Saturday, April 30, 2011

The Internet is our enemy




Today I was reading some news about flooding in Missouri.

Suddenly in Firefox a news browser window popped up that said - "You have Won and iPad 2"

I NEVER click on anything like this so I tried to close that pop up window.

It would not close. I tried quitting Firefox and it would not close. I tried rebooting and it would not let me because Firefox had an open pop up that took priority over my comment to close and restart.

I hard rebooted by pushing the power button. When my Mac rebooted the same pop up with the iPAd prize popped up again like some devilish spawn of Satan!

I waited and waited and would not click on the link but all of a sudden it opened up a browser page where I could enter some information to get my free iPad even though I repeatedly refused to click on the link.

I quickly quit Firefox and rebooted my computer.

I have no idea what price I will pay or what they did to my computer during that whole episode but I felt completely and utterly helpless. There was nothing I could do. The browser and the Internet had taken control of my computer!

I suddenly realized that with computers and the Internet you cannot call 911. You are on your own (unless you are at work and have some fantastic tech support)

You can't even be self sufficient and but a 357 Magnum so that you can defend yourself.

I believe that we are now right at the edge of some terrible, TERRIBLE things that will happen with the Internet. It has become a wild west and there is no sheriff in town.

If these gangsters program a pop up that cannot be closed and you are hostage to it I think most people will simply give up in desperation and click on the link button. I almost did. Then they will have violated the ONLY advice we have for people "don't click on links you don't know."

My question is "what is the industry doing to fight against the hordes of commercial and criminal gangsters (including Internet ad agencies and ad tools) that are rapidly seizing control of the Net?"

The answer is nothing. They don't care. Security is expensive. We have no way of tracing internet attacks to be able to retaliate because attacks and maleware is delivered by proxies.

We are truly now all alone as the Net aliens attack us, our financial and identity security.

.
.

Labels: , , ,

Thursday, April 21, 2011

IPhone Security Problems


The Associated Press reported this week that there is concern over iPhone's and IPad's location tracking system and the risks it poses to security and privacy. This is a very alarming development for those of us concerned about identity theft and overall personal security. Here is a summary of the AP report.

April 21, 2011

Privacy watchdogs are demanding answers from Apple Inc. about why iPhones and iPads are secretly collecting location data on users — records that cellular service providers routinely keep but require a court order to disgorge.

It's not clear if other smartphones and tablet computers are logging such information on their users. And this week's revelation that the Apple devices do wasn't even new — some security experts began warning about the issue a year ago.

But the worry prompted by a report from researchers Alasdair Allan and Pete Warden at a technology conference in Santa Clara, Calif., raises questions about how much privacy you implicitly surrender by carrying around a smartphone and the responsibility of the smartphone makers to protect sensitive data that flows through their devices.

Much of the concern about the iPhone and iPad tracking stems from the fact the computers are logging users' physical coordinates without users knowing it — and that that information is then stored in an unencrypted form that would be easy for a hacker or a suspicious spouse or a law enforcement officer to find without a warrant.

Researchers emphasize that there's no evidence that Apple itself has access to this data. The data apparently stays on the device itself, and computers the data is backed up to. Apple didn't immediately respond to a request for comment by The Associated Press.

Tracking is a normal part of owning a cellphone. What's done with that data, though, is where the controversy lies.

A central question in this controversy is whether a smartphone should act merely as a conduit of location data to service providers and approved applications — or as a more active participant by storing the data itself, to make location-based applications run more smoothly or help better target mobile ads or any number of other uses.

Location data is some of the most valuable information a mobile phone can provide, since it can tell advertisers not only where someone's been, but also where they might be going — and what they might be inclined to buy when they get there.

Allan and Warden said the location coordinates and time stamps in the Apple devices aren't always exact, but appear in a file that typically contains about a year's worth of data that when taken together provide a detailed view of users' travels.

"We're not sure why Apple is gathering this data, but it's clearly intentional, as the database is being restored across backups, and even device migrations," they wrote in a blog posting announcing the research.

Allan said in an email to the AP that he and Warden haven't looked at how other smartphones behave in this regard, but added there's suspicion that phones that run Google Inc.'s Android software might behave in a similar way and is being investigated.

Google did not immediately respond to a request for comment.

Alex Levinson, a security expert, said the tracking Apple's devices do isn't new — or a surprise to those in the computer forensics community.

The Apple devices have been retaining the information for some time, but it was kept in a different form until the release of the iOS 4 operating software last year, Levinson, technical lead for the Katana Forensics firm, wrote on his blog.

Through his work with law enforcement agencies, Levinson said he was able to access the location data in older iPhones and warned about the issue over a year ago. The location data is now easier to find because of a change in the way iPhone applications access the data, he said.

"Either way, it is not secret, malicious, or hidden," Levinson wrote. "Users still have to approve location access to any application and have the ability to instantly turn off location services to applications inside the settings menu on their device."

The existence of the location-data file on the phone is alarming because it's unencrypted, the researchers said, which means that anyone with access to the device can see it.

Charlie Miller, a prominent iPhone hacker, said a security change that Apple made last month would make extracting the file from the phone in a remote attack very difficult. Even if an attacker were to break into someone's phone looking for the file, he wouldn't have the right privileges to access the file.

The data is "pretty well-protected on the phone," Miller, principal security analyst with Independent Security Evaluators, said in an interview.

"On the phone, they take a lot of precautions." He said. "It's sort of frightening in the sense that it's there, and it's full of information about where you've been, but the good news is it's not easy to get to."

But it's a different matter when the data is transferred to another computer in a backup. If the backup computer is infected with malicious software, the file could easily be located and sent to the hacker. A way to protect against that is to encrypt the iPhone backup through iTunes, the researchers said.

The issue has prompted several members of Congress to write letters to Apple, based in Cupertino, Calif., to answer questions about the practice.

Sen. Al Franken, D-Minn., said it raises "serious privacy concerns," especially for children using the devices, since "anyone who gains access to this single file could likely determine the location of a user's home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken — over the past months or even a year."

Rep. Edward Markey, D-Mass., said,
"Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn't become an iTrack," he said in a statement. "Collecting, storing and disclosing a consumer's location for commercial purposes without their express permission is unacceptable and would violate current law."


Labels: , ,

Tuesday, April 19, 2011

Your Kids Targets of Identity Theft?

We have been writing and teaching about the threats of identity theft in financial matters (credit card, checking accounts, your credit history), medical identity (your medical records are breached and people can get medication and medical services in your name), and true identity theft (your total "persona" is taken by someone who gets passports, drivers licenses and other identities with your name but their picture and biometrics).

Now we have more evidence of the risks to your kids. Read on.

A report by Carnegie Mellon's CyLab has found that identity theft is a growing concern for children. In a scan of 42,000 US child IDs, CyLab found that more than 10 per cent of kids had someone else using their Social Security number.

Why are kids such a good target? Parents aren't paying attention. However, parents should pay attention, since CyLab found that children had a 51 per cent higher attack rate than adults. The problem is likely to get worse as more kids go online at a younger age.

CyLab scanned more than 42,000 child IDs by identify protection company Debix and found that:

  • 4311, or 10 per cent of children, had someone else use their Social Security numbers;
  • these IDs were used to buy homes, cars and open credit lines;
  • the largest fraud was US$725,000 against a 16-year-old girl;
  • the youngest victim was five-months-old and 303 victims were under five; and
  • there were 1767 cases where a child's Social Security Numbers were found in utility records.
http://www.zdnet.com.au/identity-theft-s-next-frontier-your-kids-339313517.htm

Labels: , , ,

Wednesday, April 06, 2011

Biggest Crime in History – In terms of Potential Victims!

The world’s largest “permissions-based” e-mail marketing company, Epsilon, reported late last week that someone hacked into its computer system and stole an unknown number of e-mail addresses and names.

According to Professor Steffen Schmidt, Iowa State University, “This is probably the single largest criminal act in history since this company potentially has compromised the recipients on the 40 BILLION or so e-mails they send out each year.” Schmidt is professor of public policy and has co-written with Michael McCoy two books on identity theft. He is also co-founder of the blog http://stolendata.blogspot.com/ and a developer of the Engineering On Line certification workshop Information Security and Identity Theft Policy http://www.eol.iastate.edu/Professional-Development/Courses/idtheft.html

“This is a stunning example of the huge risk anyone using email now faces of being the victim of highly targeted “Spear Phishing” which is a sophisticated form of sending real-looking links to companies the recipient is familiar with (such as a bank or a retailer) and then soliciting “updates” or other information. The unsuspecting person clicks on the link and is routed to a criminal web site where their accounts and even potential their full identity will be stolen,” said Schmidt.

“It will be many, many years of painful and costly trouble for millions of people,” Schmidt said, adding, “someone needs to be sued, convicted, and do serious jail time for such negligence of a huge and sensitive data base.”

Steffen Schmidt, Professor
For our latest Course that ANYONE can take visit;
http://www.eol.iastate.edu/Professional-Development/Courses/idtheft.html

Labels: , , , , ,

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft