How to stop Browser Tracking

/in , /by

Maybe you don’t mind the ads for that bicycle rack following you around in cyberspace after you visited a site for all things bike, but browser trackers (“cookies”) also create a profile of you that gets sold to other advertisers and third parties.

2PAre you doomed to be stalked forever by bike ads? This is caused by third-party cookies. You can use third party software such as CCleaner, which can identify third-party cookies and clean out the cookies in your hard drive. It’s the third-party cookies that are the enemy. The first-party cookies come from the site you visit so that your subsequent visits to that site are easier.

After you rid the third-party cookies, you’ll have to alter your browser settings.

Google Chrome

  • In the upper right corner click the little lined box.
  • Select Settings, click Show advanced settings.
  • At Privacy click Content Settings.
  • Under Cookies check “Block third-party cookies and site data.” Hit Done.

Internet Explorer

  • In the top right corner, click on the gear.
  • Select Internet Options.
  • At the Privacy tab click Advanced.
  • Check “Override automatic cookie handling.”
  • Set the Third-party Cookies to Block. Hit Okay.

Firefox

  • Click the lined icon in the upper right corner.
  • Click Options or Preferences for PC or Mac, respectively.
  • At Privacy, under History, change “Firefox will” to “Use custom settings for history.”
  • Change “Accept third-party cookies” to Never.

Safari

  • Safari automatically has third-party cookies turned off, but to be sure:
  • Go to Privacy and select the option that blocks third-party cookies.

Additional Ways to Stop Cookies from Tracking You

Here are things you can do, courtesy of an article on the Electronic Frontier Foundation site. These steps should take you about 10 minutes to complete.

You need not worry that these tactics will negatively impact the ease at which you navigate the vast majority of websites. For websites that get testy about these changes, you can temporarily use a private browsing mode that has disabled settings.

  • Install AdBlock Plus. After installation, change filter preference so you can add EasyPrivacy. You’ll need to visit AdBlock Plus’s website.
  • Change Cookie Settings. Go into Chrome’s settings under Settings, then Show Advanced Settings. Under Privacy click on Content Settings. Hit “Keep local data only until I quit my browser / for current session.” Check “Block third-party cookies and site data.” This will force cookies to expire after you exit the browser and prevent third-party cookies from activating.
  • Install the extension “HTTPS Everywhere.” This will prevent websites from snooping in on you and will help shield you from third parties.

Turn off referers. Install an extension called Referer Control. Scroll down, locate “default referer for all other sites” and hit Block.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Street Fights can result in Death

/in , /by

People who don’t believe they have been brainwashed by the film industry, which repeatedly shows men in a brawl who are still standing after each have received a dozen punches to the head and face.

Sometimes it takes five full minutes to just daze a man, after he’s been hit in the face over and over, and struck in the back with a chair so hard the chair breaks. Men get slammed, even tossed, into walls, into cars, but bounce right back with their dukes up.

An article on gawker.com points out that just one punch could be lethal. And that hitting your head on the ground can be fatal. Bare hands can be deadly. The article also explains that because of this, you should do whatever it takes to stop the attacker—knowing that it might kill him—but at the same time, you shouldn’t deliberately try to kill him.

If your only way out is the nearby 2 x 4, and he’s a bull, then whack him. But geez, no need to impale him with the nearby pitchfork when instead you can just swing the other end into his knees.

How can one punch or a hard fall to concrete kill? The force could jar the brain, tearing a blood vessel, causing rapid bleeding—an acute subdural hematoma or subarachnoid hemorrhage. These don’t exist in Hollywood scripts.

Street Fight Smarts

  • Consider pepper spray, but your brain is your best defense weapon.
  • Park only in well-lit areas and never next to a van.
  • Avoid walking in the dark when possible.
  • If someone demands your car, money or jewelry, give it up.
  • Micro-seconds count. You can always say, “I’m sorry for permanently damaging your eye,” later at the courthouse.
  • Don’t scratch or slap; punch with a closed fist.
  • Gouge at the eyes.
  • Go for the nose.
  • Slam fists into the sides of the neck.
  • Kick at the knees.
  • Ram a hand up between his legs—you know what the destination is.

If he’s “dragging” you to his car, drop to the ground and wrap your arms around his leg to become dead weight. If you think he’ll hit your head at that point, then make a break for it, because at that point, he doesn’t have his arms around you.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Self-Defense and Sexual Assault Prevention

/in /by

If you reach your hand to a strange dog loose on the street to pet it on top of the head, and it mauls your hand, whose fault is this? One camp would put most of the blame on the dog owner. But most people would blame the victim.

1SDBut everyone with half an ounce of sense would agree on one thing: Whose fault it is has NOTHING to do with the importance of doing whatever it takes to prevent a dog attack.

This same principle applies to sexual assault against women. An article on vice.com says that feminist Julie Lalonde isn’t too comfortable with the idea of pushing self-defense lessons on women to help prevent rape. Lalonde believes that promoting self-defense skills encourages the idea that rape is a woman’s fault.

The vice.com article quotes her talking of how society is constructed such that”…if a woman is sexually assaulted and she hasn’t taken a self-defense class, then it was her fault because she could have prevented her rape and didn’t.”

This mindset is one sandwich and the entire blanket short of a picnic. Again, fault has nothing to do with taking whatever measures are necessary to protect oneself! If it can be accomplished with self-defense lessons, then go for it!

Here’s a question for Lalonde and likeminded folks: Which is easier, teaching a woman self-defense or eliminating the urge to rape in a sociopath? Perhaps Lalonde can explain what sort of tactics have been proven to kill a sociopath’s or psychopath’s desire to violate a woman? Last time I checked, none exist (don’t say “chopping it off”; I’m talking about realistically, in our society).

What’s realistic and ethical is self-defense lessons. A study headed by Charlene Senn compared women (900 total) who were assigned self-defense training (which included psychological aspects such as assessing a situation) to women who were given only brochures on sexual crimes.

Rape was reduced among the first group of women (self defense) 5.2 percent, vs. the brochure group (9.8 percent), 12 months out from the study’s interventions.

Do not people such as Lalonde realize how easy it is to disable a man? Has she never seen a man become immobilized with pain upon accidentally hitting his knee into the edge of a cocktail table?

Or perhaps she’s seen too many movies and TV shows in which a man is shown being slammed over the head with a two-by-four, then taking half a dozen punches by another man, kicked in the ribs, knocked off a ledge and falling 10 feet, and despite all that, he ends up beating the tar out of his attacker. In real life, one good sock to the temple will knock a man’s lights out.

Self-defense doesn’t just involve punches and kicks, but depending on the style, focuses on using the laws of physics to put an attacker in a joint lock.

Predators look for prey. High quality self-defense schools teach women NOT to behave like prey, but to behave defensively when needed.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

When a Company Gets Sold, So Does Your Data

/in , /by

When you subscribe to an online service, be careful of how much information you give out about yourself.

1PMost businesses in their terms and conditions, say they “respect your privacy.” But what if these companies go under or are sold? An article from the online New York Times explores this concept. Today’s market-data-hungry-businesses can gather lots of data about subscribers. This data can be transferred to third parties in the event the company is sold or goes belly up.

The New York Times recently analyzed the top 100 U.S. websites, and the revelation is that it’s par for the course for companies to state that subscribers’ data could be transferred as part of a sales or bankruptcy transaction. Companies like this include Google, Facebook, LinkedIn, Amazon and Apple.

On one hand, such companies assure consumers that privacy is important. Next second they’re telling you your data will get into third-party hands if they sell out or fizzle out.

A real-life example is the True.com Texas dating site that attempted to sell its customer database to another dating site. However, True.com’s privacy policy assured members that their personal details would never be sold without their permission. Texas law stopped the attempt.

The Times article points out that at least 17 of the top 100 said they’d notify customers of a data transfer, while only a handful promised an opt-out choice.

This isn’t as benign as some might think. For example, WhatsApp was sold to Facebook. A user of both services ultimately complained that Facebook, without his consent, accessed his WhatsApp contact list, even though his Facebook account was set to prevent people outside his network from obtaining his phone number.

Another example is Toysmart.com. When it went bankrupt, it tried to sell customer data, which included birthdates and names of children. The company’s privacy policy, however, promised users that this information would never be shared.

To avoid fracases, companies are now jumping on the bandwagon of stating they have the right to share customer/subscriber data with third parties per business transactions.

Don’t be surprised if you read something like: “We value your privacy,” and in another section of the privacy policy, “Upon sale of our company, your personal information may be sold.”

 

Even Hackers get hacked

/in /by

Burglars get burgled, muggers get mugged, and hackers get hacked. This includes a sophisticated ring of hackers: Hacking Team, hailing from Italy, specializing in selling hacking software to major governments.

10DAn article on wired.com describes how a “400 gigabyte trove” went online by anonymous hackers who gutted the Hacking Team, including source code. Even their Twitter feed was hacked, and the secret hackers tweeted HT’s cracked files.

One of the exposed files apparently was a list of HT’s customer information, spanning the Middle East, Africa and the U.S.

Hacking Team must really be the Humiliated Team now, because they refused to respond to WIRED’s request for a comment. However, one of HT’s workers tweeted that their mystery hackers were spreading lies. His tweet was then hacked.

Sudan was one of the customers, and this shows that Hacking Team believed it could sell hacking software to any government, as Sudan is noted for its ultra-high restrictions to access.

Can the selling of hacking software be equated to the sales of weapons of mass destruction? More likely this is so than not. There is an arms control pact, the Wassenaar Agreement, designed to control the sales internationally of hacking tools.

Criticisms of the Wassenaar Agreement come from hackers (not necessarily only the bad ones) because the Agreement limits security research.

Eric King, from Privacy International, points out that the Agreement is required. Wired.com quotes him: “Some form of regulation is needed to prevent these companies from selling to human rights abusers.”

The Hacking Team organization, despite what it insists, should not be considered a “good guy.” For example, Citizen Lab uncovered that customers, including the United Arab Emirates and Sudan, used tools from Hacking Team to spy on a political dissident—who just happened subsequently get beaten up.

Eric King says, as quoted in wired.com, that Hacking Team “has continuously thrown mud, obfuscated, tried to confuse the truth.” The hacking of Hacking Team will help reveal the truth behind their “deviousness and duplicity in responding to what are legitimate criticisms,” says King.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Beware of these 10 Nasty Scams

/in /by

Let’s look at the top 10 scams (random order).

9DCharity

  • A fraudster claims to represent a charitable organization.
  • Such scams can operate ring-style, such as one out in Colorado some years ago in which women wearing crisp white dresses that resembled the dresses nurses used to wear, and also wearing white caps (like a nurse), solicited motorists for money by walking around at stoplights holding out tin cans that had a label on them like “Help Fight Drugs.” Many people were fooled by the white outfits and labeled cans.
  • Check out the legitimacy of the organization at bbb.org or charitynavigator.org.

E-mail

  • You receive an e-mail that seems to be from a legitimate company, like your bank, the IRS, UPS, etc. In the message is a link that you click. You just downloaded a virus.
  • Never click links inside e-mails. Contact the company by phone.

Cell Phone

  • Your cell phone rings once. You don’t recognize the number. You call back. You then get charged about $20. Whatever happens after a connection is made, you’ll also be charged a high fee per minute.
  • Ignore one-ring calls. If it’s important they’ll call back.

Credit Card Fraud

  • Ever see a tiny charge on your credit card but have no idea what it was for? It’s probably by a crook.
  • Always report even the smallest charges if they’re unfamiliar.

Sob Story

  • You get an e-mail that seems to be from someone you know. They’re overseas, got mugged, sob sob…and need you to wire them money.
  • Don’t send them a penny; it’s a scam.

Sweepstakes and Lottery

  • “You’ve Won!” shouts your new e-mail. So you click the link in the e-mail to claim your prize—which is a nice fat virus that infects your computer.
  • Run like the wind if the message tells you that you need to pay a fee to claim your winnings.

Jury Duty

  • Your phone rings. You answer. The caller tells you that you’ll be subject to fines because you didn’t show up for jury duty. But relax, you can avoid the fines by providing personal information or paying a fee.
  • Courts have better things to do than to call people who missed jury duty (do you realize how many calls that would be?!).
  • Though failing to report for jury duty does have consequences, the action is never initiated via phone.

Computer Lockout

  • You turn on your computer and see a message stating the device is locked.
  • To unlock it, you’re told to provide sensitive information.
  • Contact your security software provider or a local geek.

WiFi Hacking

  • You connect to free WiFi thinking your secure. But waiting in the wings is a hacker to sniff out your data.
  • Always use a VPN such as Hotspot Shield to encrypt your data over free WiFi.

Home Improvement

  • Someone appears at your door wearing a workman’s outfit and offers to do a job for a dirt cheap fee. They want the money upfront and will return later to do the work, or some variant of this.
  • Stick with bonded, insured, reputable companies. Refer to Angie’s List or the BBB.

Health Care

  • Someone calls you offering to help you sign up for health care.
  • Hang up; it’s a crook because government officials don’t do this.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Hacker isn’t a bad Word

/in /by

Did you know that the original meaning of hacker, as far as computers, was that of a person who built codes into computers? In fact, the bad guy was called a “cracker.” Somehow, “cracker” didn’t catch on. But the mainstream folk out there hears “hacker,” and right away, they think of a digital thief, often someone who breaks into governmental computer systems or Russian “hacking rings” that steal credit card numbers.

4DAn article at motherboard.vice.com mentions that Richard Stallman gets the credit for cracker. Stallman, creator of the GNU operating system, is quoted as saying, “I coined the term ‘cracker’ in the early ‘80s when I saw journalists were equating ‘hacker’ with ‘security breaker.’”

The news media began noticing hackers around 1980. Some hackers were security breakers. Security breaking is one thin slice of the pie, but the media jumped on this, creating the impression that hackers were bad guys.

The article also notes something that Biella Coleman explains. She’s a hacker expert and is quoted as stating that the American government “has tended to criminalize hacking under all circumstances, unwilling to differentiate between criminal activities, playful pursuits, and political causes.”

The reality is, is that a security breaker is no more a hacker than a home burglar is an architect.

In the 1990s were movies that portrayed hackers as cyber villains, and all along, the real hackers were trying to get the word out that “crackers” was the term of choice. But it just didn’t take.

Maybe one reason is because the word “hacker” has more of a novel sound to it. When you hear “cracker,” several possible things come to mind, including a detective who cracks a case, and something you put in your soup. But “hacker”? Wow – it has more punch. It conveys more action.

But how did innocent code writers get to be called “hackers” in the first place? Perhaps it’s because writing code is such an imperfect science—more of an art, full of bugs and crimps. Code writers must hack their way through muddle to get it right.

At this point, however, hacker is here to stay to refer to the bad guy, whether a teenager with too much time on his hands breaking into some company’s network, or an intricate Chinese cyber criminal organization that cracks into the U.S. government’s system.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to deal with difficult people

/in /by

It’s been said that nobody can make you feel bad about yourself without your permission. Well bah! Some people don’t wait for your permission to denigrate you. They are toxic. Lifehacker.com offers some ways to deal with such people.

10DLove Yourself

If someone’s words have made you feel bad about yourself, then spend some time giving yourself pats on the back and positive labels. Make this a habit.

Empathy and Compassion

Towards the offender? Yes. Like Madonna says in her song, “Oh Father,” You didn’t mean to be cruel; somebody hurt you too.

Talk to the Offender

This part takes place after you can feel some compassion for them. See if you can connect with this person. Admit that making a connection is trying, and you want their support. Arrange ahead of time with yourself that you will not feel defeated if this effort does not yield favorable results.

Talk to Others

Find someone you trust, and share with that person how the toxic individual makes you feel. This is not a sign of weakness. You certainly won’t feel worse after you’ve vented a little. And if the listener offers advice, be a good sport and graciously accept it.

You Are Whom You Associate With

It’s been said that we are the composite of the five people we hang out with the most. Ooh, that is scary, isn’t it? Maybe not; depends whom you always hang out with. But anyways, make sure you associate only with positive, upbeat people. They share your attitudes; they believe in the same important things that you do.

Don’t Mimic Their Behavior

If someone’s being toxic and you get mad, realize that your hostile reaction may escalate the situation (though I’d be lying if I said that reacting with some serious feistiness never makes them retreat).

Snip the Ties

If all else fails, you may have to sever the relationship, or at least, minimize contact. Do what you feel like doing…and don’t do what you don’t feel like doing. So if you don’t feel like visiting them when they invite you to their place, then simply don’t. If a toxic person is in town and you don’t feel like visiting, then don’t. Keep things simple. No elaborate explanations are required.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Passwords in Real Life: Don’t be Lazy

/in /by

It’s tough being responsible sometimes. And managing responsibilities for what is precious in your life usually takes a little extra thought.  Let’s say you’ve just welcomed a beautiful set of triplets into the world.  Lucky you . . . and lots to managed! But, you wouldn’t give all these babies the same name simply to make it easier to remember, right?

5DConsider this same concept as you manage other precious aspects of life, like your on line accounts. It may seem convenient – and easier to remember — to use the same password for all accounts.

But a single password across all accounts can also make it convenient for hackers to access your valuable information on these accounts.

Most of us have a number of accounts that require us to use and remember different passwords, which brings us to the question, “If we can’t use the same password for all of our accounts, how do you expect us to remember all of them?” The solution is easy.

You need a password manager.

A password manager will help you create an un-crackable password, and it will even give you a “master” password that will be able to get you into all of your accounts. That way you really will have only have one password to remember.

Password managers eliminate the need to reset passwords, and improve the security of your online accounts that contain your pertinent information. A password manager allows you to log into sites and apps using multiple factors that are unique to you, like your face and fingerprints and the devices you own.

Here are some useful tips for making strong and protected passwords:

  • Make sure your passwords are at least eight characters long and include numbers, letters and characters that don’t spell anything.
  • Use different passwords for separate accounts, especially for banking and other high-value websites.
  • Change your passwords frequently.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Stay Safe While Traveling this Summer

/in , /by

So, when you think about summer travel safety, what comes to mind? Which beach you’ll be lounging on? Sunburns? Shark attacks? While sunburns and vacation plans are rational concerns most have when traveling during the summer, shark attacks are a new one.

4WWith all of the news of recent shark attacks, people are now anxious about wading into the waters, despite the fact that the chances of getting mauled by a shark are a whopping one in 3.7 million. No guarantees, of course, but your odds are looking pretty good.

Conversely, the odds of getting your identity stolen or your other valuable information compromised while on or planning for these fun summer trips with the family are much higher. So instead of worrying about sharks this summer, let’s worry about the real predators out there —online hackers and phishing scammers.

In order to ensure you and your family’s online safety while on vacation, you first have to find an ideal and preferably well-rated vacation spot to travel. The Web is replete with scam sites touting glorious vacation spots for bargain prices. Be wary because a lot of these locations are fictitious or are actual pictures of someone’s home “stolen” from, for instance, someone’s family blog or social media profile. The thief will then put up a fraudulent ad for renters and will request a wired upfront payment.

Book travel plans only via legitimate, reputable sites. McAfee® WebAdvisor is a tool you can use that will help to warn you of most unsafe web pages. Make sure to check reviews of any private lodgings and use legitimate, well-known travel review sites.

We all love to share what we’re doing on social media, especially kids, but avoid using location services when possible. According to the recent Intel Security study : Realities of Cyber Parenting , one in three children who are active on social media turn on location services for some or all of their social media accounts which can alert thieves that you are not home, making you vulnerable to break-ins.

Many users are unaware of these features, but the service is available, and probably enabled on almost all of your most used apps, such as Facebook, Twitter, Instagram, etc. In order to fully protect your online data, when your computer devices are not in use, the Wi-Fi, location services and Bluetooth all should be turned off. Educate your kids to disable these services and not to download apps that request this information to run.

Additional Safety Measures You Can Take:

  • Lock your luggage
  • Do not post your travel plans online
  • If you’re taking any computer devices along, back up all their data first
  • Power down, password-protect, and lock these devices prior to travel
  • The person next to you on the plane can visually eavesdrop while you type in login information—beware. Better yet, avoid computer use while on the plane, and watch movies instead
  • Never use public Wi-Fi, at least for important transactions including purchases. Not only can thieves snatch data out of the air, but cybercriminals can also install public computers with data-stealing gadgets. If you must use public Wi-Fi for sensitive communications, use a virtual private network (VPN), which will scramble your data

Even after taking all of these precautions before and during your trip, your job is not done! Once you return home from your trip, it is vital that you make sure all of your information and charges are accurate. Make sure to immediately check your online credit card statements for unauthorized charges—before you invest time posting all about your trip on social media. Credit card fraud or identity theft can occur in well under 24 hours, so don’t put off checking your card status when you come home.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!