- Entering personal information on social networking sites for the entire world to see - This is a very common mistake made by many people, especially the unsuspecting youth. If you enter your personal information like your home address or your telephone number on a public site, and you aren't careful about whom you accept as friends, then it can potentially be misused or you could become a victim of harassment.
- Using unsecured, internet protocols for financial transactions - This puts your financial information, in particular, your credit card numbers and bank account numbers at serious risk when you purchase products online. Be sure to use a notable processor like PayPal or make purchases at the big-name, trusted sites.
- Using similar usernames and passwords for different accounts - It's simply risky, because if one of your accounts is somehow hacked, then the security of the rest of your accounts is also at risk.
- Accepting cookies on the internet from unfamiliar sites - This may make your online experience a little easier, but it can also be a great threat to your privacy. That innocent cookie could actually be a piece of spyware that records your keystrokes. Your account ids and passwords could be at risk of being exposed.
- Ignoring the importance of anti-virus and anti-spyware programs – As previously mentioned, spyware and related malware programs can send sensitive information about you to a third party. These can automatically install themselves without your knowledge while you are browsing the net. Therefore, make sure that you have an anti-spyware program installed and also, be sure to have the latest updates for your chosen program.
- Storing account ids and passwords, passport ids, bank account and credit card numbers, or other ID numbers and passwords on your hard drive – This type of information should be stored on a USB memory stick or copied to a CD. Although archaic, even just writing that information on a notepad and keeping it in a safe place in your home is safer than having it on your computer. I don't think that the hackers have written a program yet that can grab your sensitive information off our desk!
- Not monitoring the online activities of your kids – Everything that your children do online should be monitored. If it turns out that a family member is engaging in unsafe behavior that threatens your privacy and online security, take immediate action to inform them of the recklessness of their actions before it's too late. Put boundaries in place to minimize the risk.
Tuesday, October 21, 2008
The 7 Worst Mistakes People Make Online
Online business, activities and transactions are increasing exponentially each year. That means that a ton of money is flowing through this virtual world, and where there is a lot of money, usually, there is a lot of greed as well. Some people will do anything to make a quick buck, so the average consumer needs to be on guard. Unfortunately, many people are still in the dark when in comes to staying safe online. Everyday, there are more and more people who become victims of internet fraud and scams because they have neglected to take online security seriously. Here are the 7 worst mistakes that people make online, which could easily be avoided.
Sunday, October 12, 2008
Not All Hotel Internet Connections Are Created Equal...
A recent report by Government Computer News sheds light on a topic that millions of people all over the world deal with on a regular basis: Internet privacy and security in the hotel industry. People have many different reasons to travel, but with the modern tech-era upon us one of the most frequently asked questions when booking a hotel is: "Do you have Internet?" That answer is most likely a, "yes."
Internet access allows you to be more productive during your trip and stay in touch with the rest of the world that isn't traveling with you, but just how safe is that Internet connection? According to researchers: Not very. Most of the Internet connections are not properly secured and leave you at risk for a number of privacy risks. Researchers gathered written information from147 hotels and personally visited other properties and the findings were quite astounding.
Roughly 20% of all hotels used simple network hubs to connect guests to the Internet. This means 20% of the hotels you have ever stayed at are allowing you to connect to an unsecured network where all the packets of data being sent over the network can be seen. Anyone else on that network can access your personal data via the network connection. Ideally, hotels should have security features implemented so only the packets associated with your session should be seen. No other users should have access to the data. This would stop an "interloper" from using a program that saves all packets being sent over the network.
Of the hotels that do offer Internet access, 90% of them allow guests to connect wirelessly. This adds an extra layer of protection since they have to use a router to get the signal out. While this is an advanced security measure, it still does not mean a user is protecting their personal information. Man-in-the-middle attacks are still possible, and almost 21% of hotels have reported attacks and malicious activity on their systems. Man-in-the-middle attacks allow an attacker's computer to act as an Internet gateway and intercepts all network traffic.
Researchers visited 46 hotels and found that six of the 39 hotels using wireless Internet used encryption methods on their network. Only six properties thought of going above and beyond their Linksys router and securing their network! Anyone using a hotel's Internet connection should assume the worse and hope for the best. An anonymous proxy server will definitely help keep you protected from an unsecured wireless network since it encrypts all the data you send before it reaches the Internet gateway.
Internet access allows you to be more productive during your trip and stay in touch with the rest of the world that isn't traveling with you, but just how safe is that Internet connection? According to researchers: Not very. Most of the Internet connections are not properly secured and leave you at risk for a number of privacy risks. Researchers gathered written information from147 hotels and personally visited other properties and the findings were quite astounding.
Roughly 20% of all hotels used simple network hubs to connect guests to the Internet. This means 20% of the hotels you have ever stayed at are allowing you to connect to an unsecured network where all the packets of data being sent over the network can be seen. Anyone else on that network can access your personal data via the network connection. Ideally, hotels should have security features implemented so only the packets associated with your session should be seen. No other users should have access to the data. This would stop an "interloper" from using a program that saves all packets being sent over the network.
Of the hotels that do offer Internet access, 90% of them allow guests to connect wirelessly. This adds an extra layer of protection since they have to use a router to get the signal out. While this is an advanced security measure, it still does not mean a user is protecting their personal information. Man-in-the-middle attacks are still possible, and almost 21% of hotels have reported attacks and malicious activity on their systems. Man-in-the-middle attacks allow an attacker's computer to act as an Internet gateway and intercepts all network traffic.
Researchers visited 46 hotels and found that six of the 39 hotels using wireless Internet used encryption methods on their network. Only six properties thought of going above and beyond their Linksys router and securing their network! Anyone using a hotel's Internet connection should assume the worse and hope for the best. An anonymous proxy server will definitely help keep you protected from an unsecured wireless network since it encrypts all the data you send before it reaches the Internet gateway.
Friday, October 10, 2008
7 Tips to Protect Your Online Privacy
It's common knowledge that the world has moved online, and so has the bulk of our personal lives. The majority of us pay our bills online, we manage our bank accounts online, and some may even earn an extra or full-time income from the Internet. Even those who were once leery of that “Internet thing” are venturing online these days. With our lives so impacted by the internet, there is an increased concern about online security. The information that we leave unguarded online can easily be obtained by unscrupulous people and used in ways that could a make our lives a nightmare. Be very careful of the footprints that you leave when you are on the web. The following are some of the measures that you can take to protect your online privacy.
- Whenever you visit a website, be sure to take a look at the privacy policy. More importantly, make sure that the website even has a privacy policy. The privacy policy indicates how that site will attempt to collect information from you and what will be done with that information. There should be verbiage that reassures you that your private data will be kept safe and will not be sold to a third party. If you don't see a privacy policy, then any information that you submit becomes public property, so be aware.
- Make sure that all of your online passwords are very difficult for anyone to just guess what they are and make it a habit to change your passwords at least once a month or even more often than that.
- Make sure that you teach your kids that it is unsafe to carelessly enter personal information on the internet. Children can easily be tricked into giving out information like your home address, social security numbers or other critical information regarding your family that could potentially lead to identity theft. Therefore, it is essential that you explain to your children the potential dangers of the internet and be sure to set boundaries.
- Clear the cache memory of your system while browsing. Cache memory may be useful in making your browsing faster; however, it can have a great impact on your privacy, especially if you are using a public computer. Periodically, clear the cache memory along with the history, the cookies and other traces of your online activity.
- Make sure that any online forums that you use or visit are secure in nature and clearly state that fact.
- Always use an anti-virus and an anti-spyware program to search for key loggers, viruses, malware and spyware that may be lurking on your computer. These malicious programs could be collecting and sending your personal, private information to a third party.
- Use your common sense. Sometimes, we allow ourselves to become victims of scams on the internet simply due to a lapse in judgment. For example, if you get a random email that says you have become a millionaire and they need your bank account number to transfer the funds, don't let the vain hope of instant riches cloud your judgment. Phishing is still alive and well.
Wednesday, October 8, 2008
Chinese Milk Producer Pays to Have Negative Publicity Censored
It may seem like I am picking on China today, but they are just putting themselves in the spotlight with yet an another controversy regarding Internet censorship . Australian news TheWest.com.au reported that a PR company acting on behalf of Chinese milk producer Sanlu, asked Baidu, China's leading search engine, to censor and stifle any negative publicity about tainted milk....twice.
Sanlu agreed to buy $640,000 worth of advertising from the search engine, as long as Baidu would censor and screen any negative press associated with the milk scandal. Thousands of infants have been hospitalized, with four deaths, with kidney illness after drinking Sanlu's product. The milk produced by Sanlu was tainted with melamine, which was used to "add" protein to watered down milk. Without going into very complex chemistry details, melamine is not good. It is 66% Nitrogen and has flame retardant properties, which can easily be turned into plastics, glues, and a ton of other such products. It is somewhat common to use melamine to cover up and mask low levels of protein, but adds no nutritional value.
Sanlu has since ceased production, but without first trying to bribe Baidu. Of course it is important to keep in mind that Baidu does abide by Chinese Internet laws, so it is possible the Chinese version of Baidu has been censoring content based on the regulations in place. It is bad enough that the Board of Directors at Sanlu need to water down the milk so they can increase their profit, but adding melamine to fool the tests is just ridiculous. Why would they take the risk, especially since it is common knowledge (in that industry) that melamine causes renal failure and kidney stones? And just to boot, the melamine they used wasn't even the purest grade since that kind would have been too expensive to use. Sanlu used lower grade melamine that could contain urea and ammonia. At least poison the country with the best toxins you can find...
Sanlu agreed to buy $640,000 worth of advertising from the search engine, as long as Baidu would censor and screen any negative press associated with the milk scandal. Thousands of infants have been hospitalized, with four deaths, with kidney illness after drinking Sanlu's product. The milk produced by Sanlu was tainted with melamine, which was used to "add" protein to watered down milk. Without going into very complex chemistry details, melamine is not good. It is 66% Nitrogen and has flame retardant properties, which can easily be turned into plastics, glues, and a ton of other such products. It is somewhat common to use melamine to cover up and mask low levels of protein, but adds no nutritional value.
Sanlu has since ceased production, but without first trying to bribe Baidu. Of course it is important to keep in mind that Baidu does abide by Chinese Internet laws, so it is possible the Chinese version of Baidu has been censoring content based on the regulations in place. It is bad enough that the Board of Directors at Sanlu need to water down the milk so they can increase their profit, but adding melamine to fool the tests is just ridiculous. Why would they take the risk, especially since it is common knowledge (in that industry) that melamine causes renal failure and kidney stones? And just to boot, the melamine they used wasn't even the purest grade since that kind would have been too expensive to use. Sanlu used lower grade melamine that could contain urea and ammonia. At least poison the country with the best toxins you can find...
China Spies and Censors Skype Users
Beginning this month, many news sources (including Cnet and PC Magazine) have been reporting on the Chinese version of Skype that spies on certain "sensitive words" and blocks them from servers if needed. Skype is a software that allows you to make phone calls over the Internet and use your computer's microphone and speakers to communicate with others. It is sort of like a beefed up version of AIM, but along with instant messaging allows you to video conference and make phone calls.
It was only a matter of time after the Olympics left town that China would be back to spying and Internet censorship. Skype president, Josh Silverman, admitted that he knew TOM (Silverman's partner company in China) would be closely monitoring Skype users. Reports released by Canadian researchers stated that TOM is, "engaging in extensive surveillance with seemingly little regard for the security and privacy of Skype users. This is in direct contradiction of Skype's public statements regarding their policies in China." Millions of bits of data are tracked and stored, including personal information and contact details, for any chat that TOM-Skype is in charge of. Along with this, certain keywords related to Falun Gong, Taiwan, and anti-government statements are all closely monitored.
If this wasn't a big enough problem, reports show that proper safeguards are not being taken to ensure the data is not leaked. The data that is collected and stored is encrypted, but the encryption keys are kept on the same servers. Anyone with knowledge of hacking or cracking can just grab the information and decrypt it at their leisure. This is a major privacy issue, no matter what country you live in or how many freedoms you have.
Users contacting China via Skype are at risk just the same since log files are kept on any connection that passes through TOM-Skype. If Internet privacy was already a concern for you, then Chinese Skype just added another privacy risk to your plate.
It was only a matter of time after the Olympics left town that China would be back to spying and Internet censorship. Skype president, Josh Silverman, admitted that he knew TOM (Silverman's partner company in China) would be closely monitoring Skype users. Reports released by Canadian researchers stated that TOM is, "engaging in extensive surveillance with seemingly little regard for the security and privacy of Skype users. This is in direct contradiction of Skype's public statements regarding their policies in China." Millions of bits of data are tracked and stored, including personal information and contact details, for any chat that TOM-Skype is in charge of. Along with this, certain keywords related to Falun Gong, Taiwan, and anti-government statements are all closely monitored.
If this wasn't a big enough problem, reports show that proper safeguards are not being taken to ensure the data is not leaked. The data that is collected and stored is encrypted, but the encryption keys are kept on the same servers. Anyone with knowledge of hacking or cracking can just grab the information and decrypt it at their leisure. This is a major privacy issue, no matter what country you live in or how many freedoms you have.
Users contacting China via Skype are at risk just the same since log files are kept on any connection that passes through TOM-Skype. If Internet privacy was already a concern for you, then Chinese Skype just added another privacy risk to your plate.
Sunday, October 5, 2008
Ohio Woman Sues County Clerk After Identity Stolen...
With recent blog posts about the Virginia Watchdog and PulaskiWatch, it was only a matter of time before someone had their identity stolen due to the negligence of county clerks posting sensitive information. Computerworld reported on a Ohio woman suing the county clerk after her identity was stolen. An image of a speeding ticket, containing her personal information, was posted on the county website.
Originally, the case had been dismissed and Cynthia Lambert was out of luck. Her identity had been stolen and there was nowhere else for her to turn. That is until last week, when she was told she could reinstate her legal claim. Greg Hartmann, Hamilton County clerk of courts, violated Ohio's Privacy Act by posting such sensitive information about Ms. Lambert on the county website.
She received the ticket in September of 2003, and had her name, Social Security number, driver's license number, address, birth date, and signature. Having all that information easily accessible to anyone with an Internet connection definitely makes an Identity thief excited. With all that information, especially the Social Security number and signature, an identity thief can open up new lines of credit or take out loans with no risk to their own credit if he or she defaults--which usually happens.
Within a year at least two major purchases had been made in Ms. Lambert's name: $8,000 worth of electronics from Sam's Club and $12,000 in purchases from a Home Depot credit card opened in her name. Both of these purchases were made by showing a driver's license...more specifically Cynthia Lambert's driver's license. The kicker here is that the number on the driver's license used was one digit off from her actual license number. This was done in error by the officer who gave Ms. Lambert the ticket, and when the image of the ticket was posted it had the error as well. In addition, a woman caught for identity theft admitted to being part of a ring of thieves who use county websites to gain information used in the crimes.
The overturned ruling noted that while the county clerk did not act maliciously or break any laws by posting the speeding ticket, laws were broken because the Social Security number was kept in the image of the speeding ticket and published online.
This seems like a no-brainer to me. She has cited specific evidence to show her identity was stolen directly because of the county clerk's unwillingness to redact personal information. States such as California and Florida have made it illegal to post personal information and mandatory to redact data. While posting these records does make some sense, especially when a company needs to find information on a person for the purposes of opening a line of credit and such, there is no need to have Social Security numbers and signatures posted on a public forum. It is just as naive to assume the information is safe as the CEO of LifeLock putting his real Social Security number on TV and assuming no one would steal it. You are asking for trouble either way...
Originally, the case had been dismissed and Cynthia Lambert was out of luck. Her identity had been stolen and there was nowhere else for her to turn. That is until last week, when she was told she could reinstate her legal claim. Greg Hartmann, Hamilton County clerk of courts, violated Ohio's Privacy Act by posting such sensitive information about Ms. Lambert on the county website.
She received the ticket in September of 2003, and had her name, Social Security number, driver's license number, address, birth date, and signature. Having all that information easily accessible to anyone with an Internet connection definitely makes an Identity thief excited. With all that information, especially the Social Security number and signature, an identity thief can open up new lines of credit or take out loans with no risk to their own credit if he or she defaults--which usually happens.
Within a year at least two major purchases had been made in Ms. Lambert's name: $8,000 worth of electronics from Sam's Club and $12,000 in purchases from a Home Depot credit card opened in her name. Both of these purchases were made by showing a driver's license...more specifically Cynthia Lambert's driver's license. The kicker here is that the number on the driver's license used was one digit off from her actual license number. This was done in error by the officer who gave Ms. Lambert the ticket, and when the image of the ticket was posted it had the error as well. In addition, a woman caught for identity theft admitted to being part of a ring of thieves who use county websites to gain information used in the crimes.
The overturned ruling noted that while the county clerk did not act maliciously or break any laws by posting the speeding ticket, laws were broken because the Social Security number was kept in the image of the speeding ticket and published online.
This seems like a no-brainer to me. She has cited specific evidence to show her identity was stolen directly because of the county clerk's unwillingness to redact personal information. States such as California and Florida have made it illegal to post personal information and mandatory to redact data. While posting these records does make some sense, especially when a company needs to find information on a person for the purposes of opening a line of credit and such, there is no need to have Social Security numbers and signatures posted on a public forum. It is just as naive to assume the information is safe as the CEO of LifeLock putting his real Social Security number on TV and assuming no one would steal it. You are asking for trouble either way...
Thursday, October 2, 2008
Watch Out America...Satellite-Surveillance is Coming.
Reported by the Wall Steet Journal:
The Department of Homeland Security will begin the first phase of a satellite surveillance program. Surprisingly, the department has not guaranteed or ensured that the program will not break any privacy laws. The spy program, known as the National Applications Office, is meant to provide government officials (on multiple levels) with access to satellite imagery. This pertains to security needs, such as identifying weaknesses at borders and ports, and was also created with the intentions of assisting emergency response.
The critics of the NAO feel that using satellites in this manner violates our civil liberties and privacy rights. Nothing has been said about protecting Americans from using the satellites for eavesdropping. The only response is that the government stated they won't spy on us. Now that I have their word we can move on...
A 60-page report on the NAO showed some very important flaws to the system. The report showed that there is no assurance that the system won't be misused by other agencies. The response to this was for the government to "ensure that legal reviews and protection of classified information will be effective."
As of Tuesday, the bill was signed and a limited version is allowed to be tested, which will only have the capabilities for emergency response and scientific needs. Homeland security and law enforcement measures will be implemented as the NAO continues to meet its requirements. This seems like a pretty decent compromise since the only other step would have been to completely disband the project. This measure can help the fight against terrorism and protect our borders at their most vulnerable points, but still needs some time to iron out the kinks.
I, of course, am concerned about the privacy issues that will arise with the implementation of the NAO. One of the major criticisms presented with the limited version is what exactly are the requirements that need to be met? Are these requirements very easy, or overly difficult, to attain? Or are they able to be modified to benefit the pro-NAO parties involved and get the system implemented faster? Also, how can I be assured that my privacy will be protected? Especially in the case of national security, everyone becomes a suspect. This could be a very beneficial program, but with the billions of dollars required to create NAO and the possible privacy risks something more than "we said your privacy will be secured so believe us," needs to be done.
The Department of Homeland Security will begin the first phase of a satellite surveillance program. Surprisingly, the department has not guaranteed or ensured that the program will not break any privacy laws. The spy program, known as the National Applications Office, is meant to provide government officials (on multiple levels) with access to satellite imagery. This pertains to security needs, such as identifying weaknesses at borders and ports, and was also created with the intentions of assisting emergency response.
The critics of the NAO feel that using satellites in this manner violates our civil liberties and privacy rights. Nothing has been said about protecting Americans from using the satellites for eavesdropping. The only response is that the government stated they won't spy on us. Now that I have their word we can move on...
A 60-page report on the NAO showed some very important flaws to the system. The report showed that there is no assurance that the system won't be misused by other agencies. The response to this was for the government to "ensure that legal reviews and protection of classified information will be effective."
As of Tuesday, the bill was signed and a limited version is allowed to be tested, which will only have the capabilities for emergency response and scientific needs. Homeland security and law enforcement measures will be implemented as the NAO continues to meet its requirements. This seems like a pretty decent compromise since the only other step would have been to completely disband the project. This measure can help the fight against terrorism and protect our borders at their most vulnerable points, but still needs some time to iron out the kinks.
I, of course, am concerned about the privacy issues that will arise with the implementation of the NAO. One of the major criticisms presented with the limited version is what exactly are the requirements that need to be met? Are these requirements very easy, or overly difficult, to attain? Or are they able to be modified to benefit the pro-NAO parties involved and get the system implemented faster? Also, how can I be assured that my privacy will be protected? Especially in the case of national security, everyone becomes a suspect. This could be a very beneficial program, but with the billions of dollars required to create NAO and the possible privacy risks something more than "we said your privacy will be secured so believe us," needs to be done.
Subscribe to:
Posts (Atom)