Securing New Digital Devices

Laptops, desktops, Macs, mobiles, and tablets are on many people’s wish lists this holiday season. Once these shiny new devices are connected to the Internet, they will be under siege by malware created by criminals in order to steal identities.

According to a recent McAfee survey, 60% of consumers now own at least three digital devices, and 25% own at least five. Cybercriminals are taking advantage of these new opportunities by widening their nets to target a variety of devices and platforms. McAfee Labs is reporting an increase in Mac and mobile malware, while PC threats also continue to escalate.

Mobiles: Mobile malware is on the rise, and Android is now the most targeted platform.  Attacks aimed at the Android platform increased 76% from the first to second quarters of 2011. Malicious applications are a main threat area, so be careful of third party applications, and only download from a reputable app store. Read other users’ reviews and make sure you are aware of the access permissions being granted to each app.

Macs, iPads, and iPhones: Unfortunately, the popularity of Apple computers and devices has led to escalated threats. As of late 2010, there were 5,000 pieces of malware targeting the Mac platform, and they have been increasing at a rate of about 10% each month.

Since more threats are being aimed at this platform, consider installing security software for your Mac as a proactive measure. Check out Apple’s new iCloud service, which provides several tools for syncing, backing up, and securing data, and consider a product that offers remote locate, wipe, and restore features in case of loss.

Laptops and desktops: Your security software should include, at a minimum, antivirus software with cloud computing, a two-way firewall, anti-spyware, anti-phishing, and safe search capabilities. Additional levels of protection include anti-spam, parental controls, wireless network protection, and anti-theft protection to encrypt sensitive financial documents.

Gaming and entertainment devices: Remember that the Nintendo Wii and 3DS, PlayStation 3, and Xbox 360 are now Internet-connected, making them vulnerable to many of the same threats as PCs. To protect your investment, make reliable backup copies of your games. Take advantage of built-in parental controls that can help shield kids from violent games or limit when the device can be used.

Some multiplayer games allow kids to play with strangers over the Internet, so if you are a parent, consider employing monitoring tools. Connect your device to secure Wi-Fi networks only, and don’t store personal information on your device.

Removable storage devices: Flash drives and portable hard drives require technologies to protect your data. Consider using a secure, encrypted USB stick, which scrambles your information to make it unreadable if your device is lost or stolen. Install security software that protects portable hard drives, and set a password.  Since removable storage devices are small and easily stolen, you should not leave them unattended.

Learn more tips from McAfee here: http://blogs.mcafee.com/consumer/securing-new-devices

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Managing Family Time On The iPad or iPhone

On our way home from a recent family vacation, my two year old grew understandably anxious and uncooperative while waiting for a flight in an airport terminal. So I handed over my iPhone, hoping to distract her. Within seconds, she had launched the photo application and begun scrolling through the videos of our trip. She’d watch a video, giggle a little, and then scroll to the next. This went on for about ten minutes.

During this time, a small crowed gathered near my kid. I realized that they were marveling at my daughter’s ability to work an iPhone like an adult. But while she may be pretty smart, it was Steve Jobs’ brilliance that created this magical device that passes both the grandmother and toddler tests.

Parents everywhere are equipping their families with digital devices for numerous reasons. There are many advantages and some disadvantages to this practice. Most, but not all, of the applications available on the iPhone and iPad are more or less harmless. The web as whole, though, is fraught with content a child should not be exposed to. The following are helpful tips to address these concerns:

1. Engage in ongoing dialog. Become as savvy about these devices as your child may be, and spend at least as much time using them as they do, if not more. Set firm boundaries regarding what is and is not permitted.

2. Enable restrictions. Go to Settings > General > Restrictions and apply a passcode to any applications your kids shouldn’t be using. Children shouldn’t be exploring the Internet via Safari or YouTube on their own. Lock down the App store, too, otherwise this could become costly.

3. Set appropriate times. We learned the hard way that any digital activities in the early morning can make it difficult to get them ready for school. The same goes for right before dinner, homework, or bed. It’s tough to peel a kid away and readjust their senses to their real world responsibilities.

4. Set time limits. Addiction to gaming and virtual worlds is a real thing. Allowing a child unlimited access to television is bad enough. Allowing a child unlimited access to the digital world could cause behavior issues. We don’t allow any more than 15 or 20 minutes per hour on any game, and no more than 45 minutes in a day. Usually, they don’t want to spend more time than that, because they have so many other fun activities.

For more tips on protecting your kids online, visit JustAskGemalto.com.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How to Prevent Gift Card Scams

Sleazy Grinchy scammy conmen are also in the process of providing holiday gifts for their families. But the way they do it is by taking hard earned money from good people.

Scammers know that almost 100 billion dollars is spent annually on gift cards and studies show that almost 2/3rds of consumers prefer to receive gift cards. The math of all this equals opportunity for criminals.

Scamming gift cards is surprisingly easy. It works like this: gift cards have identifying numbers just like a credit card those numbers may be displayed on the card or embedded in the magnetic strip.  Thieves will go into a retailer that has gift card displays and take a picture of the card itself or skim the card to get the data off it.

Most gift cards can be tracked at an associated website or telephone number that has the remaining card balance. Scammers will continually track that number waiting for it to be activated. Once activated they clone the card and use its full balance at a retailer. Sometimes store clerks will take a newly activated card and pass off a blank one.

Protect yourself:

Rack displays of gift cards are shaky. If the store has them behind a counter get them there. Like in a mall kiosk. Otherwise the card could have been skimmed.

Beware of cards that have been messed with. If the packaging has been removed or the numbers have been exposed that could spell trouble. Look for activation stickers that look like they’ve been peeled off and put back on.

Don’t buy gift-cards from auction sites. There are just too many risks associated with auctioning money.

Cash it in. Whenever receiving a gift card, spend it ASAP.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Banks and Credit Card Issuers Move Toward Chip and PIN

EMV, which stands for Europay, MasterCard, and Visa, refers to the chip and PIN credit card technology commonly used in Europe and elsewhere around the world. Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point of sale terminals.

Major banks and retailers are now pushing very hard to make EMV the new standard in the United States. Visa recently announced plans to expand their Technology Innovation Program to the U.S., which will encourage retailers to support cards with microchips by “[eliminating] the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75% of the merchant’s Visa transactions originate from chip-enabled terminals.” This will go into effect October 1, 2012 for merchants whose point-of-sale terminals accept both contact and contactless chips.

Meanwhile, Citi has announced the launch of its own Citi Corporate Chip and PIN card, which is designed for U.S. cardholders who travel abroad. Bank of America has made a similar announcement of its expanded credit card technology aimed at international travelers. And Wells Fargo is already testing EMV cards in the United States, with its Visa Smart Card, which includes the traditional magnetic stripe as well as a microprocessor chip, in order to make the cards flexible and useable around the world. Wells Fargo’s pilot program includes 15,000 customers who travel regularly.

With all these major players making significant strides to embrace EMV chip technology, it’s only a matter of time before full adoption becomes inevitable.

Consumers would be smart to take advantage of any pilot program available to them. EMV chip and PIN technology is more secure, and it also works better internationally than the old-school magnetic stripe.

For more information on the benefits of EMV chip technology and to show your support, visit www.GetFluentC.com, from JustAskGemalto, to let your voice be heard and share your stories.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

 

How to Save Money With a Home Security System

The best thing about a recession is it smartens people up. It makes us tighten our belts and shed excess. I’m definitely guilty of piling on the debt circa 2004-8 in the irrational exuberance years.  But as soon as the ball dropped I made significant change.  Immediately I looked at all the monthly recurring fees and bills and cut down on about 80% of them.

I also have a monthly bill for home security alarm monitoring. But not once did I contemplate eliminating that. Actually I upgraded my system to one that’s more efficient that has more options too. My ADT Pulse system has an internet based dashboard that allows me to set schedules for lights, heat and cooling so I sat down and looked at how I could make this system pay for itself.

First thing I did was set schedules for the heat. I have a gas fired hot air system and gas isn’t cheap, nor is the electric to run it. It’s common knowledge that home heating should be set to 68 degrees, so I set my heat to run at 68 starting at the hour of 6 am, which is generally when everyone’s up and about. The 68 degrees runs all the way until 10pm because there is always someone home. Then I set the heat to drop to 64 degrees on the first floor and 66 in the bedrooms on the second floor.  Nobody but the dog is on the first floor and she’s got a fur coat. And everyone in the bedrooms is under blankets and has enough body heat to handle the 2 degree drop.

Over the past year it has become evident that this simple tweak in my heat scheduling has saved me money in excess of what my home security system costs. Nice!

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News. Disclosures

Best Secret Hiding Places: Dead Space

Burglars know where you hide stuff. That key under the mat or in the flower pot or the jewelry in the dresser draw or the cash in the cookie jar. But there are better ways to do things. A heavy fire retardant safe bolted to the floor is best. And there are other options too.

We have dead space all over our homes. If you are handy, this dead space can become handy.

  1. Walls: There is a 16 inch center to center void in most of your homes walls made up of 2x4s and sheetrock. Newer homes built in the last 30-40 years have sheetrock opposed to horse hair plaster. Sheetrock is much easier to cut out and make a faux access panel.  This is a great hiding place for anything including long items like rifles and shotguns.
  2. Stairs: Underneath stairs there is often a big void as big as the tread itself. This isn’t always the case so consider drilling a hole before you go ripping up a tread.
  3. Staircases: Underneath many staircases is a closet of some kind meant to fill the big void the staircase creates. But there is always an additional void that gets boarded up because it’s too low to the ground to be effective space for a closet.
  4. Kitchen cabinets: In many homes the tops of kitchen cabinets are exposed giving plenty of space up top to lay things flat. In other cases the tops of the cabinets meet sheetrock that meets the ceiling. This can be a big void. Cut a hole in the top of a cabinet and put stuff up there, then seal the hole with a panel. The very bottom of cabinets have a similar void.
  5. Electrical outlets: Because your walls are hollow making a small hiding place out of a fake electrical outlet is easy. Hardware stores have all you need to cut a hole, put in a deep outlet box and put a non useable outlet or switch in.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures

Social Security Number: All-Purpose Identifier

Your Social Security number was never meant to serve the various functions it is used for today. Over the past 70 years, the Social Security number has become our de facto national ID. The numbers were originally issued in the 1930s, to track income for Social Security benefits. But “functionality creep,” which occurs when an item, process, or procedure ends up serving a purpose it was never intended to perform, soon took effect.

Banks, motor vehicle registries, doctors’ offices, insurance companies, and even utilities often require a Social Security number to do business. Why do they need it? Sometimes it’s because your Social Security number is attached to government records like taxes or criminal records, but most often it’s because the number is attached to your credit file.

The IRS adopted our Social Security numbers as identifiers for our tax files about 50 years or so ago. Around the same time, banks began using Social Security numbers to report interest payments, and so on.

All the while, Social Security numbers were required for all workers, so their Social Security benefits could be paid. Most people were assigned a number when they applied, sometime around the age of 16. This was until the 1980s, when the IRS began issuing Social Security numbers to track children and babies who were claimed as dependents. By the late ‘90s, it was standard for most hospitals to provide Social Security number application to new moms.

A federal law enacted in 1996 determined that Social Security numbers should be used for “any applicant for a professional license, driver’s license, occupational license, recreational license or marriage license.” The number can be used and recorded by creditors, the Department of Motor Vehicles, whenever a cash transaction exceeds $10,000, and in military matters.

All this leads up to the unfortunate realization that your Social Security number is out there in hundreds, or even thousands of places. It is most definitely not private, nor can it be adequately protected. It’s just like a credit card number. You give it out, you hope the person or company is responsible with it, you hope it’s not breached, but all you can do is monitor your identity’s health and, if your identity is ever stolen, take the appropriate steps in response.

Be sure you have active, comprehensive protection for all of your devices.  McAfee All Access is the only product that lets individuals and families protect a wide variety of Internet-enabled devices, including PCs, Macs, smartphones, tablets, and netbooks, for one low price.

Robert Siciliano is an Online Security Evangelist for McAfee.   See him discuss the use of Social Security numbers as national identification on Fox News. (Disclosures)

Home Invader/Killer Says He’s Done It Before

There’s no need to live in fear. And there is a need to take responsibility for your family’s security by investing in a home security system and take some control over your personal security.

Convicted killer and home invader on death row Steven Hayes apparently wrote letters confessing to up to 17 murders of women over the course of his miserable life.

The New Haven register reports he noted “Yes, I’ve killed before,” Hayes bragged. “I have 17 kills throughout the Northeast United States. Perfect victims and well executed, controlled endeavors.”

Hayes partnered with Joshua Komisarjevsky in the “Petit home invasion” which has become known as one of the most brutal highly publicized home invasions ever, where a mom and her two daughters were killed as the Dr. dad lay beaten and bloody in the basement.

Hayes purportedly wrote in a letter “I’ve searched my whole life for someone who could embrace and had the capacity for evil as I possess, I thought I finally found it in Josh.”

Apparently Hayes played the father figure role and Komisarjevsky served as his evil apprentice. But in the letters Hayes wrote “But events show Josh, while (he) had the proper evil intent, lacked in the most serious aspects, commitment and control.”

He further wrote “the Petit home invasion was a dry run in the partnership between Josh and myself. I do now realize that had we gotten away, I would have killed Josh. He was not even close to being worthy of my partnership.”

The letters go on to describe in painful detail how Hayes selected his victims one by one in a process that allowed him to avoid detection for almost 20 years.
Creepy.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Invasions on Montel Williams. Disclosures

6 More Holiday Shopping Tips

My goal is to not enter a single mall this holiday season. If I can do the majority of my holiday shopping at trusted online retailers, and the rest at Costco, then I’ve done well. To me, malls seem to be places for people with lots of time on their hands to drive around looking for parking spots and then stand in line with other people who apparently all enjoy being annoyed by each other’s pushiness. But maybe that’s just me.

Keep safe and sane this holiday season:

1. Look for indications of online security. Depending on your browser, there may be an icon of a yellow lock at the top of the window, near the address bar, or at the bottom, near the taskbar. If the website is secure, the yellow lock should be closed. Some browsers use a color coding system, displaying red to indicate that a website is not secure and may potentially be infected, or green to indicate that it’s okay.

2. Update your operating system. If your computer’s operating system is out of date, it may invite trouble when heading out to the wild, wild web. Go to your security center to download the latest critical security patches.

3. Update your browser. While your operating system may be up to date, which would mean that Internet Explorer is most likely up to date as well, if you are using Chrome or Firefox, you may need to update manually. Select “About” in your browser’s toolbar to check for updates.

4. Protect your computer with antivirus software. Antivirus protection that includes a firewall will, in most cases, shield you from “drive by downloads” and other malware. Even a major online retailer with a secure website can be vulnerable to criminal hackers.

5. Beware of phantom websites. Criminals love to pull the wool over unsuspecting eyes. One technique is to use “black-hat SEO” to place fake websites at the top of organic search results. Customers who attempt to make purchases via these fake websites are unknowingly transmitting credit card numbers directly to the hackers, and it’s safe to assume they’ll never receive the products they believe they’ve purchased.

6. Check credit card statements often. I still have to search the Internet for the names of unfamiliar retailers that appear on my credit card statements with unauthorized charges. Check your statements online weekly, and refute unauthorized charges within 60 days.

Most major online retailers are already using multiple sophisticated fraud prevention procedures to protect you. Oregon-based iovation Inc. is one hot technology company offering a device reputation service that alerts businesses to suspicious behavior such as someone attempting to hijack your account or use your stolen credentials (and  many others’) to steal from online businesses.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

Stalkers Bad Tasting Lollipop

What I love about the internet is the ability to learn, grow, create, share and so many other verbs. What I hate is the creepiness of the internet and the weirdness of coming in contact with trench coat wearing freakazoids.

A new website called “Take This Lollipop” (TTL) is another reason to have ahome security alarm. TTL brings together everything I love and hate in one convenient place.

Through a very well produced and very “dark” video, you will get a sense of what a twisted predator may be doing when stalking their prey using technology.

If you dare to connect your Facebook account to TTL you will experience a front seat theater ticket to a movie about you being stalked by a sweaty gross man with nasty dirty fingernails slithering through your Facebook account photos and looking at all your friends and the locations you have been. What’s worse is as the film progresses he gets angrier as he drives his car to where you are.

Location sharing in social media has never been a good idea for this reason. Sharing family photos, home addresses, kids names, etc has always been a little risky. Friending freaky people or complete strangers goes against everything Mom ever taught you. All I’m saying is, yes, this is only a move, it’s not real, but the lessons of it are.

Oh, and if you don’t want to connect your Facebook to TTL, you can watch some other poor soul get stalked HERE.

Robert Siciliano personal and home security specialist to Home Security Source discussing sharing too much information online on Fox News.Disclosures.