Tag Archives: personal information

Voter Database Security Is A Myth

In this post, guest author David Maman, CTO and founder of GreenSQL – the database security company – questions the security reliability of voter databases.

imageSome of us spend days and months of indecision, hours in front of the TV watching campaign commercials and presidential debates, researching on the Net, mulling the options with family and friends, all ultimately to go to the polls to exercise our constitutional right to vote. For millions among us, this is a final decision and a terminal point.

Not for me.

As an information security specialist and database security researcher, I wonder where my vote goes, in what database it’s maintained, and, of course, how secure it is.

Hard experience has taught me that right now, somewhere, a hacker is trying to penetrate the voter databases “just for fun,” “to prove something,” or if I really want to be paranoid, “because he’s part of a powerful, international organization that seeks to dictate our political process by determining elections.”

Paranoia? I wish. One only has to read the news… last year, the databases of major companies were hacked: LinkedIn, Visa, KT Mobile, Sony, Zappos, etc. Of course, that tally doesn’t include the organizations who don’t know they were hacked.

Want news on voter databases being hacked in the last few years? Take a look at the list below, the result of a two-minute Google search:

July 15, 2012: Florida Allowed to Access Citizen Database for Voter Purge

July 27, 2012: Obama Administration to Open Voter Database

March 26, 2012: GOP’s Voter Vault Database Hacked, Candidates’ Identity Altered

August 2011: No Personal Information Compromised After Voter Database Hacked

At a time when databases are being constantly penetrated by unauthorized users and personal information is being stolen, misused or just maliciously exposed, the question remains: How secure are voter databases?

As if selecting a candidate isn’t vexing enough, now, I have a bigger concern: “How can I be sure my vote ultimately goes to the candidate of my choice?” “Will my vote be manipulated in any way, whether by foreign or domestic entities?” “Will my voter information be used to make it easier to have my identity stolen? (Even the FBI says identity theft represents a more serious threat than drugs.)”

About GreenSQL:

GreenSQL, the Database Security Company, delivers out-of-the-box database security solutions for small and mid-sized organizations. Started as an open source project back in 2006, GreenSQL became the no. 1 database security solution for MySQL with 100,000 users worldwide. In 2009, in response to market needs, GreenSQL LTD developed a commercial version, bringing a fresh approach to protecting databases of small- and medium-sized businesses.

GreenSQL provides database security solutions that are affordable and easy to install and maintain. GreenSQL supports Microsoft Azure, SQL Server (all versions including SQL Server 2012), MySQL and PostgreSQL.

1 Comment

Filed under Cyber Crime, Guest Writers, Point of View

DoNotTrackPlus Gives The Boot To Nosy Internet Trackers

imageSeveral weeks back, I received an invitation from CNET to join a dating website designed especially for those that are 50 years old – or more. OK, it wasn’t exactly an invitation  – it was, in fact, an ad inserted into one of my subscribed  CNET newsletters.

image_thumb1

So what – no big deal you may be thinking. But from my perspective, it is a big deal – here’s why.

In the years that I’ve been Internet connected – 18 years or more – I’ve never referred to, or listed, my actual age (other than to make the point, from time to time, that I’ve been at the computing game for a very long time). Nor, have I ever referred to my marital status (other than in a humorous way in re-commenting on a reader’s initial comment – perhaps).

As it turns out – I am over 50, and I am a bachelor. So, in reality, CNET targeted me precisely. The question is – how did CNET know to target me so effectively and efficiently?

A partial answer is – CNET spies. The fact that CNET spies on site visitors is hardly news. Nor is it news, that the majority of commercial websites engage in spying on site visitors.

SPYING – such a loaded word. Instead of “spying”, let me use a series of descriptors handily thrown around by those engaged in spying on my privacy.

Predictive analytics, customer profiling, customer segmentation, predictive modeling, lifestyle clustering……. all done for my own benefit, of course (according to the intruders). There, now I feel better about being profiled, segmented, and clustered. Not!

I’m certainly not a Luddite and, I understand the cost/benefit associated with using the Internet. But, the rules (such as they were) have changed dramatically in the last year or two. The Data Miner is now on the scene, and gobbling up personal information at a prodigious rate.

Webopedia definition – The two most common forms of data miners are data mining programs that an organization uses to analyze its own data to look for significant patterns, and spyware programs that are uploaded to a user’s computer to monitor the user’s activity and send the data back to the organization, typically so that the organization can send the user targeted advertising.

In a real sense then, it isn’t so much that CNET is aware that I’m 50 plus, or that I’m single that is at issue – since CNET could not/did not develop the specific information I referred to earlier. Instead, this information was undoubtedly culled by any one, or more, of the data miners that have infected the Internet and, using “predictive modeling” rolled out a “best guess” that I’m in my fifties and single.

And that makes me feel not only “profiled, segmented, and clustered” but, as if I’ve been “diced and sliced”. I have, in essence, become a product. A product, I’m afraid, that’s closing in on its “best before date”.    Smile

A product that LiveIntent, working on behalf of CNET, targeted based on (according to the company’s site), gender, age, geo, browser, and time of day. I should point out, that according to LiveIntent’s promotional material, the foregoing “is just the tip of the iceberg”. Of that, I have no doubt.

The other side of the coin is – and there is another side of the coin – Internet users (by and large), have been trained to accept a tradeoff in order to get access to “free” information and services. In return – they buy into the condition that each commercial site they visit has the right to spy and build a profile on their browsing habits – the type of sites they visit and revisit, time spent on sites, their shopping and spending habits, their political views, their marital status (it appears), and much more. Some tradeoff!

In the long term, the personal information gathered will be sold, bartered and traded (to bypass the disclaimer – “we will not sell your information”), so that it can be used in multiple ways that generate profit. And, that’s the upside. If there’s one thing the Internet has taught us, it’s – if information can be abused – it will be abused.

If you’re like me, and you staunchly oppose the collection of your personal information, then you’re likely aware of any number of Browser tools which claim to shutout nosy data miners. In fact, I’ve reviewed many of these tools here.

One free tool which I haven’t reviewed until now (although, I wish I had earlier) is DoNotTrackPlus – a free Browser add-on from Abine (the online privacy company).

In the several weeks I’ve been running with DoNotTrackPlus, I’ve found that this add-on lives up to it’s reputation for excellence.

The following screen captures emphasize just how pervasive online tracking has become. And, more importantly, how DoNotTrackPlus puts the boots to these invasive parasitic data miners.

A selected result, from earlier today, while reading my local newspaper online.

image

Cumulative results since installing this add-on. You’ll note, the rather staggering tracking company total.

image

Abine’s Internet privacy view:

There is a huge difference between sharing personal information and having it taken. That’s why we’ve created Internet tools and services for those who want a say in how and when their information is used. And since we think exercising your right to online privacy should be easy, our solutions allow regular people just like you to regain and maintain control over their personal information – while continuing to enjoy all the wonderful things the web has to offer.

If you find yourself agreeing with this concept – and, you want a say in how and when your privileged information is used – take DoNotTrackPlus for a test drive. I suspect that you’ll be reluctant, in future, to surf the Internet without DoNotTrackPlus in place.

Fast facts:

Free tool that puts you back in control of your information.

Stops more than 600 trackers.

When you visit a website DoNotTrackPlus blocks tracking technologies from:

· Seeing and collecting your web activity such as what sites you visit and what you view.

· Putting cookies on your machine that would continue to store information about your Internet browsing.

· Displaying ads with tracking capability, including the annoying ads that seem to follow you everywhere you go.

Compatible with Mac or PC for Chrome, Firefox, Safari, and Internet Explorer.

Automatically updates to catch new trackers.

Download at the developer’s site: Abine

Click on the graphic below to view a video of DoNotTrackPlus in action.

image

Additional information is available on the company’s FAQ site.

17 Comments

Filed under Browser add-ons, Chrome, Firefox, Internet Explorer, Online Privacy, Safari

Free Breadcrumbs Beta – Slaps Down Data Miners

imageIt’s illusionary to believe that information and services on the Internet are free – there’s a strict tradeoff involved. Here’s the deal:

You get access to “free” information and services, and in return – you buy into the condition that each site you visit has the right to spy on you, and build a profile on your browsing habits – the type of sites you visit and revisit, time spent on sites, your shopping and spending habits, your political views, your marital status, and much more.

For example, when I read my local newspaper, ten behavior trackers come into play. The personal data mined by these trackers will be analyzed, on the fly, with the objective being to target me with highly specific advertising – based on my current and previous Internet behavior.

image

That’s the immediate outcome. But long term, the personal information gathered will be sold, bartered and traded (to bypass the disclaimer – “we will not sell your information”), so that it can be used in multiple ways that generate profit.

And, that’s the upside. If there’s one thing the Internet has taught us, it’s – if information can be abused – it will be abused.

Companies that defend this intrusion into my privacy love to throw around a ton of sexy words – predictive analytics, customer profiling, customer segmentation, predictive modeling, lifestyle clustering – that they’ve managed to infuse into an activity that is ethically questionable. Painted allusions, all.

Time Magazine’s Joel Stein’s recent article – Data Mining: How Companies Now Know Everything About You is an eye opener, and definitely worth a read.

A couple of outtakes:

“Three hours after I gave my name and e-mail address to Michael Fertik, the CEO of Reputation.com, he called me back and read my Social Security number to me. “We had it a couple of hours ago,” he said. “I was just too busy to call.”

“Right after I e-mailed a friend in Texas that I might be coming to town, a suggestion for a restaurant in Houston popped up as a one-line all-text ad above my Gmail inbox.”

There are limited methods that can be employed to protect privacy on the Internet – some more effective than others. I recently came across a beta application that may well be a “better” solution. Breadcrumbs Privacy Software is based on one guiding principal – disseminating disinformation.

According to the developer – “Breadcrumbs bogus Identity feature automatically creates a Bogus Identity for you, thus preventing trackers from analyzing your real browsing information, leaving them with useless data.”

I’m in the process of testing Breadcrumbs so this review is very preliminary but, it’s worth bringing to your attention, nevertheless.

Installation is simple and the application settings are limited, but effective. Click on the graphic to expand to original.

image

The dashboard will give you the opportunity to “watch the watchers” and block selectively. Click on the graphic to expand to original.

image

The most interesting feature of Breadcrumbs is the promise that it will build a “‘bogus identity” which will mislead watchers. After running the application for several days, I have yet to see any evidence of this bogus identity.

The developer spoke to this issue in a follow up email –

“In order for the feature to work it first needs to “learn the user” then it will synthesize what bogus data should be added in order to mask your real data and identity (so give it a few more hours/days). All of the learning process is encrypted and is done on the client-side, hence no one can see or use it but the software (and in the future you).”

image

Fast facts:

Create your bogus identity – Breadcrumbs bogus Identity feature automatically creates a Bogus Identity for you, thus preventing trackers from analyzing your real browsing information, leaving them with useless data.

The Do Not Track Me stamp – Once enabled, the Do Not Track Me stamp identifies you as a Breadcrumbs Protected User. It tells trackers that you do not wish to be tracked, and also lets them know that they will be fooled by your Bogus Identity in case they decide to track you anyway.

Watchers Analytics – Breadcrumbs Watchers Analytics feature enables you to see who is watching you online. It’s an easy way to block ads and prevent trackers from tracking you across the Internet.

System Requirements: Windows XP, Vista and 7. (32-bit versions only) Microsoft .NET Framework 3.5 SP1 or above. (Breadcrumbs installer will alert you in case .NET Framework installation is needed)

Supported Web Browsers: Internet Explorer 7 or above. (including IE9). Firefox 3.6 or above. (including FF4). Google Chrome.

Download at: Developer’s site (Breadcrumb Solutions)

Breadcrumbs Usage and Demo: Video 2:26

I often hear from people who feel that since the information being mined is anonymous, no real invasion of privacy is taking place. While that may have been the case previously, that’s not the case currently.

Consider readingPrivacy: reidentification a growing risk.

I think this application is heading in the right direction. If Data Miners won’t play by the rules, or continue to be ethically challenge, then we need to consider the benefits of providing them we information that is essentially worthless. This application may offer a solution in that direction.

Note: The developer has advised me, that a new beta version with bug fixes and some improvements, will be released in the next few weeks.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

13 Comments

Filed under Anonymous Surfing, Beta Software, downloads, Freeware, Interconnectivity, Privacy, Software, Surveillance, Utilities, Windows Tips and Tools

Download EULAlyzer And Take The Pain Out Of Reading End User License Agreements

This past week I had the opportunity to address a group of typical computer users, and as I normally do, when I get the opportunity to so, I polled this group on their personal computing habits. On this occasion, I focused in on that dreaded beast – the End User License Agreement.

There were no surprises since the last time I polled this issue – most users, it seems, continue to dismiss the idea that reading an End User License Agreement is important.

But, experienced users know better – there’s a downside risk in not reading the EULA carefully. By not reading the EULA carefully, users may let ourselves in for some unwelcome, annoying, and potentially dangerous surprises.

I’ve covered this issue here in the past, but it looks like it’s time to roll out a previous article posted on March 17, 2010, on the realities of EULAs, and why it’s important to understand the conditions disclosed in EULAs.

March 17, 2010

image I’ve always considered that reading a Eula (End User License Agreement), sort of like reading the phone book; and who reads a phone book?

Without a doubt, I get pretty bored when reading EULA text; especially since I’m forced to read reams of small text, in a small window, which requires me to scroll continuously. I suspect, I’m not alone in this, and that most people just skim over the text; or don’t bother reading the EULA at all.

One of the most important aspects of any software license agreement is, the information it provides concerning the intentions of the software, and whether there are additional components bundled with the main application.

Additional components that could potentially display pop-up ads, transmit personal identifiable information back to the developer, or use unique tracking identifiers.

Not all software applications contain these additional components of course, but you need to be aware of those that do when you are considering installing an application.

Software developers who choose to employ these tools, to gather information, are generally not underhanded, and in most cases there is full disclosure of their intent contained in the EULA – the end user license agreement. But here’s the rub – virtually no one reads EULAS.

If you are a Digsby user for example, and you haven’t read the EULA, then you are likely unaware that Digsby has the right to use YOUR computer for its OWN purposes.

clip_image003

EULAlyzer, a free application from Javacool Software, the SpywareBlaster developer, can make reading and analyzing license agreements, while not a pleasure, at least not as painful. This free application quickly scans a EULA, and points out words, statements, and phrases that you need to consider carefully.

image

Working similar to an anti-spyware program, EULAlyzer flags suspicious wording on a scale of 1 to 10, based on how critical the disclosed information can be to your security, or privacy.

image

If you, like me, download freeware frequently, then you need to read the software license agreement carefully. EULAlyzer will make it easier for you to focus on the important aspects of the agreement.

There is no doubt that we could all use a little help in working our way through these wordy, but necessary agreements. The reality is, all software EULAs should be read carefully.

Fast facts:

Discover potentially hidden behavior about the software you’re going to install.

Pick up on things you missed when reading license agreements.

Keep a saved database of the license agreements you view.

Instant results – super-fast analysis in just a second.

Knowledge is Power and EULAlyzer makes it simple to instantly identify highly interesting and important parts of license agreements, privacy policies, and other similar documents, including language that deals with:

Advertising

Tracking

Data Collection

Privacy-Related Concerns

Installation of Third-Party or Additional Software

Inclusion of External Agreements By Reference

Potentially Suspicious Clauses

and much more…

Results are rated by “Interest Level” and organized by category, so it’s easy to zero-in on the facets that concern you the most.

System requirements: Windows 2000, XP, 2003, Vista, Win 7 ( x64 compatible).

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under 64 Bit Software, Don't Get Scammed, downloads, Freeware, Privacy, Security Rating Applications, Software, Spyware - Adware Protection, Utilities, Windows Tips and Tools

Yahoo Instant Messenger Under Attack Again or Still?

A new variant of an old Yahoo Instant Messenger Worm spreading fast.

imageIn business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, etc, are wildly popular with users who want real-time computer contact with each other, and so, they form a perfect attack vector for malware distribution.

Symantec, along with a number of other security providers, are warning users of Yahoo Instant Messenger specifically, they are being targeted by a new variant of an old IM Worm, identified by Symantec as W32.Yimfoca.

image

image

image

(Graphics courtesy of Symantec)

If you are a Yahoo Instant Messenger user, you need to be particularly cautious, at the moment, in saving what appears to be a JPG or GIF file, but in fact could easily be this malicious executable.

This threat drops a worm which will lead to the attacker taking control of the victim’s computer. Additionally, the Worm is programmed to attack those in the victim’s contact list.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), the following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

image

Sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

image

Click here: “Keep Your Kids Safe With Free Parental Control Bar”.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Safety, Internet Safety for Children, Malware Advisories, Software, Symantec, System Security, Windows Tips and Tools, worms

Download EULAlyzer – Let it Read the EULA for You

image I’ve always considered that reading a Eula (End User License Agreement), as akin to reading the phone book; and who reads a phone book?

Without a doubt, I get pretty bored when reading EULA text; especially since I’m forced to read reams of small text, in a small window, which requires me to scroll continuously. I suspect, I’m not alone in this, and that most people just skim over the text; or don’t bother reading the EULA at all.

However, there’s a downside risk in not reading the EULA carefully. By not reading the EULA carefully, we may let ourselves in for some unwelcome, annoying, and potentially dangerous surprises.

One of the most important aspects of any software license agreement is, the information it provides concerning the intentions of the software, and whether there are additional components bundled with the main application.

Additional components that could potentially display pop-up ads, transmit personal identifiable information back to the developer, or use unique tracking identifiers.

Not all software applications contain these additional components of course, but you need to be aware of those that do when you are considering installing an application.

Software developers who choose to employ these tools, to gather information, are generally not underhanded, and in most cases there is full disclosure of their intent contained in the EULA – the end user license agreement. But here’s the rub – virtually no one reads EULAS.

If you are a Digsby user for example, and you haven’t read the EULA, then you are likely unaware that Digsby has the right to use YOUR computer for its OWN purposes.

clip_image003

EULAlyzer, a free application from Javacool Software, the SpywareBlaster developer, can make reading and analyzing license agreements, while not a pleasure, at least not as painful. This free application quickly scans a EULA, and points out words, statements, and phrases that you need to consider carefully.

image

Working similar to an anti-spyware program, EULAlyzer flags suspicious wording on a scale of 1 to 10, based on how critical the disclosed information can be to your security, or privacy.

image

If you, like me, download freeware frequently, then you need to read the software license agreement carefully. EULAlyzer will make it easier for you to focus on the important aspects of the agreement.

There is no doubt that we could all use a little help in working our way through these wordy, but necessary agreements. The reality is, all software EULAs should be read carefully.

Fast facts:

Discover potentially hidden behavior about the software you’re going to install.

Pick up on things you missed when reading license agreements.

Keep a saved database of the license agreements you view.

Instant results – super-fast analysis in just a second.

Knowledge is Power EULAlyzer makes it simple to instantly identify highly interesting and important parts of license agreements, privacy policies, and other similar documents, including language that deals with:

Advertising

Tracking

Data Collection

Privacy-Related Concerns

Installation of Third-Party or Additional Software

Inclusion of External Agreements By Reference

Potentially Suspicious Clauses

and much more…

Results are rated by “Interest Level” and organized by category, so it’s easy to zero-in on the facets that concern you the most.

System requirements: Windows 2000, XP, 2003, Vista, Win 7 ( x64 compatible).

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Geek Software and Tools, Privacy, Software, Spyware - Adware Protection, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Avoid Worms – Instant Messaging Tips

image I wrote earlier today about a new worm currently circulating on the Internet, which Panda Security identifies as the MSNWorm.GU.

This worm uses MSN Messenger, and other chat applications, to spread. It infects systems silently, and without any visible symptoms.

Infection occurs when the victim clicks on a download link contained in a message received from a contact. Clicking on the link installs the worm on the target system, and the infection begins.

So, is there anything unusual about this worm; is it just a one off occurrence? Not at all – instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware. In fact, recent statistics indicate almost 50% of worms use instant messaging applications to spread.

Regrettably, from a security perspective these applications can present considerable security risks. Security risks increase  substantially when these programs are used to share files, folders, or in some cases even entire drives.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

image

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

image

Click here: “Parental Control Bar”

On the whole, the best protection against Instant Messaging threats involves having good antivirus and firewall protection to guard your security at all times. Elsewhere in this Blog, you can read an article on free security software and download those you might find useful.

Click here: “Best Free Security Applications”

For information on how Skype has become open to scamming, read the article Skype says I’m infected with malware … by my tech wizard friend Techpaul.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Child Safety Internet, Communication, Don't Get Hacked, Free Anti-malware Software, Freeware, Instant Messenger Safety Tips, Interconnectivity, Internet Safety for Children, Internet Security Alerts, Malware Advisories, Panda Security, Viruses, Windows Tips and Tools, worms