How do I protect Myself engaged in the Internet of Things?

The Internet of Things—IoT—is a formal term referring to distinctly identifiable objects (cars, kitchen appliances, smartphones) and their cyber-representations on the Internet.

3DBy 2020, it’s projected by at least one expert that there will be over 30 billion “things” represented virtually. All of this gives rise to increased security risk that seems almost paranormal.

The virtual world seems to be closing in on the physical world. Gee, sensors that track food purchases, for instance, can reveal if someone’s on a diet or is of a particular religion.

The IoT is expected to evolve in the following ways:

  1. Making dumb objects smart. Imagine house keys that don’t need to be taken out of one’s purse or pocket to open a door, or a gadget that you can scan dairy products in your refrigerator for expiration dates, and the sensor will then remind you of these dates.

    Go one step further: A mouse that can click links—not controlled by hand movements, but by thought. Well, that may be a century off, but you get the idea.

  2. “Things” that make changes by sensing changes in the environment. Imagine a garage door that opens because a sensor in it “knows” that the homeowner is approaching from 100 feet away.

    These “things” will react according to data received about what those things are virtually connected to. But if this technology is centralized, imagine what a hacker can do: The whole town’s garage doors won’t open. A national centralization will even be worse.

  3. Devices with independent autonomy. This sounds fantastic: Technology won’t require an intermediary device (like a smartphone) to take action when it “senses” a change in the environment.

    Imagine a “thing” sensing a change in your body (via sensory technology and apps) and then responding by dispensing medication. But this also sounds frightening: Imagine what a malicious hacker can do with this technology.

Security Issues

  • Ownership of data. Passing the buck for security responsibility is a major issue. Who’s responsible if a device gets hacked? The maker of the device? The owner? The hacker? Who should have secured it? This type of responsibility needs to be defined.
  • Transfer of information. Vulnerabilities exist when data is enroute. Data may sit stored in a local data collation hub where it awaits uploading, but meantime can be stolen.
  • Sensitivity of data. Varying tiers of security are needed to correspond to varying kinds of data being transferred. For example, a data stream about the amount of humidity in a greenhouse doesn’t need security, while medical record information definitely does.
  • Death by hacker. With increasing advances in the realm of IoT, hacking can become a life-and-death matter, not just the nuisance of some baby monitor getting hacked and the hacker spewing out lewd comments for mommy to hear. For instance, it’s only a matter of time before a doctor, hundreds of miles away, remotely controls a patient’s implanted heart arrhythmia controller. What if a hacker gains access and demands ransom or else?
  • IT infrastructure. Cloud security concerns will only deepen as the IoT proliferates. Data access, ID and authentication, legislative boundary constraints and other issues must be considered. And should data be stored publically or privately, is another big question to answer.
  • Unprotected wireless. Making sure any wireless connections are protected by a VPN is essential. Hotspot Shield VPN is a great option and it’s free.

At this point, nobody really knows how all of this will pan out. Regulation and legislation will be very challenging. The IoT may very well leave legislation for data protection in the dust.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Cloud Computing 101

A public cloud service can bring on five risks to a business. Here they are, and their solutions.

3DThe three A’s: authentication, authorization, access control. Here are some questions to ponder about a cloud service:

  • How often does it clean up dormant accounts?
  • What kind of authentication is necessary for a privileged user?
  • Who can access or even see your data?
  • Where is it physically stored?
  • Does your organization share a common namespace with the service (something that greatly increases risks)?
  • Are private keys shared among tenants if a data encryption is used?
  • Ask your cloud vendor these questions. Get answers.

Multiple tenants

There’s always that concern of data inadvertently slipping out to tenants who share the cloud service with you. One little error can expose your data and set you up even for identity theft. Breaches that can occur include: accessing data from other tenants from supposedly new storage space; and peering into other tenants’ IP address and memory space.

Virtual exploits

There are four chief kinds of virtual exploit risks: 1) server host only, 2) host to guest, 3) guest to host, and 4) guest to guest. Many cloud customers are in the dark about virtual exploits and are clueless about the vendor’s virtualization tools. Ask the vendor:

  • What virtualization products do you have running?
  • What’s the version currently?
  • Who is patching the virtualization host?
  • How often?
  • Who’s able to log into any virtualization host and guest?

Ownership

Here’s a surprise: Quite a few cloud vendors state in their contracts that the customer’s data belongs to the vendor, not the customer. Vendors like ownership because they get to have more legal protection should a mishap occur. They can also do other things with the data that can bring more profit.

  • Find out if the contract contains language referring to vendor ownership of data.
  • Learn what the cloud provider can do with it if indeed, they get ownership.

Fallibility

Even the biggest and best cloud services can become dismantled due to service interruptions, attacks or some miscellaneous issue with the vendor.

Funny, because a cloud provider typically insists it has superior, super-protected data backups in place. Be aware that even when a provider claims a guarantee for data backup, data can indeed get lost, even permanently.

  • Back up your data!
  • Require some language in the contract that entitles you to damages should your data become permanently lost.

Cloud services haven’t been around long enough for analysts to have come up with a predictable, clear model of all the possible risks, how likely they are, likeliness of security failures and how much, if at all, risks will negatively impact customers. And that’s just in general. Figuring this out for a particular vendor is even more vexing.

  • There are many unknowns, but at least you can work on minimizing them.
  • Obtain a copy of the vendor’s last relevant, successful audit report.
  • Seek out information from the vendor about prior incidents of tenant data problems.
  • Ask the vendor about its policy of reporting data compromises to customers.
  • Grind out just what the provider’s responsibility really is.

Robert Siciliano is an Identity Theft Expert an is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

5 Technology Tips to navigate Winter Travel

Being stuck at an airport due to winter weather can be a real downer, but with an assortment of devices, apps and other instruments for connecting to the world, you can make that down time pass in a jiffy.

10DWith today’s technology, gone are the days where you nearly go bonkers doing endless crossword puzzles or reading one celebrity magazine after another to pass away the time, or where you go nuts wondering when you’ll be able to board a plane home. Following are common concerns and their tech solutions.

Juicing up

Being stuck in an airport for hours is no reason to be disconnected from the cyber world.

  • Check out the terminal’s tech shops where you can buy a smartphone case that also doubles as a battery pack.
  • They may also sell a battery pack that’s pre-charged.
  • You can also use a kiosk that charges devices for a cheap fee.

Entertainment

Here are some fun suggestions that will help pass time:

  • Dots: A low-cost puzzle game in which you try to connect as many same-colored dots as you can within one minute.
  • Minecraft Pocket Edition: This simulates building in a virtual world, and you can make it as simple or as complicated as you choose.
  • Angry Birds Star Wars II: This is a puzzle video game involving 30 different characters. 

Navigating

  • An app for Android and iOS, called Airport Life, will help you get around large, confusing airports. This app includes a feature that updates automatically flight information and other data.

Flight Status

  • See if your preferred airline provides mobile apps through which you can book a flight, check its status and even select seats.
  • Visit the FlightAware website to track flights.
  • The Misery Map site provides an interactive graphic that shows detailed flight information for various airports. It also displays weather information.

Stranded overnight?

  • Hotel Tonight is a free app for the iOS mobile that displays vacant hotel rooms for a discount in over 150 markets.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Burglars busted bolstering Buffoonery

Social media makes dumb criminals look (and act) even dumber. Take the case of Damian and Rolando Lozano of Texas, who were suspected of stealing items from 17 cars in the town of Rosenberg.

5HDamian was caught, but Rolando was still out there somewhere. The Rosenberg police posted Rolando’s photo on their Facebook page, hoping that visitors might recognize him and point to his possible whereabouts.

Whom but Rolando himself responded to his photo on the police’s Facebook page! He posted a brief note that included “catch me if u can muthasuckas.”

It took the police only 15 minutes (some speculate much less than that) to track the location of where Rolando’s snarky post originated from: a family member’s house. And that’s where he was arrested.

He, along with his brother, are suspects in a case known as the Seaborne Meadow’s Burglary of Motor Vehicles. The geniuses are now behind bars.

How did the police nab Rolando so quickly? Was it computer forensics? Well, according to a subsequent post by the police, tips from the community helped them track the thief to the relative’s house. Perhaps this was in part due to the friendly appearance and humorous photos of the Rosenberg police Facebook page.

Looks like this police department is onto something: Make a Facebook page that appears more community oriented rather than government-official oriented, and maybe the community will become more proactive in helping solve crime cases.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

10 Credit Score Truths and Myths

If your personal information gets compromised, a thief will open up financial accounts in your name. However, they will not pay the bills, and this will ruin your credit.

2CWhether bad credit results from the legitimate credit holder’s irresponsibility or from identity theft, your ability to buy a car, rent a nice place, purchase a home or even get employment can be severely stifled.

1. Credit reports aren’t always accurate. Most have a big error or mistake: 80 percent, actually. Regularly check your credit report.

2. Pulling your credit score will lower it. A “soft” pull is done yourself for personal reasons; it will have zero effect. A “hard inquiry” is when a lender pulls it up for loan approval. It will have a negative impact, but small.

3. A higher income = higher credit score. Income is not relevant to credit score; paying bills on time (or not) is what matters.

4. Credit scores and credit reports are the same. The three big credit reports are Equifax, Experian and Transunion. But there are too many various calculations of credit score to even list here. What matters is your credit managing skills and making sure all 3 large credit bureaus have similar information and scores.

5. Debt settlement removes debt from your credit report. But debt settlement doesn’t fix bad credit. Late payments, bad information and other smears remain for up to seven years following the first “infraction” date.

6. Cash-only payments will improve credit score. You can’t build good credit unless you use credit—and wisely. Get a couple small loans or credit cards and pay them off as you use them.

7. Improve your credit score by closing your credit card accounts. Closing a card lowers your amount of disposable income: the ability to pay off other debt. You don’t want to lower “credit utilization” by closing out a card.

8. Smart management of your various banking accounts will reflect in your credit score. These are not reported to credit bureaus and thus have no impact.

9. Dispute accurate (but negative) information to remove it from your credit report. You can dispute only mistakes. A valid dispute will result in deletion of inaccurate information. A dispute of negative, but accurate, information will achieve nothing.

10. Missed payments that aren’t reported to credit bureaus won’t affect credit score. Any missed or late payment can be reported to a credit bureau.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Older Technologies Facilitate Credit Card Fraud

America the Superpower is also the super choice for criminals wanting to steal credit card information. Security experts warn that this problem will get worse before it improves.

1CThat ancient technology of the magnetic strip on the back of credit and debit cards is a godsend to criminals. The easy-to-copy band stores account information using a technology the same as that of cassette tapes. U.S. credit card technology has not kept up with fraudsters. One challenge facing the industry is that it is very expensive for companies to upgrade their credit card security.

When a card is swiped, the strip allows communication between the retailer’s bank and the customer’s bank: 1.4 seconds. That’s enough time for the network to record the cardholder’s information on computers controlled by the payment processing companies.

Hackers can snatch account data (including security codes) as it crosses the network or steal it from databases. Though the security code is required for most online purchases, thieves don’t care as long as the magnetic strips are easily reproducible and placed on fake cards—which they then use for purchases or sell the card data online. Three bucks will get you a fraudulent card with limited customer information and a low balance.

You’ll have to wait at least until the fall of 2015 for U.S. credit card companies to ditch the magnetic strips for digital chips. Retailers want more: each transaction to require a PIN rather than signature.

What can retailers do in the meantime?

  • Internet-based payment systems should be protected from hackers with strong firewalls.
  • Data should be encrypted, so that hackers see gibberish.

This may be easier said than done, because implementing these safeguards isn’t cheap. The U.S. lags behind most other nations when it comes to credit and debit cards; most countries’ cards use the digital chips that contain account information.

Every time the card is used, the chip generates a code that’s unique. This makes it a lot harder for criminals to duplicate the cards—so difficult, in fact, that usually they don’t even bother trying to replicate them. It would really be great if the U.S. could catch on to this technology.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Tax Season Scams Bite Businesses

There are numerous tax related scams out there. And as a business or even a consumer, forewarned is forearmed.

9DTax relief. Predators scan through tax lien notices to see who’s in deep with the IRS, then offer them tax relief services which are fraudulent. You pay them, and voila, your money not only is gone, but so is the “service.” You’re now further sunk in debt.

  • A fee, usually high, is required in advance.
  • These scams may be advertised on TV and radio.
  • They may also come as an unsolicited snail letter or e-mail, saying that you qualify for some governmental plan.
  • The company offering the solution may suddenly disappear.
  • If some kind of tax payment plan seems too good to be true, assume that it is.

IRS giving away money. When pigs fly. But really, this scam makes its rounds: flyers and ads claiming free money from Uncle Sam, suggesting you can file a return with minimal or no documentation. These postings often appear in churches. People see them and innocently spread the word.

Abuse of 501(c)(3). Numerous types of nonprofit organizations are exempt from certain kinds of federal income taxes. Some organizations will create schemes to become exempt, including ploys that fraudulently shield income from taxation.

Corporate ownership disguise. A third party is fraudulently used to request EIDs (employer identification numbers). The third parties then form corporations that muddle the business’s true ownership standing.

Trust misuse. Transferring assets into trusts may have some legitimacy, but shady promoters have also encouraged people to do this in an improper way. These transactions don’t live up to their promise of reducing taxable income or maximizing deductions for giving gifts or for personal expenses.

Inflated income & expenses. Though some businesses deflate income to lower what they owe, others will inflate it to optimize refundable credits. They may also claim expenses they never paid.

Hiding income offshore. Some people and businesses, to avoid paying taxes, hide income in offshore accounts. They use credit or debit cards, or wire transfers to gain access to their funds. Other people will use employee-leasing schemes, employ foreign trusts, or use insurance plans or private annuities to get access.

Fake forms. Someone files a false information return, like the Form 1099 Original Issue Discount, to validate a fake refund claim on a corresponding return. Some have made false claims for refunds based on the sham theory that the IRS has secret accounts for U.S. citizens and that one can gain access to these accounts with the 1099 OID form.

Ridiculous attempts at write-offs. Businesses claiming crazy, frivolous claims to avoid paying owed taxes like that business trip to Mardi Gras. The IRS will recognize many frivolous tax arguments and will toss them out of court.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures

Find Missing Kids with SafetyLink

Find your lost car keys, smartphone and abducted child. Yes, you read that correctly: There’s now a device that can locate your missing child (or wandering elderly grandmother). And the device that can do this is TINY.

SLImagine a device that can be used as a keychain and not only locate missing people, but your dog that’s run off. Sanjay Chadha did, and the result is SafetyLink, which uses wireless technology combined with smartphones and cloud sourcing to provide community protection.

Chadha is the co-founder and CEO of Safety Labs Inc., the developer of SafetyLink. Chadha came up with the idea as a result of the much publicized gang rape that had occurred in New Delhi. So disturbed by this crime, he awakened one morning at 4 a.m. and knew it was time to develop a mobile-based solution that could save people in danger.

Enter SafetyLink

The main targets of SafetyLink are children, women and senior citizens. Should a child become lost or abducted, for example, or a hiker take a serious fall, they simply press and hold the coin-sized button of the device. This will send an SOS.

The SOS will then be distributed by a cloud server, alerting individuals who are in the user’s network—who have proximity to the user. Emergency services (e.g., 9-1-1) will also be notified.

And guess what: SafetyLink has key features that prevent prank calls. The device includes GPS technology to locate the user (imagine a child in the car of an abductor, pressing the button—which can be worn as a pendant—the predator would never suspect a thing!

The SOS will make its way to the dashboard of a police cruiser in the vicinity. The police will be on the predator’s tail in no time.

SafetyLink can be used by “anybody and everybody,” says Chadha. It easily clips to a child’s jacket or backpack, Grandma’s fanny pack or your dog’s collar. It needs charging only once a year, due to Blue Tooth technology. And remember, it can also locate missing car keys and phones.

How does Safetylink alert?

A parent, for instance, determines the travel range of their child and sets this up via an online application. If the child wanders out of (or is taken out of) this travel range, the parent’s smartphone will beep.

The parent then registers the child’s SafetyLink with the cloud server: The police and community will be alerted to search for the missing person. Think of this as a wireless leash. It can be switched on and off; the travel range can be adjusted; and people can always be added to the network.

This new product sure sounds like a winner. However, its success depends on community participation. People are encouraged to download the free application. The device costs only $35.

Thus far, 220 have been pre-ordered from the U.S., Canada, Europe, India and Brazil.

Where can pre-orders be made?

Safetylink.org. The product will be officially on the market May 2014.

“Predictive Analytics”: Technologies that read your Mind

There’s an app that can practically read your mind via your mobile device. The technology is called predictive analysis, and Google’s Now app is at the forefront. Other apps that utilize predictive analysis include Grokr and Osito: predicting the smartphone user’s next move.

2WHow does this work?

Snippets of information are assembled via an algorithm, leading to a prediction of the user’s next behavior.

An example would be combining snippets of calendar entries with the user’s location data, e-mail information, social network postings and other like information.

The user is then presented with assistance that the app “thinks” is needed. The support-information is called a card. A card might, for example, remind the user about an event whose information was entered previously.

The app will then add directions to the event or show weather conditions at the location—even advise raingear.

Benefits

  • The Now app can “understand” context and filter out irrelevant information, making searchers easier than ever.
  • The Google search engine can now respond to more than just individual keywords and can seemingly grasp the meaning of a search query. This algorithm is called Hummingbird and impacts 90 percent of searches.

An example is that Google can compare items upon request or dig up facts about various things. For example, just type in the name of a famous landmark—once. If you seek trivia, you’ll get answers, but if you then seek directions, Google will know that you want directions to this landmark without you having to type in its name again.

  • Future locations of the user can be predicted (based on locations visited previously), not just the current location.
  • Recently, Google and Microsoft researchers came up with a software, Far Out, that can figure out a user’s routine via GPS tracking. This data is then assembled so that future locations of that user can be predicted.
  • The configuring can even adjust to correlate with the user’s changes in residence or workplace.

As advanced as all of this seems, this is only the start of a new wave of technology that can “think” for us—a big benefit to those whose lives are so hectic that they’ve become absent minded, and for those who simply enjoy the idea of having to do less mental work.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

6 Ways to Declutter Your Digital Life

It’s the New Year so time for new starts and new resolutions. With a new year upon us, now is a good time to clean out the clutter. Clutter is overwhelming, messy and inefficient and it transcends in both our physical and digital lives.

Here are some tips to help clear the clutter out of your digital world.

4W

1. Backup the Data on Your Devices
You are (hopefully) about to delete lots of stuff.

  • Back up everything you have onto an external drive – make sure this is your files, contacts, browser bookmarks, photos and any other important content you would want
  • Don’t forget to back up your smartphones and tablets as well
  • For extra de-cluttering, set up a secure cloud backup that runs 24/7

2. Organize your Computer

Organize files on your desktop and within desktop files, including consolidating several similar files into one file.

  • Delete duplicate files and ones that you do not need
  • Rename files so you can locate them easier in the future
  • Uninstall programs you never use

3. Clean Up Your Browser

  • Go through your bookmarks and delete the ones you don’t use
  • Clear out your cookies and browsing history
  • Disable or delete any add-ons or plug-ins that you are not using

4. Monitor Your Social Media Accounts

  • Cancel accounts on sites you don’t use—leaving your profile up can make you more vulnerable to cyber attacks
  • Go through your friends and/or follow lists and see if there’s anyone on there that you don’t want updates from any longer

5. Scrub Your Email Inbox

  • Move messages that you want to save into folders
  • Unsubscribe from mailings you never read or are no longer interested in

6. Scrutinize Your Smartphone/Tablet

  • Delete photos, music, texts or other items that you don’t use any longer
  • Remove apps that you don’t use any longer

Happy de-cluttering and Happy New Year!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.