What to Look for In Cloud Security

Is your data in the cloud? Right now as we speak billions are being invested my major corporations to store and back up data in the cloud. It’s cheaper and it’s safer.

When you think of a cloud, do you picture fluffy white pillow-things that float in the sky without a care in the world? “The cloud,” as it relates to technology, actually refers to millions of servers, which may be owned and operated by either corporations or private individuals, sitting in homes and offices. We can only hope that they are under tight security.

Data stored on your computer is kept together, in one nice little controlled place. Whereas data stored in the cloud is spread out, all over the world. But what’s more secure, your local PC or a server in a dark room in Des Moines?

The reality is that all cloud-based data, just like local PC-based data, is vulnerable to physical theft if the building isn’t properly protected, power outages if there aren’t redundant power backups, natural disasters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering.

Then there is Murphy, of Murphy’s Law: what can go wrong will go wrong. And with technology, there is much that can go wrong. CNET recently reported that Amazon’s cloud was down for almost two days. “In April, the cloud storage service experienced a two-day outage that brought many Web site operations to a halt. When a cloud-computing provider has trouble, of course, it raises worries about the dangers of outsourcing operations to another company.”

Cloud-based data is vulnerable both in the cloud, where it’s stored, if it is not properly protected and encrypted, and in transit, via your own Internet connection.

Most cloud service providers won’t explicitly outline what they do to protect your data because it could offer potential hackers information on how to compromise their networks. But one provider for example promises “strict security policies, military-grade encryption, and world-class data centers for optimal data protection of your business’ computers and servers.”

Some providers offer two-factor authentication which is another good way to protect the integrity of cloud-based data, making hacking more difficult than obtaining a simple username and password.  To remind, two factor authentication means you have to use two different things to prove your identity.  Typically this is something you have, like an ATM card, and something you know like a PIN code.

Computer users are responsible for the security of locally stored data, and data that is transmitted via their Internet connection. They can avoid phishing and social engineering scams. But beyond that, they are reliant on the cloud provider to adequately secure their data. Have you checked with your cloud provider yet on their security measures?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Protecting Your Green

By green, I mean what you might call your cashola, mula, peso, mark, deniro, bread…or just money.

I have a few, possibly contradictory philosophies about protecting one’s money. But hear me out.

First and foremost, never, ever fight a burglar, mugger, robber or home invader over money. If some whacko wants your dough, give it to him. I recommend keeping “chump change” on your person, or even at home, which you can easily hand over in the event of a violent demand. Toss it in one direction and run screaming in the other.

Keeping money under a mattress is generally not a good idea. Criminals flip over mattresses and slice them with knives. Often, criminals target a victim who they know has a mattress stuffed with cash, because the target told the wrong person about the mattress’s contents, and that person turned rat for a cut of the loot. Mattresses are also flammable.

A safe deposit box is a good idea, but not entirely practical. It usually costs money to have one. A safe deposit box certainly has its value. It’s generally located in a fire-resistant area of a bank, and is protected by a key. But there are drawbacks. Ask your bank how much your box is insured for, if insurance is even available. Also, keep in mind that safe deposit boxes are often located below ground, in areas that may be prone to flooding.

Banks are the best option for storing your money. Keeping your money in a bank account is the safest, as far as your personal security is concerned. Banks do “go under,” and money has gone missing, like at banks in third world countries, but here in the United States, banks are FDIC insured. And while a total meltdown of the banking system can negatively affect your cash position, you should put your money in the bank.

A safe is great. A SentrySafe Big Bolt is better. If you keep money in the house, it is essential it be stored in a fire-resistant safe. Having money sitting in a drawer or stuffed into a wall makes it vulnerable to thieves and fires. The caveat is that you really shouldn’t keep an excessive amount of money in your home. But I definitely recommend having emergency cash around.

If something like a natural disaster or serious power outage were to hinder your ability to get cash from banks or ATMs, having a smart but not excessive reserve can get you out of a jam.

Robert Siciliano is a Personal and Home Security Expert for SentrySafe discussing Home Security on NBC Boston. Disclosures.

FBI launches FBI Child ID App

The last thing anyone ever wants to think about is your child getting taken away from you by a stranger or even someone you know. And while the statistics aren’t nearly are bad as one would think, parents think about child abduction all the time.

Regardless of statistical probabilities, there is a chance your child can go missing. In response the FBI has created the FBI Child ID application.

Straight from iTunes:

“The free FBI Child ID app provides a convenient place to electronically store photos and vital information about your child so that it’s literally right at hand if your child goes missing. You can show the pictures and provide physical identifiers such as height and weight to security or police officers on the spot. Using a special tab on the app, you can also quickly and easily e-mail the information to authorities with a few clicks. The app also includes tips on keeping children safe as well as specific guidance on what to do in those first few crucial hours after a child goes missing.”

Information stored on the application is local, meaning the FBI isn’t tapping into your phone or seeing your kid’s information. The app isn’t password protected, which it should be. But as long as your phone is password protected then you should be all set.

Robert Siciliano personal and home security specialist toHome Security Source discussing Child Abductions on MSNBC. Disclosures



Are Your Kids’ Friends Trouble?

From childhood on, throughout life we develop relationships starting with your neighbors, classmates and eventually through work and of course through friends of friends. In high school I met this kid through my girlfriend’s girlfriend. He was a talented kid with lots of potential. I’m not using his real name, so let’s call him John.

John was great to hang with. He was fun and girls loved him. We got to know each other and were great friends, so I thought.

Then, items in my house began going missing. A coin collection, silver ounce bars, jewelry, watches, and a few sentimental items all vanished. I felt like I was losing my mind, assuming I was misplacing everything. None of it was very valuable, but it had value to a 16 year old.

One day when I came home from school, I found my father was freaking out that a ten-pound piggybank full of coins was missing from the kitchen counter. As soon as he saw me, he asked where John was. It was the first time he’d ever indicated that he had a bad feeling about my friend.

My dad called John’s mom, who said he had stayed home sick from school that day, but that she was at work so she didn’t know if he left the house. To this day my dad is certain — and I agree — that John went to my house and took the piggybank, in addition to all my missing items.

That was the last day I talked to John. It was also the day when I learned home security systems and safes are integral to any personal security plan.

Since that time, I have invested in SentrySafe fire-resistant safes. Their new Big Bolt Safe is the best they’ve made in 80 years. Check it out.

Robert Siciliano is a Personal and Home Security Expert Expert for SentrySafe discussing burglar proofing your home on Fox Boston. Disclosures.

Burglary from another Perspective

I don’t see any signage saying “Home Security System”, and your front door is mostly glass and you sometimes leave the doors unlocked for bike rides.

I see you go to bed around 10 to 10:30. Most of your lights are off by nine. You rarely pull the shades down. You often leave a light on downstairs either in the front hall or over the kitchen stove. But when you leave the house for a night out all your lights are on until late night.

You have a newspaper delivered a 6:30 am and you’ve probably never met your paperboy because he only leaves you an envelope and picks it up without you two ever coming in contact.

You have that little dog and let it out around 7:30 am. Sometimes your kids walk the dog at 8 and I’m pretty sure you leave the door open for them when they come back.

During the day you have cleaners come at least once a month, It’s usually the last Monday of the month, they have their own key.

When your kids get home from school I sometimes see them flip up the mat at the front door if they forgot their key.

Every time you leave for work I see you are half way down the street before your garage door closes. I think it’s on a timer.

I looked up your family’s phone number in the directory, it’s listed. I’ve called a bunch of times from a payphone in front of the convenient store down the street and pretty much know when someone is home based on when they answer the phone.

It’s easy to follow you on Facebook, your names on the mailbox, all your kids and spouse is connected. I pretty much know who your extended family is and who your friends are and a bit about your plans. You can’t stop posting your whereabouts.

I’m not telling you all this to creep you out, although I know it’s creepy. But I can’t help pointing these things out. It’s my nature, I’m observant and I’m a burglar.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense and rape prevention on NBC Boston. Disclosures.

Chinese Prisoners Forced To Scam Gaming Sites

When you think “prison camp,” you probably don’t picture a place resembling summer camp, with arts and crafts, hiking, swimming, and playing games. But in the Jixi prisoner labor camp in the coalmines of northeast China, they break rocks all day and play games at night.

Online games often reward players who accumulate a certain quantity of in-game points with cash payouts. Guards at this particular prison camp forced prisoners to do 12-hour shifts playing games, on top of their manual labor.

One former Jixi prisoner told The Guardian, “If I couldn’t complete my work quota, they would punish me physically. They would make me stand with my hands raised in the air and after I returned to my dormitory they would beat me with plastic pipes. We kept playing until we could barely see things.”

These prisoners were “gold farming,” monotonously repeating basic tasks within online games like World of Warcraft, in order to build up virtual currency. Gamers around the world are willing to pay real money in exchange for online credits, speeding up their progress within the game.

People in many developing countries have turned to gold farming in order to support themselves, but up to 80% of the world’s gold farmers are based in China, where as many as 100,000 people work around the clock to earn virtual points.

Game operators lose profits due to forced labor gold farming, and while they certainly want to stem their losses, they also have a humanitarian responsibility to the victims of this crime. iovation’s ReputationManager 360 is a proven service that helps protect against chargebacks, virtual asset theft, gold farming, code hacking, and account takeovers. The service identifies devices and shares their reputation as they are interacting with the game – setting off alerts that could relate to velocity triggers, geolocation, device anomalies, past gold farming abuse, financial fraud and lots more.

Many leading gaming publishers have been using iovation’s device reputation service for years to prevent game abuse upfront and ensure that their players have a safe and fun experience. These gaming publishers and iovation continually share information, the latest trends and best practices in order to stay one step ahead of the bad guys.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

68 Year Old Grandmother Shoots Home Invaders

In Nashville where smoked ribs, country music and 68 year old grandmothers sleep with shotguns, a take no prisoners Nana picked off two home invaders breaking in as she slept. She was quoted saying “Never in my whole life have I ever harmed anything or anybody, but I’ve never been put in that position.”

Well now she has and two men are full of lead as a result.

Her husband is wheelchair bound so when she heard them kicking the door she grabbed her gun. Apparently she has had a shotgun next to her bed her whole life and has had people laugh about it. Today nobody is laughing.

She also has a home security alarm system, which is definitely a layer of protection. I wonder if she had any signage outside alerting the home invaders. So as soon as the door came crashing in the alarm went off and so did the shotgun.

One guy was shot in the face, another in the chest and lost part of his finger.

She has no regrets she said. She did say she is glad she didn’t kill them as she would have felt bad about it forever.

I’m not saying you should or shouldn’t have a shotgun next to your bed. Either way as long as you survive you’ve done the right thing.

Additional measures of protection might be a big dog bowl outside, men’s army boots near the door, signage saying ADT Home Alarm, and in this case signage saying “Forget the Dog, Beware of Owner!”

Robert Siciliano personal and home security specialist toHome Security Source discussing Home Invasions on Maury Povich. Disclosures

Teens Trash Ex-Besties House When Away

My assistant sends me this:

“Here’s a story that you can use for a Home Security blog if you want:

Jodie (my daughter) gets a phone call Friday night from her best friend Audrey about their old best friend Nancy. Nancy was Jodie and Audreys best friend up until 6-8 months ago when Nancy started hanging with “the wrong kids”.

Apparently this weekend Nancy decided it would be fun if her and her boyfriend and 2 other couples partied in Audrey’s house while Audrey and her family were away. It was easy for Nancy because she knew where the family hid the spare key.

So Nancy and her boyfriend and the 2 couples broke in to Audrey’s house, drank their booze, used their bedrooms and trashed the house.

Then the neighbors noticed something going on and knew the family wasn’t supposed to be there. Cops came, kids ran, they caught 2 who rolled on the 4 others. The police contacted Audrey’s parents who were asked by the police to press charges. Well Audrey’s parents didn’t press charges because they were friends with Nancy’s parents. Who have been oblivious to all of Nancy’s shenanigans as of lately.”

OMG! I’m not sure what amuses me the most about this story. On one hand we have the drama of “best friends”, on the other hand we have “teens gone wild” and on the other hand we have “Nancy’s shenanigans as of lately”!! Someone strap a video camera to that kid! MTV needs a new show!

Jodie’s best friend Audrey’s parents who are friends with Nancy’s parents could have avoided their home being used as an unauthorized teen social soiree if they:

Realized everyone including burglars, the mailman and especially Nancy knows where you hide the spare key.

Prohibited their child from socializing with anyone ever for any reason and kept her in the basement until she was 30.

Had a home security alarm system equipped with home security cameras to alert them to an unauthorized intrusion.

Just sayin’

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures

The FFIEC Wants You to Know…

The Federal Financial Institutions Examination Council recently released a supplement to the guide it issued in 2005, on authentication in an Internet banking environment. One of the FFIEC’s key recommendations for eliminating fraud is consumer awareness and education.

At some level, you may be aware that financial institutions have a layered security approach in place. Those layers include multi-authentication, which may mean requiring users to punch in a second security code or carry a key fob, as well as due diligence in identifying customers as real people whose identities haven’t been stolen, and consumer education.

Consumers are largely oblivious to the multiple layers of security put in place by financial institutions in order to protect them and their bank accounts. All consumers really care about are ease and convenience. However, a better understanding of what goes on behind the scenes can help consumers adapt to new technologies that affect their lives.

I recently came across a blog post written by a financial institution’s bank manager, “Nerdy Nate,” attempting to educate the bank’s customers in response to the FFIEC’s guidance. Nate’s message is useful for all bank customers, and should be a model for other financial institutions.

“Currently, [this institution] employs a combination of a secure browser connection, customer number, password, and our enhanced login security system. We recently added the ability for you to use email, voice and text to receive a one-time passcode needed when we do not recognize your computer. We do realize that having to use a one-time passcode is inconvenient at times. Please be assured that SIS will research other options to make this more convenient. However, at this time, using a one-time passcode is considered the best practice in authenticating you as a user when you login into SIS Online Banking. This method is also compliant with the FFIEC guidance issued to SIS.

We are also working with our Online Banking provider on other security efforts in response to the FFIEC guidance.

·      Enhanced Device Identification – We will enhance the security of the multifactor authentication enrollment cookie, where it is in use, by adding device fingerprinting. This means that if the cookie is present on a system whose device fingerprint differs from what is on record, the cookie will not be honored and an additional authentication step will be required.

·      Removal of Challenge Questions – In the near future, we will no longer allow the use of a Challenge Question to authenticate you. Instead you will need to use one of the three passcode methods available; text, voice call and email.

·      Web Fraud Detection, Behavior Monitoring – We are evaluating different options to monitor your online access for fraud. Once we have a solution in place, we will notify you on how it might affect you as a user.

·      Malware Prevention & Detection – We are evaluating different options to monitor the use of malware to “hack” your online access. Once we have a solution in place, we will notify you on how it might affect you as a user.

We remain committed to providing you with the best and most secure Online Banking experience possible. With the ever-changing landscape of online fraud, this is proving to be more difficult every day. We are confident that with your help and some hard work on our side, we can achieve our goal.”

Great stuff. Nowadays, education on the “threatscape” is essential. Enhanced device identification is also essential. The FFIEC suggests complex device identification. While complex device identification is more sophisticated than previous techniques, take one step instead of two and incorporate  device reputation management.

This proven strategy not only has advanced methods to identify devices connecting to your bank, but also incorporates geolocation, velocity, anomalies, proxy busting, webs of associations, fraud histories, commercially applied evidence of fraud or abuse, and much more to protect your financial institution against cyber fraud.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

Predators: Nurture or Nature?

Have you ever watched a flock of seagulls on the beach? I live in close proximity to the ocean, and I see them all day: fishing, eating, and ultimately stealing from each other. Usually a more aggressive seagull chases and screams at a gull that’s just cracked open a clam. Sometimes the aggressor will snatch a fish right out of another’s beak, midflight. While this behavior may be cruel and unfair, it is natural. In the animal world, the strong thrive and the weak perish. It’s survival of the fittest.

Humankind has the conscious ability to discern that stealing is wrong, and the civilization to enforce laws against stealing. Nevertheless, there have always been thieves, many motives that go beyond hunger.

Theft is generally motivated either by greed, drug addiction, or survival instinct. Some thieves are born predators, wired that way from the start. Predators, by nature, fail to see any reason to refrain from harming or robbing others. To them, victimizing you is an entitlement. They can conjure a hundred reasons to explain why you deserve to be violated.

On the other hand, some predators are nurtured. These are people who may have been born into a destructive or abusive home, and over time, under the influence of others, developed drug or mental health issues. Their circumstances and confusion force them into survival mode. To hunt, harm, and rob their fellow man.

The chance of becoming a victim of a violent crime are real. It is essential that you be able to recognize predators all around you, in their different forms. They may look and act like us, but they think very differently. They have no respect for any boundaries between themselves and you, your home, or your small business. It is therefore essential that you protect what is yours.

That includes protecting yourself, through self-defense skills, and your stuff, with home security alarms, layers of protection, and a fire–resistant Big Bolt Safe from the best in the business, SentrySafe.

Robert Siciliano is a Personal and Home Security Expert for SentrySafe discussing home security and identity theft on TBS Movie and a Makeover. Disclosures