Microsoft Trend May Impact Data Security

November 25th, 2009

Microsoft  recently announced that it has adapted its internal software development model to accommodate something called Agile Development.

What that means to you and me is that the next generation of Microsoft products for the web, may not be developed with the giant’s historical approach regarding security.

Agile development leans toward the collaborative approach to software development, similar to the processes made popular by Six Sigma and the Toyota 5S methodology.

Network World reports:  “This makes sense as Agile’s focus on teamwork and communication leaves plenty of room for improvisation….While Agile development has demonstrated its ROI value, the emphasis was always on rapid application and not necessarily security.”

We all know that there are plenty of cyber-kooks lurking out there and waiting to get us. These looming threats have never been worse. The good news is that the selection of security suites we can purchase to keep our systems safe has never been better.

This is why everyone needs an anti-virus, anti-spyware and firewall protection plan.  Any program you purchase from any vendor could leave you vulnerable to attack.

If you suspect a rogue program, Microsoft’s security site can probably give you the peace of mind that all weary web travelers need from time to time.



Posted in Anti-virus software | No Comments »

Top U.S. Banker Newest ID Theft Poster Child

September 5th, 2009

On August 25th, President Barack Obama nominated Ben Bernanke to another term as chairman of the Federal Reserve.

In a story reported this week by The Economist:

“The decision was widely hailed on Wall Street and in Washington, DC. With few exceptions, politicians and economists lined up to praise Mr. Bernanke and to laud Mr. Obama for keeping him.”

Coincidentally, also on August 25th, Newsweek Magazine reported:

“Last summer, just as he was dealing with the first rumblings of the financial crisis on Wall Street, Bernanke learned that a thief had swiped his wife’s purse-including the couple’s joint check book. Later, someone started cashing checks on the Bernanke family account…”

“The theft of the Bernanke check book-never publicly revealed until now-soon became part of a wide-ranging (and previously underway) identity-theft investigation by the Secret Service and the U.S. Postal Inspection Service.”

The shocking news is that the “previously underway” investigation exposed what the Justice Department calls “the largest alleged credit and debit card data breach ever charged in the United States.”

Many of the highest profile breaches in U.S. history are allegedly the result of this one mastermind’s activity. Thankfully, the ringleader and two of his co-conspirators are behind bars now.

Victims of the crime-spree reportedly include:

  • Heartland Payment Systems
  • Supermarket chain Hannaford Brothers
  • 7-Eleven stores
  • DSW shoe stores
  • TJ Maxx stores

This is a wake up call for America. If brazen purse snatchers can swipe cash from our top banker’s checking account and hackers can swipe “protected” corporate data with impunity, then the average American continues to remain vulnerable beyond belief.

Protecting your mail, private pins , personal data, passwords, payment instruments (credit/debit cards, checks) and computer data is YOUR responsibility. Despite our best efforts, the portability of data outside of our control, leaves us all exposed in this digital world.

This truth-is-stranger-than-fiction story illustrates another truth. Without the dedicated and ongoing effort of law enforcement, your personal, medical or bank records are just as vulnerable as an attractive unattended purse, slung over the back of a chair at the local Starbucks.

Posted in Check scams, Data Breaches, Data security, Federal Government, Police agencies | No Comments »

The iPhone Privacy Debate

August 21st, 2009

Those of us who are not iPhone owners, often laugh at the giddiness and joy which many tech-savvy, self-absorbed Apple devotees experience while using their phone’s latest app.

Despite the convenience and absolute coolness embedded in these ultra-smart phones, some of our greatest privacy rights go out the window when users “opt-in” during the registration process for a wide variety of applications.

ComputerWorld magazine reported this week:

“After the recent hubbub surrounding the Palm Pre and its daily sharing of user location and other information with Palm, …the iPhone Dev team has revealed that some third-party apps for the iPhone act in a somewhat similar fashion.”

It seems that: “code from the analytics  firm Pinch Media within some iPhone apps is specifically designed to track your geographic location through time, then upload that data to Pinch Media. They…note that the app will first ask permission to use your location information. Once this permission is granted, user location information is transmitted to whomever is tracking the app’s usage….Gender and birthday information may also be gathered and sent, if available.”

Although many specifics like your home address or business location may not be collected and stored, your actual latitude and longitude over time can make it easy to determine your sleeping and work coordinates.

Many question just how broadly the term “spy-ware” should be applied to analytics practices like this one. It has been observed that generally, users are never given the opportunity to “opt out”.

Like the Hotel California, you can check out anytime you like (turn off your phone), but you can NEVER leave.

Posted in GPS Tracking, Personal privacy | No Comments »

Identity Theft Tops LA County Sheriff's Agenda

July 16th, 2009

Los Angeles County Sheriff Lee Baca, weighed in this week on the growing need for reshaping federal law in the local fight against crimes involving identity issues.

The Los Angeles Times reported that Sheriff Baca traveled to Washington, DC to testify before a Senate panel on the matter.  At issue is whether the Real ID act, passed in 2005 should be revised to allow individual states more flexibility in order to comply with federal deadlines.

The Times reported:

Baca, who leads the largest sheriff’s department in the nation — with more than 18,000 officers and staff — said he hoped to express the  “critical need” for national ID standards from a local law enforcement perspective… He noted that local law enforcement personnel are typically the first to experience suspicious activities and respond to any terrorist event and that local law enforcement routinely deals with counterfeit identification, often impossible to detect.”

Sheriff Baca supports a revision of the current REAL ID Act, which essentially creates a national identification card for US citizens and puts those without one under greater scrutiny and suspicion.

One of the challenges is that the cost of implementation could run as high as $11 billion over five years according to the National Conference of State Legislators.

Both Baca and Department of Homeland Security Secretary Janet Napolitano have expressed support for a revision called PASS ID, which she claims would eliminate the need for states to spend money on untested technologies while including consumer privacy protection assurances.

Sheriff Baca testified that PASS ID is more realistic than REAL ID and he backed Napolitano’s core belief that these revisions to REAL ID are critical to improving identification security.

In a post 9/11 world, realism and improvement should be non-negotiable.

Posted in Federal Law, Police agencies, Uncategorized | No Comments »

Advice to Identity Thieves: "Don't Target Cops!"

June 8th, 2009

This story hits close to home for me because it mirrors an incident in my own experience.

Sooner or later, a criminal’s luck runs out. That’s what happened to a group of identity thieves who recently bit off more than they could chew.

The Associated Press reported this week that a ring of counterfeit check scammers got themselves into a mess that could keep them on ice for quite some time, at the expense of the taxpayers in the state of Oregon.

Most police agencies have one person who is considered their “go-to” expert on certain types of cases. In this case the cop is Barbara Glass. She is a veteran police officer who has nearly 20 years of service under her utility belt.

According to the report, Glass has served all those years:

” including eight specializing in ID and fraud investigations. During her investigation into the check ring, she got an e-mail from a Safeway store to alert her that her name had showed up as the signee on one of the bogus checks (that was) passed.”

I was immediately reminded of the value of some type of early warning, late warning, any warning that can inform a victim that they have been compromised. Most consumers have done NOTHING to erect an early warning system for themselves.

Many people who have purchased some type of identity theft protection are still vulnerable to ongoing abuse. Unlike the timely and coincidental email from Safeway in this case, most of us have no form of notification or early warning set up for us until it’s too late.

Officer Glass told The Oregonian newspaper that she nearly fell off her chair.  Glass recalls shouting out to her partner, Officer Dave Staab “My name!” Her full name was handwritten on a fake check and cashed back in April.

This story hits close to home because I remember the day my wife and I had the same conversation. Counterfeit checks were presented and cashed all over town with our bank information and a signature that wasn’t even close to mine.

In my case, the culprits were never identified, but due to the police work of Officers Glass and Staab, the Multnomah County Deputy District attorney will soon have a case to prosecute.

Thanks to some inspired police work, three suspects have had the spotlight shined on thier own identities and are now awaiting their day in court.

I don’t think a check payable to the bailiff will get them off the hook this time.

Tags: , ,
Posted in Check scams, Police agencies | No Comments »

World Economic Forum Examined Cyber-Crime

April 20th, 2009

Earlier this year, the World Economic Forum met in Davos, Switzerland for their annual  conclave. The topic of internet crime  drew the attention of attendees, leading a panel to take a look at the issue of international cyber-crime .

One startling fact emerged from their look into fraud, identity theft and organized crime. According to the experts, which included representatives from Mozilla, McAfee and Microsoft, 2008 saw more internet-based crime than the preceding five years combined! 

The WEF considers itself “the foremost global community of business, political, intellectual and other leaders of society who are committed to improving the state of the world.”

They go on to describe themselves as “an independent, not for profit organization that brings these leaders together to work on projects that improve people’s lives.”

The Davos attendees concluded that due to the organized criminal creation of large scale cyber-attacks, these incidents have moved beyond the mere nuisance of teenage hackers bored with nothing else to do, to a modern “organized criminality” that has grown well beyond garden variety vandalism.

The Forum estimates that internet crime alone, packs a whopping $1 trillion dollar price tag. With no clear consensus on how to attack the problem, the panel suggested solutions ranging from the creation of a nearly “totalitarian” worldwide governing body similar to the World Health Organization, to a diluted form of self-policing.

Perhaps an international outbreak of “willful blindness” has led us to this point. Hopefully the international criminal pleasure cruise that world economies are on,  is headed for some immediate course correction.

Posted in Uncategorized | No Comments »

Financial fear grips vast majority of Americans

April 10th, 2009

A new study conducted and released by Unisys Corporation reveals what most observers and pundits have been saying about our collective jittery nerves lately. With this new level of fear come concerns about fraud and ID theft reaching new heights  and threatening Americans more than ever.

According to the story published on Webwire: “The research, conducted with the latest Unisys Security Index, also confirms that most people are much more worried about their financial security, which saw a 12 percent spike when compared to results polled in September 2008. 

This concern now ranks as Americans’ number one security fear for the first time since Unisys began the global study in 2007. Conversely, the current data also shows the lowest level of concern about national security issues among U.S. consumers.”

The Webwire story goes on to report that more than two thirds of Americans are extremely worried or very concerned about other people obtaining and using their credit or debit card details, with 90 percent at least somewhat concerned.

The better news is that most of the identity theft strategies I’ve written about for some time now, can still protect consumers even in an age of unparalleled financial uncertainty.

By protecting your personal, private and proprietary information, you can still mitigate the effects of our current financial crimes tsunami. By guarding your credit and debit card numbers, bank account numbers, social security numbers, checking account numbers, pin numbers, passwords and computer files……you take away the match sticks that could ignite into to a personal financial firestorm.

None of these methods (including credit monitoring services) are guaranteed to prevent your information from falling into the wrong hands. Careful monitoring of billing and banking statements, credit reports and other financial and medical records will keep you positioned to spot a potential problem.The businesses we frequent also have a responsibility to protect our data and our dollars.

The Unisys study goes on to report: “Banks and businesses need to understand that customers are more wary than ever about using services that may compromise their personal data. If economic concerns increase these fears, companies need new strategies to strengthen customer confidence through accountability and transparency, which also plays to part of the Obama administration’s call to action for government and business.”

The fear gripping our economy is understandable, but we can take proactive steps to minimize our exposure. As a last resort, we can all just repeat this prayer:

“Lord, defend me from my friends; I can account for my enemies.” — Charles DHericault

Posted in Data security, Federal Government, Financial Security | No Comments »

7 Top Tax Season Fraud Reminders!

March 12th, 2009

If tax season is as taxing as ever for you, here are seven ways to reduce your annual tax time anxiety and vulnerability.

* Beware of tax-time ID thieves who create fake IRS websites just for this season.

* Bold fraudsters often “pose” as IRS agents to trick you into revealing personal data.

* The IRS never uses email to initiate contact with taxpayers.

* Any email that promises to deliver refund money should be deleted immediately.

* Taxpayer audit and refund information is always delivered through the U.S. mail.

* Unsolicited IRS contacts sent via email should never be opened or responded to.

* Communication from the IRS can be confirmed by calling (800) 829-1040.

Another common twist is that many unsuspecting taxpayers have received legitimate notifications from the IRS, requesting payment of taxes due on unreported earnings.

This is possible if someone illegally uses your Social Security number to obtain employment. In these cases, an unwitting employer reports the earnings attached to your stolen number and Uncle Sam comes calling for taxes on income you truly never earned!

Protect your Social Security number at all times and at all costs. If you suspect fraud, contact the Social Security Administration  immediately. They can also be reached at (800) 772-1213.

Posted in Federal Government, Financial Scams | No Comments »

A Spyware Case Where Bigger Is Not Better

February 1st, 2009

The Heartland Payment Systems security breach is now considered to possibly be the biggest in history.

The massive theft which is thought to have occurred sometime in 2008, may have allowed the hackers to swipe credit card data from more than 100 million accounts. Apparently, it was spy-ware installed on the company’s internal network that grabbed the data.

PCWorld Magazine reported:

“Heartland says it didn’t discover the breach until Visa and MasterCard came knocking about suspicious activity involving card numbers processed by Heartland……

It’s all the more sad that we as consumers really can’t do a darn thing to protect ourselves against this kind of theft. We can be incredibly careful with our own PC and data, but we have no control over how it’s handled by the plethora of companies that store and process our information.”

According to the Washington Post, Heartland President and CFO Robert Baldwin contacted the U.S. Secret Service as well as two breach forensics teams to investigate.

In terms of sheer volume, Baldwin said:

“The transactional data crossing our platform, in terms of magnitude… is about 1oo million transactions per month.”

This type of breach leaves you and I powerless to prevent it and vulnerable as a result. The stolen Heartland data is precisely what crooks need to create counterfeit credit cards.

That is why the following basics of Identity Theft Protection should be a part of YOUR financial planning.

  1. Carefully watch all your credit card statements for irregularities
  2. Be on the look out for small charges from unknown creditors and report them
  3. Consider freezing your credit files if you don’t plan to apply for new credit soon
  4. The use of a credit card leaves you LESS vulnerable than using a debit card card
  5. Grab a free credit report at least 3 times a year for FREE

CEO Baldwin was quoted as saying simply:

“….we recognize and feel badly about the inconvenience this is going to cause consumers.”

The giant credit card processor feels badly. I’ll sleep better now.

Posted in Credit card fraud, Credit industry, Data Breaches, Data security, Personal privacy | No Comments »

Looming Cyber-Threat Has Fed's Attention

January 22nd, 2009

Outgoing National Intelligence Director Michael McConnell reported last week that Cyber-threats are among his greatest concerns, second only to Iran’s continuing development of nuclear weapons.

MSNBC and the Associated Press reported:

“…Iran producing a nuclear weapon and a cyber attack on critical government or private computer networks top the list of concerns nagging at National Intelligence Director Michael McConnell as he prepares to leave office.”

There are many well intentioned observers who seem to think that cyber-crime in general is on the decline inside the United States. Although there is statistically no need for mass panic, it is foolish to assume that our computer infrastructure isn’t the greatest information target in the world. As a practical matter, I think we are all better off with “someone on the gate” to guard our repositories of personal, commercial,  educational, financial and military data.

The truth is that many potentially damaging breaches go undetected and are often intentionally unreported. Back in 2005, the Department of Homeland Security constructed a worst-case-scenario type cyber-attack and concluded that over 20 million credit cards might be affected over a period as short as just one week. The Department concluded that an event like this could undermine faith in the entire U.S. financial system.

We all pray that President Obama’s team remains watchful and vigilant on the cyber-front during these desperate times. The Obama Administration has already declared our nation’s cyber-infrastructure a “strategic asset” and has pledged to protect “America’s competitive advantage”.

Great start Mr. President.

Posted in Computer safety, Cyberwar, Data Breaches, Federal Government | No Comments »

« Older Entries
Newer Entries »