WhenSecurity and Privacy Wrestle Who Is the Winner?

Taken from Huffington Post article by: Theresa Payton, Fortalice LLC. 

--Does CISPA win the security battle but lose the privacy war? 

There is a fight going on between security and privacy and it is your personal data and communications at stake.  Many of you might remember hearing about SOPA, PIPA, and ACTA.  You might vaguely remember that on January 18th of this year that websites, such as Google and Wikipedia, looked strange as the web protested these pieces of legislation.  When I talk with companies and individuals they are not sure why SOPA, PIPA, and ACTA are considered “good or bad” and most are not sure what CISPA is all about.  Only a handful knew that it hit the news this week that it is going to be voted on. 

A quick overview is essential to understanding why you need to make sure your voice is heard.    Regardless of whether or not you love the idea or do not like the idea at all, you need to weigh in.  It is an important part of the process to make sure we get the best chance and striking a balance between security and privacy.  

SOPA stands for The Stop Online Piracy Act (SOPA)and is a US bill that was introduced by U.S. Representative Lamar S. Smith (R-TX) to help fight against counterfeit goods and stealing intellectual property.  PIPA is an acronym of an acronoym.  Consider it the nickname for the PROTECT IP Act.  The PROTECT IP stands for Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act.  This was another law designed to help copyright holders to fight back against counterfeiting.  It was introduced  by Senator Patrick Leahy D-VT.  The support for these bills was mixed.  Companies such as Google, Wikipedia, and over 7000 other web sites either changed their site or went offline all day on January 18th to protest SOPA and PIPA. They felt the enforcement of SOPA and PIPA would be too ominous for the internet community.  Both pieces of legislation went on “hold” after the January 18th web protests.

ACTA is an international agreement.  It stands for the Anti-Counterfeiting Trade Agreement and it's goal was to establishing international standards for copyrights and intellectual property rights.  ACTA was signed late 2011 by the U.S. and 7 other countries and the European Union signed it in January.  ACTA has not been fully approved or ratified.  The general public across the globe is unhappy because they feel that ACTA was negotiated in secret and most of the bill or how it will be enforced is not fully known.  Just in the last few months, over 200 cities across Europe protested ACTA.

On the surface, the bills make sense.  Doesn't everyone want to protect against counterfeit goods and fight cybercrime?  The answer is yes, everyone wants the ability to fight crime better.  However, what a lot of companies did not like about the laws was they were holding the website accountable when users posted content that they should not meaning they would take the website offline if users violated copyright laws.  This would make it very challenging for companies like Hulu or YouTube to manage their content which is user-provided.

Now enters CISPA, which stands for the Cybersecurity Intelligence Sharing and Protection Act and was introduced November 2011 in the House.  The bill’s co sponsors are Rep. Mike Rodgers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.).  According to Mike Rodgers’ website, “H.R. 3523, the Cyber Intelligence Sharing and Protection Act, safeguards U.S. jobs by making it easier to identify and combat cyber threats, which steal over $200 billion in American intellectual property every year.”   The core goal of CISPA is to encourage better and more frequent information sharing.  As most of those in law enforcement and the security industry will tell you, the key to fighting cybercrime is to share the details.  Think of your neighborhood watch program.  By learning about other crimes in the neighborhood, how the criminals got away with their misdeeds, and other important details about the cases helps you be more aware and gives you advice on how to better protect your personal residence.  CISPA creates that same element of a neighborhood watch program.  Information sharing about cybercrimes by the victimized businesses in today’s environment has been an ongoing challenge.  Many businesses are reluctant to be public about being a victim.  Some businesses believe it could spook their customers and cost them future business.  Others think that by showing public weakness that it makes them a target for other attackers.  CISPA hopes to allay these concerns by providing businesses a level of anonymity in reporting.  It also has the backing of industry giants such as Microsoft, AT&T, Time Warner Cable and Facebook.  The Guardian reported last week that 112 members of Congress are supporting the bill. 

The bill begins with, “To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.”  So far so good, so where is the battle with privacy?  Privacy advocates and security experts want better information sharing.  The bill goes on to say, “IN GENERAL.—The Director of National Intelligence shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and to encourage the sharing of such intelligence.” Read further and the language gets a little vague creating discomfort about how privacy will be protected.
 “CYBER THREAT INTELLIGENCE.—The term ‘cyber threat intelligence’ means information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from—‘‘(A) efforts to degrade, disrupt, or destroy such system or network; or ‘‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”  Privacy advocates are concerned with the vagueness found in this part and other subsequent parts of the bill.  It appears that in order to track down the “bad guys” all traffic might be monitored.  That means the innocent would be monitored in order to track down the path of the alleged and the guilty.  As organizations and individuals speak up about the monitoring and tracking, Rogers and Ruppersberger have made adjustments to the bill.  It’s not too late to have your voice heard.  Read the bill for yourself, it is brief compared to other bills. Then decide your point of view.  We would love to hear all opinions on this bill.  You can find the bill at the House of Representatives page under:  http://intelligence.house.gov/hr-3523-bill-and-amendments
 

Theresa is also the co-author of the new book “Protecting Your Internet Identity: Are You Naked Online?” available in bookstores, libraries, and online at Amazon, Barnes and Noble, Books A Million and Google Play.

The Fight Against Spam Might Get a Little Easier!

Webnotes taken by: Theresa Payton, Fortalice LLC. Content also featured on WBTV’s Protecting Your Cyberturf Segment featuring Kristen Miranda and Theresa Payton

The fight against spam might get a little easier and isn’t that great news?  Facebook recently announced they were ramping up their efforts to stop spammers by creating the “Antivirus Marketplace”.  The service will provide a free six month license to anti virus software.  And who doesn’t love free?  


Companies like McAfee, Symantec, Microsoft and others are teaming with Facebook to offer free access to anti virus software.  Not only that, Facebook is launching a security blog to provide tips and information on how to better protect your accounts.  Cyber expert, Theresa Payton, explains this good news.


Criminals go where the action is.  Facebook has over 900 million active users so cybercriminals love to push their malware, spam, and other misdeeds via Facebook.


HOW THE NEW FACEBOOK FEATURES HELP:
1.  6 months free antivirus
2.  Security blog with tips and information
3.  Facebook and 5 other companies (McAfee, Microsoft, Sophos, Symantec, TrendMicro) will create a blacklist of the spam originators to help block out the bad guys


WORD FOR THE WEEK:  BLACKLIST or WHITELIST
It’s a term used to help filter out the bad guys on the internet.  When a company like Facebook or McAfee create a “blackllist” - they simply will not allow any traffic from these addresses in.  When they create a “whitelist”, this list only lets you talk to a short list of specific addresses known to be safe.


WEB RESOURCES
For information on these free services and more, go to the Facebook Security page at https://www.facebook.com/security .  You will also find more Facebook news about Safety at:  https://www.facebook.com/fbsafety


Free Antivirus Tools:
Sophos (for the Mac):  www.sophos.com/freemacav
McAfee:  http://home.mcafee.com/store/free-antivirus-trials
Microsoft:  http://windows.microsoft.com/en-US/windows/products/security-essentials
Symantec:  http://security.symantec.com/sscv6/WelcomePage.asp
TrendMicro:  http://housecall.trendmicro.com/

When You Use Pinterest, Make Sure the Spammers Aren’t Pinning You.

Webnotes taken by: Theresa Payton, Fortalice LLC. Content also featured on WBTV’s Protecting Your Cyberturf Segment featuring Kristen Miranda and Theresa Payton

I received inquiries recently about spam and other suspicious activity on the fun social networking site of interests called “Pinterest”.   People were complaining to about obvious spam and pins with strange links.  Consumer reporter, Kristen Miranda, is with us tonight to explain.  

We all know that when a site gets popular the bad guys flock there.  Well, Pinterest is very popular...some say downright addictive...which means the spammers and scammers are moving in.  One spammer said during an interview that he is making $1000 a day on Pinterest just sending out spam.  But you don’t have to get pinned down by the spammers and scanners.  WBTV’s cyber expert Theresa Payton has some tips.


HOW IT WORKS:
1.  Spammers may create a pin on a popular topic and then tag your name in the message
2.  This tag might get you or your friends to click on a link in the pin which then serves up spam or leads them to a malicious software site

HOW TO PROTECT YOURSELF:
1.  Research: If you get an email notice that someone is following you, do your research and look at their pins on their board
2.  Ratio of Following to Followers:  Look for telltale signs like they have very few followers but they are only following a few people
3.  Mismatched Topics:  Does the board title match the pins?  
4.  Report it!:  Use the “Report Pin” button on Pinterest to report spam or anything suspicious
5.  Pinterest.com is the only Pinterest website:  Don’t trust other variations of the website name

WORD OF THE WEEK:
FLASHBACK TROJAN:  this is the name of the recent virus infecting Macs.  You can fight back against Flashback by making sure you have updated your Mac’s operating system to the latest version.  F-Secure has instructions on how to see if you have the virus and on how to remove it.

WEB RESOURCES:

Pinterest Support Page to Report Problems:
https://pinterest.zendesk.com/home

Pinterest Blog Post on How to Avoid Spam:
http://blog.pinterest.com/post/21069528666/addressing-spam-on-pinterest

Interview with the Pinterest spammer:  
http://www.dailydot.com/news/pinterest-steve-amazon-spammer-tells-all/

Flashback Trojan remove at F-Secure:
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml?cnn=yes

Another Question from America Now!

Content taken from America Now! (www.americanownews.com) which features Theresa Payton as a cyber expert.

Question: According to information constantly sent to my email address, pop-ups on Facebook and any site I log on, I won 1000 gift certificate from Walmart and 2 Ipads. However, they request long surveys and purchase of other product. Please advise, Iris

Answer: Iris, we're glad you asked about this.  Sometimes it’s hard to separate winning legitimate prizes from the fakes.  Here are a few tips:  (1) If you never do business with them, odds are you are not a "winner" (2) Legitimate "wins" do not involve pop-up windows with surveys (3) a great way to test for a scam is to type in something like "Walmart", "1000", "gift card", "scam" to see if you get any hits - chances are you will.  (4) If you are a victim of one of these scams, you need to have your machine cleared of all viruses and you should file a police report and an internet fraud report at WWW.FTC.GOV.  (5)  To keep up with the latest scams, check in with the experts such as Facecrooks on Facebook or try www.scambusters.org/.

America Now! Question from Claire...

Question and response taken from America Now! (www.americanownews.com) for which Theresa Payton is a cyber expert.

Question: I know that there are devices out there that allow you to stream video to your computer or TV. My question is how do you access that information and what devices do you recommend? I do know about netflix and Hulu, but I don't know how? Sincerely, Claire

Answer:

I have some great news and some bad news - you have a lot of options!  So many in fact, this can be confusing.  We have highlighted just a few of the options out there that might work well for you.  

1.  Wi-Fi:  There is a device called a Roku.  This sleek and small device has built in wi-fi and will work with your TV remote or most smart phones.  You can stream Netflix, Amazon movies, Hulu Plus and most other web channels.  If you are an Apple fan though, there might be alternative you will like better.  

2. Device Cradle:  One option is a cradle that you can link into your audio system that allows you to connect your Apple device and play audio and video via your system. This is a little trickier to tune so not for the "do it yourself" crowd.  

3.  Put Your Gaming System to work!:  Do you have a gamer in your life?  The PS3 does more than play games, you can stream Hulu, Netflix and many other channels via the PS3 to your TV and you can also play your music collection.  

4.  Cheaper option (if you don't mind cables):  If you don't mind a few wires, you can plug an HDMI cable and connect your computer directly to the TV and then follow your user manual to switch the computer display to the TV.

"Concerned Consumer" Speaking engagement March 2012

Visit our site to check out a video of Theresa Payton speaking at a “concerned consumer” event in Charlotte in March 2012. The video can be viewed here: http://fortalicesolutions.com/newsevents/video. Produced by stealthawareness.com.

You can also check out the audio from the follow-up Q&A session here: http://fileshar.es/Ho95JsY

Blaze Advertorial!

Check out our advertorial that started running in the Blaze today: http://www.theblaze.com/advertorial/are-you-naked-online-protect-yourself-your-kids-and-your-company/.

Washington DC Executive Briefing Re-Cap

Theresa recently visited both Dallas, Texas and Washington D.C. to present as a keynote speaker for EIQ networks executive briefings.  Ms. Payton spoke about the issues facing Federal security professionals in their battle to protect critical infrastructure and sensitive data.  To check out highlights from Theresa's discussion at EIQ networks Executive Briefing in March 2012, visit:

http://t.co/dAD5kkiw 

Really? An enemies app??

Webnotes by: Theresa Payton, Fortalice, LLC. Content also featured on WBTV's segment, Protecting Your Cyberturf, featuring Kristen Miranda and Theresa Payton.  

 

We were all taught that if you can’t say anything nice, don’t say anything at all.  So imagine our surprise when we found out that there is a free app on Facebook so you can publicly name your enemies and give shout outs online as to who they are and why.  We don’t think this is a good idea at all.  

It is real and hard to imagine.  The app is called EnemyGraph.com.  It’s free and it lets you name your enemies on Facebook.  You can even define someone as an archenemy!  The creator said that they created this app because people can bond together based on things they dislike such as a politician, a wayward celebrity, or a food.  But WBTV’s cyber expert is concerned that this creates a new glorified form of bullying or organized hate and she’s given us a warning.

HOW IT WORKS:
1.  EnemyGraph is free and easy to install
2.  Within minutes you can name your enemies
3.  You can trend enemies - as of this show the top 3 enemies were:  Justin Bieber, Rick Santorum,  and Westboro Baptist Church
4.  EnemyGraph says they feel they have stop gaps in place:  you have to be friends with the profile, you have to have the app installed, and you have to be “generally famous” but one person with only 59 likes showed up temporarily as #5 with only 4 enemies listing him.  That hardly seems “generally famous”

WHAT’S THE PROBLEM?
1.  For starters, mistaken identity and naming someone the wrong person!
example:  the Justin Bieber “top enemy” listed on the site, when you click on it, the site even says, “I’m not the real Justin Bieber, I’m just a fan” and his Facebook profile was chosen as an enemy!
2.  Concern for kids using this app and creating a glorified form of cyberbullying - even if only directed at “generally famous” people does not send a good message
3.  Digital is forever - why would you want your dislikes posted and a record created of all those dislikes?
4.  Anyone can go to the EnemyGraph.com site to see the trending enemies without every installing the app so its very public

WORD OF THE WEEK:
FLIXEL:  think of it as a flying or moving pixel in a picture.  It’s a new iphone app that lets you take a still picture, and then chose something that you want to animate.  For example a still picture with a bird in the background caught midflight could be altered to show the bird moving while the rest of the picture stands still.


WEB RESOURCES:

If you are curious about EnemyGraph or the trending topics go to www.EnemyGraph.com

If you or a loved one are a victim of Facebook abuse from bullying to identity theft, go immediately to this link in Facebook for assistance:   https://www.facebook.com/help/?faq=212722115425932

Online Dating Hazards

Webnotes by: Theresa Payton, Fortalice, LLC.  Content also featured on WBTV's segment, Protecting Your Cyberturf, featuring Kristen Miranda and Theresa Payton. 

 

Match.com claims that 1 in 5 relationships start online.  We all have busy lives so for those of you that are single, it’s harder and harder to meet people to date.  We have talked to you before about precautions you should take when you meet people online but it’s not just the websites -- it’s the new technology people are using.  The dating scene has moved to cell phone apps that use your GPS location at that very moment to suggest other singles at your location that are also looking to meet people.  It sounds ideal doesn’t it?  Sort of just in time dating opportunities?  But  cyber expert, Theresa Payton, is here to warn you how to use technology to your advantage without being taken advantage of!


BAD IDEA:
1.  If someone uses this app long enough, they may see you on there several times which means a stranger knows your favorite places and where you hang out
2. Nothing is ever “private” on the internet so photos, GPS locations, and other dating information is just another hunting ground for stalkers

SAFE DATING:
1.  Stay away from sharing GPS location and pictures of yourself at your favorite places
2.  Use only trusted dating sites that do some background checks and screening
3.  Drive your own vehicle to the date and let a friend or loved one know where you will be and have a proposed “check in” time with them to let them know you are home safely
4.  You can use these services to see who is available without identifying yourself as available so that might be another option - just make sure you screen people first because the old school rule, “Don’t talk to strangers!” always applies.

WORD OF THE WEEK:
INSTAGRAM:  a fun way to take a photo and transform its look and feel before you send it to friends or post it to Facebook.  

      
WEB RESOURCES:

Safety online dating tips and how to report problems can be found at the National Sexual Violence Resource Center at http://www.nsvrc.org

You can find the free app Instagram at http://instagr.am/