6 Tips for Apartment Security

/in /by

According to the National Crime Prevention Council, apartments have an 85 percent greater chance of being burglarized than a single-family homeowner or rental property.

6tips

Apartment security should be a priority for landlords to provide for tenants, but it’s really up to you, the tenant, to ensure your security. When hunting for a security-minded apartment complex, consider the following:

  1. Home security systems: Today’s systems are wireless and portable. You don’t need to own a house or have a contractor install it. Ask if you have permission to install an in-apartment home security system with motion detectors. This should not be negotiable. Wireless home security systems are non-invasive and inexpensive.
  2. Peephole: Require a peephole on your door.
  3. Door security: If the doors are glass-paned opposed to solid-core doors, then your potential landlord isn’t concerned about your security. Doors should have a knob lock and a deadbolt, and the doorjamb and hinges should be reinforced. Search door reinforcement online to see what your options are.
  4. Surveillance cameras: Having one to 16 cameras with signage lets the bad guy know he’s being watched. Most camera systems can be remotely accessed with your mobile phone or tablet.
  5. High-wattage sodium lighting: You cameras will work better with good lighting. Exterior lighting on the perimeter lets the bad guy know he can’t hide. (Bonus: Cockroaches hate light too.)
  6. Parking lot security fencing: Perimeter fencing six feet high is a great deterrent.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How Your Smartphone Will Identify You Privately

/in /by

Banks rely on usernames and passwords as a layer of protection and authentication to prevent criminals from accessing your accounts. However researchers now show that your password—even though it may be a relatively “strong” one, might not be strong enough.

When you create a password and provide it to a website, that site is supposed to then convert them to “hashes” as Ars Technica explains “Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that “5f4dcc3b5aa765d61d8327deb882cf99” is the MD5 hashes for “password”.

But Ars did an experiment with some newbie technologist all the way up to expert hackers to see what they could do to crack the hash.

“The characteristics that made “momof3g8kids” and “Oscar+emmy2″ easy to remember are precisely the things that allowed them to be cracked. Their basic components—”mom,” “kids,” “oscar,” “emmy,” and numbers—are a core part of even basic password-cracking lists. The increasing power of hardware and specialized software makes it trivial for crackers to combine these ingredients in literally billions of slightly different permutations. Unless the user takes great care, passwords that are easy to remember are sitting ducks in the hands of crackers.”

How to get hacked

Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like “John the Ripper” or similar programs.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Protect yourself:

  1. Make sure you use different passwords for each of your accounts.
  2. Be sure no one watches when you enter your password.
  3. Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
  4. Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
  5. Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
  6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
  7. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
  8. Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
  9. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.

11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy.

12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”

13. It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.

14. You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

15. Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

While you must do your part to manage effective passwords, banks are working in the background to add additional layers of security to protect you. For example, financial institutions are incorporating complex device identification, which looks at numerous characteristics of the online transaction including the device you are using to connect. iovation, an Oregon-based security firm, goes a step further offering Device Reputation, which builds on complex device identification with real-time risk assessments. iovation knows the reputations of over 1.3 billion devices in iovation’s device reputation knowledge base. By knowing a devices reputation, banks can better determine whether a particular device is trustworthy before a transaction has been approved.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

8 Ways to Avoid Contractor Fraud

/in /by

Need a new roof, home security system, kitchen, driveway or furnace? At some point, you will. And when you do, you’ll search out reputable contractors who offer fair pricing—via the classified section of the local paper, an online search, Craigslist, or by making some calls to friends and family who know someone. Each resource provides its own set of pros and cons, and scammers use every resource.

  1. Reduce your risk. People don’t do their homework. People are naïve and have no clue that someone may be looking to scam them, and they think they are so smart that nobody can scam them. But if you are smart enough to know that this can happen to you and do your best to prevent it, you reduce the risks associated with contractor fraud.
  2. Do your homework. Read up on what the processes are to do the job at hand. While a new roof or home alarm may not be something you want to learn how to do, there are plenty of “do-it-yourself” (or “DIY”) websites that can teach you. Spending two minutes searching and 20 minutes reading can save you money and make you sound intelligent to the contractor by asking the right questions.
  3. Hire right. Do business with someone you know, like and trust. Use well-known brands that vet contractors and have zero-tolerance policies for shoddy work. Find a friend or other trusted source who does know a contractor and hire that contractor. Use the Better Business Bureau when looking for reputable companies.
  4. Get three bids. Be cognizant of how prospective contractors handle themselves, their level of understanding of the work at hand, and whether or not they voluntarily offer up references. Don’t just automatically trust the guy with the whitest teeth and lowest price. Pay attention to your gut.
  5. Check references. If it makes sense for the job at hand, drive by a house that the contractor referenced and actually look to see the quality of the work that was done. Often, construction jobs costs thousands—and taking the time to check work is worth your time.
  6. Get everything in writing. Make sure the contract that clearly spells it all out.
  7. Buy the stock yourself. Many contractors will request money up front to do the job. Often they need that money as a “commitment” to do the job and motivate them to fill their trucks up with the tools and stock to do the job. I recommend you go with them to whatever supplier they get their stock from and pay for it directly. If they charge a markup on the stock (it’s usually 15 percent), tell them you’ll gladly give that to them.
  8. Pay in thirds. You’ve already paid for the stock, so now all you have to do is pay for labor: one third upon showing up to do the work, one third halfway through the job and one third when they are done.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Banks Sues Client Over Wire Fraud

/in /by

Banks usually have relatively secure systems to maintain and protect online banking activities. They’ve spent billions to ensure that criminal hackers don’t liquidate all of our accounts. But criminals spend all their time seeking vulnerabilities and often find some way to make a fraudulent withdrawal.

Over the past decade as we have all (mostly) banked and bought stuff online, criminals have formed organized web mobs to sniff out transactions and take over existing accounts and in some cases open up new accounts.

American Banker reports an example of what can still go wrong: “the $2 billion-asset bank is suing Wallace & Pittman, a Crosstown law firm, to recover funds the firm relayed electronically to Russia after an email that purported to be from an industry group lured someone at the firm to surrender their user name and network password, the Charlotte Observer reported.”

The fraudsters used the access to install software on at least one of the firm’s computers that allowed them to hijack its account.

“Masquerading as Wallace & Pittman, the thieves instructed Park Sterling to transfer roughly $336,600 through JPMorgan Chase to a recipient in Moscow. The law firm asked Park Sterling to stop the transfer after receiving confirmation of it, but the request allegedly came too late.”

To defend against all of these hacks the Federal Financial Institutions Examination Council (FFIEC) recommends to financial institutions what’s called a “layered approach” of anti-fraud tools and techniques to combat this type of crime. Meaning it’s not simply a matter of applying a firewall and having anti-virus to protect the network, but going much deeper in protecting many interaction points within the banking site (not just login) and using a variety of proven fraud prevention solutions.

That includes sophisticated methods of identifying devices and knowing their reputation (past and current behavior and other devices they are associated with) the moment they touch the banking website. The FFIEC has recognized complex device identification strategies as a viable solution that’s already proven strong at very large financial institutions. ReputationManager360 by iovation leads the charge with device reputation encompassing identification and builds on device recognition with real-time risk assessment, uniquely leveraging both the attributes and the behavior of the device.

Consumers still need to apply antivirus, antispyware and a firewall and must never respond to emails requesting usernames and passwords and avoid clicking links in emails.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

What are the risks of BYOD?

/in /by

As companies cut costs, and employees desire more freedom of choice, they increasinglybring their own mobile  devices to work. . The opportunity to eliminate the significant expenses associated with corporate mobile devices excites even the most staid CFO, and the IT guys are told to “make it work.” This development has come to be known by its acronym“BYOD” (Bring Your Own Device).

Sometimes there is no enforced policy in place. Employees do what they want, and permission happens later, if at all. The nurse brings her personal iPad to the hospital and uses it to record patient data she sends via email to the doctor, in addition to reading a book during precious downtime. The salesperson plugs a smartphone into their work PC to charge or sync something, or check personal email over the corporate Wi-Fi.

Using your personal device in the office is convenient and simple, but it’s not secure. Do you have anti-virus installed? Is your iPad’s wireless connection encrypted? Is the app being used secure? What if the device is lost on the bus on the way home—the device with confidential patient information, emails, or presentations on it?

One of the IT Department’s deepest concerns is regulated data. Almost all businesses operate under some form of regulation where fines or penalties are imposed in the event of a data breach: the leak of personally identifiable information like names, addresses, account numbers, and health records.

Then there’s the issue of your device breaking something else on the network. While your company’s IT guyhas a relative lock on all the work laptops, desktops, and even some of the mobiles, the IT department quickly loses control if you bring your new Droid or iPad and then connect it to the corporate network. Now the IT guy has to worry if that last app you downloaded will infect other computers on the network.

No matter what you do, make sure whenever you use your BYOD on a wireless network that the device is protected.  I use VPN specifically when I’m on my portable wireless devices. If I’m on my PC laptop, iPhone or iPad and I’m traveling on business, I know I’m going to be connecting to various free public Wi-Fi services at the airport and in my hotel or at a coffee shop. Before I connect to any Wi-Fi, I launch Hotspot Shield VPN. It’s a free VPN, but I prefer the paid version; the expanded paid option is a little quicker and offers a cleaner interface. Either way, it’s agreat option that will protect your entire web surfing session, securing your connections on all your devices and eliminating some of the potential headaches for your IT department.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Portland Company Keeps Ringing the Bell Of Success

/in /by

iovation, protects businesses from Internet fraud by identifying good online customers with its device reputation technology, recently announced that its ReputationManager 360 solution won gold in the security services category for Network Products Guide’s 8th Annual 2013 Best Products and Services Award. The award honors and recognizes the achievements and positive contributions of organizations and IT professionals worldwide.

Additionally, iovation announced that its Chief Financial Officer, Doug Shafer, has been named CFO of the year by the Portland Business Journal. Shafer was recognized for iovation’s company performance as well as community involvement over the past year. The award is given each year to professionals in Oregon and Southwest Washington who have excelled in their roles as financial executives.

This is the second time in four years that iovation has been awarded a gold by Network Products Guide and this year the company joins other best products and services winners like Cisco Systems, Inc., Yahoo, Inc., Samsung, and NETGEAR.

With its ReputationManager 360 solution, iovation tracks the online behavior of more than 1.3 billion devices from around the world; everything from desktops to laptops, mobile phones to tablets, and gaming consoles to smart TVs by utilizing iovation’s device reputation intelligence.

Device reputation spots online evildoers by examining the computer, smartphone, or tablet they are using to connect to any website. If a device is recognized as having previously committed some type of unwanted behavior, the website has the opportunity to reject the transaction, preventing damage before it occurs.

In the physical world, as the saying goes, “You are only as good as your word.” And when somebody says one thing and does another, we no longer trust them.

Online, people say and do things they never would in the real world. Internet anonymity fuels bad behavior. Websites’ comments sections are filled with vitriol that you’d never hear real people utter. Scammers create accounts in order to con people and businesses into forking over money. And identity thieves use your personal information to fill out online applications for credit.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.