MyBlog | User Blogs

Deadbolt technology just gets smarter and smarter. There are now electronic deadbolts that can be manipulated with an integrated keypad, a smartphone or opened with a key. After all, relying on the traditional key can be a nuisance, for obvious reasons.

The Camelot Style deadbolt from Schlage offers the latest technology.

The device can be registered with multiple z-wave enabled hubs including, Nexia Home Intelligence and Staples Connect and uses batteries.
Keyless entry codes are pre-programmed but can be changed.
Up to 30 codes can be stored and can be programmed to grant access on designated days and times, if you use the lock in tandem with an automation system .
An alarm can be set to sound if the lock is manipulated by an unwanted person.
Never being locked out again due to the device’s three methods of authentication (code, app and key).
The auto-lock feature that engages after 30 seconds, based on a timer.

Some Details

Do your homework before installing the device so the installation process goes smoothly. The average handy individual can install this lock and others may wish to use a lock smith. The pre-existing deadbolt slot should match up

By pressing the Schlage logo, you secure the deadbolt from outside. To unlock the deadbolt, it’s faster to enter the keypad code than to insert and turn a standard key. Lastly, the auto-lock feature will take up to 30 seconds to kick in once the door is shut.

And every bit of set up is all worth it

Once the device is installed, you’ll be happy you bought this high tech lock. You don’t have to buy a z-wave enabled system to use it, but more features are enabled when you do connect your deadbolt. The device practically settles anxiety about lost keys and will give you peace of mind.

Robert Siciliano home security expert to Schlage discussinghome security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

A public cloud service can bring on five risks to a business. Here they are, and their solutions.

The three A’s: authentication, authorization, access control. Here are some questions to ponder about a cloud service:

How often does it clean up dormant accounts?
What kind of authentication is necessary for a privileged user?
Who can access or even see your data?
Where is it physically stored?
Does your organization share a common namespace with the service (something that greatly increases risks)?
Are private keys shared among tenants if a data encryption is used?
Ask your cloud vendor these questions. Get answers.

Multiple tenants

There’s always that concern of data inadvertently slipping out to tenants who share the cloud service with you. One little error can expose your data and set you up even for identity theft. Breaches that can occur include: accessing data from other tenants from supposedly new storage space; and peering into other tenants’ IP address and memory space.

Virtual exploits

There are four chief kinds of virtual exploit risks: 1) server host only, 2) host to guest, 3) guest to host, and 4) guest to guest. Many cloud customers are in the dark about virtual exploits and are clueless about the vendor’s virtualization tools. Ask the vendor:

What virtualization products do you have running?
What’s the version currently?
Who is patching the virtualization host?
How often?
Who’s able to log into any virtualization host and guest?

Ownership

Here’s a surprise: Quite a few cloud vendors state in their contracts that the customer’s data belongs to the vendor, not the customer. Vendors like ownership because they get to have more legal protection should a mishap occur. They can also do other things with the data that can bring more profit.

Find out if the contract contains language referring to vendor ownership of data.
Learn what the cloud provider can do with it if indeed, they get ownership.

Fallibility

Even the biggest and best cloud services can become dismantled due to service interruptions, attacks or some miscellaneous issue with the vendor.

Funny, because a cloud provider typically insists it has superior, super-protected data backups in place. Be aware that even when a provider claims a guarantee for data backup, data can indeed get lost, even permanently.

Back up your data!
Require some language in the contract that entitles you to damages should your data become permanently lost.

Cloud services haven’t been around long enough for analysts to have come up with a predictable, clear model of all the possible risks, how likely they are, likeliness of security failures and how much, if at all, risks will negatively impact customers. And that’s just in general. Figuring this out for a particular vendor is even more vexing.

There are many unknowns, but at least you can work on minimizing them.
Obtain a copy of the vendor’s last relevant, successful audit report.
Seek out information from the vendor about prior incidents of tenant data problems.
Ask the vendor about its policy of reporting data compromises to customers.
Grind out just what the provider’s responsibility really is.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

The Internet of Things—IoT—is a formal term referring to distinctly identifiable objects (cars, kitchen appliances, smartphones) and their cyber-representations on the Internet.

By 2020, it’s projected by at least one expert that there will be over 30 billion “things” represented virtually. All of this gives rise to increased security risk that seems almost paranormal.

The virtual world seems to be closing in on the physical world. Gee, sensors that track food purchases, for instance, can reveal if someone’s on a diet or is of a particular religion.

The IoT is expected to evolve in the following ways:

Making dumb objects smart. Imagine house keys that don’t need to be taken out of one’s purse or pocket to open a door, or a gadget that you can scan dairy products in your refrigerator for expiration dates, and the sensor will then remind you of these dates.

Go one step further: A mouse that can click links—not controlled by hand movements, but by thought. Well, that may be a century off, but you get the idea.
“Things” that make changes by sensing changes in the environment. Imagine a garage door that opens because a sensor in it “knows” that the homeowner is approaching from 100 feet away.

These “things” will react according to data received about what those things are virtually connected to. But if this technology is centralized, imagine what a hacker can do: The whole town’s garage doors won’t open. A national centralization will even be worse.
Devices with independent autonomy. This sounds fantastic: Technology won’t require an intermediary device (like a smartphone) to take action when it “senses” a change in the environment.

Imagine a “thing” sensing a change in your body (via sensory technology and apps) and then responding by dispensing medication. But this also sounds frightening: Imagine what a malicious hacker can do with this technology.

Security Issues

Ownership of data. Passing the buck for security responsibility is a major issue. Who’s responsible if a device gets hacked? The maker of the device? The owner? The hacker? Who should have secured it? This type of responsibility needs to be defined.
Transfer of information. Vulnerabilities exist when data is enroute. Data may sit stored in a local data collation hub where it awaits uploading, but meantime can be stolen.
Sensitivity of data. Varying tiers of security are needed to correspond to varying kinds of data being transferred. For example, a data stream about the amount of humidity in a greenhouse doesn’t need security, while medical record information definitely does.
Death by hacker. With increasing advances in the realm of IoT, hacking can become a life-and-death matter, not just the nuisance of some baby monitor getting hacked and the hacker spewing out lewd comments for mommy to hear. For instance, it’s only a matter of time before a doctor, hundreds of miles away, remotely controls a patient’s implanted heart arrhythmia controller. What if a hacker gains access and demands ransom or else?
IT infrastructure. Cloud security concerns will only deepen as the IoT proliferates. Data access, ID and authentication, legislative boundary constraints and other issues must be considered. And should data be stored publically or privately, is another big question to answer.
Unprotected wireless. Making sure any wireless connections are protected by a VPN is essential. Hotspot Shield VPN is a great option and it’s free.

At this point, nobody really knows how all of this will pan out. Regulation and legislation will be very challenging. The IoT may very well leave legislation for data protection in the dust.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

America the Superpower is also the super choice for criminals wanting to steal credit card information. Security experts warn that this problem will get worse before it improves.

That ancient technology of the magnetic strip on the back of credit and debit cards is a godsend to criminals. The easy-to-copy band stores account information using a technology the same as that of cassette tapes. U.S. credit card technology has not kept up with fraudsters. One challenge facing the industry is that it is very expensive for companies to upgrade their credit card security.

When a card is swiped, the strip allows communication between the retailer’s bank and the customer’s bank: 1.4 seconds. That’s enough time for the network to record the cardholder’s information on computers controlled by the payment processing companies.

Hackers can snatch account data (including security codes) as it crosses the network or steal it from databases. Though the security code is required for most online purchases, thieves don’t care as long as the magnetic strips are easily reproducible and placed on fake cards—which they then use for purchases or sell the card data online. Three bucks will get you a fraudulent card with limited customer information and a low balance.

You’ll have to wait at least until the fall of 2015 for U.S. credit card companies to ditch the magnetic strips for digital chips. Retailers want more: each transaction to require a PIN rather than signature.

What can retailers do in the meantime?

Internet-based payment systems should be protected from hackers with strong firewalls.
Data should be encrypted, so that hackers see gibberish.

This may be easier said than done, because implementing these safeguards isn’t cheap. The U.S. lags behind most other nations when it comes to credit and debit cards; most countries’ cards use the digital chips that contain account information.

Every time the card is used, the chip generates a code that’s unique. This makes it a lot harder for criminals to duplicate the cards—so difficult, in fact, that usually they don’t even bother trying to replicate them. It would really be great if the U.S. could catch on to this technology.

There’s an app that can practically read your mind via your mobile device. The technology is called predictive analysis, and Google’s Now app is at the forefront. Other apps that utilize predictive analysis include Grokr and Osito: predicting the smartphone user’s next move.

How does this work?

Snippets of information are assembled via an algorithm, leading to a prediction of the user’s next behavior.

An example would be combining snippets of calendar entries with the user’s location data, e-mail information, social network postings and other like information.

The user is then presented with assistance that the app “thinks” is needed. The support-information is called a card. A card might, for example, remind the user about an event whose information was entered previously.

The app will then add directions to the event or show weather conditions at the location—even advise raingear.

Benefits

The Now app can “understand” context and filter out irrelevant information, making searchers easier than ever.
The Google search engine can now respond to more than just individual keywords and can seemingly grasp the meaning of a search query. This algorithm is called Hummingbird and impacts 90 percent of searches.

An example is that Google can compare items upon request or dig up facts about various things. For example, just type in the name of a famous landmark—once. If you seek trivia, you’ll get answers, but if you then seek directions, Google will know that you want directions to this landmark without you having to type in its name again.

Future locations of the user can be predicted (based on locations visited previously), not just the current location.
Recently, Google and Microsoft researchers came up with a software, Far Out, that can figure out a user’s routine via GPS tracking. This data is then assembled so that future locations of that user can be predicted.
The configuring can even adjust to correlate with the user’s changes in residence or workplace.

As advanced as all of this seems, this is only the start of a new wave of technology that can “think” for us—a big benefit to those whose lives are so hectic that they’ve become absent minded, and for those who simply enjoy the idea of having to do less mental work.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Mallorie’s Android phone was acting odd, like it was possessed. The thing had a mind of its own, sending garbled texts and gambling. Ghost? Or hacked?

Mallorie locked down the phone when it was charging so it wouldn’t purchase poker chips. One day she forgot to lock it and it went on a shopping binge. Packages began appearing at her doorstep.

Obviously, someone had access to her credit card. But how? And what could poor Mallorie do to disable this thief?

Millions of mobile devices get infected. But police officers won’t bother with this. Mallorie cancelled her credit card and deleted the “possessed” apps. Then she crossed her fingers.

How do mobile phones get attacked?

A study showed that 86 percent of Android malware employs “repackaging.” Here’s how it’s done:

Download an application
Decompile it.
Add malware.
Recompile the app.
Submit it back into public circulation—after changing its name.
Someone else downloads this changed-name application, and the malicious payload infects their device.
A repackaging variation, “updating,” involves adding a code that will tag a malicious payload at a later date.

How can you tell your mobile has been infected?

It begins behaving oddly. Something is off—sometimes slightly, sometimes blatantly, such as the device is sending your address book to a foreign IP address. Hook your mobile to a WiFi and see where it sends information to.
Unfamiliar charges on the bill. Malware on a phone will produce unauthorized charges. The device is hooked to an accounting mechanism, making it a snap for thieves to send premium SMS text messages or make in-app purchases—which cost you money.

How can you protect your mobile?

Keep its software up to date: easy to do on iOS but difficult on Android.
Some phones cannot be updated; these phones have OS vulnerabilities within them, making them open to attack. Users end up downloading malware which uses this OS vulnerability to infect the device.

Android vs. iOS for security

iOS beats Android for security against malware.
Apple placed restrictions on application functionality (e.g., premium SMS messages can’t be sent), which is why Android isn’t as secure against malware as is iOS.
Another reason: Android’s app review process is not top-notch at screening out bad applications (but it’s improving).
Both Android and iOS allow your personal data to leak out to ad networks. This isn’t considered malicious since a user may wish this to occur.

Scope of Problem

The verdict isn’t quite out on this.
Some say the problem is limited just to third-party app sellers and this can be avoided by going to iOS’s or Google Play’s app store.
Others believe everybody has a compromised application on their mobile.
More research is warranted to define scope of problem.

Who should protect the user?

The app maker? The carrier? Or the operating system provider?
Nobody has taken this responsibility currently. It’s kind of like a “that’s not my problem you downloaded a malicious app that we didn’t write,” or, “You wanted it; I only delivered it—not my problem.”
The buck is passed because user protection is expensive.

Solutions?

It would be great if the app store could provide very in-depth screening for all the types of malicious actions that apps can perform.
The caveat: This isn’t in the platform provider’s best interest because they want their store to carry a lot of applications.
Stores want more and more apps, and better ones, and don’t want anything to slow that process down.
Data can be secured when you communicate via a wireless network with a VPN like Hotspot Shield VPN. All web transactions can be secured via https.

Shopping online can be just as dangerous to your security as leaving your car unlocked in the mall parking lot.

Consumer Reports notes the following:

Don’t judge a website by its cover. A malicious website can look legitimate, even though it aims to nab your personal data, even identity, or sell counterfeit products.

Others aim to lure you in “with low prices they honor only if you buy extra items, or quietly adding unexpected charges based on fine-print disclosures they know you won't read.”

Look up any unfamiliar online store on bbb.org (Better Business Bureau). Check the rating, any adverse reviews and confirm its address. Search it out with keywords like “complaints.”
Carefully read the seller’s fine print.
Don’t use a debit card; use a credit card, so that the dispute process is easier.

Defective products. Read the fine print; it may say that all goods “are sold as is.” This means you won’t have the right to receive a replacement for bad merchandise.

You may be able to get a refund within 30 days of purchase, but beyond that, many sites say you must deal directly with the product’s manufacturer (you’ll need to pay for return shipping). Another problem is when the website is not an authorized dealer for the product you bought.

Make sure the site is an authorized dealer. Contact the manufacturer if necessary. Read the terms and conditions.
Be suspicious of sites that you know or believe will send you tons of spam after your purchase.
Understand the site’s privacy policy before giving personal data. “Many retailers let you elect to receive offers or have your info shared.” Others will automatically spam you or share your information unless you uncheck the pre-checked option boxes. “And limit the info you provide to what's critical for completing the purchase.”

Infected computer, or your payments are disrupted.

Never give out credit card information unless the Internet connection is secured.
Don’t peruse the Web unless the computer (or smartphone) is protected.
Make sure the retailer’s URL begins with a “https” (the “s” is necessary) preceded by a padlock icon.

A thief got a hold of woman’s debit card information and raided her bank account. This true story is described in a recent St. Louis Post-Dispatch article.

Thieves can wire money over the Internet and get the cash by showing a false ID, says the article. This kind of fraud is more common than people think. In the woman’s case, Visa detected the theft quickly and she got her money back. Many victims, though, learn they were robbed only after a check bounces.

You can’t 100 percent prevent card fraud because thieves hack into computers at banks and retailers to get card information. A clerk, even, can run your card through electronic skimmers to duplicate it. Skimmers are then swiped through ATM machines or gas pumps, ripping you off. However, there are ways you can reduce the fraud.

Don’t be phishing bait. An e-mail comes to you claiming you must make a payment and includes a link where to do this. These scam e-mails make gullible people think they’re from banks, retailers, even what seems like the IRS. The link to a phony website entices victims into typing in their bank account or credit card numbers: a done deal for the thieves.

Review bank and credit card statements promptly. Reporting something suspicious within two days means minimal liability with bank accounts. Wait too long and you may never recover your loss.

Never lose sight of your debit card. Always watch clerks swipe it. Don’t hand it to anyone else at the store.

Consider ditching the debit/credit card. Use an ATM card and a separate credit card rather than the combo.

Never give your card to anyone. This means a caregiver, nanny, dog sitter, relative—you never know what they may do.

Never give your card or account information to someone who phones you.

Never leave your checkbook around where someone can get at it. The St. Louis Post-Dispatch article reports the case of a man whose girlfriend’s heroin-addict son found his checkbook and wrote checks totaling $40,000 before he realized he’d been robbed.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.