Friday, January 25, 2013

Stop that thief! ...Or at least send me a pic and geocodes!


Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's "Protecting Your Cyberturf" segment featuring Theresa Payton and Kristen Miranda.

It’s happened to all of us.  You misplace that phone.  Often it’s just in a weird spot at home or work.  But sometimes it’s really in someone else’s hands.  You can use a location service but often that’s not enough to get your phone back.  But some ingenious app developers have gone a step further to stop would be thieves from running off with phones permanently.  

The good guys are at it again and came up with an idea - what if the phone took a picture of someone trying to unlock the code and emailed the owner with the geographic location and a pictures of the would be thief?  Well that idea is a reality and it’s been helping owners reunite with their phones.  Cyber expert, Theresa Payton, explains how it works and why you just might want an app for that!


The great thing about these apps is they are low cost and if you get an email with a picture of your dog or toddler you will know who the digital thief is.  But what about when it’s not at home or at work and is really lost?

Well, if a do-gooder or even would be thief tries to unlock  your phone, there are apps out there that will:
1.  Take a picture
2.  Grab the geographic location
3.  Send an email to a predetermined email address to notify you

There are not a lot of apps like this out there but you do have a few to choose from. 

WORD OF THE WEEK:
CATFISHING - the technique of hiding behind a photo and persona that is not yours in an attempt to meet people on social media sites.  This was the technique used recently in the internet dating hoax that Manti Te’o was caught up in.  There is even an MTV show called Catfish that seeks to uncover the real people from the fakes in a reality TV show.


Theresa has posted resources for you on the WBTV dot com’s Protecting YOur Cyberturf page.


APPS YOU MAY WANT TO TRY:
iGotYa

Best Phone Security Pro By RV AppStudios LLC

Lookout - By Lookout, Inc.

Norton Anti-Theft
Gotcha Pro Alarm System

Thief Face Trap Mini 

GadgetTrak (also available for Mac laptops!) 

Ready or not, the reveal is on. Facebook search.


Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's "Protecting Your Cyberturf" segment featuring Theresa Payton and Kristen Miranda.

Ready or not, the reveal is on and we hope your ready.  If you have listened to our warnings in the past regarding cleaning up your profile on Facebook, you might be okay.  But everyone needs to listen up about a new Facebook feature coming soon called “Facebook Search”.  

The new Facebook search called “Graph Search” has started to roll out and if you aren’t already concerned about your privacy or that of your loved ones, we hope this will get your attention.  CEO Mark Zuckerberg said this could evolve into a “dating service” of sorts but not to worry because this new feature was built to be "privacy aware”.  Sok in Facebook terms, what does that really mean?  Cyber expert, Theresa Payton, is concerned and issues a warning tonight for our viewers.

HOW IT WORKS:
1.  Very inclusive search:
Graph Search will find things that you like and search across your network of friends, friends of friends and more.  

2.  No “Opt Out” features
There Is No Way to Opt “Out” of Graph Search

3.  Private Information Is Kind of Private
Just remember that Facebook can always access data you post, even marked private or “just friends”

However, by limiting what you share, that will help limit what Graph Search will find.  If you mark a post as share with “just friends” then only your “friends” will find it using a Graph Search.

A photo of you in someone else’s Timeline will show up in a Graph Search

You can “untag photos” or ask your friend to take the photo down 

4.  You are for sale
Expect Graph Search Searches to be Stored / Sold / Mined for data

Just as Google search or Amazon searches help marketing departments anticipate what people are looking for, expect Facebook to capitalize on this functionality.


HOW TO PROTECT YOURSELF
1.  Privacy settings for EVERY post
2.  Clean up your profile and timeline
The only way to protect yourself from this is to go through your profile and find out what groups you’re in. See something you might not want the whole world to know about? Delete it! The same goes for photos, videos, and any other aspect of your profile.
3.  Delete from the Activity Log not just Timeline


WORD OF THE WEEK:
GOZI
The virus, Gozi.  According to experts, this virus infected at least 1 million computers worldwide & stole tens of millions of dollars by stealing log in credentials.  The virus was found in the banking industry and was even spotted on some NASA computers. 

Monday, January 14, 2013

EMERGENCY NOTIFICATION: JAVA EXPLOIT 1/14 STEPS TO TAKE



ACTION REQUIRED:
Please update all internet browsers and operating systems today and for the remainder of the week to insure you have the latest patch for Java on your systems.

If you have developers, they can download the Java patch at:  http://www.oracle.com/technetwork/java/javase/downloads/index.html 

BACKGROUND:
The Java flaw announced over the weekend has been fixed according to Oracle, the current owner of Java.
The patch should be released later today but until you have the patch, you are not safe.

This fix followed warnings from the Department of Homeland Security which asked computer users to disable the software completely.

Please note, although Oracle indicated this bug only applied to Java 7, which is the latest release, because you cannot be certain the flaw is only in that version, please update everything.

HOW IT WORKED:
The vulnerability allowed attackers to execute code without your knowledge.  This code would allow them to potentially drive you to other infected sites behind the scenes, steal your logins, and other information.

WHO FOUND IT?
The vulnerability was found by "Kafeine", a security researcher.  Kafeine sounded the alarm on Thursday and DHS issued it's warning Friday and Saturday.

DO I USE JAVA AT HOME OR WORK?
Probably yes.  The Java problem was widespread and impacted Windows, Apple, and Linux machines.  

Java is one of the most popular programming tools.  According to some estimates, it runs on over 850 million computers around the globe.

IS THIS JAVA'S FIRST ISSUE?
This is not Java's first run in with cybercriminals.  Apple aficionados were stunned to learn last April that cybercriminals hacked a Java vulnerability to infect 500,000 million Apple computers.  It was the largest attack known to date on Apple computers.

According to security researchers at Kaspersky, 50% of last year's cyber attacks involved cybercriminals using bugs in Java to carry out their activities.   

Until you can download the patch, you should turn off Java in your browser.

HOW CAN I TURN OFF JAVA FOR THIS ISSUE OR FUTURE ISSUES?

It's easy and takes less than 5 minutes.  Some of your websites may not function the way you are used to using them after Java is disabled but that's a better alternative than having your computer hijacked.

Chrome

Type "chrome://plugins" into your address bar. 
Choose Java "Java" and click below it where it says "Disable" in blue. 
Close your browser completely.
Open again

Safari

Choose "Safari" and then "Preferences" on the taskbar 
Choose "Security" 
Click on "Enable Java" (so that the box is unchecked)
Close your browser completely
Open again

Less than Internet Explorer 8, you are crazy.  Go update your Internet Explorer now!

Internet Explorer 8,9, and 10

Go to the "Tools" menu and choose the "Manage Add-ons." 
Look at the left and select "Show:" then "All Add-ons." 
Keep scrolling down under the groups looking for "Oracle"
You want to disable everything under Oracle by clicking on the box / diable button
Close your browser
Open again

Firefox

Go to the "Tools" menu and select "Add-ons" 
Choose the "Plug-ins". 
Scroll the list on the right-hand side of the screen - you are looking for  Java 
Click the "Disable" button on the right. 
Close your browser
Open again

Thursday, January 10, 2013

SNOOP ON YOURSELF. THINK LIKE A PRIVATE EYE.


Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's "Protecting Your Cyberturf" segment featuring Kristen Miranda and Theresa Payton.


You may have Google searched yourself because we told you to.  Maybe you like the search results, maybe you didn’t but you did something about it and now you feel like you’re okay.  Your digital image looks good and your safe.  Cyber expert, Theresa Payton, says that’s not enough anymore but she provided us with a tip that sounds fun - think like a Private I!


Thinking like a Private Investigator and truly snooping on yourself is more than a Google search these days.  The good news is, it’s not hard, it only takes an hour or less of your time the first time you do it and then once you have it set up the way you like it, you can check it monthly or a frequency that you feel comfortable with.   Theresa says, everyone is looking at you online and using automated tools to search deep into the web’s nooks and crannies.  Get there before they do by being your own Private I and spy on yourself!  

IN 60 MINUTES OR LESS

START BY DOING A THOROUGH SEARCH OF YOURSELF:

1.  Look up your name using each of these sites:


2.  Set up alerts to track yourself:

3.  Do a background check if you wonder if a past blemish will haunt you:
www.PeopleSmart.com will do a free background check in the database and then you pay for the data you want to see about yourself

GO INTO MAINTENANCE MODE AND IT’LL TAKE YOU MINUTES TO MAINTAIN!

Check out some of the free tools that will help you manage our reputation online.
Free Reputation Check Tools:


3 TIPS TO TAKE CONTROL OF YOUR BRAND - YOUR NAME!
After you do your search and make sure what’s online about you is what you want people to see, then 
1.  Go to all the social and professional sites and set up a basic profile
2.  Grab a blog site in your name, even if you only post your resume there
3.  Run some of the reputation tools at least a few times a year, more frequently if you are an active internet user that posts information


RESOURCES:
Blog sites to try.   Go to the site and sign up using your name as the blog page.
Post your resume or something great about you.  Just remember to not post anything that could hinder your personal safety!

About.me 
Flavors.me 


WORD OF THE WEEK:
Cyberchondria: 80% of internet users have a bad habit of self diagnosing ailments online but when they become obsessive or anxious about it, it’s called cyberchondria.

Affordable ways to protect your family business and your personal life online


Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's "Protecting Your Cyberturf" segment featuring Kristen Miranda and Theresa Payton.

The “bad guys” go where the action is.  Your press release of a recent achievement, award, or expanding business catches their eye.  They surf the web looking for winners of contracts for government agencies or companies.  They actively track and profile companies, prominent political figures, celebrities, and people of financial wealth for ill-gotten gains.  They exploit weaknesses, not just in our technology protection, but also in our human nature.  And until now, most of us thought that it would cost a fortune to protect yourself or you’d have to hire your own resident geek.   

Cybercreeps and cybercriminals are experts at understanding what makes a person click on a link, open an attachment, or visit a particular website.  They target their victims by mimicking day to day tasks and trap them into letting them into their devices, computers and networks.  It used to be that if you put in place the best, leading edge technology that you could fortify your digital life for your company and your personal life and  then you were “safe”.  That is no longer the case.    Cyber expert, Theresa Payton, explains what you can do, even on a tiny budget, to have the digital security of the rich and famous...or maybe better!

THE PROBLEM:

The points of entry are increasingly sophisticated.  We have seen cybercriminals that use sophisticated spear phishing, a focused email scam, to target a specific person or entity.  We have also watched some cybercriminals hijack press releases of legitimate companies and convince you to click or download information.  Another set of cybercriminals are particularly expert at poisoning search engine results.  Cybercriminals are fond of using current news events to set their malicious software trap.  Any hot news topic, from the death of Morgan Freeman (who is not dead) to the exploits of Julian Assange at Wikileaks, presents perfect opportunities to poison search results.  

STAGGERING STATISTIC:
Google reported that 1.3% of their search results are infected.  So, if you get 100 potential hits for your search request, that means 1 of them could be a trap.  

4 LOW COST OR FREE TIPS:
So what can you do to protect your company’s digital assets and those of your family? 

1.  Educate your staff on the risks and the threats.  Just a conversation about a news headline helps with awareness.  

COST?  FREE!!!!  Go to www.OnGuardOnline.gov  for free internet safety games and then spend time talking about it.  An informed employee or family member is your best defense!

2.  Provide them with written guidelines such as "Never put customer data on a thumb drive" or "Ask someone else at the company before you click on a link in an email and give up company data".  COST?  FREE!!!!!  The FCC recently published a tool for Small Business Owners that you can use.  It’s quick and easy!  http://www.fcc.gov/cyberforsmallbiz .  The US Chamber of Commerce also provides helpful tips, tools, and information:  http://www.uschamber.com/issues/technology/internet-security-essentials-business 

3.  Practice a disaster - "Today, we found out that a cybercriminal made a copy of our customer data and is selling it online....what would we do in the next 60 minutes to recover?"  COST?  FREE!!!! Get free tips on what to think about and how to practice a digital disaster at:  http://fortalicesolutions.com/offer/ 

4.  Create a written policy about confidentiality of customer data and ask your employees to sign it annually.  The policy should include:
a.  not talking about customers by name or industry online or offline
b.  not sending customer data to personal email accounts
c.  whether or not it is okay to have customer data on portable media

COST?  LOW COST AND IN SOME CASES FREE!!  If you have a complex business or a celebrity in your family, the free tools may not be for you so you should consult with a firm that can help you develop good policies and procedures.  However, many companies and households can probably get by with the resources at www.OnGuardOnline.gov  to help you create “Do’s and Don’ts” that are best for your company and your household.  You can also use the FCC site to create a list that works well for you:  http://www.fcc.gov/cyberforsmallbiz  

DON’T FORGET ABOUT SOCIAL MEDIA
67% of people polled by Sophos, a software security company, said they had been spammed via social networking.  Facebook seems to have a scam story or survey regularly.  

57% of businesses polled by Sophos said they think their employees share too much online but they do not know how to teach them not to, or how to write policies that would enforce keeping company secrets a secret without encroaching on First Amendment rights.

FREE ANTIVIRUS TOOLS:
There are a variety of tools to choose from.  Make sure before you download a “free” tool that it is from a reputable company.  Some free tools that you may want to try are:


WORD OF THE WEEK:
SPLUNK:  It’s a favorite tool of cyber geeks - and there’s a free version too!  The tool creators named it after “Spelunking” which is the hobby of exploring caves.  They got the idea after customers told them that their tool was like a miner’s hat and helped them dig through caves of data to find out what their cyber security issue was.

You can get the free version of Splunk at http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W 

Thursday, January 3, 2013

Hot Cyber Topics of 2013...with WBT 1110AM

Fortalice leader Theresa Payton (@Fortalicellc) spoke with Bo Thompson (@BoRadio1) at WBT 1110am recently regarding some of the cyber hot topics of the New Year. Check out some highlights below!

I. A recent lawsuit looks at what rights you have to own your own social media profile
Highlights:
  • CEO finds out there is a LinkedIn profile that he DID NOT CREATE
  • He got it taken down, but LinkedIn will not tell him who created it without a "legal process" so he's going to court
To read more:



II. Use FourSquare? Your check-ins will be a lot less "private starting January 28th!
  • FourSquare check-ins currently show a user's first name and last initial
  • Starting January 28th, 2013 Check-ins will publicly display a user's full name
  • The only way to fix this is to edit your profile!
To read more: http://www.businessinsider.com/foursquare-privacy-policy-change-2012-12

III. Banks were told to expect more attacks. 
  • The warning was posted openly on paste bin at:
  •  http://pastebin.com/dwu47giH
  • The extremist group Izz ad-Din al-Qassam Cyber Fighters posted the warning on New Year's Day...
  • Quote at the end: "Rulers and officials of American banks must expect our massive attacks! From now on, none of the U.S. banks will be safe from our attacks."

IV. Make some New Year's Resolutions regarding safety and privacy online!
Some ideas you may want to consider:
  1. Go on an "Internet Cleanse"! Spend less time on sites like Facebook and more "face time" with people, be it in person or actually calling them on the phone
  2. De-germ and de-clutter: Clean your digital devices! Sanitize them, clean the keyboards, and give everything a really good wipe down. With all of the sickness going around this season, don't neglect this overlooked area!
  3.  Run a full back up of every device so you have a recent copy of all those photos, documents, and digital correspondence.
  4. Slim down who can see things about you! Check your privacy and security filters on all of your accounts. 
  5.  Lose more "weight" by deleting emails you no longer need!

V. Beware of opening "bikini notes" or "bikini screensavers"
  • Written in many languages, this scam is making the rounds!
  • When you open up "bikini.zip" and "bikini.scr" it installs a Trojan on your computer

VI. Kaspersky anti-virus provider makes the Wired.com's most dangerous people list?
  • He found major viruses around the globe that threatened critical infrastructure and has a popular anti-virus/anti-malware program
  • BUT Wired.com mentions their concerns over what they see as "chummy ties" to the FSB, the follow-up agency to the KGB
  • That leaves them to wonder what does he know and how does he know it...leading them to say that makes him dangerous
To read more: http://english.ruvr.ru/2012_12_22/Kaspersky-on-Wired-com-s-Most-Dangerous-People-in-the-World-List/