Archive for the ‘Personal privacy’ Category

« Older Entries

Ashton Kutcher Gets Punk’d on Twitter

Monday, March 7th, 2011

Have you ever wondered about  Ashton Kutcher’s rather warped sense of humor? The celebrity star of the hit TV show Punk’d was the victim of a deliberate hoax intended to warn the world,  embarrass the star and catch him off guard in a “practical joke” sort of way.  His popular,  high profile, widely read Twitter account got hacked!

The television show has been in re-runs  since the final episode aired in 2007.  The actor (AKA Mr. Demi Moore)  has always claimed that he is “un-punkable”. The basic premise of Punk’d is that an unwitting celebrity is filmed during a staged prank, solely for the entertainment of viewers.

Here’s what happened. Ashton Kutcher has 6.4 million followers on Twitter. A relatively “friendly” hacker compromised the account while Kutcher was attending  a TED speakers conference in Long Beach, California.

According to the Internet Security Firm Sophos, the uninvited visitor’s hijacked message was sent out to Kutcher’s 6.4  million followers. The message stated:

"Ashton, you've been Punk'd. This account is not secure. Dude, where's my SSL?"

Security analysts like those at the security firm Sophos, believe that the hacker exploited the account’s lack of SSL encryption.

A Sophos analyst went on to say:

The insecure Twitter and Facebook accounts of some celebrities offer a very tempting target for cybercriminals who may wish to spread their dangerous or spammy links to millions of followers. We should just be grateful that on this occasion the hack appears to have taken place to promote better awareness of the need for better security, rather than with more malicious intent.”

Relatively unsophisticated tricks like these can easily steal or “sidejack” the credentials of anyone using an unsecured WiFi network (Starbucks anyone?)

This should get Hollywood’s attention. I smell the winning recipe for a new fall TV show in the making. Surely reality television has room for another crowd pleaser.

Lets call the new hit series…… Hack’d!

Tags: ,
Posted in Data security, Personal privacy, Uncategorized | No Comments »

Three Privacy Reminders For 2011

Wednesday, January 5th, 2011

Exhale. With the worst of the financial storms past us, we can finally breathe and begin to rebuild our financial fortifications.

One of the first pieces of business this year should be to put a few strategies in place to protect whats left of your assets and personal privacy. Unfortunately, the fraudsters are still in the game stronger than ever before, due to the relatively risk-free nature of modern financial crime.

The reality is that most financial crimes are under-reported and left unsolved due to a scarcity of investigative resources and the endless supply of fresh target information available to most criminals.

Here are three areas to watch in 2011 according to Bank Info Security:

1. Mobile Banking Risks

“Mobile phones used for banking are on the rise, but mobile security is proving increasingly challenging for banks and credit unions, as controls put in place to protect traditional online banking do not translate well when applied to mobile. Mobile banking applications from Bank of America, Chase, Wells Fargo and TD Ameritrade have all suffered from security flaws, and CitiGroup in 2009 noted vulnerabilities when it learned some banking apps stored sensitive user details in hidden files on smart phones.”

2. Social Networks and Web 2.0

“The connection between mobile phones and social media is growing, with Twitter and Facebook apps offered for mobile users. Institutions embracing mobile also are embracing social networking, says Rasmussen, Internet Identity’s chief technology officer. “With more banks on social networks, expect to see more fake sites using social networks, like Twitter and Facebook, to try and trick people into giving up vital personal information,” including banking login credentials and Social Security numbers, he says.”

3. Malware, Botnets and DDoS Attacks

“Distributed denial-of-service, or DDoS, attacks, as seen in the wake of the recent WikiLeaks incidents, are likely to increase. In fact, the WikiLeaks-inspired attacks against leading e-commerce sites have fueled interest among fraudsters, says RSA’s Rivner. Botnet operators now see opportunity for additional income.”

Smart phones, social networking and sustained attacks on closed systems, leave plenty of room for mischief in the coming year. Stay tuned for ways to short-circuit these uninvited cyber-guests in 2011 and beyond.

Tags: , , , ,
Posted in Cyberwar, Data security, Personal privacy | No Comments »

ID Theft Is Lurking In Your Computer

Monday, June 7th, 2010

Personal computing guru Steve Bass recently shared some rather eye-opening statistics in his value-packed newsletter,  Techbite.

Security vendor PC Pitstop Research analyzed just over 50, 000 computers for evidence of security threats, vulnerabilities, viruses and protection tools. Immediately, some interesting results emerged.

Can you guess what percentage of computer users have absolutely no security software installed on their machines? The answer is that a shocking 23% of us are flying through cyberspace as naked as  jay birds!

The PC Pitstop  study was looking for evidence of threats which we should all be on the lookout for such as Spyware, Malware / Rogueware and Keyloggers.

For clarity, the article defined its terms,  so there would be  no confusion about the nature or intent of each of these threats.

According to the report:

” We define spyware as the software that is unintentionally installed on the target computer. … A new growing segment of malware is rogue or phony security software.… Keyloggers are a category of software that is intended to monitor the activity of a target computer. This is a rather dangerous category since this form of malware can be used for identity theft, stalking and other ugly criminal activity.”

The good news is that Symantec, Trend Micro, Kaspersky and other leading providers are very effective in their own areas of strength,  at delivering protection from many of the most common  threats:

  • Kaspersky was rated best against rogue software
  • Symantec was best in the fight against spyware
  • Trend Micro was best against keyloggers
  • Kaspersky was best against viruses

One of the takeaways here is that not all threats can be stopped with just one form of security. Redundancy in various computer security software programs is the best way to keep the multiplying strains of threats at bay.

The underlying theme from this study is that ” no one security provider is good at protecting against all aspects of security. As the analysis suggests, each vendor has some strengths and weaknesses.”

The reality that a given threat could progress  from mischievous to menacing to malicious, is a real possibility in our data-rich daily lives.

Protect your data and assets accordingly.

Posted in Anti-virus software, Computer safety, Data security, Personal privacy | No Comments »

2010 U.S. Census Creates ID Theft Vulnerability

Saturday, February 13th, 2010

In March of this year, census takers will begin to thread their way across the highways and byways of our land to conduct the 2010 census.

Despite the skepticism of some,  participation is required under Title 13 of the United States Code. The same law also requires that the Census Bureau tabulate your information without revealing any of your personal data.

The government imposes very stiff fines and possible prison terms for federal employees who violate the privacy guidelines.

Allow me to call another lurking personal privacy threat to your attention. Make sure that anyone you share information with is actually from the Census Bureau!

This reminder came to my attention  from a Vice President of  Security at Austin Bank in Longview,  Texas.  (used with permission)

There has been a lot of advertisement about the 2010 Census. It is important that all people participate in the census since it is only taken every ten years. However, there are people at work posing as census takers to do one simple thing; steal the identity of everyone they can, and either use or sell the information. It is important that you protect yourself and talk to your family and friends, about protecting themselves.

Additionally, the U.S. Census Bureau has issued this statement on their website:

Census workers may need to visit your household to update the Census Bureau’s address list, deliver a questionnaire or ask you to complete the questionnaire face-to-face.  All census workers carry official government badges marked with just their name.  You also may ask them for a picture ID from another source to confirm their identity.  In addition, some census workers might carry a ‘U. S. Census Workers’ bag.  If you still are not certain about their identity, please call the Regional Census Center toll-free number to confirm they are employed by the Census Bureau.

Census workers will never ask  for your:

  • Social security number
  • Citizenship or immigration status
  • Salary or income
  • Bank account information

The reality is that their questions require much less personal information than a typical credit card application. If you would rather not answer questions at your front door, you can mail in your data.

The government says that our participation will help us to “paint a portrait of America”.

Pick up your paintbrush and let your voice be heard.


Tags: , ,
Posted in Federal Government, Federal Law, Personal privacy, Personal Responsibility | 2 Comments »

The iPhone Privacy Debate

Friday, August 21st, 2009

Those of us who are not iPhone owners, often laugh at the giddiness and joy which many tech-savvy, self-absorbed Apple devotees experience while using their phone’s latest app.

Despite the convenience and absolute coolness embedded in these ultra-smart phones, some of our greatest privacy rights go out the window when users “opt-in” during the registration process for a wide variety of applications.

ComputerWorld magazine reported this week:

“After the recent hubbub surrounding the Palm Pre and its daily sharing of user location and other information with Palm, …the iPhone Dev team has revealed that some third-party apps for the iPhone act in a somewhat similar fashion.”

It seems that: “code from the analytics  firm Pinch Media within some iPhone apps is specifically designed to track your geographic location through time, then upload that data to Pinch Media. They…note that the app will first ask permission to use your location information. Once this permission is granted, user location information is transmitted to whomever is tracking the app’s usage….Gender and birthday information may also be gathered and sent, if available.”

Although many specifics like your home address or business location may not be collected and stored, your actual latitude and longitude over time can make it easy to determine your sleeping and work coordinates.

Many question just how broadly the term “spy-ware” should be applied to analytics practices like this one. It has been observed that generally, users are never given the opportunity to “opt out”.

Like the Hotel California, you can check out anytime you like (turn off your phone), but you can NEVER leave.

Posted in GPS Tracking, Personal privacy | No Comments »

A Spyware Case Where Bigger Is Not Better

Sunday, February 1st, 2009

The Heartland Payment Systems security breach is now considered to possibly be the biggest in history.

The massive theft which is thought to have occurred sometime in 2008, may have allowed the hackers to swipe credit card data from more than 100 million accounts. Apparently, it was spy-ware installed on the company’s internal network that grabbed the data.

PCWorld Magazine reported:

“Heartland says it didn’t discover the breach until Visa and MasterCard came knocking about suspicious activity involving card numbers processed by Heartland……

It’s all the more sad that we as consumers really can’t do a darn thing to protect ourselves against this kind of theft. We can be incredibly careful with our own PC and data, but we have no control over how it’s handled by the plethora of companies that store and process our information.”

According to the Washington Post, Heartland President and CFO Robert Baldwin contacted the U.S. Secret Service as well as two breach forensics teams to investigate.

In terms of sheer volume, Baldwin said:

“The transactional data crossing our platform, in terms of magnitude… is about 1oo million transactions per month.”

This type of breach leaves you and I powerless to prevent it and vulnerable as a result. The stolen Heartland data is precisely what crooks need to create counterfeit credit cards.

That is why the following basics of Identity Theft Protection should be a part of YOUR financial planning.

  1. Carefully watch all your credit card statements for irregularities
  2. Be on the look out for small charges from unknown creditors and report them
  3. Consider freezing your credit files if you don’t plan to apply for new credit soon
  4. The use of a credit card leaves you LESS vulnerable than using a debit card card
  5. Grab a free credit report at least 3 times a year for FREE

CEO Baldwin was quoted as saying simply:

“….we recognize and feel badly about the inconvenience this is going to cause consumers.”

The giant credit card processor feels badly. I’ll sleep better now.

Posted in Credit card fraud, Credit industry, Data Breaches, Data security, Personal privacy | No Comments »

If Obama and Palin Can Be Hacked, So Can You!

Monday, December 1st, 2008

With the holiday season upon us and the election season behind us, the average consumer may have their attention diverted away from personal privacy issues.

President-elect Barack Obama and Alaska Gov. Sarah Palin were concentrating on the election, while high tech thieves smelled an opportunity to violate the candidates’ privacy with reckless abandon. These fraudsters were phone company insiders and random email hackers, not mobsters from an Eastern European crime family.

Here is an excerpt from a story posted on fiercewireless.com:

“Verizon Wireless has fired the employees who accessed President-elect Barack Obama’s personal cell phone account without authorization.

A report on CNN.com quoted an unnamed Verizon source, who would not disclose how many people were fired but said, “we now consider this matter closed.” Apparently the employees were involved in customer service and were not authorized to look at an account unless a customer requested it.

The source also said that records of no other well-known customers had been breached. The phone that was accessed was a flip phone that had been inactive for months, and was not a Blackberry or other smartphone from which email could have been sent or data services could have been accessed.”

In Palin’s case, a 20-year-old student at the University of Tennessee has been indicted for breaking into one of Palin’s accounts and posting the information on a public website.

Here’s the point. We are all vulnerable to attack even if we are careful to do everything right in the privacy arena. Recovering from the emotional roller-coaster and sense of violation after being victimized can be both traumatic and lengthy. In extreme cases, you could even be facing a run-in with the law.

Prepare to remain steadfast this holiday season. If you are a member of AAA, you can unwrap an early Christmas present from them just by visiting their website and reading about their “free”, yes FREE credit monitoring and alerts for members only.

Posted in Data security, Federal Government, Personal privacy | No Comments »

How A Financial Crisis Leaves Our Data Vulnerable

Wednesday, October 15th, 2008

As major banks, insurance companies and investment firms fall victim to the current tsunami of financial storms, your privacy may suffer. When firms change hands, downsize their payrolls and transfer massive amounts of data, proprietary information is left exposed and privacy erodes.

At the end of September, the Dow Jones Industrial Average took the single biggest dive in history, dipping 777 points. In the wake of the impending reorganization of American business, your credit card balances, your mortgage, your savings accounts and your credit history will probably be reshuffled and reinserted into the database of the account’s new overseer.

After days of marathon negotiations, the bailout measure initially went down to defeat in the Congress by a vote of 228 to 205. After the Senate and the House gave final approval for a modified version of the $700 billion rescue plan, President Bush signed it into law on October 3rd, 2008.

Although the free markets globally are facing their toughest challenge ever, those markets do work. The problem is that they are controlled by human beings who are subject to behavior that is sometimes irrational, emotional and irresponsible.

Because of the irresponsible and sometimes deliberate misdeeds of the guardians of the financial gate, it is still your responsibility to to guard your personal information the best way you know how.

If you do not have a personal identity theft risk prevention, detection and mitigation plan in place, what are you waiting for? Visit the Privacy Rights Clearinghouse for great tips on how to protect yourself.

Posted in Data security, Federal Government, Personal privacy | No Comments »

6 Smart Ways to Safeguard Your Child's Identity

Wednesday, September 17th, 2008

Many of you who have kids may have wondered if your little crumb snatchers are vulnerable to identity theft. If that thought has ever crossed your mind, you are not alone.

My first clue that our own kids were potential victims, surfaced when unsolicited mail began showing up in the mailbox. Credit card offers with the names of pre-teens and teenagers are not uncommon.

If you have not opted-out of junk mail, you are probably still seeing offers from predatory lenders arrive pretty frequently. “Don’t they know that little Bobby has no job or income?”

Each year, experts estimate that more than 3 million people discover that a new credit account has been opened up in their name. Your child’s vital data has value in the dark world of identity thieves.

Many fraudsters troll in these waters and they know that their crimes could possibly go undetected simply because of the age of the victim. Targeting victims who are unaware of their exposure makes the chance of detection slimmer than usual.

Not only do young victims remain in the dark, but their parents may not uncover the damage for many years. When the young person tries to get a driver’s license or applies for a credit card, they discover a crime that could be years old with no way to fight back.

Here are 6 steps parents should take for the protection of their child’s identity.

  1. Never disclose your child’s social security number unless it is mandatory- such as school records, income tax returns or medical emergencies.
  2. Keep copies of birth certificates under lock and key and share them only when the information is mandatory.
  3. Don’t be intimidated or afraid to ask anyone who requests a personal document WHY that specific information is needed. Also ask WHAT steps they take to safeguard the information.
  4. Don’t let a child or adolescent carry a copy of his or her Social Security card in their purse or wallet.
  5. Watch the mail for credit offers or other personalized mail to your child. These early warning signs can signal danger ahead or possibly danger in progress.
  6. Opt out of junk mail for you and your kids. There are companies that will allow you to get your children’s name off of the direct marketers lists along with your own. Check out greendimes.com for a great example of this type of service.

You can also request a free credit report from each of the major credit reporting agencies once a year for your child. If the child is under age 13, the request must be in writing.

For more information go to annualcreditreport.com, a website operated by the three credit reporting agencies. While there, you can request a free copy of your own report.

Finally, remember that privacy leakage occurs often on the web and especially at social networking sites like MySpace and Facebook. These companies do what they can to help monitor activity on their sites, but ultimately your child’s identity safety practices are your responsibility.

Posted in Child ID Fraud, Personal privacy, Personal Responsibility | No Comments »

Identity Appreciation Month

Monday, September 1st, 2008

I appreciate the value of my intact identity profile…don’t you?

It has been too long since my last post. The past month has been a whirlwind for me as a result of my vacation to China.

As anyone who travels regularly will tell you, keeping tabs on your identity is a both a necessary evil and a blessing beyond belief when traveling abroad. Venturing off to China during the Olympics is certainly a test of all the safeguards that are supposed to be in place to make sure that you are really the real you when you travel.

Passing through customs, immigration and the tightest security I have ever witnessed gave me both a sense of awe and gratitude. Chinese security officials had their hands full and the world witnessed one of the most spectacular displays of pomp, ceremony and athletic achievement ever organized.

At the same time, security was at an all time high for good reason. The eyes of the world were fixed on Beijing and our hosts wanted the occasion to shine. I think we all agree …..it did.

The 12 hour flight from the West Coast gave me a chance to catch up on some of the latest and greatest scams we are facing here at home. One that caught my eye in particular was the number of credit card skimming cases which the Secret Service is investigating around the country.

In my seminars, I magically produce and vanish a card “reader” which could be called a “skimming device” if it fell into the wrong hands. The problem is that we are so used to seeing them, that we don’t even think about sliding our credit and debit cards into a device at an ATM, bank or retail location.

The challenge is that these high tech and deceptive skimmers don’t prevent the machine we are accessing from working and can be painted to match the color of any legitimate machine. According to USA Today, there are major investigations going on right now in California, Delaware, Nevada, Pennsylvania and Washington.

In Washington state alone, the number of recent victims could total as high as 250 people with losses totaling $500,000. The combined total of the cases totals between $1 million to $3.5 million stolen from victims.

The obvious first step for self protection is awareness and a keen eye for anything that may look suspicious. Thieves quite often place a small camera on or near the pump or ATM which records pin numbers as you key them in.

Diligent, constant awareness of irregularities and unauthorized activity on your accounts is your personal responsibility. The good news for American consumers is that reporting fraudulent or suspicious activity generally stops or reverses damage done with credit cards and most debit cards bearing the Mastercard or Visa logos. Irregularities must be reported in a “timely fashion” which generally means 60 days or less from discovery of the event.

Yes, old fashioned skimming is alive and well and being dispensed at an ATM or gas pump near you.

Posted in Credit card fraud, Data security, Personal privacy, Uncategorized | No Comments »

« Older Entries