Peter Vatistas

Chris Pirillo recently blogged about his choice on home inventory software solutions. As much as I agree with Chris that StuffSafe is a good alternative to installed software on your computer (redundancy, ability to use anywhere), I do have some concerns with security (or lack there of) and who is behind StuffSafe.com.

As a registered user of StuffSafe I am asked (not required) to enter personal information including my home address and insurance information. Now let’s say you load your online home inventory database with all your furniture, jewelry, electronics, and other personal effects. You provide StuffSafe with your home address and even your insurance information; would you give this information to a complete stranger? Well that’s what your doing.

StuffSafe is not secured by any security risk assessment companies like HackerSafe and from what I can see they have no privacy policy verified or approved by company like Information Shield or Trust-e. What stops them (StuffSafe) or hackers from accessing and using this information against you? Who’s to say that StuffSafe is not a couple of thieves that came up with an Oceans 14 type grand scheme (which is such a freaking good idea, LOL)?

I know your probably thinking that I am totally overreacting but I think I do have a valid point. I wouldn’t use their services for the lack of security and also because I wouldn’t give this information out to anyone outside of my attorney. I would take the time to read a little bit deeper into online services like StuffSafe before signing up and giving them all of your information, you never know how your information will be stored and who will see it.

StuffSafe’s Privacy Policy regarding security (10/12/2007 @ 12:50am):

“SECURITY
StuffSafe operates secure data networks protected by industry standard firewall and password protection systems. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorized individuals have access to the information provided by our customers.”

That doesn’t leave a warm and fuzzy feeling in my stomach… ” yes but there is no guarantee on the box!“

Much like the root “super user” of Unix, Microsoft’s Windows Vista has a secret “master” administrator account which is disabled by default. The “master” administrator account in Vista gives all rights/permissions or total control over your OS; this is great for a Systems Administrator but not for the normal user or power user.

Just like in Unix, it is highly recommended that you run applications, services, and general interactions with Unix as a regular user. When your interactions within Unix require a raised level of authority you can run the command: #sudo su followed by your password. Vista has followed this almost exactly and I am sure you’ve seen this several times like when you install an application, run certain programs, or change system settings windows will display a UAC popup requiring you to accept your actions before you can continue. This “master” administrator account is the equivilant root or super user of Unix.

To unlock the secret administrator account in Windows Vista, follow these steps:

Start> type cmd in the search box> right-click on cmd.exe> select Run as Administrator> type: Net user administrator /active:yes then press enter. Now the next time you log in you will see the ”master” administrator account, which BTW is unprotected so I strongly suggest you set a password (click here for a great password generator). Now if you want to disable the administrator account just follow the same steps above but change the active:yes to active:no (Net user administrator /active:no).