The Internet—one of history’s greatest inventions—is also one of history’s greatest platforms for crime. Here are ways things can go very wrong with the Internet of Things.
Med-hacking. Researchers have hacked many medical devices. Though it apparently hasn’t happened in the real world, yet, but it looks like it’s only a matter of time before medical equipment becomes hacked, such as automatic insulin pumps and pacemakers. The FDA is quite new to looking into this potential.
Sauna house. It’s possible for a hacker, if not currently, then in the near future, to get into your connected thermostat and kick it up to 120 degrees. Yes, it’s great to control the thermostat when you’re away from home…but someone else who has too much time on his hands might think that’s great, too!
Smartphones. Maybe one day it will be smarter to go back to the dumb phone. At least a dumb phone can’t be used by a hacker to turn things upside down for you, such as getting ahold of your financial account numbers or sensitive photos.
Your printer can get hacked. Someone could remotely bust into it and view your documents. A crook can infect your home printer with a Trojan to not only spy, but install malware. And if your printer is potentially a target for hackers, imagine what else around your house could be, such as your router and any other gadget that’s connected to the Internet.
From carjack to car-hack. A connected car can be hacked via its wireless enabled radio, with commands then going to the steering wheel or brakes. Know any computer geniuses who hate you and know your car is connected?
Satellite airline equipment is vulnerable to malicious invasions; this has potential repercussions to the communications involving airplanes and ships. This kind of hacking can go as far as tricking a plane to redirect its course.
The TSA carry-on baggage scanner can be hacked into and then used to get weapons past TSA checkpoints. There’s even a feature that can show fake images on the X-ray screen.
So, don’t worry about any of this. But DO something about it. At a minimum lock down your wireless with encryption. Routers come with WPA/2 security and it should be activated. Otherwise deploy antivirus, antispyware, antiphishing and a firewall.Filed Under: online security
Tags: home burglars, home invasion, home protection, home safety, home security, home security tip
The season to give is also the season to steal. Burglars are always looking for great deals—you know—the house that looks like nobody’s ever home; the house that has lots of shrubbery crowding out the doors and windows so that nobody can see the prowler spending 20 minutes trying to break in; the house with the huge Christmas tree in the window and a three-foot-high pile of gifts engulfing it.
- Make it look occupied at all times. When you leave, leave some lights on. Leave a TV on so that the flickering can be seen from outside. Better yet, check the preventative BeOn burglar deterrent home security system that adds a layer of security using light and sound as deterrents to stop break-ins before they happen. Their Kickstarter campaign is rocking two Boston sports celebrities, check it out! Backing BeOn on Kickstarter helps accelerate development of these features to make the occupied home even more convincing.
- Don’t just automatically open the door when the doorbell rings unless you know who’s on the other side. And, it is not rude to ignore someone at your door! “But it might be a neighbor!” You’re not obligated to answer your door if you don’t know who it is. Unless you can clearly see it’s a trust person, don’t answer.
- When you order something to be delivered to your house, make an effort to be there to receive it so that a casing burglar doesn’t see an unattended package and think, “Nobody’s home.” Its also a good idea to set up a UPS and Fedex account to be notified of such deliveries.
- Keep the gifts that are under the tree invisible to the outside.
- If you travel, put your newspaper and mail delivery on vacation hold.
- If you’re traveling, notify the police that you’ll be out of town; ask them if they can drive by every so often to make sure things look okay.
- If you have a dog, see if you can arrange to have someone house sit so that the dog can stay at the house to bark in response to any prowlers.
- Don’t leave the boxes, that expensive items came in, sticking out of your rubbish at the curb. Tear them down so that they can be concealed inside the trash cans.
- Do not reveal your travel plans online, and instruct your kids not to.
- If you have a security system, put their stickers on all your windows and their sign in your yard. If you don’t have a system, get ahold of some stickers and signs anyways and put them up.
Tags: home protection, home safety, home safety tips, home security, vacation homes
You know who really loves that ever-so-annoying “fall back” time change November 1? Burglars. Because it gives them an earlier start on their criminal activities because they love to work in the dark. And burglars get busier as daylight becomes shorter and the holiday season nears.
Many people will take precautions to prevent fires started by Christmas lights, yet will ignore security measures that can prevent a home robbery. Very strange. Though fire prevention is important, your home is, statistically, far more likely to be burglarized during the holidays than go up in smoke. So here are ways to keep the thieves away.
- Keep all windows locked, even on the second floor. Yes, some burglars learn climbing skills.
- Put security films on your windows that prevent penetration from a crow bar or baseball bat.
- Keep all doors locked, even in broad daylight when you’re home.
- Use top-flight locks and door reinforcements.
- Keep curtains or shades/blinds closed so that nobody can peek in and see your valuables or your hardly-imposing 120 pound frame.
- Always collect your mail, newspaper delivery, as soon as they arrive.
- Give your house that lived in look even when your home. Piper’s home automation technology, controlled viayour iOS or Android mobile device,can be set to turn your lights on and off at specific times.
- Put a large dog bowl on the front deck or by the front door. But don’t make it look staged by labeling it “Bear,” “Bruno” or “King.” Make it more realistic by adding a large chew toy and putting the bowl on top of a small mat. Maybe put a big leash nearby.
- Place a pair of men’s size 12 work boots near the door (scuff them up to make them look worn) or get them from an Army Navy surplus store.
- If your car is always parked outside because you don’t have a garage, place a pair of mans gloves on the front dash. Casing thieves will think twice if they think a man’s inside.
- Make sure no shrubbery crowds around entry points.
- If you have a garage, always pack and unpack gifts and stuff so nobody sees what’s going on.
- Don’t blab on social media about stuff you buy or that you are heading to the mall. Many crooks scan social media to see who’s doing what and when.
- Invest in a home security system like Piper, which requires minimal setup, no contracts and provides a clear view (via your mobile device) of what’s going on in your home when you’re not there. With its built-in motion sensor and siren, you can arm Piper to deter and alert you to intruders.
- Put Piper devices near your front door and back door and monitor them on your smartphone or tablet.
Robert Siciliano, personal and home security specialist for Piper, the All-In-One Home Security, Video Monitoring and Automation Device, discussing burglar proofing your home on Fox Boston. Disclosures.Filed Under: home security
Worms. Most of us probably think of them as those squirmy invertebrates we dissected as a kid or found on the sidewalk after a storm. You might have used them as bait for fishing (not phishing), to pull a prank or have even eaten them (no judgment).
Whether you like worms or not, there’s one kind of worm that definitely isn’t your friend—the computer worm. This kind of worm is a computer program that can replicate and send copies of itself to other computers in a network. Worms are considered a subset of viruses, but unlike viruses they can travel without any human action.
Most worms are designed to exploit known security holes in software, although some spread by tricking Internet users. Mass-mailing worms, for instance, spread via email or instant message (IM). They arrive in message attachments and once you download them the worm silently infects your machine. Peer-to-peer (P2P) networks are another avenue for worms: cybercriminals upload infected files with desirable names to entice users into downloading them. And once you download the file your computer is infected.
Once your machine is infected, the worm can corrupt files, steal sensitive information, install a backdoor giving cybercriminals access to your computer, or modify system settings to make your machine more vulnerable. They can also degrade your Internet connection and overall system performance.
The good news is there are steps you can take to keep your computer from being infected:
- Don’t download or open any files on P2P sites.
- Since some worms now have a phishing component—meaning that they try to trick users into running the malicious code—do not click on links in unexpected emails and IMs, or download attachments connected to them.
- Use comprehensive security software, like McAfee LiveSafe™ service, with a software firewall to block unauthorized traffic to and from your computer. Make sure to keep your security software updated.
If you fear that your machine is already infected, immediately run a security scan.
Of course, given the fast-moving nature of Internet worms, your best bet is to be cautious and take steps to avoid getting infected in the first place.
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.Filed Under: cyber crime
Fa la la la la, la la la la. Yes that’s me singing, but thank goodness you can’t really hear me (I save that for the shower). If you can believe it, it’s that time of the year again (even though it seems like we just finished Halloween). Time for holiday parties, family traditions, ugly sweaters, and… scams? Yes, that’s right. Now that the holiday season has begun, many of us are sharing, shopping and booking travel online— even more than we normally do.
And scammers know that with all that money and personal information floating around, they have a big opportunity. Using techniques like phishing, social engineering, fake charities and infected USB drives, cybercriminals can invade your privacy and drain your bank account.
Don’t let these hackers and thieves dampen your holiday cheer. To help you stay safe this season, McAfee has compiled a list of the 12 Scams of the Holidays. Check it out and educate yourself on what scams you need to look out for this holiday season.
Here’s some tips to help you stay safe during the holidays:
- Be careful when clicking. Don’t click on links in email or social media messages from people you don’t know, and use a URL expander to know what site you are going to before clicking on a shortened URL.
- Be suspicious. If a deal seems too good to be true, it probably is.
- Practice safe surfing. Use a Web safety advisor, such as McAfee® SiteAdvisor®, that protects you from going to risky sites.
- Avoid public Wi-Fi. Public Wi-Fi might be convenient, but it’s also accessible to anyone who wants to see what you are doing online.
- Shop safely online. Make sure you stick to reputable e-commerce sites that have been verified as safe by a third-party Trustmark, like McAfee SECURE™. Also look for “https” at the beginning of a site’s URL, which indicates that the site is using encryption to protect your information.
- Use security software on all your devices. Make sure you have comprehensive security protection, like McAfee LiveSafe™ service, for all your devices, including your mobile phone and tablet that also safeguards your data and includes identity protection.
Season of Sharing Sweepstakes
To make sure that we all have a safe and merry holiday, McAfee and Dell have teamed up to bring you the Season of Sharing Sweepstakes—and give you a chance to win prizes. By sharing safe shopping and online safety tips around the 12 scams with your friends and family, you’ll not only be helping others to stay safe online this holiday season, but you’ll also earn a chance to win a $1,000 gift card to Dell.com** along with McAfee LiveSafe service to make sure all your devices are protected!
‘Tis the season to be jolly, so make sure you stay safe online.
*Sweepstakes open to US residents only. NO PURCHASE NECESSARY. Sweepstakes is from November 4 – December 12, 2014. See www.12scams.com for full terms and conditions.
**Terms and conditions apply. See www.dell.com/giftcard.
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.Filed Under: scams
Tags: Facebook privacy, facebook scam, Social Media privacy, social media safety
A federal agent impersonated a woman without her knowledge; he created a Facebook page in a woman named Sondra, and the Justice Department is defending him. In addition, he posted racy photos of her, from her cell phone, to the site. The site was being used to connect with suspected criminals.
Seems like he was simply doing what he had to do, because prior, Sondra had been arrested for suspicion of drug ring involvement. While she was awaiting trial (and ultimately was given probation), the agent created the Facebook account.
“The incident at issue in this case is under review by Justice Department officials,” states Brian Fallon, the Justice Department’s top spokesperson. Facebook’s terms of service do not exempt undercover agents from term violations, one of which is posing as another person.
Facebook removed the page once news broke. This case doesn’t compare to when detectives go undercover in person, posing as a fictitious character or a real person who authorizes the impersonation. Sondra is real, and she didn’t know about this.
The defense claims that Sondra indeed consented because she granted access to the data in her phone. A privacy expert points out, however, that this is parallel to granting detectives permission to search your house for drugs, but then they steal photos in your bedroom and post them online. Furthermore, the agent posted photos of Sondra’s minor son and niece.
But is Sondra any angel herself? She pled guilty to conspiracy to distribute cocaine in February 2011, but was slapped on the wrist because apparently, she wasn’t a key player in the ring. Really this shouldn’t matter.
It is necessary for law enforcement to use any means necessary and legal to capture bad guys. However there must be a better way to create a social profile, such as using a stock photo or even a computer generated one. The technology is readily available to make this happen.Filed Under: Identity Theft
Ever wonder just how hackers bust into systems and cause destruction? One reason is because people are still using weak passwords. While your pet’s name and wedding anniversary dates are easy to remember and sentimental to use, this approach makes a hacker’s job all too easy. Here are 10 things you should know about passwords.
- Never use the same password more than once, because if that account is hacked, and that password is for three other accounts, you’ll get quadruple-hacked.
- Think of a memorable phrase, then abbreviate it, such as, “My all time favorite movie is Jaws which I’ve seen 19 times.” The password would then be: MatfmiJwis19t.
- Don’t stick to just letters and numbers. A “character” can be any number of signs. For an even stronger password, add some random characters: MatfmiJ&wis19t!
- The “dictionary attack” is when a hacker applies software that runs through real words and common number sequences in search of a hit. So if your password is 8642golfer, don’t be surprised if you get hacked.
- A super strong password may be 12 characters, but not all 12 character passwords are strong. So though 1234poiuyzxc is long, it contains a number sequence and keyboard sequences. Though longer means more possible permutations, it’s still smart to avoid sequences and dictionary words.
- Another tip is to create a password that reflects the account. So for instance, your Amazon account could be MatfmiJ&wis19t!AMZ.
- Opt for sites that offer two-step verification. A hacker will need to have possession of your phone or e-mail account in order to use your password, because two-step requires entry of a code that’s sent to your phone or e-mail.
- If you struggle to remember your passwords, you can store them in a cloud where there’s two-factor authentication. But don’t stop there; preserve your passwords in hardcopy form.
- A password manager will make things much easier. With one master password, you can enter all of your accounts. Google “password manager”.
- Don’t check the “remember me” option. Having to type in your password every single time means added protection.
IDC, an IT analyst firm, estimates that the mobile worker population could reach 1.3 billion by 2015, meaning, they access workplace data outside the workplace. This is risky because it exposes data to hackers.
In fact, the safety of what’s displayed on the computer screen in public is of huge concern. The 3M Visual Data Breach Risk Assessment Study provides some troubling findings.
First off, 67 percent of workers expose company data beyond the workplace, including very sensitive information. Typically, the employee has no idea how risky this is. It’s as easy as the crook capturing data, that’s displayed on a screen, with a smartphone camera as he passes by or secretly looks on continuously from nearby.
And there’s little corporate policy in place to guard against this. The study says that 70 percent of professional employees admitted their company lacked any explicit policy on conducting business in public. And 79 percent reported that their employer didn’t even have a policy on privacy filter use.
Either communication about policies with employees is feeble, or attention to visual policy from the decision makers is lacking.
An increasing number of people are taking their online work to public places, but if they knew that company data was properly protected from roving snoops, they’d be more productive. Companies need to take more seriously the issue of visual privacy and this includes equipping employees with tools of protection. Below are more findings.
Type of Data Handled in Public
- Internal financials: 41.77%
- Private HR data: 33.17%
- Trade secrets: 32.17%
- Credit card numbers: 26.18%
- SSNs: 23.94%
- Medical data: 15.34%
Only three percent of the respondents said that there were restrictions imposed on some corporate roles working in public. Eleven percent didn’t even know what their employer’s policy was.
One way to make headway is a privacy filter because it blocks the lateral views of computer screens. Eighty percent of the people in the study said they’d use a device with a filter.
Another factor is that of enlightening workers about the whole issue. An enlightened employee is more likely to conduct public online business with their back to a wall.
- In general, work is not allowed in public: 16%
- No explicit policy on public working: 70%
- To the worker, privacy is very important: 70%; somewhat important: 30%; not very important: 4%; not important at all: 1%.
- Only 35 percent of workers opted to use a kiosk machine with a privacy filter when presented with two machines: one with and one without the privacy filter.
The study concludes that businesses are sadly lacking in security tactics relating to data that’s stored, transmitted, used and displayed. This is a weak link in the chain of sensitive information. Any effective IT security strategy needs to address this issue and take it right down the line to the last employee.Filed Under: Data Breaches
Tags: data breaches, data privacy, data protection, data security, data theft
IT people need to beef up their opinions about cloud security, says a recent report by the Ponemon Institute called “Data Breach: The Cloud Multiplier Effect.”
The report put together data from the responses of over 600 IT and IT security people in the U.S. The report has three observations:
- Many of the respondents don’t think that their companies are adequately inspecting cloud services for security.
- The cost of a data breach can be pricey.
- When a business attempts to bring its own cloud, this is the costliest for high value intellectual property.
- 72% of the participants thought that their cloud service providers would fail to notify them of a breach if it involved theft of sensitive company data.
- 71% believed this would be the same outcome for customer data breaches.
Many company decision makers don’t think they have a whole lot of understanding into how much data or what kind is stored in a cloud.
- 90% thought that a breach could result when backups and storage of classified data were increased by 50 percent over a period of 12 months.
- 65% believed that if the data center were moved from the U.S. to a location offshore, a breach could result.
All of these findings mentioned here are the result of self-estimations rather than objective analysis of real breaches.
Ponemon also determined that if a breach involved at least 100,000 records of stolen personal data, the economic impact could jump from an average of $2.4 million to $4 million, up to $7.3 million. For a breach of confidential or high-value IP data, the impact would soar from $3 million to $5.4 million.
In addition to the self-reporting loophole, the report had a low response rate: Only 4.2 percent of the targeted 16,330 people responded, and in the end, only 3.8 percent were actually used. Nevertheless, you can’t ignore that even self-estimated attitudes paint a dismal picture of how cloud security is regarded.Filed Under: Data Breaches Data Security
There are really so very many ways to protect and make your home safe as well as secure—ways you’d never even think of, so here they are, as well as the classic ways that many people still neglect to implement.
- Big numbers. Make sure your house’s address numbers are very visible to EMS and firefighters.
- Fire attractants. Don’t let dried up brush/leaves accumulate on your property.
- Locks. Locks are worthless if you don’t use them, so keep all doors locked (with top quality systems) even when you’re at home in the afternoon.
- Bad habit. Rinse cigarette butts with water before discarding. Better yet, quit. Seriously, stop it.
- An occupied-appearance. Grass overgrown? Several newspapers scattered in the drive? Porch light on incessantly? Duhh, the occupants are out of town. Make your home look like someone is always there. Have someone mow the grass while you’re away, park their car in your driveway, collect your newspapers, etc. Lighting fixtures that are timed to go on and off will also help.
- Storage. Keep firewood and other flammable items away from your house.
- Treat unexpected visitors like a telemarketer. If the phone rings and you think it’s a telemarketer, you wouldn’t answer it. Yet many people brazenly whip open their door when the bell rings or someone knocks without first checking to see who’s there. Always check first!
- Can’t fool burglars. Don’t bother hiding the spear key under the door mat or under that plastic rock. Find less classic hiding places.
- Treat garage door like bathroom in use: Keep the door closed at all times.
- Smoke alarms. Many people don’t have these, but they really do make a difference. Make sure they work, too, by testing them regularly.
- Escape routes. Pre-determine how you’d escape from a fire and practice the escape.
- Use a safe. If you hardly wear your grandmother’s valuable broach, keep it in a locked safe, along with other valuables you don’t use.
- Door reinforcement. Your doors jams, especially if they are wood, are flimsy and can be kicked in very easily. Beef up the jams with Door Devil door reinforcement technology. This makes kicking in doors very difficult.
- No notes. Never tack a note on your door saying “I’m out for just a minute.” And keep your social status updates private. Don’t tell te world you are out.
- The ring. When you’re out, even for short errands, turn your phone’s ringer to mute so that a prowler doesn’t hear ringing and ringing that means nobody’s home.
- Fire hazards. Never leave the house, even to chat with a neighbor, while a candle inside or fireplace is burning.
- Turn them off. Don’t leave on hot things (curling iron, stovetop, etc.) unless you’re right there using them.
- Charlie bar. Wedge a wooden cylinder-pole or metal one or dice-sized gadget designed for this purpose in the track of any sliding glass door or window to block it from being slid open.
- Don’t get trapped. Make sure any deadbolts don’t lock from the inside which could potentially trap you should there be a fire or intruder pursuing you.
- Keep blinds and curtains down at all times. ‘Nuff said.