Talk To Your Kids about Teen Dating Violence

/in /by

Teen dating violence is a difficult and touchy subject. But approaching the issue, or not, can mean the difference between life and death. Some studies show as many as 1 in 3 teens are affected.

Both young men and women are capable of acting out in abusive ways, and parents need to be aware of any signs of trouble.

Teen angst can be a low level annoyance or escalate to dangerous uncontrollable anger. I was a teen once and can attest to both ends of the spectrum. Ultimately teen domestic violence is about one person controlling another person when the controller has no control over themselves.

Abusers speak out of both sides are their mouths. They brilliantly abuse their partner while demonstrating an outwardly clean cut genial appearance.

Parents must observe their child as either a potential abuser or the abused. They must realize their kid is capable of being a perp or a victim. To ignore the signs of abuse is to enable it.

Look for red flags. Parents know if their teens have dominant or submissive personalities. Any exaggeration of the latter or obvious shift in demeanor is a red flag.

Signals of a controlling relationship range from the obvious signals exhibited by a person’s overbearing body language to the not so obvious manipulative text messages. Look for signs of fear in your child such as behaving oddly (which can mean a thousand things) or verbal or physical abuse. If your child begins to change their daily routine to accommodate their partner that may mean they are being manipulated. If they exhibit signs or speak of being responsible for the feelings of their partner that’s a big red flag.

Nobody is ultimately responsible for another’s feelings, but parents are ultimately responsible for observing their teens and educating them on what’s appropriate and inappropriate then intervening when behaviors tip in a destructive direction.

For more information go to CDC.gov.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News Live. Disclosures

Social Networking Security Awareness

/in /by

One in five online consumers has been a victim of cybercrime in the past two years. Social networking is a direct link to the problem. While social networks allow you to keep in touch with family and friends, there are issues to be concerned about.

Most concerns revolve around online reputation management, identity theft, or physical security issues. Social networking creates a risk of posting content that will be damaging to yourself, your profile being hacked or your credentials being compromised, or inviting burglars to your home by publicizing your whereabouts.

Facebook faces a security challenge that few companies, or even governments, have ever faced: protecting more than 500 million users of a service that is under constant attack. I’m a huge proponent of “personal responsibility,” and that means that you are ultimately responsible for protecting yourself.

Keep your guard up. Cybercriminals target Facebook frequently. Every time you click on a link, you should be aware of the risks.

Be careful about making personal information public. Sharing your mother’s name, your pet’s name, or your boyfriend’s name, for example, provides criminals with clues to guess your passwords.

Technology can help make social networking more secure. The most common threats to Facebook users are links to spam and malware sent from compromised accounts. Consumers must be sure to have an active security software subscription, and not to let it lapse.

Get a complimentary antivirus software subscription from McAfee. Simply “like” McAfee’s Facebook page, go to “McAfee 4 Free,” and choose your country from the dropdown menu to download a six-month subscription to McAfee’s AntiVirus Plus software. The software protects users’ PCs from online threats, viruses, spyware, other malware, and includes the award-winning SiteAdvisor website rating technology. After the six-month McAfee AntiVirus Plus subscription period, Facebook users may be eligible for special discount subscription pricing.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss hackers hacking social media on Fox Boston. (Disclosures)

Your “Status” is Important to Others

/in /by

People have always paid attention to your status. Now they do it on social media. Status is your “standing” in society. It could mean whether you are married, employed, rich, poor, saving the world, up to no good, home or not.

Status in terms of home security begins with your whereabouts.

By now we should all know posting your whereabouts (or where you aren’t) can be an invitation for criminals to break into your home while you are gone. It’s simply not a good idea to post you are not home and your house is vacant. On the other hand it is a great idea to have home security cameras and an alarm system.

Furthermore, if you travel, contrary to what some might suggest, I’ve never thought it was a good idea to place your status on a “stop mail” list at the post office.  It’s the same thing with stopping delivery of your newspaper. Once you are on that list, it is known you are away. The best case scenario for both issues is to have a trusted friend, family member or neighbor grab your mail and newspaper for you. Never list your vacation plans on social media. The last thing you need to be doing on Facebook is telling the world you are 2000 miles away.

In Houston, two dumb criminals, one a teller at a bank that was just robbed and her boyfriend posted their status as “IM RICH” and “WIPE MY TEETH WITH HUNDREDS”  were arrested shortly after someone notified police on their status.

People are definitely paying attention to your status, so secure your social media.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News Live. Disclosures

This Doesn’t Happen In Small Towns

/in /by

If you have children you know what worry is. If you have a daughter you worry times ten. I have 2 daughters and I worry times 10,000. Worrying is unproductive however, but taking action can and putting your worry to work can create positive results.

In a small Massachusetts town a recently graduated and talented 18 year old woman got off work and went to the beach to meet an 18 year old man she was in some type of relationship with.

She was supposed to check in with her dad early evening and never did. Her father got worried and called all her fiends then the police. The next day a bicyclist found her body in a wooded area in the small town.

The 18 year old man was arrested in the same day as the suspect in her murder. Her dad was quoted saying “When we fall in love, we allow ourselves to become vulnerable and we lose perspective.” That’s an amazingly poignant and correct observation coming from a man who just lost his daughter and only child

The Boston Globe reported one of the residents stated “People who are not from a small town don’t understand. We are all so tight here. . . . Stuff like this doesn’t happen here.’’

Stuff like this happens in small towns. It happens everywhere. Predators are people not “right in the head” and they are part of every town.

Reporting this isn’t fun.  Reading is less so. Worrying is futile. But taking action and learning self defense, teaching your kids at an early age how to protect themselves is fundamental to living.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense on Fox Boston. Disclosures.

15 Tips To Better Password Security

/in /by

Protect your information by creating a secure password that makes sense to you, but not to others.

Most people don’t realize there are a number of common techniques used to crack passwords and plenty more ways we make our accounts vulnerable due to simple and widely used passwords.

How to get hacked

Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.

Cracking security questions: Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research. When you click the “forgot password” link within a webmail service or other site, you’re asked to answer a question or series of questions. The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo account was hacked.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.

How to make them secure

  1. Make sure you use different passwords for each of your accounts.
  2. Be sure no one watches when you enter your password.
  3. Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
  4. Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
  5. Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
  6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
  7. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
  8. Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
  9. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.

11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy.

12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”

13. It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.

14. You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

15. Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

 

How to Reset Your Gmail Password After Being Hacked

/in /by

I finally got one of those “I’m stuck in London” emails. My friend Kate’s Gmail account was hacked, and everyone on her contact list received an email from a hacker posing as Kate:

“Hi, Apologies, but I made a quick trip, to London,United Kingdom and got mugged, my bag, stolen from me with my passport and credit cards in it. The embassy is willing to help by authorizing me to fly without on a temporary identification, instead of a passport, I just have to pay for a ticket and settle Hotel bills. Unfortunately,I can’t have access to funds without my credit card, I’ve made contact with my bank but they need more time to come up with a new one. I was thinking of asking you to lend me some quick funds that Ican give back as soon as I get in. I really need to be on the next available flight back home. Get back to me so I can send you details on how to get money to me. You canreach me via email  or hotel’s desk phone, +44208359**** waiting for your response. Kate”

The hacker also created a replica of her Gmail address using Yahoo’s webmail service, and set Kate’s Gmail account to automatically forward all messages to the Yahoo address.

As soon as I received this email, I called Kate and left her a message letting her know she’d been hacked, and asked her to call me with an alternative email address.

Then I responded to the hacker:

“Kate I will help you. Where do I send money? Robert”

The hacker wrote back:

“Robert, Thanks for responding, I need about $2000, can you make a western union transfer to me? I will pay back once am home, let me know what you can do ASAP thanks.

See details needed for western union
Receiver: Kate [redacted]
City: London
United Kingdom

What you need to do, is take cash or a debit card to a western union agent location and request to make transfer to me in United Kingdom. You can get the address of a nearby WU agent from this website

You will email me the mtcn number for the transfer so I can receive the money here, I have an embassy issued identification, which I will use to get the money from WU Thanks Kate”

I wrote:

“Send me a picture. I want to see your pretty face! What did you see in your travels? Did you talk to Mum this week?”

The hacker responded:

“Did you send the money yet?”

I wrote:

“You didnt answer me.”

At this point, the hacker figured out what I was doing, and blew me off:

“Don’t bother, I no longer need your help”

It’s hard to scambait these guys because they’re much more aware of how scambaiting works. Plus, I’m not that good at it.

The hacker and I then got into an unproductive series of email exchanges calling each other nasty words.

When the real Kate called me back, I sent her this Google Help link explaining how to reset your password if you’ve been hacked. Google also offers help accessing a Gmail or Google Apps account that has been taken over by a hacker.

If you haven’t already created a secondary email address that can be used to recover an inaccessible Gmail account, do that now. (This feature isn’t currently available for Google Apps.)

Once Kate went through this process, she regained control of her account within minutes. But the criminal had deleted every single email, leaving her with nothing. He’s probably going through those messages now, searching for any useful personal information.

Kate then sent me an email, thanking me, and I noticed that the Yahoo email address was still being copied, meaning that the hacker was still seeing every email sent to Kate’s Gmail account. If you’ve been hacked, check your Gmail settings to make sure your messages aren’t being forwarded automatically.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

 

Spear Phishing Leaves a Bloody Wound

/in /by

Once criminal hackers get a person’s username and email address, they can begin to launch a targeted spear phish scam. Scammers copy the design of each breached entities outgoing email campaign and blast the breached list with “account update” or other ruses.

Gaming site Sega Pass was hacked. On the Sega Pass website it states, “we had identified that unauthorized entry was gained to our Sega Pass database.” Numerous outlets report hackers stole Sega Pass members’ email addresses, dates of birth, and encrypted passwords.

The recent Epsilon data breach resulted in a similar loss of data. Epsilon is a marketing company that sends over 40 billion emails a year, and keeps millions of consumer email addresses on file. When hackers breached Epsilon’s database, the email subscriber lists for over 100 major companies were compromised.

Consumers received breach notifications from financial institutions including Citigroup, Capital One, and JPMorgan Chase, and from hotels such as the Marriot and the Hilton.

All of these organizations customers are eternally susceptible to spear phish scams.

The Wall Street Journal reports that GlaxoSmithKline sent email notifications to consumers who had registered with any of GlaxoSmithKline’s websites for prescription or nonprescription drugs and products, warning that consumers’ names and email addresses had been hacked, and that the stolen data may have included the specific product websites where consumers registered.

GlaxoSmithKline provides medications that help victims of HIV and mental health disorders. The possibility of the stolen data being used to target the ill with spear phishing attacks is a major concern.

These kinds of breaches will have long-lasting effects on the public.

Never disclose personal information or login credentials in response to an unsolicited email. Never click links in an unsolicited email. Instead, use your bookmarks menu or type the address into your browser’s address bar. If your email address has been compromised, consider switching to a new address. Create new, unique passwords, without repeating the same password for multiple accounts.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)

Security Threat Concerns ATM Industry

/in /by

Today, there are over 2.2 million ATMs worldwide, and by 2015 there will be around 3 million. ATM skimming accounts for as much as 30% of all data theft. That’s about $350,000 in fraud every day in the United States alone, or more than a billion dollars a year.

The ATM Industry Association is now attempting to address the security threat posed by decommissioned ATMs, urging ATM deployers to exercise more caution when discarding old machines.

This is partially in response to recent media reports about criminals who hunt for discarded ATMs in junkyards. Old ATMs sometimes contain stored card data. Criminals can study a discarded ATM’s security features in order to improve their own skimming techniques. The faces of old ATMs can also be used to mold plastic covers for skimming devices.

In some cases, used ATMs are purchased on eBay or Craigslist, then installed anywhere with ample foot traffic. These machines, which may be powered by car batteries or simply plugged into the nearest outlet, are programmed to read and copy credit card data. I was able to find a used ATM on Craigslist, which I bought from a guy at a bar for $750.

Protect yourself from ATM skimming by checking your credit and debit card statements online at least once every two weeks, and refuting any unauthorized transactions within 30 or 60 days.

When using an ATM, pay close attention to the appearance and behavior of the machine. Look for red flags like wires, tape, unusual features, or anything that seems out of place. Try to avoid using generic ATMs in less secure locations. Whenever possible, choose an ATM at a more trustworthy and secure location, but do not drop your guard simply because an ATM is located in a bank. And when entering your PIN, use your other hand to cover the keypad.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss ATM skimming on Fox Boston. (Disclosures)

Home Invader Says God Told Him to Do it

/in /by

Of all the things God would tell you to do, would it be break into someone’s house? Probably not. He might tell you to go invest in a home security system to prevent a home invasion but otherwise….no, I don’t think so.

Gawker reports “The Connecticut native was arrested for breaking into a stranger’s home, telling the owner that God made him do it, and then proceeding to smash statues of Roman soldiers and a marble table with a fireplace poker. Then he took a shower and dressed himself in the clothing of a deceased man who used to live there. When police took him into custody, he informed them that he’d smoked “a strange strand of herb.”

Smoking “a strange strand of herb” is probably what he thinks is God talking to him.

Meanwhile when in the home the invader told the homeowner he’d broken into the house because “God wants me to help the world,” and then told the homeowner, “I mean you no harm.”

The homeowner then called the police and as they waited for police, the homeowner asked him how he broke into the home, which he stood up then flexed and replied ‘You see, super-human strength.”

He definitely smoked something strange.

Rule #1: Never smoke anything strange because God may talk to you in way you wouldn’t expect.

Rule #2: Install a home alarm system to prevent someone who smokes strange herbs from invading your home and breaking all your little statues with a fireplace poker.

Rule #3: If ever invaded don’t hang out in the house with the invader asking them questions. Leave. Go to a safe place, then call the police.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News. Disclosures

Judge Says Its OK to Post Social Security Numbers Online

/in /by

B.J. Ostergren is a proud Virginian. She’s known as “The Virginia Watchdog,” but I like to call her “The Pit Bull of Personal Privacy.” She is relentless in her efforts to protect citizens’ privacy, and her primary concern is the posting of personal information online. To make this point, she finds politicians’ personal information, usually Social Security numbers, on their own states’ websites, and republishes that information online.

Publicly appointed government employees known as Clerks of Courts, County Clerks, or Registrars are responsible for handling and managing public records, including birth, death, marriage, court, property, and business filings for municipalities. Every state, city, and town has its own set of regulations determining how data is collected and made available to the public.

The Privacy Act of 1974 is a federal law that establishes a code of fair information practices governing the collection, maintenance, use, and dissemination of personally identifiable information maintained in systems of records by federal agencies.

Over the years, many have interpreted this law to allow public information, including Social Security numbers, to be posted online. I’ve seen Social Security numbers for Jeb Bush, Colin Powell, former CIA Director Porter Goss, Troy Aiken, and Donald Trump, all published on the Internet.

Ostergren so embarrassed the Virginia lawmakers that they passed a law known by some as the “anti-B.J. law,” prohibiting her from doing what public officials have been doing for years.

United States District Court Judge Robert E. Payne signed an order overturning the anti-B.J. law, ruling that privacy advocate B.J. Ostergren may post public records that contain Social Security Numbers on her website, despite a 2008 Virginia law prohibiting the dissemination of such information.

While two wrongs generally don’t make a right, one has to see the irony in this case. And if Ostergren’s actions create awareness that ultimately leads to all Social Security numbers being redacted, then this wrong is right.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)