag) a file to it.  However, interacting with the encrypted private area requires accessing the drive via the security software that comes bundled with it.

First you must set up the secure area, and select a password or record fingerprints.  From then on, you'll need to "log on" to open the secure area of the drive, by entering the password or scanning your finger.

As with any other type of software, some manufacturers do a better job than others of creating an easy-to-use system.  (You generally cannot mix-and-match.  You must use the security software that came with the drive.)  

Here are some things to consider when selecting a model:

Platform compatibility - All secure drives work with Microsoft Windows 7, Vista,  XP and 2000, but most are not compatible with older versions of Windows, such as 95, 98 and Me.  (For many reasons, we recommend you no longer use those older operating systems.)  Only a relative handful will work on Apple Mac or Linux systems.

Setting up the secure zone - As noted, secure drives allow you to divide up the drive capacity into "public"  and "private" partitions.  While this division can be re-adjusted, doing so sometimes requires that all data on the drive be deleted first.  Be careful. 

Bundled security software - Sometimes the security software must be installed on every machine with which you wish to use the secure flash drive feature.  In others, it need only reside on the drive.  Be careful not to erase your only copy of the security software when you divide the drive between secure and non-secure zones, as on some models a partition operation erases even that.  (Usually you can download a replacement from the manufacturer's Web site if you forget to make a backup copy.)

Accessing the secure and "non-secure" zones - You usually cannot access both the secure and non-secure (unencrypted) partitions at the same time, or easily flip between them.  If you are "logged in" to the secure zone, you will see only the files in that area; and you'll see only those in the non-secure zone if not.  To simplify use, we recommend you configure all the available drive space as secure, and use a separate (cheaper) flash drive for files that don't require security. 

Fingerprints vs. passwords - Fingerprint models are convenient (if you hate remembering yet another password), but a bit more expensive.  The long-term reliability of the fingerprint scanners used in such devices has not been established.  Also, currently they are only available for Windows systems. 

Secure drive models

There are dozens of secure models, with new ones arriving on the market all the time.  This is only a partial list.  Since prices change constantly, we have not included them here.

 

• Crucial Gizmo Overdrive with Security Software (password)
   
• Kanguru BioDrive, BioSlider (up to 10 fingerprints, with optional recovery password)
   
• Kingston DataTraveler Elite and DataTraveler Elite Privacy Edition (password)
  
  Windows XP/2000 required for password/encryption features.  Basic (unencrypted) file storage for Mac OS and Linux for the Elite version.
   
• Lexar JumpDrive Secure II (password)
   
  Windows XP/2000 and Mac OS X (10.2+).  One or more secure partitions with individual passwords, file "shredder" for secure deletion.  Software easier to use than most.  Recommended for persons who live in an Apple and Microsoft world.
       
• Verbatim Store 'n' Go Pro (password)
   
  Windows XP/2000 required for password/encryption features.  Basic (unencrypted) file storage for Mac OS and Linux. 

More information

All about flash drives
What they are, how they work, and links to even more information.

 

Executive summary
In recent years, cloud computing has been as visible
as any topic in IT. Its front-page news status has been
accelerated by Amazon, Salesforce.com, Yahoo, and
Microsoft®, among other firms aggressively vying for
leadership in providing cloud infrastructure or services.
However, this race for mindshare has obscured cloud
computing facts. Many admit to the haze surrounding
cloud computing.
This white paper separates fact from fiction, reality
from myth, and, in doing so, will aide senior IT
executives as they make decisions around cloud
computing. While dispelling cloud computing myths,
we will answer tough questions: How hard is it to
adopt a private or hybrid cloud? How difficult is it
to maintain and secure a cloud? How will the cloud
transform my business? Do I have the right skill sets in
place? What are some of my cost considerations? HP
is committing extensive resources to helping customers
with all of their questions and concerns around cloud
computing.
So, where did cloud computing come
from?
The IT industry has a habit of latching onto buzzwords
and applying them everywhere. “Cloud” is no
exception. So, to understand cloud computing, let’s
ground the conversation in some definitions. As a
practical baseline for our discussion, we cite the
National Institute of Standards and Technology (NIST)
definition of cloud computing published October 7,
2009:
“Cloud computing is a model for enabling
convenient, on-demand network access to a
shared pool of configurable computing resources
(e.g., networks, servers, storage, applications,
and services) that can be rapidly provisioned
and released with minimal management effort or
service provider interaction.”

Historically, the concepts behind cloud computing can
be attributed to John McCarthy who in 1961 said, “If
computers of the kind I have advocated become the
computers of the future, then computing may someday
be organized as a public utility just as the telephone
system is a public utility.…The computer utility could
become the basis of a new and important industry.”1
In 2008, Amy Schurr, in an article in Network World,2
cited Gartner research outlining the opportunity for
cloud computing “to shape the relationship among
consumers of IT services, those who use IT services,
and those who sell them.” Ms. Schurr observed that
“organizations are switching from company-owned
hardware and software assets to per-use service
models” and proposed that “[the] projected shift to
cloud computing…will result in dramatic growth in IT
products in some areas and significant reductions in
other areas.”
As seen with other major evolutionary transformations
of IT over the last four decades, new technologies
can be disruptive initially, with hype moving faster
than reality. But when technology is understood,
the benefits begin to outweigh the negatives. Cloud
concepts can mean different things to different people,
so let’s look at five cloud computing myths and
separate fact from fiction.

Myth one: The public cloud is the
most inexpensive way to procure IT
services
A characteristic of the public cloud is a relatively
inexpensive “pay-as-you-use” model. For example, the
starting price for Standard On-Demand Instances with
the Amazon EC2 Web service is less than a dime per
hour based on system size, operating system, and
locale. It’s easy to see why people think all delivery
from the public cloud is cheaper than that delivered by
internal IT. However, if you look under the covers, the
picture changes.
Here’s a surprising fact: For resources that are needed
constantly, enterprises can actually reduce costs
by leveraging other cloud models, such as shared
resources delivered via a private cloud. In cases like
this, the private cloud actually is more cost-efficient
than even the pay-as-you-use public cloud model.3
An analogy is the decision to rent or buy a car. For
short-term use, a car rental is cost-effective because
you pay based on what you consume. However, if you
drive frequently and for a longer term, then owning
a vehicle makes better financial sense. And beyond
price, there are other important issues to consider such
as performance, security, compliance, service-level
agreements, and availability.
Cloud strategy is essential
At the core of cloud computing—whether you’re using
a public cloud service, building your own private
cloud, or taking a hybrid cloud approach—is the
need to have your specific requirements incorporated
into a well-developed cloud strategy. It’s not a simple
exercise, as your cloud road map must address all
aspects of your performance, security, control, and
availability requirements.

Beth Schultz in her article “Public Cloud vs. Private
Cloud: Why Not Both?” observes that many
organizations today are gravitating toward a private
cloud first in order to understand it within the confines
of their own firewalls. She asserts that experts
now believe it’s a viable option to base your cloud
delivery decisions on an analysis of your applications.
She advises organizations to “evaluate specific
applications, factor in security and compliance
considerations, and then decide what apps are
appropriate for a private cloud, as well as what apps
can immediately be shifted to the public cloud.”4
To help you develop your own strategy and road map,
the HP Cloud Discovery Workshop was created to
lead your key IT and business decision makers in a
two-day workshop. This HP service demystifies cloud
computing through the use of structured interactive
discussions around the transformation of existing
applications: setting appropriate service levels,
planning for security vulnerability management, and
weighing cloud economic models. In this workshop,
HP experts explain the possibilities, risks, and business
implications of the cloud.

Myth two: Baby steps in virtualization
are the only way to reach the cloud
There are lots of good reasons for businesses to turn to
virtualization technology—more efficient utilization of
existing computing resources and improved flexibility,
to name just two. And virtualization is a powerful step
in transforming IT. But it’s just that—a step.
The real transformation comes when organizations
fully embrace cloud computing. Building even a
private cloud brings tremendous benefits such as
reducing IT complexity, significantly lowering IT
costs, and enabling a more flexible and agile service
delivery. Not that virtualization and cloud computing
are mutually exclusive; in fact, many technologists now
believe a virtualized infrastructure is a strong catalyst
for the next step, the adoption of cloud computing. But
even the private cloud is so much more; it automates
the underlying provisioning of infrastructure and
applications and adds a convenient way for end users
to request IT services.
Data center sprawl, rigidity, complexity, and costs
are reasons why traditional IT silos are not meeting
the increased pace of business demands. A private
cloud based on shared pools of resources—resources
that can be automatically tapped to meet business
needs—can help IT keep up. The private cloud
allows IT managers to have complete control over
available assets, while adhering to the security
standards required both within the cloud and in
the data center. The cloud provides the agility
needed to automate workflows and reduce human
involvement in time-consuming but necessary tasks
such as the provisioning of applications. Whereas
most companies take anywhere from three to six
months or longer to provision new applications, with
the cloud, the applications can be provisioned in a
few hours. With cloud patching and upgrading the
OS, applications or databases can be automated to
dramatically reduce the time IT administrators spend
maintaining applications.

The all-in-one approach can achieve the private
cloud
So why do businesses delay the adoption of a private
cloud? Change can be difficult for any organization,
but some executives may have concerns that the
work needed to automate their environment might
eclipse any gains made by automation. Or they may
believe they need to further standardize their current
environment to truly take advantage of automation.
But the truth is that today, the effort needed to get the
cloud is much, much less. Great strides have been
made by such firms as HP to build the automation
and integration tools needed for fast development of
private clouds. True, if an organization has already
adopted virtualization technology, that’s a major
step toward internal cloud computing. But, in fact,
it’s no longer necessary to take the stairs to the cloud
by first adopting virtualization, then building on
that technology, and finally moving tentatively to an
embryonic cloud environment. Today you can take the
elevator.
A case in point is HP CloudStart, a fast-track on-ramp
to the cloud. CloudStart is a turnkey HP Services
solution that allows you to deploy an open and
flexible private cloud solution in 30 days. You get all
the hardware, software, and services you need to
launch HP CloudSystem Matrix, a complete, integrated
private cloud that provides infrastructure as a
service, as well as basic application deployment and
monitoring. This is a complete cloud solution that can
provide “cloud driven” services. You can deliver those
services reliably and securely from a common portal,
with the scalability needed to deploy new services
quickly.
For anyone hoping to create a private cloud,
HP CloudStart has several key benefits, including:
• Best practice guidance: HP Services provides
expertise in deploying, customizing, and executing
on the long-term vision for creating a private cloud
that is tuned to your environment.
• Workshops and services for private cloud
success: To help your organization fully realize the
business promise of private cloud computing, HP
offers a series of targeted workshops that focus on
key areas of concern such as change management,
process re-engineering, and virtualization
technologies.

Myth three: Critical applications do
not belong in the cloud
It’s one thing to relegate a few servers running test
and development jobs to a cloud-based infrastructure.
But delivering business applications quickly and
efficiently continues to be the most important charter
for IT organizations. Studies such as a recent one by
Forbes shows that IT executives are under extreme
pressure to:
1) Cut infrastructure costs
2) Adjust their service levels to meet changing needs
3) Deliver applications with greater speed
IT professionals are interested in cloud computing to
help them address all three of these requirements. But
when CIOs and administrators look at major, businesscritical
applications like SAP, Oracle, and Microsoft,
they start to have doubts. How can IT possibly deploy
these often complex and traditionally hardwarebound
suites on something as seemingly transitory
as a “cloud”? And how can the cloud possibly be
configured to run these applications speedily, safely,
and securely—without a lot of time and effort on the
part of the IT department? In short, is cloud computing
appropriate for the critical applications that are so
important to the success of the busines

It starts with a map
To answer these questions, HP developed the Cloud
Maps. HP Cloud Maps fast-track the automation
of business application such as those from Oracle,
SAP, and Microsoft. They save days or weeks of time
while ensuring accurate deployment, configuration,
and sizing of cloud services for specific applications
and services. Each Cloud Map includes tools to build
a service catalog that meets your requirements for
fast and consistent delivery of high-quality services.
A typical Cloud Map consists of tested engineering
components such as:
• Templates for hardware and software configuration
that can be imported directly into your cloud
solution, saving days or weeks of solution design
time
• Sizers to help guide capacity and performance
planning
• Workflows and scripts designed to automate
installation more quickly and in a repeatable fashion
• Reference white papers to help customize the Cloud
Map for your specific information
HP Cloud Maps help organizations set up critical
business applications to use both the physical and
virtual aspects of a cloud infrastructure.

Myth four: Public cloud security and
management concerns apply to all
clouds
The use of a public cloud service can provide relief
from investments in hardware and software, as you
pay for service delivery instead. Cloud services are
now often obtained by various areas of the business,
which means IT must manage at the service level. But
many IT executives are unwilling to create a system
where their data resides outside of their control. Many
enterprises, due to governance, risk, and compliance
regulations, have strict rules about the handling and
archiving of sensitive data. The most prevalent security
concerns as cited by the Cloud Security Alliance are:5
• Abuse and nefarious use of cloud computing
• Insecure application programming interfaces
• Malicious insiders
• Shared technology vulnerabilities
• Data loss/leakage
• Account, service, and traffic hijacking
• Unknown risk profile
Fearful of the constant growth in attack
methodologies, IT executives believe that the private
cloud is the answer, as it keeps the cloud infrastructure
on the premises, inside company firewalls, and under
the direct control of the IT group. These executives
feel that if they trust the security on their traditional
networks, then their private cloud models, at least,
should possess that same level of assurance.
But is the private cloud model impenetrable? No.
Vulnerabilities exist with connection to the Internet.
There is also the threat of insider attacks and data
theft.
Securing the cloud requires real specialists
So how can your organization safely and
confidently take advantage of the speed, flexibility,
scalability, and cost-effectiveness of cloud services?
HP CloudAssure can help. HP CloudAssure is
a comprehensive turnkey solution consisting of
HP software, services, and expertise. It leverages
nearly a decade of HP’s software as a service (SaaS)
expertise and advanced service-level performance.
With HP CloudAssure, HP experts provide ongoing
visibility into your cloud services. They help diagnose
and report on potential performance and security
issues before those issues can impact your business.
HP CloudAssure helps you validate and assess:
• Security by scanning networks, operating systems,
and Web applications and performing automated
penetration testing
• Performance by testing for bandwidth, connectivity,
scalability, and quality of the end-user experience
• Availability by testing and monitoring Web-based
application business processes and identifying and
analyzing performance issues and trends
• Cost optimization by providing resource, code, and
end-user performance metrics that allow you to rightsize
your footprint
Whether you utilize cloud services for infrastructure
(IaaS), platforms (PaaS), or software (SaaS), this
solution can help you take full advantage of a public,
private, or hybrid cloud.

Myth five: There is only one way to
do cloud computing
As you have seen, there are a number of cloud
delivery models available. We’ve discussed the role of
public and private clouds in some detail in this paper.
Based on proven, market-leading HP Converged
Infrastructure and HP Cloud Service Automation,
the HP CloudSystem combines servers, storage,
networking, and security together with automated
systems and hybrid service delivery management.
The hybrid cloud is composed of two or more
clouds (private, community, or public). These clouds
remain unique entities, but they are bound together
by standardized technology that enables data and
application portability (e.g., cloud bursting for loadbalancing
between clouds).
In her article, “Cloud Computing for the Enterprise
Steps Forward: Lessons Learned and Key Takeaways,”
IDC, June 25, 2010, author Jean Bozman states that
next-gen cloud computing decisions will be designed
to “scale up, and scale down, on-demand—and to
allocate resources across a ‘grid’ or ‘array’ of preconstructed
building blocks developed by the service
provider. It will also demand a careful evaluation of
the customer’s inventory of enterprise applications,
to determine which ones could be moved to a
cloud computing platform (to run on private, public
or hybrid clouds).” Decisions based on the careful
analysis of applications clearly highlights the range of
cloud delivery options available to an organization.
Bozman further illustrates the benefits with private
and public clouds: “Private clouds leverage cloud
technology, bringing many of the benefits—such as
more standardization of infrastructure and business
processes—that reduce overall operational costs
(opex) and improve business agility. Public clouds offer
the benefits of leveraging someone else’s infrastructure
to run IT workloads on a pay-as-you-go basis,
reducing capex costs.”
HP CloudSystem is a comprehensive, integrated
solution for all clouds
For a complete, integrated platform that provides
private, hybrid, and even public clouds, look no
further than HP CloudSystem. HP CloudSystem is
the industry’s most complete cloud system, with
offerings for both enterprise organizations and
service providers. And HP is the only vendor able to
deliver such a comprehensive cloud platform with the
attributes needed by CIOs, service providers, and IT
professionals.
With support for the broadest set of applications,
CloudSystem provides IT with a unified way to offer,
provision, and manage services across private clouds,
public cloud providers, and traditional IT. It enables
the flexibility to scale capacity within and outside the
data center, it is extensible to existing IT infrastructure,
and it can support heterogeneous environments.
HP CloudSystem consists of three integrated offerings.
These offerings provide a range of services for all
organizations as well as an avenue for growth and
expansion:
• The HP CloudSystem Matrix offering is focused
on private clouds and infrastructure as a service.
This entry-level offering allows you to provision
infrastructure and applications in minutes, not
months.
• HP CloudSystem Enterprise is for those looking
to deploy private and hybrid cloud environments
and the full range of service models (IaaS, PaaS,
and SaaS). It provides a single services view of
your environments, from private cloud to public
clouds to traditional IT with advanced application to
infrastructure lifecycle management.
• Finally, HP CloudSystem Service Provider is tuned
for service providers looking to deploy public and
hosted private clouds, and to deliver owned and
third-party cloud services.
HP CloudSystem offerings can be extended with
HP’s market-leading software and hardware such as
HP 3PAR Utility Storage, HP TippingPoint and ArcSight
security, HP networking, HP mission-critical computing,
and HP software. CloudSystem is optimized for
HP infrastructure but it supports non-HP infrastructure
as well.
HP CloudSystem enables you to build and manage
cloud services across private, public, and hybrid
clouds without having to know, or care, whether
those services come from HP CloudSystem’s own “onpremises”
resources, from your existing infrastructure,
or from the public domain.

Are you ready for the cloud?
While there is plenty of hype about cloud computing,
it can bring you real benefits. Embracing cloud where
it makes sense for your business can speed your time
to revenue and reduce your costs. But embracing
cloud means cutting through the hype to find real
solutions.
No matter where you are in the cloud adoption
lifecyle, HP has the people, processes, and proven
track record to make a real difference and help you
take a direct route to the cloud. With HP as your
partner, you’ll be on your way to reaping the benefits
of cloud computing—without the hype—because
HP offers the most extensive range of cloud computing
expertise, products, and services. Contact us today
and learn more about the solutions discussed in this
paper and how HP can help make your journey to the
cloud a smooth one.
To learn more about HP Cloud technologies, go to:
• HP Cloud Computing Solutions at Cloud Computing
| HP Enterprise Solutions
• HP CloudSystem at Build Cloud Services with
HP CloudSystem
• HP Cloud Maps at HP Cloud Maps for
CloudSystem Matrix
© Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only
warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft is a U.S. registered trademark of Microsoft Corporation. Oracle is a registered trademark of Oracle and/or its affiliates.
4AA3-4550ENW, Created May 2011
Share

Comcast users phished by Constant Guard spam lure

Join thousands of others, and sign up for Naked Security's newsletter

by Chester Wisniewski on May 24, 2012 | Comments (5)

Filed Under: Featured, Privacy, Spam

Naked Security reader Simcha Jessel sent us a tip about a new phishing scam targeting customers of Comcast XFINITY cable internet service.

Jessel became aware of the scam after the scammers used his Gmail address to send the scam to their intended victims. It is unclear whether his Gmail was hacked or just forged in the email headers, both are common practices for phishers.

The emails read in part:

"Dear Comcast Customer,
The Constant Guard™ service has updated the Online Security of Comcast Users. To link your account to our new update you just need to re-login your account using the secure link bellow. The link will redirect you to our update login page. Simply login your account and the account will automaticly be updated."

The link pointed at a TinyURL which redirected victims to a compromised higher education institution website in India. Like many other sites that are compromised to host phishing pages, this one appears to have been compromised through vulnerable FrontPage server extensions.

Yes, I said FrontPage. The old Microsoft Office package used for building and publishing web sites. Microsoft discontinued support for FrontPage publishing extensions in 2006 and they have been the source of many web site vulnerabilities over the last 15 years.

The fake page is an identical copy of the real Comcast XFINITY login page, and surprisingly includes a fully functional TRUSTe logo which may lend further credibility to the site.

I've highlighted issues with services like TRUSTe before and even contacted the company for comment on what they are doing to limit fraud and ensure its seal means something. It has been over five months and I have yet to receive a reply from the company.

Always be suspicious of unsolicited emails you receive asking you to login and verify information, especially if they contain links to the site in question. If you believe it may be legitimate, be sure to open a new tab in your browser and visit the site directly to confirm the veracity of the message.

How internet revenge by an ex-partner can lead to horrific violence

Join thousands of others, and sign up for Naked Security's newsletter

by Lisa Vaas on May 24, 2012 | Comments (12)

Filed Under: Featured, Law & order, Privacy

The headline of the Craigslist "Casual Encounters" ad:

"Do me!!! - m4m - 28 (JP)."

The translation, for those unfamiliar with internet sex dating truncations: a 28-year-old male - a virgin, the ad went on to say - who "want [sic] it hard" was looking for another male, of any race or age, to sodomize him, first come, first served.

The phone started ringing as my boyfriend, John, and I were grocery shopping on a lovely April afternoon. It continued to ring for over a day.

The ad, together with a handful of others offering unrealistic pay for unskilled labor, was taken out in John's name, with his phone number, by an acquaintance with a drinking problem.

The phone calls were unnerving, as was the acquaintance's stubborn denial that he had placed the ads, even after John irrefutably linked him to the cloaked Craigslist email address listed in the ads.

I spent the night researching identity fraud and cyberstalking. We went to the police station to file a report. Although the police hadn't raised a finger, the calls eventually tapered off.

We got off easy. The damage done to our psyches was trifling, compared to the violence that some have suffered at the hands of cyberstalkers who take out ads soliciting sexual encounters - sometimes violent - in their victims' names.

It all came back to me when I saw a recent Forbes article on horrific crimes committed by jilted boyfriends, who now have the internet to use as a tool that enables identity fraud and even harassment via crowd-sourcing.

Forbes details two disturbing cases that have led to prosecution: The first is the case of Shawn Sayer, of Maine, who harassed his ex-girlfriend for years after they split up.

Sayer went so far as to crowd-source his revenge - i.e., he took out fake ads in his ex's name so that unwitting dupes would gang up on her.

Here's a description of how Sayer managed to keep up his retaliation after his ex moved to a new state, from a court order from Judge Brock Hornby:

After Sayer's former girlfriend changed her name and moved from Maine to Louisiana to escape him, the defendant Sayer, still in Maine, created fictitious internet advertisements and social media profiles using [the victim's] name and other identifying information. The fictitious internet postings included [the victim's] address and invited men to come to her home for sexual encounters.

According to Forbes reporter Kashmir Hill, the ads included the victim's photo, directions to her house, and a list of sexual acts she would perform when interested individuals showed up. Sayer also posed as his victim in chats and emails.

The Portland Press Herald reported that the first man who showed up on her doorstep as a result of the fraudulent ad groped her in a dark hallway. Fortunately, she escaped by running to a friend's apartment.

Hill details the fate of another, less fortunate victim who was violently raped after her ex-boyfriend, a former Marine, posted a rape fantasy ad on Craigslist on her behalf.

That tale has multiple victims, one of whom is a 27-year-old Wyoming man who answered the ad, which solicited "a real aggressive man with no concern for women."

Similarly to Sayer, the spurned ex-boyfriend posed as his victim and corresponded with the Wyoming man, who thought he had the victim's consent when he went to her home and raped her at knifepoint, leaving her bound on her living room floor.

In that case, both the ex and the man he used to carry out his crimes have been sentenced to 60 years in prison.

What makes these crimes particularly frightening is that the typical advice for avoiding identity theft just doesn't cut it when you're dealing with a former lover or friend: i.e., somebody who doesn't have to phish for your personal identifying information.

My guess is that these crimes are under-reported and substantially under-prosecuted, given the response that I received from the local police when my boyfriend and I filed a report on his harassment.

The officer who took our report didn't think any of the actions against John - taking out an ad in his name, with his phone number, to solicit homosexual acts - sounded illegal. The officer knew nothing of identity fraud or cyberstalking laws.

Nor did he think anything could be done to stop the harassment. He suggested we go to the local court house in the morning.

Perhaps that's how many of these cases unfold: clueless local police pass the buck until the victims give up and walk away, impotent, still vulnerable.

When we do hear about a successful prosecution, it's likely because somewhere along the buck-passing line, somebody knew that there are federal laws against cyberstalking and identity theft, and somebody knew that police departments have computer crime units, as does the FBI.

We can't rely on every police officer in every local police department to know about federal law or the appropriate channels for reporting computer crimes. We need to become fluent enough with the law ourselves to avoid being stonewalled.

To that end, if you ever have need to educate law enforcement regarding what is and isn't legal when you're reporting a cyberstalking or identity theft crime, here are some pertinent US laws and resources. There are many more, so feel free to add them to the comments section:

• The current US Federal Anti-Cyber-Stalking law is found at 47 USC sec. 223.
• The Identity Theft Resource Center has a list of federal laws and contact numbers, along with a host of victim resources.
• The US Department of Justice also has a site that defines identity theft and explains how to avoid being victimized by it.

In choosing to torment his ex-girlfriend, Sayer faced a maximum of 15 years in federal prison. That includes ten years on the cyberstalking charge, five years on the identity theft charge, plus a potential $250,000 fine on each charge, according to a press release from the Maine Assistant US Attorney.

To this day, the man who committed identity fraud on my boyfriend by taking out fraudulent Craigslist ads on his behalf thinks it was all a funny joke.

John and I failed to grasp the humor, but I did come away from the encounter with a few ideas of how victims might be better served:

1. Craigslist never responded to our requests that the fraudulent ad poster be barred from posting further ads. Nor did the company respond to my questions about what processes are used to protect victims in these situations. If Craigslist is committed to protecting those who are victimized by fraudulent ads, I call on the company to set up a transparent means of reporting abuse that results in rapid remediation. Craigslist promptly takes down bogus ads but has no apparent means to revoke an abuser's posting privileges.
2. Law enforcement at every level, be it local, state or federal, should receive training in handling cyberstalking, identity theft and other computer-related crimes. We don't need every police officer to be familiar with the nuances of every federal law, but we should expect them, at the very least, to be able to inform victims of the existence of computer crime units that are conversant in such matters.

Finally, a word of warning about sharing passwords.

The New York Times in January described a new form of intimacy: Sharing passwords to email accounts, Facebook or other social media networks.

Bad idea. If you want to show somebody you trust them, do something like fall over backwards into their arms.

The worst you can get from that will likely be a bruise and a valuable lesson regarding whom you can and can't trust.

The worst you can get from a malicious ex posing as you online can be orders of magnitude more vicious.