Category Archives: Online Security

Cyber security awareness: The Facebook feature you will love

facebookprivacytab

 

This month as part of Cyber Security Awareness Month I had the opportunity to talk to expert, Jennifer Jolly about cyber security, especially about being safer and protecting my privacy on Facebook.

“President Obama designated October as National Cyber Security Awareness Month. National Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident.”

Jennifer and I discussed:

  • What are three quick steps you can take to help make sure only the people you want can see your stuff?
  • What are some security controls that are available to protect our accounts and privacy?
  • How can login approvals help to keep our Facebook account safe?
  • Why is it so important to have unique passwords for our social media accounts?
  • How can we control what information we share with apps when we login using our Facebook account?
  • Why do we need to periodically review the apps connected to our accounts and clean house? What is an easy way to do this?
  • Where can we go to for more information?

Our interview is audio, so grab a pen and paper and take a few notes. I was surprised at how fast and easy I was able to tighten up the security and privacy settings on my personal Facebook page – and how many apps I had actually given access to. You will be too!

 

Jennifer Jolly is an Emmy award-winning consumer tech journalist and “geek speak translator.” She’s one of the nation’s most trusted experts when it comes to reviewing and explaining consumer electronics and the days’ top tech trends. A 20-year broadcast industry veteran, Jennifer writes the weekly New York Times Wired Well column and is the host and syndicated columnist of TechNow. Jennifer is also frequent guest contributor for the Today Show, The Meredith Vieira Show, The Talk, CNN, HLN, Dr. Oz, and the Rachel Ray Show.

When a purchase order email is not what it seems

Image By: Ian Lamont
Image By: Ian Lamont

Today’s award for the least convincing spam message goes to the “purchase order” I received. The funny thing is I don’t sell anything so I’m not sure how it could possibly pertain to me. It just goes to show they grab, harvest or purchase email addresses and then send them out in bulk, sort of like fishing with a bucket of bait. With that much bait you are sure to catch something.

If you receive something like this one, which also has a “zip” file to download my suggestion is to send it to spam and keep going. What are the keys to knowing this isn’t a real purchase interest?

  1. It was in my spam folder – which I do check regularly since sometimes items are mistakenly marked as spam.
  2. The problems with grammar and punctuation.
  3. The fact that I don’t sell any items.
  4. And, that it’s “near” somewhere in Egypt.
  5. That it has a zip file. Beware of downloadable files, links, and images, especially those that come from those you don’t know.

Sample Email below

A dead giveaway is when my spam filler has this in the RE:

****SPAM**** HIGH * Purchase order-
Dear Sir

We are interested to Purchase your product, i got your contact information

from two of our customers.

Please contact us with the following below:-

– Your minimum order quantity.

– Your FOB Prices and FOB Port.

– Your estimated delivery time.

Please fine attached company details and requirements below to preview the samples/specifications needed.

Best Regard
—————————————————————————————————————–
GMCC LTD  IMPORT & EXPORT
Address deleted
Sheraton Bldgs. Heliopolis,Cairo
Landmark:Near To Radisson Blu Cairo Egypt

Stop CISA to Stop Cyber Spying

Image By: lizzardo

CISA or the Cybersecurity Information Sharing Act of 2015 has not been passed yet. It could be up for a vote as early as next week but it appears that it might be delayed until fall.  President Obama has made no promises to veto this bill. The Electronic Frontier Foundation (EFF) believes that grassroots activism can kill this bill like it has other bad cybersecurity legislation in the past.

So, what is CISA? The Cybersecurity Information Sharing Act of 2015 was  intended to balance security and privacy. Senate Intelligence Committee Chairman Senator Richard Burr said that fifteen new amendments to the bill were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyber attacks, according to a Wired article from January.

Critics of the bill argue that the bill does nothing to boost security and does nothing to prevent major cyber attacks that endanger the privacy of individuals. EFF argues that the bill encourages companies to share private information with the government and gives them sweeping liability protection when they do so.

“CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers,” says the EFF Week of Action page, “Combined, they make the bill a surveillance bill in disguise. The bill may even make things worse for Internet users in several ways. That’s why we’re launching a week of action to make sure Congress is getting the message loud and clear:  CISA must not pass.”

Organizations that have joined with EFF for Week of Action include the American Civil Liberties Union, the American Library Association, The Constitution Project, and Freedom of the Press Foundation. EFF has a list of organizations that will be participating in the Week of Action and will update it as new organizations join the fight to #StopCISA.

Hackers Win Round Against Sony: The Interview Pulled from Theaters

Hackers have won a round against Sony Pictures Entertainment this week after a devastating cyber attact. Sony pulled “The Interview” from theaters nation wide after the hackers spread fear throughout the entertainment industry. “The Interview” was to be released in theaters on Christmas Day. Sony said they would no longer hold screenings of the film in any of their theaters.

U.S. intelligence has linked the cyber attack on Sony to the North Korean government. The film portrays the fictional assassination of North Korean leader Kim Jong Un. It is believed that the hackers from North Korea were given the order to hack Sony’s computer system targetting sensitive data including emails, financial records and salaries of Sony’s top stars.

It is unclear whether “The Interview” will be released soon. The hackers made threats against Sony by promising movie goers with a “bitter fate” should they head to theaters to screen the film. The hackers threated a 9/11-like attack on all movie theaters that screen the Seth Rogen and James Franco comedy.

The warning reads:

“We will clearly show it to you at the very time and places “The Interview” be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.

  • Soon all the world will see what an awful movie Sony Pictures Entertainment has made.
  • The world will be full of fear.
  • Remember the 11th of September 2001.
  • We recommend you to keep yourself distant from the places at that time.
  • (If your house is nearby, you’d better leave.)
  • Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.
  • All the world will denounce the SONY.”

In addition to the terroristic threat, the hackers released the content of files called “Michael Lynton” (CEO of Sony Pictures Entertainment) which included embarrassing emails and sensitive personal data. The tactics used by the hackers worked to caused the nations three largest movie chains to cancel showings of “The Interview” with an unknown release date.

Sony has no current plans to release the film either to theaters or direct to video.

Lawsuit Claims BackPage.com Aids Sex Trafficking

51a241c5ddd8b47e50aa3c59a964910a25464_640

Three sex trafficking victims have brought a lawsuit against BackPage.com. The victims claim that the website helps promote the exploitation of children. Lawyers for the victims claim that the girls were sold as prostitutes through ads on BackPage.com. BackPage says that the lawsuit is an attempt at censorship and has asked a judge to dismiss the case. The judge declined, BackPage appealed.

The Washington Supreme Court heard arguments on Tuesday, October 21, 2014. BackPage believes the case should be thrown out because the Communications Decency Act of 1996 gives it immunity from the activities of its members. The victims say they were raped multiple times when they were teenagers and that the website is partially responsible for their sex trafficking.

KiroTV.com reported, “According to court documents, when pimps forced the women to offer sex on the controversial website, Backpage never verified their ages and instructed sex traffickers not to use certain words or graphics to avoid scrutiny from the public and police.”

During the arguments, the Supreme Court Justice’s asked both sides whether BackPage was part of contributing, developing or creating content for the website. The attorney for BackPage claimed that it was clear that his client did not create or develop the ads that allegedly harmed the plaintiffs. He argues that this is an effort to chill online speech.

The Communications Decency Act of 1996 was the first attempt by the United States to regulate pornographic material on the internet. It criminalized the transmission of materials that were “obscene or indecent” to persons known to be under 18. However, many portions of CDA have been struck down for violating the right to free speech.

The BackPage lawsuit could have a major effect on sex trafficking. The ruling in the case could also have a huge impact on free speech in the online world.

If you suspect child sex trafficking, it should be reported to the CyberTipline of the National Center for Missing and Exploited Children.

Skype Safety Tips for Kids and Parents

By: jayneandd

The internet is a dangerous place especially for kids who are not tech savvy enough to realize a potential threat lurking on the web. Skype is a free video chat and instant messaging service widely used for family and friends to keep in touch with each other. Parents and kids often use the service as it was intended, but sometimes kids and parents get a rude shock.

Skype users have been affected by such items as a video of a naked person, inappropriately touching themselves, tasteless messages sent to young unsuspecting individuals, and compromised personal information. Online safety is a priority to keep both children and parents out of harm’s way.

Skype Safety Tip #1

Always monitor your child while they are using Skype. Know who your child is chatting with and make sure nothing inappropriate is happening in the chat room. One of the best ways to do this is to make sure that the computer or tablet being used is in a common room of the home.

Skype Safety Tip #2

Make sure personal information is kept private by updating privacy settings. First, make sure to use a long, unique password that uses a combination of numbers, letters and characters to prevent the account from being hacked. Next, update privacy settings on Skype to limit communications and protect your private information. Teach kids not to put personal information in a Skype profile because some of it could be made public.

Skype Safety Tip #3

Teach kids about “stranger danger” and what to do if they are approached out in the real world and what do to if they are approached online by a stranger.  Teach children to tell a trusted adult immediately if they are approached by a stranger on Skype or any other internet chat service.

Skype Safety Tip #4

Protect your computer by making sure an antivirus or anti-malware program is installed. Skype users can be subject to viruses and malware that can cause computers to run slowly, corrupt data, and cause vulnerabilities.

Skype Safety Tip #5

Report any incidents to local authorities.  Take a screen shot of the chat and save everything of importance to give to police.  This includes the username of the other party, the time and date of the conversation, and any other pertinent details about the conversation.  The incident will be investigated.

 

Steam Family Sharing Available to Users

Valve has announced that “Family Library Sharing” is now available to all Steam users. The Steam Family Library Sharing allows family and guests to play one another’s games. It is used by players who share computers and who want to share their available library of games with one another. Players can save their own achievements and progress in the game to the Steam Cloud.

How does it work?

Players enable Family Library Sharing on their shared computers. The familiar accounts that log in to them can be authorized for game sharing. A request is made to the friend or family member that you want to share a game with. One you are authorized, the games become available for “access, download and play,” according to Steam.

How much sharing is allowed?

Authorization for Family Library sharing can be given on up to 10 devices at a given time, and for up to five accounts. Simultaneous usage of an account is prohibited. Some Steam community members have begun to complain about this issue. They have suggested that it isn’t sharing when a friend borrows a game and is given a “few minutes” to purchase the game or quit because the owner of the game wants to play it at the same time.

What happens with game data?

Steam allows individual members to save game places, earn achievements and save application data in the Steam Cloud. According to GameSpot, “Lenders can’t access games that aren’t available in their region or games that require a third-party key, account or subscription.”

Is it safe?

Keeping your account and game libraries safe should be a priority. Sharing any kind of data through multiple devices can open the way for hacking to occur. Steam can revoke and close an account if your library is used to cheat.  Make sure the only people you share your game library with are ones that you trust.  Steam recommends that you only authorize familiar computers that are known to be secure and that you never give your password to anyone.

Bitcoins Vanish and Mt. Gox Goes Dark

Bitcoin is a buzz word in the news lately.  Almost half a billion US dollars worth of bitcoins vanished into thin air last week when the bitcoin exchange Mt.Gox went dark.  It helps to understand what bitcoins are to understand why customers are upset about the disappearance of virtual funds.

What are bitcoins?

Bitcoins are virtual currency that approximate cash on the internet. The coins are purely digital and not linked to any government entity. The coins are not backed by any bank or government.  The virtual coins are mathematical algorithms that are exchanged directly between two parties online with no middle man. That means no bank, no government, and no other authority over the printing, distributing or mining of the coins.

What is a bitcoin worth?

According to a Simple Bitcoin Converter, 1 bitcoin is worth $657.60 USD at the time of this post. The exchange rate does fluctuate.

What is the idea behind bitcoins?

The idea behind bitcoins was to create a currency that is completely segregated from a country’s government. For example the United States has no control over the creating, distributing or backing of bitcoins as it does with American currency. Bitcoin was aiming to become a universal currency that changed the current economic system.

What happened?

A rumor appeared that several hundred thousand bitcoins disappeared from one of the dominant exchanges for bitcoin trading.  Slowly the rumor unraveled to become fact. Mt. Gox CEO Mark Karpeles bowed in apology at a news conference in Toyko after revealing that it had lost almost 750,000 of its customers’ bitcoins. On top of the large amount lost, which equates to almost half a billion dollars in US currency, Mt. Gox also lost 100,000 of its own bitcoins.

Karpeles said that technical issues and “some weakness in the system” opened the way for the fraudulent withdrawals.  He did not delve into detail about what the “weakness” or address what the technical issues were.

What is being done for victims of the fraud?

Customers who lost bitcoins have assumed a risk by using a currency not backed by any central bank.  There are no regulations in place. Mt. Gox has shut its operation down and is filing for bankruptcy protection. Some victims are attempting to bring about a class action suit against the once popular exchange.

According to Wall Street Journal, Gregory Green filed a claim with an Illinois District Court seeking damages and restitution.  The claim alleges that Mt. Gox engaged in “unlawful, deceptive, and unfair conduct that is immoral, unscrupulous, and causes substantial injury to consumers.”

Recourse might be very difficult for the victims of the vanishing bitcoins because the exchange was never regulated and never backed by any government or bank. In the meantime, bitcoin enthusiasts believe that the missing coins can be found and are hunting them down themselves.

 

PSN Hackers Target PS4 Users, Sony Stays Silent

In December of 2013, PlayStation 4 users began seeing a problem with “irregular activity” on their accounts.  Sony reset PlayStation Network passwords after noticing the irregular activity that users were complaining about. Several users saw charges being made to their accounts while their game system was off.  According to Gaming Bolt, users are still reporting the same issues that were reported months ago.  And there seems to be a direct link with FIFA games.  In FIFA games there are several things you can buy with real money. Some users link their credit cards to the games in order to buy the things wanted or needed in the game being played.

Many users have complained that it wasn’t just PlayStation Network hackers targeting PS4 users. Some Xbox 360 users have faced similar hacking attempts. One user claimed, “Something similar happened to me on Xbox 360, was charged $135 and they bought FIFA and season pass and crap. Microsoft cleared it all but it took 3 weeks and they temporarily closed my account during the investigation.”

Sony isn’t talking. Although the hacks began months ago the big gaming giant has yet to say anything about the hack attempts.  No one knows if Sony is working on the problem or whether any effort has been made to make PSN secure.

PSN users need to make sure their accounts can’t get hacked. One way that users can prevent hackers from stealing their information is to create a complex password that isn’t used anywhere else. Users should also change that password frequently. Users should report any suspicious activity as soon as possible and they should never, ever give out personal information like credit card numbers or social security numbers.

U.S. Secret Service Investigating Possible Data Breach at Sears?

Sears Holdings Corp. is launching an investigation in the wake of cyber attacks on other retail stores.  Sears, the retailer run by Edward Lampert, has not revealed any details of an actual attack or security breach.

Sears spokesman Howard Riefs said in a press statement, “There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach.”

Riefs added that there has been no information to indicate a breach so far which completely contradicts a report made by Bloomberg News.  Bloomberg News, using an un-indentified source, reported that the U.S. Secret Service was involved in investigating a secret breach at Sears.  The U.S. Secret Service is remaining quiet on whether or not it is actually investigating a breach at the retailer.

What is known is that the U.S. Secret Service is leading the investigation into last year’s cyber attack on Target and last year’s attack on Neiman Marcus.  The Target breach lead to the theft of approximately 40 million credit/debit card numbers and over 70 million pieces of personal data.  Neiman Marcus has also faced the harm of a data breach.  The luxury retailer had 1.1 million credit and debit cards hacked by malware that infiltrated terminals point of sale systems.

Target, Neiman Marcus and other retailers who have experienced data breaches are attempting to gain back customer support by doing a lot of damage control. Target has offered free credit monitoring  and identity theft protection to customers for free for one year as part of its damage control efforts.

The rumor that Sears is investigating a possible security breach may still harm the retailer.  Lampert has struggled to make Sears profitable after 28 straight quarters of declining sales. A tarnished image from a potential data breach isn’t going to make shoppers rush out to buy anything from the retailer.

Original reports of the Target and Neiman Marcus breaches made clear that it could take months to confirm that breaches were made, how many victims were affected, and account for what data was stolen.