USB Drives have serious Security Flaws

That little thing that you stick in your computer to store or transfer data can also mean very bad news.

3DThe USB device or “flash drive” can be reconfigured to work like a little thief, for instance, being made to mimic a keyboard and take instructions from the master thief to rip off data or install malware. It can be made to secrete a virus before the operating system boots up, or be programmed to alter the computer’s DNS setting to reroute traffic.

There’s no good defense for these kinds of attacks. The firmware on the USB devices can’t be detected by malware scanners. Biometrics are out because when the firmware changes, it simply passes as the user plugging in a new flash drive.

Cleaning up the aftermath is no picnic, either. Reinstalling the operating system doesn’t resolve the problem because the USB device, from which installation occurs, may already be infected. So may be other USB components inside one’s computer.

Whitelisting USB drives is pointless because not all have unique serial numbers. Plus, operating systems lack effective whitelisting mechanisms. Also, Malicious firmware can pass for legitimate firmware.

To prevent a bad USB from infesting a computer, the controller firmware must be locked down, unchangeable by an unauthorized user. USB storage devices must be able to prevent a cybercriminal from reading or altering the firmware. It must make sure that the firmware is digitally signed, so that in the event it does become altered, the device will not interface with the altered firmware.

  • Watch your USB drive – don’t set it down and make sure you keep track of it so it’s not lost or stolen.
  • Disable auto-run – Turn off auto-run on your computer so that if a USB drive has malware, then it won’t automatically be transferred to your machine.
  • Be careful who you share your USB drives with – Be careful what computers you place your USB drive in and who you let borrow your USB drive.
  • Use comprehensive security software – make sure your security software not only scans your computer for threats, but also any drives that are attached.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Beware These College-Related Scams

The last group of college students has headed off to school for another semester of dorm rooms, late-night library sessions, and the occasional college party. For many students, college is the first time they’ve lived away from home. They are young, open to new things, and sometimes, naïve. These traits make them prime targets for scams.

9DHere are some of the most popular college scams:

  • Fake College Websites
    Here’s how this works. Scammers copy a college’s website but use a fictitious name on the site (in essence creating a spoofed site). They use this site to collect application fees and gather personal information. They even go so far as to send out rejection letters to applicants to try and “maintain” their credibility. But all this application will get you is financial loss and the potential to be victim for future phishing scams.
  • Diploma Mills
    These are unaccredited colleges or universities that provide illegal degrees and diplomas for money. Many spoofed college websites are also used as diploma mills. Though some diploma mills may require students to buy books, do homework and even take tests, the student will be passed no matter what. In some cases, users get a diploma simply by purchasing it. In any case, you’re out of money and have no valid diploma.
  • Fake Scholarships
    Let’s face it. College is not cheap. Therefore, many students look for scholarships to help ease the financial cost. Scammers profit on this need by creating fake scholarships, which require you to submit a fee when applying for the money. You never see a dime and you’ve lost that application fee as well as given up some of your personal info.
  • Wi-Fi Scams
    Computers are an essential part of the college experience and wi-fi connectivity is a necessity. So while you may not want to pay or can’t afford to pay for wi-fi connectivity, you need to be careful when using free wi-fi as hackers can easily intercept your communications.

So while college is a time to learn and experience new things, you also want to avoid getting scammed. So here’s some tips on how to make sure you don’t get taken by one of these scams:

  • To protect yourself, develop the habit of not giving personal information to strangers and double check the authenticity of the organization.
  • Before sending in any online application, double check the accreditation for any college or university. In the United States, you can do that on the Department of Education site.
  • Verify that a scholarship is valid, by checking with an organization like FinAid.org.
  • Avoid doing any sensitive transactions like shopping or banking when using free wi-fi connections.

Yes, there are plenty of scams out there. But with common sense and a willingness to double-check, students can avoid being lured in.

Have a great school year!

For more tips on how to stay safe online, follow McAfee on Twitter or like them on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Bolster your Belongings on TV and This is what happens

How did a burglar know that Theresa Roemer had a 3,000 square foot, three-level closet that was crammed full of very pricey items including jewels and furs? Well, apparently, he caught wind of the “she cave” on TV, then perhaps Google Earthed it and (believe it or not) the evening he decided to bust in, the house alarm wasn’t on. And the closet wasn’t locked.

3BThe burglar stole $1 million worth of jewels and designer handbags from the enormous closet in Theresa Roemer’s mansion in The Woodlands, a Houston suburb.

While she was out dining with her husband, the thief filled three handbags with loot, and each handbag is worth $60,000. This was like a young kid in a candy factory.

Nobody really knows why the alarm was turned off.

Roemer has hosted many parties for charity inside the closet, which also includes a champagne bar. In addition to the handbags, furs and jewels are rows of shoes, boots, hats, clothes and beauty products. If you saw the move “Bling Ring” which was based on real events and often filmed in what was supposed to be Paris Hiltons closet, then you’d get the idea.

Roemer stated that she really doesn’t care about the replaceable items and refers to these as “crap.” She has expressed angst that some of the stolen items are heirlooms. Most people who lose stuff in a fire feel the same way.

The mansion’s surveillance cameras recorded the burglar, and it’s only a matter of time before the thief is identified. And even if the surveillance cameras eventually lead to an arrest and conviction, nobody wants to experience coming home to find that it’s been invaded and that valuable items have been stolen.

If you’re going to bother with having surveillance cameras, then also bother turning on the alarm when you’re gone and even when you’re home. But let’s not also forget that Roemer revealed her closet of riches on TV…a big mistake.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Identity thieves bombarding Call Centers

One out of 2,900 seems very small, but when there’s a total of 105 million…then this percentage stacks up in the end. It represents the frequency of calls from fraudsters made to call centers in an attempt to get customer account details so they could steal.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Many times these crooks will succeed by conning phone operators into altering personal details. The thieves will then commit ID theft, gaining access to customer information and even changing customer contact information so that the victims cannot receive alerts.

These clever cons spoofed their phone numbers to avoid detection, and used software to alter their voices, even the gender sound.

Research into the 105 million calls also unveiled that the fraudsters keyed in stolen Social Security numbers in succession until they got a bull’s-eye: a valid entry for an unnamed bank. They then tricked the victim into revealing personal data.

One expert says that if contact phone channels were monitored, this could predict criminal behavior two weeks prior to actual attacks. Many companies also believe that most attacks result from malware rather than social engineering: the tricking of victims into revealing sensitive data. The targets include the staff of the call centers, who are often conned into allowing these smooth-talking worms to get under any door.

When businesses focus on the theory that most of these problems are from malicious software, this opens up a huge door for the fraudsters to swagger their way in.

The crooks’ job is made even easier when companies assign fraud detection to a department that fails to effectively communicate with other departments.

Consumers would be smart to check in with various credit card and bank accounts “posing” as themselves to see just how easy or difficult it might be to gain access with what kind of “easy to guess” or ”easily found on social” information/questions that may be used to authenticate the caller. Then change those “out of wallet” or “knowledge based questions”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

4 Different types of burglary and burglars

Burglars are opportunists. They seek out opportunity often to support a drug habit or other uncivil reasons for turning your stuff into cash. Burglaries and burglars come in different flavors, here’s a taste.5H

  • Simple burglary: The act of entering any type of structure without permission (regardless if the entry is unlocked) with the intention of stealing something inside. A conviction will net prison time up to 12 years.
  • Aggravated burglary: The structure that the criminal gains unauthorized entry into contains a person, or, the intruder has a dangerous weapon, or, the burglar commits harm to that individual. The punishment is up to 30 years in the slammer.
  • Home invasion. Unlike aggravated burglary, in which the burglar doesn’t know that the structure is inhabited at the time of the crime, the home invader knows in advance that at least one person is inside, and premeditates using violence or force against that person. Or, the intent is to damage or deface the interior. Punishment goes up to 20 years and includes hard labor.
  • The looter takes advantage of an establishment, dwelling or vehicle that’s unprotected due to a hurricane or other disaster, or due to mass rioting. Prison time goes up to 15 years. If the crime occurs during a declared state of emergency, the convict will get hard labor that may exceed 15 years.

Type of Burglars

The common & simple. This thief seeks out easy fast targets, such as open windows and unlocked doors. Since the ease of the crime is the driving force rather than advanced knowledge of valuables, this burglar often ends up with “stuff” that can be exchanged for cash.

The hunter. The burglary is based on premeditation, scouting around neighborhoods for valuables. They’ll take advantage of unlocked doors and windows, but are willing to be careless and will smash through windows or bash down doors, then grab anything that they can stuff into pockets or a rucksack.

The prowler. This smarter type operates with more finesse, targeting structures where they know the valuable can be swiftly sold on the black market. Often, the prowler is a former hunter who developed savviness and efficiency along the way.

The specialist. This is the top fight burglar, concentrating on wealthy estates, selecting targets very carefully, usually working within a crime ring. Only high-value items will suffice, and thus specialist burglars may also target businesses and warehouses.

Now you know. So get a home security system.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

What to do in the Aftermath of an Attack

Can you hack cleaning up the mess a hacker makes after infiltrating your computer? Would you even know the first thing to do? And yes, YOU’RE computer CAN be hacked.

2DAfter the attack, locate the portal through which the crumb-bag entered. This could be the e-mail program or browser. This may be easier said than done. Give it a shot.

Next, this portal must be disconnected/uninstalled from the Internet to prevent it from getting into other systems. Look at your Task Manager or Activity Viewer for any suspicious activity. The CPU usage must be checked too. If it goes way up, you’ll have a better chance of detecting fraudulent activity. It helps to know how your computer runs so that you know what’s typical and what’s atypical.

Otherwise head over to Microsoft’s Malicious Software Removal Tool page here: http://www.microsoft.com/security/pc-security/malware-removal.aspx

After severing ties with the hacker or hackers, take inventory of their destruction.

  • Make sure that your anti-malware and antivirus systems are up to date, and enabled. Do a full system scan with both systems.
  • If something looks odd, get rid of it. Malware will continue downloading if there’s a browser extension or plugin. Inspect every downloaded item.
  • Change every password and make it unique and long.
  • Log out of all your accounts after changing the passwords.
  • Clear the cookies, cache and history in your browser.
  • Be on the alert for strange goings-on, and do not open suspicious e-mails, let alone click on links inside them.
  • If things are still acting strange, wipe your hard drive. Reinstall the operating system. But not before you back up all your data.

Preventing an Attack

  • Have a properly configured firewall.
  • As mentioned, never click links inside of e-mails, even if they seem to be from people you know. In fact, delete without opening any e-mails with melodramatic subject lines like “You Won!”
  • Have both anti-malware and antivirus systems, and keep them up to date.
  • Use long, unique passwords.
  • Never let your computer out of sight in public.
  • If, however, your device is stolen, it should have a remote wipe feature.
  • Give your data routine backups.
  • Be very cautious what you click on, since links promising you a spectacular video can actually be a trap to download a virus into your computer.
  • Use Hotspot Shield when you’re on public Wi-Fi to scramble your communications.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Consumers Eager for Connected Technology

Many of us are familiar with the Jetson’s TV cartoon that showed the life of a family in 2026 and how technology is a part of their everyday life. If you’re like me, some of the gadgets that George and his family had are probably things you thought were cool or would be convenient to have, especially the automatic meals that could be selected and then delivered with the push of a button or the flying cars. While we’re not quite at the level of George Jetson, technology advancements are only going to continue.

With that in mind, McAfee commissioned MSI for a study, “Safeguarding the Future of Digital America in 2025,” that looks at how far technology will be in 10 years. And also looking at how all this technology and interconnectedness affects our privacy and security—something George Jetson never had to worry about with Rosie (his robot maid), or while he video chatted.

What is interesting to see from the study is what people believe will be prevalent in 2025 (some of which are Jetson-esque) such as:

  • 60% believe that sooner or later, robots and artificial intelligence will be assisting with their job duties
  • 30% believe they’ll be using fingerprints or biometrics to make purchases
  • 69% foresee accessing work data via voice or facial recognition
  • 59% of people plan to have been to a house that speaks or reads to them.

There’s no reason to doubt all of these advances won’t soon be reality, but there will also be new considerations for consumers to be aware of. The more “connected” you are, the more you’re at risk. But while consumers seem to be embracing these new conveniences, 68% of them are worried about cybersecurity so it’s imperative that all of us know how to protect ourselves today and into the future.

How can you protect yourself?

  • Do your research before purchasing the latest gizmo. Read the manufacturer’s, app’s or site’s security and privacy policy. Make sure you fully understand how the product accesses, uses and protects your personal information and that you’re comfortable with this.
  • Read customer reviews. There’s hardly a product on the market that doesn’t have some kind of rating or customer feedback online. This unsolicited advice can help you determine if this is a device you want to own.
  • Password protect all of your devices. Stop putting this off. Don’t use the default passwords that come with the device or short, easy ones. Make sure they’re unique, long and use a combination of numbers, letters and symbols. Complex passwords can also be a pain to remember, that’s why using a password manager tool, like the one provided by McAfee LiveSafe™ service is a good idea.
  • Don’t have a clicker finger. Be discriminating before you click any links, including those in emails, texts and social media posts. Consider using web protection like McAfee® SiteAdvisor® that protects your from risky links.
  • Be careful when using free Wi-Fi or public hot spots. This connection isn’t secure so make sure you aren’t sending personal information or doing any banking or shopping online when using this type of connection.
  • Protect all your devices and data. McAfee LiveSafe service you can secure your computers, smartphones and tablets, as well as your data and guard yourself from viruses and other online threats.

Make sure you’re not like George calling out to his wife Jane saying “Jane…stop this crazy thing!” as he’s ready to fall off his electronic dog walker that’s gone out of control! Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

MCAI

To join the conversation use the hashtag #FutureTech or follow McAfee on Twitter or like them on Facebook.

To download the infographic, click here or click to read the press release.

10 most dangerous Facebook Scams

Twenty percent of the world’s population is “on” Facebook—that’s well over a billion people.

14DTop 10 Most Popular Facebook Scams

  1. Profile visitor stats. It’s all about vanity. It doesn’t take long for any new Facebook user to see an ad offering to reveal how many people are viewing your profile. You can even find out who’s viewing. It must make a lot of FB users feel validated to know how many people are viewing them and just whom, because this scam comes in at the top.

    Is it really that important to know how many people are viewing your profile? Even if your self-worth depends on this information, Facebook can’t provide it. These ads are scams by hackers.

  2. Rihanna sex tape. What a sorry life someone must be leading to be lured into clicking a link that promises a video of a recording star having sex. Don’t click on any Rihanna sex tape link, because the only intimacy you’ll ultimately witness is a hacker getting into your computer.
  3. Change your profile color. Don’t click on anything that relates to changing your FB profile color. Facebook is blue. Get over it. You’ll never get red, purple, pink, black, grey, white, red, orange or brownish-magenta. Forget it. Deal. If you see this offering in your news feed, ignore it. It’s a scam.
  4. Free Facebook tee shirt. Though this offering seems quite innocuous, anyone who never rushes to click things will realize that this can’t possibly be legitimate. Do you realize how much a billion tee shirts cost? Even if you don’t know that one-fifth the world’s population uses Facebook, you should know that an enormous number of people use it and they aren’t getting a t-shirt.
    1. Where would Facebook get the money to 1) produce all those tee shirts (even if one-tenth of FB users wanted one, that’s still a LOT of money), and 2) mail the shirts out, and 3) pay reams of people to package the shirts and address the packages? People, THINK before you click!
  5. See your top 10 Facebook stalkers. This is just so funny, how can anyone take it seriously and be lured into clicking it?
  6. Free giveaways. It’s cliché time: Nothing’s free in this world—certainly not on Facebook. End of story.
  7. See if a friend has deleted you. This, too, sounds suspicious. And besides, is it really that important if a “friend” has deleted you? Do you even personally know every individual who has ever friended you? This feature does not exist. You’re better off pretending that nobody would ever want to delete you because you’re so special! But actually, there are plug-ins available that perform this function, but still, stay away.
  8. Find out who viewed your profile. Again, here’s a scam that works well on people who have too much time on their hands. This function doesn’t exist on Facebook.
  9. Just changed my Facebook theme and it’s rad! Ignore this at all costs.
  10. Tragedy of the day. Whenever there is something horrific going on such as Mother Nature getting all murderous or some manmade disaster or even a celebrity dying, you can be sure Facebook scammers are on top of the breaking news with a “video” or “photo” that simply isn’t. Just don’t click it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to revive Someone who blacks out

Fainting, or “blacking out,” has numerous causes. Sometimes the person “comes to” quickly (e.g., the cause is prolonged standing in heat), or the person won’t respond (illness), and this kind of cause can be life threatening.

1MSigns someone’s about to faint include frequent yawning, chest tightness, teetering, heart palpitations, nausea, a slow pulse, dizziness, lightheadedness, and sweaty, cool and/or pale skin.

At the onset of these signs, one should lie or sit, then place head between legs to increase blood flow to the brain. This should remedy the problem in many cases. But if someone faints and doesn’t regain consciousness, it could mean a serious condition like heart attack, head injury, diabetic complication or a drug or alcohol overdose. Seek help for them in such cases.

Move the person to a cooler place if you suspect excessive heat. Lay them on their back, with legs elevated 8-12 inches. With a cool moist cloth, wipe their forehead. Loosen clothes and if possible, give them water with a teaspoon of salt, or a sports drink.

Tilt the head back and lift the chin to help air get through. Make sure they’re breathing. If they aren’t, call 9-1-1 and begin CPR. Roll victim on their side if they vomit. Check for injuries if the victim has fallen.

What never to do:

  • Never try to get an unconscious person to swallow fluids.
  • Never leave an unconscious person alone.
  • Don’t splash water on the victim; don’t shake or slap.
  • Don’t put a pillow under their head.
  • Don’t move the victim unless it’s absolutely necessary.

Call 9-1-1 for a fainted person if:

  • There’s no breathing
  • They have diabetes
  • They’re bleeding or injured
  • There’s chest symptoms or a pounding or irregular pulse
  • They’re pregnant
  • They’re 50-plus
  • There are stroke symptoms: slurred speech, numbness, paralysis, one-sided weakness, visual disturbances
  • They haven’t come to after two minutes

In the meantime, make sure the victim’s airway is open, that they’re breathing and have circulation (heartbeat). Check their body for medical information such as a bracelet.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Is private NSA proof E-mail possible?

You can buy encryption tools to prevent people from reading the contents of your e-mails should they intercept them. But what about those who have NSA-caliber resources and skills?

7WThe problem is that encryption services usually leave wide open the e-mail’s metadata: e.g., sender, recipient, subject line and timestamp.

But a new service, ShazzleMail, delivers e-mail straight from sender to recipient without any metadata.

ShazzleMail software is downloaded, then encrypts e-mails, but your device must be switched on so that the recipient could download the e-mail.

If the recipient doesn’t have ShazzleMail, they’ll get a message headline, “Secure Message from Jack Jones,” plus a message text: “Jack Jones has sent you a secure, encrypted e-mail via ShazzleMail. Click to View.” ShazzleMail is free, though there’s an enterprise version for a monthly fee of $5.

Can a hacker defeat ShazzleMail? Well, without any metadata, how can a hacker track the message’s path? There’s no middleman; the messages go straight from sender to recipient. ShazzleMail says, however, that it’s not fool-proof against the NSA if the NSA wants to really go at it. Nevertheless, ShazzleMail puts a lot more barbed wire on that fence.

And then there’s Enlocked, which offers “military-grade e-mail security” for professionals by encrypting e-mails before they’re sent. However, the metadata is visible. This is a big problem if the mere communication between two parties is significant, or the timeline or whom the parties are is very telling.

Another option is Raellic Systems, which has software that lets users select from three levels of privacy.

Hushmail is another contender. They state: Hushmail can protect you against eavesdropping, government surveillance, unauthorized content analysis, identity theft and email forgery. When you are using Hushmail, the connection between your computer and the Hushmail server is protected by encryption. That means that if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to the Hushmail website. This is especially important if you are using your computer on a public or office network, or if you are using a wireless connection that is not encrypted.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.