App Tells Who’s Digging into Your Personal Data

/in , , , /by

Did you know that sometimes, the apps you use for your smartphone have access to your personal information and are capable of sharing it? Are you aware that your privacy can be invaded across the network board? That includes Twitter, Facebook, Instagram, LinkedIn, Google+ and more.

1PAnd how can you tell which applications can do this? MyPermissions can tell you. Once you load this and do some setting up, you’ll see which apps on your device has access to your information.

For instance, it’s not just a matter of who can get your information, but how often and just what, such as your contact list, photos and more. The more apps you use, the more likely your personal information is getting “shared,” i.e., leaked into cyberspace without your knowledge.

MyPermissions will alert you when an application barges into your sensitive information. It will give you control over who gets access to your data.

Without MyPermissions, it’s like walking through a crowded area and dropping one copy after another of your driver’s license, bank statement, credit card and family contacts.

So let’s suppose you’d like to start with Facebook. You tell MyPermissions you’d like a scan. MyPermissions will use your FB account to look for external connections. You’ll have a dashboard to see who’s getting into your information and you’ll be directed in how to stop this.

Worried if MyPermissions will share your data? Don’t. It will never collect, store or use any of your private information.

A similar application is that of Online Privacy Shield (free from Google Play Store). It will tell you which of your apps are nosing around in your private files and what they’re getting. And you could control who gets what.

Instagram, Twitter, Facebook, LinkedIn, etc., all have different ways for terminating access to your privacy, so bear with that—don’t expect all to terminate with one simple click just because one particular service has a one-click termination.

Be prepared for a shock: Hundreds of apps may have access to your sensitive data. You’ll need to embrace and appreciate the time required to get all of this straightened out. But when all is said and done, you’ll be glad you took that time.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Things to tell your Kids about Privacy Online

/in /by

Those were the days when all parents had to worry about was the creepy guy lurking near the playground. Now parents have to worry about creeps all over the world reaching their kids via computer. And there’s more to worry about. Here’s what to teach your kids: 2P

  • Screen names should not be revealing about location, age or even gender. Never use the full name. Choose a name that would never outright point to the user, such as “Chris J,” when everyone knows the user as Tina Jones. “Chris” can make Tina (Christina) still feel connected to the screen name. And “sweetcheeks” isn’t a good screen name for anyone, especially a kid.
  • Before posting anything, make sure the answer would be “yes” if asked if your grandmother would approve.
  • Deleting an image or comment doesn’t mean it’s removed from cyberspace. While it was up, it could have been shared and recirculated. The No. 1 rule is: Once it’s online, it’s permanently there, no matter what you do with it afterwards.
  • Don’t assume that just because the privacy settings are high, that only a very limited audience will view the posting. Somehow, some way, there’s always a way for something to “get out.” An example would be an authorized viewer sharing the image or posting.
  • Racy images and offensive posts may seem harmless now, but down the road can return to haunt the user when they apply for college, a job or are in a lawsuit.
  • Never impersonate anyone.
  • Discourage sharing personal things online; it’s better to just yak about it in person or over the phone. As for things like address and Social Security number, this information should never be given out unless for a job or school application.
  • Be polite online. “Speak” coherently, use punctuation, don’t ramble, don’t swear and don’t use all caps. Use spell check when possible.
  • Avoid sex talk online at all costs. A predator can pose as anyone and win the trust of kids.

Parents should learn about how privacy settings work so that their kids aren’t left to figure it out themselves. Otherwise, uninformed kids might just let it go and not bother. This approach will let the whole world see what they’re posting. Privacy settings for all accounts should be high, including chat and e-mail accounts.

  • Keep the lines of communication open with your kids.
  • Peruse the social networking sites your kids use to see if they’re posting anything risky or inappropriate, such as announcing vacation plans (something that burglars search for).
  • Tell your kids to report anything suspicious online, just as they’d report to you if someone was hiding in the bushes outside your house.
  • Review the friends list of your kids.
  • Install Hotspot Shield VPN. This is security software which, in addition to antivirus/phishing software and a firewall, will help prevent hacking.
  • Make the non-negotiable rule that you can check your kids’ devices at will, and that any online “friend” your child wishes to meet must meet you first.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Why Hacking is a National Emergency

/in /by

Foreign hackers, look out: Uncle Sam is out to get you. President Obama has issued an order that allows the State Department and Treasury Departments to immobilize the financial assets of anyone out-of country suspected of committing or otherwise being involved in cyber crimes against the U.S.

7WkThis order, two years in the making, covers hacking of anything. The order refers to hacking as a national emergency. Imagine if entire power grids were hacked into. Yes, a national emergency.

Another reason hacking is a national crisis is because the guilty parties are so difficult to track down. Hackers are skilled at making it seem that an innocent entity is guilty. And a major hacking event can be committed by just a few people with limited resources.

However, the order has some criticism, including that of assigning it an over-reaction to the Sony data breach. But it seems that the government can never be too vigilant about going after hackers.

Proponents point out that the order allows our government greater flexibility to go after the key countries where major hacks come from, like Russia and China. This flexibility is very important because the U.S. has a crucial financial relationship with these countries. And that needs to be preserved.

For instance, there’d be little adverse impact to the U.S. if our government choked off the bank accounts of isolated hackers who were part of the Chinese government, vs. strangling the entire Chinese government.

In short, the activities of small hacking groups or individual hackers within a foreign government will be dealt with without penalizing the entire government—kind of like doing away with punishing the entire fourth grade class because one kid threw a spitball.

Hacking is now elevated to terrorism status; the order is based on the anti-terrorism bill. So foreign hackers, you’ve been warned; the U.S. is not reluctant to level you because the order allows for sparing your government as a whole from being sanctioned.

You can do your part to protect the Homeland simply by protecting your own devices using antivirus, antispyware, antiphishing and a firewall. Keep your devices operating system updated and uses a VPN when on public WiFi.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention.

How to sign out of all Google Accounts

/in , /by

Let’s cut to the chase (never mind how you misplaced your phone): There are several ways to sign out of your Google accounts remotely. It takes three steps, and you’ll need the desktop version of Google. gg

  • On a mobile use a browser opposed to the Gmail/Google app and sign in at gmail.com.
  • Seek out “Desktop version” at the bottom of the window/browser. Click it. You may need to login again.
  • At the very bottom you will see “Recent Activity” in the right corner. Look below that to see “Details.” Click that.
  • A window will pop up giving you information about your account.
  • Look at the top of the page for a button, “Sign out all other sessions.” Click that.
  • And that’s it! Do this now to test it out.

You just signed out of your Google account. What this means is that anyone who might be in your account gets signed out or anyone who gets ahold of your lost or stolen phone/laptop etc will not be able to gain access, because they will need your password (which hopefully isn’t something dopey like 123password or password1, being that these are among the most commonly used passwords and thus very easy to guess at).

Keep in mind that Google has a device location tool. It works only when you’re signed in on the said device. So if you just signed out of all of your Google accounts, this location feature will be of no use. But if you happen to know precisely where your “lost” phone is, then it makes sense to sign out on all Google accounts.

Sounds odd, because chances are, if you know exactly where the phone is…it’s probably not in the hands of a crooked or nosy person. But you just never know.

For example, you may discover your phone is missing after you’ve returned from the gym. So you call the gym and sure enough, your phone was found in the locker room and turned in to the front desk. Thus, you know precisely where it is. However, who’s to say that a bored employee won’t tinker around with it?

If you know where the phone is, don’t delay in retrieving it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Police offer 18 Burglary Prevention Tips

/in /by

To help keep your home and property safe from crime, the New Castle County Police Department provides the following guidelines:

  1. Sounds like a no-brainer, but so many people do otherwise: Keep your doors locked at all times. People will actually go to sleep with the front door unlocked.
  2. Doors should be locked with a deadbolt that has at least a one-inch throw.
  3. Keep windows locked. People have been known to leave a window open overnight in their child’s bedroom. Yes, hot weather is here, but there are ways to ventilate rooms without inviting burglars and rapists in. A bad guy could easily, and quietly, remove a screen.
  4. Check all your windows; all should have locks.
  5. All sliding doors and windows should have a block in the track.
  6. The garage door should never be open unless it’s in use. This includes when you’re outdoors doing yardwork—it’s not in use while you’re tending the garden or lawn.
  7. Check the window A/C units: They should be very difficult to remove.
  8. Close curtains and blinds at night. This means when it begins getting dusky.
  9. Your house number should be easy to read, ideally large, reflective numbers.
  10. Lighting should be installed at all entrances: front, side and back.
  11. Install a timed lighting system to make it look like someone is always home.
  12. Make sure there are no trees or brush obscuring entrances, as burglars can hide more easily.
  13. Don’t leave ladders out in the yard because you don’t have the energy after doing a project to return them to the garage. Unless you just became overcome with severe food poisoning, you can hustle that ladder back into the garage.
  14. Don’t hide keys under the welcome mat or anyplace else outside.
  15. Garage door openers should not be visible inside your car. Neither should valuables, even a pricey pair of sunglasses.
  16. Leave a TV on when you go out at night.
  17. Never post travel plans on social media.
  18. Never create a voicemail message that indicates you’re not home.

On that last point…it’s amazing that people will actually leave a message like, “We’re not home right now, so please leave your name, number and a message…”

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Don’t Rely on the Password Reset

/in /by

Think about your keychain. It probably holds the necessities: car keys, home keys, work keys, miscellaneous keychains you bought on your previous vacations. Now, imagine you have a keychain full of these keys that all look the same, but each only opens a specific door.

5DSounds kind of like your list of passwords, right? But what happens when you have all of these keys, and you need to get into your house? In either situation it can be easy to forget which key, or password, goes to what door or website.

So, back to the locked door situation, what do you do? A friend wouldn’t have a key that opens your house, and breaking down the door isn’t a good option for obvious reasons. Would you rely on a locksmith to come change the locks every time you forget your key? That would get old very quick.

It’s essentially the same thing when it comes to your passwords. It’s almost like you’re having to call a locksmith every time you want to get into your house because every time you leave, the lock changes. If you wouldn’t rely on a locksmith every time you want to open your house, why rely on the password reset? Step up your password game instead.

If you have loads of accounts and can’t deal with the hassle of creating and remembering long, strong passwords that are different for every account, then you need a password manager.

Not only will such a service help you create a killer password, but you’ll get a single “master” password that gets into all of your accounts. A password manager will also eliminate having to reset passwords.

Use these tips to make sure that your passwords are strong and protected:

  • Make sure your passwords are at least eight characters long and include mix matched numbers, letters and characters that don’t directly spell any words.
  • Use different passwords for separate accounts, especially for banking and other high-value websites.
  • Change your passwords frequently.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Managing Your Online Reputation

/in , /by

You’ve been “Googled.” No matter how small a speck you think you are in this universe, you have without a doubt created an online footprint that is attached to your name. Chances are high that someone out there has followed this footprint of yours via a Google search.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Whether by a business colleague, family member or even a significant other, it’s reasonable to assume that your name will be “searched” online for personal information about you. But, what are the results of these searches? Are you comfortable with what they might have discovered?

Online reputations are a part of everyday life that should not be taken for granted; they can be key factors in finding (and keeping) a job, not to mention personal and professional relationships.

Make sure your online reputation isn’t tarnishing your personal image. First step: search yourself! You can use any or all of the popular search engines, such as Bing and Google. You will want to make sure to view the search results when you’re logged in and out of your browser, as this can alter the outcome. Results can be different depending on many factors including the type of web browser, geographic location, web history or data center that is serving up the search results. You may be surprised to find that there is negative information you’ll want to get rid of.

If this is the case, and you want to remove some damaging results, you can use this link for Google and this link for Bing to request the removal of particular search results.

Use these tips to ensure your online reputation isn’t susceptible to generating negative search results:

  • Set your social media accounts to private to prevent unwanted retweets, shares, likes and posts (and think before you post).
  • Review the privacy settings for your social media accounts so that people aren’t seeing things you don’t want them to see.
  • Review all of your avatars. They are the world’s first impression of you, even if it’s obviously not you (e.g., an image of an evil dictator).
  • Review photos of yourself. Duck-face mirror selfies and party pictures are a major red flag. Remove any other unfavorable pictures that may lead to negative search results.
  • Remove any insulting or otherwise negative comments you may have made.
  • Now add in some information that elevates you.
  • Never drink while posting. While PUI’s are legal, you could regret it.

There are also ways to build up your online reputation:

  • Check out online portfolio sites such as meAbout.me and Seelio. These can help you to build your digital identity through a single website that showcases all of the positive information from your varying social media accounts.
  • Signing up with services such as Youtube or Flickr where you can promote your skills can also be a big reputation boost.
  • Another option is to create your own personal website domain, where you can represent yourself or your brand in whatever light you choose.
  • Look into online reputation management companies. Expect to pay some dough, but there’s nothing like having all that bad stuff swept under the rug.

Whether it is through posts, updates, or even mobile phones tracking location, just about every part of your daily life is somehow tied to your online profiles. This influx of time spent connected makes managing your online reputation a clear necessity to ensure the face-to-face image that you project into the world, matches the one linked to you online.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Signs You have Malware and what You can do

/in /by

Not all computer viruses immediately crash your device in a dramatic display. A virus can run in the background, quietly creeping around on its tip-toes, stealing things and messing things up along the way. If your computer has a virus, here’s what may happen:6D

  • Windows suddenly shuts down.
  • Programs automatically start up.
  • Some programs won’t start at your command.
  • The hard disk can be heard constantly working.
  • Things are running awfully slow.
  • Spontaneous occurrence of messages.
  • The activity light on the external modem, instead of flickering, is always lit.
  • Your mouse moves all on its own.
  • Applications in your task manager are running that you don’t recognize.

If any of these things are happening, this doesn’t automatically mean a virus, but it does mean to be on the alert.

If you have antivirus software (and if you don’t, why not?) it should scan your computer on a pre-programmed routine basis and automatically download updates. Antivirus software truly works at keeping the bugs out or quarantining one that gets in.

We will never eradicate the computer virus (a.k.a. malware) as it is always evolving to be one step ahead of antivirus software. This is why you must not sit back and let the antivirus software do 100 percent of the work. You should play a part, too.

  • Every day without fail, run a scan of your computer. This would be a quick scan, but every week you should run a deep scan. These scans can be programmed to run automatically, or you can run them manually.
  • You can have the best antivirus software in the world that runs scans every day, but it’s worthless if you shut it down and then open those iron gates and let a virus in. This will happen if you click on a malicious attachment in an e-mail from a sender posing as someone you know or posing as your bank, employer, etc. Never open attachments unless you’re expecting something from someone you know. If you open a malware laced attachment it will download a virus. And by the way, hackers are very skilled at making an e-mail appear like it’s from someone you know.
  • Never click on links inside e-mails unless it’s from someone you know who regularly sends you links, and even then, be alert to any anomalies, such as, for example, this person always includes a subject line, but one day, it’s blank. Should you open the attachment? Contact this person in a new e-mail chain to see if they just sent you something. And never click on links that are allegedly sent from your bank, a retailer, the IRS, etc. A malicious link could download a virus or lure you to a site that, once you’re there, downloads a virus.

Set your e-mail program to display text only, so that it will alert you before any links or graphics are loaded.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Reports say Russians hacked IRS Identities

/in /by

CNN recently reported that the data breach of the IRS, which occurred between this past February and May, originated from Russia. The crooks were able to steal tax returns from over 100,000 people. The thieves filed a total of $50 million in tax refunds, having obtained personal data to get ahold of the data.

11DIn other words, this crime wasn’t a hacking job. The Russians didn’t hack into the IRS’s network through some “back door” or social engineering scheme. They actually entered through the front door, using the personal data they had obtained.

Just how the breach came about is not yet known. The IRS’s Criminal Investigation Unit, plus the Treasury Inspector General for Tax Administration, are trying to figure it all out. The FBI is also involved.

Americans have no reason to feel secure about the protection of their tax data. For years, there have been security concerns by the leaders, and this latest Russian incident has fueled the flames.

Orrin Hatch, the Republican Senate Finance Committee Chairman, has stated: “When the federal government fails to protect private and confidential taxpayer information, Congress must act.” This is not the first time that the Russians have caused a data breach for the U.S. government.

As for this latest incident, the Russian thieves had originally tried to get into the tax records of 200,000 people, but were only 50 percent successful—resulting in the breach of those 100,000 Americans.

However, the IRS intends on contacting every one of those 200,000 people about the attempt. This is because third parties may have these people’s Social Security numbers, among other personal data.

And what is the consolation for the 100,000 people whose tax records were obtained? The IRS said they will get free credit monitoring.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Time to tighten up Google Privacy Settings

/in , /by

There is good news for the tech-unsavvy out there: Google has made their privacy settings easier to work with. This day has not come a moment too soon. “My Account” is Google’s new dashboard.

ggWhen you use any Google account, the giant company collects information on you. The new dashboard will reveal what information this is. My Account also has other privacy related features; check it out first chance that you get. It has the following three sections.

Security

  • If you get locked out of your Google account, Google will contact you via the phone number and e-mail address you’ll see in this section, and you can change them, too.
  • You can look over a list of apps, websites and more that have access to your Google account info. You can place restrictions on permissions.
  • Lists devices that have connected to your Google account.
  • You can change your password.

Privacy

  • Google collects information on you including what you watch on YouTube; this section reveals which information on you is saved.
  • This section controls what phone numbers people can reach you on Hangouts.
  • Additionally you can adjust your public likes and subscriptions on YouTube.
  • Third, you can alter the information that you share on Google+.

Account Preferences

  • Here you can select the language for your Google accounts.
  • Here you can delete your entire account or some of it.
  • You can adjust the accessibility features.

Think of how great it would be to view a list of all the information that Google has collected from your computer, tablet or smartphone…and then delete whichever items you choose. You now no longer have to use the excuse, “It’s too techy for me,” to avoid delving into the privacy settings and making adjustments to your liking. You have a right to know what Google gets on you and what everyone else on the planet can see, too.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.