Nelsonecom's Netbits » Internet Security

Sharing Tools Spur Privacy Concerns

lorenn — Mon, 18 Jul 2011 07:17:23 +0000

The core problem: anyone can introduce a social media app that ties directly into Facebook, Twitter, Foursquare and other popular services designed primarily to profile and track consumers to better sell advertising, says Craig Spiezle, executive director of the non-profit advocacy group, Online Trust Alliance.

There is little stopping application developers from “combining and appending” personal data extracted from multiple sources. The goal: amass profiles of users’ online behavior and preferences for advertisers. “Individually these may appear to be like a few pixels of a photo, but when combined can provide a comprehensive mosaic of a user,” says Spiezle.

You download a social media app when you click a Facebook “like” button embedded on a friend’s blog, participate in an online poll, or try out a new wordplay game, says Michael Fertik, CEO of privacy services firm Reputation.com

Perhaps Consumers Don’t Care About “Do Not Track” After All

lorenn — Tue, 26 Apr 2011 07:04:54 +0000

Jules Polonetsky, founder of the Future of Privacy Forum think tank, disclosed the surprising news that less than 1% of Firefox 4 users have adopted the Do Not Track option. Polonetsky came up with that figure by doing his own number crunching based on data from two ad networks that he didn’t name, PaidContent.org reports.

It is possible that consumers don’t realize the feature is available – or perhaps feel it is a waste of time. PaidContent also notes that no major ad networks are responding to DNT other than monitoring how many times the signal hits their ad server.

Another possibility: could consumers not care as much as privacy advocates and Congress about all this? Possibly, if a Washington Post blog is any guide to conventional sentiment. The post, which pooh pooh’ed the furor over the smartphone tracking issue notes that most people want to be catered to by retailers – and that usually means the retailer must know the consumer and his or her likes and dislikes.

New Big Brother – Apple

lorenn — Fri, 22 Apr 2011 17:35:01 +0000

Lawmakers want answers from Apple after a report was published this week that showed that iPhones and iPads track and store users’ location information.

The researchers discovered that the iOS version 4 software for the iPad and iPhone creates a log file of where users have been, based on time stamps and location information. The information is stored locally on the devices without any encryption and it’s transferred via iTunes to computers that these devices are synced to.

Threats Jumped in 2010

lorenn — Thu, 21 Apr 2011 07:08:07 +0000

Last year saw a daily average of 1000 new compromised sites, according to a newly released 2010 Threats Roundup report by Trend Micro.

The threat landscape was bad in 2010 and Trend Micro, a global provider of network antivirus and Internet content security software and services, says we should bear in mind the lessons learned from 2010 even as we enter the second quarter of 2011. (See also Cybersecurity Quiz: Know Your Threats.”)

The company especially notes the recent Epsilon breach that has impacted many businesses and consumers.

Epsilon, a large permission-based e-mail marketing provider, had a tough time earlier this month as a number of major brands suffered due to this breach.

This is not a lone case and there was a long list of victims in 2010 due to infamous Acai Berry diet pill-selling sites, KOOBFACE e-mails on Facebook, and so on.

Tips and advice

Those looking to protect themselves may want to follow the tips and advice provided by Trend Micro that are part of a blog posting by its director for security research and communications for Europe, the Middle East and Africa (EMEA), Rik Ferguson.
According to Ferguson, businesses should encrypt all sensitive data, make sure that their firewall, intrusion prevention system (IPS), and intrusion detection system (IDS) protect each virtual machine (VM) separately.
Businesses should only decrypt data within the secure container they established for their virtual machines and ensure they are in control of their encryption keys.
Small and medium-sized enterprises should use effective solutions to protect their business, standardise company communications and let their customers know about their e-mail and website policies.
End-users should keep their PC current with the latest software updates and patches, beware of unexpected or strange-looking e-mail and instant messages regardless of sender and beware of Web pages requiring software installation.

Lower Your Chances of Debit Card Fraud

lorenn — Mon, 24 Jan 2011 07:39:01 +0000

Avoiding Fraud

There are many ways you can become a victim of debit card fraud, but it’s a lot easier online. While it helps to be aware of common scams, you can’t be on top of everything at all times. Despite your best efforts, being a victim of fraud is still a possibility. If you can’t use a credit card in place of your debit card when shopping online, check with your bank to see if disposable/virtual credit cards are available to you. If you’re not familiar, these are basically single-use numbers, often with set limits, that expire after use. While these virtual, disposable numbers may work the same as your debit card and withdraw money immediately, you don’t have to worry about someone else finding that number, using it, and draining your bank account.

When you’re out making purchases in the real world, there are still a number of risks. For example, many businesses—particularly restaurants—still print credit and debit card receipts with your entire number on them. This is particularly bad because your number is exposed to anyone who sees that receipt. Check your receipts when you make purchases to ensure the full number is not included. If it is, use the pen you’re signing with to black out all but the first or last four numbers of your card.

In the event your card is lost or stolen, you need to be prepared to handle the situation as quickly as possible (we’ll discuss why shortly). Be prepared to call your bank and the credit processor (VISA, Mastercard, AMEX, Discover, etc.). It’s best if you compile the necessary information, such as numbers you’ll need to call and information you’ll need to provide. Once you do, print it out and keep it somewhere handy or save it in an application like Evernote or Simplenote so you have it easily available on your smartphone or computer. If you’re still using a regular cellphone, most have a notes feature where you can store small amounts of text, so it may help to keep the information there as well. If not, you can always store important numbers in your phone’s address book, assigning the business name as the first name and something like CARDFRAUD for the surname. This will keep the numbers together and easily accessible in case of a problem. Generally the numbers you’ll need will be on the back of your card, but to help you out here are guides for VISA, MasterCard, and American Express.

Fraud Protection Dissolves with Time

If a fraudulent charge of any kind may have been made to your debit card, you’re generally pretty well protected. While banks only have to cover resulting damages past $500 on your credit card, many offer better protection ($50, and sometimes less) as an incentive. Be sure to check with your bank to know how protected you really are in the event someone steals and uses your debit card. If debit card fraud could cost you quite a bit, it may be time to find a new bank.

Even if you are well-protected by your bank, they’ll only help you out for so long. Good protection may be contingent on your reporting possible fraud within 48 hours, and your bank is not required to help you at all 60 days after receiving your monthly statement. Again, be sure to call and find out your bank’s specific policies, but the important takeaway is this: check the charges on your account regularly and call your bank if something is unfamiliar. It may not be fraud and it may just be a charge you’d forgotten about, but you’re protecting yourself simply by calling to ask about it. Often times your bank can help you get more information on the charge and figure out what it is. You’re better safe than sorry in this situation, since all you’re doing is spending a few extra minutes on the phone. If waiting on hold sounds horribly tedious, consider using a tool like LucyPhone to avoid waiting on hold altogether.

Even if it isn’t necessarily fraud, it’s always worth double-checking your statement because sometimes you can get overcharged by small amounts. Sometimes tips on restaurant bills get misread (or intentionally increased), companies accidentally process certain transactions twice, or the cashier forgot to close out the previous transaction and it got added to your bill by accident. You should get into the habit of checking your statements regularly to help avoid these more common issues as well.

Effectively Erasing Files

Nelsonecom — Sat, 08 Jan 2011 07:30:44 +0000

Before selling or discarding an old computer, or throwing away a diskor CD, you naturally make sure that you’ve copied all of the files you need. You’ve probably also attempted to delete your personal files so that other people aren’t able to access them. However, unless you have taken the proper steps to make sure the hard drive, disk, or CD is erased, people may still be able to resurrect those files.

Where do deleted files go?

When you delete a file, depending on your operating system and your settings, it may be transferred to your trash or recycle bin. This “holding area” essentially protects you from yourself–if you accidentally delete a file, you can easily restore it. However, you may have experienced the panic that results from emptying the trash bin prematurely or having a file seem to disappear on its own. The good news is that even though it may be difficult to locate, the file is probably still somewhere on your machine. The bad news is that even though you think you’ve deleted a file, an attacker or other unauthorized person may be able to retrieve it.

What are the risks?

Depending on what kind of information an attacker can find, he or she may be able to use it maliciously. You may become a victim of identity theft. Another possibility is that the information could be used in a social engineering attack. Attackers may use information they find about you or an organization you’re affiliated with to appear to be legitimate and gain access to sensitive data.

Can you erase files by reformatting?

Reformatting your hard drive or CD may superficially delete the files, but the information is still buried somewhere. Unless those areas of the disk are effectively overwritten with new content, it is still possible that knowledgeable attackers may be able to access the information.

How can you be sure that your information is completely erased?

Some people use extreme measures to make sure their information is destroyed, but these measures can be dangerous and may not be completely successful. Your best option is to investigate software programs and hardware devices that claim to erase your hard drive or CD. Even so, these programs and devices have varying levels of effectiveness. When choosing a software program to perform this task, look for the following characteristics:

data is written multiple times – It is important to make sure that not only is the information erased, but new data is written over it. By adding multiple layers of data, the program makes it difficult for an attacker to “peel away” the new layer. Three to seven passes is fairly standard and should be sufficient.
use of random data – Using random data instead of easily identifiable patterns makes it harder for attackers to determine the pattern and discover the original information underneath.
use of zeros in the final layer – Regardless of how many times the program overwrites the data, look for programs that use all zeros in the last layer. This adds an additional level of security.

Net Neutrality. Do you know what it’ll cost you?

Nelsonecom — Mon, 27 Dec 2010 07:22:33 +0000

How about paying your access to the internet bases on usage? How many minutes you use. What you are accessing, downloading, or watching?

The FCC just put the first stones in place for the path which is leading us there in the very near future.

If you like big government, you’ll be cheering; if you feel that government likes to take small bites at first, leading to a whole meal, you are hiding your food right now.

Beware Reset Password Spoof Email

Nelsonecom — Wed, 28 Jul 2010 06:06:17 +0000

Subject: Reset your [your-domain] password

Hello, [your-domain].

We received your request to reset your [your-domain] password. To confirm your request and reset your password, follow the instructions below. Confirming your request helps prevent unauthorized access to your account.

If you didn’t request that your password be reset, please follow the instructions below to cancel your request.

CONFIRM REQUEST AND RESET PASSWORD

Click on the following web address:

[URL appears real from a spoof - These links go to a phising site in hopes of gathering information about you, your connection, and computer(s).]

CANCEL PASSWORD RESET

Click on the following web address:

[URL appears real from a spoof - These links go to a phising site in hopes of gathering information about you, your connection, and computer(s).]

Thank you,

[your-domain] Team

How Anonymous Are You?

Nelsonecom — Fri, 11 Jun 2010 17:46:33 +0000

When you visit a website, a certain amount of information is automatically sent to the site. This information may include the following:

IP address – Each computer on the internet is assigned a specific. You can determine your computer’s IP address at any given time by visiting www.showmyip.com.

Domain name – The internet is divided into domains, and every user’s account is associated with one of those domains.
Software details – It may be possible for an organization to determine which browser, including the version, that you used to access its site.
Page visits – Information about which pages you visited, how long you stayed on a given page, and whether you came to the site from a search engine.

How can you limit the amount of information collected about you?

Be careful supplying personal information – Unless you trust a site, don’t give your address, password, or credit card information.
Limit cookies – If an attacker can access your computer, he or she may be able to find personal data stored in cookies.
Browse safely – Be careful which websites you visit; if it seems suspicious, leave the site.

Worst Enemy for Online Privacy

Nelsonecom — Fri, 21 May 2010 04:38:29 +0000

Facebook is still not the biggest threat to online privacy–you are. A study by Consumer Reports illustrates that users are really their own worst enemy when it comes to online privacy.

An estimated 5.4 million online consumers submitted personal information to e-mail (phishing) scammers during the past two years.

Among adult social network users, 38 percent had posted their full birth date, including year. Forty-five percent of those with children had posted their children’s photos. And 8% had posted their own street address.

More importantly, users should be educated to raise awareness that seemingly innocuous information shared on the Web can still compromise security. For example, if you post on Facebook that you’re astrology sign is Virgo, then you send out a Tweet about how you were born the same year that JFK was assassinated, then share a comment online that 28 is your lucky number because it’s the date of your birthday, it is possible to combine all of those tidbits and derive that your birth date is August 28, 1963.