Crack Your WiFi Password To Protect Yourself

Ever wanted to be a hacker? Today, anyone can learn code and understand the ins and outs of all the technology we are simultaneously blessed and cursed with. But once you know how all this technology works to the point of calling yourself a hacker (which, by the way, isn’t necessarily a bad word), then everyone in your life will be calling you to fix their devices. Hackers are often technologists that are inventive, curious and take technology to the edge of its limits. They often break it so they can fix it.

2WAnyway, one of the more interesting hacking professions is the “penetration tester,” which is someone hired by companies to determine the vulnerabilities in a company’s networks and then patches those vulnerabilities so bad guys can’t get in. “Penntesters,” as they are known, are good-guy hackers also known as “white hats.” Their counterpart bad-guy hackers, known as “black hats,” are also penntesters—but they don’t do it to look for vulnerabilities to then secure the network; they do it to ultimately get in and steal stuff for their own personal gain.

One of the best ways to protect your own network is to hack your own network, as Lifehacker shows us here. “A new, free, open-source tool called Reaver exploits a security hole in wireless routers and can crack most routers’ current passwords with relative ease. Here’s how to crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network against Reaver attacks.”

What this hacker does is explain how the attack works, seeing the vulnerabilities users can use to reverse engineer this process to protect themselves.

Whether on your own network or on someone’s free wireless network, a VPN such as Hotspot Shield VPN  will mask a user’s IP address and protect all wireless data from thieves. But if a router is hacked, that vulnerability may still allow for an attacker to plant code on various devices. So check out the Lifehacker post and lock down your router with encryption.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

6 Shredding Tips To Prevent Identity Theft

Shredding is fun! Repeat that 10 times and you just might start believing it. Certainly shredding is a tad bit of work, but that’s what kids and interns are for!

4HShredding might be inconvenient, but it’s absolutely necessary—and it’s fundamental to protecting your identity and the identities of those who have entrusted you with their data. Shredding is like recycling, eating well and exercise: You may not always want to do it, but it’s good for you.

Here’s how to better manage your shredables:

  1. Primary documents: I shred everything that comes in the mail with my name on it and that I don’t need. Shred or destroy prescription bottles, CDs with data on them, and supporting tax documents older than three years (some say seven), including investment statements, bank statements, canceled checks and paystubs.
  2. Secondary documents: Documents like ATM receipts, credit card statements, utility bills and insurance policies should all be kept for two years. The only reason to keep these is in case you determine a mistake was made so you can go back and look. Otherwise, if you can access any of these documents online, shred them now. Homeowner-related documents should be kept as long as you own the home and maybe a year after you eventually sell it.
  3. Devices: Don’t forget to shred or destroy hard drives, SD cards, mobile phones, SIM cards and thumb drives. While reformatting and reinstalling an operating system will get rid of most of the data, it’s just better to kill the drive with a special shredder for non-paper files—also known as a sledgehammer.
  4. Reduce paper: One way to reduce all the stuff needing shredding is to turn off the paper. At this point, most, if not all, of your bank, credit card, utilities, mobile phone and other accounts allow (and in some cases, require) e-statements. This means every month you’ll get an email stating, “Your statement is ready!” But don’t click that link, as it could be a phish. Get access to your statements through a password manager or via your favorite menu.
  5. Shred-a-thons: Many banks now sponsor shred-a-thons where one of those crankin’, big shredding trucks shows up to the bank’s parking lot and you can watch boxes and boxes of your stuff get decimated right in front of you. Bring the kids!
  6. Burn it: Depending on the amount of stuff you have to shred and your local ordinances regarding conflagrations, you might want to box up all of your shredables and burn them the same time you might burn leaves, or when you have a backyard bonfire.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Beware of iOS app vulnerabilities when on WiFi

We know WiFi is insecure. When logging onto any open (often public and free) unencrypted WiFi, your data is there for all the snoopy snoopers to see and download for their own personal gain.

1W

But now researchers have found a whole new hack for you to protect yourself from. When iPhone users launch an application, the app sometimes has all its data right there on the device. But more often, the app is talking to its home server, meaning it’s calling home, and will download what you need on demand. An example would be a weather application that is definitely getting all its data from the app’s home server, while a game might have everything it needs on the device.

Still, even in the case of the game, there still may be ads on the game, and those would be streamed to the app. Researchers discovered that there seems to be an issue within iOS that allows for hackers to manipulate the server address the app calls out to in a way that allows the attacker to change the URL address to one that serves up malicious links that would download to the iOS device.

Currently, it is not known if criminal hackers are using this exploit; there are no known reports. The hopes are that Apple will make a quick fix and patch this vulnerability before attackers latch onto it.

Meanwhile, you should only download applications from trusted sources such as Google Play or iTunes—and only use a secure wired or wireless connection when going online. A VPN such as Hotspot Shield VPN will protect users data from the snoopy snoopers…but until Apples fixes this issue, all users are vulnerable.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

7 tips to a secure mobile device

Have you ever received an email like this…I did: “Robert, last night I was at a concert and I must have dropped my phone because I lost it. But then something awful happened. My friends knew I was with my other friend, and she got a call wondering if I was OK. Apparently whoever found or stole my mobile posted all my naked pictures to Facebook. I’ve finally got access to Facebook and I’ve deleted most of them, but it’s been a harrowing experience.”

5W

There are just so many things wrong with this. It’s amazing to me how lazy some people can be with their mobile security—especially if their devices have, ahem, “private” information on them.

  1. Passwords: Mobiles need to be password protected and automatically locked after one minute. A four- to six-letter/number password is sufficient.
  2. Erase on too many password attempts: Enable the option for when someone tries to enter a password in excess of 10 tries, the device erases the data. If you have kids, you may not want to activate the erase option.
  3. Lock/locate/wipe software: Many devices have a feature that allows users to locate the device in the event it’s lost or stolen. And added bonus is it allows you to lock it down (it should already be locked after one minute!) and erases the data remotely.
  4. Security software: Know that mobiles are targeted by virus writers in the same way PCs are. While there are millions of viruses targeting PCs, there still tens of thousands targeting mobiles.
  5. Wireless security: The 3/4G connection on your devices is relatively secure—but the WiFi is definitely not, especially on a public WiFi network. Hotspot Shield VPN is an excellent option to protect your data on an unsecured network.
  6. Update your operating system: Whenever you get a notification that an updated version of your OS is available, it’s often because there was a security vulnerability discovered. Download the update ASAP.
  7. Beware of SMiShing: Whenever you receive text messages to access an account, update your OS or offering cheap goods, be suspect. Really, if you aren’t expecting the text, hit delete.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

6 Ways to erase your Digital Life

You can make yourself “disappear” from the World Wide Web. But be forewarned: Most of the following tactics are irreversible. This includes losing any marketing presence you’ve built up over the years that can bring you business, and it can also result in being unable to restart an eliminated account with the same name or e-mail address.

1PSo before you begin the process of erasing yourself, ask why you wish to disappear in the first place. Are you merely a private person and don’t want your personal information where the whole world can see? Or do you feel threatened in some way (e.g., cyberstalking)?

Re-evaluate your reasons before proceeding. After all, you can create multiple e-mail accounts, for instance, in which one is strictly for business and one is strictly for family. And when registering on any new social media sites or forum boards, you can use a pseudonym. Nevertheless, here are tips on removing your cyber existence.

#1. Delete accounts. Systematically go through every account and delete. To nab every account you’ve ever created, since it’s possible you may not remember some, go through this list:

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • MySpace
  • StumbleUpon
  • Flickr
  • eBay, Amazon, Craigslist
  • PayPal
  • Support forums (medical, parenting, pet ownership, business, etc.)
  • Gaming sites
  • Content sites you’ve written for
  • Freelance job sites
  • The local online newspaper where you’re registered to post comments to articles

 #2. Facebook. Go to Account Settings—Security—Deactivate account. This removes you from visibility, but the account remains just in case you change your mind. To eradicate the account altogether, go to Delete My Account and hit the blue button.

#3. Twitter. Go to Account Settings—Deactivate my account—Okay, fine, deactivate account. “Deactivate” means delete in this case, but you have a 30 day grace period to change your mind.

#4. LinkedIn. Go to Privacy & Settings—Account—Close your account.

#5. Google+.  To remove only your public information, click your name/e-mail address (upper right corner). Go to Account Management—Delete profile and remove related Google+ features—Delete Google+ content.

To remove the entire Google+ account, repeat the above, then hit Delete your entire Google profile. You’ll still be able to use, for instance, your e-mail (gmail), but to eradicate every molecule of Google+ (e.g., mail, calendar), go to your homepage and hit Close account and delete all services and info associated with it.

Mopping up Residue

With the big four gone, now go after smaller accounts. This includes the forum board you registered with 10 years ago for adult acne support but never posted anything. To aid in tracking everything down, use:

  • Account Killer. This tool provides direct links to every account deletion page.
  • Knowem. This tool does a username search on hundreds of social sites.

Then remove personal information from background check sites. This involves more complicated procedures.

#6. Hotspot Shield VPN is a free VPN service that protects your device’s data by ensuring that all web transactions (such as filling out forms, shopping, downloads, etc.) are secured through HTTPS.

With Hotspot Shield, your device basically will be surfing through a protected tunnel away from prying eyes and helps maintain some anonymity on an IP address that in most cases can’t be traced back to your home address or anywhere you’re at or have been.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Cyber Monday Launches Black Hat Shopping Season

Yup, the holidays are here. And I don’t know about y’all, but the last thing I plan on doing is walking into any store to buy anything. Other than to get food, most of my shopping is generally done online.

4WPeople always ask me, “Aren’t you concerned your identity will be stolen? Don’t you worry about always giving out your credit card over the internet?” And I say nope. Not worried. Don’t care. Never have been. And neither should you. Seriously.

BUT! You still have to do something first to make sure that, to a certain degree, you will not end up a victim of fraud. And there are things you should do after you hand over your account information to monitor your accounts.

But no, you shouldn’t worry. Just do this:

Secure your devices: No matter what device or operating system you use, your data is only as secure as its hardware and software. That means updating everything and locking everything up, too.

Operating system: Each device’s manufacturer provides frequent software updates with critical security patches designed to patch any vulnerabilities that were discovered by researchers or criminal hackers. Set critical security patches to update automatically.

Browser: Your browser needs to be updated to its latest version for the same reason an operating system does. Only enter credit card numbers in sites that have HTTPS in the address bar. That means there’s encryption on that page.

Wireless: Always use an encrypted wireless connection using, at a minimum, WPA or WPA2 encryption. Otherwise, use a virtual private network software like one from Hotspot Shield VPN.

Websites: Only buy from legitimate websites that you already use for shopping—sites like Amazon and eBay that you know are relatively safe. Once you stray too far off the ranch, you risk your device being infected, plus orders you place may never arrive and your credit card numbers risk being used without your authorization.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Devising a Data Security Strategy

Whether you are an individual who games, a work-at-home employee, a family of four that shops online, a road warrior or even a small business, chances are you have data to protect—and so this all pertains to you.

5DFundamentals:

Antivirus isn’t enough: A free antivirus package is good, but it might not update automatically—and you need your antivirus to be today’s version. Spend a couple bucks and get your antiphishing, antispyware and firewall protection.

Updated browsers: An old, outdated browser is a nightmare that is often riddled with holes for criminals to slither a bug through. Install the latest update ASAP, automatically or both.

Updated operating systems: Set your OS to automatically update, as manual updates are often forgotten and missed.

Disk encryption: Your device may come equipped with the ability to encrypt individual files, folders or the entire disk. There are many free third-party encryption programs that are excellent.

Backing up: You should have at least two local backups of all your data in case a device fails. I use external drives and GoodSync to keep it all backed up every hour. Also, invest in cloud-based storage that has encryption as well—all for under $100 annually.

Password management: It’s not OK to have one password for 30 accounts. You need 30 different passwords, and this can only be accomplished with a password manager.

Wireless WiFi protection: Having open WiFi so your neighbor can piggyback on your connection is a bad idea. Use WPA2 encryptions that are built into the router. Whenever using public free WiFi, use a virtual private network software such as Hotspot Shield VPN to encrypt all your data.

Mobile device security: Mobiles are small computers that store our data or have access to our cloud-based accounts. Mobiles need to be password protected and have antivirus protection, just like PCs do. Keep in mind that WiFi on a mobile is no different than on a laptop, so use a VPN on your mobile too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Digital wallets will save us!

When you leave your home or apartment in the morning, you might pack up a small bag of whatever you need for the day, which might change daily. But what doesn’t change is the three things you always have, and that’s your keys, mobile device and wallet. They are three essentials we can’t function without.

Fortunately, at least two out of the three are going away. Many locks for homes, businesses and doors are keyless, using a touchpad or buttons. And wallets as we know them are going digital, too. This means all we’ll be left with is our smartphone!

Through near field communications (NFC), smartphones can act as a virtual credit card that makes payments right at the cash register. NFC is much more secure than the traditional plastic cards with the magnetic strip, so the security of NFC is a huge benefit to preventing credit card fraud.

Isis is a mobile payment network comprised of the major mobile networks as a joint venture among the three biggest telecom operators in the United States (AT&T Mobility, T-Mobile USA and Verizon Wireless) to provide consumers and merchants with an open and secure mobile commerce platform. Isis has chosen Gemalto to secure this platform though Gemalto’s Allynis trusted service manager (TSM).

Google is also in the digital wallet game too. No matter if you’re at home or on the go, you can send money to any friend in the U.S. with an email address. It’s easy, fast and free to send directly from your bank account or Google Wallet. Store your loyalty programs in Google Wallet and leave the plastic cards behind, or redeem great offers with Google Wallet from your favorite businesses to save when you shop. For select NFC-enabled devices, you can tap and pay anywhere contactless payments are accepted. Choose to spend your Wallet balance, or add a credit or debit card to fund purchases.

In due time, consumers will be able to rid themselves of their wallets and consolidate all their cards into the mobile devices! I, for one, want this yesterday!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

NFC app on androids facilitates automation

Near field communications (NFC) is the exchange of information between two devices via wireless signal. For example, a wireless signal emitting from your cell phone can act as a credit card when making a purchase. In the case of a mobile wallet application, those devices would be a mobile phone and a point-of-sale device at a checkout counter.

And NFC does so much more on Androids. A program called Trigger, which is available in Google Play, allows you to create customized automation tasks for numerous everyday things we do.

Bored of putting your phone on silent every time you get into the office? Tired of turning off Bluetooth to conserve battery every time juice gets low? This app interacts with your surroundings to configure settings on your phone automatically. Combine triggers and actions to create tasks, then activate the tasks that you create with conditions that you set!

Here are examples of what you can do:

In your car: Use Bluetooth as a trigger to open GPS and launch your favorite music app.

On your nightstand: Program an NFC tag to set your ringer to vibrate, dim your display and set an alarm.

In your home: Configure mobile data to turn off when your phone detects your own WiFi signal.

The current triggers are as follows:

  • NFC
  • Bluetooth
  • WiFi
  • Battery level
  • Location
  • Time triggers

And here are a few examples of the actions that you can perform:

  • Change WiFi, Bluetooth, mobile hotspot, airplane mode, auto-sync, GPS (root users) and mobile data settings.
  • Change your volume or notification tones.
  • Change your display brightness, timeout, auto-rotation or notification light settings.
  • Check in on social media like Foursquare or Google Places.
  • Send messages using Twitter, SMS, email or Glympse.
  • Start or stop applications (root required for stopping applications), dock modes, open URLs, speak text or navigate to an address.
  • Set alarms or create calendar events.

There’s even more, but suffice to say this app allows you to easily program your device to do the actions you manually do regularly.

So go ahead and create your own combinations to automate your life. The only limit is what you can come up with!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Employees putting data at risk on WiFi

Employees expect to uses their mobile devices at work, and employers often don’t mind because of the cost savings. However, being able to use personal smartphones and other mobile devices at the office creates problems for IT managers. A small business with 100 employees might have an additional 300 “bring your own device” users to contend with, all using phones, tablets and laptops. There are a lot of potential leaks there.

While a company’s IT department may have a solid grasp on company-issued laptops, desktops and mobile phones, it is almost impossible to control the various types of personal devices on the company’s network. When you get that new, shiny device and install various apps, and then plug it into your work desktop to update or sync necessary settings, files and folders, you’re putting all the data in the company at risk. Further, the IT guy has to worry about whether that last app you downloaded might infect the entire network.

A recent survey showed just how much employees who use public WiFi while commuting back and forth to work shows they are putting their companies’ data at risk. A survey conducted by GFI Software doesn’t paint a pretty picture. “The research findings reveal a stark and concerning trend among commuters—one of using their personal devices to catch up on work during their commuting downtime, but doing so over highly insecure internet connections that can be easily intercepted by other users or the operator of the access point. Mobile internet access is now firmly entrenched as a day-to-day norm, but with that has come an increasingly relaxed user attitude to data security, compliance and data governance policy. Companies need to address mobile device management to ensure that use in insecure environments doesn’t create vulnerabilities that could be exploited by criminals—both cyber and conventional.”

In the least, these companies should have policies that explicitly spell out what employees can and can’t do on their devices and if they are allowed at all on the network. But in reality, policies are only as effective as the consequences of not following them. If employers want to prevent data leakage, then enterprise-level software must be installed on each device that allows IT to lock, locate and wipe data, along with to restrict the device’s access to certain activities.

Having each device equipped with a VPN (virtual private network) like Hotspot Shield VPN is an effective way to encrypt the devices’ WiFi communications when on unencrypted public WiFi.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.