Mobile Carriers spying on Users

How does my mobile phone know I like tools, electronic gadgets and tarantulas? It keeps showing me ads for these products! Christmas is coming and my kids like bugs, big bugs.

10DHow does it know? It’s called “supercookies”. And they aren’t yummy.

If Verizon is your carrier, that’s why. Verizon uses a “unique identifier token header” for every website the user visits. There are cookies that tag along with the user wherever they go in cyberspace. Advertisers gorge on these cookies because they tell them what products to advertise for each unique person.

You can opt out of Verizon’s program, but this won’t prevent the UIDH (this a Unique Identifier Header) from being stamped on any site you visit and then be visible to a web server.

Even Android’s and iOS’s systems can’t supersede the UIDH system. The UIDH HTTP header is not the same as a typical Internet cookie. This is a lot to digest, it is what it is.

At present, there is no opt-out technology to truly eradicate what some consider spying, and it won’t be around soon, either. And look for AT&T to think possibilities by adopting this UIDH system to track their subscribers’ web journeys.

Though there’s no opt-out-like feature to stop this, there is a way to block it: VPN (virtual private network). Some smartphones have a VPN mode; once activated it will make the user anonymous. I like Hotspot Shield (HSS), which works on Androids and iPhones, easy. And don’t twiddle your thumbs waiting for universal encryption; your toddler will be entering college by then.

If targeted ads (hey, maybe you just love those handbag adverts) don’t phase you, then consider this: Cyber thieves can get ahold of all the sensitive information you have in your phone and learn all sorts of things about you, including any sordid details. Or maybe they just want to steal your identity to drain your bank account. Everyone is being watched by everybody.

Should you worry? That all depends. The Electronic Frontier Foundation is worried. They no likey.

This is where the VPN comes in, especially if you use public Wi-Fi, which is not encrypted. HSS, which is free, will protect your data. There’s also an upgraded version that you pay for; it’s faster. Either version will guard your Internet activities from prying eyes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Tips to Home Security Lighting

“Don’t be afraid of the dark” is a reassurance that burglars never need; they need to hear, “Be afraid of the lights.”

BeOnA house that’s often dark sends a flare to burglars that nobody’s home, or, at least, that nobody will see the burglar doing what he does best.

Most people know of the automatic timing devices that flip lights on when the house is empty. These devices also can turn on TVs, fooling prowlers into thinking someone’s inside. The programming for the times should be changed up, and so should the lighting implements used.

A second tool is the motion detector which flips on a light when it detects movement. A popular kind is the one over the garage that comes on when someone comes up the driveway. And a bright light that goes on at the front door can deter a burglar from trying to get in.

All areas of possible entry should have a light cast upon them at the detection of motion. This includes the windows underneath the deck in the back, window wells to the basement and any side doors. These lights should be out of reach of criminals.

Sometimes, a sociopath awaits in the dark for the homeowner to return home (after casing the place and learning the occupants’ habits). Imagine how easy the criminal’s job will be if no light turns on when the garage door is opened. He could have you around the throat in an instant. But if a bright light goes on as the door opens, this can repel him, or at least enable the occupant to see him and then prepare for defense.

A more advanced option is a sensor that flips on a light but also sounds an alarm at the detection of movement. Some devices can be set at a higher threshold so that cats, raccoons and other critters don’t set them off.

The latest advancement is a system that “figures out” the occupants’ light-use habits. The BeOn system duplicates this when you’re not home, making it seem that you’re inside and doing your usual living. BeOn has a Kickstarter campaign that anyone serious about home security should check out.

Robert Siciliano personal and home security specialist to BeOn Home Security discussing burglar proofing your home on NECN. Disclosures.

Social Media Identity Theft leads to Arrest

Are you one who believes you’re too smart, too savvy, to get your identity stolen in the social media world? Nobody thinks this will happen to them, and Stephanie Francis, 24, was no exception to that way of thinking.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776A report from firstcoastnews.com that the Jacksonville, Florida woman claims her identity was stolen—on social media of all places—and that the thief used it to create a phony Facebook account. This is interesting because there’s probably a ton of Facebook accounts under the name of “Stephanie Francis.” But there’s more to a fake Facebook account than using a name that a lot of other users have.

Francis says she’s being charged with a crime and wants to know how she can protect herself. As just mentioned, there’s more to this than just a duplicate of a common name. Francis explains in the article, “Someone created a Facebook with my name and picture on it and has been stalking my ex-boyfriend.”

This is just too easy to do: Find an online picture of the person, for instance, who bullied you in high school (it could be from an article announcing their promotion at a company, who knows?), then sign up on Facebook using that person’s name and photo for the profile page. How easy is that? And if you do anything illegal like stalk the bully’s ex-wife, the authorities will blame the bully! Social media is a magnet for cybercrime.

Francis has been charged with cyber stalking. She’s contacted Facebook and law enforcement, and the case has now gone to court. How did the imposter learn of her ex-boyfriend? Is this detail of Francis’s life in her social media posts? Maybe the imposter is a coworker and overheard her tell someone about the ex-boyfriend.

This case not only teaches the lesson of be careful what you post online, but also whom you share in person the details of your life—how loudly you talk, and who might be nearby to overhear.

Francis has created a Facebook account under a different name and faces another trip to court to try to resolve the situation.

Perhaps this mess could have been prevented:

  • Create a super strong password that would take a hacker’s machine two million years to crack.
  • Think! Think! Think before you post on social media!
  • Make your FB account as private as possible.
  • Seel out your likeness on social and the moment you discover an imposter, report it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Card Company’s boosting Payment Security with Mobile

Whoever thought that one day, paying with green paper would be viewed as primitive as a horse and buggy? We seem to be getting closer to that time, especially since the security of making payments via smartphone is always being improved.

5WOne way is with fingerprint scanning. Some smartphones already have this biometric feature. But what about credit cards and biometrics? Visa is currently experimenting with biometrics, but nothing yet has been deployed to the public. Nevertheless, a credit card company trying to develop something with biometrics will likely need to get involved in the smartphone arena.

There will always be the consumers who want to stick to the old-fashioned method of using cash, just like there are always those strange people who insist on buying the kind of stamps that you must lick (or wet with tissue paper) rather than the self-stick ones. But hopefully, credit card companies will cater to both kinds of people amking the new technology stupid simple.

If the credit card companies come out with biometrics tied into the mobile device, it will likely be a fingerprint scanner vs. face or voice recognition, but the fingerprint password will be sufficient security after long term testing.

New technology is never carved in stone, but let’s at least get it out there and see how it works. Let’s see how new technology like biometrics in a mobile (like Apple pay) can combat credit card fraud.

In the meantime, card companies and consumers (and banks) must continue to wrestle with the rampant crimes involving credit cards. Recently, MasterCard teamed with Syniverse, a mobile technology company, with the goal of stifling fraudulent use of credit cards.

MasterCard’s approach relies upon the smartphone geolocator. The company’s plan enables the card to be used only if it’s within a certain range of the owner’s smartphone. Though at first, this sounds fool-proof, it has a flaw: What if the thief is within that range? Obviously, if the card is swiped a thousand miles away from the holder’s mobile device, the thief will fail. This new technology hinges upon the thief being outside that range.

A perk of this new technology is that it eliminates the hassle of the holder having to notify the company that they’re traveling so that transactions won’t be declined—because the transaction will occur near the holder’s smartphone—unless a thief makes off with the smartphone and just happens to get out of range.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Chip and PIN, will It save Us?

Many Americans, says a recent survey by Gallup, worry about a data breach connected to the use of their credit cards. Interestingly, many people use a credit card for everything under the sun: even just a soda and bag of chips from the convenience mart. The more you use a credit card, the more likely it will be compromised by cyber thieves.

1CThe magnetic stripe technology for credit cards makes them so “hackable.” One way to help prevent credit card crimes is to implement a chip-and-PIN technology. It’s been touted as a sure way to keep crime at bay. But is it what it’s cracked up to be? After all, how could the thief, holding your credit card, know your PIN?

The magnetic stripe contains account information. This can easily be copied with a thief’s tools such as a skimming device. A chip card uses a microprocessor that’s embedded. This makes the account information non-accessible to a hacker during any point of a sales transaction.

There are additional features to chip technology that tie into keeping fraud away:

  • Every time the card is used is recorded.
  • A cryptogram lets banks view the data flow.

Chip technology will be coming out in 2015 for the States, and experts are very confident that this transition will choke a lot of life out of card fraudsters. The transition will cost around $8 billion—if done correctly. And this “roll-out phase” won’t happen overnight, either.

There has been credit card fraud involving chip technology. Here’s how it happened: The crooks stole account information from magnetic stripes via skimming. The transactions were then done EMV style, then the criminals picked up traffic from an authentic EMV chip transaction. Next, the thieves put the information they’d skimmed into the transaction, and pulled off their crime.

In short, chip-and-pin technology is not without the element of human error; EMV can still be implemented poorly. As for that human error, this happened not too long ago with Canadian banks. They were struck with a big financial loss because the counter data and cryptograms were not being checked efficiently.

We can have a really great thing here—if it’s implemented in a smart way. What good is an advancement in technology if it’s carelessly employed?

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What to Do if Accosted on Street and Dragged by a Man

The video of Carlesha Freeland-Gaither, 22, being grabbed on a street corner and forced along a sidewalk to her assailant’s car gripped the nation, bringing more attention than ever to how easy it seems for an unarmed man to abduct a woman.

1SDThere are things a woman can do to help prevent such a situation, as well as break free and bolt to safety before the assailant can get her into his car.

  • Sometimes, the abduction seemingly occurs in a microsecond when caught on video. But prior to what we see, there’s been an exchange of communication. Body language accounts for 55 percent of communication: gait, posture, eye contact, facial expression.
  • Thirty-five percent of communication is vocal. Yelling and screaming like an insane angry person is a lot more offensice than cryting and begging like a week person. Many self-defense programs for women instruct them that one of the first things they should do is let out a primal vocal directive to the suspicious man following them, such as “GET LOST!, STOP, NO or even yell PROFANITIES.
    While walking alone at night (or even during the day), be alert to way beyond your personal space, extending your alertness at least one block out in all directions.
  • Never walk close to vans.
  • Have a weapon in your hand at all times. This can be pepper spray (yes, it works) or a huge mock metal key that’s part of your key ring.
  • Using the typical smaller keys to your car or house may not work; they can break.
  • Carry loose single-dollar bills in a decoy pocket. If someone demands your money, pull it out and toss it, then run while the mugger is distracted by the money.
  • If a mugger wants your purse or wallet, toss it, then run. Don’t hand it to them because they could then grab your arm.
  • Be tactical if the assailant grabs you. Though this may seem like an unrealistic way to handle an assault, it’s your only chance unless you’re a lot physically stronger, and even then, a much stronger victim needs to be tactical.
  • Gouge the attacker’s eyes out. This really works. Rather than try to out-muscle him or break away from his strong hold, go for his eyes. The eyes of a 220 pound thug are just as fragile as the eyes of an infant. If this is not possible, then become dead weight.
  • As long as you’re on your feet and those feet are moving, the assailant can transport your body to his vehicle! If you weigh 130 pounds, even 105 pounds, and become willfully paralyzed, your assailant will be forced to carry all of this weight. Drop it to the ground and don’t move. Unless your assailant regularly performs powerlifting exercises at the gym with heavy weights, he’s going to have one helluva time picking you up from the ground.
  • Though it’s not all that difficult for a fit young man to scoop a 120 pound woman into his arms while she is standing, the biomechanics drastically change if the lift begins from the ground!
  • If you’re lying flat, he must either lift up all your weight from a squatted position, or, he must do it with straighter legs but a very bent-over back. This will be impossible for the average man—especially if the victim is heavy-set. Should he decide to just drag your dead weight along the ground to his car, at least this will buy you time in that it gives passers-by more time to see the abduction in progress and call 9-1-1 or directly intervene.
  • If the assailant manages to get you to his car…then it’s time to fight. Grab his groin and squeeze. It’s right there. If he has a cup (he probably won’t), then go for the eyes. Women have been known to escape their attackers. They just don’t make the news very much.
  • Learn self-defense and fighting skills. Never underestimate what a well-trained woman can do to the average or even not-so-average man.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

What is Pharming?

I was surfing on YouTube the other day and found this hilarious video mash-up of Taylor Swift’s song “Shake It Off” and an 80s aerobics video. For a lot of kids today, mash-ups are all the rage—whether it’s combining two videos, two songs, or two words.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Mash-ups have even caught on in the tech world. The word pharming is actually a mash-up of the words phishing and farming. Phishing is when a hacker uses an email, text, or social media post asking for your personal and financial information. On the other hand, pharming doesn’t require a lure. Instead of fishing for users, the hacker just sets up a fake website, similar to farming a little plot of land, and users willingly and unknowingly come to them and give them information.

How does it work? Most hackers use a method called DNS cache poisoning. A DNS, or domain name system, is an Internet naming service that translates meaningful website names you enter in (like twitter.com) into strings of numbers for your computer to read (like 173.58.9.14). The computer then takes you to the website you want to go to. In a pharming attack, the hacker poisons the DNS cache by changing the string of numbers for different websites to ones for the hacker’s fake website(s). This means that even if you type in the correct web address, you will be redirected to the fake website.

Now, you go to the site and thinking that it is a legitimate site, you enter your credit card information, or passwords. Now, the hacker has that information and you are at risk for identity theft and financial loss.

To prevent yourself from a pharming attack, make sure you:

  • Install a firewall. Hackers send pings to thousands of computers, and then wait for responses. A firewall won’t let your computer answer a ping. The firewalls of some operating systems are “off” as a default, so make sure your firewall is turned on and updated regularly.
  • Protect against spyware. Spyware is malware that’s installed on your device without your knowledge with the intent of eavesdropping on your online activity. Spyware can be downloaded with “free” programs so be leery of downloading free software and don’t click links in popup ads or in suspicious e-mails.
  • Use comprehensive security software. McAfee LiveSafe™ service includes a firewall and scans your computer for spyware. It also protects all your smartphones and tablets as well. And make sure to keep your security software updated.

For more tips on protecting your digital life, like Intel Security on Facebook or follow@IntelSec_Home on Twitter!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Tips to prepare for Power Outage

Don’t wait to be in the dark to find out you’re in the dark. Are you equipped for a power outage? A power outage can even occur in perfect weather, thanks to a construction team “hitting a wire.”

BeOnBatteries. Don’t have these scattered haphazardly in some drawer. Battery holders are sold that you can hang and place batteries in “pockets” for tip-top organization.

Communication.

  • Have the power company’s phone number somewhere that it won’t get lost so that you can find out the estimated time of power recovery.
  • Even in this age of smartphones, you should always have a landline phone, because a power outage can cripple cell phone towers. Yes, the primitive phone system can save the day.
  • Know how to use your car’s battery to charge your cell phone, just in case your landline doesn’t work.
  • Have a self-powered radio on hand, but you’ll have batteries on hand so that you won’t need one, right?

Lights. Designate an easily-accessible compartment in your house to store light-yielding devices including headlamps and flashlights. This compartment should be labeled with glow-in-the-dark stickers for easy finding.

Candles. Forget candles; they can start fires. Keep glow sticks on hand, too, but in the freezer so that they last longer when it’s time to use them.

Sustenance. Designate a section in your pantry for emergency food—items that are to be used only in the event of an outage. Bagged and canned items can last seemingly forever. And don’t forget a can opener—one you use by hand, of course. Also keep plenty of bottled water in this section.

Like the good life? If during a power outage you don’t think you’d take to living on a limited diet very well, then have on hand a gas camping stove, but chances are, you’re not going to be too picky about the menu when there’s no power.

Got kids? A power outage could throw them for a loop, so have a plan ready to keep them calm and collected. This can be any number of board games in stock, or more creative ways to pass the time like seeing how many braids you can put in your daughter’s hair by LED light.

First aid kit. Keep this in an easy-to-find location and know exactly what’s in it.

Robert Siciliano personal and home security specialist to discussing burglar proofing your home on NECN. Disclosures.

21 Tips for Holiday Home Security

People complain about all the stress that comes with the holiday season: the in-laws, the expense of buying gifts, figuring out what to buy, travel, reunions with people they don’t like…

5HBut trust me on this: You’ll take you’re ever-criticizing in-laws and bratty nephew any day over a burglar who turns your holiday plans into a nightmare. So here’s how to protect your home:

  • First, make your home looked occupied at all times, even overnight. Ideally, a timed light in the kitchen could make burglars think someone’s up for a late night Christmas cookie binge. When you’re away, use timed lighting devices.
  • If you’re traveling, arrange for a vacation hold for newspaper and mail deliveries.
  • Keep all doors and windows locked at all times, even if you’re in and out. This includes the garage door.
  • Protect windows with special film that prevents penetration by an intruder.
  • Beef up your doors security. Think “door reinforcement technology” Think “Door Devil”. Your door jamb, where your lock bolts is made of ½ inch to ¾ inch flimsy pine. A 10 year old can kick in your door. But not if it’s beefed up with reinforcement. I’ve donethis to ALL my doors.
  • Figure out which drapes and blinds you don’t need open, and then keep them closed at all times.
  • Plant thorny shrubs close to windows.
  • Put your home security system’s sign on the front lawn, and one in the back, and its stickers on your windows.
  • You DO have a home security system, right? If not, get one. The security systems of today are not like the ones of times past that required hours of installation involving tearing out the walls to put in the wires.
  • If you can’t afford one, then at least put up the sign and stickers, which you can find somewhere if you look hard enough, perhaps some extra ones from friends who have systems.
  • And about your doors and windows: Have you checked the locks? Make sure they’re top-of-the-line.
  • If there are no men in the house, ask a male friend if he has any workboots he’d like to get rid of; put them outside your door, but make sure this doesn’t look staged.
  • Also put out an old-looking tool box and a strewn pair of men’s work gloves near the front door or on your patio.
  • Use your garage for cover: Do all loading of luggage inside with the door closed.
  • Before traveling, arrange with someone to shovel your driveway to make it look like someone’s home.
  • It’s amazing how many people blurt on their Facebook page their travel plans. Did you know that some burglars will spend hours perusing Facebook to see whose home will be empty, and then will get the exact location using the GPS tags on family photos? A photo of your dog can lead a burglar straight to your front door.
  • Make sure nobody from outside can peer in and see the gifts under your tree. When you read about a robbery of all the presents under a tree, you can bet that the pile was easily visible through a window.
  • Never create voice mail messages that imply that you’re not inside the house.
  • Arrange for someone to leave their car parked in your drive while you’re traveling.
  • If your car is always parked outside, make the interior gender-neutral so that a sociopath doesn’t think that no man possibly lives there.
  • The least likely place a burglar will check a house for valuables is a child’s bedroom. Hide your jewels inside your preschooler’s socks, or really, get a safe!

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

7 Things You Can Do To Protect Your Identity

One of my favorite commercials is a guy working out with his personal trainer. The trainer asks him if he’s been eating his vegetables every day. When he replies, “When I can,” the trainer bops him on the head. He could have had a V8!

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Just like the man thought that eating his daily vegetables would be hard, sometimes protecting your identity seems like a chore. But it doesn’t have to be that way. Here are 7 “duh” steps you can take to protect your identity this holiday season and all year round.

  1. Inspect credit card statements. Make a habit of regularly looking through your credit card statements for strange looking activity. If you notice just one unauthorized charge, assume that someone out there will strike again, and again and again—unless you take immediate action and contact your credit card company.
  2. Shred documents with personal information. Thieves will rummage through your garbage and recycling searching for intact documents that show Social Security numbers, credit cards and bank account information, etc. The next best thing to a cross-cut shredder is scissors. Shear up anything that could be revealing, including credit card purchase receipts.
  3. Review your credit reports. At least once a year, review your credit reports from the three major bureaus. This way you’ll be able to spot any suspicious actions, such as a thief opening a credit card account in your name.
  4. Credit freeze. If you’ve been a victim of identity theft, you might want to consider putting a freeze on your credit.While this will prevent you from getting loans or credit cards until you unfreeze it, this will also block criminals from opening accounts in your name and smearing your credit.
  5. Limit accessibility. In addition to using a shredder or scissors, consider getting a safe where you can store sensitive documents and limit the number of credit cards you carry with you. Have a list of important phone numbers (e.g., bank, credit card companies) already made up, in the event that you need to contact them immediately upon realizing you have lost or someone has stolen your identity or your physical credit cards, wallet, etc. 
  6. Password protection. If your device is lost or stolen, will someone be able to simply pick it up and access all your data? They won’t if it is password protected. Don’t use your cat’s name as your password; rather create a complicated password with upper and lower-case letters and numbers.
  7. Use comprehensive security software. It is essential that all your digital devices have updated security software, like McAfee LiveSafe™ service that can safeguard your data and protect against identity theft.

For more tips on protecting your identity, check out the Intel Security Facebook page or follow them on Twitter.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.