Bait Phone
You may be familiar with the truTV program Bait Car, where the police place a vehicle equipped with hidden cameras and radio trackers in various areas to catch a would be car thief in the act. It’s kinda fun to watch people ‘check out’ the car, check out the surroundings and decide to jump in and drive off. You get to see their excitement as they think that they’ve just won the jackpot along with the utter despair as officers remotely kill the car and the thief is surrounded. Even the excuses as to why they are driving it are hilarious. ‘I was just moving it for my friend, so they wouldn’t get a ticket, whose name I forgot and I also can’t remember where they live.’ In the UK, they got something similar except with mobile phones called ‘Operation Mobli.’ Plain clothes police purposely left "bait" phones embedded with tracking devices in nine pubs and bars across the towns of Hastings and St Leonards in Sussex. I’m not sure what makes and models of phones were left for the taking but none of the baited devices were stolen. In every case, an honest patron noticed the ‘forgotten’ phone and turned in to the bar staff. Some might describe this sting as a failure but according to the Sussex Police’s press release Sgt Ché Donald said, ‘This was an excellent result and my faith has been restored as the phones were honestly handed in.’ I often write about the potential perils of losing a smartphone crammed with private data and all the unfortunate circumstances that follow. If it gets into the wrong hands then that is the case yet we must also remember that there are plenty of good, honest folks out there who will do the right thing when they find something that doesn’t belong to them. Maybe they’ve seen police sting shows, maybe they’ve lost something themselves, maybe their parents raised them right or maybe it’s simply kindness and honesty that’s built into every one of us. Human’s are capable of the greatest good and the nastiest of evil, it’s all how we decide to play it. ps References: Operation Mobli deters mobile phone thieves in Hastings Police mobile phone sting fails when.. err.. no handsets stolen Mobile-phone 'sting' reveals honesty of Sussex pubgoers Police Sting Operation Yields No Mobile Phone Thefts It's legal: cops seize cell phone, impersonate owner What’s in Your Smartphone? Freedom vs. Control BYOD–The Hottest Trend or Just the Hottest Term Will BYOL Cripple BYOD?Fear and Loathing ID Theft
Do you avoid stores that have had a credit card breach? You are not alone. About 52% of people avoid merchants who have had a data breach according to a recent Lowcards survey. They surveyed over 400 random consumers to better understand the impact of identity theft on consumer behavior. 17% said they or a family member was a victim of identity theft over the last year with half the cases being credit card theft. 94% said they are more concerned or equally concerned about ID theft. They estimate that there were 13.5 million cases of credit card identity theft in the United States over the last 12 months. These concerns are also changing the way some people shop. Over half (56%) are taking extra measures to protect themselves from identity theft. Some of these behaviors include using a debit card less (28%), using cash more (25%), ordering online less (26%) and checking their credit report more (38%). These are all reasonable responses to the ever challenging game of protecting your identity and is important since 89% of security breaches and data loss incidents could have been prevented last year, according to the Online Trust Alliance's 2014 Data and Breach Protection Readiness Guide. The game is changing however, and mobile is the new stadium. Let's check that scoreboard. Most of the security reports released thus far in 2014, like the Cisco 2014 Annual Security Report and the Kaspersky Security Bulletin 2013 show that threats to mobile devices are increasing. We are using them more and using them for sensitive activities like shopping, banking and storing personally identifiable information. It is no wonder that the thieves are targeting mobile and getting very good at it. Kaspersky's report talks about the rise of mobile botnets and the effectiveness since we never shut off our phones. They are always ready to accept new tasks either from us or, a foreign remotely controlled server with SMS trojans leading the pack. Mobile trojans can even check on the victim's bank balance to ensure the heist is profitable and some will even infect your PC when you USB the phone to it. Distribution of exploits in cyber-attacks by type of attacked application I guess the good news is that people are becoming much more aware of the overall risks surrounding identity theft and breaches but will the convenience and availability of mobile put us right back in that dark alley? Mobile threats are starting to reach PC proportions with online banking being a major target and many of the potential infections are delivered via SMS messages. Sound familiar? Maybe we can simply cut and replace 'PC' with 'Mobile' on all those decade old warnings of: Watch what you click! ps Related Some consumers changing habits because of data breach, ID theft worries, report finds LowCards Exclusive Study: Identity Theft Concerns Shifting Shopping Habits of Americans Kaspersky Security Bulletin 2013. Overall Statistics for 2013 Mobile Payments and Devices Under Attack An SMS Trojan with Global Ambitions Mobile Malware Milestone Mobile Threats Rise 261% in Perspective Nine Security Best Practices You Should Enforce Technorati Tags: mobile,shopping,breach,malware,idtheft,behavior,silva,trojan Connect with Peter: Connect with F5:Moving Target
I moved recently. Not too far away nor to a different state, just the other side of town. It is simultaneously exhilarating and exhausting. Most people in the U.S. moving during the summer. Kids are out of school, the weather is mostly nice, friends might be available to help and you are settled in for the holidays. And while you are worrying about packing, movers, mail and all the other check lists, your identity is ripe for the picking. The increased risk of identity theft during a move is because personally identifiable information is being shuffled around from one home to the next. At the same time, buyers and renters are preoccupied with the move and can forget to protect their sensitive documents. You may lock up or personally carry your jewelry, checkbook and other 'valuables' but your personal information might be unprotected and targeted during a move. If you are moving this summer like I just did, there are a few things you can do to minimize the risk. While most moving sites have 'Change of Address' as their top protection mechanisms (which we'll get to), I feel that shredding old bills, receipts and financial info is critical. First, you might not want to drag all that old paperwork with you, especially if you are paying by the pound but more importantly, shredding important documents can prevent thieves from finding any information in your trash. Old-skool dumpster diving is still a viable method to steal personal information. You also might not want the movers themselves to have access to those documents, particularly if you are having them help pack. I was fortunate to find reputable movers but mover fraud is becoming more commonplace in the U.S. Mail call! What? Oh yea, Change of Address. Seems like a no brainer, filling out a postal change of address but it is also important. Make the change with all the companies, financial institutions, magazines, and other organizations that regularly send you mail. Identity theft is often carried out by stealing mail. The folks who move into your old house might not steal your identity, but they will most likely throw away mail that isn’t theirs, and they won’t necessarily take the care to shred it as you would. If your mail continues to be delivered to your old address, it might be left on the doorstep or in an unlocked mailbox, making it very easy for anyone to walk away with it. Lock down your electronics. Many households have multiple computers now including tablets, mobile phones and other 'things' storing sensitive information. These are a treasure trove. You can carry/pack yourselves and make sure they are always in your possession or password protect and place in a slightly unmarked box. Maybe label it as 'dog food' and the crook, movers or otherwise, just might pass it over. If you plan on donating or recycling your old computer(s), make sure you totally erase the hard drive since criminals can easily retrieve those files and sue them for no good. Slightly related to this, I recently bought a refurbished Blu-ray player with various streaming services. I wanted to replace the one we broke with the exact same one but they stopped making that model. When it arrived, I went in to configure our Netflix account. So I clicked the Netflix icon and it loaded fine. Wait a minute, that's not my Instant Que. Whoever had the unit prior to me, still had their Netflix saved and I could see all their viewing habits. Old episodes of Leave it to Beaver and Attack of the 50 Foot Cheerleader. And keep an eye out for yourself before, during and after. Check credit monitoring if you have it; your credit report a few months later for anything suspicious; that all your mail is arriving intact; that all your household items are accounted for; and we often leave cars, garages, and other entrances wide open when moving so keep an eye there, if the location warrants. Physical items can be used to create digital identities and while we may read about ID theft topics when computer breaches are reported, the physical realm is still ripe with fraudsters. Everything is game nowadays but you can take physical and digital action to stay safe when you are finally home sweet home. ps Resources: Prevent ID Theft while moving Identity Theft Risk Factor: Moving to a New Home Moving and Identity Theft - How to Protect Yourself Ten Tips to Avoid Identity Theft When You Move Minimizing the Risk of Identity Theft When You’re Moving Technorati Tags: identity theft,id theft,moving,home,household,iot,mail,security,pii,silva,f5 Connect with Peter: Connect with F5:So Where Do We Go From Here?
If you are who you say you are. I've been travelling the last few weeks shooting some videos for VMware PEX and RSA. When that happens, my browser tabs get crowded with the various stories I'm interested in but will read later. This time they all seemed to hover around Identity Theft. When I got home, in my awaiting physical mail was a letter from Target. I also returned something to a national hardware store and the cashier tried to crumple my credit-card-info-having receipt into a trash can. Kismet. Let's take a look... The FTC recently announced that Identity Theft is the #1 complaint in 2013, for the 14th consecutive year. Is that a record? While down slightly from 2012, it still accounted for 14% of the 2 million overall complaints. This is down from 18% in 2012. Florida, followed by Georgia and California were the worst hit states for ID theft. The IRS has also named Identity Theft as their #1 Dirty Dozen Tax scam for 2014. Speaking of California, 7.5 million of the over 110 million breached Target accounts were Californians. California is one of the few states that require disclosure when more than 500 accounts are compromised. The first year California required reports, 2012, there were 131 breaches reported...in 2013 that rose to 170. The other interesting thing about California breaches is that many target smaller companies. In 2012, half of the reported breaches came from companies with fewer than 2500 employees and almost a third were businesses with less than 250 employees. Being small and relatively unknown is no shield. Also in Southern California, the Feds busted a couple guys running a Tijuana-based identity theft ring. These dudes broke into a U.S. based mortgage broker's servers and siphoned off mortgage applications which included most of the borrower's personal info: name, birthday, SSN, DL number, tax info, the works. They then used that info to open credit lines and, with the info they had, were able to change access to the people's brokerage accounts. From there, transferring money to other accounts was a snap. From Dec 2012 thru June 2013 they stole personal data on 4200 individuals. Javelin Strategy and Research released their annual 2014 Identity Fraud Study stating that in 2013, a new instance of identity fraud occurred every 2 seconds. 1 Mississippi, 2 Mississippi. Another. There was 13.1 million identity fraud victims on 2013. While the people number is going up, the actual money stolen, according to Javelin, in going down. They estimated that the total cost of identity fraud in 2013 to be around $18 billion, more than $3 billion less than 2012. 2004 holds the record at $48 billion. Attackers are now focusing on opening new accounts rather than piggy backing existing credit cards. Account take-over's, particularly for utilities and mobile phones are the new free-bees. Most of the stolen info appears to be from corporate breaches and about 1/3 of those who receive a breach letter actually becomes a theft victim. Your debit card also seems more valuable than your social security number. 46% of consumers with breached debit cards became victims verses only 16% of breached SSNs. And in an interesting twist, the top complaint against debt collectors is mistaken identity. Trying to collect a debt from the wrong person was by far, the most common complaint to the Consumer Financial Protection Bureau (CFPB). I know this all too well since over the last 3+ years, we've been getting debt collection calls looking for a certain person. We tell them that we've had our phone number for years and stop calling. Few months go by, the debt gets sold to another collector and we get calls again. It got so bad that this person's own mother called to tell her son that the dad was in the hospital and probably wouldn't make it. About 2 weeks later we got a call from another family member looking to talk about the father's death. This guy was running from debt so much so, that his own mother couldn't get a hold of him when dad was on his death bed. Now that's bad. So where do we go from here? Will we all need that personal chip installed on our left earlobe to verify identity? The payment terminal says, 'Please listen for verification.' Riff-raff will then be all like, 'Oh, listen to this cool song,' as they plug the bud into your ear only to suck the data off your PID chip. You didn't hear? That's our IPv6 Personal Identity Chip inserted into every newborn starting in 2025. Oh, it will happen. ps Related: FTC: Identity theft is the plague of the country Calif. attorney general focuses on retailers' data theft Tijuana-Based ID Theft Conspiracy Busted Javelin Study: A New Identity Fraud Victim Every Two Seconds The 2013 FireEye Advanced Threat Report! Mistaken identity top complaint against debt collectors RSA 2014: Anti-Fraud Solution (feat DiMinico) Technorati Tags: identity theft,id theft,security,privacy,banking,pii,breach,fraud,silva,f5 Connect with Peter: Connect with F5:5 Stages of a Data Breach
One thing I’ve noticed over the last couple years is that there are 5 Stages of a Data Breach: Denial: We do not believe these attacks breached our critical servers. Anger: We want to make it clear that we take security seriously! Bargaining: We’d like to offer our affected customers a credit monitoring service. Depression: We wish we could have done things differently. Acceptance: Well, it just shows that no one is safe from hackers. ps Technorati Tags: F5, cyber-crime, trojan, Pete Silva, security, business, education, 5 stages, cyber war, hackers, breach, verisign, internet, security, privacy,Security’s Rough Ride
1 if by land, 2 of by sea, 0 if by IP I know I’ve said this before but it sure seems like almost daily there is a security breach somewhere. Over the years, the thought process has changed from prevent all attacks to, it is inevitable that we will be breached. The massive number of attacks occurring daily makes it a statistical reality. Now organizations are looking for the right solution (both technology and practice) to quickly detect a breach, stop it, identify what occurred and what data may have been compromised. Over the last couple of days various entities have had their security breached. As you are probably already aware either due to the headlines or a direct note in your email inbox, Zappos, a popular online shoe site, was compromised exposing information on 24 million customers. While a good bit of info was taken, like usernames, passwords, addresses, email and other identifiable information, Zappos claims that the stored credit card information was apparently spared due to being encrypted. There are still many details that are unknown like how it occurred and how long it had been exposed but all users are being required to change their passwords immediately. Users might also want to change similar passwords on other websites since I’m sure the criminals are already trying those stolen passwords around the web. These days it's entirely too easy to use information from one hack in many others. It doesn't even matter if passwords were compromised. Your can change your password, but the make and model of your first car, and your mother's maiden name can't be changed. Yet, online service providers continue to rely on these relatively weak forms of secondary authentication. The interesting thing is Zappos is/was apparently PCI-DSS compliant, proving once again, PCI compliance is a first step, not the goal. Being PCI compliance does not mean that one is secure and this also underscores importance of using WAF like BIG-IP ASM. And if it was not a web app that was owned on the server in Kentucky, then Section 6.6 is irrelevant. But again, all the details are still to be uncovered and as far as I know, no-one has claimed responsibility. Overseas, there is an ongoing cyber-war between a Saudi (reported) hacker and Israel. 0xOmar, as news articles have identified him, claims to have posted details of 400,000 Israeli-owned credit cards and Israel’s main credit card companies have admitted that 20,000 cards have been exposed. Along the way, he has also attacked the Tel Aviv Stock Exchange and Bank Massad. In an interesting and potentially scary turn of events, a group of Israeli hackers, IDF-Team, took down the Saudi Stock Exchange (Tadawul) and the Abu Dhabi Securities Exchange (ADX) as a counter-attack. Another Israeli hacker going by Hannibal claims to have 30 million Arab e-mail addresses, complete with passwords (including Facebook passwords), and says he’s received e-mails not only from potential victims but from officials in France and other countries asking him to stop. This cyber-conflict is escalating. In a very different type of breach, you’ve probably also seen the cruise ship laying on it’s side a mere 200 yards from the Italian shore. While not necessarily a data security story, it is still a human security story that, so far, has been attributed to human error – like many data security breaches. Like many data breach victims, people put their trust in another entity. Their internal risk-analysis tells them that it is relatively safe and the probability of disaster is low. But when people make bad decisions which seems the case in this situation, many others are put at greater risk. Put on your virtual life vests, 2012 is gonna be a ride. ps References: Zappos Hacked: What You Need to Know 10 Security Trends To Watch In 2012 Hackers swipe Zappos data; customers should change password Zappos Hack Exposes Passwords Zappos Hacked: Internal Systems Breached in Cyber Attack Delivering Unhappiness Alleged Saudi hacker discloses more Israeli credit card numbers Israeli hackers bring down Saudi, UAE stock exchange websites Cruise disaster: captain neared rocks in Facebook stunt for friend's family Technorati Tags: F5, cyber-crime, trojan, Pete Silva, security, business, education, technology, application delivery, cruise, cyber war, ddos, hackers, iPhone, web, internet, security, breach, privacy, PCI-DSS,Our Identity Crisis
As as kid, my mom would constantly remind me that I was a Hawaiian Prince – a direct descendant of King Kamehameha’s grandparents and the Kekaulike (23rd Moi of Maui) line. I was born in Hawaii but grew up on the East Coast so as a kid, I was embarrassed to be of Hawaiian Royalty since it was different from the typical ethnic groups of the New England states but that was/is Who I Am. Of course as I got older I like being 254th in line to the Hawaiian throne…if it was still a sovereign kingdom. Your identity is what makes you, You. It is made up of things like, Your Family, Your history, What you say, What you know, Where you are, What you share, Who you know, Your preferences, Your choices, Your reputation, Your profession, Your biggest fears, Your greatest love and all the nuances that make each of us an individual. This information is available on the web, in profiles, contacts, email, data, documents, music, images, blogs, favorites…. Networks… you name it. Some may confuse ‘image’ or ‘persona’ with identity. Many celebrities have images to keep, or present a persona that they want their audience to latch to but many times, it is not their true identity and who they really are at their core. There are also certain pieces of our identity we’d also like to keep secret. That’s the same information that the crooks want. As we approach the holidays, this is an especially critical time to keep an eye on our information and those devices that contain our information, like our mobile devices. You may have seen the recent commercials about making payments over your smartphone – the one where everyone pulls out their phones after dinner to pay their share and the guy with cash looks like the fool. Huh? I got real, crisp, green money in my hand, right from the ATM and nobody wants it. The mobile payment infrastructure is still in the early stages but you can imagine the schemes already being hatched by those who would love to intercept those transactions. And speaking of crooks, did you see that 111 arrested in massive ID theft bust in New York? Prosecutors are calling it the largest ID theft fraud case in US history. For two years, law enforcement dug in for ‘Operation Swiper,’ which targeted a very sophisticated ID theft ring who recruited and paid restaurant workers, retail cashiers and even bank tellers to steal credit card numbers and quickly convert that data into cash. They had everything – computers, skimmers, card readers, embossers, credit card blanks and shopping crews who went coast-to-coast buying high end merchandise while staying in 5-star hotels. They made off with over $13 Million in less than a year and a half. On a separate but positive note, a new Federal law was passed to protect foster children from identity theft. This new law requires states to run credit checks on older foster children and work to resolve ID theft cases so when the child reaches adulthood, they have a clean slate. Foster children are prime targets for and face greater risks of ID theft since their information passes through so many hands and agencies. Most states also still use the foster child’s SSN to identify them, adding to the risk. Many foster children enter adulthood with massive debt due to someone else leaving them with bad credit. This law is intended to both protect against that and help those who have been victims. And lastly, next week is the 4th annual National Protect Your Identity Week (PYIW). Multiple Better Business Bureaus are joining several government agencies and other national advocacy organizations to offer educational workshops, free document shredding and computer recycling. Javelin Strategy and Research noted that in 2010, 8.1 million adults were victims of identity theft resulting in the loss of $37 billion. Plus, according to AllClear ID, children are 51 times more likely to have their identity stolen. So as the year end festivities start heating up, don’t forget to keep an eye on you along with protecting and embracing your identity. ps Related: 111 arrested in massive ID theft bust Foster children gain protection from ID theft New law protects foster kids from identity theft Identity Theft Bust Exposes Need For 'Smart' Credit Cards Alleged Identity Theft Leads to Chase From TD Bank Protecting yourself from identity theft Identity Theft and Your Family: Deterring Disaster The Web Leaks Like a Sieve Technorati Tags: F5, PCI DSS, virtualization, cloud computing, Pete Silva, security, cloud, credit card, compliance, web, internet, cybercrime, holiday shopping, identity theft,Unplug Everything!
Just kidding…partially. Have you seen the latest 2011 Verizon Data Breach Investigations Report? It is chock full of data about breaches, vulnerabilities, industry demographics, threats and all the other internet security terms that make the headlines. It is an interesting view into cybercrime and like last year, there is also information and analysis from the US Secret Service, who arrested more than 1200 cybercrime suspects in 2010. One very interesting note from the Executive Summary is that while the total number of records compromised has steadily gone down – ‘08: 361 million, ‘09: 144 million, ‘10: 4 million – the case loads for cybercrime is at an all time high – 141 breaches in 2009 to a whopping 760 in 2010. One reason may be is that the criminals themselves are doing the time-honored ‘risk vs. reward’ scenario when determining their bounty. Hey, just like the security pros! Oh yeah….the crooks are pros too. Rather than going after the huge financial institutions in one fell swoop or mega-breach, they are attempting many more low risk type intrusions against restaurants, hotels and smaller retailers. Hospitality is back on the top of the list this year, followed by retail. Financial services round out pole position, but as noted, the criminals will always have their eye on our money. Riff-raff also focused more on grabbing intellectual property rather than credit card numbers. The Highlights: The majority of breaches, 96%, were avoidable through simple or intermediate controls; if only someone decided to prevent them. 89% of companies breached are still not PCI compliant today, let alone when they were breached. External attacks exploded in 2010, and now account for the vast majority at 92% and over 99% of the lost records. 83% of victims were targets of opportunity. Most attacks are opportunistic, with criminal rings relying on automation to discover susceptible systems for them. Most breaches aren’t discovered for weeks to months, and most breaches, 86%, are discovered by third-parties, not internal security teams. Malware and ‘hacking’ are the top two threat actions by percentage of breaches, 50%/49% respectively, along with tops in percentage of records 89%/79%. Misuse, a strong contender last year, went down in 2010. Within malware, sending data to an external source, installing backdoors and key logger functions were the most common types and all increased in 2010. 92% of the attacks were not that difficult. You may ask, ‘what about mobile devices?’ since those are a often touted avenue of data loss. The Data Breach Report says that data loss from mobile devices are rarely part of their case load since they typically investigate deliberate breaches and compromises rather than accidental data loss. Plus, they focus on confirmed incidents of data compromise. Another question might have to do with Cloud Computing breaches. Here they answer, ‘No, not really,’ to question of whether the cloud factors into the breaches they investigate. They say that it is more about giving up control of the systems and the associated risk than any cloud technology. Now comes word that subscribers of Sony’s PlayStation Network have had their personal information stolen. I wonder how this, and the other high profile attacks this year will alter the Data Breach Report next year. I’ve written about this type of exposure and felt it was only a matter of time before something like this occurred. Gamers are frantic about this latest intrusion but if you are connected to the internet in any way shape or form, there are risks involved. We used to joke years ago that the only way to be safe from attacks was to unplug the computers from the net. With the way things are going, the punch line is not so funny anymore. ps Resources: 2011 Verizon Data Breach Investigations Report Verizon data breach report 2011: Hackers target more, smaller victims Data Attacks Increase 81.5% in 2010 Verizon study: data breaches quintupled in 2010 Sony comes clean: Playstation Network user data was stolen X marks the Games Microsoft issues phishing alert for Xbox Live Today's Target: Corporate Secrets The Big Attacks are Back…Not That They Ever Stopped Sony Playstation Network Security Breach: Credit Card Data At Risk Breach Complicates Sony's Network Ambitions Everything You Need to Know About Sony's PlayStation Network Fiasco 3 Billion Malware Attacks and Counting
Almost half the total population of this planet. At this rate, we’ll all have our own personalized malware in the coming years, specifically tailored for our various behaviors. I built this infection especially for you. Symantec recently released their annual Internet Security Threat Report for 2010 and noted that the cyber threats are increasing both in sophistication and frequency. They found more than 286 million new threats last year with social networks and mobile devices being a favorite targets. Mobile vulnerabilities were up 42% with 163 discovered last year. The U.S. actually topped the list in many nasty categories: Most targeted country by DoS attacks (65% of total), most bot command and control servers (37% of total), most infected computers (14% of total) and most overall malicious activity (19% of total). As you may know, I like numbers and statistics and there were a couple supplemental reports that I found interesting. The Year in Numbers and The 2010 Timeline. Each is a single page report with highlights from the year. The highlights, or lowlights depending on your view are: 93% Increase in Web Based Attacks - URL shorts were the main culprit accounting for 65% of the malicious URLs over a 3 month period. 260,000 Identities Exposed per Breach - The average number for each of the data breaches during the year. 42% More Mobile Vulnerabilities – Remember, we’re now keeping our lives on these devices. 6,253 New Vulnerabilities - More than any previous year and new vendors affected by a vulnerability grew 161%. 14 New Zero-Day Vulnerabilities – From IE to Flash to Reader. Stuxnet used 4 unique zero-days. 74% Pharmaceutical Spam – 3/4 of all spam were for Rx pills. Will you take the red one or the blue one? 1 Million Plus Bots – Rustock had over a million bots under control. No draft dodgers here. $15 per 10,000 bots – Utility spam services…Get your bot herrrrrrrrrrah. $.07 to $100 per Credit Card – Cost of a stolen credit card but if you buy in bulk, get a discount. Lastly, if you are looking for porn, then more than likely you’ll find malware and the leading culprit of a breach which could lead to identity theft was a lost/stolen computer or data storage device. One of the cool things about the data offered is the ability to build your own custom report. You can select various topics or trends to customize the report specifically to your area of interest. ps Resources Symantec Threat Activity Report: U.S. Tops the List Looking for malware? Search for porn Internet Security Threat Report, Volume 16 Build your custom version of the Internet Security Threat Report, Volume 16 The Big Attacks are Back…Not That They Ever Stopped Where Do You Wear Your Malware? A Digital Poltergeist On Your Television The New Wallet: Is it Dumb to Carry a Smartphone? Social Media – Friend or FoeA Digital Poltergeist On Your Television
I love starting blogs with, ‘Remember when…’ and this is no different. Remember when, we used to receive our television programming over the air via an antenna? Many still do but the days of seeing a huge pointy metal object perched on top of a house are dwindling. (That would actually be a cool photo essay – homes that still have working antennas.) They’ve been replaced with satellite dishes and coax. Even then, your programming was still coming over a dedicated cable from a system other than the internet. Not so anymore. The explosion of Internet ready Televisions, DVD players, Game consoles and other set top boxes to enjoy the entertainment the web has to offer has made many of us giddy with choices. The range of web content, once exclusive to your browser, is now available to any room in the house and without a traditional computer. Many Internet ready home entertainment devices come pre-equipped to watch Netflix, Hulu, YouTube, Vudu, Amazon VoD, CinemaNow, Pandora and many others. You can also surf the web like you would through a traditional computer bringing a whole new world of entertainment to your television. But, as many of you know, anything connected to the internet can be at risk. If your computers and mobile phones weren’t enough, now your Television is at risk of viruses. These will be new forms of viruses never before seen or associated with our beloved idiot box, as my mom used to call it. These internet ready entertainment havens have processors, memory, many run on Linux and are connected to the internet, how could they not be targets? For many of the online services, we also need to enter our personal information, credit card info and other identifying data which could be stored right on your TV. The very same information criminals like to get their hands on. According to Ocean Blue Software, a company that develops television application software, TV’s do not have enough power to run a full anti-virus program on them. OBS is actually developing a cloud-based AV service which will scan content before it is delivered to the set. While I have a firewall at the edge of my home network, my TV does not have any security software, like Anti-virus or personal firewall on it. If you can fully navigate the web from your TV, like type in any address, then you might be more at risk since you’ll be able to download just about anything. If you use email and click a malicious link, then guess what, you very well could be infecting your TV/DVD/Set-top with a new form of malware. We’ve seen this again and again over the years. The rush of newness, intrigue, our desire to have things when we want them and the need to be connected has often forgot or ignored the security implications. Deal with it later or not thinking it is a threat since no-one (yet) has compromised anything. First computers, then our phones and most recently, we saw it with Cloud Computing – jump into the savings but forget about the security. That was one of the topics of year for Cloud in 2010, I think. We need to build-in security at the onset; we need to consider the risks anytime we connect any device to the internet; we need to remember that if our sensitive information is available somewhere – then someone will be looking for it. There are many consumer appliances that are IP already like toasters, refrigerators, thermostats, DVRs, garage door openers, coffee machines, and other home gadgets. Sounds cool doesn’t it? Log on to my coffee maker to make sure it is set to grind and brew 15 minutes before I arrive. Maybe that’ll be the next threat vector – my toast got burnt due to a virus. BREAKING NEWS from the FUTURE: We just got a report that a hacker has shut down all the refrigerators on the West Coast and now people are running out to buy ice and scrambling to find their non-internet connected coolers. Luckily, many still have their antique, plug into the wall fridges in the garage and are able to salvage some perishables. We’ll update you as this story evolves…. ps
