Log Out, Log Out, I repeat, LOG OUT

One of the most common yet underreported causes of data breaches is users’ failure to properly log out of public PCs.

Is your work computer accessible to others, perhaps after business hours? How about your home computer? Does its use extend beyond your immediate family, to your kids’ friends or babysitters, for example? Do you ever log in to a hotel’s business center PC, or take advantage of free Internet at a bank of sponsored PCs at a conference? Or pay per minute at an Internet café? Maybe you’re you a college student; do you use the PCs in the computer lab, or friends’ PCs?

Any shared PC is at an increased risk for spyware, viruses, and other malicious activities of a criminal hacker, the PCs administrator, or just the dude that happened to use the computer before you. But many people increase their vulnerability simply by failing to log out.

A few months ago, my sister-in-law used my family’s PC, logging in to her Facebook account. After she left, I checked Facebook myself, and quickly realized I was still logged in to her account. To teach her a lesson, I changed her profile picture to something she didn’t appreciate. (Being my sister-in-law, she forgave me.)

This past weekend at a conference, a colleague borrowed my laptop to check his email. Four days later, after having turned the laptop on and off a half dozen times, I attempted to check my own email and found myself still logged in to his Gmail account. In this instance, I quickly logged out, since Gmail notifies users when their accounts are open at multiple IP addresses, and I wasn’t about to hack a colleague.

Web-based email services, social networking sites, and other websites that require login credentials generally provide an option to “Remember me,” “Keep me logged in,” or, “Save password,” and will do so indefinitely. This feature often works with cookies, or codes stored in temp files. Some operating systems also include an “auto-complete” feature, which remembers usernames and passwords.

I’m not entirely sure if my colleague left Gmail’s “Stay signed in” box checked, if Gmail left a cookie on my laptop, or if my operating system remembered him. Either way, he was hackable.

Protect yourself.

I may log in to a PC that is not mine once or twice a year. And when I do, I make sure I log out of any program I logged in to. On the rare occasion that I use someone else’s computer to log in to an account containing sensitive data, I make an effort to change the password. Generally, though, I lug around my own laptop wherever I go, and I use an iPhone.

Never check a “Remember me” box, and if it’s selected by default, remember to uncheck it.

If you get an auto-complete pop-up while logging in, read it carefully and be sure to click the “no” option.

Some PC administrators install password managers that prompt the user to save login credentials. If you are on someone else’s PC and get this kind of pop-up, read it carefully before just clicking buttons to dismiss the pop-up.

Most importantly, PLEASE, for heaven’s sake, LOG OUT. Do I need to repeat myself?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses another data breach on Fox News. Disclosures

Personal Safety When Selling a Home

Two real estate agents were killed in separate incidents in Ohio in the past two weeks.

“Police have confirmed the suspects in this week’s murder of a Youngstown OH realtor are not connected with the murder of a realtor in Ravenna OH the day after.”

“Meeting new clients, showing properties, holding open houses, letting strangers get into your car, and even your marketing may be jeopardizing your personal safety.

The root of the issue is that you have real estate agents with no formal security training who are then meeting with complete strangers at odd times of the day and in vacant homes. Real estate professionals put themselves at risk at so many points. The industry opens itself up to predators.”

Here are a few tips to protect you when selling a property.

Be suspect of everyone. There isn’t any benefit in being paranoid; however, being a little guarded can keep you from getting into a vulnerable situation. Don’t just be wary of a man showing up unaccompanied. Expect them to show up in a nice car, well dressed, maybe with a wife and kids tagging along. They might have a business card saying they are a doctor or a lawyer. Don’t let your guard down.

Appointment Only. When placing ads, all advertisements should state “Appointment only” “Drivers license required” and “Pre Approval Documentation Required.” These are all hoops the bad guy may not want to jump through and you vetting out those who are “just looking” at the same time.

Use the Buddy System. When you set appointments always schedule around a spouse or friends availability so they can join you. There is always strength in numbers. If you have to go it solo, when someone walks in, say, “I’d be happy to show you the benefits of this home! In a few minutes my friend Rocco will be along to assist me,” creating the illusion of the buddy system.

ID and pre-qualify at your first meeting. When you are meeting at your property, get some form of identification. Also, it is to your benefit that a potential client buying a home is pre-qualified. Someone who is pre-qualified by a lender is less likely to be a predator.

Safe open houses. Spend a few minutes considering all the vulnerable points within the home and how you would escape if necessary.

Dress for safety and success. Don’t wear expensive jewelry. A $3-5 thousand-dollar diamond buys a lot of drugs. Dress professionally instead of provocatively.

Robert Siciliano personal security expert to Home Security Source discussing Real estate Agent safety on Inside Edition . Disclosures.

$50 Million Van Gogh Stolen, No Alarm System

“A prized Vincent van Gogh still life was stolen from a Cairo museum  leading to a massive art hunt, conflicting reports about the details of the crime, and plenty of finger-pointing. Five people, meanwhile, have been arrested for “negligence” in relation to the embarrassing theft, which seems to have been carried out in the absence of rudimentary security measures, according to the Agence France-Presse.”

Let us “Hypothesize”: defined as a proposal intended to explain certain facts or phenomena – for a moment.

Lets say you’re flipping burgers at your job and you head home after a long greasy day. On the way home you stop off at your local convenient store for a bag of chips, soda and a crack at the numbers game. That night at the bottom of the hour you watch the lady spin the ball thing and your numbers all get sucked into that number sucking thing. Walla, you just won 50 million clams!! Woohoo!!!

But there is a hitch. In order for you to collect the money you have to agree to allow other people to see it as a pile of 50 million dollars in your house at designated times.

However, knowing that people steal, you can go ahead and do things to secure the money, but you have to keep it in the house.

Remember, you have $50 million, so dropping a few bucks on home security shouldn’t be a big deal. Rap artists do it all day long.

Would you:

a.      Hire a security service like Men In Black with those wrap around the ear thingys and dark glasses?

b.      Get off duty Navy Seals with big guns to stand guard?

c.      Get a bunch of trained Rottweiler’s, Pitt Bulls, Doberman Pincers, and German Shepherds and put raw meat all around the money?

d.       Fill your house with lots of rotting dead skunks so it smells so bad nobody would come?

e.      Invest in a functional security system that has security cameras, beware of dog signs, and security alarm monitoring at a dollar a day?

Hmmmmmm?

“Prosecutor general Abdel Meguid Mahmud acknowledged that security measures at the museum were “inadequate,” branding them “a facade.”

“There are 43 security cameras but only seven are working. Each painting is protected by an alarm but again, none are working,” he told reporters.”

Even the rotting skunks would have done a better job.

Robert Siciliano personal security expert to Home Security Source discussing terrorists and burglars on CNN . Disclosures.

Subdivsion Residents Fighting for Security Camera

Condominium Association, Subdivision Association, or Neighborhood Association, whatever the name is, if you live in one and pay dues and have a board of directors that makes decisions for the community in regards to what you can and can’t do on a property, you probably feel my pain.

I like that bush, I hate that bush, no swing-sets, I want a swing-set, no pets, I want a cat BLAH BLAH BLAH!!

In Atlanta in what the residents of the subdivision considered a “safe neighborhood” a group of men climbed into a basement window of a woman’s home and stole every piece of jewelry, cash and electronics. She now has double deadlocks and door jams. She lives in fear and her home is not the same.

She was quoted saying “As a result, now I literally live like a hermit, with the lights off. I have security cameras up, bars on my windows. I have to go, literally, with a key room to room in my house, because they continue to affect my neighborhood.”

The neighborhood has had 2 burglaries in the past month. One neighbor took a bullet during a breaking.  If this is a “safe neighborhood” then my neighborhood is Fort Knox safe.

“Some residents said that they want home security cameras, but the president of the homeowners association says that’s not going to happen. In a lot of ways, the battle is over what is more important, personal safety or personal privacy.”

Privacy does you no good when you are shot dead by an intruder.

“The camera won’t be any, any good for the security, as far as safety for the community, just one camera,” said the association president.

One home security camera is better than zero cameras. It’s all about layers of security. The more proactive layers in place the more secure you will be. Wake up Mr. President.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Top 5 Credit/Debit Card Skimming Attacks

Credit card fraud is a multi-billion dollar industry. Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.

Skimming can occur in a few different ways;

Wedge Skimming

The most common skim is when a store clerk/waiter etc. takes your card and runs it through a card reader device that copies the information from the magnetic strip. Once the thief has the credit or debit card data he downloads it to his PC then he can burn the data to a gift card or blank “white card” or place orders over the phone or online.

POS Swaps

EFTPOS (electronic funds transfers at the point of sale) skimming occurs when the point of sale terminal is replaced with a skimming device. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services at these outlets. This is what happened to Stop and Shop. In Australia, fast food chains, convenience stores, and specialty clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted.

ATM Skimmers

Criminals can also place a card reader device on the face of an ATM, which appears to be a part of the machine. The device may have wireless Bluetooth or cellular technology built to obtain the data remotely.   It’s almost impossible for civilians to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often, the thieves will hide a small pinhole camera in a brochure holder, light bar, mirror or car stereo looking speaker on the face of the ATM in order to extract the victim’s pin number. Gas pumps are equally vulnerable to this type of scam.

Data Interceptors

Another type of gas pump skim is pulled off due to a common set of keys that will open almost any gas pump. Criminals pose as fuel pump technicians and access the terminal with the master keys. Once inside they access the wires that connect the key pad/card reader and piggyback a device inside the pump that reads all the unencrypted card data.

Dummy ATMs

In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read/copy data. The machine might be powered by car batteries or plugged in the nearest outlet. I bought one off Craigslist for $750 from a guy named Bob at a bar. How you like them apples.

When credit card information is skimmed, hackers can copy the data on blank cards, gift cards, hotel keys, or “white” cards. White cards are effective at self checkouts, or when the thief knows the clerk and is able to “sweetheart” the transaction. A white card can also be pressed with foils to look like a legitimate credit card, as seen in this video.

To help combat ATM Skimming, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

Consumers must check their statements online weekly or at least their papers ones monthly. Refute unauthorized charges immediately. Federal law allows up to 60 days to dispute a charge. After that you may be paying for an identity thief’s Vegas bender. Whenever entering a PIN always cover the keypad with your other hand.

Robert Siciliano personal security expert to Home Security Source discussing ATM skimming on Fox Boston. Disclosures.

Victim Rebuilds Life After Identity Theft

This story is about a victim of criminal identity theft. The victim is a trucker who discovered that his identity had been stolen when his commercial driver’s license was suspended because the thief who stole his identity had been busted for drinking and driving on four different occasions. Imagine.

The consequences of identity theft are often so overwhelming that the pressure affects every aspect of the victims’ lives. Sometimes the stress is so great that people just fall apart. In the case, the victim lost his license, his possessions, and his marriage.

After testifying against the identity thief, the victim, Earl Robert Hood, told the Associated Press, “It was just hard to sit there in that room with him, knowing what he’d done to me and my family. It’s not just me that it affected; it affected all four of my children, too. Because for two years, they didn’t have Christmas.” The victim went on to say the thief didn’t just steal his name; he stole his life. “I’ve lost everything,” he said. “It just completely wiped me out.”

When this victim’s commercial driver’s license was suspended, so was his ability to earn a living. With no money coming in, bills piled up and the downward spiral began.

Hood’s identity was stolen after he handed his personal information over to a potential employer. Job applications often require applicants to provide home addresses, copies of existing driver’s licenses, Social Security numbers, and, in some cases, birth certificates. This is more than enough information for an identity thief to assume a victim’s full identity.

Victims of identity theft are generally presumed guilty until proven innocent. In this case, the perpetrator committed crimes in multiple states, which further complicated the situation. It took years for this victim to recover his license, even after contacting his state’s Attorney General.

Identity theft can happen to anyone.  McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike & Juliet.(Disclosures)

Criminal Hackers Steal Victims Home

A sophisticated scam left an Australian business man with a half million dollars stolen when criminals sold 2 properties and almost a 3rd using his stolen credentials. This kind of scam is happening in the U.S. too.

The business man had been overseas for a while and his neighbor contacted him at one point because his home was on the market and being sold. When the business man started investigating the non-permissioned sale, that’s when he realized the other properties had been sold and were no longer his.

The thieves, were believed to be Nigerian, and had enough information on the man to allow the real estate transactions to go through.  It is believed the criminal hackers got into his email account and obtained his personal identifying information along with his property documents which enabled the criminals to sell the houses.

Reports state the transactions were made virtually via email, telephone and fax, without any physical contact between the owner and anyone else. In this scam the owner, the real estate agent, banks, and various government agencies were all duped.

The system of checking and verifying identities in this case and in others often fails.

Advice to prevent this type of crime is often directed towards real estate agents who are used as the pawn in the transaction and do the dirty deed for the scammer.

In the very least agents should request a photocopy of a driver’s license or passport before listing a home for sale when doing business virtually. Other suggestions might be verify signatures using a notary or checking existing documentation and compare signatures. Look at deeds for alterations and get them from the title company.

More importantly it is essential that the homeowner meet the real estate agent for a face to face meeting. Airfare can’t cost more than a few thousand dollars and when doing a half million dollar transaction it makes sense for everyone involved to make this a priority.

But the best thing and probably the most effective solution when doing a full blown virtual transaction is to contact a lawyer wherever the seller may be and require the seller to verify themselves through a competent lawyer or other professional who can review and certify the sellers credentials.

Homeowners have a different set of responsibilities.

First and foremost make sure to invest in title insurance. Title insurance should cover legal bills associated with this type of scam. Check the policy.

If you plan on leaving your home or investment property vacant for any period of time get friendly with your neighbors and request they alert you in case your property goes on sale.

Do the same with local real estate agents and request they do an occasional drive by. Have that same real estate agent check the MLS listing occasionally looking for your property to show up on the market.

Invest in technology. A home security camera solution that alerts you to any activity on the home can give you a sense of there is any mischief. Motion sensitive cameras can alert you to any activity via text or email and can be viewed remotely via a mobile phone or internet connection.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

P2P File Sharing On College Campuses

Peer-to-peer file sharing, or P2P, has become enormously popular on college campuses across the country because it allows students to easily exchange music and video files over the Internet. Tens of millions of people use P2P applications such as Limewire, eDonkey, and BearShare to fill their MP3 players and hard drives with all the music and movies they want, all for free. But even “free” has a cost.

In addition to violating copyright laws, there are other potential dangers when downloading files via P2P. For instance, hackers know that source files on P2P networks are not being validated, so it’s easy to trick you into downloading a virus or spyware instead of the Justin Beiber video you thought you were getting.

The other major issue is the simple fact that P2P programs share your data with all of the other P2P users in cyberspace. Because of this, there is a good chance you might unknowingly share your most precious and private data with the rest of the world.

During installation, P2P programs scan your hard drive, looking for files to share. If you do not exercise caution, your entire hard drive, including any confidential documents it may contain, could be left wide open for anyone to access.

Think about the files you have on your PC right now. Are you storing documents that have your passwords, Social Security number, or bank account information? If you have P2P software on your PC, you could be targeted for identity theft.

Digging through P2P networks for my own research, I’ve uncovered tax returns, student loan applications, credit reports, and Social Security numbers. I’ve found love letters, private photos, videos, and just about anything else that can be saved as a digital file.

P2P networks have even exposed details on a U.S. Secret Service safe house for the president and his family, and revealed blueprints for President Obama’s private helicopter. While you probably don’t have state secrets stored on your PC, you should still take care to keep your sensitive files safe.

Here are some tips to protect you from accidentally sharing data on a P2P network:

The smartest way to stay safe is not to install P2P software on your computer in the first place.

If you think a family member may have installed P2P software on their computer, check for new, unfamiliar applications. A look at your “All Programs Menu” will show nearly every program on your computer. If you see one you don’t recognize, do an online search to see if it is a P2P application.

Set administrative privileges on your computer to prevent the installation of new software without your knowledge.

Use comprehensive security software such as McAfee® Total Protection and keep it up to date.

Make sure your firewall is enabled, and if an application asks you to change your settings to enable access to the Internet, don’t allow it.

P2P file sharing can be tempting, but in most cases, the costly dangers just aren’t worth it.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visithttp://www.counteridentitytheft.com.

Woman Drags Naked Intruder By His Beard

‘Hell hath no fury like a woman scorned’…then there is this woman.

They say “never hit a woman”.  The reason is because women don’t just hit back, they keep hitting back until they are done with you. Plus it isn’t cool.

A 64-year-old woman fought off a neighbor and dragged him out of her house by his beard after he let himself into her Kansas City home and took his clothes off. The woman said she awoke about 12:50 a.m and found her 62-year-old neighbor standing over her naked, as she tried to throw him out, he allegedly grabbed her throat. She picked up a tape measure and bonked it against his head three times. He left.”

Moment’s later police found him outside crying. I think I’d cry too after a bonk on the head and a whooping like that.

Resistance in this situation worked out for the victim.  At 64 she decided she wasn’t going to sit back and allow the intruder to make advances on her in any way.

What is important to understand is in any attack situation the victim actually has a lot of control over the outcome if they react within the first 30-60 seconds. What the victim does in that initial time frame can allow them to gain control over the direction of the attack. The attacker generally goes into the attack thinking the victim will be submissive but when the victim is confrontational the attacker is usually not prepared for that.

This entire situation could have been prevented if the homeowner had a home security system installed and beefed up her doors and windows with the appropriate locks. Now THAT is taking control.

Robert Siciliano personal security expert to Home Security Source discussing self defense on Fox Boston. Disclosures.

Police Warn Burglars Are Using Social Networks

The sage advice used to be “don’t tell the world you are on vacation via your outgoing answering machine.” Then we pretty much eliminated answering machines and the advice pertained to voicemail. As we got more technology, the same message was don’t tell the world you are on vacation via your emails auto responder.

For a few years now I’ve been warning people about how vulnerable they are when they post their whereabouts in social media. And it looks like the bad-guy figured it out and is taking advantage of peoples’ naiveté.

In Nashua, NH, police busted a bunch of burglars they say used Facebook as a tool to gather intelligence on who is home and who is not home.

Police said they recovered between $100,000 and $200,000 worth of stolen property as a result of an investigation.  Police said there were 50 home burglaries in the city in August. Investigators said the suspects used social networking sites such as Facebook to identify victims who posted online that they would not be home at a certain time.

“Be careful of what you post on these social networking sites,” said Capt. Ron Dickerson. “We know for a fact that some of these players, some of these criminals, were looking on these sites and identifying their targets through these social networking sites.”

It is obvious to me that none of these homes had home security systems, alarms or cameras. Due to the fact they were successfully burglarized. And once an intruder enters your home and does their dirty deed, your “castle” and how you feel in it is never the same.

Protecting yourself is real simple. Be cautious about what you post on social media and consider an investment in a home security system.

Robert Siciliano personal security expert to Home Security Source discussing Social Media and giving out to much information on the CBS Early Show. Disclosures.