August 30, 2008
Safe Computing Tips
The Kuper Report
http://TheKuperReport.com
********************************************************
NOTE:
This article was originally posted August 8, 2007 but is still relevant,
and so we are reposting it now.
********************************************************
If someone is truly determined to hack into your computer or your emails and they have the tools and knowhow, then they will probably succeed. But you can make it harder for them to do so. Unless it is the government. On Monday, President George W. Bush signed into law an expansion of the Foreign Intelligence Surveillance Act (FISA), giving government expanded rights to intercept phone calls and e-mails without warrants.
You can protect your computer by installing a suite of protection products. One such product, Grisoft's AVG Internet Security Suite has previously been reviewed. (See the original review here and the follow-up here.)
Such suites provide protection from spyware and viruses and a variety of other malware. That would be an excellent first step. And of course be sure to keep it up to date and proactive.
Be very careful what emails you choose to open, and set your email to hide graphics by default. If you are confident that a particular email is from a trusted source, you can always activate the graphics for that individual email as you are viewing it. Turning off graphics in email is a simple way to prevent a lot of the newer means of introducing malware to your computer that just might start capturing everything you do, including all your passwords.
Be very careful about clicking on links, especially in emails that look like they came from your financial institution. The safest way to deal with your financial institution online is to not click on links in emails, but instead go to their website by entering their web address directly into your browser. Otherwise you may end up at a very good copy that looks like your financial institution's website but is instead a rogue site that will collect all the information you type and then will use it to potentially steal your identity, or at least order lots of stuff in your name billed to you but shipped somewhere else.
When connecting to the internet, never do so from a computer id that has administrative rights except when absolutely necessary (e.g., to download and install new software that you purchase online from a reputable source). Being connected to the internet with administrative rights is akin to leaving your front door open while you are not at home and expecting no one will walk in andpotentially walk out with many of your valuables.
When creating passwords, try to use a combination of letters and numbers, and the longer the password the better. Of course, don't write it down and leave it by the computer or where someone could find it.
And if you really want secure communication in email, you need to be sending encrypted email. That's not as easy as all of the other suggestions above. It requires a means for encrypting by the sender and decrypting by the receiver, and the encryption/decryption codes can only be known by just those parties for it to truly be of value.
Does your cell phone have internet access? Then it can be hacked just as easily as your desktop or notebook computer.
One more thing. It does not matter what brand computer or cell phone you have. All are vulnerable.
Labels: cell, computer, Kuper, kuper report, phone, richard kuper, safe computing tips, security
FindJobsPostJobs.com | CareerHotList.com |
June 27, 2008
Fraud Alert: Woman Gets Two Years for Aiding Nigerian Internet Check Scam
Please don't be taken in by such scams, and please pass this note along to all your friends, relatives, and business associates to remind them not to fall for them either.
Richard L. Kuper
The Kuper Report
http://TheKuperReport.com
Labels: consumer, email, fake, fraud, internet, nigeria, scam, security, spam
FindJobsPostJobs.com | CareerHotList.com |
June 21, 2008
Privacy & Security Watch: TJX Fires Employee for Disclosing Security Problems
and subsequent articles on this subject). Well, it seems they still haven't learned from their mistakes. According to this article, a young employee in a Lawrence, KS T.J. Maxx store tried, but failed to convince management that running their server in administrator mode and giving everyone id's with blank passwords was a very bad and insecure thing to do. So he anonymously posted about this lack of security to an online forum. TJX found out it was him and they fired him. No word on whether they address this serious security breach.
Richard L. Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, companies, corporations, data, data security, government, home goods, homegoods, intrusion, kuper report, marshalls, richard kuper, security, tj tjx, tjmaxx, x
FindJobsPostJobs.com | CareerHotList.com |
May 04, 2008
Updated: Privacy & Security Watch: Beware of fake emails appearing to be from the IRS
Richard Kuper
The Kuper Report
http://TheKuperReport.com
(Originally posted April 23, 2008)
I received the following email today. Beware! It is a fake!
===
From: "Internal Revenue Service"
(the associated email address was: easytref [at] tax.ref.co.us)
Subject: Tax return (Message ID IRS-9438-2825)
A Secure Way to Receive Your Tax Return
After the last annual calculations of your fiscal activity we have
determined that you are eligible to receive a tax refund of $620.50.
Please submit the tax refund request and allow us 3-9 days in order
to process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here
Note: For security reasons, we will record your ip-address, the date
and time. Deliberate wrong inputs are criminally pursued and indicated.
Regards,
Internal Revenue Service
Copyright 2008, Internal Revenue Service U.S.A. All rights reserved.
===
Also note that the link (not included here) seems to point to a website for a boy scout troop in Virginia!
Due to the hacking of that boy scout website, the ISP shut the site down.
Also, there are other scam emails out there regarding the Stimulus Rebate checks being sent out, also appearing to be from the IRS.
If you get any such scam emails, the best way to help the IRS track down the perpetrators is to first, if your email program has the option, choose "show all headers" or something similar. Then forward the email to the following address (and substitute the "[at]" with "@"):
phishing[at]irs.gov
Labels: data security, e-mail, email, fake, irs, Kuper, kuper report, privacy, richard kuper, security, spam
FindJobsPostJobs.com | CareerHotList.com |
February 23, 2008
Privacy & Security Watch: Beware of fake emails appearing to be from a financial institution
The Kuper Report
http://TheKuperReport.com
Your money and your identity are precious to you. You money and identity are also of great value to thieves. It is important to be extra vigilant, especially in emails and on the Internet, to protect both.
At the link below, you will find an example of one such real-looking communication, but it could just as easily have been set up to look like it was from whatever bank or financial institution you do business with.
Please note that in order ensure you that you are actually going to the real HSBC website indicated below (they provided this to warn their customers about this particular scam), I have not encoded the link. Please copy it and open a *new* web browser (or new tab), and paste it into your web address bar, and press ENTER. (If you do it on the same page that you are viewing this newsletter on you will need to hit the BACK button on your browser to get back here to read the rest of this article.)
Copy and paste this link to a new web page or new tab:
https://www.us.hsbc.com/1/2/3/personal/inside/securitysite/alerts/alert-1
As you saw if you followed the above instructions, someone was very creative and sophisticated. It looks real.
Remember that just because the text looks legitimate, if it is a live link that you can just click on, you need to verify that where the link is going is where the link claims to be going. I'll provide an example:
Click on the below link (which looks just like the link above):
https://www.us.hsbc.com/1/2/3/personal/inside/securitysite/alerts/alert-1
Other than the fact that the above is a link you can click on (try it - it will open in a new window), you cannot tell by looking at it that it will actually go somewhere else. And if I had created a fake HSBC-looking web page and pointed the link there, you might not have noticed at all because the resulting page would have looked just like an HSBC page (instead of taking you to ThisIsMyStore.com).
Now, move your mouse over the above link and right-click. You will get a list of options, one of which is "properties". Now click on "properties" and you will see that the link will actually take you to http://ThisIsMyStore.com and not to the secure HSBC page. This is an easy way to check where a link may actually be taking you. But note that the link displayed might still look kind-of legitimate, so it is always safest to go directly to your financial institution's website by entering the proper web address yourself.
Labels: data security, id theft, identity, identity theft, Kuper, kuper report, privacy, richard kuper, safe computing tips, security
FindJobsPostJobs.com | CareerHotList.com |
January 17, 2008
Privacy and Security Watch: Backup Tape Missing With Personal information On About 650,000 Customers
The Kuper Report
http://TheKuperReport.com
According to this article, "Personal information on about 650,000 customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing." About 150,000 of those missing records contained social security numbers. GE Money, part of General Electric Capital Corp., is the credit card operations for Penney's and the other retailers. They apparently discovered the tape was missing last October. There is no explanation in the article why this is first coming to light now. The tape was being stored at a warehouse run by Iron Mountain Inc.
Labels: card, credit, data security, GE, general electric, iron mountain, Kuper, kuper report, penney, privacy, richard kuper, security
FindJobsPostJobs.com | CareerHotList.com |
September 24, 2007
Privacy and Security Watch: Are you giving away your personal or corporate data to thieves?
The Kuper Report
http://TheKuperReport.com
I came across a couple of articles that continue to bring home the fact that many companies and individuals still do not have a handle on ensuring the privacy and security of data:
What's on your hard drive?
When businesses or individuals discard old computers, apparently many are not ensuring that personal or business data has been securely removed first. According to this article, from a sample of 350 hard drives acquired in online auctions, details about salary, company financial data, medical data, credit card numbers, visa applications, details of online purchases, and even online pornography were found.
There are many tools available today for corporate and individual use that can shred the data on your hard drives and other storage devices. They are not very expensive, especially for individual use. Simply reformatting the hard drive, for example, will not wipe the data from it.
Do you or your employees connect to a file-sharing network?
If you connect your computer to a file-sharing network, such as BearShare or LimeWire or the like, you are opening up your computer to anyone who cares to search it and copy stuff from it. According to this article, "Three spreadsheets containing more than 5,000 Social Security numbers and other personal details about customers of ABN Amro Mortgage Group were inadvertently leaked over an online file-sharing network by a former employee." In this case, the computer had the BearShare software installed.
A common search, by those seeking something other than a song, is to search on terms like "password" to find data on connected computers that will net usable information for identity theft and other crimes. In addition, it would seem that most users of file-sharing networks do not take the appropriate steps to limit what can be searched on their computer. Any time you allow your computer to be accessed by others whom you do not know and therefore have no known level of trust, you are looking for trouble.
Regarding the leaked spreadsheet with over 5,000 Social Security numbers and other personal customer details, according to a spokesperson for ABN parent company Citigroup Inc.: "Citi's information-security standards require that confidential information be stored on Citi-managed devices." In the case of the spreadsheet, it would seem the employee had it on his home pc.
Labels: abn, bearshare, citigroup, computer, credit, crime, data, disk, drive, file, id, identity, limewire, password, pc, privacy, security, sharing, stolen, theft
FindJobsPostJobs.com | CareerHotList.com |
May 10, 2007
Privacy and Security Watch: University of Missouri Hacked For Second Time This Year
Back in January, there was a similar breach. In that case, "a hacker obtained the Social Security numbers of 1,220 university researchers, as well as personal passwords of as many as 2,500 people who used an online grant application system."
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, college, data security, hack, Kuper, kuper report, personal data, privacy, richard kuper, school, security
FindJobsPostJobs.com | CareerHotList.com |
May 05, 2007
Transportation Security Administration, a division of Homeland Security, loses hard drive with personal data on 100,000
The privacy and security of personal information is clearly not being addressed by government agencies, as previously reported in The Kuper Report and in various news reports over the years. This breach by a division of the Homeland Security Department is just the latest reported problem. As the Congress perhaps begins to address this problem in the private sector, it needs to also address this problem in the public sector. However, unless there are severe consequences for breaching the privacy, this problem will not end.
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, data security, government, homeland security, Kuper, kuper report, personal data, privacy, richard kuper, security, transportation security administration, tsa
FindJobsPostJobs.com | CareerHotList.com |
April 26, 2007
Privacy and Security Watch: Lawmakers decry continued vulnerability of federal computers
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, data, data security, government, Kuper, kuper report, law, personal data, personal information, richard kuper, security
FindJobsPostJobs.com | CareerHotList.com |
Privacy and Security Watch: Group calls for federal data security breach notification law
Because of this and the many other breaches at other firms, the Cyber Security Industry Alliance (CSIA) is lobbying Congress to pass a law that will require companies that are breached to notify victims. Read all about it here.
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, data, data security, government, Kuper, kuper report, law, personal data, personal information, richard kuper, security
FindJobsPostJobs.com | CareerHotList.com |
April 03, 2007
Privacy and Security Watch: More Security/Identity Breaches and Issues
But in another ComputerWorld article in the same state of Texas, it seems that "Texas Gov. Rick Perry has signed into law a bill that allows the state's county and court clerks to disclose "in the ordinary course of business" Social Security numbers contained in documents held by their offices."
So, at least in Texas, Social Security numbers are no longer considered protected data if they exist in "public records held by clerks in the state" but are protected data if held by anyone else. So if you have public documents containing personal data, such as mortgage records and tax liens in the state of Texas, your private information, already being posted by Texas to the internet and for sale unredacted, is no longer protected.
And now your browser may be used to capture your personal information on your computer and as a hacking tool against others. According to another article in ComputerWorld, javascript code that could be used to turn a Web browser into a hacker's tool is now available on Internet.
Meanwhile, in yet another ComputerWorld article we are told that there is a critical Windows flaw that Microsoft has apparently known about since December 2006 that affects Windows 2000 SP4, XP SP2, Server 2003 (up to SP2), and even Vista (both 32- and 64-bit versions). Microsoft was apparently in no hurry to fix this but the pressure has mounted and they are supposedly rolling out a fix soon. This critical flaw will allow a rogue program to "run malicious code on a victimized PC, infecting it with spyware, stealing identity information or adding it to a botnet of hijacked systems."
To borrow from a tag line in an old TV show (NYPD Blue, if memory serves):
"Be careful out there."
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, data security, identity, kuper report, personal data, personal information, privacy, security, social security
FindJobsPostJobs.com | CareerHotList.com |
March 22, 2007
Privacy and Security Watch: Stolen Data from TJX (T.J. Maxx, Marshalls and HomeGoods stores) since 2003 Used in $8M Scheme Before Breach Discovery
This is just the latest story in the ongoing issue of data security. Companies need to get their acts together and ensure that they are protecting the personal and private data of their customers. It may be time for the government to step in and create financial incentives for companies to do this. Of course, the Federal government and many state and local governments are guilty of not protecting the personal and private data of its citizens either, so they would also have to fine themselves (not likely). So this problem will continue to be a major problem until the public starts making its voice heard and making this a priority for government and corporations to take more seriously.
Here are the links to the TJX story:
Stolen TJX Data Used in $8M Scheme Before Breach Discovery
TJX: Data Theft Began in 2005; Data Taken from 2003
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: breach, companies, corporations, data, data security, government, home goods, homegoods, intrusion, kuper report, marshalls, richard kuper, security, tj maxx, tjmaxx, tjx
FindJobsPostJobs.com | CareerHotList.com |
February 19, 2007
Corporate Security: Risk and Cost Tolerance in India
Click here to read the full article.
Richard Kuper
The Kuper Report
http://TheKuperReport.com
Labels: cost, India, Infosys, IT, offshore, outsourcing, risk, security, technology, Wipro
FindJobsPostJobs.com | CareerHotList.com |
January 08, 2007
So how secure is your pc?
The Kuper Report
http://TheKuperReport.com
So how secure is your pc? According to a January 7, 2007 article in the NY Times titled "Attack of the Zombie Computers Is Growing Threat" by John Markoff, "the bad guys are honing their weapons and increasing their firepower." Programs are secretly installing themselves "on thousands or even millions of personal computers" and then using these computers and their collective combined power to commit crimes across the Internet. For example, the article states: "Last spring, a program was discovered at a foreign coast guard agency that systematically searched for documents that had shipping schedules, then forwarded them to an e-mail address in China." Elsewhere in the article, we are told about a program that collected data from 753 infected computers, generated 54,926 log-in credentials, 281 credit card numbers, affected 1,239 companies including "35 stock brokerages, 86 bank accounts, 174 e-commerce accounts and 245 e-mail accounts" -- and that was just one file that was intercepted that had collected data over 1 month. One company that monitors such things claims there are more than 250,000 new infections daily.
There were a number of other examples, including the spam regarding a penny stock that boosted the price of the stock significantly - just long enough for whoever spawned it to make a nice profit.
Even more interesting was this paragraph that appears near the end of the article:
"Serry Winkler, a sales representative in Denver, said that she had turned off the network-security software provided by her Internet service provider because it slowed performance to a crawl on her PC, which was running Windows 98. A few months ago four sheriff’s deputies pounded on her apartment door to confiscate the PC, which they said was being used to order goods from Sears with a stolen credit card. The computer, it turned out, had been commandeered by an intruder who was using it remotely."
So now that you know about these problems, what are you doing to prevent them? Are you making the mistake of Serry Winkler and turning off your antivirus, antispyware, antimalware products, or, worse, have you failed to even install such software or ensure it is up-to-date? Are you perhaps making the ultimate error of being connected to the internet 24x7 logged in with adminstrator rights and no password? If you are accessing the internet from home via cable or dsl, do you have both a hardware firewall and a software firewall? If you have gone wireless, are you sure no one can intercept what you are doing over the air?
There are a variety of very good antivirus, antispyware, antimalware and other products to protect your computer. Some are even available for free or very low cost. Some are bundled as suites.
And before someone tries to give you the old and tired line "just get a Mac", be advised that the recent Mac vs. Windows ads have raised the profile of the Mac and Linux operating systems and attracted the interest of the bad guys. There have been an increasing number of reports regarding breaches of such machines -- perhaps not to the level of Windows machines, but that is primarily because there are fewer such machines in use. Should machines running Mac or Linux continue to grow in popularity and become a larger portion of the user community, rest assured that there are folks out there who will manage to wreak the same havoc on those machines as well.
So make sure to take all the necessary steps to ensure that your computer and data are secure. If you are a company, your responsibilities may be further defined by a variety of laws.
Labels: data security, how secure is your pc, id, id theft, identity, identity theft, Kuper, kuper report, pc, secure, security, you
FindJobsPostJobs.com | CareerHotList.com |
Who links to me?