Malware and Phishing Warnings in Chrome Browser to be changed by Google

/in /by

Google normally displays a malware and phishing warning in the Chrome browser. There are plans, though, to alter the display. Currently it’s a white warning against a red background. The new display will be an entirely red page, with a big X at the display’s top. These warnings tell the user that the site they’re about to visit may try to install malware or con you into giving up personal information.

13DThe new warning, like the current one, gives users the option to skip it and go to the website, but they must first acknowledge what they’re about to do.

Though a date for the changes hasn’t been set, they can be viewed on the Dev and Canary builds of Chrome.

The changes are designed to better indicate to users that an attack might happen, rather than make them think that one already has happened. After all, a malware warning should not scare you away, but instead, inform. Nevertheless, many malware warnings get ignored anyways.

A study showed that people were twice as likely to bypass a warning if the website was already part of their browsing history. This indicates that users are not so likely to believe that a previously visited, and especially popular, site could be threatening.

The study recommends that warnings should be formulated to let people know that even “high-reputation websites” can be malicious, poised to download a virus or deceive you into giving out your Social Security number.

The malware and phishing warnings on Chrome will perhaps always be in a state of further development.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Know your Options for Self-Defense

/in /by

Most people don’t give good hard thinking to their capabilities in a physical assault situation. You need not be built like an MMA fighter to know effective self-defense.

1SDAn ounce of prevention is worth a pound of safety.

Attackers look for unsuspecting targets. Walk and park only in well-lit areas. Never park right beside a van. In the parking lot, always keep your biggest key poking out between two fingers; it makes a great weapon.

If a thug demands your wallet or purse, hand it over. Your life isn’t worth that designer handbag. But what if it’s a situation where you must fight for your life?

The second he touches you or you can’t get away, holler in your most primal, pissed-off voice, “Get the F— Out of Here!” Sound like thug, not a lady. Push at the offender. The vocal noise alerts nearby people, and it, and the shoving, tell the offender you’re not easy game.

You have only a few seconds to scare off the attacker. You must inflict pain on the attacker, or be hurt by him or her. So go for the eyes, ears, nose, neck, knee, leg and of course, groin.

Strike a vulnerable body part from where you’re at, rather than moving in closer; kick a knee rather then stepping in to pull the ears. Upper body strikes are done with the hand: its outer edge, a palm, a knuckle hit or a tightly clenched fist. Don’t think for a single second that scratching the attacker’s cheeks will scare him off, use those fingers to poke an eye.

Eyes

  • Poke, gouge, stab or dig long nails into. Ever got accidentally hit in the eye? It’s disabling for several moments. Imagine what full-out, angry poking or gouging would do.

Nose

  • Drive a palm upward into their nose. Put all your body weight into it.
  • Do the same with your elbow if the attacker is behind you; go for the nasal bones.

Neck

  • Aim for the sides, where major blood vessels are. A knife-hand (outside ridge) at the side of the neck will stun him long enough to let you escape. An elbow strike, with body weight behind it, to the neck can knock him out cold.

Knee

  • Even the biggest guy can be brought tumbling down with a strong kick to the knee. Drive your foot into the side of the knee, which is more vulnerable as far as losing balance.

Groin

  • Hit it with your hand open or closed. Use your knew or elbow. Kick it with your feet or even your head. Just hit it hard and often.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Identity proofing proves who You are

/in /by

Identity proofing is proof of whom you are. Proving one’s identity starts with that person answering questions that only they themselves can answer (even if the answers are fictitious), such as their favorite movie, mother’s maiden name or name of their high school. Since most people provide real answers (that can be found online) rather than “Pointy Ear Vulcan Science Academy” as the name of their high school, this technique is on its way to the dogs.

8DMichael Chertoff, the former chief of the Department of Homeland Security, stated, “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

New Jersey suffered one of the biggest unemployment frauds, and to date, has identified over 300,000 people who attempted to fraudulently collect benefits via ID theft, among other improper schemes but also honest errors. However, New Jersey is turning things around.

It’s the only state that’s used identity proofing to fight unemployment benefit fraud, which mandates that job applicants verify a number of personal details through a quiz on New Jersey’s labor department’s website.

The use of billions of public records, collected by LexisNexis, verifies the details, to filter out imposters seeking unemployment benefits. The idea is for honest people to provide answers to questions: information that crooks can’t extract from googling.

This approach has rewarded New Jersey well, with nearly 650 cases of potential ID theft prevented. The state has also saved $65 million since May 2012 after blocking foreign IP addresses from gaining access to its unemployment system. Other states are following suit.

Improper payments (including for jobless benefits) have been occurring for years. Over $176 million in grants, to stop this problem, was issued by Washington in 2013 to 40 states. The errors in unemployment benefits payments on a national level have been about 10 percent for the past 10 years.

Businesses and government frequently must take the brunt of the fraud and waste despite an unemployment insurance system in place.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

6 Ways to Secure Your Email Account

/in /by

On August 30th, 1982, a copyright for a Computer Program for Electronic Mail System was issued to Shiva Ayvadurai. Thus, email was born. 32 years later, email has become an essential part of our lives. Emails are a must-have item,
allowing us to connect and share information with friends, teachers, and co-workers.

emailTo celebrate email’s birthday, here are 6 ways to secure your email account.

  1. Think twice before opening unfamiliar emails. Do you open your front door to just anyone? Of course not. Don’t open strange emails or any email that you’re not completely confident in.
  2. Be cautious about email links and attachments. Hackers use links and attachments to download nasty malware onto your computer. If an email seems suspicious, don’t click or download anything.
  3. Use 2-step verification. Email services like Gmail allow you to enable two-step verification because it adds more security to your account. After you enter a password and username, you enter a code sent by the email service to your phone when you sign in.
  4. Beware of public computers. Never use a public computer to log into your email accounts, not even your cousin’s or best friend’s computer—you don’t know if they’ve been infected.
  5. Use strong, unique passwords. If your password is “password”, you might want to change it to something more unique. I recommend a password with 8 or more characters with a mix of upper-case letters, lower-case letters, and numbers.
  6. Use comprehensive security software. McAfee LiveSafe™ service can make protecting your email even easier with a strong firewall to block hackers, viruses, and worms and a password manager to help you remember all of your logins.

Happy Birthday email!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

6 Ways to Protect your Internet of Things from Hackers

/in /by

Everything seems like it is connected to the Internet, just about, including TVs, home thermostats, sprinkler controls, door locks, egg trays (yes, there’s an app for that), tooth brushes (cray cray), and more.

11DA study by HP shows that 70 percent of devices have vulnerabilities. Researchers have revealed that most of the devices in their study, plus the devices’ mobile and cloud applications, had a welcome mat for hackers.

Most of these devices had weak passwords (like qwerty) or weakly protected credentials (unencrypted): beacons for hackers. Seventy percent of the devices lacked encryption. Sixty percent had insecure software updates.

The Open Web Application Security Project notes that vulnerabilities include poor physical security of devices. Gartner, an industry analysis firm, predicts that over 26 billion items, by 2020, will be connected to the Internet. And this includes all sorts of stuff in your home.

All these “smart” devices are a little too dumb and need even smarter protection. The more connected you and all the things in your home are, the more vulnerable you truly are.

Just think of how much of your personal information gets all over cyberspace when you’re so connected, including where your person is at any moment and medical details. Its these “peripheral” devices that connect to your wired or wireless network that in some way connect to your desktop, laptop, tablet or smartphone that criminals are after. Once they hack, say your thermostat, that may give them a backdoor to your data.

Device makers are not bound by any policies to regulate safety/security, making the instruments highly prone to cyber criminals. Worse, most people don’t know how to spot attacks or reverse the damage.

So how do you create a “smarthome”?

  1. First, do your homework. Before you purchase that smarthome device, take a good hard look at the company’s security policy. How easy can this device be updated? Don’t make the purchase if you have any doubts. Take the time to contact the manufacturer and get your questions answered. Know exactly what you’re about to sink your teeth into.
  2. Your device, new or old, should be protected with a password. Don’t keep saying, “I’ll get around to it.” Get it done now. If you’ve had a password already, maybe it’s time to change it; update them from time to time and use two-step verification whenever available. If you recently created a new password for security purposes, change it if it’s not long, strong and unique. A brand new password of 0987poi is weak (sequential keyboard characters). Criminals are aware of these kinds of passwords in whats called a “dictionary attack” of known passwords.
  3. Make sure that your software/firmware is updated on a regular basis. If you see an update offered, run it, rather than getting annoyed by it and clicking “later” or cancelling it. The updated version may contain patches to seal up recently detected security threats.
  4. Cautiously browse the Internet. Don’t be click-happy. Make sure whenever using a wireless connection, especially those that are free public WiFi use Hotspot Shield to encrypt your data in transit.
  5. Don’t feel you must click on every offer or ad that comes your way, or on links just because they’re inside e-mails. Don’t click on offers that seem too good to be true.
  6. Your mobile devices should be protected. This doesn’t just mean your smartphone, but the smart gadgets that your smartphone or tablets control, like that egg tray that can alert you when you’re running low on eggs.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How hackable is my Home Security System?

/in /by

In a few words, there are some issues. But, really, don’t worry about it. But be aware of whats going on. So are your home’s Internet-connected smart gadgets smart enough to ward off hackers? A research team found that they’re pretty dumb in this area.

4DA house was filled with smart gadgets in an experiment to see if researchers could hack into their security systems.

Baby monitors and Wi-Fi cameras bombed. One camera even granted access after the default login and password were entered. These gadgets use web server software to post online images, and that’s where the loophole exists—in over five million gadgets already online.

The researchers were able to take control of other gadgets as well. There’s a widely used networking system by the gadgets, called UPnP. This allowed the researchers to gain control. The gadgets use UPnP to reach servers that are out on the wider network, and this can expose them to hackers. When a password is built-in and can’t be changed, this makes the situation even worse.

A rather unnerving part of the experiment involved a microphone on a smart TV. The team was able to bug a living room through this. So if you’re sitting there with no shirt on enjoying a movie on that smart TV…someone could be sitting a thousand miles away—or down the street—enjoying watching YOU.

With the way cyber crime is evolving, the risks of having smart gadgets will likely grow bigger and bigger.

The prognosis from the research: Looks like smart gadgets will be easy prey for cyber predators in the near future. Manufacturers need to improve their ability to secure their products. And there’s no simple method for updating the flimsy firmware on the smart gadgets in the first place.

And would it be cost-effective to improve products? One researcher says yes for many products. Would “hardening” the products compromise their usability? For the most part, no. A balance can be struck. But right now, compromised usability is the least of the problems out there. There’s actually a lot of room to fix the flaws without hampering the user’s experience.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Use Door Reinforcement to beef up your Home Security

/in /by

Though there’s no such thing as a 100 percent burglar-proof home, there’s also no such thing as a burglar who has the skills of Mission Impossible’s Ethan Hunt, Spiderman or the Hulk, either. With enough security measures, you can almost make your home burglar-proof.

When homeowners think of security, often only a limited range of devices comes into mind. For example, how many people even know that shatter proof glass exists? How many people would think to install fake (but real looking) surveillance cameras at all entry points where anyone can easily see them?

Have you ever even wondered just how much you can do with your front door to deter a break-in? First off, doors can be kicked in (three-quarter inch pine), even if they have a good lock (one-half inch screws and a stock strike plate). So when you see Detective Olivia Benson on “Law & Order: SVU” kicking down doors, that’s not unrealistic.

Door Reinforcement Devices

  • Door knob/deadbolt wrap. Installed on the door, these strengthen the area around the locks.
  • Door brace. These can be vertical or floor mounted, making it harder to kick down a door.
  • Door bar jammer. This bar device snuggly fits under a doorknob and is angled 45 degrees to the floor.
  • Strike plate. The thicker version is about three or four inches long.
  • Door frame reinforcement. Typically made of steel, this device can be up to four feet long and is installed on the door jamb center, over the existing strike plates. Braces come in different styles.

Kicking down a door—a common scene in cops-and-robbers TV shows and movies, is actually the No. 1 way criminals get into locked houses. They know where to kick; a door has a weak area and the frame can easily be kicked down.

A standard door security consists of two to four little screws that go through one or two small strike plates, that are attached to a thin door frame that consists of 1/2” to 3/4” pine with a ½” thick molding. A 6 year old can karate chop ½” pine. No wonder it’s so easy to blow apart the frame with a foot.

That’s where The Door Devil Anti Kick Door Jamb Security Kit comes in. It’s a one-sixteenth inch heavy steel, four feet long bar, installed on the door jamb center—over the existing strike plates. It makes all that thin wood obsolete because it screws directly into the doors frame.

The Kit includes:

  • 48 inch steel door jamb reinforcement to replace the three-inch brass strike plate
  • Four feet of the door frame absorbs force.
  • The 3.5 inch screws are heavy and three and a half inches, driven into 2×4 studs behind the frame.
  • The three inch screws reinforce the hinges.

Once this system is installed, you’re done. The only additional work is when you lock and unlock the door.

Door reinforcement is just one layer of security that should be complemented with other forms of security like surveillance cameras, motion detection lights and a home security system.

Most burglars aren’t MMA fighters. If the first few kicks fail to rattle a door, they will give up and move on to the next target.

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

Hotel PCs serve up Infections

/in /by

You can legally purchase spyware and install it on your computer, but it’s against the law to do so on someone else’s device. Spyware records e-mails, chats, browser history, passwords, usernames, etc.

4DYou’d buy it for your computer if you wanted to know what your tween was up to on it or how much your employees are goofing off.

This same kind of software can infect your computer after you click on a link in a strange e-mail or visit a malicious website that downloads a virus. Spyware can also be in the form of a flash drive-like tool that a snoop or crook could connect to someone’s PC and obtain private information.

Not surprisingly, this technology has made it possible to infect PCs at hotels. In Dallas recently, computers were infected at several major hotels. The crooks used hotel computers to access Gmail accounts, then downloaded and installed the flash drive-like tool to track keystrokes of unsuspecting innocent guest users as they typed in passwords and usernames to access their bank and other online services.

This is why you should use a public computer only for website browsing for the latest news or entertainment. Even if the PC is within visual range of hotel staff, a crook could still easily connect a keylogger. This is just too easy to do once the criminal sits down at a computer.

If you absolutely must print something out from your e-mail account, at least use a throwaway e-mail address like 10minutemail.com or yopmail.com. Use your smartphone to forward e-mails to the throwaway address. Next, access the temporary address from the hotel PC.

Lock down BIOS settings, then secure them with a solid password. This way, people can’t boot up a computer with a flash drive or CD. But not all operating systems support these protective measures. Your best bet, again, is to use hotel PCs only for entertainment or checking on the weather.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Beginners Guide to using TOR

/in /by

Want to be invisible online? Get to know Tor.

TORTor will make you cyber-anonymous, concealing your cyber footprints, ID, browsing history and physical location. It even makes the sites you visit anonymous. Now, all that being said, there seems to be a concerted effort by certain US government agencies and others to crack Tor, but that hasn’t been completely accomplished…yet.

More on Tor

Realize, that Tor can’t provide 100 percent security. On paper, the Tor network is secure. But the typical Joe or Jane may unintentionally exit Tor using an “exit node,” and end up getting on a website or server that’s in the “open web.” If the visited site is not encrypted, Joe or Jane’s communications can be hijacked.

Tor is actually easy to set up. You can download packages for your operating system: Mac, Windows or GNU/Linux, and this includes the Tor Browser. The Covert Browser supports Tor for iOS and Android.

You may find, however, that your device may fight against installing Tor; the device thinks it’s malevolent and won’t accept the download. Keep trying. Have faith in the Tor code and download it.

The Tor experience is quite leisurely, slowing down what you can do in a given amount of time. It’s not going to get faster, either, as more and more people decide to use Tor. It’s slow because it directs traffic through multiple, random relay nodes prior to arriving at the destination node. So realize that you’ll be dealing with more of a turtle than a hare.

Tor blocks applications, too. If you want total anonymity, you should use the Tor software with the Tor Browser. But plugins will be blocked by the Tor Browser—because plugins can be used to see your IP address. This is why the Tor Project suggests not installing plugins. This means giving up YouTube and other sites while using Tor.

Be warned, Tor can get you undesired attention because the government is more suspicious of Tor users. This doesn’t mean the government will knock down your doors if you’re using Tor. It just means that Tor users may get the attention of the government more than typical Internet users.

As previously stated there’s evidence that government agencies, including the NSA, are trying to dismantle the Tor network, even though it delivers strong privacy protection to average Internet users.

If you want this level of anonymity, you’re going to have to get used to the fact that using Tor will change your online experiences (can you get by without YouTube?). The Tor Project says: “You need to change some of your habits, as some things won’t work exactly as you are used to.”

No matter whether on Tor or the open web, make sure if you are on free public WiFi that you are using Hotspot Shield to encrypt any wireless data.

Give Tor a try if privacy and anonymity are important enough for you to give up some of the features that make your online activities enjoyable, convenient and/or productive timewise.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Are All Hackers Bad?

/in /by

The word hacker has a pretty negative connotation. It brings to mind other words like cybercriminal, thief, and malicious. It’s easy to see why hacker has a bad rep. The news is full of stories about hackers stealing data from large companies and the government. Hackers are the bad guys.

But are they?11D

Tesla just recently announced they are hiring hackers to find and fix security holes in the Model S car. Google started a league of hackers called “Project Zero” to track down security flaws in their software. Companies like Facebook and others sponsor hack-a-thons, where anyone is invited to try and crack their systems, all the time. Why would these companies want to hire or incentivize hackers?

The truth is not all hackers are the same. Here are the different kinds of hackers:

  • White hat hackers: Also known as “ethical hackers,” these hackers use their skills to make the Internet a safer place. Some white hat hackers do this for fun and then report the information to companies or sites they have broken into so the companies and sites can be fixed. It is these white hat hackers that Tesla is hiring they can find any security holes in their Internet-enabled cars before the bad hackers find and exploit them.
  • Gray hat hackers: These are the guys in the middle. They sometimes act legally, sometimes not. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits. An example of gray hat hackers is hacktivists—who hack to bring attention to a political agenda or social cause. Anonymous, a predominant hacktivist group, recently took down multiple Israeli websites in protest of the Gaza crisis.
  • Black hat hackers: These are the bad guys that give the word hacker its negative connotation. These hackers are committing crimes…and they know it. They are looking to exploit companies or you and your devices for their financial gain.

So the next time you hear the word hacker, don’t automatically assume it’s a bad thing. Hacking can used for good and evil, it all depends on the hacker’s intent.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.