Friday, October 30, 2009

WORD FOR THE WEEK: HONEYPOT!

HONEYPOT:


It is a trap set for cybercriminals by companies.  Example: your bank puts out a "honeypot" that looks enticing to cybercriminals.  The cybercriminals think they are getting into the honeypot to sneak away with customer data.  Instead, they get nothing or phony data and that leaves honey footprints behind to help the good guys know what the bad guys were trying to do.   


Think of it as a decoy so crooks run after the decoy and the bank keeps your information safe.


Just another tool in the arsenal of companies and the government to keep your data safe.

Wednesday, October 28, 2009

Post your information on a job web site lately? Beware.

The internet brings a chance for people to see your talents and skills.

The challenge is, how do you provide information online to potential employers but still keep yourself safe?

In the UK, a major job posting website was hacked.  The company's response?  They told their customers they recommend they go out and buy their own identity theft protection.  Banks and Credit Card companies have to follow compliance laws on when to report a breach and they have to offer to protect your credit with free credit reporting.

I am not a fan of creating a law every time an incident happens but wonder if there should be a law that holds websites accountable for protecting information and taking care of their customers if there is a breach.

What say you?

Article Follows:
http://www.ere.net/2009/10/27/hacked-job-board-tells-victims-to-pay-for-protection-themselves/


Hacked Job Board Tells Victims to Pay for Protection Themselves
Posted By John Zappe On October 27, 2009 @ 3:59 pm
In News and Features

 [1]The British newspaper whose job board was hacked over the weekend is advising the half-million users whose information may have been accessed to buy identity insurance and notify credit reporting agencies.

An indignant Twitter post by one of those whose account with The Guardian jobs [2] site was compromised says she received an email from the newspaper advising her of the illegal access and suggesting she subscribe to an identity protection service.

“got the guardian hack email – they suggest I buy identity fraud protection services. Hang on, who let people steal my information?” reads the tweet [3]by Joelle Nebbe-Mornod [4], a technology consultant and former CTO now in the U.K.

The site itself gives no hint of the hack, until you scroll almost to the bottom of the home page where, under a heading of Workplace News, there is a short item headlined: Guardian jobs site – Security Breach. [5] It links to a page of more detailed information.
There, The Guardian reports that the site is now secure and adds, “It is clear that only a minority of Guardian Jobs users are at risk. Some of the data which appears to have been stolen is up to two years old. We have emailed the approximately half a million users whose data may have been compromised. This is out of the total of 10,328,290 unique users the site has per calendar year. The USA jobs site [6] has not been affected.”

In an FAQ [7], The Guardian recommends users whose accounts were compromised obtain fraud protection at their own expense.

“The Guardian, in common with our users is also a victim of this crime and we deeply regret that this breach has occurred. We believe our technology and security measures were more than compliant but regrettably the threat from criminal hackers is continually evolving. Whilst our investigation is continuing we suggest that each individual should decide whether to follow the guidance recommended by the police and meet any associated costs.”

The Guardian’s British site is powered by Madgex Job Board Software [8]. The U.S. job site is run by Indeed.com.

The Guardian says [7] that no personal accounts were accessed, but other, potentially sensitive, information was. “Job application data, material such as covering letters, and CVs. We have no reason to believe that any financial or bank data was compromised in this incident.”

Police are investigating the access. No technical details have been released, however some technical publications have offered possible methods [9].

This is the second major security breach of a British job board this year. Monster’s UK site was hacked in January [10] and some 4.5 million records were stolen.

Article printed from ERE.net: http://www.ere.net


URLs in this post:

[1] Image: http://www.ere.net/wp-content/uploads/2009/10/Guardian-Jobs-security-page.jpg
[2] The Guardian jobs: http://jobs.guardian.co.uk/
[3] tweet : http://twitter.com/iphigenie
[4] Joelle Nebbe-Mornod: http://www.ecademy.com/account.php?id=400325
[5] Guardian jobs site – Security Breach.: http://jobs.guardian.co.uk/securityupdate.html
[6] USA jobs site: http://www.guardianjobs.com
[7] In an FAQ: http://jobs.guardian.co.uk/securityupdate-faq.html
[8] Madgex Job Board Software: http://www.madgex.com/jobboardsoftware/
[9] some technical publications have offered possible methods: http://news.google.com/news/story?hl=en&q=guardian+jobs,+hack&sourceid=navclient-ff&rlz=1B3GGGL_en___US323&um=1&ie=UTF-8&ncl=dy6pCv6sJqoWImM&ei=U0rnSsuwO5jYtAPVi_ybAQ&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CAwQqgIwAA
[10] Monster’s UK site was hacked in January: http://www.ere.net/2009/01/27/monster-hacked-again-45-million-records-stolen/

Monday, October 26, 2009

Buying a Computer or Smart Phone for the Kids In Your Life? Some Suggestions to Keep them Safe!


This year promises to be a fantastic year to purchase a computer or smart phone for your kids.  It is a fact that there are bad people online and they are waiting for your kids so they can trick them into giving them information, bully them, or worse.

You can protect your kids when they use their smart phone or a computer at home or away.  I have a few quick tips for how to educate your children so they are safe.

We teach our children to look both ways before they cross the street and not to talk to strangers.  These same lessons you teach them also apply online.
1.    Family Safety Pledge:  I recommend your family create a safety pledge and have everyone sign it.  Post it prominently next to the computer as a reminder.   (See below)
2.    Don’t Talk to Strangers:  People online are strangers.  Do not share personal information with them even if they pretend to know your friends or parents. 
3.    Look Before You Click:  Teach your kids to never click on pop ups, even if it says they just won a prize or money.
4.    Monitor Accounts and Activity:  Tell your kids you will monitor their history, online social networking accounts, usage, and instant messages.
5.    Parental Controls:  You can use your browser or software designed to lock down your home computer.  But, since your kids may be online away from home, the other tips are important.
==================================

Please feel free to use our Family Safety Pledge for Smart Phone and Internet use.

Family Safety Pledge
We want to keep our family safe so we are having each family member read this pledge and sign it.

The pledge applies any time you use a smart phone or a  computer.  This rule includes places you may visityou’re your phone or a computer such as blogs, chat rooms, instant messages, email, websites, video and picture sharing sites, and social networking sites. 

1.   Don’t Talk to Strangers: 
a.   Information:  I promise I will not give anyone or any website on the Internet personal information without my parents’ permission. 
b.   Meet:  I will not meet in person anyone that I've met online unless I have permission from my parents.  I understand that my parent will go with me to meet with them in a public place. 
c.   I will not register for free offers, contests, and registering for online clubs without checking with my parents first.

d.   Personal information I will not share online includes:
         my name
         address
         phone numbers
         photos or videos
         password
         my family members’ names
         my school, clubs, sports
         vacation dates, times, locations
2.   Protect Passwords:  I will never give out my password to anyone other than my parents, this includes my friends.
3.   Golden Rule:  I will treat others online with respect and caring.  I will not send mean messages about people or to people. 
4.   Think Before I Click: 
a.   I will not click on emails, links, pop ups from people I do not know.
b.   I will not download files, music, videos, pictures or programs without permission from my parents.  Even if they are free.
c.   I will not buy anything online without my parents’ permission.
d.   Before playing a game online, I will have my parents screen it and give me permission to play.
5.   Chat Carefully:  I will never tell anyone online about my or my family’s whereabouts or that I will be home alone without Mom and/or Dad's permission.

·      I will not enter a chat room without my parents screening it first.

 

·      I will report to my parents any email, chat room conversations, instant messages or websites that make me feel uncomfortable like bullying, bad language, or X-rated messages and pictures.
·      I know that it is not my fault if I see something bad accidentally and I will not be punished for showing my parents.

I understand that Internet use is a privilege, not a right. I will follow my family's safety pledge for computer and smart phone use whether or not I am in my home or someplace else.
_________________________
Each Child’s Signature


_________________________
Parents’ and/or Grandparents’ Signature




_________________________
Date 
_________________________
Date

Wednesday, October 21, 2009

Word for the Week: BOTNET


Word for the Week: BOTNET

A botnet is two words mashed together – robot and the net. It is a term used to describe computers that have become infected with a virus that allows cybercriminals to control them. The owner of the botnet is usually called a bot herder or bot master and they control the computers remotely. They use the botnet computers like a disguise to carry out their cybercrimes

New Segment this week: Protecting Yourself from Online Identity Theft & What to do if you are a victim.


Monday, October 19, 2009

A Part of the Economy Is Booming and It's Not the Banks!

Cybercrime is a thriving economy.

The FBI is diligently working the issue but they need our help by protecting ourselves, being aware, and reporting suspicious emails and activity.

There are actual markets online, think of a  criminal version of "ebay" or "craigs list" of sorts where criminals can buy, barter, trade stolen identities, hacking kits, and more online.

Symantec (they also make Norton antivirus) estimated that if every stolen credit card and bank account was hacked and siphoned off that criminals would have made $8B.  Thankfully, they do get caught!

Think of the old fashioned flea markets.  Well, the cybercriminals go into these online thieves markets.  They call these "Internet Relay Chat" rooms and thousands to tens of thousands of criminals will be in the IRC room trading information.

Credit cards and bank accounts are about 51% of what is advertised in these "thieves markets".

Keep your antivirus up to date, watch where you click, and make sure everyone in your company or household are aware too.


For research, helpful hints, and more information you can follow us at:
Twitter: @FortaliceLLC
Facebook: Fortalice LLC
WBTV.com: http://www.wbtv.com/Global/category.asp?C=175133&nav=menu1434_4_5

"Shh! Be wary very quiet." Let's go cybercrook hunting! Cybercrooks tracking us online.



Friday, October 16, 2009

Stop-Look-Listen Before You Use "Free Wireless"


Should I Use Free Wireless?

Tips to Safer Working and Playing Online

There you are, it is a gorgeous day and you take the laptop outside to the local café or coffee shop to work or play online. Or, maybe you are frantically trying to get a little work done while sitting in the hotel lobby or airport. You notice a free wireless network pops up and you think you have hit the jackpot. You select the netwo

rk, it does not ask for a password, the web browser loads and you begin to enjoy your time working or playing on the internet. But is this a wise thing to do?

Here are a few helpful tips to help you analyze if you should hop on that free wireless connection – Stop-Look-Listen

1. Stop: Think first about what transactions you may be conducting online. Would you shout out your bank account number for all to hear? Then you may not want to do online banking while on a free wireless network. If you do not know the security of the network, when you type in your account number, you may be shouting it out for cybercriminals to hear.

2. Look: When the network popped up, did it prompt you to type in a passcode or password to log in? If so, it is very likely

you are on a secure network. Look next to the network name for a padlock icon. This indicates that the owner only lets people on the wireless network that know the passcode.

3. Listen: Heed the software update messages from Microsoft or Apple that prompt you to install the latest version of your operating system. This will help protect you.

We recommend you save your very sensitive browsing and transactions when you can connect through a direct internet connection or on a trusted wireless network.

If you must have the flexibility of conducting sensitive transactions anytime, anyplace, consider purchasing a broadband card or a mobile wireless hub such as the new MiFi. If you would like to see the mobile card or MiFi in use, you can ask for a demonstration at your local cellular phone store. The broadband card allows you to connect your PC to the internet using a secure connection. The MiFi allows you and four

other PCs within 30 feet of the MiFi to connect using a unique password to the internet via a secure connection. You can use MiFi almost as easily as a cell phone. It even works in a moving car.

For research, helpful hints, and more information you can follow us at:

Twitter: @FortaliceLLC

Facebook: Fortalice LLC

WBTV.com: http://www.wbtv.com/Global/category.asp?C=175133&nav=menu1434_4_5