Britain Scrapping National Identification Card

/2 Comments/in /by

The Telegraph reports that UK National Identity Cards containing biometric details, including fingerprints, “were championed by the previous Labour government as a way of preventing terrorism and identity theft.” But the new administration immediately scrapped the initiative, introducing the Identity Documents Bill to Parliament in May, which provided for the cancellation of the UK National Identity Card and the Identification Card for EEA nationals, as well as the destruction of the National Identity Register. As a result, the National Identity Register and all personal information supplied with identity card applications will be destroyed by February 2011.

My opinion is this is short sighted of the UK. Bahrain, Belgium, Finland, Italy, the Netherlands, Germany, Oman, Portugal, Qatar, Saudi Arabia, Spain, Sweden and the UAE are some of the countries that have planned or already started to deploy electronic national ID (e-ID) cards. These cards are more secure because they can contain smart card chips. Some countries are implementing e-IDs that also include biometrics, and the ability to digitally sign documents.

Citizens can use their e-IDs for standard uses, like getting a driver’s license or a passport, or benefits from the government. But the cards also allow citizens to access more secure e-Government applications. Some examples including secure electronic filing of taxes, e-Banking, and even e-Voting.

More information on smart cards can be found at http://www.smartcardalliance.org, and at http://www.eurosmart.com/.

According to Information Week, “Surveys of British nationals revealed they wouldn’t mind carrying such an ID, provided they didn’t have to pay for it. Suggested in the wake of Sept. 11, a draft bill to introduce the cards appeared in 2004, before they became law in 2006. At various points, the government promised the ID cards, containing biometric data, would help prevent everything from terrorism and identify fraud to illegal immigration and crime.”

In the US, the government has attempted to standardize the identification process once and for all with the REAL ID Act, which will likely be squashed  under Homeland Security Secretary Janet Napolitano, who has proposed a repeal of the act. This is due to the amount of resistance RealID is facing from state governments and privacy advocates who don’t understand that the value of effective identity documentation of the degree of security that goes into an ID technology.

We have as many as 200 forms of ID circulating from state to state, plus another 14,000 birth certificates, and 49 versions of the Social Security card. We use for-profit third party information brokers and the  vital statistics agency that works to manage each state’s data. A good scanner and inkjet printer can compromise any of these documents. This is not established identity. This is an antiquated treatment of ID delivery systems. Identity has yet to be established. We need a better plan.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses Social Security Numbers as National IDs on Fox News. Disclosures

Managing A Digital Life: Teachers Friending Kids

/1 Comment/in /by

Teachers in numerous Massachusetts cities and towns are not allowed to “friend’’ students on Facebook or other social networking sites, and a number of other school districts south of Boston are considering a similar ban.

The Boston Globe reports that many communities are working on policies governing school staff’s use of Facebook, “inspired in part by ‘model’ rules on the subject distributed this fall by the Massachusetts Association of School Committees.”

The Massachusetts Association of School Committees rules are designed for administrators to “annually remind staff members and orient new staff members concerning the importance of maintaining proper decorum in the online, digital world as well as in person.’’

Teachers should be reluctant to add students as friends on Facebook, as Facebook and other social media sites blur the lines in the student and teacher relationship.

Growing up, we knew nothing about our teachers. They were authority figures that didn’t seem to exist in the real world. If we ever saw a teacher in public, at a mall, wearing regular clothes, we fell into a state of shock!

Now, because of the personal information made available on teachers’ Facebook profiles, students know more than they should about their teachers’ personal lives. They know if a teacher’s relationship status is “Complicated,” and that over the weekend he “Partied like it was 1999.”

One argument against students and teachers establishing online friendships is the need for a distinction between personas in and outside the classroom, and a necessary distance between students and teachers, in order to maintain respect and define a teacher as “a role model, mentor, and advice giver – not a ‘friend.’”

Ultimately, the teacher-student relationship is all about guiding the student through a set curriculum involving reading, writing, arithmetic, and so on. This is and has always been a professional relationship, not a social one. Social media facilitates a social relationship. Call me “old school,” but it doesn’t seem right for students and teachers to connect in this way.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses child predators online on Fox News. Disclosures

Skype App Adds Video Calling

/0 Comments/in /by

When traveling for business, I often use Skype to video chat with my family at home. This is a comforting way to connect while sitting in a hotel. I’ll even leave the call on for hours at a time, just to watch what they do and hear the homestead background noise, which often includes the screaming of little ones.

The coolest thing about the Skype application for my iPhone has always been the ability to make calls from other countries to any phone number the USA for a flat rate of $3 per month. Skype-to-Skype calls are free to and from anywhere in the world.

Skype now works on the 3G network, but you may not want to use another carrier’s network in another country, at a cost of a dollar or more per minute, plus connection fees of $20 or more in many cases.

The new Skype app for the iPhone allows users to make video calls to any Skype user. With the new app, you can make free Skype-to-Skype voice and video calls over 3G and Wi-Fi, share your Skype video calls with users on iPhones, PCs, and Macs, and you can talk face-to-face or display what you’re seeing with the iPhone’s front and rear-facing cameras.

Share that spectacular sight…show off those new shoes…include others in the big event…speak to clients face-to-face… Now Skype for iPhone lets you get more out of any moment with friends, family, and colleagues.

CNET reports, “Skype for iPhone will work for anyone on Skype’s network, be they desktop or mobile users. While you can only broadcast video on on Apple devices with rear-facing or front-facing cameras–namely the iPhone 4, iPod Touch 4, and iPhone 3GS, you can also receive incoming video broadcasts on the iPad and third-generation iPod Touch. As an extra bonus, desktop Skype users (Windows|Mac) can share a view of their computer screen with Skype users on iPhone.”

If you haven’t used Skype for video calling, give it a try. In my home we use it almost daily. I have an in-law in Australia, and she and my family talk via Skype all the time. The connection is nearly perfect, and best of all, it’s free!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses sharing too much information on the Internet on Fox News. Disclosures

New Consumer Electronics Security Lacking

/0 Comments/in /by

Early adopters of new technology often discover bugs, quirks, imperfections, and security issues before a product is widely adopted. That’s why I usually wait six to eight months for companies to fix their flaws.

Researchers discovered they could hack into Internet-ready HDTV’s. One of the top five best-selling TVs left its security process vulnerable to attack, allowing a hacker to compromise the data transmitted between the TV and websites that provide content. The report states that any website could be spoofed, and the spoofed site made to appear onscreen. The fake site could resemble a video download site, for example, and request credit card information for a movie purchase. Researchers also found that they were able to monitor data being sent from the TV to the Internet.

The New York Times reports:

“[This] test also illustrates what security experts have long warned: that the arrival of Internet TVs, smartphones and other popular Web-ready gadgets will usher in a new era of threats by presenting easy targets for hackers. As these devices become more popular, experts say, consumers can expect to run into familiar scams like credit card number thefts as well as new ones that play off features in the products. And because the devices are relatively new, they do not yet have as much protection as more traditional products, like desktop computers, do.”

Proposed solutions include software fixes and biometric authenticators, such as fingerprint readers and facial recognition technologies. Intel, the chip maker, recently bought McAfee a security software company , saying that they plan to incorporate McAfee’s security into gadget hardware.

In the meantime, consider waiting it out before you jump in. If already own this type of TV, be cognizant of the scam and beware of unauthorized charges to your card.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses another databreach on Fox News. Disclosures


Top Targets for Emerging Threats in 2011

/0 Comments/in /by

This McAfee Labs list comprises 2010’s most buzzed about platforms and services, all of which are expected to be major targets for cybercriminals in the coming year.

Exploiting Social Media: URL-shortening services
With more than 3,000 shortened URLs being generated per minute, McAfee Labs expects to see a growing number used for spam, scamming, and other malicious purposes.

Exploiting Social Media: Geolocation services
Locative services can easily search, track, and plot the whereabouts of friends and strangers. Cybercriminals can see what users are saying and where they are located in real time, as well as their interests and which operating systems and applications they are using.

Mobile: Usage is rising in the workplace, and so will attacks
2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

Apple: No longer flying under the radar
The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure.

Applications: Privacy leaks—from your TV
New Internet TV platforms were “rushed to market” by developers, and some lack security. These apps will target or expose privacy and identity data, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps.

Sophistication Mimics Legitimacy: Your next computer virus could be from a friend
Malicious content disguised as personal or legitimate emails and files to trick unsuspecting victims will increase in sophistication. “Signed” malware that imitates legitimate files will become more prevalent, and “friendly fire,” in which threats appear to come from your friends, will grow.

Botnets: The new face of Mergers & Acquisitions
Botnets continue to use a seemingly infinite supply of stolen computing power and bandwidth. McAfee Labs predicts that the recent merger of Zeus and SpyEye will produce more sophisticated bots.

Hacktivism: Following the WikiLeaks path
Politically motivated hacks will proliferate and new, more sophisticated attacks will occur. More groups, consisting of individuals claiming to be independent of any particular government or movement, will follow WikiLeaks’ lead.

Advanced Persistent Threats: A whole new category
Operation Aurora gave birth to the new category of advanced persistent threat (APT)— a targeted cyber espionage or cyber sabotage attack carried out under the sponsorship or direction of a nation-state for something other than pure financial/criminal gain or political protest.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit and debit card fraud on CNBC. Disclosures

5 Ways to Update Your PC for the New Year

/0 Comments/in /by

Out with the old and in with the new. In my household, closets, cabinets, and drawers are purged and reorganized during the last two weeks of December. Anything that hasn’t been used in the past year, is tossed, donated, or recycled. I rarely put anything into storage, since that generally means I’ll never use it again. This process makes room for new Christmas gifts, and clearing out stuff clutter also helps disperse mental clutter.

During the first two weeks of January I do the same thing with gadgets and technology. To get your PC organized and efficient, follow this process:

1. Go through your files, deleting and organizing as necessary.

2. Back up your data. McAfee offers unlimited online backup for $5 a month. For local backup, the 2TB Western Digital MyBook for $99 can’t be beat.  I use both, plus redundant local drives, and I keep them in sync with GoodSync. Including online backup, I have three to four versions of every file.

3. Organize your software. Gather all the disks and serial numbers and back them up in two or three locations. I have all my software on CDs or DVDs, and I’ve also ripped (ripping is the process of copying audio/video/software to a hard disk) into organized folders on external drives. This includes all your drivers, recent versions of browsers, antivirus and anti-spyware software, and any free applications you use.

4. Download and run Belarc Advisor, a free utility that takes a snapshot of your entire system and tells you everything that’s installed, including serial numbers, and helps you identify bloat (bloat is when computer programs have many unnecessary features that are not used by end users). Print it out or turn into a PDF with free PDFCreator.

5. Reinstall your operating system. (This is easier than it sounds.) Reinstalling your operating system every year or two eliminates bloat and malware and speeds up your PC. Once you’ve followed the first four steps, the reinstall process is easy and efficient. It sometimes takes a second try to get it right, but once it’s done it’s done. Just search online for your operating system’s reinstall requirements. It is always best to have a second Internet-connected PC at your disposal, so if you do run into problems you can search for help online. Once the reinstall is complete, go to “Windows Update” in your control panel or programs menu to update your operating system’s critical security patches.

If you elect not to reinstall your operating system, at least complete the first four steps, and then proceed to “Windows Update.”

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers hacking hotels on CNBC. Disclosures

10 Security Tips For Holiday Shopping

/0 Comments/in /by

1. During the holidays, criminals engage in “black-hat SEO,” wherein they create fake websites and then use the same techniques as legitimate online businesses regarding search engine optimization, marketing, and online advertising via Google AdWords. They use keywords to boost rankings on Internet searches, causing their spoofed websites to appear alongside legitimate websites. These same processes are also used to infect unsuspecting users with malware.

2. Many victims who wind up on malicious websites when holiday shopping have found their way to these sites via phishing emails, which offer high-end products for low prices. It’s easy enough to avoid this. Common sense says that whenever you receive an unsolicited email offer, you ought to automatically be suspicious. The same applies to any offers received through tweets, or messages sent within social media. Scammers are committing social media identity theft everyday. If you aren’t familiar with the online retailer behind an offer, don’t even bother clicking a link, especially if the offer sounds too good to be true.

3. If a familiar and trusted website sends you an email offer and you decide to click, make sure you’ve been taken to the correct URL for the retailer. Beware of cybersquatting and typosquatting, in which the address only resembles the legitimate domain.

4. When placing an order online, always look for “https://” in the address bar, signifying that a page is secure. Scammers generally don’t take the time to create secure websites. Note that an image of a closed padlock also indicates that a website is secure.

5. Beware of emails from eBay scammers. I’ve been getting ten a day. The fact is, it’s difficult to tell a real eBay offer from a fake one. If you are seeking deals on eBay, go directly to the site itself, and don’t bother responding to emails. If a deal in an email is legitimate, you can find it by searching eBay.

6. Whenever you decide to make an eBay purchase, look at the seller’s history. eBay is based on the honor system. If a seller is established and has a record of positive feedback, they should be trustworthy.

7. Don’t worry about credit card fraud. But do pay close attention to your statements. Check them online at least once every two weeks, and refute unauthorized charges within two billing cycles, otherwise you will pay for an identity thief’s shopping list.

8. Don’t use a debit card online. If your debit card is compromised, that money comes out of your bank account directly and immediately. Credit cards offer more protection and less liability.

9. Avoid paying by check online. It’s fine to use checks in person, but when using an unfamiliar virtual website, it is not. Once money has been taken from your account and the goods, you’ve ordered fail to arrive, getting it back proves difficult if not impossible. Use a UniBall gel pen to prevent check washing.

10. Do business with those you know, like, and trust. I, for one, am guilty of buying from retailers who offer the best deals. But I only buy low-ticket items from unfamiliar sellers, generally spending less than $50. It’s best to buy high-ticket items exclusively from retailers that also have brick and mortar locations.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto, and he is running the Boston Marathon in April 2012 to support Miles for Miracles for Children’s Hospital Boston.

Traveling for the Holidays? Get The “My TSA” iPhone App

/0 Comments/in /by

Each holiday season, the TSA prepares its workforce of 50,000 transportation security officers to provide a smooth experience for holiday travelers. Since this is the busiest travel time of the year, the TSA is reminding passengers of the security procedures in place, so you know what to expect before leaving home.

Children: The TSA has implemented new procedures for passengers age 12 and under. Pat-downs will be reduced, although not eliminated, to resolve parental alarm without sacrificing effective security. Children are also permitted to leave their shoes on at security checkpoints.

Liquids: Families or individuals traveling with medically necessary liquids can use Family Lanes for a more pleasant travel experience. There are Family Lanes at every security checkpoint, allowing families and travelers with special needs to go through security at their own pace. Individuals carrying medically necessary liquids, gels, and aerosols in excess of three ounces will also be directed to these lanes.

Food: Everyone either wants to bring a favorite food to their holiday dinners, or leftovers or other items they’d like to bring back home with them. Travelers should know that while pies are permitted through security checkpoints, the following list of liquids must be checked, shipped, or left at home:

  • Cranberry sauce
  • Creamy dips and spreads (cheese, peanut butter, etc.)
  • Gift baskets containing liquid food items
  • Gravy
  • Jams
  • Jellies
  • Maple syrup
  • Oils and vinegars
  • Salad dressing
  • Salsa
  • Sauces
  • Soups
  • Wine, liquor, and beer

The Transportation Security Administration’s “My TSA” iPhone app, which you can download for free through iTunes, provides real-time operating status updates for U.S. airports from the Federal Aviation Administration, allowing you to check approximate wait times at security checkpoints, flight delays, and weather conditions. You can also share your wait times with others, and provide immediate feedback to the TSA concerning your checkpoint experience. It includes a tool to quickly confirm whether an item is allowed in carry-on or checked baggage, plus information about ID requirements, restrictions on liquids, and tips for packing and dressing to speed up the process of going through security checkpoints.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto, and he is running the Boston Marathon in April 2012 to support Miles for Miracles for Children’s Hospital Boston.

Are You Protected From Zeus?

/0 Comments/in , , , /by

In Greek mythology, Zeus is the father of all gods and men. Today in the tech world, Zeus is the father of all computer viruses. The Zeus Trojan virus, which has been around since 2007, has been described as one of the most powerful, sophisticated, and evasive viruses ever. Many antivirus programs have had difficulty defeating it. Experts believe that millions of computers may have the virus without users having noticed.

Zeus behaves like many other viruses in that it may lure the PC user into clicking an infected link in the body of an email, then instantly downloads the virus, which quietly installs itself in the background. Sometimes that link may point to an infected website, which injects the virus in the form of a “drive-by download.” Once Zeus has been installed, it works as spyware, recording keystrokes as the user types.

Last month, the FBI broke up a hacking ring that had used the Zeus virus to steal more than $70 million. More than 100 people were charged or detained, including code writers in the Ukraine and “mule-network operators” throughout the United States, the United Kingdom, and Ukraine. The ring primarily targeted U.S. bank accounts, as well as some in the U.K., the Netherlands, and Mexico.

Zeus is designed to steal bank account login credentials. It has traditionally targeted PCs, but has now been updated to attack cell phones as well, with one version of the malware apparently “intercepting SMS confirmations sent by banks to customers, and defeating the fund transfer authorization codes.”

Protect yourself from this and other viruses by running free operating system updates from Microsoft. Click “Start,” then “All Programs,” and then scroll up the menu and select “Windows Update” or “Microsoft Update.”

You should also install antivirus software. Most PCs come bundled with antivirus software that is free for the first year or six months. Just renew the license whenever it expires. Most antivirus software categorizes spyware as a virus now, but it’s also a good idea to run a spyware removal program daily. You should also install a firewall. Microsoft’s operating system has one built in, but it is not sufficient. Use a third party firewall that comes prepackaged with antivirus software.

And don’t be a fool. Scammers consider you, the target, “simple minded.” They’ll use 1001 different techniques to trick you into divulging your data. They attempt to gain your trust by lying, sending misleading emails, or planting pop-up ads that try to convince you to download software for your own protection. Just hit delete.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses phishing on NBC Boston. (Disclosures)

Online Privacy: Fighting for Your Eyeballs

/0 Comments/in , /by

You may have noticed that the Internet is expanding. Major newspapers are publishing all their content online, because the readers expect and demand it. 23 of the 25 largest newspapers are seeing declines in readership. And if people aren’t buying newspapers, advertisers won’t place ads in them.

Newspapers hire journalists to investigate the issues that affect us on a daily basis. It’s these well-paid, experienced journalists who keep us informed, disseminating news that helps us make decisions in our own lives. We need these journalists to expose lies and uncover truth. Without quality journalism, the media’s influence will have an adverse impact on us all.

But if newspapers aren’t making money, journalists won’t have jobs. As newspapers shift their business models from local, paper-based distribution to online, potentially international distribution, their advertising strategy must change.

There are hundreds of new companies that understand this dilemma perfectly and have created technologies to capture your attention by knowing exactly who you are and what you want. This is where targeted Internet advertising comes in, and it has privacy advocates freaking out.

Most major websites now install cookies on your computer, which track what you do online. Over time, these cookies develop a profile, which becomes your digital fingerprint, to a certain extent. You may have noticed after searching for a specific product, advertisements for that particular product or brand appearing on various other websites you visit.

Microsoft, Google, Facebook, and most major newspapers, retailers, and advertisers are in on the game. These large companies are making decisions that affect your privacy. As a consumer, you pay close attention to these issues and consider how they might impact you personally.

The Wall Street Journal delves into these questions here, here, and here.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses oversharing on the Internet on Fox News. (Disclosures)