Home Security Cameras 101: Filming

Before buying a security camera, ask yourself:

  • Where do you want to place it?
  • How well-hidden can it be or does it need to be?
  • Are you familiar with laws pertaining to filming people with or without their knowledge?

5HWhere is setting up the camera illegal? Bathrooms, locker rooms, dressing rooms and residences other than yours (unless you have that other individual’s permission to set it up for their use).

Assume this list is not complete; the bottom line is that video surveillance is prohibited where anyone could be naked or even partially nude. There may be some gray areas, however. In that case, consult with an attorney.

A gray area would be some kind of private room where a person might be undressing, such as a dressing room for a theatre production, a cabana at a country club or beach, or a mock dressing room for a model posing for an oil painting class.

What if you want to set up a camera in the locker room, dressing room or bathroom of a business you own—not to be nosy, but to catch any thieves or other criminal behavior?

Sorry, it’s against the law. The propensity to be partially naked wins out over the possibility of someone stuffing unpaid-for items in their pants or sexually assaulting someone in a bathroom stall.

But this doesn’t mean you can’t place cameras outside the targeted room, to capture entrances and exits on a timeline. Set the camera up so that it can’t capture activity inside the room when the door opens.

Home Cameras

  • The general rule is that if a scene is viewable to the public, your camera can be stationed to record it, such as the parking lot smack in front of your front door or the neighbor’s outdoor deck across the parking lot (where it’s not expected anyone will undress).
  • Though it’s legal to point a camera at the neighbors, it can incite them and cause you grief, including legal action against you (people can sue for anything and everything; doesn’t mean they’ll win, but the anticipated defense legal fees and the whole headache of being taken to court often convince the defendant to retract the behavior that triggered the lawsuit).
  • This is NOT legal advice. Consult your attorney and local laws.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Business Credit Scores 101

Are you a small business? Do you know your business’s credit score? The range is zero to 100 for most credit reporting agencies, with at least 75 being desirable if you want to be approved for financing and trade credit (business loan or line of credit), says a report at NAV.com and from Gerri Detweiler’s new book, Finance Your Own Business.

1SWhat determines credit score of a business?

  • Size of business
  • Payment history
  • Outstanding debts
  • Credit history length
  • Credit utilization ratio
  • Industry risk
  • Public records (which the credit agencies are always inspecting)

The credit score of your business may be different among the different credit reporting bureaus. The nav.com article summarizes the three most common bureaus below.

Dun & Bradstreet PAYDEX (zero to 100)

  • Based on the total number of payment experiences in D & B’s file, this is a dollar weighted indicator of the company’s payment performance.
  • Vendors and suppliers favor the PAYDEX.

Intelliscore PlusSM from Experian (zero to 100)

  • This credit risk score is statistically based and predicts the likelihood of payment delinquency in the subsequent 12 months.
  • This score incorporates multiple factors and is quite reliable.

FICO® LiquidCredit® Small Business Scoring Service (zero to 300)

  • The SBSS rates applicants by their odds of making payment deadlines.
  • The SBSS score is used for credit line and loan applications (up to 350K from the Small Business Administration).
  • 140 is the minimum score to pass the Small Business Administration’s pre-screen process.

Using Business Credit Scores

  • Lenders want to know how well your company pays debts. They won’t want to lend to you if your credit score is low.
  • When is the last time that you reviewed your business’s financial information? This should be done on a recurring basis.
  • Credit scores fluctuate and are not immune to calculation error. Contact the credit agency if you spot an error or it seems that your score is lower than it should be.

Improving the Credit Score

  • Companies can raise their score by avoiding late payments, among other actions. Improving the score won’t happen overnight.
  • Credit utilization should be about 25 percent.
  • Open several credit accounts.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Child Predator screws up, gets caught

If you’re a pedophile, you’d be wise not to keep any prescription containers in view of a webcam with your lewd pictures. The information on such a bottle is what helped pedophile Stephen Keating get 110 years in the slammer says a CNN article.

4HBut the amazing thing is that the bottle’s information was extracted from a blurry image of it in the background of a photo that Keating took of one of his 14 victims. Keating posted the photo online, not knowing that that innocent little prescription bottle would get him busted—along with the fingerprints that were extracted off his fingertips in the image.

Yes, this is what forensic technology can do these days. Only some of Keating’s name and the prescription number were actually extracted in a photo lab, but it was enough information for a record check of the pharmacy to get his identity.

Homeland Security Investigations Cyber Crimes Center specialist Jim Cole says his Project Vic teamviews half a million images every week.

How does this technology work?

  • Computers use “Photo DNA” to speedily sift through hundreds of thousands of photos, separating previously viewed ones from new ones, sparing investigators from having to see disturbing images more than necessary.
  • Cole says that what used to take nine months now takes one month.

In another case, an image showed a woman and her victim holding a fish at a campground. The woman was a known offender…but where was this campsite?

The image of the fish was sent to Cornell University for analysis of the species: Where is this type of fish found? The location was narrowed down to a specific area, and then the campsite image, minus the offender and young victim, was sent to all the campsite advertisers in that region. They got a hit, and in fact, the reception room of the particular camping grounds had the same image on display. All of this took place in under four hours.

Even a blurry company logo on a shirt can be extracted for identification. In one case this led to a plumbing business where an offender used to work.

Where are all these images coming from in the first place? The public sends in tips to the CyberTipline. So do giants like Google, Facebook and Twitter. Cole says that the advanced technology has caused an exponential increase in the number of victims rescued.

Good guys 1. Predators ZERO.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

10 Ways to Protect your WordPress Site or Blog from Hackers

As much as you try, the unfortunate truth is that hackers are going to try to attack and access your WordPress website or blog, whether you like it or not. So, it is up to you to make sure you make the hacker’s job as difficult as possible. Here are some tips:

2D1. Use Plugins

One way to make your WordPress account less appealing is to use security plugins. These vary in quality, and you might have to purchase some of them, too. Just make sure to do some research before buying them, and when you do, only buy them from a trusted marketplace.

2. Choose The Right Password and Change It Often

When choosing a password for your account, make sure it is a minimum of 8 characters, and mix it up with letters, numbers and symbols. Also, change your password about every 2-3 months.

3. Change Your Defaults

Also, make sure that you are changing the default user name and password that you are given for your hosting account.  It’s best, in fact, if you change any detail that you are allowed to change, simply because you don’t know how secure your host’s servers are.

4. Only Choose Secure Hosting

Use a secure hosting company. There is no better tip that that. If you go with a free package, understand that you will get what you pay for.

5. Install All Updates

Make sure you are installing any updates you get from WordPress. These often contain security features that can protect you.

6. Consider Hosting Company Security Options

Many good hosting companies offer security options for their clients, and if you have this option, do it. Just make sure you are not paying too much, and look for coupon codes, if possible.

7. Delete What You Are Not Using

If you have unused images or plugins in your account, delete them. They waste space and can put your account and site at risk.

8. Back Up Everything

Your best defense against hackers is to make sure you are backing up everything, and do it often. You can delete any old backups to save space.

9. Watch the Powers You Give Contributors

Though it might be tempting to allow authorized contributors to post their own blogs and articles, don’t give them any more access to your site than you have to.

10. Use Security suites

There are a variety of web based security products designed to proactively monitor your site and block unauthorized activity. Check out Cloudbric. This all-inclusive solution helps in preventing web attacks including DDoS, while also providing SSL and CDN services.

Robert Siciliano is a personal privacy, security and identity theft expert to Cloudbric discussing identity theft prevention. Disclosures.

Ransomware Hackers provide Customer Service Dept. to Victims

Yes, believe it or not, ransomware has become such a booming business for thieves, that these cyber thugs even provide bona fide customer service departments to guide their victims!

4DWhen ransomware infects your computer, it holds your files hostage; you can’t access them—until you pay the hacker (usually in bitcoins). Once paid, the crook will give you a decryption “key.” Sometimes the fee will go up if you don’t pay by a deadline. Fees may a few to hundred to several hundred dollars to way more for big businesses.

Thieves typically include instructions on how to pay up, and they mean business, sometimes being “nice” enough to offer alternatives to the tedious bitcoin process. They may even free one file at no cost just to show you they’re true to their word.

As the ransomware business flourished, particularly Cryptolocker and CryptoWall, hackers began adding support pages on their sites to victims.

An article at businessinsider.com mentions that one victim was able to negotiate a cheaper ransom payment.

Why would thieves support victims?

  • It raises the percentages of payments made; the easier the process, the more likely the victim will pay. The businessinsider.com article quotes one ransomware developer as stating, “I tried to be as [much of] a gentleman thief as my position allowed me to be.”
  • It makes sense: If victims are clueless about obtaining bitcoins and are seeking answers, why wouldn’t the crook provide help?

Perhaps the most compelling reason why bad hackers would want to help their victims is to get the word out that if victims pay the ransom, they WILL get their decryption key to unlock their encrypted files.

This reputation puts the idea into the heads of victims to “trust” the cyberthief. Otherwise, if ransomware developers don’t give the key to paying victims, then word will spread that it’s useless to pay the ransom. This is not good for the profit-seeking hacker.

These crooks want everyone to know that payment begets the key. What better way to establish this reliability than to provide “customer” support on websites and also via call centers where victims can talk to live people?

Apparently, at least one ransomware developer has a call center where victims can phone in and get guidance on how to get back their files.

Prevent ransomware by keeping your devices update with the latest OS, antivirus, updated browser, and back up your data both locally and in the cloud.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Parents legally can spy on their Kids

Just because something is legal, does that mean you should do it? In the case of spying on your kids’ phone activities, some say yes. Though the very same mode of operation is illegal in most states when the eavesdropper is your boss or anyone else and you’re the “eavesdropee,” this same mechanism is legal and encouraged for parents to their kids.

12DYou’re probably envisioning a parent listening in on their boy-crazy teen daughter’s phone conversation. But it’s more than that.

According to a nydailynews.com article, the Court of Appeals in New York ruled that secretly listening in on and even recording a cellphone conversation is legal—after a man recorded a cellphone conversation involving his five-year-old son. The child’s mother’s boyfriend, over the phone, threatened to beat him.

Dad acted in good faith when he wired the phone, and the slime who made the threat, was convicted on three counts. But his attorney claimed that the eavesdropping was illegal and thus, the conversation was not admissible.

The judge in this case pointed out that not all cases come in template form inside a black box. But can a parent eavesdrop on an older child who’s cognizant enough to rationally protest? Again, we can’t apply a cookie cutter to this concept. But in New York, it’s legal to conduct this practice, with the assumption that the parent is acting in the best interest of the minor.

In another case, points out the article, a woman inserted a tape recorder in her autistic son’s backpack to pick up the suspected verbal abuse from the boy’s bus matron.

The line can be very fuzzy over just when it’s ethical for a parent to tap a child’s phone conversations and when it’s done for more self-serving reasons, such as in divorce cases. Again, it’s legal in New York, because it was determined that the potential benefits far outweigh the potential grievances.

At least 12 other states, though, are on board with this doctrine of vicarious consent, including New Jersey, Texas, Arizona, Maine and the Carolinas. Hopefully, not too many parents will abuse this legal right and end up eavesdropping for the fun of it or to show off their “power” as the adult in charge.

But that fact is, kids can get into lots of trouble with their physical and digital lives if their parents are unaware of what’s going on.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

The TSA confiscated 2,653 Guns in 2015

How dumb can air travelers be, trying to get guns past the TSA? Duhh, don’t they know that the X-ray equipment or pat-downs will detect them? Just last year, over 2,600 guns were detected. More than 80 percent of these guns were loaded. Talk about the world’s dumbest criminals.

7HIt gets better: People have also tried to sneak past the TSA other potentially lethal weapons. In 2015, the TSA confiscated the following potentially deadly instruments:

  • Metal sickle shaped weapon. This could easily dig out someone’s insides.
  • Gun powder; yes, non-metallic weapons can be detected.
  • Lots and lots of knives
  • Ninja climbing claws (yes, don’t know how else to describe these, but what you’re right now picturing is probably pretty accurate)
  • Ninja stars (scads of these, in all shapes and sizes)
  • Cane swords (a sword hidden in a cane that looks like Grandpa’s)
  • Meat slicer, where is someone traveling that they need to bring a meat slicer, and if they really need to do this, why try to bring it on the plane rather than get it checked through with baggage? Although I doubt they had evil intentions with that device.
  • Grenades, real and fake
  • Pepper spray (lots of it)
  • Samurai swords
  • And no kidding: a Klingon sword—you know, that crescent shaped thing. They actually make these things—called bat’leths—Trekkies don’t get special passes on airplanes.
  • Battarangs (can you figure out what these are, based on the name? Hint: “Holy Ravioli, Batman!”)
  • Drugs (hidden in items that you’d think TSA would never suspect to look in, such as peanut butter, candy wrappers and batteries.

Certainly, some of these travelers meant no harm. In fact, maybe the vast majority of them meant no harm with their weapons, and were just innocently (and idiotically) bringing them along, figuring, “As long as it’s not a gun or sword, my Ninja star or can of mace will be okay.”

However, don’t people know by now that anything sharp and metallic, or containing a chemical poison, will be confiscated? See more allowed/prohibited items HERE.

And what were the people with the grenades, handguns and swords thinking? Certainly not “TSA’s gonna get me!” You humans just amaze me.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Hacker for hire a rising Trend

Hackers and wannabe hackers can easily purchase cheap tools of the trade online. The security firm Dell SecureWorks Inc. confirms this in their latest report and adds that underground markets for hackers, including those from Russia, is thriving.

11DThe “Dark Web” is the go-to place for hackers looking for guidance and tools like malware. Yes, you can buy malware. If you don’t want to be the hacker, you can hire a hacker.

There’s any number of reasons why a non-techy person would want to hire a hacker. Maybe that person wants to make money and thus hires a hacker to create a phishing campaign that generates lots of credit card numbers and other personal data for the hacker’s client to then open credit lines in victims’ names.

Maybe another client wants revenge on an ex-lover, their current boss or neighbor; they hire a hacker to crack into the target’s Facebook account, and then the client is able to log in, impersonate the victim and post comments and images that will make the victim look frightfully bad.

Dell SecureWorks Inc., also found:

  • For $129 a hacker will steal e-mails from personal Yahoo or Gmail accounts.
  • For business accounts, however, hackers want $500 per e-mail.
  • Wannabe hackers can buy phishing tutorials as well as other tutorials for $20 to $40.
  • Gee, for just $5 to $10, you can buy a Trojan virus that you can infiltrate someone’s computer with and control it—even if you’re a thousand miles away.

So booming is the hacker for hire and hacker-in-training industry, that these cybercriminals even offer customer service. Makes you wonder why hackers are selling their knowledge, tools and providing customer service, if they can make so much more money just hacking.

Well, maybe deep down inside, these crooks have a kind heart and want to help out people, even if it means helping them commit crimes. Another explanation is ego; they’re so good at what they do that they want to share their knowledge, albeit for a fee.

What else is for sale on the Dark Web? Stolen hotel points and frequent flyer accounts. Buyers can use these to get gift cards on legitimate sites, says the report from Dell SecureWorks Inc.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Should you take active Shooter Training?

Gunman Storms Building, Shot Dead by Receptionist

Wouldn’t it be great to see a headline like this for once? More than ever, employees are being trained to react tactically should a gunman go on a rampage.

2BThere has to be a better way, for instance, to protect children in a classroom than the teacher diving between them and the bullets and getting killed. Being hailed a hero is no consolation to the family he or she leaves behind.

In Boston, active shooter training is taking place, says an article at myfoxboston.com. Todd McGhee, a former state trooper, is the instructor. He charges $150 per person for an hour. May sound like a lot, but think of all the ways someone can mindlessly drop $150 over one weekend.

Active shooter training is also offered by some private firms in most metropolitan areas. It’s catching on in this day and cyber-age when every public gunning incident seems to get news.

In a real life scenario, the victim has maybe less than two seconds to make a life altering decision: bolt, dive out a window, hide, put their body between the gunman and children (and often, this results in death), rushing the gunman, playing dead once the bullets start flying (this has actually worked), and who knows what else—like whipping a pistol out of your pocket and shooting back. Reasoning with the gunman has also worked, but these are truly exceptional cases.

In a workplace setting, often the gunman is a former employee. The grievance he has may be towards his boss or someone there he was dating or wanted to date but was rejected.

The myfoxboston.com article notes some risk factors for deviantly violent behavior including divorce, loss of the job, financial woes, being bullied and experiencing child custody issues. However…it stands to reason that anyone who’d bulldoze into a business or public setting and start shooting has at least several of these problems.

Though issues such as being passed up for a promotion, ridicule by coworkers, being recently fired and other workplace problems normally don’t turn employees into killers, these situations are a common thread among such gunmen.

Sometimes the most meek employee turns out to be the shooter, and employees need to learn how to respond with tactics, strategy and proven methods rather than with panic and screams.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Don’t pick up that USB Drive!

What a very interesting experiment: Researches randomly deposited 297 USB drives (aka USB stick, flash drive, thumb drive) around the University of Illinois Urbana-Champaign campus. They wanted to see just how many, and how soon after dropping them off, they’d be collected by people.

2DTurns out that 48 percent of the drives were taken and inserted into computers. The report at theregister.co.uk says that in some cases, this was done minutes after the drives were left in the public spots.

Picking up a USB drive off the streets and plugging it into your computer is akin to picking up discarded food off a sidewalk and eating it. You just never know what kind of infection you’re going to get.

And what you might get is a virus crashing your computer or stealing your data. That USB stick could contain malware—either left in public as a prank, or innocently lost or discarded without the original owner knowing it’s infected.

Or…it might have been left in a public spot by a hacker with full intent of gaining control of your computer to collect your personal data and committing fraud, such as opening lines of credit in your name or emptying out your bank account.

The USB sticks for the study contained HTML files with embedded img tags. The tags allowed the researchers to track the USB activity, which is how they new that, for instance, one of them was plugged into a computer only six minutes after it was left to be “found.”

Only 16 percent of the people who picked up the sticks actually scanned them to check for viruses before plugging them into their computers. And 68 percent simply inserted them without any regards to what they could get transferred into their computers.

  • Some users trusted that there was no harm.
  • Some plugged in the drive to seek out the owner.
  • Some intended to keep the stick.
  • Conclusion: A cybercriminal could easily take control of a business’s system by leaving a rigged USB drive in the parking lot, let alone get control of a personal computer by leaving the stick in any public place frequented by lots of people.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.