Tag Archive for Security

| March 13, 2012
2 comments

Detroit Safest Online City Again

Detroit Safest Online City AgainNorton, the anti-virus arm of Symantec (SYMC) teamed up with research firm Sperling’s BestPlaces to rank US cities based on a number of cybercrime risks and they found Detroit the safest online city for 2012. I wrote about Detroit’s 2011 ranking here.

DetroitBert Sperling, lead researcher for the analysis said, “By looking at data from consumer lifestyle habits as well as cybercrime data provided by Symantec, … we’re able to provide a holistic view of the various factors that put a person at potential risk.

The Huff Post reports that the study looked at the prevalence of Internet use in addition to the types of risks users face online. Consumer statistics include the number of PCs, use of smartphones, the use of social networks, e-commerce, and accessing potentially unsecured Wi-Fi hotspots. BestPlaces also looked at the following cybercrime data: bot-infected computers located within a specific city, attempted malware infections, spamming IP addresses found within a specific city, and web attacks originating within a specific city.

Wi=FiSymantec says Detroit had low scores in the number of Wi-Fi hotspots, potentially risky online consumer behavior, and PC expenditures. Other low-ranked cities include Tulsa and El Paso.

Users are at most risk for cybercrime in the following cities:

1. Washington
2. Seattle
3. San Francisco
4. Atlanta
5. Boston

SymantecWith the explosion of smartphones, tablets, and laptops in recent years, and the rise of apps and social networking sites, our online and offline lives are blending together in ways that we’ve never before experienced,” said Marian Merritt, Norton Internet Safety Advocate. “…this analysis highlights the potentially risky factors we face each time we go online. By taking a few simple precautions now, people can make sure they stay protected against online threats.”

Greg Donewar, manager of the National White Collar Crime Center told Huff Post,… over the past year, we’ve seen a considerable increase in cybercrime attacks, and whether a person lives in the riskiest online city or the safest, consumers everywhere need to be aware of the inherent dangers of online activity.

rb-

Forbes says that cyber-crime is a $37 billion crime that affects 1 in 25 Americans. Take these steps to protect yourself online:

Create better passwords. Avoid passwords like password, 123456, qwerty, abc123, or monkey, these are the top most common passwords (I have been writing about weak passwords for since 2010). Forbes says your first line of protection against cybercrime is to make sure all of your passwords follow these rules of thumb:

  • At least eight characters
  • A mix of these four types of characters: upper case letters, lower case letters, numbers, and special characters
  • Not a name, slang word, or any word in the dictionary
  • Don’t keep the same password; change it every six months
  • Have uniquely different passwords (not just slight variations of the same password) for every account and site

Monitor your financial accounts. If you shop online, use online banking, or have any personal or financial information available online, you are at risk of finance-related crimes like identity theft and fraud which Huff Post says costs the average victim $631 in out-of-pocket costs. Forbes says that one of the easiest ways to protect yourself is to monitor your credit to detect any red flags early. They recommend users set up spending limit alerts on credit cards and checking accounts to keep tabs on your balances. Automatically monitoring for suspicious activity and fraudulent accounts helps catch costly identity theft and fraud immediately.

Lockdown your smartphone. If you use your smartphone to shop, spend, socialize, and surf, your phone’s sensitive information essentially becomes a one-stop shop for cybercriminals. Forbes says if stolen or exposed to thieves, your smartphone can compromise your personal and financial information anytime and anywhere. Here’s a quick five-minute checklist from Forbes on how to properly secure your mobile phone:

  • Password-protect your phone with a complex and unique password, and set your phone so it auto-locks and never saves any passwords.
  • Enable a service with remote tracking. You can also set your phone to automatically wipe your data if your phone password is inputted incorrectly several times.
  • Turn Bluetooth off if you’re not using it. Thieves can pair their Bluetooth device with yours and hack personal information.
  • Be careful on public Wi-Fi networks where thieves can remotely access your data undetected. Only connect your phone to secure networks.
  • Before downloading any apps to your phone, always do a quick search to make sure it comes from a legitimate site or publisher. Check user reviews on sites like appWatchdog for complaints.
Related articles
  • Why you should password-protect your smartphone (ctv.ca)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| February 23, 2012
One comment

McAfee Labs 2012 Threat Predictions

McAfee Labs 2012 Threat PredictionsComputer security company McAfee unveiled its Threat Predictions report (PDF), outlining the top cybersecurity threats organizations and individuals are likely to face in 2012. McAfee, a wholly-owned subsidiary of Intel (INTC), says that for the most part, 2012 looks like it will look like 2011 only worse, with many of the recent threats gaining momentum. Here are the predictions:

Industrial Attacks:Industrial Attacks: Cyber-criminals will target Water, electricity, oil, and gas utilities. These are essential services to everyday lives, yet many industrial systems are not ready for cyber-attacks according to McAfee. Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed don’t have stringent security practices. McAfee predicts attackers will leverage this lack of preparedness with greater frequency, if only for blackmail or extortion in 2012.

Legalized Spam: McAfee Labs says global spam volumes have declined in the past two years. However, legitimate advertisers are picking up where the spammers left off using the same spamming techniques, such as purchasing third-party email lists or databases from companies going out of business. McAfee Labs expects to see this “legal” spam and the technique known as “snowshoe spamming” continue to grow at a faster rate than illegal phishing and confidence scams.

Mobile ThreatsMobile Threats: 2011 has seen the largest levels in mobile malware history, McAfee Labs expects that continue in 2012. They expect mobile attackers to improve on their skill set and move toward mobile banking attacks. Techniques previously dedicated for online banking, such as stealing from victims while they are still logged on while making it seem that transactions are coming from the legitimate user, will now target mobile banking users. McAfee Labs expects attackers will bypass PCs and go straight after mobile banking apps, as more and more users handle their finances on mobile devices.

Embedded Hardware: Embedded systems are designed for a specific control function within a larger system, and are commonly used in automotive, medical devices, GPS devices, routers, digital cameras, and printers. McAfee Labs expects to see proofs-of-concept codes exploiting embedded systems to become more effective in 2012 and beyond. This will require malware that attacks at the hardware layer and will enable attacks to gain greater control and keep up long-term access to the system and its data. Sophisticated hackers will then have complete control over hardware.

countries prove their cyber war capabilitiesCyberwar: Countries are vulnerable due to massive dependence on computer systems and a cyber-defense that primarily defends only government and military networks. Many countries realize the crippling potential of cyber attacks against critical infrastructures, such as water, gas, and power, and how difficult it is to defend against them. McAfee Labs expects to see countries prove their cyberwar capabilities in 2012, to send a message.

Rogue Certificates: Organizations and individuals tend to trust digitally signed certificates, however, recent threats such as Stuxnet and Duqu used rogue certificates to evade detection. McAfee Labs expects to see the production and circulation of fake rogue certificates increase in 2012. Wide-scale targeting of certificate authorities and the broader use of fraudulent digital certificates will affect key infrastructure, secure browsing and transactions as well as host-based technologies such as whitelisting and application control.

Legislative IssuesLegislative Issues: DNSSEC (Domain Name System Security Extensions) is designed to protect a client computer from inadvertently communicating with a host as a result of a man-in-the-middle attack. Governing bodies around the globe are taking a greater interest in establishing “rules of the road” for Internet traffic, and McAfee Labs expects to see more and more instances where legislative issues hamper future solutions.

Hacktivism: McAfee Labs predicts that in 2012 digital disruptions like Anonymous will join forces with physical demonstrators and will target public figures such as politicians, industry leaders, judges, and law enforcement, more than ever before.

Virtual CurrencyVirtual Currency: McAfee Labs expects cryptocurrency will be an attractive target for cybercriminals.  to see threats evolve to steal money from unsuspecting victims or to spread malware.

Hardware Attacks: McAfee Labs expects to see more effort put into hardware and firmware exploits to create persistent malware in network cards, hard drives, and even system BIOS (Basic Input Output System). and their related real-world attacks through 2012.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| February 16, 2012
Comments Off on Better Mobile Security

Better Mobile Security

Better Mobile SecuritySmartphone users should be concerned about mobile security. This is more true if the mobile device is used for work and has your employer’s email or messaging server. IT staff can take steps to protect the data on the mobile. Eric Geier, the founder of NoWiresSecurity writes provided CIO Update with 6 tips for better mobile device security.

Choose encryption and use itTip No. 1 – Choose a mobile OS that supports encryption and use it: Mr. Greer says to make sure the mobile operating system (OS) and device support hardware-based encryption. The article says Apple’s (AAPL) iOS and Research In Motion’s (RIMM) BlackBerry support encryption for both internal and external storage. Without encryption, it’s possible that someone could recover the data on the device even without your lock PIN or password.

Full device encryption is limited and varies on current Android device manufactures. Mr. Greer writes that Motorola Mobility’s (MSI) business-oriented smartphones offer encryption capabilities on Android 2.3. Android 3.x includes an API to help developers offer encryption on tablets. Android 4.x tablets and smartphones should support encryption sometime in 2012. WhisperCore is a third-party encryption solution that is in beta for Nexus S and Nexus One.

Set a lock PIN or password:Tip No. 2 – Set a lock PIN or password: The article says that enabling a password, whether it’s called a PIN, passcode, or passphrase, is the first line of defense in maintaining privacy and security. It helps prevent others from picking up your phone or device and snooping around if it becomes lost, stolen, or just left unattended. It’s also usually required if encryption is enabled on the device writes the author. A PIN will protect data and privacy from causal snoopers.

Tip No. 3 – Enable auto-wiping of data: Most mobile OSes support automatic wiping of the device’s data after a certain number of incorrect passwords attempts. Mr. Greer says auto-wiping is natively supported by iOS, Windows Phone 7, and BlackBerry. Android requires a third-party app, such as Autowipe.

It is important to keep all your data regularly backed up so the data can be restored to a new mobile after it is wiped.

Setup remote trackingTip No. 4 – Setup remote tracking and management: Before your phone or device gets misplaced or stolen the blog recommends that a remote tracking and management system should be set up. Most let you see the device’s GPS location on a map, send audible alerts to help you find it, and display a visual message to tell others how to return it. They typically also let you remotely lock and/or wipe it before someone else gets their hands on it. According to Mr. Greer:

  • For iOS 4.2 or later, Apple provides a free service.
  • For earlier iOS versions there’s the MobileMe service from Apple at $99 a year after the 60-day free trial.
  • For Android, you have to use a third-party app.
  • For Windows Phone 7 Microsoft provides the free Windows Live for Mobile service.
  • For BlackBerry, RIM provides the free BlackBerry Protect service.

Limit Wi-Fi hotspot usageTip No. 5 – Limit Wi-Fi hotspot usage: When you use public Wi-Fi hotspots that aren’t encrypted, all your Internet traffic is transmitted through the air and can be easily intercepted. The most important sites and services, such as banking websites, usually implement their own (HTTPS/SSL) encryption that protects their individual traffic. But most email providers and many social networking sites don’t; thus eavesdroppers can likely capture their passwords and traffic.

On the other hand, most 3G, 4G, and other cellular data connections are usually encrypted by the carriers. Plus eavesdropping on these types of connections isn’t as popular. Therefore, when you’re out and about you should try to use the data connection rather than unsecured Wi-Fi hotspots.

If you insist on using Wi-Fi hotspots, use those that offer enterprise encryption and 802.1X authentication, such as from T-Mobile and iBahn. Alternatively, consider using a VPN connection to secure your traffic from local eavesdroppers.

Use an antivirus or security app:Tip No. 6 – Use an antivirus or security app: Viruses, malware, and hacking on mobile devices is a growing problem. The author recommends installing a security app to help prevent infections and intrusions. Most AV solutions also offer other features, such as remote wiping, backup, and locating.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| February 14, 2012
Comments Off on Schools Riskiest for Computer Theft

Schools Riskiest for Computer Theft

Schools Riskiest for Computer TheftAbsolute Software Corporation (ABST), is a Vancouver, Canada-based computer security and end-point management firm. The company founded in 1993 provides firmware-based, computer theft recovery, data protection, and secure computer life-cycle management systems identified the top 10 target areas for the theft of mobile computers.

Absolute Software logoThe maker of LoJack for Laptops told ITnewsLink that the top 10 list reveals that consumer computers are more likely to be stolen while at school or home. The list is based on theft reports filed to the Absolute Theft Recovery Team by Absolute customers over a one-year period. With the holidays approaching, Absolute is warning that the risk of computers being stolen from the home is higher than what many consumers perceive.

“The trends in this list may surprise some computer owners. They often think of security issues only when they are on the move,” said Mark Grace, vice president of consumer business at Absolute Software. “However, with schools and residences topping the list of places computers are stolen, owners need to be extra cautious, particularly around the holidays when home burglaries often increase.

Top 10 Places Consumer Computers Are Stolen

Typing class1. K-12 Schools
2. Residential Properties
3. Automobiles
4. Businesses/Offices
5. Universities and Colleges
6. Hotels and Motels
7. Restaurants and Cafes
8. Stores and Shopping Malls
9. Public Transit (includes taxis, buses, trains, etc)
10. Airports (terminals, security checkpoints, storage areas and airport restaurants

rb-

The Absolute software offers several advantages. When a device is reported stolen a signal is sent that freezes the computer and displays a custom message for whoever finds it. In order to prevent identity theft unauthorized users cannot access the content on the computer, and even delete files, including the operating system. If a computer is stolen, the Absolute Theft Recovery Team will work with local law enforcement to recover it.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| February 9, 2012
One comment

Social Network Safety Tips

Social Network Safety TipsIn case you have lived under a rock, social networking sites are very popular. LinkedIn (LNKD) has over 100 million users; 1 billion tweets are posted on Twitter each week and Facebook is approaching 1 billion users. Despite these numbers, they also open users up to more computer viruses and online threats according to a report from Webroot. A Help Net Security article details a few of the threats social network users face. They include:

Social networking malwareBogus e-mails from “friends”: The blog warns that hackers lure users into taking actions they shouldn’t. They do this by making it seem as if a friend within their social network has sent them an in-network e-mail. Only the e-mail is from a hacker who’s hijacked the friend’s account.

Malicious links or bait: This type of scam involves personal messages to users. The messages encourage victims to click on a link. Doing so can do a number of things including sending users to a fake website. There they are prompted to download and install an executable file that turns out to be a virus that infects the user’s PC explains the author.

Identity theftIdentity theft: Social network users who share personal information with their entire network of friends leave themselves vulnerable to hackers. Oversharing details like birth dates, addresses, pets’ names, and other details make it easier for attackers to guess your password and access Yout profile based on the personal information shared reports Help Net Security.

To help increase your PC protection, Webroot advises users to install updatable Internet security software and keep a few simple rules in mind, such as:

Be skeptical – E-mails, friend requests, Web site links, and other items from sources you do not know could be malware.

Social networking privacyUse privacy settingsSocial Networking sites, such as Facebook and Twitter, offer privacy settings that let you control who sees your posts and personal information. Use them to control who access to your page, contact information, etc.

Protect your password – Choose your passwords wisely, incorporate numbers, letters, and special characters, and never use the same password at more than one site.

For those who may need new internet security software, you should select a program that has a multi-level security program to:

  • Block viruses, spyware, spam, Trojans, worms, rootkits, and keyloggers;
  • Make your PC invisible to hackers;
  • Encrypt passwords and remember them for you;
  • Offer multi-layer identity protection;
  • Provide firewall security.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
« Older Entries   Recent Entries »