Xfinity Home Security Flawed

Bad news for users of the Xfinity home security system: It can report locked doors and windows that have been bypassed by an intruder and miss an intruder’s movements, says an article on wired.com.

3HThe intruder circumvents the system by using a radio jammer to block the 2.4 GHz radiofrequency band of the alarm system. The system won’t detect this as an anomaly, “thinking” that the doors and windows are still locked.

It gets worse. Suppose the thief ends the jamming and leaves with his loot. Then a second, unrelated intruder breaks in. He may go undetected and no alarms will go off, no remote alerts to the homeowner, because it may take the system’s sensors up to three hours to return to a functioning mode.

An Xfinity sign that’s on the property is a welcome mat to thieves who know how to circumvent the system. And the homeowner will never know anything happened until they return and see the place was ransacked. A surveillance camera, of course, will show the intrusion—unless the radiofrequency band of the camera was the same as the system and hence also jammed.

Radio jamming equipment can be constructed by anyone with half a brain about electronics.

Why can’t this system detect that anything went awry? And why does it take up to three hours for the sensors to regroup? Sounds like a lot of stuff is wrong with this system.

It’s not truly known if Comcast plans on remedying these flaws. Rapid7 security researchers contacted Comcast but have not received a reply, continues the wired.com article. Comcast has also ignored contact from WIRED and from CERT, a cybersecurity research entity.

Interestingly, once the wired.com article was posted, Comcast spokesperson Charlie Douglas issued a statement inferring that these flaws exist in any home security system. However, it has not been confirmed that these flaws are inherent in wireless home security systems in general.

So will Comcast patch up the flaw? Douglas’s response to WIRED was rather evasive, again stating that it was an “industry issue,” and that he’s not even sure that a “simple patch” is even the solution.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Protect Yourself from Phishing

Everyone has received very obvious “phishing” e-mails: Messages in your in-box that have outrageous subject lines like “Your Account Will Be Suspended,” or, “You Won!”

13DWhile some phishing attacks are obvious, others look harmless, such as those in a person’s workplace in-box, seemingly from their company’s higher-ups.

Researchers point out that an e-mail may appear to come from the company’s HR department, for example. E-mails with an “urgent email password change request” had a 28% click rate, Wombat security reported.

Phishing victims act too quickly.

In the workplace, instead of phoning or texting the HR department about this password reset, or walking over to the HR department (a little exercise never hurts), they quickly click.

So one way, then, to protect yourself from phishing attacks is to stop acting so fast! Take a few breaths. Think. Walk your duff over to the alleged sender of the e-mail for verification it’s legit.

Wombat’s survey reveals that 42% of respondents reported malware infections, thanks to hasty clicking. However, employees were more careful when the e-mail concerned gift card offers and social media.

The report also reveals:

  • 67% were spear phished last year (spear phishing is a targeted phishing attack).
  • E-mails with an employee’s first name had a 19% higher click rate.
  • The industry most duped was telecommunications, with a 24% click rate.
  • Other frequently duped industries were law, consulting and accounting (23%).
  • Government was at 17%.

So as you see, employees continue to be easy game for crooks goin’ phishin.’

And attacks are increased when employees use outdated plug-ins: Adobe PDF, Adobe Flash, Microsoft Silverlight and Java.

The survey also reveals how people guard themselves from phishing attacks:

  • 99% use e-mail spam filters.
  • 56% use outbound proxy protection.
  • 50% rely on advanced malware analysis.
  • 24% use URL wrapping.

These above approaches will not prevent all phishing e-mails from getting into your in-box. Companies must still rigorously train employees in how to spot phishing attacks, and this training should include staged attacks.

Protect Yourself

  • Assume that phishing e-mails will sometimes use your company’s template to make it look like it came from corporate.
  • Assume that the hacker somehow figured out your first, even last name, and that being addressed by your full name doesn’t rule out a phishing attack.
  • Get rid of the outdated plug-ins.

Phishing attacks are also prevalent outside the workplace, and users must be just as vigilant when on their personal devices.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Three ways to beef up security when backing up to the cloud

Disasters happen every day. Crashing hard drives, failing storage devices and even burglaries could have a significant negative impact on your business, especially if that data is lost forever. You can avoid these problems by backing up your data.

Backing up means keeping copies of your important business data in several places and on multiple devices. For example, if you saved data on your home PC and it crashes, you’ll still be able to access the information because you made backups.

A great way to protect your files is by backing up to the cloud. Cloud backup services like Carbonite allow you to store data at a location off-site. You accomplish this by uploading the data online via proprietary software.

Cloud backup providers have a reputation for being safe and secure. But you can’t be too careful. Here are a few ways to beef up security even more when you use a cloud backup system:

  • Before backing up to the cloud, take stock of what data is currently in your local backup storage. Make sure that all of this data is searchable, categorized and filed correctly.
  • Consider taking the data you have and encrypting it locally, on your own hard drive before backing up to the cloud. Most cloud backup solutions – including Carbonite – provide high-quality data encryption when you back up your files. But encrypting the data locally can add an additional layer of security. Just remember to store your decryption key someplace other than on the computer you used to encrypt the files. This way, if something happens to the computer, you’ll still be able to access your files after you recover them from the cloud.
  • Create a password for the cloud account that will be difficult for any hacker to guess. However, make sure that it’s also easy for you to remember. The best passwords are a combination of numbers, letters and symbols.

Cloud backups are convenient and have a good record when it comes to keeping your data safe. It doesn’t require the purchase of additional equipment or the use of more energy. You can also restore data from anywhere, to any computer, as long as there is an Internet connection available.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

Set up Family’s Controls on Home Computers

The computers in your household should have controls on them for security—even if you don’t have children living with you.

3HChrome OS

  • On the Chrome browser in the upper right are three horizontal lines; click this symbol.
  • Click “Add supervised user.”
  • Enter the name and password for the new account.
  • This allows the other family member to access their account using the Chrome OS. Just set the controls for that person via the www.google.com/settings/chrome/manage.
  • You will be able to see the sites that the family member visits, and needless to say, you can block the ones you don’t want that individual accessing. The caveat is that it does not permit bulk blocking; so if you want to block five sites, you must set the block up one at a time for each site.
  • The plus side is that this system allows a user access to your Chromebook.

Windows 10

  • Go to account.microsoft.com/family and sign in.
  • Enter the e-mail address of other family members.
  • Or, set up a new one for them.
  • Click the “invite” link.
  • The family member(s) will appear on the family list. You now can set controls.
  • Controls can apply to apps, games, visiting particular websites and even the time of computer use.
  • This feature includes additional controls like seeing the online activity of the other family member(s).

OS X

  • Click Users & Groups in System Preferences.
  • See the lock icon? With your password, unlock it.
  • Click the “plus” symbol located under the user list.
  • You’ll see Managed with Parental Controls. Take it from there to have the new account added to the Mac’s master list.

There are lots of options for customizing the kind of control you want. Take your time reviewing all of the things you can set controls on.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Protect Yourself from Online Dating Scams

$200 million: The amount people were ripped off by online dating scams in a year.

1FDUI: dating while under the influence…of the quest for love…is costly to countless people.

A nytimes.com article notes that this quest impairs judgment, making it easy for con artists to bilk lonely people. Or are some people just plain stupid? But many victims are highly educated.

It all begins with a phony profile that grabs the victim’s attention. The nytimes.com report points out that the scamster uses attractive photos stolen off of other sites.

INTERRUPTION: If he/she is too gorgeous to be true, right-click the image to see where else it appears online! Is “Emilene McKenna” whom she says she is?

These scammers come from anywhere on the globe.

  • They prey upon loneliness, greed and desire.
  • Overseas scam rings
  • Solitary scammers working at home late at night
  • Women, not just men
  • They almost always profess to be in a glamorous or exciting line of work, though occasionally, they’ll pose as a more common person (perhaps to appear less suspicious).
  • People of all ages and walks of life, plus sexual orientations, are targeted.
  • The common denominator is a request for money.
  • Reasons for money requests run the gamut but usually focus on medical bills, legal fees or fees relating to a planned trip to meet the victim (which never occurs).

The nytimes.com article quotes victim specialist Debbie Deem that these con artists are skilled at mirroring the victim’s needs and creating “a sense of intimacy very quickly.” The victim soon becomes convinced that this is their soulmate—and thinks nothing of sending them the requested money.

However, the scammer may reveal their true colors after luring the victim into posing for raunchy photos or videos: The crook threatens to expose these unless the victim sends them money.

Other Facts

  • Being offered a spouse is a growing ruse.
  • Some victims have lost over $400,000.
  • Significant contact from the scammer lauding the victim.

How to Protect Yourself

  • If you haven’t already figured that out after reading this article…I’m very worried.
  • In addition to right-clicking the photo, copy and paste the profile’s narrative into a search engine and see if it shows up anywhere else like on an unrelated person’s blog or another dating profile under a different name.
  • NEVER SEND MONEY! Think: They’ve gotten this far in life without your financial help; they’ll survive without it.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Prevent Child Identity Theft

Here’s one for the know-it-alls: Kids are 35 percent more likely to become victims of identity theft than are adults. Betcha didn’t know that! This startling news comes from a 2015 Javelin Strategy & Release study.

2DNeedless to say, the bulk of parents aren’t on top of this problem, unaware that thieves go after children’s SSNs like two-year-olds grabbing at candy. Thieves know that kids (and their parents) don’t monitor their credit reports. Thieves know that they can get away with their crime all throughout the victim’s childhood until they start applying for college, credit cards, etc., at age 18 or so. That’s a long time to get away with a crime.

Let’s talk about how to prevent child identity theft.

ID Theft Protection

  • Sign on with an ID theft protection company; many such companies protect the entire family including kids.
  • Get an ID theft protection service. This is not the same as antivirus software. For example, ID theft protection services will monitor your credit report. It will also alert you when an account is opened in your name.

Credit Freeze

  • Put a freeze on your kids’ credit reports; 19 states allow this for the three main credit reporting agencies. Equifax allows a freeze no matter what state you live in.
  • A frozen credit will prevent a crook from opening lines of credit in your child’s name.

Who needs your child’s Social Security number?

  • Put your children’s sensitive documents (birth certificate, SSN card, etc.) in a lockable safe and/or keep it hidden.
  • THINK, before you hand out your child’s SSN. Just because it’s requested doesn’t mean you must blindly give it up. Ask yourself: Why on earth do they need my child’s Social Security number? The gruff coach of your child’s new soccer team may be requesting the number. The child beauty pageant director may be asking for it. Don’t be intimidated.
  • Come on, really. WHY would a sports team, karate tournament entry form or any other child-centered activity need this information?
  • Minimize putting your child’s name and address “out there.” Even if you decide to get a magazine subscription for your tween, put your name on the subscription.
  • Meet with your child’s principal to keep your child’s information from getting out. Schools often share personal information of students with third parties.
  • It’s not cute that your five-year-old can rattle off her Social Security number. Kids don’t need to know this number. They need to know your phone number, how to dial 9-1-1 and their home address. But not their SSN. Geez, if they know their SSN, you just never know when they might leak it out to the wrong ears. When kids are in high school, they may need it, but still, be very cautious about when you decide it’s time to give them this information.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Products to keep Kids safe online

Some people believe that monitoring your kids’ online activities crosses the line of privacy or trust. But monitoring and controlling online activities is, essentially, no different than controlling access to the cookie jar or TV or even locking a liquor cabinet.

Which brings me to a way that parents can always know exactly what their kids are doing in cyberspace. And control when, too. This is possible due to a type of software known as “parental control” that monitors the goings-on of any connected device in the home network, in concert with a mobile app.

Parental control software is very important to most parents, and they’re always looking for the latest technology. The Pew Research Center’s recent report says that 95% and 93% of U.S. parents have spoken to their teenager about sharing-safety and appropriate online behavior, respectively.

Gadgets like this include Circle and KoalaSafe (easy setup, $99 each). With these, you can even set certain activities to be off limits when you apply filters. When you see your teen daughter’s activity going to a “pro-ana” site, you can bar her from getting on.

Circle

  • Scans all traffic on your home’s network.
  • Traffic data is not stored on Circle’s servers.

KoalaSafe

  • Provides a Wi-Fi just for kids and tracks only that.
  • Uses cloud servers for monitoring.

From your mobile you can watch what your kids are up to in cyberspace, but these gadgets can’t monitor or control 100% their activities (such as Snapchat)—but will do enough for you to know that the cookie jar, figuratively speaking, is bolted shut with a good lock.

Even if your child is a goody two shoes, they may still accidentally get on a site you’d never want to show your grandmother. Circle and KoalaSafe will help control this scenario. This software can also track how much time kids spend with certain activities such as being on Facebook, and you can set time limits.

But remember, parental control software, no matter how good it is, should be seen as an adjunct to one-on-one communication with your kids, not the replacement of it. Parental software isn’t just for “bad” kids, but serves as an extra tool for parents that keeps up with today’s technology.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Identity Theft on the rise affecting over 13 Million

13.1 million people were stricken by identity theft last year in America, reports a study by Javelin Strategy & Research which reveals:

  • Many people who don’t trust their banks are unwittingly doing things that make crime easier for crooks. This includes not using the bank’s protection services such as e-mail alerts.
  • Oddly, there are more victims than ever, but the total amount stolen is less. But that hardly matters when you consider that in the past six years, $112 billion have been stolen.
  • 18 percent of U.S. identity fraud involving cards was carried out beyond the U.S.
  • New-account fraud is being driven by EMV.

Javelin Strategy & Research’s Recommendations

  • Every account should have a different password. Every password should be long and strong, not containing keyboard sequences or actual words or proper nouns (sorry, this means no Metallica1), and including a mix of characters.
  • Consider using a password manager.
  • Smartphone protection is a must. This means being vigilant about updates and using all security features offered by the device like passcodes or fingerprint access.
  • Sign up for account alerts. Alerts come in different flavors. For instance, you’ll be alerted for purchases exceeding a specified limit or occurring outside your state. See if your bank or credit card issuer provides alerts for international transactions.
  • Put a freeze on your credit. This will prevent anyone but you from opening an account in your name, and it’s cheap to do. But if you unexpectedly find you must open a new line of credit, the freeze can be lifted.
  • If you suspect any suspicious activity, jump on it immediately. Any delay in notifying the credit card company or bank can make it harder for them to resolve the problem.

In addition, inspect your credit card statements every month. Do not dismiss tiny charges that you’re not familiar with just because they’re tiny. Sometimes, crooks will “test the waters” and make miniscule charges to see if they can get away with it. Their intention is to then escalate and ultimately max out the card.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Ransomware as a Service: A new threat to businesses everywhere

Cyber criminals have been attempting to extort money from individuals and companies for many years, and the latest attempt to take advantage of others is by using Ransomware as a Service, or RaaS.

4DA ransomware virus infects a computer when a user clicks a link and unknowingly download a malicious file. The ransomware virus then encrypts the computer’s files and promises to render them useless unless the victim pays a ransom. The cost varies greatly and groups sending these out can bring in hundreds of millions of dollars in profits.

RaaS makes it even easier for criminals to deploy ransomware viruses. All they have to choose a ransomware virus, set a ransom amount and deadline, and then trick their victims into downloading it onto their computer.

What to do if systems become infected with ransomware

If you have been attacked with ransomware, consider the following:

  • Tell the hacker you will pay, but that you need time to get the cash.
  • Gather all correspondence from the hacker.
  • Tell the webhosting provider, maybe call the cops, but expect little. If there is a major loss, reach out to the FBI, just know they might not see it as serious.
  • Delete all infected files and download clean versions from your backup system. Remember: If you have a quality backup system in place, you won’t need to pay the ransom.

Handling computer viruses

Ransomware isn’t the only type of virus to be on the lookout for. Symptoms of other types of virus infections include programs opening up on their own and a slow computer. Some viruses may send messages from your email account without you knowing about it. Here are some more ways to protect yourself from ransomware and other computer viruses:

  • Use both firewall and anti-virus software
  • Do not open attachments, links or programs from an email, including those from people you know, until you check for viruses.
  • Do not use public Wi-Fi connections unless on a virtual private network or using encryption software.
  • Keep security software current, use administrative rights and use a firewall.
  • Use the most recent version of your operating system and browser.
  • Back up all data.
  • Train employees on security measures for all devices.

How can you mitigate insider threats? Tune into the Carbonite webinar that I’ll be hosting live on Wednesday, March 15th at 11 am ET, to learn how. Register here: http://go.carbonite.com/security-threat/blog.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

Most Locks are stupid easy to pick

I hate to say this, but…any dummy can learn to pick a lock. This means that the locks on your house’s doors are probably very “pickable” unless you have a top-flight lock system—which few homes actually have.

1BAn article on lifehacker.com describes how easy it was for the writer to pick a lock from a lockpick set. He discovered that this type of lock isn’t much different than door locks. He also makes a point about the term “pick resistant.” This doesn’t mean “pick preventable.”

Don’t count on your average door locks to be pick resistant. They are pick easy. Grade 1 locks are the most pick resistant, while Grade 3 are easy.

The article also notes that a fancy looking lock might entice a thief to try to pick it, as he’ll assume a fancy lock means lots of valuables inside. A Grade 1 deadbolt doesn’t have to look snazzy, though.

The author also writes that there are other ways than picking to get past a lock.

  • Bump keys. You can get these at a hardware store or online. Their ridges can line up with a lock’s pins and open it. These are truly master keys to most house doors.
  • Lock snapping. Apply pressure to the lock and snap it in half. However, few locks these days are made this weak.
  • Credit cards. Sticking a credit card in between the door and frame really does work—but not for deadbolts.

Many burglars use non-picking methods. The bottom line is that average locks are just plain weak. But not all intruders care to buff up their lock picking skills. Impulsive intruders, such as teen boys, just want to get in without being savvy about it, so they’ll often kick open a door, smash through a window or ring the doorbell till someone answers and force their way in. Heck, they may even do what so often they do: waltz through an unlocked door.

The FBI says that most burglars get in via forced entry. But it greatly helps to have great door locks. Intruders don’t want to get noticed. They don’t want to set off every dog within a hundred yards barking. They usually really care about being as sneaky as possible. But if they lack lock picking skills, they’ll likely give up on a well-protected house.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.