Tag Archives: stolen

Voter Database Security Is A Myth

In this post, guest author David Maman, CTO and founder of GreenSQL – the database security company – questions the security reliability of voter databases.

imageSome of us spend days and months of indecision, hours in front of the TV watching campaign commercials and presidential debates, researching on the Net, mulling the options with family and friends, all ultimately to go to the polls to exercise our constitutional right to vote. For millions among us, this is a final decision and a terminal point.

Not for me.

As an information security specialist and database security researcher, I wonder where my vote goes, in what database it’s maintained, and, of course, how secure it is.

Hard experience has taught me that right now, somewhere, a hacker is trying to penetrate the voter databases “just for fun,” “to prove something,” or if I really want to be paranoid, “because he’s part of a powerful, international organization that seeks to dictate our political process by determining elections.”

Paranoia? I wish. One only has to read the news… last year, the databases of major companies were hacked: LinkedIn, Visa, KT Mobile, Sony, Zappos, etc. Of course, that tally doesn’t include the organizations who don’t know they were hacked.

Want news on voter databases being hacked in the last few years? Take a look at the list below, the result of a two-minute Google search:

July 15, 2012: Florida Allowed to Access Citizen Database for Voter Purge

July 27, 2012: Obama Administration to Open Voter Database

March 26, 2012: GOP’s Voter Vault Database Hacked, Candidates’ Identity Altered

August 2011: No Personal Information Compromised After Voter Database Hacked

At a time when databases are being constantly penetrated by unauthorized users and personal information is being stolen, misused or just maliciously exposed, the question remains: How secure are voter databases?

As if selecting a candidate isn’t vexing enough, now, I have a bigger concern: “How can I be sure my vote ultimately goes to the candidate of my choice?” “Will my vote be manipulated in any way, whether by foreign or domestic entities?” “Will my voter information be used to make it easier to have my identity stolen? (Even the FBI says identity theft represents a more serious threat than drugs.)”

About GreenSQL:

GreenSQL, the Database Security Company, delivers out-of-the-box database security solutions for small and mid-sized organizations. Started as an open source project back in 2006, GreenSQL became the no. 1 database security solution for MySQL with 100,000 users worldwide. In 2009, in response to market needs, GreenSQL LTD developed a commercial version, bringing a fresh approach to protecting databases of small- and medium-sized businesses.

GreenSQL provides database security solutions that are affordable and easy to install and maintain. GreenSQL supports Microsoft Azure, SQL Server (all versions including SQL Server 2012), MySQL and PostgreSQL.

1 Comment

Filed under Cyber Crime, Guest Writers, Point of View

PC Tools Predicts New Breeds of Social Media Cyber Scams

imagePC Tools, the company which brings you PC Tools Firewall Plus (free), ThreatFire (free), and of course a complete line of award-winning commercial grade security offerings, is issuing this consumer alert advising the rollout of new social media sites and features, are leading to a fresh crop of online scams and threats.

PC Tools Top Three Social Network Threat Predictions

Email alerts for “tagged” photos where YOU might appear online.

Social networks are developing increased intelligence for facial recognition to assist with tagging photos. When you’re tagged in a photo or at a location in your photo album, you can often expect an email or notification letting you know where to view it online. Watch out!

Cybercriminals may be using this as a tactic to get you to click on malicious links asking for information – possibly even prompting you to click on a link leading to a fake login and password entry form posing as your social network.

Online robots or “bots” on social networking sites will be more sophisticated

We believe within the next few months that social media “bots” will become more advanced, effectively creating human-looking profiles and personalities. Cybercriminals rely on bots because they are the fastest and most cost-effective way to spread malware, spyware and scams through social network sites.

Through these bots, criminals can auto-create bogus personalities on social networks, which can in turn link to fake companies that sell phony products – all to trick users into buying merchandise that isn’t real or spreading news that doesn’t actually exist.

An increase in fake invites to join “new” or “exclusive” social networks or social groups

New social networks are popping up every day, some of which are “invite only” making them more appealing. Cybercriminals could use this appeal as a method to lure users into clicking on fake invites for exclusive networks. Upon clicking on these invites, users could be asked to provide personal details such as name, login, password or birthdates which should not be released.

“If you’re looking to join the hottest new social network, be careful where you click – your personal life may be at risk,” said Mike Chen, Product Marketing Manager at PC Tools. “Cybercriminals are taking advantage of the buzz surrounding these new social networks and features by tricking unsuspecting users to divulge personal information or download malware.”

Chen added that today’s malware looks legitimate, but what may seem like a harmless email or link can actually result in a person’s stolen identity or credit card data theft. And according to Pew Research, 46% of internet users agree that “most people can be trusted” – a prime reason why cybercriminals are so successful at duping consumers.

About PC Tools:

With offices located in Australia, Ireland, United States, United Kingdom and the Ukraine. PC Tools is a fast-growing brand with dedicated Research and Development teams that ensure PC Tools maintains a competitive edge. With registered customers in over 180 countries and millions of downloads to date, PC Tools’ products continue to win awards and gain recommendations from respected reviewers and independent testing labs around the world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, Freeware, Internet Security Alerts, PC Tools, Safe Surfing, social networking, Windows Tips and Tools

Ashampoo Database Hacked – What You Need To Know

I could spend all day, every day, reporting on nothing more than the latest cyber criminal targeted intrusions into enterprise IT systems.  Two reports from my today’s Tech Net News column illustrate that we are barely scratching the surface of this significant, continuous, and rapidly expanding problem:

European Space Agency website and FTP servers hacked

Dramatic increase in cyber attacks on critical infrastructure

If you’re an everyday reader here, then you may recall that I regularly recommend that you take advantage of the German software developer Ashampoo’s, occasionally offered free application multipacks.

The downside (for some) is, you must register and provide an email address. Additional benefits can be gained by registering as an  Ashampoo member, which includes creating a password.

Unfortunately, Ashampoo has become a victim of a cyber criminal targeted intrusion aimed at their customer database. According to the company:

“Hackers gained access to one of our servers. We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately.

The stolen pieces of information are data of addresses such as name and e-mail address. Billing information (e.g. credit card information or banking information) is definitely not affected … it is not stored on our system.”

If you have taken advantage of Ashampoo’s offers, then it’s important that you exercise extreme caution with any future emails sent by the company and, any unsolicited email sent by any company, for that matter.

As well, if you have registered as an Ashampoo member, it’s important that you change your account password. Additionally, if you have used the same password elsewhere (you’d be surprised how often this occurs), it’s imperative that you change these passwords immediately.

My thanks to my buddy John B. (a great Scot!), for bringing this unfortunate incident to my attention this morning.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Email, Malware Advisories, Phishing, Tech Net News, Windows Tips and Tools

Conseal Security Takes Portable Device Security To Another Level With Conseal USB

“This tape will self-destruct in five seconds!” – Mission Impossible.

Growing up in the 1960’s, I though that was just the coolest phrase – and the underlying technology, of course. As a way of keeping confidential  information out of the hands of the bad guys, what could be better than that? BOOOM!

Today, safeguarding confidential information is far more complex – and there are many more “bad guys”. Information, in a very real sense, is currency – and the need to protect it is every bit as real as if it were hard currency.

Unfortunately, protecting critical data in an age of extreme data portability (USB sticks, portable Hard Drives, memory cards …. ) against theft, or loss, is exasperated by the very nature of portable technology.

How hard is it to lose a USB key through theft or misadventure – easy (personally, I’ve lost two over the years).

How hard is it to lose a portable Hard Drive through theft or misadventure – easy.

How hard is it to lose a memory card through theft or misadventure – easy.

How hard is it recover any one of the storages devices mentioned? Hard. Hard. Hard.

While it’s true, that both password and encryption applications, offer some protection against unauthorized access should a portable storage device vanish, neither provides absolute protection. Both password cracking, and decrypting applications (and the computing resources necessary), are readily available to those with less than honorable intentions.

What’s needed then, is a technology that not only offers password protection and file encryption, but the ability to remotely destroy data on a non-recoverable device – if it becomes necessary.

I suspect that the Ministry of Defense in the UK, would have been delighted with this type of technology had it been available when, in 2008,  fifty eight Ministry of Defense unencrypted drives – which contained details of troop movements, locations, and travel accommodation, were “lost”.

Certainly, portable media device theft, or loss, is not restricted to organizations; it can just as easily happen at an individual level. For example, in the U.K., in 2008, – 9,000 USB drives were found by dry cleaners in various articles of clothing. It’s safe to say, that data loss and data leakages related to lost or stolen computer portable devices, are now commonplace.

Luckily, Conseal Security has just released a security safety system  that not only includes strong AES encryption, it allows protected devices to be remotely self-destructed, if they are lost or stolen. Moreover, as part of the package the ability to lock devices to specific networks, domains or specific computers, is included. A bonus feature includes a capacity to review all access attempts on a device.

Application setup, including creating an account which provides access to all of the programs features, is straightforward.

image

The initial account password will be emailed to you. The temporary account password in the screen capture shown below, has been changed.

image

Once logged in, you can proceed to manage the portable device attached to your machine.

image

In the following screen shot, you’ll notice I have logged in and entered a name for the attached device.

image

The USB drive I used for this test was quite small (512 MB), so the encryption and registration took less than two minutes.

image

image

As per the message box, no files were accessible on Drive F: (the original drive designation) – instead the files were on Drive G: (the newly concealed drive).

image

Following encryption of the drive’s contents you will have a number of options to choose from, including –

Access Control

You can set up rules to control where and when this device can be unlocked.

image

Alerting

You can set up alerts to email you when this device is used.

image

Self Destruct

You can securely delete the contents of this device if it has been lost or stolen. It will become a blank disk.

image

Unlocking the portable device is an uncomplicated process – as shown in the following screen captures.

image

image

A taskbar popup will notify you on successful completion of the “unlock” process, as illustrated in this screen capture.

image

Fast facts:

Remote self destruct – If your Consealed device is lost or stolen, you can remotely destroy the data it contains. Press a button on a website and the contents of your device will be securely wiped when next inserted.

image

Who’s accessed your data? – View a log of who attempts to unlocks your Consealed device, including who they are and what computer they used. The log shows all access attempts and contains sufficient information for law enforcement officials to uniquely identify the computer used.

image

Define who can access your data – Specify the computers or network domains which can unlock your Consealed device. Also specify what times of the day it can be unlocked. Rules can be changed even when the device is out of your hands.

image

Safe from password guessing attempts – Even fairly complex passwords can be guessed on average within 16 minutes. Conseal’s “Dual Locks” system completely secures your protected data against password guessing attempts. Consealed devices can only be unlocked with permission from a central server.

Warnings of attempted break-ins – Receive email warnings when someone tries to unlock your Consealed device, directly and uniquely identifying the user, where they are, and what computer they used.

Strong encryption – Your data is stored using super-strength 256-bit AES encryption (approved by governments to protect ‘Top Secret’ information).

Takeaway: A very impressive and elegant solution to a potentially disastrous occurrence at a cost that’s appropriate.

Conseal USB Licenses:

Home User – 1 year’s protection. Non-commercial use only. Up to 5 devices £19.95.

Corporate User – 10 devices £140 (for 1 year). 100 devices £99/month. 1000 devices £830/month. 10,000 devices £5950/month.

Conseal Security offers a full no-quibble 14 day money-back guarantee from date of purchase.

System requirements: Windows XP and above.

Devices: You can Conseal literally any USB storage device. This includes memory sticks, USB pen drives, external hard disks, SD / MMC / xD / CompactFlash cards. It also includes all Firewire, eSATA and USB3 devices. Conseal is completely device and manufacturer independent.

Further details, and a 15 day Trial download are available at the developer’s site – Conseal Security.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under Business Applications, Cloud Computing, Computer Tools, Connected Devices, Cyber Crime, Cyber Criminals, downloads, Encryption, Encryption Software, flash drive, Geek Software and Tools, Software, Software Trial Versions, Surveilance Tools, USB, Windows Tips and Tools

Use Free Prey To Track Your Lost Or Stolen Laptop Or Cell Phone

imageRecent statistics indicate that more than 10,000 Laptops are lost, or stolen, each week at U.S. airports alone. Broken down, this same set of statistics indicate that a Laptop is stolen, not lost but stolen, every 53 seconds!

If you are a Laptop owner, you should consider what can you do now, to increase the probability that should your Laptop be lost or stolen, you can increase the chances that it will be returned to you.

One solution is offered by Prey, an Open Source application, that can enhance recovery chances. Stolen Laptop recovery is always a hit and miss proposition, but without an application such as Prey on board, the chances of recovery, at least statistically, are virtually nil.

image

What is Prey?

Prey is a small applet for your Laptop or Android Cell Phone, which, when activated by a remote signal, either from the Internet, or through an SMS message, will provide you with the device’s location, hardware and network status, and optionally – trigger specific actions on the device.

According to the developer – “Prey helps you track and find your Laptop or Phone if it ever gets out of sight. You can quickly find out what the thief looks like, what he’s doing on your device and actually where he’s hiding by using GPS or WiFi geopositioning. It’s payback time.”

There have been substantial changes and improvements to Prey, since I last reviewed it here on January 28, 2010.

Installation is very simple, as the following screen captures indicate. BTW, Prey can protect your desktop/s, as well.

image

image

image

image

Fast facts:

100% geolocation aware – Prey uses either the device’s GPS or the nearest WiFi hotspots to triangulate and grab a fix on its location. It’s shockingly accurate.

Wifi autoconnect – If enabled, Prey will attempt to hook onto to the nearest open WiFi hotspot when no Internet connection is found.

Light as a feather – Prey has very few dependencies and doesn’t even leave a memory footprint until activated. We care as much as you do.

Know your enemy – Take a picture of the thief with your laptop’s webcam so you know what he looks like and where he’s hiding. Powerful evidence.

Watch their movements – Grab a screenshot of the active session — if you’re lucky you may catch the guy logged into his email or Facebook account!

Keep your data safe – Hide your Outlook or Thunderbird data and optionally remove your stored passwords, so no one will be able to look into your stuff.

No unauthorized access – Fully lock down your PC, making it unusable unless a specific password is entered. The guy won’t be able to do a thing!

Scan your hardware – Get a complete list of your PC’s CPU, motherboard, RAM, and BIOS information. Works great when used with Active Mode.

Prey can check its current version and automagically fetch and update itself, so you don’t need to manually reinstall each time.

You monitor your devices on Prey’s web Control Panel, where you can watch new reports arrive and manage specific settings, such as changing the frequency for reports and actions.

You can add up to three devices for free, and can optionally upgrade to a Pro Account in case you wish to bypass this limit.

Full auto updater.

System requirements: XP, Vista, Win 7, Mac OS, Ubuntu Linux, Linux – all other distributions, (64 bit where appropriate), Android.

There is no guarantee that even with Prey on board that a stolen, or lost device, will be recovered – but, it seems sensible to make every effort to increase that likelihood.

Download at: The Prey Project

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under 64 Bit Software, Android, cell phone, Cloud Computing Applications, Connected Devices, downloads, Free Surveillance Applications, Freeware, GPS, Interconnectivity, Laptop recovery, Linux, Mac OS X, Open Source, Software, Ubuntu, Utilities, Windows 7, Windows Vista, Windows XP

Laptop Computer Stolen from Hospital Room – Irreplaceable Photos GONE

image Just a few days ago, here in Toronto, as reported in the Toronto Star,   a despicable crime was committed (not the first such crime of this type, this year), when a Laptop computer was stolen from a hospital room.

The story, more or less in chronological order, went something like this:

  • Laptop stolen from hospital…
  • Hospital theft suspect may be involved…
  • Laptop theft suspect captured …
  • Owner hopes for recovery of photos from stolen laptop“A woman whose stolen laptop was recovered without its photos of her dead daughter will likely get them back, computer experts say.”

Kudos to the Toronto Police Service, who recovered the Laptop within a few days – only to find that the irreplaceable photos had been erased.

As well as newspaper coverage, this sad story received massive play on Toronto’s seven television stations. It was evident that the victim was extremely distraught over the loss of her dead daughter’s photographs.

While I had great sympathy for the Laptop owner, at the same time I was mystified that:

  • No recovery software was installed on this machine; despite the fact that Laptops are at high risk for thief.

Recent survey results from the Ponemon Institute, indicates that more than 10,000 laptops are lost, or stolen, each week at U.S. airports alone, coupled with statistics which show that a laptop is stolen, not lost but stolen, every 53 seconds.

Free recovery applications are widely available on the Internet – see Download Prey – A Free Recovery Solution to a Lost or Stolen Laptop, here.

  • The irreplaceable photos of the victim’s dead daughter were not backed up to another medium.

USB flash drives cost virtually nothing – prices range from less than $8 (2 GB), to under $30 (16 GB). That’s a lot of photo storage per dollar. A simple Windows Explorer right click menu command “Copy to folder”, would have copied the photos to a USB stick in seconds.

Copy to

Worse however, was the realization that the Laptop Hard Drive was not backed up. This, despite the fact that that there are some very substantial free backup applications available for download on the Internet – see Free Paragon Backup and Recovery – Incremental Backup Included, here.

Finally, while I’m unsure as to the cost of recovery this woman faced, the newspaper story did mention a cost of $80 to $150, for a simple recovery operation such as this.

This expense could easily have been avoided if the victim had been aware, that free software is readily available on the Internet to effect photo recovery – see Recover Picture Files On Your Digital Camera Card, on regular guest writer Rick Robinette’s site What’s On My PC.

The recovery application Rick reviewed, Recuva, is capable of recovering photos from virtually any media – including Hard Drives.

image

I’m not trying to be a big “meanie” here but, it seems to me, that this woman was the architect of her own misfortune. A little pre-planning, particularly with a high risk item like a Laptop, could have saved her considerable distress. But, like too many computer users, her interest stopped with the on/off switch.

As is usual with mainstream media, the Toronto Star failed to grasp the significance of this event, and use it as a teaching tool so that other computer users could learn from the mistakes evident in this occurrence.

Perhaps, I expect too much.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

29 Comments

Filed under Backup Applications, Backup Tools, downloads, Free File Recovery Applications, Freeware, Hard Drive Cloning, Hard Drive Imaging, Software, USB, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Think You’re Immune From Online Fraud? Maybe Not!

Guest writer Dave Brooks, a vastly experienced computer Tech from New Hampshire, who is an expert at online safety, shares this chilling story on why even exercising proper security measures won’t guarantee your online financial safety.

image Bill is constantly trying to pound security into his reader’s heads, and with good reason, but unfortunately, no matter how careful you are, there are things that are beyond your control when buying stuff online.

Case in point: at Bill’s request I’m going to relay a recent unnerving personal experience, if only to show that even the most security conscious are still at risk.

I’m very online safety/security conscious and I buy online only from reputable, well known stores. My online bank account password looks like an alien language, my ATM pin is 8 digits long (compared to 4 or so many people use), and I monitor my account closely.

Even so my ATM card number was recently used, in the middle of the night, in Georgia, while I was sound asleep in New Hampshire. Luckily Bank of America has decent monitoring, and I have a ton of alerts set up to email me when certain things happen with my account.

I woke up in the morning to find an alert that my card was used while I was asleep, and an email from Bank of America that they had detected suspicious activity on my account, had frozen the transaction, and placed a lock on my account to prevent further activity.

image

The charge was for the amount of $1.22; it’s apparently common practice by those that use stolen card numbers to make a small charge such as this to confirm that the number is good before using it to make larger purchases.

Thanks in part to my diligent monitoring, and Bank of America’s account monitoring system, the thieves were never able to get to step two and spend my hard earned cash on god knows what.

A call to the number provided in the alert email I got from the bank (after confirming it was in fact their number by matching it up on the Bank of America website; phishing emails are pretty convincing nowadays!), confirmed the illegal activity. Bank of America cancelled my ATM card, and cancelled the charge, and a trip to my local bank branch netted me a new ATM card.

image My number was likely stolen from a hacked online database of a company that I had made an online purchase from in the past, but there’s no way to confirm this – it could have just as easily been a dishonest employee from a local store where I used my card.

I have since opened a second account with an ATM card, and use only that account for online purchases, (I had been contemplating doing this for a year or more or more, but never did),

I keep a balance of about 5 bucks in it, and when I want to buy something online, I transfer the purchase amount from my main account to the “internet” account to cover it. At least that way, my main account is less exposed, and if it happens again I’ll be able to determine if it was the “internet” or “local purchase” that led to the compromise.

Bottom line here is, even though you think you’re safe, if you purchase stuff online, your bank or credit card info is out there for the taking. The best you can do is keep a close eye on your accounts for suspicious activity, and try to minimize possible damage that might be done if your card number is stolen.

Guest Writer: This is a guest post by Dave Brooks a professional computer technician from New Hampshire, USA. Dave has become a regular guest writer, who’s articles are always a huge hit.

Pay a visit to Dave’s site at Tech-N-Go, and checkout the Security Alerts.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Guest Writers, internet scams, Online Banking, Windows Tips and Tools