On July 9th Millions May Lose Access To Internet

/in /by

As reported in March, the FBI has uncovered a network of rogue DNS servers and has taken steps to disable them. DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other.

When you enter a domain name, such as www.fbi.gov, in your browser address bar, your computer contacts DNS servers to determine the IP address for the website. Your computer then uses this IP address to locate and connect to the website.

DNSChanger is malicious software created by cybercriminals to redirect the Internet traffic of millions of unsuspecting users to websites where the thieves have profited from advertisements. All computers still infected with DNSChanger malware will no longer be able to access websites, email, chat, or social networking sites like Facebook after July 9th.

Most of us will have a difficult time manually changing these settings on our own. To help with this, McAfee has released a free tool to you find out if you are infected or not.

To see if you are infected with the DNSChanger virus visit http://www.siteadvisor.com/dns_checker.html then click on the “Check Now” button. If your computer is fine, you will receive a green check message and if your computer is infected you will see a red X mark. You can then download a free update to clean up your PC and restore your Internet settings.

It is quite possible that if your computer is infected with this malware, it may also be infected with other malware. To protect yourself you should:

 Make sure your PC has comprehensive protection with antivirus, antispyware, anti-phishing, antispam and a firewall

Set up regular updates of your operating system so you get critical security patches and keep your browser updated too

Be cautious of clicking links in the body of an email

Stay safe!

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Mobile Payment Update: Who Will Take the Lead This Summer?

/in /by

As summer heats up, so does mobile payment  – a hot topic between major credit card companies, mobile carriers, and mobile manufacturers.

First, to give you some perspective, let’s cool down and cite some statistics from November of last year, when “Cyber Monday” was the most successful ever; and mobile purchases skyrocketed on Black Friday. U.S. shoppers made nearly two and a half times as many purchases through eBay Mobile on Black Friday 2011 compared to 2010, U.S. mobile sales were up 234% overall, and Paypal Mobile reported a global increase of 516% from Black Friday 2010 to 2011. Naturally, marketers and advertisers are now positioning themselves for a 2012 “Mobile Tuesday.”

This spring, at the London 2012 Olympics, Samsung introduced a new mobile payments system in collaboration with Visa. Near-field communication technology is taking a leap forward in the form of the Samsung GALAXY S III with mobile contactless payments.  With Visa’s payWave service, users can pay for a purchase by tapping a button on the phone and then holding it to a contactless payment terminal.

Meanwhile, Wired reports that Isis, a mobile payment system developed by AT&T, T-Mobile, and Verizon, has reached agreements with a number of major retailers including Coca-Cola, Food Locker, and Macy’s to implement their system in stores nationwide later this year. Google Wallet works at hundreds of MasterCard terminals, found in locations like Macy’s, Toys “R” Us, and Old Navy, but for now, the service is only available through Sprint, on four devices (not including the iPhone). And now, Apple has come up with Passbook, an elegantly simple new app for iOS 6 that works with retailer’s existing apps and QR codes rather than NFC technology.

It’s tough to say which will come out on top. We’ve been there before – remember  Betamax versus VHS and HD DVD versus Blu-ray?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Using Tech Support to Set Up Your New Devices

/in /by

There are some things in life that require a “professional” to get the job done properly. You wouldn’t let your cousin Larry who’s a landscaper reset a broken bone in your hand right? You can certainly go to a hardware store and buy all the wood to build a deck, but just because you know how to swing a hammer doesn’t mean the deck will be safe, or even up to code.

Frankly, I’m a big time “DIY” or Do it Yourselfer” and take on most tasks myself. However, some things I know are beyond my expertise and I usually hire someone to do those tasks. So even though painting my house is a relatively simple task, I hire someone because they often get it done faster, better and cheaper than I can do it myself.

With technology I hire out for many tasks because some things can be done much better and more efficiently by a recognized expert. When I first started computing in the early 90’s I was on the phone with tech support all the time and learned an awful lot from these experts. Just figuring out how to use your new device can be challenging. So why not leave the process of getting your new devices to work with your existing ones, setting up connections, printers, etc. to someone else?

Consider getting help with tedious tasks such as:

Configuring your device out of the box

Customizing your desktop, screensaver, icons, profile picture, folders and tasks

Setting up your browser, homepage, bookmarks, and optimize the security settings

Creating user accounts

Installing all your software

Setting up printers and scanners

Configuring your email

One thing I learned is that even though I have a general working knowledge of technology, like painting, sometimes it’s easier to have the experts do the job. You’ll save yourself a ton of time and reduce headaches over the life of the device if you hire a professional to walk you through setting it up. Check out McAfee TechMaster Services which can help you with all this and more!

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

How Does Jailbreaking Or Rooting Affect My Mobile Device Security?

/in /by

You may have heard the term jailbreaking or rooting in regards to your mobile phone, but what is this and what does it really mean for you?

Jailbreaking is the process of removing the limitations imposed by Apple and associated carriers on devices running the iOS operating system. To “jailbreak” means to allow the phone’s owner to gain full access to the root of the operating system and access all the features. Similar to jailbreaking, “rooting” is the term for the process of removing the limitations on a mobile or tablet running the Android operating system.

Jailbroken phones came into the mainstream when Apple first released their iPhone and it was only on AT&T’s network. Users who wanted to use an iPhone with other carriers were not able to unless they had a jailbroken iPhone.

By hacking your device, you can potentially open security holes that may have not been readily apparent, or undermine the device’s built-in security measures. Jailbroken and rooted phones are much more susceptible to viruses and malware because users can avoid Apple and Google application vetting processes that help ensure users download virus-free apps.

It is inevitable that over the next few years, as millions of smartphones replace handhelds, laptops, and desktop PCs, and billions of applications are downloaded—risks of mobile crime will rise. Not only do you need to stay educated about the latest threat and scams, you should also make sure you havecomprehensive mobile security installed on your mobile device.

And remember, jailbreaking or rooting your mobile device can open you up to security risks that don’t make it worth doing so.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

“BYOD”? Mobile Security Tips for Small Businesses

/in /by

Many employees have come to expect that they should be able to use personal smartphones and other mobile devices at the office. This creates problems for IT managers. A company’s IT staff may have a solid grasp on company-issued laptops, desktops, and even mobile phones, but it is almost impossible to control the results when employees begin connecting various types of personal devices to the company’s network. When you get that brand new Droid, load it up with apps, and then plug it into your work PC in order to update or sync necessary files, your company’s IT guy has to worry about whether that last app you downloaded might infect the entire network.

A study by ESET/Harris Interactive found that fewer than 10% of people who use personal tablets for work have enabled auto-locking with password protection. Only one in four secure the personal smartphones they use for work, and only one in three adequately protect their laptops. With well over 50% of employee’s personal devices left unsecured, lost phones, laptops, and tablets constitute a significant data breach risk.

Corporations that do allow employees to use personal devices at work have responded to this problem by implementing a BYOD (“bring your own device”) policy to help IT staff manage these devices and ensure network security.

So, what’s the difference between personal and employer-issued mobiles in the workplace? The short answer to this question is: there is no difference.

A smartphone provided by your employer requires a “company mobile liability policy.” This means they not only provide and pay for your mobile device, they also dictate what you can and can’t do on the device. In many situations, the employer may have remote capabilities to monitor activity and, in the event of loss or employee termination, wipe the data.

“Employee mobile liability policies” are for employees who prefer to BYOD. While these employees may pay for their own devices and their monthly data plans, but the same restrictions can (and should) be imposed on employees who use personal devices at work. If you choose to use your personal device for work purposes, at any time, for any reason, your employer will more than likely want control over that device. This means that, again, your employer may have remote capabilities to monitor activity wipe your device’s data if it is lost or you resign or are fired.

In both situations, the employer will be liable for leaked data. So if you choose to BYOD, be prepared to give up some liberties.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Is There A Risk With Using My Personal Device For Work?

/in /by

The day after you get your shiny new mobile or tablet, chances are you’ll take it right to work and request the IT department to set it up with your work email and allow access to the company network. “Bring your own device” (BYOD) has become widely adopted to refer to workers bringing their personal mobile devices, such as smartphones, tablets and PDAs, into the workplace for use and connectivity.

Many of us need a mobile device for work and personal use and don’t want to carry two separate devices, but this can cause security challenges for the company. If you lose your mobile device while on vacation, let your kid download an app which infects your phone and starts spamming your address book, or someone accesses your company email while you’re using a public Wi-Fi connection, this can have big implications for your company in terms of a data breach, loss of intellectual property, public embarrassment and annoyance.

That’s why mobile security should be a priority for both you and your employer. As an increasing number of companies agree to this, they are also requiring you to agree to their terms as well. So you should expect to have to comply with some things like:

You may required to download and install a security and monitoring app that can’t be removed. This app may have a certificate authenticating you and the device to connect to the company network and run company programs.

The installed app will likely provide your company with the ability to remotely control your mobile at some level. I wouldn’t be concerned about this unless of course you’re not abiding by the agreement you signed.

At a minimum, expect the application to have the ability to locate your mobile via the phone’s GPS if it’s lost or stolen, as well as an autolock functionality requiring you to lock your phone locally after 1-5 minutes of downtime. Also, your employer will likely be able to wipe your mobile of any and all data..

Because your employer is liable for potentially lost data, if you BYOD, plan on giving up some liberties.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Geo-tagging: Is Your Smartphone Revealing Your Location?

/in /by

Location-based services utilize geo-location information tied to your phones GPS and in some cases your carriers connection and even WiFi

Geo-location or geo-tagging can be used on PCs, but is primarily applicable to mobile phones. The geo-location software usually obtains its data from your device’s Internet protocol (IP) address or your global positioning System (GPS) longitude and latitude. Many of today’s social networking sites are now incorporating location-based services that allow users to broadcast their locations via smartphone.

This technology can be useful to predators, thieves, and other criminals, since it makes it so simple to determine where you are, and where you are not.

The BBC reports in Australia masked men, armed with a knife and a club, struck the home of a 17-year-old girl’s mother hours after a teenager posted a photo on Facebook of a large sum of cash. It is not clear how the robbers found the family address. The Facebook image was at the grandmother’s Sydney house.

Someone who is paying unwanted attention to you can see your exact address each time you post a geo-tagged photo and check in.

Thieves use geo-location to determine whether you are home or not, and then use that data to plan a burglary.

To prevent home burglary and protect yourself from broadcasting your location, you should:

Turn off your location services on your mobile phone or only leave it enabled for applications like maps. Most geo-location services are turned on by default.

Be careful on what images and information you are sharing on social networks and when. For example, it’s best to wait until you are home to upload those vacation photos.

Make sure you check your privacy settings on your social networking sites that you’re sharing information on to make sure you are only sharing information with your friends and not everyone.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News. Disclosures

Safe Searching on Your Mobile Device

/in /by

The web and especially the mobile web can be a minefield of malicious links luring you to click, so bad guys can infect your device. Search engines do their best to filter these sites out but nefarious criminals have found ways to get their scammy pages to the top of search through a process called “Blackhat search engine optimization.”

Criminals create fake websites and then use the same techniques as legitimate online businesses regarding search engine optimization, marketing, and online advertising. They use keywords to boost rankings on Internet search engines, causing their spoofed websites to appear alongside legitimate websites.

It is also much harder to tell if a URL is legitimate since due to the limited screen space, mobile browsers often truncate web addresses. Also, if you’re clicking on a link to a site from an email you received, it’s hard to see the full email sender’s email address making it hard for you to know if it’s coming from a fake person or company.

That’s why going it alone in search isn’t a good idea. Just like it is essential to have antivirus, antispyware, antiphishing and a firewall on your PC, it is equally essential to have protection on your mobile. McAfee Mobile Security provides comprehensive mobile security that includes antivirus, anti-theft, app protection, web protection and call and text filtering.

Web protection comes with McAfee Mobile Security and protects you from potential phishing sites, browser exploits, malicious links within text messages, email, social networking sites, and QR codes. WithMcAfee blocking risky links at the places you visit, you now can click, search and surf worry free. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats. ―

To help yourself stay protected you should:

Always double-check the web address of a site when doing a search on your mobile phone

Never click on a link in an unsolicited email or text message

If you land on a site that contains poor grammar, misspellings, and low-resolution pictures be
very suspicious

Rather than doing a search for your bank’s website, type in the correct address to avoid running
into any phony sites, or use your bank’s official app

Monitor your monthly bills to make sure there are no suspicious charges

Use comprehensive mobile security like McAfee Mobile Security

Of course, just using common sense and taking the time to closely check the links and messages you receive will go a long way in increasing your mobile security. Remember, if something doesn’t feel right proceed with caution.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Online Gaming Is Lucrative For Organized Gold Farming Rings

/in /by

So-called “gold farmers” play massive multiplayer online games, not for fun, but to accumulate virtual currency, or “gold,” which can then be sold to other players, despite the fact that most game operators explicitly ban the exchange of in-game currency for cash. Gold farming is so lucrative, people in China and other developing nations can support themselves by working full-time operating gold farming rings.

During an interview with TechRadar’s Dan Griliopoulous, Will Leverett, Senior Manager of Customer Service at South Korea-based online video game company NCsoft, explains,“We’re convinced that groups on the seedier side of the Internet run in parallel to each other, with many offenders in China and Russia. The simplest thing players could exchange for real-world cash was in-game currency, which would then hugely unbalance the in-game economy and auction systems; essentially, those people buying currency were using their real-world wealth to employ a tribe of servants to do their work for them, as opposed to their compatriots who were attempting the same thing by the sweat of their brow.”

Massively multiplayer games that are free-to-play typically feature in-game currency, which can be converted to real cash. This currency drives organized criminals to set up banks of gamers on various IP addresses, manipulating the game in order to accumulate as much currency as possible.

Many leading gaming publishers and MMOs are finding it increasingly necessary to deploy a layered defense to prevent gold farming, chargebacks, virtual asset theft, and, increasingly, account takeovers within gaming environments. By leveraging the power of device identification and device reputation technology, which examines the computers, smart phones, and tablets being used to connect to an online game, the publisher can easily detect patterns of players working together and shut down an entire ring of cheaters at once. In one case, a major gaming publisher implemented Oregon-based iovation’s fraud protection service and was able to take action against 1,000 fraudulent accounts almost immediately.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft for the National Speakers Association. (Disclosures.)

Security Snapshot: How Is EMV Safer?

/in /by

To understand why EMV credit cards—or “chip and PIN” cards—are safer, first we must understand  standard magnetic stripe cards. The familiar magnetic stripe, which can be seen on all credit cards carried in the United States, has been around for more than four decades.

The security technology behind the magnetic stripe has been compromised, since the availability of card reading and writing tools makes it easy to decipher the data stored on the magnetic stripe. Criminals use these tools to create skimming devices and other hacking methods.

EMV, on the other hand, is a relatively new technology with plenty of built-in encryption. According to the Smartcard Alliance, “[EMV] transactions require an authentic card validated either online by the issuer using a dynamic cryptogram or offline with the terminal using Static Data Authentication (SDA), Dynamic Data Authentication (DDA) or Combined DDA with application cryptogram generation (CDA). EMV transactions also create unique transaction data, so that any captured data cannot be used to execute new transactions.”

In simple terms, the data is thoroughly scrambled.

The cardholder verification process is another factor enhancing EMV card security, by ensuring that the person attempting to make the transaction is, in fact, the legal cardholder. EMV supports four cardholder verification methods: offline PIN, online PIN, signature, or no cardholder verification. With a regular magstripe credit card, the only possible verification option is to check the ID of the person presenting the card, which cashiers only sometimes do, and may even create a false sense of security. The primary verification method for online purchases is to request the CVV or credit verification value, which is visibly printed right on the card itself.

So get ready, because “chip and PIN” is coming, and it’s more secure than the cards in your wallet, not to mention the most ubiquitous card outside the United States.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures