Wednesday, July 6, 2011

Security Questions...How Do You Answer Them?

May 2011


We have all been presented online with secret questions and passwords.  This is supposed to help a company website know it is really you when you need a password reset.  But, how secret are those answers and should you give a completely different answer to the question to throw off cybercreeps?

We all see the security questions and take them seriously.  We dutifully enter in our Mother’s maiden name when asked.  But where does that information go?  Is it really protected?  Is it really used to validate that it’s you or does a cybercreep just need to know the answer?  With the recent Sony PlayStation breach, they are concerned that your answers to their secret questions might be at risk. Cyber Expert Theresa Payton says that you may want to think about how you answer those secret security questions on various sites.

When you fill out a job or bank application, you need to truthfully answer these questions.  When you are on sites such as email, social networking, or other internet sites you should look for options that make sense.

Tips to Protect Your Secret Questions and Answers:
1. Look first to see if you can create your own questions.  If you can create your own question, that is the best option.
You can make up something such as a question:  “Where I wish I could go right now” and answer “On Vacation with my honey!”.
2. Avoid responding to quizzes online:  A lot of those funny quizzes you can answer online on Facebook or other sites might give away clues that can help guess your password or your answers to security questions
3. Come up with your own code phrase and choose the first letter of each phrase and use numbers or symbols. Example: When answering “your favorite color” create a phrase like, “I love yellow because it reminds me of daisies” and answer with Ilybirm@d!
4. Use completely different answers but make sure it is something you can remember!

Our word for the week is:  PIMP
A play on the phrase, “pimp my ride”, this is geek speak for using words, cool backgrounds, or graphics to embellish your online profile.  An example would be, finding cool backgrounds for your Twitter or blog page.  Pimping your profile means boosting the look and content of your profile online by adding various information or links to your profile to make it stand out.

Web Resources:
McAfee has great tips on security questions and answers as well as the latest scams floating around at www.McAfee.com
Facebook has a great safety page at:  https://www.facebook.com/fbsafety
You can keep up with the latest Facebook scams at:  https://www.facebook.com/Facecrooks?ref=ts

A Warning: Social Networking Tied to Recent Kidnapping

May 2011

We have talked to you before about monitoring what your kids post on Facebook or check in location software like Foursquare to protect them from cyberstalking and child predators.  Well now, we have news tonight of a recent attempted kidnapping where police believe that the kid’s social networking activities made him a target.

It is a parent’s worst nightmare, your child does not come home on time or arrives home late saying someone tried to follow them home, or worse, they go missing.  This horrible scenario happened to a security experts 20 year old son.

Eugene Kaspersky is a legend in the security field.  His son Vanya, also known as “Ivan” is 20 years old and was kidnapped on his way to work.  The overall story is terrible but it has a happy ending – Ivan is alive and home safe and sound.  When police started investigating, they and his Dad, Eugene, believe that the kidnappers were tracking his son using social networking.

The kidnappers were actively using social networks, gleaning ever detail possible about their potential victims and mapping out their daily routines.  They used this information to plan their crimes, including kidnapping Ivan.

We know that sometimes young people lie about their ages online but since the age they type in is all we have to work with, conside these statistics from InsideFacebook.com:

Over 46% of Facebook users are UNDER 25

Roughly 1 in 5 of every Facebook account belongs to someone UNDER 17 years old.

OnGuardOnline.gov did a recent study and said that over 1/5 of 16-24  year olds admit they don’t know all the people they share their information with on social networks.

Here are 4 tips to start the conversation with your kid, to hopefully avoid a situation like this in your family:

TIPS TO PROTECT YOURSELF:
1. DON’T TALK TO STRANGERS:  Tell kids to assume that strangers on the internet can read posts only intended for close friends.  With that in mind, don’t post you daily routine any place online.
2. GEOCODING:  Every time your kid posts a photo with geocodes they are broadcasting where they have been which makes it easier to map out routines.
3. LOCATION CHECK IN SERVICES:  Your kids might think it is fun to be Mayor of Starbucks but talk to them about the dangers of linking their social networking and location check in services together creating a more complete picture of their routines
4. PRIVACY CHECK:  Check all settings, addresses, phone numbers, and email addresses that show on internet profiles.

Now, for our word of the week, it is:
TETWRIST:  It’s a techie term for that sore wrist you get after playing an addictive game.  The term first started when the game TETRIS first hit the cell phone gaming scene calling it a TETWRIST but now can apply to games like FruitNinja, AngryBirds, Doodle Jump and any other addictive games!

WEB RESOURCES:
To read about what happened in the Dad’s own words, go to Eugene Kaspersky’s Facebook page at:
https://www.facebook.com/notes/eugene-kaspersky/talk-to-your-children-about-privacy-in-social-networks-now/10150169499355998
www.OnGuardOnline.gov has great resources for kids and families.  They provide tips and even games to test your online know how.  A great place to start to reinforce safety lessons for kids and adults.
Kaspersky Lab has an educational program at:  http://www.kasperskyacademy.com/en/
If you want to see how social media and networks are changing the way we think, act and react, check out the infographics at:  http://www.pamorama.net/2011/01/30/65-terrific-social-media-infographics/

Your Information Held Hostage?

May 2011

We have seen the old cops and robber shows or TV dramas where a criminal shouts out, "This is a hold up.  Give us all your money, or else!" Well, in cyberspace there is a new twist.  A trend is emerging where hackers steal information, some hold it ransom, and then try to sell it back to the company they stole it from.  It sounds like a bad TV movie doesn't it?  The bad guys break into a network at a company and hold the data hostage.  It's happened before but now researchers in cyber security say it is happening in what might turn out to be the largest data breach so far - the Sony Playstation network breach.  Could your credit card data be in their hands and held for ransom?

Researchers said that alleged hackers have been talking about it in online forums saying they have roughly 2 million credit card numbers from their heist.    The hackers offered to sell stolen credit cards back to Sony for $100,000.  It is unclear what the next steps will be but FBI Law Enforcement Officials are involved.


5 TIPS TO PROTECT YOURSELF:
1. Set up automated alerts for exisiting credit cards
2. Consider placing high fraud alerts on your credit card accounts through Experian, TransUnion, and Equifax
3. Make sure your password on the game system is not the same or even a variation of your email, banking or social networking accounts
4. Several breaches have happened recently of email addresses - be very suspicious of emails you receive and avoid clicking on links or opening attachments
5. Consider a new credit card if your card was connected to Sony Playstation

This Week’s Word of the week:  Nibble (also sometimes spelle NYBBLE or NYBLE)
It sounds like snack time but it refers to storage.  This is a geek play on words.  A byte of storage has 8 bits so if you only need 4 bits, you just need a "Nibble" and not a full "byte".

Web Resources:
Sony is communicating updates about the most recent breach at:
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/

If you want to set up Fraud Alerts, you can go to all 3 credit reporting services:
Experian:  https://www.experian.com/fraud/center.html
TransUnion:  http://www.transunion.com
Equifax:  www.Equifax.com