Spotlight on RSA: Latest Security Threats

2012’s RSA Conference kicks off February 27th. Executive Chairman, RSA, Security Division of EMC Arthur Coviello, Jr. will present a program focused on the fact that in the past 18 months, organizations throughout the world have been under attack by nation-states, “hacktivists,” and cyber criminals.

PBS NewsHour Senior Correspondent Jeffrey Brown will address “hacktivism”—the use of computers and computer networks to protest or promote a political agenda or ideology—which Brown will argue has reached a tipping point, requiring an adjustment in our approach toward enterprise security.

And Stuart McClure, Chief Technology Officer at McAfee, will discuss the rapid evolution of the threat environment, and how what was once considered theoretical has become reality.

No one is immune, whether you are a soccer mom, small business, major corporation, the federal government, or the president of Syria, whose email account (password: “12345”) was hacked by a collective known as Anonymous, who were able to access hundreds of private email messages. Anyone who attracts the attention of a criminal hacker is a target.

“Hacktivists” are activists who use computer hacking as a weapon against anyone they deem oppressive. There may be hundreds of thousands of hackers operating based on this justification for their hacking, with little to no oversight or guidelines beyond their individual impulses determining their next victim. In some cases, hackers are motivated simply by petty dislike or disagreement.

Protecting your networks starts with a few basics, including:

  • Total, “all-access” protection, including antivirus, anti-phishing, and anti-spyware
  • Full disk encryption
  • Firewall security appliances
  • WPA2 wireless security
  • Up-to-date operating system and software critical security patches

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Beat the January Blues by Updating and Upgrading Your Digital Technology

A new year is always a welcome opportunity to start fresh, clean up, clean out, update, and upgrade. I’ve always believed that if you aren’t moving forward, you’re moving backward. Staying still in one spot really means that the people and the world around you are passing you by.

This philosophy also relates to the management of your digital life. Old technology isn’t necessarily outdated, but it may need updating, while obsolete technology certainly needs upgrading.

Old PCs: Thanks to “the cloud,” even an old Windows XP machine can have a new lease on life. Reinstalling the operating system and using it for cloud-based applications like mail and Google docs can allow a relic to function better than its old self ever did.

New PCs: I have a Windows 7 desktop that drags a bit, does weird things, and makes the occasional funny noise. It’s about two years old and still in relatively good shape, despite the random glitches. It’s just a matter of time, however, until it degrades to a point where it either stops working or becomes too frustrating for me to deal with. So, while that one is still functioning, I bought another desktop for about $500 that’s better, faster, and has more of everything I want in a work machine. I’ll load the new computer up with all my software and when it’s 100% ready, I’ll make the switch. Meanwhile, the old computer will still work well as a media center.

Old mobiles: If you are still using a feature phone, that’s fine. For many people, all a phone needs to do is be a phone. But make sure to at least consult the manufacturer’s website, because their may be upgrades to your phone’s operating system that can improve its functionality or security.

New mobiles: The technology in smartphones today is just astounding. Whether you use an iPhone, Android, or even a BlackBerry, having the world at your fingertips makes getting things done far more efficient. Besides the obvious benefits of communications, multimedia, and online shopping, a smartphone is a great way to save money. Just the other day, I went to a store to make a purchase and was floored by the cost of an item that I usually buy every two or three years. I immediately went online via my smartphone and found what I was looking for, for 90% less than what I had almost paid. Frankly, I don’t know how brick-and-mortars survive when consumers have this kind of access to price comparisons.

Modem: Your ISP-issued modem starts dying right out of the box. It’s just a matter of time until it starts acting up. If you’ve had it for over a year, take it to your local service center and get a new one.

Router: If you are on a wireless G and all your devices can talk to N, upgrade to N. This process is not for the faint of heart. Depending on the sophistication of your network, this could be a bear. However, by taking screenshots of all your settings and starting fresh, you will have a better Internet experience. If you are happy with the current brand you have, simply upgrade to the newest model for a smoother transition.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Which Will Make a Bigger Splash in 2012, Mobile Wallet or EMV?

During the latter half of the past decade, a heated battle has been fought around the world to determine which payment method will take center stage in the coming years. Many believe mobile payment will leapfrog what is known as EMV, which stands for Euro MC/Visa, or chip and PIN credit card technology, and that soon enough chip and PIN technology will go the way of the magnetic striped credit card.

Certainly, there are many major companies that have wagered heavily on the presumed success of their chosen technology, and these companies have a vested interest in the failure of their rivals. Personally, I think there is more than enough room for both Mobile Wallet and EMV.

Google recently introduced Google Wallet, a mobile app that turns your phone into a wallet by securely storing your credit cards on your phone, as well as promotional offers. When you make a purchase from a brick-and-mortar store that accepts Google Wallet, you can pay and redeem offers quickly by simply tapping your phone at the point of sale.

Google Wallet facilitates online shopping by securely storing your credit cards for use on the Internet as well. Paying is quick, easy, and safe when you make a purchase from an online merchant that accepts Google Wallet.

Meanwhile, Visa has announced plans to “accelerate the migration to EMV contact and contactless chip technology in the United States.” The company intends to encourage investments in infrastructure necessary to accept and process both new forms of payment technology. Jim McCarthy, Visa’s global head of product, explains, “We will speed up the adoption of mobile payments as well as improve international interoperability and security. As NFC mobile payments and other chip-based emerging technologies are poised to take off in the coming years, we are taking steps today to create a commercial framework that will support growth opportunities and create value for all participants in the payment chain.”

The fact that Visa has opted to recognize and support the development of both mobile payment and EMV affirms the likelihood of both technologies’ success.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Necessary Security Updates for 2012

There are changes coming in the world of security technology. Never before have so many criminals been so organized across borders as they are today. The Internet has spawned international crime syndicates of the best of the best criminal minds, who seek to take from you, your government, and all the merchants we rely on to provide products and services.

Security companies have been preparing for this eventuality, and many are rolling out new and improved versions of their technologies to fight the good fight.

Antivirus: Today’s antivirus protection is not the same as yesterday’s. Over the years, antivirus companies have had to upgrade their detection methods and change the way they recognize malware. And it’s no longer effective to have a free, basic antivirus program installed. Criminals are coming from all angles: attacking your PC’s operating system, various browsers, Macs, mobiles, and any website you visit. In response, antivirus companies now offer “total protection” or “all access” suites of software, to protect all your devices across various operating systems for one low price.

Credit cards: The shift from “magnetic stripe” credit cards to “EMV,” which stands for Euro MC/Visa, or “chip and PIN” is underway in North America. Both Canada and Mexico are going full on EMV and several major banks in the United States are beginning to test and even roll out EMV. EMV cards are far more secure than traditional credit cards, and consumers should embrace these new, more secure cards.

Mobile security: The BlackBerry has always been relatively secure, and hasn’t been prone to viruses that impact PCs. The iPhone has been virtually virus-free, but is not 100% immune. Android is quickly becoming a serious contender for the iPhone’s more than 50% market share, and bad guys are paying attention. There has been a significant increase in Android-related hacking, and Android users must, therefore, download and install all the latest updates and invest in a mobile security product.

Keeping your head up and knowing what to watch out for is job one. By staying security savvy, you can effectively deter the bad guys.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Resolve to Be Digitally Secure This New Year

Let’s get one thing straight: it’s no longer possible to deny that your personal life in the physical world and your digital life are one and the same. Meaning, while you are present here on the ground, you continue existing online, whether you know it or like it or not.

Coming to terms with this reality will help you make better decisions in many aspects of your life.

1. Get device savvy: Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless, or software, learn it. No excuses. No more, “My kids know more than I do,” or, “All I know how to do is push that button-thingy.” Take the time to learn enough about your devices to wear them out or outgrow them.

2. Get social: One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software. Keep in mind that “getting social” doesn’t entail exposing all your deepest, darkest secrets, or even telling the world you just ate a tuna sandwich. Proceed with caution here.

3. Manage your online reputation: Whether you are socially active or not, whether you have a website or not, there are plenty of websites that know who you are, that are either discussing you or listing your information in some fashion. Google yourself and see what’s being said. Developing your online persona through social media and blogging will help you establish and maintain a strong online presence.

4. Get secure: There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Invest in antivirus, anti-spyware, anti-phishing, and firewalls. Getting security-savvy is a great way to start a new year.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Holiday Phishers Use Social Media

Every social media website in existence depends on advertising for its survival, to some extent. Criminals exploit this by mimicking these familiar platforms when sending millions of phishing emails designed to entice users into clicking malicious links or visiting spoofed websites that resemble legitimate social media. They also create pages within popular social media that are infected with malware, or malicious links designed to infect the PCs of anyone who clicks.

McAfee has exposed numerous Christmas-related scams. To avoid being snared in a holiday phisher’s net, beware of:

  • Promotional scams and contests: Scammers know that contests and free offers make attractive lures, and have sprinkled Facebook with phony promotions aimed at gathering personal information.
  • Holiday phishing scams: Since people tend to be busy and distracted during the holiday season, phishers incorporate holiday themes into their emails and social media messages, hoping to trick recipients into revealing personal details.
  • Coupon scams: When accepting an offer for an online coupon code, you may be asked to provide personal information, including credit card details, passwords, and other financial data.
  • “It Gift” scams: When a particular gift is hot, sellers tend to mark up the price. Scammers also like to advertise popular gifts on rogue websites and social networks, despite not actually having these items to sell.

 

Awareness is the key. If you can see a potential scam coming and behave proactively, you won’t get hooked.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto, and he is running the Boston Marathon in April 2012 to support Miles for Miracles for Children’s Hospital Boston.

Seasonal Security: A Poem

It’s that time of year, for holiday cheer,

to give of ourselves and ring in the New Year.

But while you celebrate, please keep in mind,

criminals and hackers are not far behind.

 

Mobile malware is here; it’s increased since last year.

Be sure to install mobile malware protection,

so that you don’t receive an unwelcome infection.

 

QR codes are barcodes consumers can scan.

With their smartphones in hand,

a digital bar can locate a great deal, near or far.

But not so fast: these codes can be tricky.

Bad guys can use them to slip your cell a Mickey.

Before clicking that link, remember to think:

Is that code okay? Or might it be sticky?

 

Scareware pops up with frightening lies:

“Your PC has a virus! Install me, or it dies!”

But before you take action, be aware it’s a scam,

and shut down that pop-up before you get jammed.

 

Apples are targeted now more than ever,

‘cause when Mac users hear “virus,” they say, “Not me! No way! Never!”

But they ought to know, studies now show

there is plenty of malware that will plague Macs forever.

So install antivirus. Don’t think, “It can’t happen to me,”

or soon you will see, a Mac is as vulnerable as a PC.

 

Watch out! For holiday phishing!

Or you may wind up wishing

you didn’t believe the hysteria,

when that “prince” from Nigeria,

turns out to be a boldface con

and your money is gone.

 

Happy holidays to all! Enjoy the season! Have a ball!

And when you give, I implore you to heed,

it’s those that have not that are truly in need.

 

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto, and he is running the Boston Marathon in April 2012 to support Miles for Miracles for Children’s Hospital Boston.

Boosting Healthcare Security with Smart Cards

The Smart Card Alliance has put together a list of frequently asked questions about how smart cards work in a healthcare environment, and provided excellent answers. A smart card resembles a typical credit card, but is embedded with a small microprocessor chip, which makes it “smart.” That chip is a powerful minicomputer that can be programmed in different ways to boost security.

Data and applications can be securely stored and accessed on the chip, enabling secure data exchange. Smart card technology provides high levels of security and privacy protection, making it ideal for handling sensitive information such as identity and personal health information.

One of the frequently asked questions addressed by the Smart Card Alliance is how a smart card-based healthcare ID can help patients. The answer, in part, is that this technology allows medical providers to authenticate patients’ identities. “Accurate identification of each person that receives healthcare” is “the cornerstone of quality medical care and good health systems management.” This benefits patients in several ways, including:

Decreases medical errors. Optimal medical care requires that a healthcare provider have access to all relevant medical history and know what medications have been prescribed. A validated patient identity can be linked to a healthcare organization’s medical records. Using a smart card also allows the storage of patient record numbers

Reduces medical identity theft and fraud. Medical identity theft and fraud is a growing concern to healthcare consumers and providers. Using smart card technology enables the addition of security elements such as a picture, personal identification number (PIN) or biometric (e.g., a fingerprint) so that a lost or stolen healthcare ID card cannot be used or accessed by anyone else. The data kept on the card can also be encrypted so that no one can access your data without your permission.”

You can find more information on smart health cards and the benefits to using them on JustAskGemalto.com, but in short, smart card-based technology can help you, as a patient, get better quality healthcare, delivered faster and more cost-effectively. And that’s good for everybody.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How the “National Strategy For Trusted Identities in Cyberspace” Benefits Consumers

In May 2009, the President’s Cyberspace Policy Review called for the development of “a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.”

That “vision and strategy” came to fruition in the form of the “National Strategy for Trusted Identities in Cyberspace” (NSTIC), which calls for an “Identity Ecosystem” that would be “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.”

Online anonymity has fueled fraud to the point where billions of dollars are lost every year. As people become less trusting of the Internet, many are pulling back. Methods of authentication that rely on usernames and passwords are broken and ineffective. Viruses infect personal and business PCs and allow criminals to remotely control the infected devices and access sensitive data and accounts.

We need a system that doesn’t grant access based solely on a password. Establishing trusted identities will provide enhanced security, improved privacy, and economic benefits. Ultimately, this system will enable new types of secure transactions, offer more control of personal information, and thwart cybercrime and identity theft.

President Obama explained the thinking behind the White House’s strategy:

“Giving consumers choices for solving these kinds of problems is at the heart of this new strategy. And it is one that relies not on government, but on the private sector, to design the technologies and tools that will help make our identities more secure in cyberspace and to make those tools available to consumers who want them. It asks companies to pursue these solutions in ways that will not impinge on the vitality and dynamism of the web, or force anyone to give up the anonymity they enjoy on the Internet.”

Want more information? You can also hear from Michael Garcia, Cybersecurity Strategist for the Department of Homeland Security on the NSTIC program and its many benefits.

Sounds like a good plan to me. Sign me up!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Managing Family Time On The iPad or iPhone

On our way home from a recent family vacation, my two year old grew understandably anxious and uncooperative while waiting for a flight in an airport terminal. So I handed over my iPhone, hoping to distract her. Within seconds, she had launched the photo application and begun scrolling through the videos of our trip. She’d watch a video, giggle a little, and then scroll to the next. This went on for about ten minutes.

During this time, a small crowed gathered near my kid. I realized that they were marveling at my daughter’s ability to work an iPhone like an adult. But while she may be pretty smart, it was Steve Jobs’ brilliance that created this magical device that passes both the grandmother and toddler tests.

Parents everywhere are equipping their families with digital devices for numerous reasons. There are many advantages and some disadvantages to this practice. Most, but not all, of the applications available on the iPhone and iPad are more or less harmless. The web as whole, though, is fraught with content a child should not be exposed to. The following are helpful tips to address these concerns:

1. Engage in ongoing dialog. Become as savvy about these devices as your child may be, and spend at least as much time using them as they do, if not more. Set firm boundaries regarding what is and is not permitted.

2. Enable restrictions. Go to Settings > General > Restrictions and apply a passcode to any applications your kids shouldn’t be using. Children shouldn’t be exploring the Internet via Safari or YouTube on their own. Lock down the App store, too, otherwise this could become costly.

3. Set appropriate times. We learned the hard way that any digital activities in the early morning can make it difficult to get them ready for school. The same goes for right before dinner, homework, or bed. It’s tough to peel a kid away and readjust their senses to their real world responsibilities.

4. Set time limits. Addiction to gaming and virtual worlds is a real thing. Allowing a child unlimited access to television is bad enough. Allowing a child unlimited access to the digital world could cause behavior issues. We don’t allow any more than 15 or 20 minutes per hour on any game, and no more than 45 minutes in a day. Usually, they don’t want to spend more time than that, because they have so many other fun activities.

For more tips on protecting your kids online, visit JustAskGemalto.com.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures