Thursday, January 19, 2012

Theresa Payton Named One of Charlotte Business Leader's 2012 Top 50 Entrepreneurs

Congratulations to Fortalice founder, Theresa Payton, for being  selected for Business Leader’s 2012 Top 50 Entrepreneur Award!  Her profile will be included in the February issue of Business Leader magazine among all the Top 50 Entrepreneurs winners.  She will also will be honored at an award ceremony held on Tuesday February 21, 2012. More details to come!

Ashton Kutcher Fights Back After His Social Media Account Is Hacked…But Should You?


Ashton Kutcher’s Foursquare and Twitter accounts hacked.  Learn what not to do if this happens to you.

It would be tempting wouldn’t it?  If someone took over your social media accounts, tweeted embarassing posts and when you finally get your accounts back from them you threaten them on the very accounts they just hacked.   

We all have friends who get their accounts hacked, have to get their passwords reset, and hope that nobody clicks on the crazy links sent by the hackers.  This gets even crazier when big names, like Ashton Kutcher, have their accounts hacked into.  Ashton has roughly 9 million followers that are bound to click on the bad links.  But taking matters into your own hands and fighting back on your own account might sound like sweet revenge but Cyber Expert Theresa Payton thinks that’s not such a good idea...

THE BIZARRE POSTS:
The hackers posted tweets about a sleepover that Ashton had with his new girlfriend and included links to her house.  The problem is, it wasn’t Ashton, it was the hacker going through Ashton’s Foursquare account to Twitter.

Kutcher then posts to Twitter that he knows the account was hacked and that he knows their address!

Kutcher has since deleted the posts including one that said, “I’m coming for you my friend” and posts a location

TIPS:
1.  Don’t do this.  You will antagonize the hacker.  Remember, if you do check ins or tweets with location turned on, the hacker knows where you’ve been and can probably predict where you will be.
2.  Report it immediately to your social networking site.  Change every password you have and make them all different across your accounts.
3.  Send out a notice to all your followers, friends, and family that your account was recently taken over and to be wary of links on posts.  

WORD OF THE WEEK:
DOODLE:  This is cool little scheduling app.  There is a free service and a paid service.  Having a tough time scheduling that carpool?  Trying to get a lunch pulled together?  This allows you to send a targeted email, suggested times, and people pick and choose what works.  You get one view of what works best for everyone. No more emails back and forth.  Again, be careful how much you share.  Confidential meetings should be handled the old fashioned way - phone calls!



WEB RESOURCES:

Our word of the week, Doodle, can be found at:  http://doodle.com/

If your Twitter account is hacked, Twitter has helpful resources at:

http://support.twitter.com/articles/31796

For some pictures of the Tweets (you can’t find them on Twitter because they were deleted!) go to Graham Cluley’s webpage at Sophos:
http://nakedsecurity.sophos.com/2012/01/16/ashton-kutcher-foursquare-twitter-hack/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+nakedsecurity+(Naked+Security+-+Sophos)&utm_content=Google+Reader


What is SOPA and why should we be concerned?

Websites went dark on the internet. So many, that you might have been wondering if there was a widespread outage.  But it was on purpose.  Web sites around the globe took themselves offline for 24 hours to protest two U.S. bills being proposed on Capitol Hill.  These bills are designed to stop piracy which sounds like a great idea.  So, what are these websites upset about and why should you be concerned?  

SOPA and PIPA might sound like cute characters from a cartoon but they are actually the acronyms for the laws being proposed in DC.  SOPA - STOP ONLINE PIRACY ACT and PIPA Protect IP Act.  These bills are so controversial that Wikipedia, WordPress, Google and many others either took themselves offline or changed their sites to show their protests of the bill.  They say these bills are too far reaching and would actually take the legitimate sites that you know and love offline.  Cyber expert, Theresa Payton, explains what the fuss is all about.

WHAT ARE THESE BILLS MEANT TO DO?
1.  Media companies, music companies, anyone who develops products want a better way to fight piracy.  Today, they sue individual users or work with the U.S. government officials to try to shut down domains.  This gets almost impossible to do with the internet pirates are overseas.

2.  SOPA which is the House Bill and PIPA which is the Senate bill are aimed mainly at foreign web sites that have printed copyrighted or counterfeited materials or goods illegally.

An example of a site considered an online treasure for pirated information is “The Pirate Bay” .

SOME HAVE VOICED CONCERNS:
1.  Shut down without a voice:  there is no appeal process before the site is shut down.  So, if sites are shut down but it was “mistaken identity” and actually a legitimate site, it could hurt the business owners
2.  Technology experts are concerned that the language in the bill could leave companies open to internet censorship as various sites, topics or services become a target
3.  Links you share on social networks and even emails might be monitored and potentially removed if it is believed to be promoting piracy or copyright infringement
4.  Sites that let the communities drive content are concerned that if the community posts something that is considered a violation that the entire site will be pulled down

WHAT SHOULD BE DONE INSTEAD?
Many internet openness advocates say, do nothing. Use the laws we already have and enforce them better.  An alternative bill called Online Protection and Enforcement of Digital Trade Act (OPEN) has also been propose that would send any accusations of piracy to the US International Trad Commission first before taking a site offline or other actions.

WORD OF THE WEEK:
PINTEREST:  A mash up on pinboard and interests.  It’s a really cool site where you set up a profile of interests and you can pin up things that you love as well.   From wedding plans to travel tips to fitness and architecture.  It’s all there.  Just be careful how much personal information you share about yourself while you pin up your favorites!


WEB RESOURCES:
The Library of Congress has posted the text for the Bills at the following links:

SOPA:  http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3261:
PIPA:  http://thomas.loc.gov/cgi-bin/query/z?c112:S.968:

The alternative bill proposed is called OPEN>  If you want to see a draft of the bill and comment on it, go to:
http://keepthewebopen.com/


If you want to know if your elected official is sponsoring these bills, the Co-Sponsors are listed at:
http://thomas.loc.gov/cgi-bin/bdquery/z?d112:HR03261:@@@P


PC World is tracking the progress of the bills at:  http://www.pcworld.com/article/248298/sopa_and_pipa_just_the_facts.html

For a graphical illustration, check out Mashable’s infographic at:  http://mashable.com/2011/11/16/sopa-infographic/

You check out the word of the week, PINTEREST at http://pinterest.com/

Friday, January 6, 2012

Beware the TypoSquatters!

Notes taken by: Theresa Payton, Fortalice, LLC. Content also to be featured in an upcoming episode of WBTV's Protecting Your Cyberturf with Kristen Miranda and Theresa Payton.

This week we are starting first with our Word of the Week which is TYPOSQUATTERS. There are thousands of them on the web. TYPOSQUATTERS are people that purposely create a domain name based on frequent typos internet users make when they try to visit popular sites. Sometimes typosquatters are just using it as a technique to drive traffic to their own business but you need to know about this for another reason - cybercriminals love to typosquat!

Because cybercriminals go where the action is, they wait for websites to get popular and then they register domain names based on popular mis-spellings of the real website. Once the typosquatter lures you to their site, they use all types of tricks to get you to give them your personal information or to click on links so they can install malware on your computer.


WHY THEY DO IT:
1. The typosquatters love household brand names and large companies such as Walmart and Apple - the bigger they are, the more traffic that might come there way via a typo

2. They can lure customers to these rogue sites and take information or infect their computers

3. In some cases, they know that people will mis-spell the domain name for email accounts and they will read any emails sent to the wrong domain name.

RECENT TYPOSQUATTER EXAMPLES:

Instead of Walmart.com some people typed in Wallmatt.com

Apple.com became Appple.com

Youtube.com was replaced with Yuube.com

Airfrance.com with Arifrance.com

Researchers at one firm set up typosquat domain names to test out a theory that people mis-spell domain names often on email addresses sent to companies. In this test they were able to gather over 20 megabytes of information via emails sent with a typo in the email domain name!

WHAT YOU CAN DO:
1. Slow down: We are all multi tasking and surfing the net on various devices. Before you hit enter, double check the website.
2. Frequent visitors: Use bookmarks for sites you visit frequently.
3. Report: If you see typosquatting or suspect you have, report it to www. FTC.gov and to the actual merchant you were trying to visit. Most companies have a “contact us” form on the internet that you can use.
4. Beat the Typosquatters: If you own domain names, consider purchasing close spellings or popular mis-spellings of the domain.

Some companies are so worried about their customers that they purposely create mis-spelled domain names and send redirects to the correct site.

For example: If you accidentally type in amzon.com, Amazon will redirect you to www.amazon.com

This problem is so serious that Facebook has actually sued typosquatters for creating sites spelled similar to Facebook.com such as facebobk.com and facemook.com.

WEB RESOURCES:

You can actually check for variations on a website name. Remember, not all variations of a website means they are criminals, some might be legitimate.

An interesting test you can try is on the Vera Labs site at: http://veralab.com/dnsdomainsearch/typo-squatters.jsp

A Clean Sweep of Social Media Permissions!

Notes taken by: Theresa Payton, Fortalice, LLC. Content also to be featured in an upcoming episode of WBTV's Protecting Your Cyberturf segment with Kristen Miranda and Theresa Payton.

Managing your social life on the net can take time. You have email, Facebook, Twitter and other sites you feel like you need to come up with. That’s why a lot of you like to link your accounts together. This can be helpful but over time you may have too many apps linked or snooping on your social media life.

Who doesn’t want to simplify their life by letting their photo sharing app talk to their social media accounts so it’s one click and you share that funny photo with friends? But Cyber Expert, Theresa Payton, warns that too many apps with access to your accounts makes you more vulnerable to cybercriminals and cybercreeps.

THREE QUICK TIPS:
1. THINK TWICE: Be wary of giving permissions to other apps - you really have no idea how they treat your data or safeguard your id and password
2. MONTHLY SWEEPS: Make it a point once a month to look at each social media account and review, change or delete the permissions you have granted to apps for each social media account
3. DIFFERENT PASSWORDS: Use different passwords across your social media accounts

To make your clean sweep easier, there is a fun new tool out there, you can try out this tool at:
http://mypermissions.org/.

WORD FOR THE WEEK:
Googleganger

A play on the word, doppleganger. This is when you do a search of your own name on Google and you see people with your exact name but they are not you. This can be fun or even a little shocking depending upon what your Googleganger has been up to.

For example, Kristen Miranda! She’s not just an anchor and reporter at WBTV. There is another Kristen Miranda working in the health insurance industry! Another Kristen Miranda is attending medical school. Kristen sure has a lot of interesting Googlegangers.

WEB RESOURCES:
For a one page reference to several popular social media accounts, try My Permissions at http://mypermissions.org

To check app permissions on Facebook, go to http://www.Facebook.com/editapps.php

To check Twitter, go to https://twitter.com/settings/applications

Each Social Media account is different so be sure to check each account.

Bluetooth: Be Wary

Notes taken by: Theresa Payton, Fortalice, LLC. Also featured in WBTV's Protecting Your Cyberturf segment featuring Kristen Miranda and Theresa Payton.
Many of us use and love Bluetooth technology. You can use it to send a document
from your laptop to a printer in another room via a radio frequency. It’s easy to
set up and convenient to use! But you might want to think twice about what you
use it for because that easy connection for you can also be an easy connection for a
cybercreep. Cyber expert, Theresa Payton, explains what you need to do to
protect yourself.
THE RISKS:
1. You may be shouting out your information via your voice
2. What makes Bluetooth easy to work for you, can make it open to someone to
eavesdrop.
Have you ever been at a house where the baby monitor or the cordless phones pick
up the neighbor’s conversations? This is sort of like that.
It’s also less about your actual Bluetooth itself and the fact that many people walk
around with the Bluetooth enabled on their smartphone when they don’t use it
which means it’s open for cybercreeps to Bluetooth their way in.
When you have Bluetooth turned on but not in use, you are basically broadcasting
that your phone is on & available for other to Bluetooth to it!
HOW THEY DO IT:
A hacker can run a program on the computer that scans for Bluetooth connections.
When they find one, bingo, they connect and they are in.
WHAT THEY TYPICALLY STEAL:
What do they take? Typically things like your address book, possibly your calendar,
photos, using your phone to make long distance calls, or they may turn your phone
into an impromptu speaker and listen to your conversations.
3 TIPS TO PROTECT YOURSELF:
1. Turn your Bluetooth to “off” on devices such as your phone when not using the
Bluetooth feature
2. You can also look at your manufacturer settings to see if there is a “hidden”
or “private” mode
3. Refrain from sensitive and personal conversations using the Bluetooth device
WORD OF THE WEEK:
Snarfing: A blend of two words “snort” and “scarf” which are techie terms for
stealing data over wireless. If you snoop or steal data on a Bluetooth device it is
called Bluesnarfing
Bluetooth offers a page dedicated to security questions:
http://bluetooth.com/English/Technology/Works/Security/Pages/SecurityQA.aspx
BlackBerry users can find help on how to secure their BlueTooth connection at:
http://docs.blackberry.com/en/admin/deliverables/16648/
Protecting_Bluetooth_connections_on_a_BB_843702_11.jsp
Contact your phone service provider with any security questions you might have.