Posts

What is the Cloud?

You’ve probably heard of people storing information in “the cloud,” but what does that really mean, and is it safe to put your data there?

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294The cloud is best described as a network of servers offering different functions. Some servers allow you to store and access data, while others provide an online service. You may be familiar with “cloud services” offered by companies such as Google and Adobe.

The term “cloud” comes from cloud computing, which is essentially using a group of computer resources to maximize their effectiveness.

The cloud is now comprised of millions of servers worldwide, and chances are you access it on a regular basis. For instance, you may have uploaded a picture from your smartphone to Instagram, which stores images in the cloud, or you could be using cloud storage service.

Because the cloud allows you to upload and access data and services from any Internet-connected device, it’s certainly convenient, but that doesn’t mean that it’s always safe.

Many worry about hackers getting into clouds, especially ones in which the services do not offer two-factor authentication. (This is when you need two different components to gain access to an account, such a something you know, like a password, and something you have, like a unique fingerprint.) Another potential vulnerability is that hackers might intercept data as it’s being sent to the cloud, especially if that data isn’t encrypted, or scrambled, to keep it from being read by unauthorized third parties.

Cloud customers must have faith that the service provider is doing all it can protect their prized data.

Not all cloud providers operate the same way, with the same security, but there are minimum standards, which they must meet. It’s important to know about the different levels of security, so you can make the right choices about your service providers.

A few cloud service providers:

  • Windows Live
  • iCloud
  • Google
  • Amazon Cloud Drive
  • Dropbox

Lots of storage can be obtained for free. Rates vary and getting cheaper by the day.

Cloud providers have everything to lose and nothing to gain be being insecure. It is well known that poor security can damage a brand. However, cloud security generally begins with the user and not the cloud itself. If your devices are old, outdated, poorly utilized, or don’t have the proper security, you could be the weak link.

So, make sure that your devices and security software are up-to-date and look for cloud providers that offer advanced security options such as encryption and two-factor authentication. And, if you really want your sensitive information to stay secure (such as tax returns and other financial and personal information), you might consider saving those files on a backup hard drive rather than putting it in the cloud.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

The most horrible Craigslist Killing ever

Beware. This is tough to read. An expectant woman had spotted an ad on Craigslist asking for baby clothes, so she contacted the ad placer—a woman—then went to her Longmont, Colorado house alone.

2HThe woman stabbed the would-be seller and removed the seven-month-old fetus. The baby died but the victim survived.

When police arrived, the 26-year-old victim was there but the fetus was gone. The 34-year-old psycho supposedly did not know the victim. She had her husband drive her to the same hospital that the victim went to, claiming that the fetus, which she had with her, was a miscarriage.

Oddly, the stabber has two kids already, and her husband is not a suspect.

Six weeks prior, Craigslist got negative attention when an elderly couple was murdered after responding to an ad for a car.

It’s a novelty to point out that these ads were placed on Craigslist, but there is nothing inherent about this medium for advertising that makes it dangerous.

The root of the problem is that of meeting strangers alone in secluded or barren locations. Making this worse is when the ad responder is physically compromised, such as from elderly age or pregnancy. What on earth are they thinking?

One solution is the so-called safe zone, a designated trading spot where Craigslist sellers and buyers meet, out in the open, around other people, such as at a police station parking lot.

Currently there are safe zones in 22 states; they are listed on the Safe Trade Stations website.

If your state doesn’t have one, or if the one in your state is far away, then the next best thing is to arrange to meet the seller or buyer in a public spot full of people such as at a busy café, if the item they’re selling is small enough. And bring someone with you.

If it’s a car or other very large item for sale, this makes things more challenging as far as location of the meeting. Bring two people with you, and try to arrange the meeting in a public spot, if at all possible. If you can’t find anyone to accompany you, and the item for sale can’t be transported to a public spot, then pass up the deal.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Consumers sacrificing Privacy for Convenience

It’s hard to believe that, according to a recent poll from the Pew Research Center, most Americans aren’t too upset that the government can track their e-mails and phone calls. There’s too much of a blasé attitude, it seems, with people thinking, “I don’t care if I’m monitored; I have nothing to hide.”

2PThis blows it for those of us who actually DO mind that the government is snooping around in our communications, even if we’re as innocent as a butterfly.

Privacy experts believe that governmental monitoring of online activities is just such a fixed part of Americans’ lives that we’ve come to accept it. But privacy experts are pushing for an increased awareness of the importance of digital privacy, and this begins with the U.S. masses putting out some demands for privacy.

An article on arcamax.com points out that as long as Americans are sitting pretty with cheap and easy-to-use Internet experiences, nothing much will change. “People are very willing to sacrifice privacy for convenience,” states Aaron Deacon, as quoted in the article. He manages a group that explores issues pertaining to Internet use.

The article says that Pew’s research reveals that since the NSA revelation, 20 percent of Americans have become more privacy-conscious in a variety of easy ways like using a private web browser.

But most Americans shy away from the more complicated privacy protection methods. Furthermore, some people don’t even know of the extent of governmental monitoring.

Nevertheless, ease of use has made people complacent. Who wants to hassle around with encryption, decoding, coding, etc.? This stuff is great for techy people but not the average user.

The good news is that there is somewhat of a revolution geared towards making privacy methods less intimidating to Joe and Jane User. It just won’t happen overnight, but the market is “emerging,” says Deacon in the article.

Theoretically, if everyone turned techy overnight or privacy protection instantly became as easy as two plus two, this would make unhappy campers out of the businesses that flourish from tracking users’ online habits. The government wouldn’t be smiling, either, as it always wants to have fast access (e.g., “backdoor”) to electronic communications: the first communication choice of terrorists.

Thus far it seems that people have two choices: a fast, easy, cheap Internet experience that gives up privacy, or a techy, expensive, confusing experience that ensures privacy. The first choice is currently winning by miles.

Forewarned is forearmed. Pay attention. This is getting real.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Protect Yourself from Online Fraud

Yes, it’s possible: preventing fraudsters from getting you via online trickery and other stealthy actions. Yes, it’s possible to be thinking one step ahead of cyber criminals. Let’s begin with e-mails—the conduit through which so many cyber crimes like ID theft occur. 9D

  • Imagine snail-mailing vital information like your SSN, bank account number, a duplicate of your driver’s license and your credit card number. At some point in the delivery process, someone opens the letter and see the contents. Electronic messages are not entirely private. Recognize this risk before sending knowing that in transmission there is a chance your information can be seen. Sometimes the telephone is a better option.
  • Ignore sensationalistic offers in your in-box like some ridiculously low price on the same kind of prescription drug you pay out of pocket for; it’s likely a scam.
  • Ever get an e-mail from a familiar sender, and all that’s in it is a link? Don’t click on it; it may trigger a viral attack. As for the sender, it’s a crook compromised your friends email and who figured out a way to make it look like the e-mail is from someone you know.
  • In line with the above, never open an attachment from an unfamiliar sender; otherwise you may let in a virus.
  • If someone you know sends you an unexpected attachment, e-mail or call that person for verification before opening it.
  • Enable your e-mail’s filtering software to help weed out malicious e-mails.
  • Ignore e-mails asking for “verification” of account information. Duh.

Passwords

  • Don’t put your passwords on stickies and then tape them to your computer.
  • Do a password inventory and make sure all of them contain a mix of letters, numbers and characters, even if this means you must replace all of them. They also should not include actual words or names. Bad password: 789Jeff; good password: 0$8huQP#. Resist the temptation to use a pet’s name or hobby in your password.
  • Every one of your accounts gets a different password and change them often.

General

  • Make sure your computer and smartphone are protected with antivirus/anti-malware and a firewall. And keep these updated!
  • Your Wi-Fi router has a default password; change it because cyber thieves know what they are.
  • When purchasing online, patronize only well-established merchants.
  • Try to limit online transactions to only sites that have an “https” rather than “http.” A secure site also has a padlock icon before the https.
  • Make sure you never make a typo when typing into the URL; some con artists have created phony sites that reflect typos, and once you’re on and begin entering your account information, a crook will have it in his hands.
  • Access your financial or medical accounts only on your computer, never a public one.
  • Ignore e-mails or pop-ups that ask for account or personal information.
  • When you’re done using a financial site, log out.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Trolls get Dose of Reality

Well, you know that old saying: The viciousness of an online bully’s attack is inversely proportional to the size of his (you fill in the blank), I was thinking ego.

12DMany online bullies are female, but in the case of former Red Sox pitcher Curt Schilling’s daughter, the trolls are collectively male.

Recently Schilling tweeted how proud he was that his daughter, Gabby, will be playing softball as a pitcher for Salve Regina University. Schilling got a lot of responses. And some were disgusting, including one that mentioned assault (yeah, I’d like to see the dude who posted that try to mess with a collegiate pitcher—these young women aren’t to be messed with).

Other repulsive acts and terminology came up in the comments. Sometimes, as Schilling set out to prove, it’s not best to just ignore the bullies, thinking they’ll go away.

In the case with 17-year-old Gabby, the “bullies” are more like pond scum idiots who, in real life, would probably scurry like a mouse if a woman got in their face.

Schilling quickly tracked down the names and schools, plus some other details, of the bullys. As a result, says the athlete, nine of these maggots have been either fired from their jobs or kicked off their sports teams. The Twitter accounts of two of the trolls have been deactivated.

Schilling received apologies from them, but only after the fact. Too late. And why did these young men make the posts in the first place? They don’t even know Gabby. Do they have a teen or young adult sister? How would they feel if their teen sister were the subject of such vile posts? Some of the trolls told Schilling to chill. Would they themselves chill if their sister, girlfriend or mother were the object of vulgar comments?

Hopefully, Gabby is internally stable enough not to take extreme measures as a result of the online bullying, like the many kids who have taken their own lives. But still…internal stability or not…nobody, especially a proud dad, should have to receive vulgar posts about themselves when they’ve done nothing wrong.

If you still think this is no big deal, remember: Once you post something, it’ll probably be out there for all time—waiting to smear your reputation, or hurt someone, real real bad.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

6 Ways to halt Online Tracking

“On the Internet, you can be ANYBODY!”

1PNot quite. Remaining anonymous in cyber space isn’t as easy as it used to be. Your browsing habits can be tracked, leading to your true identity. But there are things you can do to remain as anonymous as possible.

  • Don’t feel you must use your full, real name when filling out forms or whatever, just because it’s asked or even a “required field.” Of course, you’ll want to use your real name when registering online with a bank, for instance, or making a purchase. But sometimes, the real name just isn’t necessary, such as when registering with a site so that you can post comments on its news articles, or registering with an online community so that you can participate in forums.
  • Stop “liking” things. Does your vote really matter in a sea of thousands anyways? But you can still be tracked even if you don’t hit “like” buttons, so always log off of social media sites when done. This means hit the “log out” button, not just close out the page.
  • Twitter has options to control how much it tracks you, so check those out.
  • Clear your browser cookies automatically every day.
  • Use a disposable e-mail address; these expire after a set time.
  • Firefox users get a browser add-on called NoScript to block JavaScript. JavaScript gets information on you, especially when you fill out a form. However, JavaScript has many other functions, so if you block it, this may impair ease of use of the websites you like to navigate.

Virtual Private Network

You may not think it’s a big deal that your browsing habits get tracked, but this can be used against you in a way that you cannot possibly imagine.

For example, you suffer whiplash injury in a car accident and want to sue the erroneous driver who caused it. However, your nephew asks your advice on weight lifting equipment, so you decide to visit some websites on weight lifting equipment since you know a lot about this.

The defendant’s attorney gets wind of this online search and can use it against you, claiming you don’t really have any whiplash injuries. How can you prove you were searching this information for your nephew?

A VPN will scramble your browsing activities so that you can freely roam the virtual world wherever you are without worrying you’re being tracked. Your IP address will be hidden. One such VPN service is Hotspot Shield, which can be used on iOS, Android, Mac and PC.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to recognize Online Risks

Would you give up your bank account and credit card numbers to a stranger on the street after he approaches and asks for them? Of course not. But that’s essentially what people do when they’re tricked by online crooksters into revealing sensitive personal information, including their Social Security numbers.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294One of the most common ways this is done is through phishing.

  • The phishing attack is when the thief sends out thousands of the same e-mail. If enough people receive the message, sooner or later someone will take the bait.
  • The bait may be a notice you’ve won a prize; a warning that your bank account has been compromised or that you owe back taxes; an alert that something went wrong with your UPS delivery; or something about your medical insurance.
  • These subject lines are designed to get you to open the e-mail and then follow its instructions to remedy the problem—instructions to the tune of typing out your personal information including passwords.
  • Sometimes the fraudster has already gained information from a victim and will use that to make the victim think that the phishing e-mail is legitimate.
  • These e-mails contain links; never click on them. They’re designed to entice people into giving up personal information, or, the site they take you to will download a virus to your computer.
  • Sometime the e-mail will contain an attachment. Opening it can download a virus.
  • What if the e-mail appears to be legitimate, complete with company logo, colors, design and details about you? Contact the company first, by phone, to see if they sent out such an e-mail. Don’t click any link to get on the company’s site; instead go there via typing into the URL field.
  • You may have heard that hovering over the link will show its true destination, but this isn’t always the case.
  • Remind yourself that you are not special: Why would YOU inherit money from some strange prince in a foreign country?

Passwords

  • Passwords should never contain words or names that can be found in a dictionary. I know you so desperately want to include the name of your favorite football team in it, but don’t. Such passwords are easier for hackers to crack.
  • Never use keyboard sequences; again, a hacker’s tool can find these.
  • Make a password almost impossible to crack by making it at least 12 characters, a mix of upper and lower case letters, and include numbers and other symbols.
  • Use a different password for every account.

Anti-malware Software

  • You should have a complete system that’s regularly updated.
  • Have a firewall too.

Virtual Private Network

  • Download Hotspot Shield to encrypt your data on public WiFi hotspots.
  • Shield your IP address from webtracking companies who desire your information to sell you stuff or from search engines who hand that data over to the government.

Secure Sites

  • Whenever possible, visit only sites that have https rather than http, because the “s” means it’s a secure site.

A padlock icon before the https means the site is secure.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The White Hat Hacker

These days, it is hard to pick up a newspaper or go online and not see a story about a recent data breach. No other example highlights the severity of these types of hacks than the Sony breach late last year.

11DWhile a lot of information, including creative materials, financials and even full feature-length movies were released – some of the most hurtful pieces of information were the personal emails of Sony executives. This information was truly personal.

You have a right to privacy, but it’s not going to happen in cyberspace. Want total privacy? Stay offline. Of course, that’s not realistic today. So the next recourse, then, is to be careful with your information and that includes everything from downloading free things and clicking “I agree” without reading what you’re approving, to being aware of whom else is viewing your information.

This takes me to the story of a white hat hacker—a good guy—who posed as a part-time or temporary employee for eight businesses in the U.S.. Note that the businesses were aware and approved this study. His experiment was to hack into sensitive data by blatantly snooping around computers and desks; grabbing piles of documents labeled confidential; and taking photos with his smartphone of sensitive information on computer screens.

The results were that “visual hacking” can occur in less than 15 minutes; it usually goes unnoticed; and if an employee does intervene, it’s not before the hacker has already obtained some information. The 3M Visual Hacking Experiment conducted by the Ponemon Institute shed light on the reality of visual hacking:

  • Visual hacking is real: In nearly nine out of ten attempts (88 percent), a white hat hacker was able to visually hack sensitive company information, such as employee access and login credentials, that could potentially put a company at risk for a much larger data breach. On average, five pieces of information were visually hacked per trial.
  • Devices are vulnerable: The majority (53%) of information was visually hacked directly off of computer screens
  • Visual hacking generally goes unnoticed: In 70 percent of incidences, employees did not stop the white hat hacker, even when a phone was being used to take a picture of data displayed on screen.

From login credentials to company directories to confidential financial figures – data that can be visually hacked is vast and what a hacker can do with that information is even more limitless.

One way to prevent people from handing over the proverbial “keys to the kingdom” through an unwanted visual hack is to get equipped with the right tools, including privacy filters. 3M offers its ePrivacy Filter software, which when paired up with the traditional 3M Privacy Filter, allows you to protect your visual privacy from nearly every angle.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

How the Internet of Things is further killing Privacy

Privacy used to mean changing clothes behind a partition. Nowadays, say “privacy” and people are likely to think in terms of cyberspace. Stay connected, and you risk losing your privacy.

2PEven if you’re not connected, don’t even own a computer or smartphone, information about you can still be out there on the Internet, such as a listing for your address and phone number or a way for someone to get it with a small fee if you live in owner-occupied property.

An article on wired.com points out that the Internet of Things (IoT) is a privacy killer. But it’s also more than that. The evolution of technology forces us to redefine how we perceive our lives, says the article. Even an invention as primitive as the steam engine caused a rethinking among people. But whereas the steam engine was a slap, the IoT is a sledgehammer.

And the Internet of Things is only just beginning. Wired.com notes that the combination of the World Wide Web, big data, social identity, the cloud and more are all poised to erupt into something huge, and it won’t give us time to prepare.

The IoT will infiltrate the tiniest and most remote pockets of the planet, inescapable, impacting all who have a pulse, literally. It’s not like the steam engine in which, soon after its invention, many people were afraid to ride the train because they believed that God did not intend for humans to travel so fast, and thus, these folks easily avoided boarding the train.

We won’t be able to avoid the IoT. It won’t be a station we walk up to and then decide we don’t want to get on. We will be, as wired.com says, living inside the Internet. We’re too addicted to technology not to. Kids can’t imagine living without their smartphones. When their grandparents were kids, the only thing they felt needy for was an umbrella on a rainy day. You don’t miss what you can’t conceive of.

With the IoT slowly dissolving us, like a snake swallowing a giant rat and slowly dissolving it (certainly you’ve seen those unsightly images—you know what I’m talking about), our privacy will be dissolved along with us.

Strangers already can figure out what things we like to shop for without ever communicating to us. Your health habits, eating habits, dating habits…all the data that makes you YOU is continuously being shagged by Big Data. “Privacy” may one day become one of those words, like “oil lamp,” that’s no longer in use because by then, it will be such a far-removed concept.

Imagine living in a house made entirely of see-through structures, so that no matter where you are in it, people on the outside can see what you’re doing. There’s no brick, no aluminum, drywall or wood—just all some transparent material. That’s the Internet of Things.

Ways to shield your privacy:

Use a browser that has an “incognito” mode or privacy plug-in.

Use a VPN to mask your IP address and encrypt your data. Knowledge of where you’ve visited can be used against you by insurance companies and lawyers, to say the least; you just never know what can happen when something out there knows your every online move.

Turn of GPS location for photos. iPhone and other devices saves the location where you took the shots, which is no secret once you post the photos on FB, Twitter, Instagram, etc. Shutting down location based apps will help here too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Having the Privacy Talk with your Kids

Years ago, having “the talk” with your kids meant telling them where babies come from. Nowadays, “the talk” has a whole new meaning. Your kids may be able to explain in detail how a baby is created, but may be clueless (because so many adults are) about something called “data permanence.”

2PDon’t beat around the bush. Tell your kid outright, “If you post any racy images of yourself online—it will be there for the next million years for anyone to see. And it can be used against you.” Give this same warning about comments your child might post to an article. Things that your kids put online can come back to bite them many years later when they’re applying for employment. Tell them that.

Of course, warning your adolescent that something they post could come back to haunt them 20 years from now might not have much of an impact on them—kind of like telling your kid—who has endless energy—that smoking could cause heart disease 20 years from now. So how can you get through to your kids?

  • The more open the lines of communication are between parent and child, the more likely your message will get through about data permanence. Don’t make communication one-sided.
  • When your kids ask you how things work, even if it’s not related to cyber space, never act annoyed. Never make them feel it was a silly question. Never show impatience or judgment. If you don’t know the answer to their techy question, say, “I don’t know; let’s find out.” Don’t fudge a half-baked answer in an attempt to sound smart. Admit when you don’t know an answer, then hunt it down.
  • If you think it’s time to have “the talk” with your child, it is.
  • There’s never a perfect time to have “the talk.” Stop putting it off. Stop saying, “I’ll have it when…” Just do it.
  • Emphasize that raunchy images or nasty comments can come back to bite them in the near For example, they might have a crush on someone in a few years. What if that person googles them? What might they find? Ask your child, “What would you like them NOT to discover?”
  • Don’t be all lecture. Get your child thinking and talking opportunities. Ask them open-ended questions, such as the example in the previous bullet point. Get their brain cells working.
  • The privacy talk should be a process, not an event. That is, it should be a work in progress, ongoing, rather than a single event.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.