Posts

This is what Passport Security looks like

Sixty different materials go into the printing of a U.S. passport. That little booklet of a thing contains up to 30 pieces of security—and you can’t see most of them. And good luck trying to get details on these security features.

PPThe author of an article on gizmodo.com points out that he tried to get specifics from Homeland Security, but that the “forensic lab’s experts couldn’t discuss the security.” The author then sought answers from passport and forgery experts.

Holograms

When you see or hear the word “hologram,” what do you think of? Passports use holographic technology. The gizmodo.com article mentions that the biodata page of a passport probably has a see-through hologram.

It’s possible to almost forge a hologram. One way is to press metal onto it, then use the metal as a die cast to create more holograms. There’s also a device that stamps out holograms, but these days they’re difficult to get ahold of. Usually, holograms come with other security features that make forging difficult, such as special inks.

The drawback to more complex security with the passport is that some of the features can be missed in the inspection process because there are so many to remember. This creates a margin through which fake ones can pass inspection.

Ink

The gizmodo.com article talks about how the ink’s composition, and elements of the paper are part of the security. What can be done with ink to distinguish an authentic passport from a forged one? Some inks dissolve when they’re tinkered with. Some change color when cooled or heated. Some contain a design that’s visible only under UV light.

The paper, too, may contain unique fibers such as fluorescent ones. There are many other secrets that a forger could never know (though this article is obviously revealing some of them, but even then, this doesn’t mean the forger would necessarily be able to figure out how to duplicate these features).

Text one-seventh the width of a red blood cell

“Nanoprinting” is used for the passport: Text may be as small as one micron. Talk about a tiny font size. The best forgers can’t touch this. Another way to foil a forgery attempt is to deliberately create an anomaly in the text, such as a slightly raised letter.

The gizmodo.com article says that the most troublesome part of a passport to duplicate is the font. From a macroperspective, the typeface may seem easy to duplicate, but there are hidden, deliberate features visible only under a microscope. A forger won’t be able to replicate microscopic intentional ink bleeds.

Your passport will have an electronic chip in the upper left-hand corner that contains your data, including photo. The article explains that a security researcher, showed how he could clone such a chip.

Nevertheless, when all is said and done, passport forgery exists and forgers do get away with it. And as mentioned previously, there are so many security features to look for, that inspectors can’t all remember every single one, and the very one(s) they skip may also be the ones that would show a forgery. The technology needed to duplicate a passport is sold online.

At any rate, for the most part, your passport is an extremely secure instrument. Its security technology is ever-evolving. By and large, you can use your passport with peace of mind. Hold onto it tightly. Don’t let it out of your sight. When you don’t need it make sure it’s in a safe place that you won’t forget about.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Take a Women’s Self-Defense Course

Crimes against women are often “crimes of opportunity”. The predator doesn’t care if the opportunity presents itself in a major bustling city or in a tiny town with a population of only 400. If he sees prey and nobody else is around, he’ll strike—big town, medium town or small town.

1SDWomen should take self-defense classes, regardless of their age, weight or height. Just do it. There’s more to a high quality self-defense program than learning how to throw a punch, get out of a choke-hold and deliver a kick.

Sometimes, a predator can be frightened away by a woman’s eyes and tone of voice. In fact, a predator will “interview” a woman before assaulting her. He wants to first make sure he can overtake her. He won’t automatically assume he can simply because he’s taller and heavier. He has to qualify her as victim material.

He may do this by asking her for the time, for directions, or just looking at her in a creepy way. Her response, tone of voice and body language will be very telling. Self-defense and martial arts teaches a woman how to display a posture that makes a dangerous man back off.

Sometimes a woman who’s trained to fight will get attacked anyways.

Its simple enough, you have to be willing to injure, hurt and harm your attackers. A good self-defense program will include instruction in how to get out of real attacks and how to fight from the ground and even when there is a weapon involved.

Attackers generally don’t expect their victims to fight back. So what you do, your response to an attacker in the first few moments of an attack, can very well determine the outcome. Scratching a man’s face is a good start, but may anger him rather than scare him, but a solid punch to the throat or a deep gouge to the eyes is better.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

15 Tips to Prepare for Big and Small Security Threats

Businesses that focus on the big security breach may very well be missing the smaller threats that can do serious damage.

4HA human can easily kill a gnat. So how is it that just one gnat can drive you crazy, even though you can kill it in an instant? You are bigger and mightier … yet one gnat can get the best of you. That’s because you’re too big for the gnat, as it buzzes around your eyes, nose and in your hair.

This is just like when businesses implement giant measures to enhance security and protect themselves against big threats like hacking, or natural disasters like a tornado. The business feels mighty with its extensive video surveillance, steel bolt doors and armed security guards. Yet, it’s unable to foresee or handle the small stuff that can have dire consequences.

Some businesses make the mistake of focusing on only a handful of tactics and, as a result, other threats slip in undetected, or if detected, they’re not detected enough to be mitigated. Instead, all the business leaders can do is swat haphazardly, hoping to get a hit.

When businesses zoom in on only a few specific tactics, this results in a rigid plan that can’t adapt, and is useful only if the anticipated threat is precisely how it was envisioned in the first place. Concentrating on just a few selected risks means not seeing the bigger picture—missing greater risks that can come along.

Of course, you can’t possibly anticipate every possible threat. But preparing for just a few isn’t smart, either. What’s a business leader to do? Follow this list to prepare smarter.

Emergency Plan of Action

  1. Make sure all security and continuity plans are adaptable.
  2. Consider the human component, and work it in to the plan. Can IT’s brilliant plan be sustained by a person? Are facilities manned by one person or a team? .
  3. Cover all basics and implement regular updates.
  4. Don’t get sucker punched. Consider a variety of threats (from cyber sources to natural sources), not just a few, and the various ways your organization can respond and resolve.
  5. Be aware. Figure out backup locations for your business to function should you be forced to displace.
  6. Prepare staff. Designate a core team and keep their contact information handy so anyone can reach them anywhere.
  7. Communicate. Design an emergency communications protocol for employees, vendors and customers, etc., for the days post-disaster. Confirm emergency response plans with your vendors and suppliers, and prepare to use alternate vendors.
  8. Keep your data backup tools in excellent condition.
  9. Keep your inventory of assets up to date.
  10. Safely and efficiently store documents. Duplicates of all crucial documents should be kept off-site.
  11. Routinely make data backups, ideally both locally and with a cloud service.
  12. Determine succession of management in case key players can no longer function.
  13. Know the signs of a dying computer. A blue screen can mean a hardware problem or driver conflict. If things are taking way too long, there may be too much software … or a failing hard drive. Strange noises during startup, for instance, can also mean a hardware failure. Consider it your warning.
  14. Set up your backups. You can set up backup protocols with a program like Belarc Advisor, which is free and lets you know what to install and when it’s time to replace a computer.
  15. You may want to consider replacing your computer every two or three years to avoid being stiffed by a computer that’s suddenly gone stiff. Nothing’s more alarming than suddenly losing all your data, and there’s no backup computer that you can just turn on and pick up where you left off.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Top Security Techniques That Work For The Masters

Banks know security just about better than anyone. Find out what they can teach you about safeguarding your small business.

8DSecurity is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secure—the destination we all strive for. Even Fort Knox, the White House and the New York Stock Exchange are vulnerable.

But that doesn’t mean we shouldn’t strive to reach our destination. In order to protect our businesses, we can apply strategies that significantly reduce our risk level. One of the best security techniques is layering. Layers of security make a criminal’s job more difficult, as they are forced to address all the vulnerabilities in our business.

Helen Keller once said, “Security is an illusion; life is either a daring adventure or nothing at all.” Her quote has significance, although it’s not entirely accurate. That’s because security is part illusion and part theater. The illusion, like a magic act, seems believable in many cases.

Security theater, on the other hand, refers to security intended to provide a sense of security while not entirely improving it. The theater gives the illusion of impact. Both play a role in deterring criminals, but neither can provide 100 percent security, as complete security is unattainable. Hence, security is a journey, not a destination.

Banks know security, both the illusion and the theater. They have to, because robbers target these buildings daily. Because banks want to promote a friendly and inviting environment, consumers are mostly oblivious to the various layers of security that financial institutions utilize to protect their bank accounts. And that’s not a bad model to follow.

What Banks Know About Security

Banks have multiple layers of security. The perimeter of most banks are often designed to include large windows, so passersby and law enforcement can easily see any problems occurring inside. The bank’s doors also have locks. There is, of course, an alarm system, which includes panic buttons, glass-break detectors and motion sensors. These are all layers, as are the security cameras, bulletproof glass and armed guards. Ideally, the tellers and members of management should have robbery-response training. Many banks also use dye packs or GPS devices to track stolen cash.

All banks have safes, because banks know that a well-constructed safe is the ultimate layer of security. A safe not only makes it extremely difficult for a bank robber to steal the bank’s money, but it also protects the cash in the event of a fire.

And then there are the multiple layers of computer security. The basics include antivirus, antispyware, antiphishing and firewalls. However, there are numerous additional layers of protection that monitor who is accessing data and why, and numerous detectors that look for red flags which indicate possible identity theft.

Banks also recognize that a simple username/password is insufficient, so they require their clients to adopt multifactor authentication. Multifactor authentication is generally something the user knows, such as a password or answers to knowledge-based questions, plus something the user has, such as a smart card, token or additional SMS password, and/or something the user is, such as identification through a biometric fingerprint, facial recognition, hand geometry or iris scan. In its simplest forms, multifactor authentication occurs when a website asks for a four-digit security code from a credit card or installs a cookie on your machine, or when a bank requires a client to add a second password to his or her account. Some institutions also offer or require a key fob that provides a changeable second password (a one-time password) to access accounts, or it might require a reply to a text message in order to approve a transaction.

Every layer of protection the bank adds is designed to make it harder for a criminal to get paid.

Consider a layered approach for your small-business security plan. Think about the current layers of business protection you have in place, and then consider how many more layers you might want to install to ensure a seamless customer experience and a security-minded culture.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

11 Tips to Hotel Safety and Security

Can you name 11 tips for hotel safety and security? How about just five?

4HHave you ever walked down the hallway of a hotel and passed by rooms with doors left wide-open by cleaning staff? Ever thought of how easy it would be to enter and pretend the room is yours? Imagine what you could steal.

This is why a hotel that takes security seriously will be very strict about whom is issued an electronic key to rooms, and will issue regulations regarding housekeeping tasks. In more remote hotels or those in less developed countries, the hotel staff itself may be the thieves.

Nevertheless, whether you’re in the ritziest hotel or the shoddiest dump, Schlage locks wants you to know there’s a baseline of precautions you should take.

#1. Never leave valuables in your room unless you’re present. If you must, use the hotel safe and be sure to get a receipt.

#2. When in the room, keep the door locked, including the chain feature.

#3. Always use the peephole before opening the door.

#4. If you anticipate the door won’t have a lock (such as in a foreign country), bring along a traveler’s door lock, a motion detector that you hang on the knob that sounds when the door opens, and/or a doorstop alarm—it wedges against the door’s base.

#5. Don’t open the door to strangers.

#6. If the “stranger” claims to be a hotel service person, call the front desk for verification first.

#7. Consider have all food deliveries made to the lobby. This isn’t convenient, but it’s safer. You never know if the delivery person is actually a predator looking for a target. Men should also practice this procedure; men can be targeted for violent crimes too. The delivery person may also case you as a potential target later on.

#8. Be mindful of what you leave outside your door. E.g., what appears to be leftovers from one person’s meal, indicates you’re alone.

#9. Before going to bed, double check all possible entry points.

#10. Make people think you’re there when you’re not: Place the “do not disturb” sign on the door—after you put the TV on loud. But first make sure this won’t coincide with maid service.

#11. If your hotel wants you to turn your key in when you go out, keep the key so that nobody knows you’re out.

Robert Siciliano home security expert to Schlage discussinghome security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Analyze Security to reduce Threats

A deep analysis into security (security analytics programs) unveils some riveting areas that need to be addressed if business users are serious about reducing threats of data breaches.

1DReveal data leaks. Convinced your business is “data leak proof”? See what stones that security analytics turn over. Don’t be surprised if the leaks that are discovered have been ongoing, as this is a common finding. You can’t fix a problem that you don’t know exists.

An evolution of questions. Analytics programs can create questions that the business owner never thought to wonder about. Analytics can reveal trends and make them visible under the business owner’s nose.

Once these questions and trends are out of the closet, decision makers in the organization can have a guideline and even come up with additional questions for how to reduce the risk of threats.

Connections between data sources. Kind of along the same concept described in the previous point, security analytics programs can bring forth associations between sources of data that the IT security team many not have unearthed by itself.

Think of data from different sources being poured into a big funnel, and then what comes out the other end are obvious patterns and associations between all that data, even though it was “poured” from differing sources. When “mixed” together, the data reveals connections among it.

Uncovering these associations is important so that businesses can have a better understanding of disparate segments of their network, various departmental information, etc.

Discovery of operational IT issues. Take the previous points a step further and you get a revelation of patterns and connections in the IT operations realm—associations that can help mitigate problems with workflow and efficiency.

In other words, an issue with IT operations could be something that’s causing a drain on productivity, or, something that’s not creating a problem per se, but can be improved to spark productivity.

Uncover policy violations. Analytics can turn up policy violations you had no idea were occurring. Not all violations are malicious, but once they’re uncovered, they cannot be covered up; the next step is to do something about it.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

5 Mobile Security Tips

Cybercrime is one of the most lucrative illegal businesses of our time, and it shows no signs of slowing down. Over the last decade, cybercriminals have developed new and increasingly sophisticated ways of capitalizing on the explo­sion of Internet users, and they face little danger of being caught. Meanwhile, consumers are con­fronted with greater risks to their money and information each year.

The proliferation of mobile devices has provided a new opportunity for cybercriminals. With mobile shipments now outpacing PC shipments, there is now a large enough pool for the cybercriminals to start to leverage this base to make money.

Here are 5 quick tips to help you protect your mobile device and your data on the device.

Put a PIN on it – As a first basic step make sure you use a PIN code or password to lock your device and make sure it is set to auto-lock after a period of time.

Think before you click: Being on the go is convenient, but in our rush to respond, we don’t always take the time to look carefully at texts, email and social posts to make sure they are valid. Always be careful when clicking on links that you receive from anyone.

Don’t be app happy: Be careful what apps you download and where you download them from. Most malicious software for mobile devices is distributed through “bad” apps.

Be careful where you search: Double-check a website’s address and make sure that it appears legitimate by reviewing the URL or rather than doing a search for a site, type in the correct address in the URL bar to avoid running into any phony sites.

Secure your device:  Make sure all your mobile devices have comprehensive security software, likeMcAfee Mobile Security or McAfee LiveSafe (for all your devices) that protects you from threats, helps you avoid risky websites and malicious apps, and in the event of loss or theft, lets you remotely backup, lock and if necessary, wipe all the data from your mobile device.

 

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

6 Tips for Apartment Security

According to the National Crime Prevention Council, apartments have an 85 percent greater chance of being burglarized than a single-family homeowner or rental property.

6tips

Apartment security should be a priority for landlords to provide for tenants, but it’s really up to you, the tenant, to ensure your security. When hunting for a security-minded apartment complex, consider the following:

  1. Home security systems: Today’s systems are wireless and portable. You don’t need to own a house or have a contractor install it. Ask if you have permission to install an in-apartment home security system with motion detectors. This should not be negotiable. Wireless home security systems are non-invasive and inexpensive.
  2. Peephole: Require a peephole on your door.
  3. Door security: If the doors are glass-paned opposed to solid-core doors, then your potential landlord isn’t concerned about your security. Doors should have a knob lock and a deadbolt, and the doorjamb and hinges should be reinforced. Search door reinforcement online to see what your options are.
  4. Surveillance cameras: Having one to 16 cameras with signage lets the bad guy know he’s being watched. Most camera systems can be remotely accessed with your mobile phone or tablet.
  5. High-wattage sodium lighting: You cameras will work better with good lighting. Exterior lighting on the perimeter lets the bad guy know he can’t hide. (Bonus: Cockroaches hate light too.)
  6. Parking lot security fencing: Perimeter fencing six feet high is a great deterrent.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

10 Cheap Ways to Secure Your Home

  1. Consulting: Call a locksmith or a police officer for some basic tips on home security. Community programs in which law enforcement inspects a property is a cost-effective way to secure your home.
  2. Signage: Use “Beware of Dog” signs—one for the front door and one for the back door. And “This House is Alarmed” signs are excellent deterrents.
  3. Dogs: Dogs are a great form of home security…but they also can be expensive. Just buy the biggest dog food bowl possible—one bowl for the front porch and one for the back. Writing Killer on the bowl will give a burglar the impression that you have a big and vicious dog. You can even buy a barking dog alarm.
  4. Neighborhood watch: Have your neighbors keep a keen eye on your property when you are away, and do the same for them. Start a neighborhood watch program and set it up so everyone has a responsibility to watch one another’s properties.
  5. Lived-in look: Make your home seem occupied all day, every day. When you are away, put the stereo or TV on loud enough to hear from the immediate exterior. Buy inexpensive timers and plug all your lamps in.
  6. Outdoor motion sensors: Only 10-20 bucks. When someone is creeping and an exterior light goes on, they make a burglar think he’s being watched.
  7. Decent locks: Locks can be as cheap as 30 bucks. Beef up the strike plate by installing three-inch screws deep into the frame.
  8. Security bar: For short money, you can make a “security bar” with wood or pipe that wedges up under your doorknob.
  9. Screw your windows: Install small-angle brackets that prevent the windows from opening any more than five inches.

10. Install a bare-minimum home security system that includes daily alarm monitoring for short money. I use a home alarm too, and it is the best protection when you are sleeping or at work.

Robert Siciliano, personal and home security specialist to BestHomeSecurityCompanys.com, discussing burglar-proofing your home on Fox Boston. Disclosures.

13 Digital Security New Year’s Resolution Tips for 2013

The best thing about the “New Year” is committing to new or old resolutions and starting fresh. Whether you are an individual or a small business, the following applies:

  1. Delete. Go through your files, deleting and organizing as necessary. Clutter is confusing. Security and “confusing” don’t work well together. Delete!
  2. Back up your data. Back up to a secondary hard drive inside or external of your devices. Utilize cloud-based backups, too. I have my data on four local drives and two cloud-based servers.
  3. Reinstall your operating system. Reinstalling your operating system every year or two eliminates bloat and malware and speeds up your PC.
  4. Get device savvy. Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless or software, learn it. Take the time to learn enough about your devices to wear them out or outgrow them.
  5. Get social. One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software.
  6. Implement social media policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by providing training on proper use—especially what not do too.
  7. Get digitally secure. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Invest in antivirus, anti-spyware, anti-phishing and firewalls.
  8. Protect your mobile. Bad guys are paying attention to mobiles and creating thousands of viruses meant to steal your data. There has been a significant increase in Android-related hacking, and Android users therefore must download and install all the latest updates and invest in a mobile security product.
  9. Go EMV. EMV, which stands for Euro MC/Visa, also known as “chip and PIN,” is the new more secure credit card and is underway in North America. Both Canada and Mexico are going full-on EMV, and several major banks in the United States are beginning to test and even roll out EMV. EMV cards are far more secure than traditional credit cards, and consumers should embrace these new, more secure cards.
  10. Get physically secure. Security cameras, alarm systems and signage are essential to protect the perimeter of your property from vandals, as well as protecting the inventory from theft, or even the cash register from sweethearting or robbery. Security cameras are an essential component to any small business security system.
  11. Hire honest employees. Unfortunately, too many people lie, cheat and steal—and when they come to work for you, they drain company resources until they are fired. It’s best to use prescreening services.
  12. Upgrade wireless. If your wireless router is more than 2 years old then it’s time to buy new. Security standards continue to be upgraded and old is often not secure.
  13. Don’t’ worry about any of the above! Seriously! Now I didn’t say don’t do it, because you should, but don’t needlessly worry. Take action, get secure, keep on top of it, and have a Happy New year!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures