Tags: Facebook privacy, facebook scam, Social Media privacy, social media safety
A federal agent impersonated a woman without her knowledge; he created a Facebook page in a woman named Sondra, and the Justice Department is defending him. In addition, he posted racy photos of her, from her cell phone, to the site. The site was being used to connect with suspected criminals.
Seems like he was simply doing what he had to do, because prior, Sondra had been arrested for suspicion of drug ring involvement. While she was awaiting trial (and ultimately was given probation), the agent created the Facebook account.
“The incident at issue in this case is under review by Justice Department officials,” states Brian Fallon, the Justice Department’s top spokesperson. Facebook’s terms of service do not exempt undercover agents from term violations, one of which is posing as another person.
Facebook removed the page once news broke. This case doesn’t compare to when detectives go undercover in person, posing as a fictitious character or a real person who authorizes the impersonation. Sondra is real, and she didn’t know about this.
The defense claims that Sondra indeed consented because she granted access to the data in her phone. A privacy expert points out, however, that this is parallel to granting detectives permission to search your house for drugs, but then they steal photos in your bedroom and post them online. Furthermore, the agent posted photos of Sondra’s minor son and niece.
But is Sondra any angel herself? She pled guilty to conspiracy to distribute cocaine in February 2011, but was slapped on the wrist because apparently, she wasn’t a key player in the ring. Really this shouldn’t matter.
It is necessary for law enforcement to use any means necessary and legal to capture bad guys. However there must be a better way to create a social profile, such as using a stock photo or even a computer generated one. The technology is readily available to make this happen.Filed Under: Identity Theft
Ever wonder just how hackers bust into systems and cause destruction? One reason is because people are still using weak passwords. While your pet’s name and wedding anniversary dates are easy to remember and sentimental to use, this approach makes a hacker’s job all too easy. Here are 10 things you should know about passwords.
- Never use the same password more than once, because if that account is hacked, and that password is for three other accounts, you’ll get quadruple-hacked.
- Think of a memorable phrase, then abbreviate it, such as, “My all time favorite movie is Jaws which I’ve seen 19 times.” The password would then be: MatfmiJwis19t.
- Don’t stick to just letters and numbers. A “character” can be any number of signs. For an even stronger password, add some random characters: MatfmiJ&wis19t!
- The “dictionary attack” is when a hacker applies software that runs through real words and common number sequences in search of a hit. So if your password is 8642golfer, don’t be surprised if you get hacked.
- A super strong password may be 12 characters, but not all 12 character passwords are strong. So though 1234poiuyzxc is long, it contains a number sequence and keyboard sequences. Though longer means more possible permutations, it’s still smart to avoid sequences and dictionary words.
- Another tip is to create a password that reflects the account. So for instance, your Amazon account could be MatfmiJ&wis19t!AMZ.
- Opt for sites that offer two-step verification. A hacker will need to have possession of your phone or e-mail account in order to use your password, because two-step requires entry of a code that’s sent to your phone or e-mail.
- If you struggle to remember your passwords, you can store them in a cloud where there’s two-factor authentication. But don’t stop there; preserve your passwords in hardcopy form.
- A password manager will make things much easier. With one master password, you can enter all of your accounts. Google “password manager”.
- Don’t check the “remember me” option. Having to type in your password every single time means added protection.
IDC, an IT analyst firm, estimates that the mobile worker population could reach 1.3 billion by 2015, meaning, they access workplace data outside the workplace. This is risky because it exposes data to hackers.
In fact, the safety of what’s displayed on the computer screen in public is of huge concern. The 3M Visual Data Breach Risk Assessment Study provides some troubling findings.
First off, 67 percent of workers expose company data beyond the workplace, including very sensitive information. Typically, the employee has no idea how risky this is. It’s as easy as the crook capturing data, that’s displayed on a screen, with a smartphone camera as he passes by or secretly looks on continuously from nearby.
And there’s little corporate policy in place to guard against this. The study says that 70 percent of professional employees admitted their company lacked any explicit policy on conducting business in public. And 79 percent reported that their employer didn’t even have a policy on privacy filter use.
Either communication about policies with employees is feeble, or attention to visual policy from the decision makers is lacking.
An increasing number of people are taking their online work to public places, but if they knew that company data was properly protected from roving snoops, they’d be more productive. Companies need to take more seriously the issue of visual privacy and this includes equipping employees with tools of protection. Below are more findings.
Type of Data Handled in Public
- Internal financials: 41.77%
- Private HR data: 33.17%
- Trade secrets: 32.17%
- Credit card numbers: 26.18%
- SSNs: 23.94%
- Medical data: 15.34%
Only three percent of the respondents said that there were restrictions imposed on some corporate roles working in public. Eleven percent didn’t even know what their employer’s policy was.
One way to make headway is a privacy filter because it blocks the lateral views of computer screens. Eighty percent of the people in the study said they’d use a device with a filter.
Another factor is that of enlightening workers about the whole issue. An enlightened employee is more likely to conduct public online business with their back to a wall.
- In general, work is not allowed in public: 16%
- No explicit policy on public working: 70%
- To the worker, privacy is very important: 70%; somewhat important: 30%; not very important: 4%; not important at all: 1%.
- Only 35 percent of workers opted to use a kiosk machine with a privacy filter when presented with two machines: one with and one without the privacy filter.
The study concludes that businesses are sadly lacking in security tactics relating to data that’s stored, transmitted, used and displayed. This is a weak link in the chain of sensitive information. Any effective IT security strategy needs to address this issue and take it right down the line to the last employee.Filed Under: Data Breaches
Tags: data breaches, data privacy, data protection, data security, data theft
IT people need to beef up their opinions about cloud security, says a recent report by the Ponemon Institute called “Data Breach: The Cloud Multiplier Effect.”
The report put together data from the responses of over 600 IT and IT security people in the U.S. The report has three observations:
- Many of the respondents don’t think that their companies are adequately inspecting cloud services for security.
- The cost of a data breach can be pricey.
- When a business attempts to bring its own cloud, this is the costliest for high value intellectual property.
- 72% of the participants thought that their cloud service providers would fail to notify them of a breach if it involved theft of sensitive company data.
- 71% believed this would be the same outcome for customer data breaches.
Many company decision makers don’t think they have a whole lot of understanding into how much data or what kind is stored in a cloud.
- 90% thought that a breach could result when backups and storage of classified data were increased by 50 percent over a period of 12 months.
- 65% believed that if the data center were moved from the U.S. to a location offshore, a breach could result.
All of these findings mentioned here are the result of self-estimations rather than objective analysis of real breaches.
Ponemon also determined that if a breach involved at least 100,000 records of stolen personal data, the economic impact could jump from an average of $2.4 million to $4 million, up to $7.3 million. For a breach of confidential or high-value IP data, the impact would soar from $3 million to $5.4 million.
In addition to the self-reporting loophole, the report had a low response rate: Only 4.2 percent of the targeted 16,330 people responded, and in the end, only 3.8 percent were actually used. Nevertheless, you can’t ignore that even self-estimated attitudes paint a dismal picture of how cloud security is regarded.Filed Under: Data Breaches Data Security
There are really so very many ways to protect and make your home safe as well as secure—ways you’d never even think of, so here they are, as well as the classic ways that many people still neglect to implement.
- Big numbers. Make sure your house’s address numbers are very visible to EMS and firefighters.
- Fire attractants. Don’t let dried up brush/leaves accumulate on your property.
- Locks. Locks are worthless if you don’t use them, so keep all doors locked (with top quality systems) even when you’re at home in the afternoon.
- Bad habit. Rinse cigarette butts with water before discarding. Better yet, quit. Seriously, stop it.
- An occupied-appearance. Grass overgrown? Several newspapers scattered in the drive? Porch light on incessantly? Duhh, the occupants are out of town. Make your home look like someone is always there. Have someone mow the grass while you’re away, park their car in your driveway, collect your newspapers, etc. Lighting fixtures that are timed to go on and off will also help.
- Storage. Keep firewood and other flammable items away from your house.
- Treat unexpected visitors like a telemarketer. If the phone rings and you think it’s a telemarketer, you wouldn’t answer it. Yet many people brazenly whip open their door when the bell rings or someone knocks without first checking to see who’s there. Always check first!
- Can’t fool burglars. Don’t bother hiding the spear key under the door mat or under that plastic rock. Find less classic hiding places.
- Treat garage door like bathroom in use: Keep the door closed at all times.
- Smoke alarms. Many people don’t have these, but they really do make a difference. Make sure they work, too, by testing them regularly.
- Escape routes. Pre-determine how you’d escape from a fire and practice the escape.
- Use a safe. If you hardly wear your grandmother’s valuable broach, keep it in a locked safe, along with other valuables you don’t use.
- Door reinforcement. Your doors jams, especially if they are wood, are flimsy and can be kicked in very easily. Beef up the jams with Door Devil door reinforcement technology. This makes kicking in doors very difficult.
- No notes. Never tack a note on your door saying “I’m out for just a minute.” And keep your social status updates private. Don’t tell te world you are out.
- The ring. When you’re out, even for short errands, turn your phone’s ringer to mute so that a prowler doesn’t hear ringing and ringing that means nobody’s home.
- Fire hazards. Never leave the house, even to chat with a neighbor, while a candle inside or fireplace is burning.
- Turn them off. Don’t leave on hot things (curling iron, stovetop, etc.) unless you’re right there using them.
- Charlie bar. Wedge a wooden cylinder-pole or metal one or dice-sized gadget designed for this purpose in the track of any sliding glass door or window to block it from being slid open.
- Don’t get trapped. Make sure any deadbolts don’t lock from the inside which could potentially trap you should there be a fire or intruder pursuing you.
- Keep blinds and curtains down at all times. ‘Nuff said.
Gee, it used to be just your desk computer that needed protection from cyber thugs. Now, your connected thermostat, egg tray monitor, teen’s smartphone, garage door opener, even baby monitor, are all game for cyber creeps.
Can’t be said enough: Install antivirus software. This software really does make a huge difference. Malware scanners are not enough, by the way. You need both: antivirus, anti-malware, though malware usually targets laptops and PCs. But don’t bet on it staying this way; Macs, mobiles and tablets are vulnerable. Don’t wait to get security applications for your smartphone and tablet. Android is particularly vulnerable.
Enrich your Wi-Fi. Turn on your WPA or WPA2 encryption. Change your router’s default password to something really unique. Update the router’s firmware. Register any new routers online. Contact the router manufacturer’s site for helpful information on making things more secure. Whenever using free public WiFi recognize your data can be sniffed out. Use Hotspot Shield whenever logging in at airports, hotels, internet cafés and more.
Don’t use outdated software. Are you still on Windows XP? Time to switch to 7 or 8. Security holes in outdated applications will not get plugged if there’s no longer support.
Power passwords. You wear a power suit; you take a power lunch, a power nap and a power walk, but do you have a power password? A power password is extremely difficult to crack. It’s at least 12 characters long, contains no dictionary words or keyboard sequences, and has a variety of symbols. You can also use a password manager to create and encrypt passwords.
OS updates: often. Many people fail to keep their operating systems updated. Big mistake. An update means that a security hole, through which a hacker could get in, has been patched. Lots of holes mean lots of entry points for hackers. If Windows alerts you to an available update, then run it. Learn about your system’s update dynamics and get going on this.
Patch up your software. Have you been getting update alerts for Adobe Reader? Take this seriously, because this software is highly vulnerable to hacking if it has unpatched holes. Any reminder to update software must be taken seriously. Don’t wait for an attack.
Wipe old hardware. Got any defunct laptops, tablets, flash drives, hard drives, etc.? Before reselling them, strip them of your data. If you want to discard them, literally hammer them to pieces.
Two-factor authentication. A long, strong password is not 100 percent uncrackable. If a hacker cracks it, but then finds he must apply a second factor to get into your account…and that second factor requires your smartphone to receive a one-time code, he’ll move on.
Don’t get duped. Never click links in e-mails. Don’t click on something that seems too good to be true (a link to naked photos of your favorite movie star). Avoid suspicious looking websites.
Stop blabbing on social media. Information you post on Facebook, for instance, could contain clues to your passwords or security questions for your bank account. Sure, post a picture of your new puppy, but leave the name a mystery if it’s the answer to a security question.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.Filed Under: Data Security
The good old days were when today’s college kids’ parents lugged their typewriters into their dorm room, and they communicated to people via the phone on their room’s wall. Their biggest worry was someone stealing their popcorn maker. Nowadays, college kids need to beware of remote invasions by thieves.
Why are colleges hotspots for hackers? There’s all sorts of users on insecure networks, not to mention a wealth of data. So it’s no longer just warning your kids not to walk the campus alone at night or to stay away from drugs and alcohol.
Students can have a tendency to reuse the same password—anything to make college life less hectic. All accounts should have a different password. And don’t use a password like GoSpartans. Make it nonsensical and full of different characters.
Social engineering. College kids can be easily tricked into making the wrong clicks. A malicious e-mail can pose, for instance, as something from the university. The student gets suckered into clicking on a link that then downloads the computer with malware. A student may be tricked into clicking on a “video link” to view something hot, only to instead download a virus.
Students should look for signs of a scam like bad grammar and spelling in the “official notice” and other suspicious things. Though it’s of utmost importance to have antivirus and antimalware, these won’t stop a thief from using the student’s credit card number after the student is tricked into giving it on a phony website.
College kids also have a tendency to go nuts on social media, posting continuous updates of their day-to-day actions. If the student’s Facebook page is chockfull of personal information, a crook who has the student’s e-mail address could use this information to figure out the student’s answer to security questions and then gain entry to their accounts. This is why two-factor authentication is so important. The thief can’t possibly bust into an account if they need a special one time PIN code with the password usually delivered via a text on their mobile.
Unprotected Wi-Fi. Not all campuses provide secure Wi-Fi, and the presence of antivirus, antiphishing, antispyware and firewalls don’t guarantee all levels of protection. To play it safe, students should never visit bank account sites, insurance carrier sites and other such sites while using public Wi-Fi. Better yet install Hotspot Shield to lock down and encrypt any unsecured WiFi.
Connection salad. Campuses are full of all sorts of connected devices, from phones and tablets to nutrition trackers and other gadgets. Everyone has a device, creating a hodgepodge of connections that puts students and everyone else on campus at risk for a data breach. These Internet of Things devices need their latest software updates and firmware updates. Keep them safe from physical theft too. Shut them off when not in use.
Password protect devices: We lose stuff and stuff gets stolen. While it is certainly more convenient to not password protect a mobile, laptop or tablet, it is also an identity waiting to be stolen. Everything needs a password and don’t share that password with anyone but parents. Because when you are sleeping some night, a drunk college dormate will come log in and start posing as you on social posting disparaging stuff that will last forever.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.Filed Under: Hotspot Shield wifi
- Lock the doors. This no-brainer doesn’t just mean when you’re gone all evening. It means during the daytime when you’re home. There’s no reason for doors to be unlocked when you’re inside the house. Does your lock consist of a deadbolt? Don’t rely on just a simple lock and key system. Think layers.
- The garage is also a door. Make sure it’s locked at all times. And if you think a skinny intruder won’t slip in through that “little crack” that the garage door is open by in the name of ventilating summer air, think again. Sometimes, the thief is a grade school child. Unplug the garage door when you travel.
- Charlie bars. Place rods in the tracks of your sliding doors to prevent them from being opened. Invest in “door reinforcement technology”. Google it.
- Alarm system. Do you wait till it’s bedtime to put the alarm on? Sociopaths can have an early bedtime. They’re not going to wait till you’re fast asleep to bust into your house. The alarm system should be on at all times. You just never know who might be lurking outside.
And if you’re worried about accidentally opening a door without first turning off the alarm, then train your mind to avoid making this mistake. Installation of an alarm system is easier than ever these days and they come with all sorts of features like motion detectors.
- Lighting in and out. The general idea is to make your home seem occupied even when it isn’t. Lighting on timers is an option. Check out the BeOn. BeOn is a burglar repellent that “learns” your home’s pattern of light usage. So if you then leave the house for a long time, BeON will replicate this pattern. If anyone’s been casing your house and observing your lights-on, lights-off schedule, they will be fooled into thinking you’re home when BeON replays the pattern while you’re out.
- Make some noise. Leaving on the TV or radio is one way to do it. A barking dog is another. The BeOn system will make some noise in its next iteration. Check out their Kickstarter campaign and invest in your homes security.
- Outdoor deterrent. A proven deterrent is a thorny type of shrub placed near entry points—close enough to them such that a burglar would have to endure being painfully poked in order to hide or attempt a break-in.
- Speaking of outdoors…Don’t hide keys outside. Give them to trusted people.
- Blinds and curtains. Do you realize how easily a burglar, casing your house, could see inside, even in broad daylight? They’re not just looking for valuables, but what the house’s occupants look like. Do you look like Jean Claude Van Damme? Or do you look like the average Joe Schmo? Are you female? Unless you resemble Laila Ali, you might want to consider keeping your blinds, shades and curtains down even during the day, at least for rooms where it’s not essential to have “natural light.”
- Guess what burglars like to do online. They like to peruse Facebook pages to see who’s on vacation. Though half the world is on Facebook, have you been lucky enough in your life to feel certain that a thief will never just stumble upon YOUR Facebook page with all the posts about your upcoming vacation, complete with dates of departure and return?
What a nutcase: the man who recently broke into the White House, missing President Obama by just minutes. (Why isn’t the White House fence more unscalable?)
The Sept. 19 incident began when Gonzalez was spotted climbing the fence. A Secret Service agent cleared people out of the area. The intruder sprinted across the lawn after hopping down from the fence and went through the north portico doors. A witness even said, “He got a good run in,” referring to the North Lawn sprint. Parts of the White House were evacuated, and officials were yelling to the man to freeze.
Obama had been scheduled to depart, by helicopter with his daughters, at 7:05 pm, leaving from the South Lawn. Gonzalez got over the fence at 7:20 pm. However, apparently, Obama had left only a few minutes before this incident.
The video surveillance of Gonzalez shows what appears to be a man running in a race. Maybe he’d been training specifically for this event? Who knows.
Though scaling the fence isn’t new, this incident may be a first in that the trespasser succeeded in gaining entry to the White House.
Wonder what Gonzalez has claimed, if at all, is the reason he did what he did. Did “voices” tell him to do it? Was it a dare, a bet with a lot of money riding on it? Did he want 15 minutes of fame, even if it came with a prison cost? And how is it that security at the White House is so lax? What if this guy had had a grenade on him, and Obama was delayed a few more minutes and just happened to be near the entrance where Gonzalez burst into?
You’d think a Whitehouse home security system equipped with armed guards, dogs and fences would keep a crazy out. Or maybe they don’t even have an actual system. If I’m ever elected president, I’d get one.Filed Under: burglary
Okay, so you were taught to share your toys in the sandbox, but little did your parents know that years later, sharing your files could result in disaster.
People share personal and business files all the time on their computers without realizing the security risks. Not all data breaches occur due to malicious events. An annual Ponemon study reveals that 35 percent of leaked data results from unintentional carelessness of the user and 29 percent from network malfunctions.
Workers and consumers alike, quite frankly, are clueless about safe practices and are using practices that are not approved by their company’s IT department. Let’s look at the specifics.
Tunnel vision. Often, users don’t see the grander scheme of things when sharing files. They have tunnel vision and go for the most convenient, cheapest route without considering security. This is how sensitive material gets put at risk. Such users may also end up getting their personal information cluttered up with other family members data or even co-workers data when bringing your own devices to work.
Public sharing settings. Before you share its important you know what you are doing. Years ago I had uploaded a file to a cloud based storage portal and the default settings at the time were “public”, which I didn’t recognize. Shortly after I connected a social site to this service and definitely didn’t realize that document which had personal information was being shared publicly on the social site. When I realized this I felt stupid, and sick.
P2P file sharing. Sharing files over peer networks, such as pirated music etc. creates a hacking risk. The P2P software is a welcome mat to cyber criminals who want to steal information like credit card numbers and information on secret documents. It’s not surprising that P2P software is often in a system that’s been hacked.
The solution is to avoid having P2P software installed at all, including on any BYOD devices. You don’t want to be “that” employee. Along the same lines, make sure that devices are set so that installation of new software cannot occur without the decision maker’s knowledge.
Using just any cloud services. The typical cloud storage is designed for consumers, not businesses, and unless you look at all the settings they can be a risky way of sharing files. Always insist on a higher-grade type of security and storage rather than settling for the run-of-the-mill file sharing service. Look at what security and encryption they have in place, whether you can manually and easily delete files or if they have an expiration date.
Using e-mail to share files. If you send an important document via e-mail, a troublemaker could “see” it while it’s in transmission unless it’s encrypted. By default the email should read HttpS in the address bar when logged in. And of course if you are on free WiFi encrypt that data with Hotspot Shield to prevent WiFi data sniffers.
Flash drives. Think of these little tools as a syringe injecting a virus into your blood. You stick one of these into your computer, and if the drive has been seasoned with malware, your computer will get infected. Anti-virus software, however, can scan a flash drive and its files and knock out any malware.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.Filed Under: online security