Identity proofing proves who You are

/in /by

Identity proofing is proof of whom you are. Proving one’s identity starts with that person answering questions that only they themselves can answer (even if the answers are fictitious), such as their favorite movie, mother’s maiden name or name of their high school. Since most people provide real answers (that can be found online) rather than “Pointy Ear Vulcan Science Academy” as the name of their high school, this technique is on its way to the dogs.

8DMichael Chertoff, the former chief of the Department of Homeland Security, stated, “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

New Jersey suffered one of the biggest unemployment frauds, and to date, has identified over 300,000 people who attempted to fraudulently collect benefits via ID theft, among other improper schemes but also honest errors. However, New Jersey is turning things around.

It’s the only state that’s used identity proofing to fight unemployment benefit fraud, which mandates that job applicants verify a number of personal details through a quiz on New Jersey’s labor department’s website.

The use of billions of public records, collected by LexisNexis, verifies the details, to filter out imposters seeking unemployment benefits. The idea is for honest people to provide answers to questions: information that crooks can’t extract from googling.

This approach has rewarded New Jersey well, with nearly 650 cases of potential ID theft prevented. The state has also saved $65 million since May 2012 after blocking foreign IP addresses from gaining access to its unemployment system. Other states are following suit.

Improper payments (including for jobless benefits) have been occurring for years. Over $176 million in grants, to stop this problem, was issued by Washington in 2013 to 40 states. The errors in unemployment benefits payments on a national level have been about 10 percent for the past 10 years.

Businesses and government frequently must take the brunt of the fraud and waste despite an unemployment insurance system in place.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

6 Ways to Secure Your Email Account

/in /by

On August 30th, 1982, a copyright for a Computer Program for Electronic Mail System was issued to Shiva Ayvadurai. Thus, email was born. 32 years later, email has become an essential part of our lives. Emails are a must-have item,
allowing us to connect and share information with friends, teachers, and co-workers.

emailTo celebrate email’s birthday, here are 6 ways to secure your email account.

  1. Think twice before opening unfamiliar emails. Do you open your front door to just anyone? Of course not. Don’t open strange emails or any email that you’re not completely confident in.
  2. Be cautious about email links and attachments. Hackers use links and attachments to download nasty malware onto your computer. If an email seems suspicious, don’t click or download anything.
  3. Use 2-step verification. Email services like Gmail allow you to enable two-step verification because it adds more security to your account. After you enter a password and username, you enter a code sent by the email service to your phone when you sign in.
  4. Beware of public computers. Never use a public computer to log into your email accounts, not even your cousin’s or best friend’s computer—you don’t know if they’ve been infected.
  5. Use strong, unique passwords. If your password is “password”, you might want to change it to something more unique. I recommend a password with 8 or more characters with a mix of upper-case letters, lower-case letters, and numbers.
  6. Use comprehensive security software. McAfee LiveSafe™ service can make protecting your email even easier with a strong firewall to block hackers, viruses, and worms and a password manager to help you remember all of your logins.

Happy Birthday email!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

6 Ways to Protect your Internet of Things from Hackers

/in /by

Everything seems like it is connected to the Internet, just about, including TVs, home thermostats, sprinkler controls, door locks, egg trays (yes, there’s an app for that), tooth brushes (cray cray), and more.

11DA study by HP shows that 70 percent of devices have vulnerabilities. Researchers have revealed that most of the devices in their study, plus the devices’ mobile and cloud applications, had a welcome mat for hackers.

Most of these devices had weak passwords (like qwerty) or weakly protected credentials (unencrypted): beacons for hackers. Seventy percent of the devices lacked encryption. Sixty percent had insecure software updates.

The Open Web Application Security Project notes that vulnerabilities include poor physical security of devices. Gartner, an industry analysis firm, predicts that over 26 billion items, by 2020, will be connected to the Internet. And this includes all sorts of stuff in your home.

All these “smart” devices are a little too dumb and need even smarter protection. The more connected you and all the things in your home are, the more vulnerable you truly are.

Just think of how much of your personal information gets all over cyberspace when you’re so connected, including where your person is at any moment and medical details. Its these “peripheral” devices that connect to your wired or wireless network that in some way connect to your desktop, laptop, tablet or smartphone that criminals are after. Once they hack, say your thermostat, that may give them a backdoor to your data.

Device makers are not bound by any policies to regulate safety/security, making the instruments highly prone to cyber criminals. Worse, most people don’t know how to spot attacks or reverse the damage.

So how do you create a “smarthome”?

  1. First, do your homework. Before you purchase that smarthome device, take a good hard look at the company’s security policy. How easy can this device be updated? Don’t make the purchase if you have any doubts. Take the time to contact the manufacturer and get your questions answered. Know exactly what you’re about to sink your teeth into.
  2. Your device, new or old, should be protected with a password. Don’t keep saying, “I’ll get around to it.” Get it done now. If you’ve had a password already, maybe it’s time to change it; update them from time to time and use two-step verification whenever available. If you recently created a new password for security purposes, change it if it’s not long, strong and unique. A brand new password of 0987poi is weak (sequential keyboard characters). Criminals are aware of these kinds of passwords in whats called a “dictionary attack” of known passwords.
  3. Make sure that your software/firmware is updated on a regular basis. If you see an update offered, run it, rather than getting annoyed by it and clicking “later” or cancelling it. The updated version may contain patches to seal up recently detected security threats.
  4. Cautiously browse the Internet. Don’t be click-happy. Make sure whenever using a wireless connection, especially those that are free public WiFi use Hotspot Shield to encrypt your data in transit.
  5. Don’t feel you must click on every offer or ad that comes your way, or on links just because they’re inside e-mails. Don’t click on offers that seem too good to be true.
  6. Your mobile devices should be protected. This doesn’t just mean your smartphone, but the smart gadgets that your smartphone or tablets control, like that egg tray that can alert you when you’re running low on eggs.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How hackable is my Home Security System?

/in /by

In a few words, there are some issues. But, really, don’t worry about it. But be aware of whats going on. So are your home’s Internet-connected smart gadgets smart enough to ward off hackers? A research team found that they’re pretty dumb in this area.

4DA house was filled with smart gadgets in an experiment to see if researchers could hack into their security systems.

Baby monitors and Wi-Fi cameras bombed. One camera even granted access after the default login and password were entered. These gadgets use web server software to post online images, and that’s where the loophole exists—in over five million gadgets already online.

The researchers were able to take control of other gadgets as well. There’s a widely used networking system by the gadgets, called UPnP. This allowed the researchers to gain control. The gadgets use UPnP to reach servers that are out on the wider network, and this can expose them to hackers. When a password is built-in and can’t be changed, this makes the situation even worse.

A rather unnerving part of the experiment involved a microphone on a smart TV. The team was able to bug a living room through this. So if you’re sitting there with no shirt on enjoying a movie on that smart TV…someone could be sitting a thousand miles away—or down the street—enjoying watching YOU.

With the way cyber crime is evolving, the risks of having smart gadgets will likely grow bigger and bigger.

The prognosis from the research: Looks like smart gadgets will be easy prey for cyber predators in the near future. Manufacturers need to improve their ability to secure their products. And there’s no simple method for updating the flimsy firmware on the smart gadgets in the first place.

And would it be cost-effective to improve products? One researcher says yes for many products. Would “hardening” the products compromise their usability? For the most part, no. A balance can be struck. But right now, compromised usability is the least of the problems out there. There’s actually a lot of room to fix the flaws without hampering the user’s experience.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Use Door Reinforcement to beef up your Home Security

/in /by

Though there’s no such thing as a 100 percent burglar-proof home, there’s also no such thing as a burglar who has the skills of Mission Impossible’s Ethan Hunt, Spiderman or the Hulk, either. With enough security measures, you can almost make your home burglar-proof.

When homeowners think of security, often only a limited range of devices comes into mind. For example, how many people even know that shatter proof glass exists? How many people would think to install fake (but real looking) surveillance cameras at all entry points where anyone can easily see them?

Have you ever even wondered just how much you can do with your front door to deter a break-in? First off, doors can be kicked in (three-quarter inch pine), even if they have a good lock (one-half inch screws and a stock strike plate). So when you see Detective Olivia Benson on “Law & Order: SVU” kicking down doors, that’s not unrealistic.

Door Reinforcement Devices

  • Door knob/deadbolt wrap. Installed on the door, these strengthen the area around the locks.
  • Door brace. These can be vertical or floor mounted, making it harder to kick down a door.
  • Door bar jammer. This bar device snuggly fits under a doorknob and is angled 45 degrees to the floor.
  • Strike plate. The thicker version is about three or four inches long.
  • Door frame reinforcement. Typically made of steel, this device can be up to four feet long and is installed on the door jamb center, over the existing strike plates. Braces come in different styles.

Kicking down a door—a common scene in cops-and-robbers TV shows and movies, is actually the No. 1 way criminals get into locked houses. They know where to kick; a door has a weak area and the frame can easily be kicked down.

A standard door security consists of two to four little screws that go through one or two small strike plates, that are attached to a thin door frame that consists of 1/2” to 3/4” pine with a ½” thick molding. A 6 year old can karate chop ½” pine. No wonder it’s so easy to blow apart the frame with a foot.

That’s where The Door Devil Anti Kick Door Jamb Security Kit comes in. It’s a one-sixteenth inch heavy steel, four feet long bar, installed on the door jamb center—over the existing strike plates. It makes all that thin wood obsolete because it screws directly into the doors frame.

The Kit includes:

  • 48 inch steel door jamb reinforcement to replace the three-inch brass strike plate
  • Four feet of the door frame absorbs force.
  • The 3.5 inch screws are heavy and three and a half inches, driven into 2×4 studs behind the frame.
  • The three inch screws reinforce the hinges.

Once this system is installed, you’re done. The only additional work is when you lock and unlock the door.

Door reinforcement is just one layer of security that should be complemented with other forms of security like surveillance cameras, motion detection lights and a home security system.

Most burglars aren’t MMA fighters. If the first few kicks fail to rattle a door, they will give up and move on to the next target.

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

Hotel PCs serve up Infections

/in /by

You can legally purchase spyware and install it on your computer, but it’s against the law to do so on someone else’s device. Spyware records e-mails, chats, browser history, passwords, usernames, etc.

4DYou’d buy it for your computer if you wanted to know what your tween was up to on it or how much your employees are goofing off.

This same kind of software can infect your computer after you click on a link in a strange e-mail or visit a malicious website that downloads a virus. Spyware can also be in the form of a flash drive-like tool that a snoop or crook could connect to someone’s PC and obtain private information.

Not surprisingly, this technology has made it possible to infect PCs at hotels. In Dallas recently, computers were infected at several major hotels. The crooks used hotel computers to access Gmail accounts, then downloaded and installed the flash drive-like tool to track keystrokes of unsuspecting innocent guest users as they typed in passwords and usernames to access their bank and other online services.

This is why you should use a public computer only for website browsing for the latest news or entertainment. Even if the PC is within visual range of hotel staff, a crook could still easily connect a keylogger. This is just too easy to do once the criminal sits down at a computer.

If you absolutely must print something out from your e-mail account, at least use a throwaway e-mail address like 10minutemail.com or yopmail.com. Use your smartphone to forward e-mails to the throwaway address. Next, access the temporary address from the hotel PC.

Lock down BIOS settings, then secure them with a solid password. This way, people can’t boot up a computer with a flash drive or CD. But not all operating systems support these protective measures. Your best bet, again, is to use hotel PCs only for entertainment or checking on the weather.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Beginners Guide to using TOR

/in /by

Want to be invisible online? Get to know Tor.

TORTor will make you cyber-anonymous, concealing your cyber footprints, ID, browsing history and physical location. It even makes the sites you visit anonymous. Now, all that being said, there seems to be a concerted effort by certain US government agencies and others to crack Tor, but that hasn’t been completely accomplished…yet.

More on Tor

Realize, that Tor can’t provide 100 percent security. On paper, the Tor network is secure. But the typical Joe or Jane may unintentionally exit Tor using an “exit node,” and end up getting on a website or server that’s in the “open web.” If the visited site is not encrypted, Joe or Jane’s communications can be hijacked.

Tor is actually easy to set up. You can download packages for your operating system: Mac, Windows or GNU/Linux, and this includes the Tor Browser. The Covert Browser supports Tor for iOS and Android.

You may find, however, that your device may fight against installing Tor; the device thinks it’s malevolent and won’t accept the download. Keep trying. Have faith in the Tor code and download it.

The Tor experience is quite leisurely, slowing down what you can do in a given amount of time. It’s not going to get faster, either, as more and more people decide to use Tor. It’s slow because it directs traffic through multiple, random relay nodes prior to arriving at the destination node. So realize that you’ll be dealing with more of a turtle than a hare.

Tor blocks applications, too. If you want total anonymity, you should use the Tor software with the Tor Browser. But plugins will be blocked by the Tor Browser—because plugins can be used to see your IP address. This is why the Tor Project suggests not installing plugins. This means giving up YouTube and other sites while using Tor.

Be warned, Tor can get you undesired attention because the government is more suspicious of Tor users. This doesn’t mean the government will knock down your doors if you’re using Tor. It just means that Tor users may get the attention of the government more than typical Internet users.

As previously stated there’s evidence that government agencies, including the NSA, are trying to dismantle the Tor network, even though it delivers strong privacy protection to average Internet users.

If you want this level of anonymity, you’re going to have to get used to the fact that using Tor will change your online experiences (can you get by without YouTube?). The Tor Project says: “You need to change some of your habits, as some things won’t work exactly as you are used to.”

No matter whether on Tor or the open web, make sure if you are on free public WiFi that you are using Hotspot Shield to encrypt any wireless data.

Give Tor a try if privacy and anonymity are important enough for you to give up some of the features that make your online activities enjoyable, convenient and/or productive timewise.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Are All Hackers Bad?

/in /by

The word hacker has a pretty negative connotation. It brings to mind other words like cybercriminal, thief, and malicious. It’s easy to see why hacker has a bad rep. The news is full of stories about hackers stealing data from large companies and the government. Hackers are the bad guys.

But are they?11D

Tesla just recently announced they are hiring hackers to find and fix security holes in the Model S car. Google started a league of hackers called “Project Zero” to track down security flaws in their software. Companies like Facebook and others sponsor hack-a-thons, where anyone is invited to try and crack their systems, all the time. Why would these companies want to hire or incentivize hackers?

The truth is not all hackers are the same. Here are the different kinds of hackers:

  • White hat hackers: Also known as “ethical hackers,” these hackers use their skills to make the Internet a safer place. Some white hat hackers do this for fun and then report the information to companies or sites they have broken into so the companies and sites can be fixed. It is these white hat hackers that Tesla is hiring they can find any security holes in their Internet-enabled cars before the bad hackers find and exploit them.
  • Gray hat hackers: These are the guys in the middle. They sometimes act legally, sometimes not. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits. An example of gray hat hackers is hacktivists—who hack to bring attention to a political agenda or social cause. Anonymous, a predominant hacktivist group, recently took down multiple Israeli websites in protest of the Gaza crisis.
  • Black hat hackers: These are the bad guys that give the word hacker its negative connotation. These hackers are committing crimes…and they know it. They are looking to exploit companies or you and your devices for their financial gain.

So the next time you hear the word hacker, don’t automatically assume it’s a bad thing. Hacking can used for good and evil, it all depends on the hacker’s intent.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Researchers say your Mobile Carrier’s Network isn’t all that Secure

/in /by

Gee, even the tools that update your smartphone’s operating system over the air have holes that hackers can slip into.

5WIt’s estimated that as many as two billion handsets are vulnerable, and in some instances, security patches haven’t even been released.

The open mobile alliance device management (OMA-DM) protocol is used by around a hundred smartphone companies to release software updates and conduct network administration. And that’s what they say where the problem lies.

A hacker must know the handset’s distinct international mobile station equipment identity (IMEI) number, plus a secret token, to take remote control. It’s not difficult to obtain the IMEI number or the secret token of the company, thanks to lax networks and vulnerable operating system versions.

Researchers discovered they could easily upload code to a phone after following a WAP message from a base station, then proceed like a hacker would.

Another experiment showed that a fake femtocell could be used to get into BlackBerry, Android and some iOS devices by using weak security protocols. Participants turned off their smartphones and set the femtocell to its lowest power setting. The researchers still managed to pick up over 70 handsets.

They found that Android was the most vulnerable, along with BlackBerry. iOS was tougher to crack, but some devices that were run by Sprint were vulnerable.

Another flaw was that devices could be tricked into checking on their OMA-DM servers; the connections had http instead of https.

The researchers reported that most of the manufacturers and carriers had fixed the OMA-DM systems—most, not all.

What are the network threats?

Hackers practically have the cyberworld at their fingertips, able to attack in so many ways, using so many methods, from apps to users, users to users, and various machines to machines. Hackers don’t just want to access data; they want to manipulate it.

4G refers to fourth generation network, succeeding 3G to offer the fastest speed for wireless activity. The protocol for 4G, however, is flawed, allowing for weakening of the protection for phones and their networks.

The hacker would go right for mobile networks to get simpler, wider entry points. Networks for mobile devices, thus, need to be toughened up. If a smartphone is infected, it will be able to target and scan other smartphones within its proximity (since 4G is IP based), all while the carrier has no clue.

The hacker could infiltrate a desired network, access the 4G network, then have a nice, easy launching pad for the crime.

If a hacker uses weak wireless APN connections for his activities, this forces the smartphones in use to rely upon an ongoing network connection. This will make batteries wear out faster. Furthermore, jammed-up signals may lead to denial of service.

One way to protect wireless networks is by using Hotspot Shield to override any insecurities of open free WiFi and to help protect from some of 4Gs failings.

With the fast speed that stands to come with 4G are also weak security levels and lame network structures. Users will not appreciate this price, and mobile operators will need to step quite a bit up on security tactics for keeping hackers out.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

4 Identity Protection Habits Every College Student Should Have

/in /by

For some of us, fall is about to begin and the graduates of the class of 2014 are heading off to colleges across the country. It’s an exciting time—there’s a reason so many people call college the best four years of their lives. You learn so much about the world and yourself. You make lifelong friends. You are an adult without the full responsibility of being an adult.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813It’s pretty easy to believe that because you are young and not in the “real world” yet that you are immune to identity theft or credit card fraud. But crime isn’t so choosy about age. College students are actually a prime target for identity thieves because of naiveté. According to University of Colorado—Boulder, only 21% of college students are concerned about identity theft. And lack of concern leads to lack of managing financial and personal data making college students vulnerable to identity theft.

Luckily, managing your identity doesn’t have to be hard. Whether you’re an incoming freshman or a graduate student, here are four simple habits to help you protect your identity.

  • Check your credit card reports monthly. Many people believe that thieves will drain their accounts. Although that certainly does happen, in many cases, thieves will only take out small increments of money over time to avoid getting caught. By checking your credit card and bank statements monthly you can catch any suspicious charges and immediately alert your bank or credit card company.
  • Regularly change your passwords. Yes, it’s much easier to have one password for all of your accounts, but if hackers discover your password, they have easy access to all of your accounts.  Diversify your passwords and make it a habit to change your passwords every other month. To make this simple, you can use a password manager, like McAfee SafeKey, which comes with McAfee LiveSafe™ service. And to learn more about creating strong password, go to www.passwordday.org.
  • Cover the PIN pad when entering your PIN. Your PIN is the gateway to your bank account and thieves want it. This habit can protect you from skimming and video devices at automated teller machines (ATMs) or gas stations.
  • Think twice before giving out your personal information. Hint: Your fraternity or sorority does not need your identification or Social Security number. If you are shopping online, make sure the website is secure and not a fake before entering your credit card information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.