Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

5WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

15 Top Facebook Privacy Tips

You wouldn’t have to worry about privacy issues on Facebook if you didn’t post sensitive, private information on Facebook…such as information that one day can be used against you. And really, you should share only what you consider “professional” information, even with family. Just stop with the nonsense.

At any rate, it’s important to know how to use Face14Dbook’s privacy features, which change from time to time. Here are useful tips.

  1. Go to Start, then Account, then Privacy Settings, then Edit Your Profile.
  2. In the Edit Your Profile feature, go through everything there and set things up. There are multiple data fields. To get their drop-down menus, hit the lock on the right of the fields.
  3. Review posts friends tag you in before they appear on your timeline” Set this so your friends can’t make posts that include you that appear on your timeline without your knowledge and/or permission. A friend may tag you in something racist or sexist that makes you look bad by association.
  4. “Ads and Friends.” Set this so people can’t see which businesses you have friended if you’d like. For example, if you’re Liked a “bondage” shop because it was funny to Like it, it might not be in your best interests that a potential employer sees this.
  5. “Do you want other search engines to link to your timeline” Set this to prevent people from finding your timeline entries when they do Google searches. Theres no reason a private FB needs this setting live.
  6. “Limit the audience for posts you’ve shared with friends of friends or Public?” Set this to avoid letting a wide audience see your old posts. You may have had a cock tail or two one night and posted something you may regret the next day.
  7. “Log-in approval” This is big. signing up for this ensures that no one else can easily log into your Facebook account.
  8. Friends Lists. Click Edit Friends after you click Account. Go to Create a List to categorize your “friends,” such as those from work only or “share everything.”
  9. To restrict access, you can choose something on your friends lists to narrow the field, such as your created category of “childhood close friends.” Play around with the options. You’ll see an option called Custom, which breaks down to Select Specific People. Be patient and tinker around a bit. If you don’t want your nosy neighbor to see anything, click “Hide this from.”
  10. Under Privacy Settings is Apps and Websites. Other people’s apps can take your information and post it elsewhere. Go to Apps you Use, and How People Bring Your Info Into Apps They Use. You’ll be able to tell who’s taking information from you. But you can disable this too. If you only want select people to know you have an FB page, turn off the Public Searches function. Then, if someone googles your name, your FB page won’t show in the results.
  11. The How Tags Work feature controls tags about you on your page only. You’ll see an option called Friends Can Check You Into Places. Turn this off. Otherwise, one of your “friends” could blab personal information about you. (Gee, at this point, it’s easy to understand why some people just don’t have a FB account—including the most social, outgoing people you’ve ever known.)
  12. To see how your profile looks to visitors, click View As at the top right.
  13. Click on How You Connect under Privacy Settings. This feature determines/controls who can interact with you and view your posts. Again, play around with this.
  14. The Block Lists under Privacy Settings will block whomever you please from contacting you.
  15. Continue spending time in Privacy Settings to further refine your preferences.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

The Security Costs of being too Social

One of the arguments against being very virtually social is that nobody is SO important that everyone wants to know, for instance, that this person is going to be at the local sports bar watching the Super Bowl (or almost nobody; sad to say, some celebrities have half the world following them).

14DAnother argument, however, against tweeting and posting your every move is that this tells burglars when you’ll be away from your house.

So, you’re important enough to post every detail of your life on Facebook…but NOT important enough to be the victim of crime, right?

WRONG.

Maybe you’re not so virtually chatty, but other people actually tweet and post from the sports bar to keep followers updated about their emotions regarding the big game. At the same time, these folks are letting burglars know they’re away from home and not returning too soon.

Why You Should Curb Cyber Socializing

  • It’s true: People have been burglarized because the thieves found out they were on vacation or away via their social media posts.
  • Because posting your whereabouts in social media could lead to a burglary, you’ll have to pay for the natural fallout of the crimes, such as a homeowner’s insurance deductible and a higher premium rate due to multiple claims.
  • You could even lose any claim-free discount on your policy.
  • Though carriers won’t deny coverage if your car was stolen as a result of something you tweeted, the carriers want you to know how potentially risky it is to make personal posts, such as, “Hey, the whole gang’s going to my Uncle’s lake house to watch the Super Bowl on his monster flat screen!”
  • Save the mundane updates for after the event, when you get back home: “Hey y’all, just got back from watching the game at Uncle Budd’s…I’m gonna call in sick tomorrow ‘cause I’m so upset that we lost!” Which as you can see, is just as stupid, because you’ll get fired.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

What happens when a Bank Account is hacked?

Who’d ever think that 50 years ago, your money was safer in your bank account than it is today in this “modern” age: remote theft. If you bank with a large or small bank, your account may be at risk by hacking rings.

7WHowever, most of the time, but not always, if your account is drained by a cyber thief, the bank will cover it for you.

The latest information is that a big attack is planned in the spring, but it’s the “It’s easier to get one dollar from a million people than it is to get a million bucks from one person” type of attack plan. The apparent hacking plan involves stinging mass numbers of banking customers via the customers’ computers.

Because banks are a favorite target for cyber thieves, financial institutions are always improving their cyber security. However, criminals get into bank accounts by suckering customers into revealing personal information; we’re talking thieves who don’t directly hack the bank, but hack YOU.

  • Never click links inside e-mails—including those that SEEM to be coming from PayPal, Chase or whatever institution you use.
  • Typically, these scam messages are constructed by thieves posing as your bank. They tell you your account is about to be compromised, or there are suspicious withdrawals or something else to grab your attention, and that to correct the problem, you must visit their site and enter some information. This is a scam to get your login information! The phony site that the link goes to is constructed to look exactly like the authentic bank sites.
  • If you’re not convinced these scammy e-mails you got have gone to a million other people, then phone your bank and inquire about the message.
  • Never use the “remember your computer” option that banks offer. Forget the convenience; just deal with the login hassle every time for better security.
  • Don’t hide your savings in your house because you figure they’re safer there. If you follow the aforementioned rules, your money will be far safer in your bank than hidden inside your toddler’s teddy bear.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What is private Information and what is not?

Data Privacy Day was Wednesday, January 28, and these days the concept of “privacy” can be ambiguous, generic or confusing. What you might think of as private actually isn’t. The definition of personal identifying information, by the U.S. privacy law and information security, is that of data that can be used to contact, identify or locate an individual, or identify him in context.

1PThis means that your name and address aren’t private, which is why they can be found on the Internet (though a small fee may be required for the address, but not always). Even your phone and e-mail aren’t private. What you post on Facebook isn’t private, either.

So what’s private, then? An argument with your best friend. A bad joke that you texted. Your personal journal. These kinds of things are not meant for public use. What about vacation photos that you stored in a cloud service? Well…they’re supposed to be private, but really, they’re at significant risk and shouldn’t be considered totally private.

And it’s not just people on an individual scale that should worry about privacy. It’s businesses also. Companies are always worrying about privacy, which includes how to protect customers’ sensitive information and company trade secrets.

But even if the company’s IT team came up with the most foolproof security in the world against hacking…it still wouldn’t protect 100 percent. Somewhere, somehow, there will be a leak—some careless employee, for instance, who gets lured by a phishing e-mail on their mobile phone…clicks the link, gives out sensitive company information and just like that a hacker has found his way in.

Even when employees are trained in security awareness, this kind of risk will always exist. An insider could be the bad guy who visually hacks sensitive data on the computer screen of an employee who was called away for a brief moment by another employee.

Tips for Training Employees on Security Savvy

  • Make it fun. Give giant chocolate bars, gifts and prizes out to employees for good security behaviors.
  • Post fun photos with funny captions on signage touting content from the company’s security policy document. It’s more likely to be read in this context than simply handed to them straight.
  • Show management is invested. Behavior changes start from the top down,
  • Get other departments involved. Even if they’re small, such as HR, legal and marketing, they will benefit from security training.
  • Stop visual hackers. Equip employees with a 3M Privacy Filter and an ePrivacy Filter which helps bar snooping eyes from being able to see what’s on the user’s screen from virtually every angle.
  • Don’t forbid everything that’s potential trouble. Rather than say, “Don’t go on social media,” say, “Here’s what not do to when you’re on social media.”
  • Make it personal. Inform workers how data breaches could damage them, not just the company. A little shock to their system will motivate them to be more careful.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

What is a Remote Administration Tool (RAT)?

Ever felt like your computer was possessed? Or that you aren’t the only one using your tablet? I think I smell a rat. Literally, a RAT.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813A RAT or remote administration tool, is software that gives a person full control a tech device, remotely. The RAT gives the user access to your system, just as if they had physical access to your device. With this access, the person can access your files, use your camera, and even turn on/off your device.

RATs can be used legitimately. For example, when you have a technical problem on your work computer, sometimes your corporate IT guys will use a RAT to access your computer and fix the issue.

Unfortunately, usually the people who use RATs  are hackers (or rats) trying to do harm to your device or gain access to your information for malicious purposes. These type of RATs are also called remote access   as they are often downloaded invisibly without your knowledge, with a legitimate  program you requested—such as a game.

Once the RAT is installed on your device, the hacker  can wreak havoc. They could steal your sensitive information, block your keyboard so you can’t type, install other malware, and even render your devices useless. They  could also

A well-designed RAT will allow the hacker the ability to do anything that they could do with physical access to the device. So remember, just like you don’t want your home infested by rats, you also don’t want a RAT on your device. Here are some tips on how you can avoid  a RAT.

  • Be careful what links you click and what you download. Often times RATs are installed unknowingly by you after you’ve opened an email attachment or visited an software in the background.
  • Beware of P2P file-sharing. Not only is a lot the content in these files pirated, criminals love to sneak in a few malware surprises in there too.
  • Use comprehensive security software on all your devices. Make sure you install a security suite like McAfee LiveSafe™ service, which protects your data and identity on all your PCs, Macs, tablets and smartphones.

Keep your devices RAT free!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Take a Women’s Self-Defense Course

Crimes against women are often “crimes of opportunity”. The predator doesn’t care if the opportunity presents itself in a major bustling city or in a tiny town with a population of only 400. If he sees prey and nobody else is around, he’ll strike—big town, medium town or small town.

1SDWomen should take self-defense classes, regardless of their age, weight or height. Just do it. There’s more to a high quality self-defense program than learning how to throw a punch, get out of a choke-hold and deliver a kick.

Sometimes, a predator can be frightened away by a woman’s eyes and tone of voice. In fact, a predator will “interview” a woman before assaulting her. He wants to first make sure he can overtake her. He won’t automatically assume he can simply because he’s taller and heavier. He has to qualify her as victim material.

He may do this by asking her for the time, for directions, or just looking at her in a creepy way. Her response, tone of voice and body language will be very telling. Self-defense and martial arts teaches a woman how to display a posture that makes a dangerous man back off.

Sometimes a woman who’s trained to fight will get attacked anyways.

Its simple enough, you have to be willing to injure, hurt and harm your attackers. A good self-defense program will include instruction in how to get out of real attacks and how to fight from the ground and even when there is a weapon involved.

Attackers generally don’t expect their victims to fight back. So what you do, your response to an attacker in the first few moments of an attack, can very well determine the outcome. Scratching a man’s face is a good start, but may anger him rather than scare him, but a solid punch to the throat or a deep gouge to the eyes is better.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

10 Skeevy Scams to watch

You may think you’re not dumb enough to fall for scams, but consider that someone you care deeply about is naïve enough to be conned. Besides, some scams are so clever that even those who think they’re scam-proof have actually been taken for a ride.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Sometimes fraudsters pose as an authority figure. Some claim you won a prize, while others claim you’re in trouble. Some even claim they’re a family member (needing money) and have figured out a way to convince you of this.

Some scams are done via e-mail, while others involve a phone call or snail mail. One common ploy is for the crook to pose as a rep from the electric company and threaten to shut off your electricity unless you pay a delinquent bill. Of course, the payment must be in the form of a reloadable debit card. People will actually give these cards to the “rep,” without calling the company to confirm the situation.

A big tip-off to a scam is that you’re told you won a prize or have been hired for employment—but must send money to get the prize or be trained for the employment.

Some scams are so very obvious, but still, people get taken, like those ridiculous e-mails claiming you inherited a windfall from some deceased prince named Gharbakhaji Naoombuule. But people actually fall for these, not considering that this same e-mail was sent to 10,000 others.

Top 10 Scams

  • Caller ID spoofing. Has your phone ever rung and you saw your phone number and name in the caller ID screen? How can your own phone be calling you? It’s a scam. Ignore it. If you pick up you’ll hear an offer for lower credit card rates. You’ll be told to press 1 to opt out—but you should not even be on that long to hear this option; you should have hung up the second you heard the credit card offer. Anyways, pressing 1 indicates your number is legitimate; it’s then sold to scammers. Caller ID spoofing is also perfect for scammers posing as the police, government agency, corporations etc all with the intention to get you to part with your money.
  • Mystery shopping. Though mystery shopping is a legitimate enterprise, scammers take advantage of this and mail out checks (phony) before the “shopping” is done. A legitimate company will never do this. They also get victims to give up credit card data to pay for getting a job!
  • Calls about unpaid taxes. Always hang up, regardless of threatening nature to pay up or else. The IRS always uses snail mail to notify people of unpaid taxes.
  • Puppy scam. You find a website offering purebred puppies at very low prices or even for free, but you’re told you must pay for shipping or transfer fees (wire transfer) to get your puppy. The money is gone and you never get your puppy.
  • You get a call from someone claiming to have found buyers for your timeshare. You receive a contract, but are told you must pay funds to cover some fees. The contract is phony.
  • Tech support. Someone calls you claiming your computer needs servicing. They’ll fix it after you give them your credit card information. Legitimate geeks don’t call people; you must call them.
  • Postcard survey. Out of the blue you’re told you’ve won a gift card, or, just take a brief survey to get one. Go along with this and soon you’ll be asked to provide your credit card number. Don’t bother. You’ll get no gift card while the crook gets your credit card information.
  • A notice says you’ve won a big fat prize. To claim it, just pay some fees. Yeah, right. Never pay fees to collect a prize!
  • You’re told you’re eligible for a grant or have been awarded one, but must first pay processing fees. Federal grants don’t require fees.
  • Subscription renewal notice. The notice says you can renew for a lower rate. Check to see if the notice was sent by the publication itself or some third party (the crook).

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Small Town investigates String of Burglaries

Home burglaries don’t just happen in the big cities that everyone’s heard of. They can also occur in small towns—simply because the burglar lives in them or in neighboring areas. Such is the case with Kirksville, Missouri.

2BA recent report from heartlandconnection.com tells of multiple burglaries. They have elements in common: The thief enters overnight while the occupants are asleep and takes cash.

Are the homes’ occupants very hard of hearing and can’t hear the window smashing or the door being kicked down? Did they all take a few sleeping pills and were thus in a very heavy sleep and that’s why they didn’t hear the windows smashing or the door being busted through?

Or…do you suppose that a DOOR or WINDOW WAS UNLOCKED and that’s how the burglar got in?

Don’t be a victim!

  • Before going to bed at night, what do you always do without fail? Brush your teeth. Let the dog out for one last “business.” Set the clock alarm. Lay out your clothes for next day. Is something missing here? Yes! LOCK ALL DOORS AND WINDOWS.
  • Have a deadbolt installed and other protective devices for doors.
  • Keep doors and windows locked during the day, too—even when you’re home.
  • Have a motion detection light installed.
  • Put away the purse, wallet, credit cards, checkbook and loose money…just in case someone does get in. The last place burglars usually check is the kids’ bedrooms. Consider stashing your purse and wallet in a shoebox in the toy box.
  • You can also put these items in a fire-proof safe that’s bolted to the floor.
  • Never keep the spare key “hidden” outside anywhere. Leave it with a neighbor or go keyless entry.
  • Before going away on trips, arrange with someone to check your home periodically.
  • Don’t leave any light on continuously; this looks like you’re away. Used timed lighting devices.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Online Data less safe than ever

It’ll get worse before it gets better: online data safety. It’s amazing how many people think they’re “safe” online, while one huge business or entity after another keeps getting hacked to the bone.

1DAnd “safety” doesn’t necessarily mean the prevention of your computer getting infected with a virus, or falling for an online scam that results in someone getting your credit card information. It’s also a matter of privacy. While targeted advertising (based on websites you’ve visited) may seem harmless, it’s the benign end of the continuum—that someone out there is tracking you.

So, do you still think you’re hack-proof?

That you can’t be fooled or lured? That your devices’ security is impenetrable? That you know how to use your device so that nobody can get ahold of your sensitive information?

Consider the following entities that got hacked. They have cyber security teams, yet still fell victim:

  • LinkedIn
  • Yahoo! Mail
  • Adobe
  • Dropbox
  • Sony
  • Target

You may think the hacking is their problem, but what makes you believe that the service you use is immune? Are you even familiar with its security measures? That aside, consider this: You can bet that some of your personal information is obtainable by the wrong hands—if it already isn’t in the wrong hands.

Are you absolutely sure this can’t possibly be? After all, you’re just a third-year med student or recent college grad looking for work, or housewife with a few kids…just an average Joe or Jane…and you use the Internet strictly for keeping up with the news, keeping up with friends and family on social media, using e-mail…innocent stuff, right?

You’ve never even posted so much as a picture online and say you don’t use a credit card online either.

  • But hey, if your passwords aren’t strong, this ALONE qualifies you as a potential hacking victim.
  • So, what is your password? Is it something like Bunny123? Does it contain your name or the name of a sport? Keyboard sequences? The name of a well-known place? The name of a rock band?
  • Do you use this password for more than one account? That gets tacked onto your risks of getting hacked.
  • You need not be someone famous to get hacked; just someone who gets lured into filling out a form that wants your bank account number, credit card number, birthdate or some other vital data.
  • If you just ordered something from Amazon, and the next day you receive a message from Amazon with a subject line relating to your order…did you know that this could be from a scammer who sent out 10,000 of these same e-mails (via automated software), and by chance, one of them reached someone at just the right time to trick you into thinking it’s authentic?
  • People who know you may want your information to get revenge, perhaps a spurned girlfriend. Don’t disqualify yourself; nobody is ever unimportant enough to be below the scammer’s radar.
  • Did you know that photos you post in social media have a GPS tag? Scammers could figure out where the photo was taken. Are you announcing to all your FB friends about when your next vacation is? Did you know a burglar might read your post, then plan his robbery? Between the GPS tags and your vacation dates…you’re screwed.

Well, you can’t live in a bubble and be antisocial, right? Well, it’s like driving a car. You know there are tons of accidents every day, but you still drive. Yet at the same time, if you’re halfway reasonable, you’ll take precautions such as wearing a seatbelt and not driving closely behind someone on the highway.

Most of your fate is in your hands. And this applies to your online safety. You won’t be 100 percent immune from the bad cyber guys, just like you’re not 100 percent immune from a car wreck. But taking precautions and having the right tools really make a tremendous difference.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.