Huge IE Attack: Will Microsoft fix It in Time while XP Users are Left to the Dogs?

If you have IE 6 through 11, watch out. There’s a glitch that enables hackers to exploit flaws in these systems. Microsoft is racing to fix this vulnerability bug. Unfortunately, news is not so good for those using Windows XP, because Microsoft has ceased support, period. This means no security updates. It’s estimated that almost 30 percent of all the personal computers across the world are using Windows XP. Business owners and other decision makers of organizations need to overestimate just how risky it is to cling onto an old favorite rather than promptly switch to a new system that has stronger support.

IESecurity researchers came upon the bug, calling it a “zero day threat”: The initial attacks occurred before Microsoft knew of the problem. Researchers also say the flaw has been exploited by a savvy hacker group with a campaign called “Operation Clandestine Fox.”

Nobody seems to know what makes this hacking group tick. Maybe they just want to get their hands on some sensitive military and financial institution data. Microsoft says that the attacker means serious business and can potentially gain massive control of the flawed system.

Protect yourself:

  • Do not use IE. Use another browser like Chrome or Firefox.
  • If you have Adobe Flash update it now or disable it immediately. The attacks depend on Adobe Flash.
  • Microsoft urges XP users to upgrade to Windows 7 or 8. If your PC can’t support these, buy a new one. Or, consider getting the Windows Upgrade Assistant from Microsoft, which can be downloaded.

With hackers swarming in like killer bees, knowing that XP’s support is over, XP users must stay in heavyweight mode for any attacks. Thieves can even use new security updates for Windows Vista (and later) as a guide to hacking into systems running on XP.

Anti-malware solutions aren’t very effective on operating systems that lack support, and hackers know this. But more alarming is that fewer users, including business owners, are ready to accept this or even have a clue about it. Regardless, update your antivirus now.

Though it seems that for good measure, Microsoft should provide one last support run for XP users who are affected by the bug, the software behemoth won’t budge.
Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Phishing Alert: 10 Tips To Protect Your Business From Attacks

It’s becoming too easy for criminals to get their hands on your banking information, due to your employees’ ignorance of phishing scams.

13DMalware attacks have soared recently, targeting banks for the purpose of stealing online banking information. Over 200,000 new infections occurred between July and September 2013—the highest jump in the past 11 years, according to a TrendsLab Security report. Cyber-criminals are ubiquitous on this planet, and phishing is a favorite among their arsenal of attacks, a way to gain access to computers, as well as infecting a computer.

ZeuS (aka Zbot) is a common malware planted on websites. If a website is infested with ZeuS, or other malware, and you visit that site, your computer will become infested with ZeuS. Once settled in, ZeuS steals online banking credentials, and then transmits these details to a remote server, where the cyber-criminals can access it. But for ZeuS to spread, that means someone is opening a phishing email and clicking on the link that leads to the virus-inhabited website.

Who’s clicking on these links? Unfortunately, some of your employees probably are. According to a recent eWeek article, 18 percent of phishing messages are opened in the workplace—and yes, this includes clicking the accompanying malicious link.

That’s not all—sometimes the numbers can go even higher. According to the report, one particular phishing campaign yielded a 72 percent clicking response on the link.

Furthermore, the report states, 71 percent of users’ computers have a higher susceptibility of infection due to having outdated versions of popular software such as Microsoft Silverlight and Adobe Acrobat.

How To Stop Your Employees

Monthly training of employees to avoid suspicious emails helps knock down the percentage of clicks to 2 percent, much better than quarterly training does (to 19 percent). The report adds that cleaning recipients’ invaded computers costs the company, even though 57 percent of companies rated phishing attacks as “minimal.” However, even “minimal” impact still means a lot of cleanup for a high volume of attacks, involving IT staff response and employee downtime during system restoration.

Those who take the bait are costing you money, and the potential risk to your business is enormous. The Anti-Phishing Working Group recommends the follow tips. Share them with your employees ASAP.

  • A big red flag should go with emails that request personal financial information. If the name of the company bank is mentioned, arrange a phone call to that bank regarding the suspicious email.
  • Be leery of exciting or worrisome statements designed to rattle emotions rather than sink in logically; think before you click!
  • Be highly suspicious of a message asking for a password, username, credit card information, date of birth or other very private details of yourself or your company.
  • If you don’t recognize the sender’s name or address, or have no idea what the message could pertain to, simply ignore it altogether. It’s never urgent to click a link; you won’t get fired if you don’t.
  • Never enter confidential financial (or personal) data in a form inside the email.
  • A special toolbar, installed in the Web browser, can help protect you from fraudulent sites. The toolbar compares online addresses with those of known phishing sites and will provide a prompt alert before you have a chance to click or give out private information.
  • The latest versions of Chrome, Firefox and Internet Explorer have optional anti-phishing protection.
  • Bank, debit and credit account statements should be regularly checked for suspicious transactions.
  • If any transactions look suspicious or unfamiliar, alert appropriate personnel to contact the relevant financial institution.
  • The computer browser should always be kept up-to-date. Security patches should be installed.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Home Monitoring Products go Mainstream

With the explosion of security-based home surveillance products/apps, there’s a growing trend in getting surveillance systems that monitor users themselves.

1HPiper

This product’s wide-angle camera allows you to view live video of your home, from anywhere, right on your smartphone. It can:

  • Detect motion
  • Control lights, temperature and appliances
  • Record short videos
  • View inside the home

Canary

Similar to Piper, it provides:

  • Live video and audio
  • Motion detection
  • Night vision
  • Air-quality monitoring

Doorbot

This app allows you to see who’s at your house’s door, regardless of where you are.

  • Better than a peephole.
  • Consider it “visitor ID.”
  • You can answer the door remotely.

There’s no need to do anything while these home monitoring systems nonchalantly collect data. Imagine all the advantages of such technology: catching a burglar is the best benefit, but what about catching a spouse cheating; catching your kids doing drugs; seeing that your kids came home from school safely; learning who in the household keeps drinking up all the soda. Though such surveillance can start out as very annoying, people can become quite used to it, say experts.

Some experts claim that this technology may bring the entire clan closer together. Others insist that it’s spying: checking up on someone without their permission. I have similar systems and use them to watch the home while on business along with check in on the family having dinner. It makes being apart not as difficult.

When this kind of technology becomes the standard and not the exception (and you can count on that shift), it will be the new normal, something that people will know about from an early age, the way life is. It may seem potentially intrusive now because it’s new; it’s not our normal, yet.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to keep your Kids safe Online

Every parent should know all the ways they can keep their kids safe in the online world. In McAfee’s 2013 study, Digital Deception: Exploring the Online Disconnect between Parents and Kids it was found that:7W

  • 86% of kids think social sites are safe and post personal information such as their email addresses (50%) and phone numbers (32%)
  • 48% have looked at content their parents would disapprove of
  • 29% of teens access pirated illegal digital media
  • 12% of teens met a stranger online and then in the physical world
  • 54% of kids say their parents aren’t involved in their digital lives at all
  • 42% say their parents simply don’t care what they are doing online
  • 17% of parents believe the online world is as dangerous as the offline world
  • 74% of parents have thrown in the towel and are exhausted with their kids digital lives.

That last stat isn’t just scary, it’s sad. Because protecting your kids online isn’t an option, it’s a requirement. This isn’t a technology issue, it’s a parenting issue. And parent who say “I give up” are giving up on protecting their children from harm.

Here’s a basic road map of what to be aware of:

Dirty sites. This just doesn’t mean a porn site that a teen decides to check out after accidentally stumbling upon it. There are sites that promote weapons, drugs, school cheating, even how to starve down to dangerously low body weight.

Harmful contacts. Your child can be in contact with anybody in the world, without you even knowing it, and this contact may be a pedophile building up trust in your child—a trust that leads to an in-person meeting.

Information overload. Do your kids know what and what not to blab about in the cyber world? Going away on vacation soon? The whole world may find out (and the whole world includes burglars) after your chatty kid tells all on Facebook.

Sitting sickness. Sitting at the computer for hours on end not only can interfere with sleep and disrupt alertness the following school day, but excessive sitting can result in weight gain and bad posture, plus proneness to snacking on junk food.

Online bullying. Yes, words (even typed) really CAN hit harder than a fist. Cyberbullying leaves marks that are just as invasive as a swollen black eye.

Pirated content. If your kid has no money, but tons of digital files like movies and music, he may be a pirate. Law suits are being filed against parents who don’t take control of their kids online activities.

Hacking. Today kids are either hacking other or being hacked themselves. Knowing what your kids are doing and how to protect your devices is essential.

What can parents do?

Treat your kids as you’d want them to be treated. This includes online. Lay down specific rules regarding computer use and where they can visit online. Instruct your kids to promptly report any threatening or insulting online behavior.

Consider installing parental control software. A parental control program in its fundamental form will allow a parent to decide which category of sites are off-limits and how much time a child can spend online. The software is designed to prevent the child from disabling it. McAfee Family Protection allows parents access from any PC.

Parental controls also come in hardware form, but can’t provide more sophisticated control. Parental control apps exist for mobiles, yielding stronger control than software that’s filtered at the router level. Apps are available for Android, iOS or both.

What’s illegal for your boss at work to do to you is perfectly legal for you to do to your kids: use spyware to track their keystrokes, take screenshots, snag passwords, etc. Spector Pro and PC Pandora are examples. However, for most kids, this level of control isn’t necessary. But they’re invaluable if a troubled child may be interacting with a pedophile, or if your very curious child is just plain rebellious.

Install security software. It’s not enough to have antivirus, antispyware, antiphising and a firewall. You must also protect all wireless communications with Hotspot Shield VPN which locks down their devices Wifi preventing hacks.

Know who they are communicating with. At any given point and time it should be required that parent can check devices and openly discuss any conversations being had. If the parent can’t meet the person or the persons parents, then the child shouldn’t be talk talking to them.

Require device and account passwords. No matter where they go online or whatever devices they own, the parent should have full access at all times.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The Future of Identity Theft

Identity theft evolves as technology progresses. The Identity Theft Resource Center explains the future of this crime.

11DDefinition of Identity

The definition will swell up to include biometrics and behavior, not just driver’s license number and SSN. So your identity can be defined by how you move a mouse and your keystroke patterns.

Medical Identity

There’s no focal mechanism for the mitigation of medical identity theft, making it easy for thieves to keep getting medical treatment. Many people get their medical identity stolen without knowing it.

Statistics

Crime rate statistics are not telling the whole story. The illusion is that crime rates are on the decline; this is because statistics do not include all fraud activity. The primary indicator in crime statistics reports doesn’t even include identity theft.

Mobile wallets will not take over the world—at least not soon, anyways.

Though mobile wallets seem to be the next big wave in purchase technology, it’s not going to be easy convincing the masses to store every bit of their financial data in their smartphone. In fact, 64 percent of survey participants said they would not convert to a mobile wallet system (Consult Hyperion).

Affordability

All of these cool developments in the world of cyber communication will not necessarily apply to every single person; products cost money. So no matter how much it seems that times are changing or that people are “switching over” to some new technology, there will still be that demographic that’s seemingly left in the dust.

Finally…

It looks as though federal data breach notification laws will at last become a reality. Or so it seems.

Extra Layers

The dual and even multi-step authentication system will become more common, as more industries pick this up, to verify a user’s identity. And even consumers seem to be warming up to this.

Can’t have it both ways:

That is, security and convenience. With all the big data breaches lately, looks like privacy and security will win over convenience for the consumer.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Home Invasion prompts Neighbors to invest in Security

The Lincoln-Highlands Association is a resident organization devoted to fighting crime in Oakland, California’s Dimond District.

2BA hundred residents are needed for the program, which would require $30 a month to fund a security guard to patrol the area five days per week.

Other neighborhoods have had success with private patrols, and the push for the Association’s private guard was spurred by an armed intruder who shot and wounded an elderly woman in her house.

However, not all residents are gung-ho on paying for the patrol. One resident says that keeping ahead of crime is the city’s responsibility, and one security guard isn’t omnipotent. On the other hand, how else can crime be deterred, wonder the supporters. The supporters say they’ve gotten a very warm response to the plan and will continue seeking out more supporters.

Home Alarm Systems: Can Do Everything but Handcuff the Intruder

Security systems these days can do just about everything save for apprehending your home’s brazen intruder. Modern-day systems come with all sorts of features that will either deter break-ins or make break-ins more difficult, plus also keep the homeowner aware of everything that’s going on with their property: inside and out.

Features include wireless cameras that have full web access to them, remote controlled and timed lighting, iPhone and Android apps to control and monitor video surveillance from anywhere, remote controlled thermostats, among others. A web dashboard allows the user to control all aspects of each feature, which includes programming in a reaction to a specified incident.

Despite all these features, it’s easy to program such alarm systems, which yield to the user significant awareness of their home’s internal and external environment.

Guard or no guard, don’t keep putting off getting a modern home security system. No intruder wants to wait for you.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Intruder snaps Selfie and disappears

Remember that scary movie in which the psycho phones the babysitter and says, “Did you check the children?” He was actually in the house and murdered them. Yikes, well that’s just a movie. But sometimes truth is stranger than fiction.

SELFIEAs long as people leave doors unlocked, any whack job can saunter into their house. So if this happens to you while you’re putting your kids to bed, like it recently did to a Denver woman, don’t be surprised.

In her case, though, the man didn’t harm anyone, though he still rents a room for free inside the mother’s mind. Yikes again.

One day the woman found a selfie on her cellphone: a pic of a man she’d never seen before, taken inside her house. Though he stole nothing and though she didn’t even know he’d ventured through her unlocked door till the day after, she remains traumatized.

“And he looks familiar to me; everybody else says they didn’t see him but he looks familiar to me; I know I’ve seen him before,” said neighbor Richard Gardner.

Police say the stranger simply entered through the back door, took the selfie and left. Nobody knows who the man is, but Gardner says, “He doesn’t have glasses when you normally see him walking down the street. Maybe they’re a disguise. I don’t know.”

How to Stay Safe in Your House

  • If you hear someone breaking in, call out to an imaginary companion if you’re alone, “Hey Scott (or some other man’s name), can you see who that is?”
  • Call 9-1-1, then leave, or if you can, reverse this order.
  • Maintain a visible perimeter to your home so neighbors can detect suspicious people near it.
  • Get a home security system, then post their decals on front and back entrances and their signs in your yard.
  • Close all windows when you leave, even on a hot day.
  • Get a neighborhood watch going.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

National Retail Federation pushes for Chip and PIN

The recent major retail breaches have fueled increased interest by the National Retail Federation to push for implementation of a chip and PIN payment card technology. This would make the magnetic strips on payment cards obsolete and no longer a calling card for hackers.

1C“We’re here today because the question of data security and cyber theft in retail has become a very important debate in Washington,” said David French, the senior vice president of government relations for the NRF.

The U.S. still relies upon the magnetic strip—buyers or employees swipe the card and sign for the transaction. The chip and PIN means a chip is embedded into the card. A “reader” reads the chip but also requires the cardholder to enter a PIN to complete the purchase: a two-ply authentication process.

Magnetic strips allow thieves to make counterfeit cards that work, but the chip technology would prevent this.

“It’s going to be a very expensive transition,” says Mallory Duncan, NRF senior VP and general counsel, referring to the switch from magnetic strip to PIN and chip. A chipped card costs 4-5x as much as a stripped card: a cost that card issuers are not crazy about investing in.

However, the retail industry isn’t off the hook. Duncan notes that “every one of the (payment) terminals has to be replaced and depending on whether you’re counting just retailers or doctors’ offices and other places that are thought of as retail, it’s going to be between nine to 15 million (pieces of point-of-sale) equipment that have to be replaced.”

That’s more than $1,000 per unit, she adds. The migration to chip technology includes software and training, and based on Great Britain’s cost to migrate, the U.S. could be looking at “$20 billion or $30 billion to swap out equipment,” says Duncan. And that’s an under-estimate.

The starting point for the swap is banks issuing the chipped cards, says Duncan. Then the retail industry will know it’s worth it to finish the job by implementing the terminals.

The banking industry isn’t taking well to the retail industry’s stand on who should make the first move. Banking leaders believe that recent big retail breaches were primarily caused by, as they responded to NRF’s media briefing, “failed computer security at major retailers.”

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

You can have Security in an Attractive Lock

Who says a good door lock can’t look good? Being that your home is far more likely to be burglarized than you are to be mugged walking down the street, you can’t neglect to have a high security deadbolt for your door, even if you live in a “nice” neighborhood.

decThe deadbolt is a maximum security defense and should be installed on every door to your house, including back doors. You can have the strongest, biggest bolt with Schlage’s Grade 1 product.

But what about the looks of the locks?

Take a look at your door locks. What brand are they? Are they attractive or just your every day door lock that you don’t pay any attention to? It’s time to upgrade!

After all, you take pride in your home’s curb appeal, including its doors. You can have front entry handlesets installed that offer the maximal bolt protection you want, plus the style and flare that you also desire.

In fact, you can even have customized the interior of handlesets with a variety of door lever or door knob styles and finishes.

To complement the deadbolt’s appearance, you can add a number of relevant accessories such as attractive door knockers, kick plates, door stops, viewers and stylish house numbers.

For example, a kick plate can be coordinated with a handleset. The kick plate is a finish at the bottom of a door (often a shimmering metallic style) that prevents scuff marks from shoes.

A wide range of design and elegance is out there for those seeking protective accessories for their doors.

And don’t forget about the choices in appearance you have for your indoor locks. You can, for instance, get a doorknob with an aged bronze finish to compliment your interior’s décor.

Let’s go a step further and consider the deadbolts and other types of locks you’ll need for your business away from home. These days, security can easily be coordinated to accommodate your taste in décor, without sacrificing efficacy of the security.

And by the way, Schlage has a “lifetime finish warranty” for their lock products.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Healthcare Records vulnerable to Criminals

Just about every kind of healthcare related entity—hospitals, rehab centers, pharma companies, insurance carriers and more—have been and continue to be compromised by cyber criminals.

2PThough your doctor can boost your resistance to heart attack, the hospital he works at remains prone to hack attacks by crooks wanting access to all sorts of data and other sensitive information.

This isn’t just a leak of patients’ personal health information, but the institutions’ billing systems and intellectual property get in the hands of crooks.

Once the hackers are in, they’re in a position to launch more attacks on other networks and commit billions of dollars worth of fraudulent transactions.

Here are some bitter pills to swallow:

  • Compromised devices include radiology imaging software, Web cameras, firewalls and mail servers.
  • Quite a few compromises occur due to simple issues like failing to change default credentials on firewalls.
  • Tens of thousands of malicious events can occur within a healthcare IT environment during the time that intelligence is gathered.
  • Not only can cyber criminals get ahold of patient addresses, SSNs and medical condition data, but they can manipulate medical equipment.
  • Healthcare providers accounted for 72 percent of malicious traffic according to the SANS-Norse Healthcare Cyberthreat Report. In addition, healthcare business associates: 9.0 percent; health plans: 6.1 percent; pharmaceutical: 2.9 percent; healthcare clearinghouses: 0.5 percent; miscellaneous healthcare related entities: 8.5 percent.

This all means that patients are getting a big burden financially in that healthcare costs rise in response. For instance, the cost that was related to compromised medical insurance records and files in 2013 was $12 billion. This gets trickled down to patients.

Many healthcare related organizations cannot adequately protect sensitive data; the cyber attacks are like a relentless virus, overtaking its host.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.