Tag Archives: confidential

Will The Epsilon Data Breach Affect You? Don’t Be Surprised!

imageThe damage yet to be realized from the Epsilon Data Management breach, in which 250 million consumers names and e-mail addresses were compromised, has the potential to be staggering.

With 2500 client customer databases residing on their servers, Epsilon likes to characterize itself as the world’s premier email marketing service. Since they are responsible for over 40 billion (generally unwanted) emails annually, I tend to characterize Epsilon less favorably.

To this point, all of the companies involved in this breach (and the list is growing daily), are aggressively making the point that customer financial and confidential information, remains secure – and, has not been stolen. However, in a cover their ass move, many of the affected companies slip in a caveat – “based on everything we know”, or words to that effect.

Now, if one fell off the turnip wagon yesterday, that response might seem acceptable, or even encouraging. Personally, I’ll be guided by what experience has taught me in relation to situations such as this; and that is – there’s a very good chance that what we’re  seeing today, is no more than the tip of the iceberg.

In the short term we can expect the following:

The incidence of targeted spam (since names, addresses, and most importantly, company affiliations are available), is sure to rise dramatically;  with a corresponding increase in malware laden email.

Based on the same information accessibility, spam phishing attempts will move up the list of cybercriminals’ preferred scams. Unfortunately, the success ratio is likely to increase dramatically.

Long term impact has yet to be determined with any accuracy – but, since the type of companies impacted by this breach tend to operates in the Twilight Zone when it comes to safeguarding their customers privacy, heightened vigilance on the Internet, particularly not responding to unsolicited emails, takes on a new urgency if you are one of those who has had previous, or current dealings, with any of the affected companies.

Quick questions: Why wasn’t this enormously sensitive customer information encrypted? Have things gone so far, that we need to legislate common sense?

Internet security provider Kaspersky, has put together a list of the companies impacted by Epsilon’s data breach which is worth reviewing – if you’re unsure of a relationship with an affected company.

From Kaspersky Lab’s Threat Post:

The number of companies that was affected by the attack on online marketing firm Epsilon Data Management has continued to grow, virtually by the hour.

Many retailers, banks and other firms sent out notification letters to their customers on Monday, and to help you keep track of who’s affected, we’ve compiled a list of known companies victimized by the Epsilon attack.

There are likely to be even more companies that send out breach notification letters in the coming days, so check back for updates. Here is a list of companies known to have been affected so far: List of Companies Hit By Epsilon Breach.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Security Alerts, Malware Advisories, Online Safety, spam, Windows Tips and Tools

Conseal Security Takes Portable Device Security To Another Level With Conseal USB

“This tape will self-destruct in five seconds!” – Mission Impossible.

Growing up in the 1960’s, I though that was just the coolest phrase – and the underlying technology, of course. As a way of keeping confidential  information out of the hands of the bad guys, what could be better than that? BOOOM!

Today, safeguarding confidential information is far more complex – and there are many more “bad guys”. Information, in a very real sense, is currency – and the need to protect it is every bit as real as if it were hard currency.

Unfortunately, protecting critical data in an age of extreme data portability (USB sticks, portable Hard Drives, memory cards …. ) against theft, or loss, is exasperated by the very nature of portable technology.

How hard is it to lose a USB key through theft or misadventure – easy (personally, I’ve lost two over the years).

How hard is it to lose a portable Hard Drive through theft or misadventure – easy.

How hard is it to lose a memory card through theft or misadventure – easy.

How hard is it recover any one of the storages devices mentioned? Hard. Hard. Hard.

While it’s true, that both password and encryption applications, offer some protection against unauthorized access should a portable storage device vanish, neither provides absolute protection. Both password cracking, and decrypting applications (and the computing resources necessary), are readily available to those with less than honorable intentions.

What’s needed then, is a technology that not only offers password protection and file encryption, but the ability to remotely destroy data on a non-recoverable device – if it becomes necessary.

I suspect that the Ministry of Defense in the UK, would have been delighted with this type of technology had it been available when, in 2008,  fifty eight Ministry of Defense unencrypted drives – which contained details of troop movements, locations, and travel accommodation, were “lost”.

Certainly, portable media device theft, or loss, is not restricted to organizations; it can just as easily happen at an individual level. For example, in the U.K., in 2008, – 9,000 USB drives were found by dry cleaners in various articles of clothing. It’s safe to say, that data loss and data leakages related to lost or stolen computer portable devices, are now commonplace.

Luckily, Conseal Security has just released a security safety system  that not only includes strong AES encryption, it allows protected devices to be remotely self-destructed, if they are lost or stolen. Moreover, as part of the package the ability to lock devices to specific networks, domains or specific computers, is included. A bonus feature includes a capacity to review all access attempts on a device.

Application setup, including creating an account which provides access to all of the programs features, is straightforward.

image

The initial account password will be emailed to you. The temporary account password in the screen capture shown below, has been changed.

image

Once logged in, you can proceed to manage the portable device attached to your machine.

image

In the following screen shot, you’ll notice I have logged in and entered a name for the attached device.

image

The USB drive I used for this test was quite small (512 MB), so the encryption and registration took less than two minutes.

image

image

As per the message box, no files were accessible on Drive F: (the original drive designation) – instead the files were on Drive G: (the newly concealed drive).

image

Following encryption of the drive’s contents you will have a number of options to choose from, including –

Access Control

You can set up rules to control where and when this device can be unlocked.

image

Alerting

You can set up alerts to email you when this device is used.

image

Self Destruct

You can securely delete the contents of this device if it has been lost or stolen. It will become a blank disk.

image

Unlocking the portable device is an uncomplicated process – as shown in the following screen captures.

image

image

A taskbar popup will notify you on successful completion of the “unlock” process, as illustrated in this screen capture.

image

Fast facts:

Remote self destruct – If your Consealed device is lost or stolen, you can remotely destroy the data it contains. Press a button on a website and the contents of your device will be securely wiped when next inserted.

image

Who’s accessed your data? – View a log of who attempts to unlocks your Consealed device, including who they are and what computer they used. The log shows all access attempts and contains sufficient information for law enforcement officials to uniquely identify the computer used.

image

Define who can access your data – Specify the computers or network domains which can unlock your Consealed device. Also specify what times of the day it can be unlocked. Rules can be changed even when the device is out of your hands.

image

Safe from password guessing attempts – Even fairly complex passwords can be guessed on average within 16 minutes. Conseal’s “Dual Locks” system completely secures your protected data against password guessing attempts. Consealed devices can only be unlocked with permission from a central server.

Warnings of attempted break-ins – Receive email warnings when someone tries to unlock your Consealed device, directly and uniquely identifying the user, where they are, and what computer they used.

Strong encryption – Your data is stored using super-strength 256-bit AES encryption (approved by governments to protect ‘Top Secret’ information).

Takeaway: A very impressive and elegant solution to a potentially disastrous occurrence at a cost that’s appropriate.

Conseal USB Licenses:

Home User – 1 year’s protection. Non-commercial use only. Up to 5 devices £19.95.

Corporate User – 10 devices £140 (for 1 year). 100 devices £99/month. 1000 devices £830/month. 10,000 devices £5950/month.

Conseal Security offers a full no-quibble 14 day money-back guarantee from date of purchase.

System requirements: Windows XP and above.

Devices: You can Conseal literally any USB storage device. This includes memory sticks, USB pen drives, external hard disks, SD / MMC / xD / CompactFlash cards. It also includes all Firewire, eSATA and USB3 devices. Conseal is completely device and manufacturer independent.

Further details, and a 15 day Trial download are available at the developer’s site – Conseal Security.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under Business Applications, Cloud Computing, Computer Tools, Connected Devices, Cyber Crime, Cyber Criminals, downloads, Encryption, Encryption Software, flash drive, Geek Software and Tools, Software, Software Trial Versions, Surveilance Tools, USB, Windows Tips and Tools

Yahoo Instant Messenger Under Attack Again or Still?

A new variant of an old Yahoo Instant Messenger Worm spreading fast.

imageIn business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, etc, are wildly popular with users who want real-time computer contact with each other, and so, they form a perfect attack vector for malware distribution.

Symantec, along with a number of other security providers, are warning users of Yahoo Instant Messenger specifically, they are being targeted by a new variant of an old IM Worm, identified by Symantec as W32.Yimfoca.

image

image

image

(Graphics courtesy of Symantec)

If you are a Yahoo Instant Messenger user, you need to be particularly cautious, at the moment, in saving what appears to be a JPG or GIF file, but in fact could easily be this malicious executable.

This threat drops a worm which will lead to the attacker taking control of the victim’s computer. Additionally, the Worm is programmed to attack those in the victim’s contact list.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), the following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

image

Sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

image

Click here: “Keep Your Kids Safe With Free Parental Control Bar”.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Safety, Internet Safety for Children, Malware Advisories, Software, Symantec, System Security, Windows Tips and Tools, worms

Avoid Worms – Instant Messaging Tips

image I wrote earlier today about a new worm currently circulating on the Internet, which Panda Security identifies as the MSNWorm.GU.

This worm uses MSN Messenger, and other chat applications, to spread. It infects systems silently, and without any visible symptoms.

Infection occurs when the victim clicks on a download link contained in a message received from a contact. Clicking on the link installs the worm on the target system, and the infection begins.

So, is there anything unusual about this worm; is it just a one off occurrence? Not at all – instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware. In fact, recent statistics indicate almost 50% of worms use instant messaging applications to spread.

Regrettably, from a security perspective these applications can present considerable security risks. Security risks increase  substantially when these programs are used to share files, folders, or in some cases even entire drives.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

image

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

image

Click here: “Parental Control Bar”

On the whole, the best protection against Instant Messaging threats involves having good antivirus and firewall protection to guard your security at all times. Elsewhere in this Blog, you can read an article on free security software and download those you might find useful.

Click here: “Best Free Security Applications”

For information on how Skype has become open to scamming, read the article Skype says I’m infected with malware … by my tech wizard friend Techpaul.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Child Safety Internet, Communication, Don't Get Hacked, Free Anti-malware Software, Freeware, Instant Messenger Safety Tips, Interconnectivity, Internet Safety for Children, Internet Security Alerts, Malware Advisories, Panda Security, Viruses, Windows Tips and Tools, worms

How Risky is Peer to Peer (P2P) File Sharing?

image Albert Einstein has been quoted as stating “Sometimes one pays most for the things one gets for nothing”.

Nowhere, in my computing experience, has this been more true than in the type of peer-to-peer file sharing where users consider themselves to have scored a coup after having downloaded the latest movie, the latest video game, or the latest music CD, ostensibly for nothing.

The number of times I have been called upon to rescue a friend’s computer because of system damage caused by peer-to-peer downloading, has convinced me to give this form of file sharing, on public file-sharing networks, an automatic “thumbs down”.

Used legitimately of course, peer-to-peer file sharing can provide computer users with access to a wealth of information.

All that’s required to participate in Peer to Peer file sharing is the installation of the necessary file sharing software such as LimeWire, FrostWire, or Ares, that connects your computer to an informal network of other computers running file sharing software.

Millions of users could be connected to each other through this type of software at any one time. File sharing applications are often free, and easily accessible as a download on the Internet.

Risk factors

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive. Information such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Can this really happen? You bet.

Copyright infringement can result in significant monetary damages, fines, and even criminal penalties. Some statistics suggest as many as 70% of young people between the ages of 9 – 17, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that your children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled, and you, or your children, can unintentionally download these files.

Elsewhere in this Blog you can read an article on child safety on the Internet, and download a free parental control program that comes highly recommended.

Go to: Free Internet Child Protection – Parental Control Bar.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties.

Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties. I can assure you that spyware can often be difficult to detect and remove.

Before you use any file-sharing program, you should buy, or download, free software that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Elsewhere on this Blog you can read an article on free anti-malware programs, including anti-virus software, and you can download those that may suit your needs.

Go to: Free Windows Software You Can’t Afford Not to Have!

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

For more on the potential dangers involved in peer to peer file sharing, check out the FBI’s web site.

If you decide peer to peer file sharing is for you, the following free applications are spyware free when downloaded from reputable download sites such as Download.com, or Sourceforge.net.

LimeWire: Download at Download.com

Ares: Download at Sourceforge.net

FrostWire: Download at Download.com

19 Comments

Filed under Application Vulnerabilities, Don't Get Hacked, Freeware, Interconnectivity, Internet Safety for Children, Malware Advisories, Online Safety, Parenting Help, Peer to Peer, Privacy, Software, Spyware - Adware Protection, System Security, Windows Tips and Tools

Peer to Peer (P2P) File Sharing – Risks You Need to Know!

Every day, millions of computer users share files online. Whether it is music, games, or software, file-sharing can provide computer users with access to a wealth of information.

All that’s required to participate in Peer to Peer file sharing is the installation of the necessary file sharing software such as LimeWire, FrostWire, or Ares, that connects your computer to an informal network of other computers running file sharing software.

Millions of users could be connected to each other through this type of software at any one time. File sharing applications are often free, and easily accessible as a download on the Internet.

Sounds promising, right? Maybe; but make sure that you consider the trade-offs and the very real risks involved. The number of times I have been called upon to rescue a friend’s computer because of system damage caused by peer to peer downloading, has convinced me to give this form of file sharing, on public file-sharing networks, an automatic “thumbs down”.

Risk factors

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully. If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive. Information such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Can this really happen? You bet.

Copyright infringement can result in significant monetary damages, fines, and even criminal penalties. Some statistics suggest as many as 70% of young people between the ages of 9 – 14, regularly download copyrighted digital music. I f you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that their children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled, and you or your children, can unintentionally download these files.

Elsewhere in this Blog you can read an article on child safety on the Internet, and download a free parental control program that comes highly recommended.

Go to: Free Internet Child Protection – Parental Control Bar.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties. Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties. I can assure you that spyware can be difficult to detect and remove.

Before you use any file-sharing program, you should buy, or download free software, that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Elsewhere on this Blog you can read an article on free anti-malware programs, including anti-virus software, and you can download those that may suit your needs.

Go to: Free Windows Software You Can’t Afford Not to Have!

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program. Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting. What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

For more on the potential dangers involved in peer to peer file sharing, check out the FBI’s web site.

If you decide peer to peer file sharing is for you, the following free applications are spyware free when downloaded from reputable download sites such as Download.com, or Sourceforge.net.

LimeWire: Download at Download.com

Ares: Download at Sourceforge.net

FrostWire: Download at Download.com

7 Comments

Filed under Free Security Programs, Freeware, Interconnectivity, Internet Safety, Internet Safety for Children, Internet Safety Tools, Malware Advisories, Online Safety, Parenting Help, Peer to Peer, Privacy, Software, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools

Safety Tips For Instant Messaging

Programs such as MSN Messenger, Yahoo! Messenger, AIM, etc, are wildly popular with users that want real-time computer contact with each other. The danger, from an Internet security perspective, occurs when these programs are used to share files, folders, and in some cases entire drives.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), the following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message. Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable or even dangerous individuals. Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

Click here: Parental Control Bar

On the whole, the best protection against Instant Messaging threats involves having good antivirus and firewall protection to guard your security at all times. Elsewhere in this Blog, you can read an article on free security software and download those you might find useful.

Click here: Best Free Security Applications

For information on how Skype has become open to scamming read the article Skype says I’m infected with malware… by my tech wizard friend Techpaul.

2 Comments

Filed under Free Security Programs, Freeware, Interconnectivity, Internet Safety, Internet Safety for Children, Internet Safety Tools, internet scams, Online Safety, Safe Surfing, Software, Spyware - Adware Protection, Windows Tips and Tools