I am not a number, I am a free man! – I am not a consumer, I am a free man!

There are those happy occasions when a reader’s comment here is so insightful, that the comment deserves to be highlighted as a stand alone post. Comments from Mark Schneider, Michael Fisher, John Bent, and several other readers, have been highlighted previously, using this criteria.

Following a recent opinion piece – Open Source BleachBit 0.9.3 – Deletes HTML5 Cookies – which detailed the rise of a new threat to personal privacy, regular reader RedNightHawk offered this comment for consideration and discussion.

I think you’ll find it worthwhile to evaluate the issues raised in RedNightHawk’s perceptive comment.

“I usually check the Options/Settings/Preferences of my browser after an upgrade to make sure I haven’t lost any settings, and to see what’s new. I remember when I saw an option to allow HTML5 to use local storage (and a sub-option to delete any files on close), I refused to allow any local storage.

I did that for the same reason I used to have my flash storage set to zero – I didn’t know what all the storage would be used for, and if it’s optional then it’s clearly not needed for the technology to work.

I eventually wound up enabling local flash storage (some sites wouldn’t work without it enabled), once I got the NirSoft program that deleted LSO’s, and I used a program that sat in the tray and let me turn the flash bit on and off so I wouldn’t get cookies when I was just surfing; only when I actually wanted to see some particular flash content.

My current most-used browser allows me to click on specific flash objects if I want to allow them. What a pain this all is (how inconvenient!), and here’s the kicker – just a few days ago, thanks to a link in your Tech Thoughts, I was reading about a tracking company trade group CEO telling Senators he thought the industry was doing a good job of policing itself and legislation wasn’t needed to control tracking, or protect privacy.

When mechanical gadgets first started being made it was for convenience – to benefit us by freeing up time for other things. Now, in the information age, the CON part of convenience seems to be prevalent. Corporations know we’ll make poor decisions and put convenience above things like privacy, nutrition, financial well-being, etc.

Too often a gadget or technological breakthrough is a mere piece of cheese, luring the consumer into a trap – the worst kind of trap: one which they never realize they’re in. Are we mice now, destined to live our lives running around the mazes they create for us?

I’m reminded more and more of the opening of the TV series The Prisoner where Patrick McGoohan yells out, “I am not a number, I am a free man!” More and more there’s times when I feel like grabbing a CEO’s lapels and yelling, “I am not a consumer, I am a free man!” Think the message would get through?”

–   RedNightHawk

P.S.
Dan Tapscott has an interesting series about privacy in the digital age on The Star’s website that you and your readers might be interested in:
http://www.thestar.com/news/insight/article/1204668

Cyber Shopping on Black Friday? Six Tips From PandaLabs To Keep You Safe

Cyber shopping on Black Friday can be very appealing – no lining up at midnight, no line ups at all, no risk of being trampled by unruly crowds, shop in your PJs if you like, “shopping around” and comparing prices is a snap, and the list of benefits goes on.

So, if you cyber shop, you may not face the risk of being trampled to death by an unruly crowd, or being shot to death by an angry shopper – both tragedies actually did happen on Black Friday, November 28, 2008. But, you will face substantial cyber security risks.

Staying safe while you cyber shop requires that you be much more wary, and that you understand that cyber crooks salivate at the opportunities Black Friday cyber shopping creates for exploiting the unwary and careless consumer.

Cyber shopping safely requires that you follow well established best practices that have proven to substantially reduce the risk of being victimized.

PandaLabs suggests holiday shoppers adhere to the following best practices this Friday and Monday, and throughout the holiday shopping season:

Avoid using search engines for locating special holiday deals. Criminals commonly turn to Blackhat SEO, which involves maliciously using search engine optimization around hot keywords to poison search engine results. Instead of using a search engine, go directly to reputable sites that you are familiar with. Screenshots of a recent malicious Black Friday search result is available at here.

Don’t click on embedded links in advertisement e-mails. E-mails that appear to be advertisements from legitimate vendors could be a well-disguised scam or malware attack. Chances are you’ll be able to find the same deal by going directly to the website in your favorite web browser.

Install all available operating system updates and patches. Cyber criminals are particularly skilled at exploiting critical vulnerabilities in operating systems and commonly used applications. Computer users are often silently redirected to a website with a carefully crafted malicious payload that leaves the computer infected with data-stealing malware or extortion-based threats. In addition to updating your system, PandaLabs strongly advises people to update Adobe Flash, Adobe Reader, and Java software, which are all commonly targeted by cyber criminals.

Don’t underestimate criminals. Cyber criminals have no limits, and will create fake advertisements, shopping carts, poison various search terms and more in order infect your computer and steal your personal data. If you’re unsure if a site is legitimate, run a search online to see if you can determine whether it’s widely known. If you can’t find details on a retailer, PandaLabs advises holiday shoppers to take their business elsewhere.

Only purchase from sites that offer secure browsing (SSL/https). You can tell if a site uses SSL/https if there is a padlock icon on the bottom corner or in the address bar of your browser. Some browsers like Internet Explorer and Chrome turn the address bar green to indicate that the site is secure. Even if a site uses SSL/https, remember that SSL only works to create a secure Internet tunnel between you and the e-commerce server. You can still transmit sensitive data over to cyber criminals, so it’s best to run frequent anti-malware scans.

Always use updated anti-malware protection. Despite growing awareness of today’s Web-borne threats, many people still don’t use even a basic anti-virus solution and leave themselves vulnerable to infections, data loss and identity theft. You can download Panda Security’s award-winning Panda Cloud Antivirus software, which is completely free, here.

About PandaLabs:

Since 1990, PandaLabs, the malware research division of Panda Security, has led the industry in detecting, classifying and protecting consumers and businesses against new cyber threats.

At the core of the operation is Collective Intelligence, a proprietary system that provides real-time protection by harnessing Panda’s community of users to automatically detect, analyze, classify and disinfect more than 63,000 new malware samples daily.

The automated classification is complemented by a highly specialized global team of threat analysts, each focused on a specific type of malware, such as viruses, Trojans, worms, spyware and other exploits, to ensure around-the-clock protection.

Learn more about PandaLabs and subscribe to the PandaLabs blog here. Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Cell Phone Fraud – Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI), and the U.S. National White Collar Crime Center, cell phone fraud attacks are on the rise.

Given the unsteady state of world economies, a near perfect opportunity has been created for cyber-crooks to take advantage of people’s fears, and the worries, created by the uncertainties surrounding this crisis. Not surprisingly, there has been a major increase in financial-themed phishing, vishing, and spam.

Yes, you’ve heard of phishing, but what’s this vishing you ask?

The IC³ (Internet Crime Complaint Center) describes vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account has been suspended, deactivated, or terminated.

In a common scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, cell phone text message, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they are greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email.

Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their Personally Identifiable Information by e-mail, mail, text message or instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

To reduce the chances of being victimized the following are minimum safety precautions you should take:

Consider every email, telephone call, or text message requesting your Personally Identifiable Information as a scam

Never click on embedded email or cell phone links

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.

Cell Phone Fraud – Protect Yourself from Vishing

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting your PII as a scam.

Never click on embedded email or cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

You can read more on this issue at the Internet Crime Complaint Center.

Internet/Cell Phone Fraud – Vishing, Cyber Criminals New Scam

According to the Internet Crime Complaint Center, a partnership between the U.S. Federal Bureau of Investigation (FBI) and the U.S. National White Collar Crime Center, Vishing attacks are on the increase.

Yes, you’ve heard of Phishing, but what’s this Vishing you ask?

The IC³ (Internet Crime Complaint Center) describes Vishing as an attempt to persuade consumers either by email, text message, or a telephone call, purportedly from their credit card/debit card company, to divulge their Personally Identifiable Information (PII), claiming their account was suspended, deactivated, or terminated.

In one scenario, recipients are asked to contact their bank by calling a telephone number provided in the e-mail, or alternatively, by an automated telephone recording. When the potential victim calls the telephone number, they’re greeted with “Welcome to the bank of …” and then requested to enter their card number in order to resolve a pending security issue.

In the email scam attempt, in order to persuade the recipient that it is not a scam, the fraudulent e-mail sets out all the caveats the potential victim should be aware of in dealing with this type of email. Who would consider that a scam artist would warn you that a bank would not contact customers to obtain their PII by e-mail, mail, and instant messenger?

To further convince the recipient of the validity of the email, it goes on to state that the recipients should not provide sensitive information when requested in an e-mail, and not to click on embedded links, claiming they could contain “malicious software aimed at capturing login credentials.”

Would this convince you that this email was genuine? It just might.

A new version of this scam recently reported to IC³ involves the sending of text messages to cell phones claiming the recipient’s on-line bank account has expired. The message instructs the recipient to renew their on-line bank account by using the link provided.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that IC³ has called the situation “alarming”.

Minimum safety precautions you should take.

• Consider every email, telephone call, or text message requesting your PII as a scam
• Never click on embedded email or cell phone links
• When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source

You can read more on this issue at the Internet Crime Complaint Center.