Who Owns the Online Road?

“Net neutrality” refers to the idea that Internet service providers should treat all sources of data equally. There has been debate as to whether ISPs should be permitted to treat their own content preferentially, or allow certain content providers to pay for faster transmission, creating two tiers of web service. There is also a question as to whether these companies can block or create hurdles to reach content representing controversial points of view.

The New York Times reports, “The proposed rules of the online road would prevent fixed-line broadband providers like Comcast and Qwest from blocking access to sites and applications. The rules, however, would allow wireless companies more latitude in putting limits on access to services and applications.”

A two-tiered web is one in which powerful companies have the ability to play favorites. Major corporations with deep pockets could purchase higher speed service to transmit their own content, while consumers would lack those resources. Some say a two-tiered Internet would bring consumer connections to a crawl. While there probably will be some abuses, I’m sure that if this happens, these abuses will come to light relatively quickly.

What has many up in arms has been the broadband carriers’ attempt to block websites or applications. In some cases those sites may compete with the carrier, or they may be a drain on resources, such as with torrent downloading sites. It doesn’t look like carriers will be allowed to block anything, but this battle is just beginning.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses the possibility of an internet crash on Fox Boston. Disclosures

Front Row Seats When Internet Doomsday Hits Egypt

Most of us would have no idea Egypt had pulled the plug on the Internet unless it was splashed all over the news. However one company called iovation knew right away.

Basically “just like that” the up to 1000 fraud checks they receive every hour out of Egypt dropped to zero. At first glance one would think there was some type of meltdown or maybe Egyptian scammers all of a sudden decided to get a job.

Normally, iovation would see thousands of queries from Egyptian customers interacting with businesses of all types, including social networks, online dating sites, online gaming sites, banks and retailers. Then at about 6:00 pm Eastern time, nothing.

“We’ve got a unique view of the Internet at iovation. Our service experiences the interaction of unique computers and mobile devices from every nation on earth, across a broad swath of Internet commerce,” says VP of Corporate Development, Jon Karl. “When we’re seeing Egypt’s Internet fall off a cliff, it’s at a more precise individual user level rather than just through aggregated online traffic. While transactions from Egypt represent a very small percentage of the queries to iovation’s service, it has a ripple effect that’s felt by a wide variety of our customers.”

NPR reports “Egypt has apparently done what many technologists thought was unthinkable for any country with a major Internet economy: It unplugged itself entirely from the Internet to try and silence dissent. Experts say it’s unlikely that what’s happened in Egypt could happen in the United States because the U.S. has numerous Internet providers and ways of connecting to the Internet. Coordinating a simultaneous shutdown would be a massive undertaking.”

And while experts say it is unlikely in the U.S., a bill is in fact being proposed to unplug the Internet. “Legislation granting the president internet-killing powers is to be re-introduced soon to a Senate committee, the proposal’s chief sponsor told Wired.com.” Scary stuff.

iovation, is headquartered in Portland, Oregon, and has pioneered the use of device reputation to stop online fraud and abuse. The software-as-a service used by online businesses assesses risk of Internet transactions all over the world and recognizes if a device such as a PC, tablet or smartphone has a history of fraudulent behavior.  This helps organizations make educated decisions if they want to do business with the person using the device.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses the possibility of an internet crash on Fox Boston. Disclosures

Google Adds Security to Search

The Internet can be a dangerous neighborhood, and safety precautions are a necessity. . IBM Internet Security Systems blocked 5,000 SQL injections every day in the first two quarters of 2008. By midyear, the number had grown to 25,000 a day. By late fall, attacks climbed to 450,000 daily. The US government servers and sites are targeted 60 million times a day, or 1.8 billion times per month.

While the government fights to protect itself, you and I are on our own, and most civilians are completely unprepared for an attack.

In the University of Cincinnati’s Journal of Homeland Security and Emergency Management, the authors write, “The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.” In other words, citizens need to take personal responsibility and start acting securely, rather than expecting it to all be done for them.

But Google is lending a helpful hand.

In December, they posted the following announcement on the Google blog:

“Today we’ve added a new notification to our search results that helps people know when a site may have been hacked. We’ve provided notices for malware for years, which also involve a separate warning page. Now we’re expanding the search results notifications to help people avoid sites that may have been compromised and altered by a third party, typically for spam. When a user visits a site, we want her to be confident the information on that site comes from the original publisher.”

You can see an example of a search result notification here. Clicking the “This site may be compromised” warning brings you to an article with more information, and clicking the result itself brings you to the target website, as usual.

My observation has always been if a person decides to use the Internet, they should take some basic courses via your local adult education offering and read up about how to log in securely . New scams pop up every day, and one has to be aware of their options.

Thanks, Google, for lending a hand.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses online banking security on CBS Boston. Disclosures

Robbers Put Gun To Baby’s Head During Home Invasion

WOW!!!!! Like the baby is going to cause any threat to the pig home invaders.

This happened in Pee Dee which is a region of South Carolina in the northeastern corner of the state. “Pee Dee” who knew? Seems it was named after an Indian tribe. Makes sense.

Anyway CarolinaLive.com reports: “Just before 3 a.m. on a Friday, a woman says she heard someone knocking at her front and back doors to her apartment. According to police, the woman cracked open the door and that’s when four masked, armed men forced their way inside. They made the woman and her baby lie on the floor.  At one point, the robbers put a gun to the baby’s head.

The men demanded money and the woman’s purse. The robbers then put a gun to another woman in the home who was upstairs. They stole $10 from a glass vase and left.”

10 bucks. That’s $2.50 each for the masked invaders. They can each by a bag of Munchos and a Snickers.

Rule #1:  You tell your kids not to talk to strangers; therefore, do not open your door to a total stranger, especially at 3 AM and ESPECIALLY IF HE IS WITH 3 OTHER GUYS WEARING MASKS!!!!!!!!!!!

Rule #2:  You are better off not answering the door at all, keeping the doors locked as they should be and call the police especially at 3AM!!!

Rule #3:  If you have a home security system (which you should) you can always set off the panic alarm in this instance and a call will be made to the police department along with a blaring siren that may deter the masked invaders.

Rule #4:  Learn from this incident. It is much better to learn from others mishaps than to learn from your own.

Robert Siciliano personal and home security specialist to Home Security Source discussing home invasions on the Gordon Elliot Show.

High Tech Alarm Systems Are Much More Than Home Alarms

So I have the new ADT Pulse system. It’s pretty amazing. I’ve had a “plain old” system for the past 15 years, which has been upgraded 3 times. The standard home alarm system covers monitoring, doors, windows, motion and glass.

This system has all that plus wireless cameras inside, remote controlled thermostats, remote controlled/timed light controls, flood sensors in the mechanical room and laundry, full web access to the cameras, an iPad looking touchpad that controls it, an iPhone app to control/monitor its cameras/stat it from anywhere, and a web dashboard that lets you control every single aspect of each control to inform you of activity or to set up a “reaction” to an incident.

This home alarm system is very simple and easy to program and once you dive into the system it give you a tremendous amount of “awareness” of the goings on in and around your home and it does it automatically.

I haven’t spent a lot of time on the programming just yet, but just by default the basic settings will alert you via text and email whenever anything happens. You also have the ability to turn all these same alerts off.

It has no less than 5 ways to turn it on and off including a wired keypad, iPhone app, Touch pad, computer and remote control on the keychain for deactivating before the garage door goes up. The Touch pads sit in bedrooms/office/kitchen and has a live video feed tuned into kids rooms or the entrance way. There’s also a big green or red icon on the touch pad letting you know if it’s set or not. Mine is mostly red because it’s set while we are home. The touchpad definitely give you more control with, than without. It allows very simple setting of the home alarm so it’s mostly always on and you know it which reduces false alarms.

What I like most is the inside cameras. I have one in the little people’s room who are too little to tell me they don’t want them there. There’s also one in the kitchen, family room, office, entrance way, mechanical room and basement/garage. All of these spaces have a light switch in the room that I can control remotely to turn on so I can see what’s going on at night.

More visibility, more notification, more functionality, easier controls means more security. I LOVE THAT!!!!!!!!!

Oh, and when ADT installed this thing, the sales peeps and installers couldn’t have been more courteous and more professional. They weren’t run of the mill-off of craigslist-contractors, these were employees of the largest alarm company on the planet and it showed they do serious quality control over who their employees are. You don’t see that so much anymore.

It was a very impressive parade of professionalism.

I’m going to do a few posts regarding my experience with ADT Pulse as I dig deeper, so stay tuned.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston.

Britain Scrapping National Identification Card

The Telegraph reports that UK National Identity Cards containing biometric details, including fingerprints, “were championed by the previous Labour government as a way of preventing terrorism and identity theft.” But the new administration immediately scrapped the initiative, introducing the Identity Documents Bill to Parliament in May, which provided for the cancellation of the UK National Identity Card and the Identification Card for EEA nationals, as well as the destruction of the National Identity Register. As a result, the National Identity Register and all personal information supplied with identity card applications will be destroyed by February 2011.

My opinion is this is short sighted of the UK. Bahrain, Belgium, Finland, Italy, the Netherlands, Germany, Oman, Portugal, Qatar, Saudi Arabia, Spain, Sweden and the UAE are some of the countries that have planned or already started to deploy electronic national ID (e-ID) cards. These cards are more secure because they can contain smart card chips. Some countries are implementing e-IDs that also include biometrics, and the ability to digitally sign documents.

Citizens can use their e-IDs for standard uses, like getting a driver’s license or a passport, or benefits from the government. But the cards also allow citizens to access more secure e-Government applications. Some examples including secure electronic filing of taxes, e-Banking, and even e-Voting.

More information on smart cards can be found at http://www.smartcardalliance.org, and at http://www.eurosmart.com/.

According to Information Week, “Surveys of British nationals revealed they wouldn’t mind carrying such an ID, provided they didn’t have to pay for it. Suggested in the wake of Sept. 11, a draft bill to introduce the cards appeared in 2004, before they became law in 2006. At various points, the government promised the ID cards, containing biometric data, would help prevent everything from terrorism and identify fraud to illegal immigration and crime.”

In the US, the government has attempted to standardize the identification process once and for all with the REAL ID Act, which will likely be squashed  under Homeland Security Secretary Janet Napolitano, who has proposed a repeal of the act. This is due to the amount of resistance RealID is facing from state governments and privacy advocates who don’t understand that the value of effective identity documentation of the degree of security that goes into an ID technology.

We have as many as 200 forms of ID circulating from state to state, plus another 14,000 birth certificates, and 49 versions of the Social Security card. We use for-profit third party information brokers and the  vital statistics agency that works to manage each state’s data. A good scanner and inkjet printer can compromise any of these documents. This is not established identity. This is an antiquated treatment of ID delivery systems. Identity has yet to be established. We need a better plan.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses Social Security Numbers as National IDs on Fox News. Disclosures

13 Year Old Hides Under Bed During A Boston Burglary

The Boston Globe reports: The girl sent a text message to her father, said Police, and then called the police as she hid under her bed while the unidentified man stole three laptops, a large amount of change estimated at about $500, an iPod, and possibly some jewelry.

“The little girl did a fantastic job staying calm and calling us, letting us know what was going on, we had direct communication with her.’’

She must have watched this video of me on Montel saying that exact thing!

“The man had gained entry by kicking the side door of the two-story home off its hinges, and by the time they responded, the suspect had fled,” police said. “The intruder never knew the girl, who was not injured, was under the bed,” police believe.

First, never leave a 13 year old home alone. Maybe a 13 year old is perfectly capable, but still, that doesn’t work for me. If it’s legal in your state to have a 13 year old home alone, then at least discuss home security tips, which in this case maybe someone did. She did well by hiding and making the call with her mobile.

At least install a home security system with home security cameras as another layer of protection with signage outside. Do you think a sign outside that denoted the house was alarmed would have helped? If it did, I bet the guy would not have broken in.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Invasions on Montel Williams.

Managing A Digital Life: Teachers Friending Kids

Teachers in numerous Massachusetts cities and towns are not allowed to “friend’’ students on Facebook or other social networking sites, and a number of other school districts south of Boston are considering a similar ban.

The Boston Globe reports that many communities are working on policies governing school staff’s use of Facebook, “inspired in part by ‘model’ rules on the subject distributed this fall by the Massachusetts Association of School Committees.”

The Massachusetts Association of School Committees rules are designed for administrators to “annually remind staff members and orient new staff members concerning the importance of maintaining proper decorum in the online, digital world as well as in person.’’

Teachers should be reluctant to add students as friends on Facebook, as Facebook and other social media sites blur the lines in the student and teacher relationship.

Growing up, we knew nothing about our teachers. They were authority figures that didn’t seem to exist in the real world. If we ever saw a teacher in public, at a mall, wearing regular clothes, we fell into a state of shock!

Now, because of the personal information made available on teachers’ Facebook profiles, students know more than they should about their teachers’ personal lives. They know if a teacher’s relationship status is “Complicated,” and that over the weekend he “Partied like it was 1999.”

One argument against students and teachers establishing online friendships is the need for a distinction between personas in and outside the classroom, and a necessary distance between students and teachers, in order to maintain respect and define a teacher as “a role model, mentor, and advice giver – not a ‘friend.’”

Ultimately, the teacher-student relationship is all about guiding the student through a set curriculum involving reading, writing, arithmetic, and so on. This is and has always been a professional relationship, not a social one. Social media facilitates a social relationship. Call me “old school,” but it doesn’t seem right for students and teachers to connect in this way.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses child predators online on Fox News. Disclosures

Man Arrested For Stealing 15,000 Social Security Numbers

Now more than ever, criminal hackers are hacking into databases that contain Social Security numbers and using the numbers to open new financial accounts. Criminals use stolen Social Security numbers to obtain mobile phones, credit cards, and even bank loans. Some victims whose Social Security numbers fell into the hands of identity thieves have even had their mortgages refinanced and their equity stripped.

WTEN.com reports an arrest has been made of an individual alleged to have illegally downloaded personal information, including Social Security numbers of about 15,000 people.

Police arrested a man “for stealing the collection of Social Security numbers from computers belonging to contractors working for the Office of Disability and Temporary Assistance, which is the New York state agency that decides some initial disability claims for Social Security.”

As in most cases of data theft, the Office of Disability and Temporary Assistance will notify and provide credit monitoring services to affected individuals.

According to the Privacy Rights Clearinghouse’s Chronology of Data Breaches, more than 500 million sensitive records have been breached in the past five years. The Chronology of Data breaches lists specific examples of incidents in which personal data is compromised, lost, or stolen, for example “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

The fact that the entire population of the United States has had their information compromised more than 1.5 times, why wait for another breach to get personal information monitoring?

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information including use of Social Security number and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

Home Invaders Face The Death Penalty

There is no shortage of news reports clear across the country on home invasions. States like New Hampshire are responding by including home invasion as a qualifier for the death penalty.

Couple pistol-whipped during Tulsa home invasion

Oklahoma: “A husband and wife were pistol-whipped early Saturday during a home invasion robbery. Three males in their teens wearing masks and gloves broke into the home at about 1 a.m. and demanded money. “When the victims told them they did not have any money, they were pistol whipped.” The robbers left with a big-screen television, a cell phone and cash.”

LI couple victims of terrifying home invasion

New York: “A Long Island family was the victim of a terrifying home invasion, which had echoes of the horrific Connecticut home invasion-turned-triple murder. Two intruders, one carrying a gun, forced their way into the family’s home. The couple was bound and blindfolded with tape.”

Man killed in phoenix home invasion

Arizona: “A man has been killed in a Phoenix home invasion. When officers arrived, they found a man, in his 30s, dead inside the home from an apparent gunshot wound. His mother and nephew were also in the home but were not hurt. An unknown man forced his way into the home and shot the victim while inside. He then fled the neighborhood in a vehicle.”

Home invasion bill expands death penalty

New Hampshire: “A bill that would expand the state’s death penalty to include individuals convicted of “heinous” crimes like the 2009 home invasion that left a mother, 42, dead and her daughter severely injured.”The governor has always been supportive of the death penalty in particularly heinous crimes.”The governor feels people have a right to feel safe in their own homes, and expanding the death penalty bill to apply to these cases could act as a deterrent.”

Regardless of the politics of this issue, I’ve never felt a “penalty” or the law is a deterrent against a crime of violence. Violent crimes are committed because the perpetrators are mentally ill or predators by nature. Consequence is of little concern to these types. A deterrent is a home security system, signage and home security cameras.

Robert Siciliano personal and home security specialist to Home Security Source discussing home invasions on the Gordon Elliot Show.