Posts

“Predictive Analytics”: Technologies that read your Mind

There’s an app that can practically read your mind via your mobile device. The technology is called predictive analysis, and Google’s Now app is at the forefront. Other apps that utilize predictive analysis include Grokr and Osito: predicting the smartphone user’s next move.

2WHow does this work?

Snippets of information are assembled via an algorithm, leading to a prediction of the user’s next behavior.

An example would be combining snippets of calendar entries with the user’s location data, e-mail information, social network postings and other like information.

The user is then presented with assistance that the app “thinks” is needed. The support-information is called a card. A card might, for example, remind the user about an event whose information was entered previously.

The app will then add directions to the event or show weather conditions at the location—even advise raingear.

Benefits

  • The Now app can “understand” context and filter out irrelevant information, making searchers easier than ever.
  • The Google search engine can now respond to more than just individual keywords and can seemingly grasp the meaning of a search query. This algorithm is called Hummingbird and impacts 90 percent of searches.

An example is that Google can compare items upon request or dig up facts about various things. For example, just type in the name of a famous landmark—once. If you seek trivia, you’ll get answers, but if you then seek directions, Google will know that you want directions to this landmark without you having to type in its name again.

  • Future locations of the user can be predicted (based on locations visited previously), not just the current location.
  • Recently, Google and Microsoft researchers came up with a software, Far Out, that can figure out a user’s routine via GPS tracking. This data is then assembled so that future locations of that user can be predicted.
  • The configuring can even adjust to correlate with the user’s changes in residence or workplace.

As advanced as all of this seems, this is only the start of a new wave of technology that can “think” for us—a big benefit to those whose lives are so hectic that they’ve become absent minded, and for those who simply enjoy the idea of having to do less mental work.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Next Steps in Wearable Tech

Tech devices are rapidly evolving from those you carry around with you in a pocket to those you wear on an arm, and they seem to be getting smaller and smaller. We have the laptop as the progenitor, culminating in the smartphone and tablet.

7DAnd beyond: Google Glass, a computer you wear, freeing your hands, that can connect to the Internet via voice commands. The “smartwatch” is now in the works. Plus, there are little fitness gadgets you can wear that record vital data including number of steps taken in a day.

Inspiration for an Invention

Isabel Hoffman’s daughter, 14, became very sick after moving to America from Europe. Doctors couldn’t diagnose her.

Hoffman, an entrepreneur, then took her daughter to Dr. Neil Nathan, who diagnosed the teen with toxicity to the mold Aspergillus penicillium. A house mold test confirmed this. The Hoffmans moved, and the girl was put on a gluten free diet, since the toxicity causes gluten intolerance, and her health was restored.

Hoffman wondered how many other people suffer with unexplained ailments. So she, with a partner who’s a mathematician, created a handheld device: TellSpec.

Point it at or hold near an object, including food, and it transmits ingredient information to its smartphone app and displays the data.

Have celiac disease? Scan foods with TellSpec to see if they have gluten. Allergic to soy or simply want to avoid it? Hover the device, which is smaller than a mobile, near the food to get your readout on your smartphone.

TellSpec also supplies information about potential health issues with the ingredient. Sounds like “Star Trek,” but this device will be on the market August 2014.

How Wearable Technology will save Lives

  • Can identify substances in foods that can literally kill a person with an allergy, such as peanuts, or harm a person, such as gluten.
  • Can identify sugar content: valuable for diabetics.
  • Can identify toxins in water and walls.
  • Current wearable devices can track blood pressure, heart rate and other vitals: data that not only is helpful to fitness conscious people, but those with medical conditions.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Kids and Smartphones: How Old?

How old is old enough for a kid to have a smartphone? Right out of the gate, I’m saying 16, and I know there’ll be some backlash from that. Some will say it all depends on the kid; others will argue there’s no right answer. Here’s why children under the age of 16 should not have a mobile phone:

5W

Driving age: Somewhere along the line, someone said 16 is a good age to allow kids to drive. I think a car in anyone’s hands can be used as a weapon, and 16 is the earliest age that weapon should be handed over. A mobile is no different. In the wrong hands, a mobile can be deadly.

Bullying: We have seen way too many kids suffer from awful bullying as a result of other kids using mobile phones. The fact is, there is no emotion felt when bullying someone virtually—meaning the perpetrator can say anything and not see the harm he is bringing to the victim. At least at 16, kids have developed a better sense of empathy and a little more self-confidence.

Pornography: Anything and everything one can imagine in photo and video is available online—more than anyone under the age of 20 can handle and definitely more than a 15-year-old can process. There just way too much information for their young minds to consume.

Fraud: Kids say and post way too much information about their lives that can put themselves and families at risk. They give out emails, phone numbers, home addresses, financial information…you name it.

Personal security: Kids are being targeted by adults online. I recently did a segment on Fox in which a 25-year-old man posing as an 18-year old connected with 13- and 14-year old-girls. Let’s just say it didn’t end well. Oh, and that reminds me: the minimum age for social media should be 16, too.

What about keeping in touch? Get them a feature phone and no texting. Sorry. I’m a dad. You can feel bad for my kids. I didn’t have a smartphone at 15; they’ll be fine.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

I Really Want My Phone to Be My Wallet. Don’t You?

Wallets suck. Seriously. Mine hurts my butt when I sit down. I have to remember to take it with me, and then I’m always afraid of losing it. There’s nothing fun about it. And…well…it’s dirty. It really is—money is dirty, and the cards you hand to people with dirty hands that handle dirty cards all day are dirty. Can we please just use our mobiles as wallets?

There are a few technologies that are supposed to eliminate the wallet, but no matter how hard I try, I still need to carry one. More on that in a bit.

What’s in the works:

  • Isis is a mobile payment network comprised of the major mobile networks. It’s supposed to launch nationwide and there have been a bunch of pilot tests, but no official launch just yet.
  • Square is an app that accepts credit cards and allows you to pay with them in stores that accept Square-facilitated transactions.
  • Apple has the Passbook app, which stores your cards and works with an iPhone. It should have taken off, but it does squat.
  • Google Wallet is an app that has relationships with credit card companies and banks and uses near-field communications. It allows you to make payments, but only if you have an NFC-enabled phone—which is usually an Android—and the point of sale needs to be able to read it.
  • Starbucks is really the only company that has used its mobile app to accept payments, and it’s wildly successful. There’s no reason to even walk into a Starbucks with a wallet again.

So other than moving into Starbucks, I’ve found a temporary compromise.

  • Thinned out my wallet: This means I got a thinner wallet, too. I picked up a three-buck one from one of those sidewalk tables in New York City. For the rest of the world, you can find them all over eBay.
  • Keyring: This is an app available for iPhones and Androids that allows me to easily snap a photo of the front and back of my 50+ loyalty cards and use most of them at a retail counter. (Except Costco, which is stupid. Do you hear me, Costco?)
  • Hotspot Shield VPN: This is a virtual private network application installed on my mobile to protect my wireless traffic. So instead of having to remember my wallet and then putting my wallet into my pocket—which hurts—and worrying about losing it, I just use my mobile to make purchases online and have most everything shipped. Except, of course, at Costco.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Selling Your Smartphone? Beware of Stowaway Data

5WUpgrading your mobile device? It has become standard practice to upgrade to a newer device every one to three years. And when doing so, people often sell, donate or discard the old one. The goal is often to sell the old one to make up the difference in cost for the new one.

However, I conducted a test in which I purchased a bunch of used devices off of Craigslist and eBay to see if I could still find personal data on them. I found a startling amount of personal data, including photos, phone numbers, addresses, emails, text messages and even passwords.

While most of us would think we are safe if we do a factory reset on our mobile device, this is not always the case. On some Android phones, even though some of the phones’ owners had done a factory reset, I was still able to find data on them. Here’s how to get your devices squeaky clean:

  • Wipe your phone: For mobile phones, you want to do a factory reset. The software to do this is built into the phone.
    • Android factory reset: Menu > Settings > Privacy > Factory Data Reset.
    • iPhone factory reset: Settings > General > Reset > Reset All Settings.
    • Blackberry factory reset: Options > Security Options > General Settings > Menu > Wipe Handheld.
    • Windows 7 phone factory reset: Settings > About > Reset Phone.
    • On any other operating systems or Symbian-based phones, you will need to do a search on your phone online, such as, “Phone Name, Model Number, Carrier, Factory Reset.”
    • Remember to remove or wipe any media, like SD cards or SIM cards. These are so cheap, it’s better to cut them in half with a scissors or reuse them.
    • Still unsure if you’ve gotten all your data off? Get a drill and poke lots of holes in the device and its hard drive, or hit it with a sledgehammer. This may be lots of fun, but it also may make it less saleable. J

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

How the Average Consumer Can Keep Their Smartphone Secure and Private, a Conversation with Identity Theft Expert, Robert Siciliano

By David Geer (bio: http://www.linkedin.com/in/daviddgeer)

“A mobile phone is lost every 3.5 seconds. More than half of those devices are smartphones. 40% are not password protected.” – Identity Theft Expert, Robert Siciliano

Smartphones outnumber PCs. Though the devices are more personal than “personal” computers, they can certainly be less secure. Malware (mal = bad, ware = software) such as viruses, apps that are not secure or that funnel out private information, and the loss or theft of unprotected devices are all threats that lay in wait for unprepared users.

I spoke with Identity Theft Expert, Robert Siciliano for a Q&A about consumers’ top smartphone security and privacy concerns. Genuinely concerned and personally involved, Robert details how the average consumer can keep their smartphone safe.

David Geer: What are the average consumer’s smartphone security concerns?

Robert Siciliano: We are hearing a lot about malware. We are hearing a lot about privacy issues with the apps people download. There are apps that violate user privacy by communicating information the user may not want to communicate (without their knowledge). Though the vendors often state in the TOS (Terms of Service) what these apps will do, some apps share personal information despite what their TOS say. There are also issues with lost or stolen phones, especially when the user has not password protected their device.

There are thousands of examples of malware targeting mobile devices. But while consumers are more concerned about that, the loss or theft of their phone is a larger issue. A mobile phone is lost every 3.5 seconds and more than half of those devices are smart phones. Forty percent of phones are not password protected. An overwhelming number of phones are lost with no password protection.

Then there are the issues we have seen with people stealing people’s phones. I think the biggest concern should be password protecting your phone as opposed to worrying about malware. That is not to say you should not be concerned with malware.

DG: What are some real-world cases of smartphone threats occurring?

RS: A woman contacted me saying, “Robert, I was at a concert last night and I lost my phone.” When she got home, she logged on to her Facebook page and someone had posted all of her naked photos from her phone to her Facebook page.

There are two issues here. One is the fact that her phone was not password protected. The other is that she and many, many starlets are taking nude photos and storing them on their phones. That is a big detail. I have read a half dozen stories in the past year about young, successful actresses that had nudes on their devices and these have ended up on the web because the device was hacked or stolen. These starlets are giving other women the green light to go ahead and do the same thing. We have an entire culture that is engaged in this behavior and not doing much if anything to protect their data.

Our digital devices store our most private information: usernames, passwords and access to private accounts including banking and social accounts. Exposing all the intimate details of our lives because of a lost, stolen or hacked phone is serious business.

McAfee studied password sharing with ex-spouses. A significant number of people surveyed said that they have or would expose their former significant other’s most private photos and videos in the event of a bad breakup. They had access to the passwords and had the same data on their own devices because they took it from their significant other’s phone.

G: Most smartphone users have no interest in becoming technical gurus. What are some things any consumer can do to protect their devices and themselves from these concerns?

RS: It boils down to common sense in recognizing the risks. It is common sense to password protect your device. Beyond that, users should have lock, locate and wipe software whether the vendor built it into the phone or users download it. (This enables the user to lock the phone against access, find the phone or completely wipe all sensitive data from the phone remotely). Then the user should have anti-virus software on the phone.

Do not root or jailbreak your phone. This breaks down the defenses the OS software developer put in place. There is only one store where you can download safe, secure apps for the iOS (Apple) and one where you can download them for Android. When you jailbreak the phone to gain access to the hundreds of other stores and their downloads, neither Apple nor Google have tested these apps.

Jailbreaking is what gets the user and their employer who offers bring-your-own-device options into trouble.

DG: Are there any smartphone settings that can help without frustrating the consumer technically?

RS: Yeah. Turning off Bluetooth, especially when not in use will help. Turning off your location-based services will, too. You have options on what to do in the event that someone does try to access the password. So, for example, if they try to enter the password more than 10 times, then the device will wipe. That is something that you can turn on or off.

DG: Are there any free or modestly priced software solutions that can help without frustrating the consumer technically?

RS: I am a McAfee spokesperson, so I always recommend McAfee’s line of mobile security products. Some are free; some require a small fee. All are very user friendly. Other than that, there is whatever software is already on the device.

DG: If all this is still too much, where can a consumer go for help?

RS: You have heard the term, “Google is your friend”. There generally is not an issue where someone did not ask a question and someone else did not answer with respect to technology. Do a search and find a variety of forums where people have asked the same question you have and someone has answered it. It is a matter of knowing how to ask the right question. Beyond that, your device’s manufacturer or service provider is good places to start.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

How Your Smartphone Will Identify You Privately

Banks rely on usernames and passwords as a layer of protection and authentication to prevent criminals from accessing your accounts. However researchers now show that your password—even though it may be a relatively “strong” one, might not be strong enough.

When you create a password and provide it to a website, that site is supposed to then convert them to “hashes” as Ars Technica explains “Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that “5f4dcc3b5aa765d61d8327deb882cf99” is the MD5 hashes for “password”.

But Ars did an experiment with some newbie technologist all the way up to expert hackers to see what they could do to crack the hash.

“The characteristics that made “momof3g8kids” and “Oscar+emmy2″ easy to remember are precisely the things that allowed them to be cracked. Their basic components—”mom,” “kids,” “oscar,” “emmy,” and numbers—are a core part of even basic password-cracking lists. The increasing power of hardware and specialized software makes it trivial for crackers to combine these ingredients in literally billions of slightly different permutations. Unless the user takes great care, passwords that are easy to remember are sitting ducks in the hands of crackers.”

How to get hacked

Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like “John the Ripper” or similar programs.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Protect yourself:

  1. Make sure you use different passwords for each of your accounts.
  2. Be sure no one watches when you enter your password.
  3. Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
  4. Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
  5. Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
  6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
  7. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
  8. Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
  9. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.

11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy.

12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”

13. It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.

14. You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

15. Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

While you must do your part to manage effective passwords, banks are working in the background to add additional layers of security to protect you. For example, financial institutions are incorporating complex device identification, which looks at numerous characteristics of the online transaction including the device you are using to connect. iovation, an Oregon-based security firm, goes a step further offering Device Reputation, which builds on complex device identification with real-time risk assessments. iovation knows the reputations of over 1.3 billion devices in iovation’s device reputation knowledge base. By knowing a devices reputation, banks can better determine whether a particular device is trustworthy before a transaction has been approved.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

What You Should be Aware of When Using Your Android Device

As we all migrate towards using smartphones and tablets, we need to be aware of the risks associated with them. Most of us know that we need to protect our computers with security software, but we don’t always take that precaution with our mobile devices. In fact nearly 75% of Americans do not use mobile security software and 36% of us don’t even use a basic PIN to lock our devices.

And if you’re an Android user there are some things you want to be aware of.

Mobile malware is growing and mostly on Android – Android has become the most popular mobile platform for hackers to target, and this past quarter, McAfee Labs™ found that all new forms of malicious mobile software were aimed solely at the Android operating system (OS).

There are a number of factors why mobile malware is growing rapidly on the Android OS. One of which it is the fastest growing platform and has the largest share of the mobile marketplace, and by nature, cybercriminals go where the large numbers are.

Malicious mobile activity is growing via apps – the mobile malware growth above is mostly from bad apps. And these bad apps can do anything from access your contacts and send them emails to “see” everything you do on your mobile device including typing in your user name and passwords to your financial accounts.

Watch app permissions – Android developers can choose from over 150 different permissions that the app can access on your mobile device. Some of these include turning on your camera and recording what it sees, accessing all your contacts and even accessing your IMEI code (which is like your phone’s Social Security number)! You just need to be aware of the type of app and why it would need to access certain information so it’s not sending your personal information to hackers.

For the moment, the amount of detected smartphone malware is relatively low compared to malware that targets desktop or laptop PCs; but being aware that it exists is the first step toward protecting yourself and your data. Here are some steps you can do to protect yourself:

First and foremost, use a PIN to lock your device.

Like with your computer, be cautious when clicking on links, especially from people you don’t know. And make sure you have web protection software which will prevent you from going to malicious sites.

When downloading apps, do your research and check it out before downloading. Read the ratings and reviews and only purchase apps from well-known reputable apps stores.

When you install an app, make sure you review the permissions it’s accessing on your device. And use an app protection feature that warns you if your apps are accessing information on your mobile that it doesn’t need to.

Install a comprehensive mobile security solution like McAfee Mobile Security that includes anti-malware as well as web protection, anti-theft and app protection features. Or if you want to protect all your devices, including your mobile devices, you can use McAfee All Access that protects all your PCs, Macs, smartphones and tablets.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Check Out These Hurricane Prep Apps

Hurricane Irene whacked the east coast over two weeks ago and people are still pumping out. Roads are still messed up and life has changed for many. My property was in the path, although she went a little west of me so I was spared any damage.

But if she did head a little east I was prepared. What helped me prepare was technology. For almost a week I had sms text messages coming into my iPhone via iMapWeather Radio.

iMapWeather Radio 9.99: only app offering critical voice and text alerts on life-threatening weather events. Your iPhone will “wake up” and also “follow you” with alerts wherever you go. Listen with ease to local weather forecasts while you are on the move. Enjoy the power of a Weather Radio, with all the convenience and precision of a smart phone.

The Weather Channel FREE: Looking for the most accurate weather information available? The Weather Channel’s staff of 200+ meteorologists, along with our patented ultra-local TruPoint(sm) weather technology, allow to provide you with the weather tools you need to plan your day, week, or even the next hour.

National Weather Service’s National Hurricane Center FREE: isn’t an app at all. But it is the source of all apps information. You can go to the site and save the link as “Add to Home Screen”.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense on NBC Boston. Disclosures.

Top 5 Business Security Risks

1. Data Breaches: Businesses suffer most often from data breaches, making up 35% of total breaches. Medical and healthcare services are also frequent targets, accounting for 29.1% of breaches. Government and military make up 16.2%, banking, credit, and financial services account for 10.5%, and 9.2% of breaches occur in educational institutes.

Even if you protect your PC and keep your critical security patches and antivirus definitions updated, there is always the possibility that your bank or credit card company may be hacked, and your sensitive data sold for the purposes of identity theft.

2. Social Engineering: This is the act of manipulating people into taking certain actions or disclosing sensitive information. It’s essentially a fancier, more technical form of lying.

At 2010’s Defcon, a game was played in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out sensitive information. All five holdouts were women who gave up zero data to the social engineers.

3. Failure to Log Out: Web-based email services, social networking sites, and other websites that require login credentials generally provide an option to “Remember me,” “Keep me logged in,” or, “Save password,” and, once selected, will do so indefinitely. This feature often works with cookies, or codes stored in temp files. Some operating systems also include an “auto-complete” feature, which remembers usernames and passwords.

4. Inside Jobs: With millions losing jobs, there are many opportunities for an insider to plug in a thumb drive and steal client data or other proprietary information. Networks are like candy bars, hard on the outside, soft and chewy on the inside. Insiders who fear layoffs may be easily tempted to use their access to profit while they have the chance.

5. Fraudulent Accounts: Many businesses lay claim to thousands or millions of members or clients who have access to web-based accounts. No matter the nature of the business, social network, dating site, gaming site, or even bank or retailer, some percentage of the accounts are ongoing instigators and repositories for fraud. Troublemaker accounts infect the overall stability of any organization, and flushing them out is essential.

One anti-fraud service getting lots of attention for protecting online businesses from crime and abuse is ReputationManager 360 by iovation Inc. The service is used by hundreds of online businesses to prevent fraud by deeply analyzing the computer, smartphone, or tablet connecting to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)