Posts Tagged security
Keep an Eye on Your Home with Smartphone Security Apps
Posted by Sylvia in Guest Posts, Product Reviews, Technology on August 15, 2011
You’re pulling into your office parking lot when suddenly you realize: you forgot to arm your home security system. To make matters worse, the new MacBookPro you just bought is still sitting in its box on top of your desk. You might as well have a put a big red bow around your house for potential burglars targeting your area. But have no fear! There are ways to control your home security system – using your smartphone. Yes, a smartphone isn’t just for listening to music and surfing the Internet; it can actually help you protect your home while you are away.
Here’s how:
Arm your home security system from anywhere
Security systems such as Alarm.Com, Vector Security, and ADT offer smartphone apps to their customers. By using these apps, you would be able to check the status of your home security system anywhere at any time. In addition, homeowners also have the ability to check whether their system is armed or not. If it isn’t, you would be able to activate it right on your smartphone. This functionality will come in handy in the event that your kids forget the passcode or you have to let the neighbor in to walk the dog.
Caught on tape
Smartphone security apps allow you to access live streaming video of your property using your surveillance cameras. You even have the capability to control the cameras so that they pan and tilt, giving you a wider view of your home and property. Keeping an eye on your home while you are away will give you insight into what’s going on when you aren’t there. For example, it’s unlikely that your teenagers will throw a party while you are out for the night if they know you can check up on the house anytime. In addition, these security apps also offer a “history function,” which records events such as what time your cleaning crew arrived and left. If they stayed for 45 minutes when it needed a two-hour cleaning, you’ll know about it.
Up to the minute text alerts
These home security apps will also provide you with important notices such as a sensor that’s not responding. They can send you text alerts if something has tripped your alarm, and if the police have been notified. In addition, if you’ve installed monitors and alarms for smoke, fire, or even flooding, you can receive alerts when these are tripped as well. These alerts will set your mind at ease not only while you’re out grocery shopping, but also when you’re on vacation.
A home security system will keep your family and home safe. However, a smartphone security app will work hand-in-hand with your system to keep you informed. This will give you the peace of mind you deserve when you’re away.
IP-Echelon gathering intel on YOU and YOUR web activities
Posted by Daniel Snyder in Blogging on May 25, 2011
I’ve written previously about torrents and the big question many ask “Are torrents safe?” , I’ve even speculated about the possibility of authorities tracking IPs, or even perhaps planting bait torrents for the sake of prosecuting end users for copyright infringement. You can read the article here, Do The Authorities Plant Torrents?. People are often asking me where are the safe torrent sites, and I have to laugh since my online experience always leads to a definitive there is no such thing as a safe torrent site.
Recently more proof surfaced that shows downloading copyrighted materials online is simply not safe, secure or private. Australian based company IP-Echelon has entered the global copyright infringement stage. I had a brief email conversation with the founder & CEO of IP-Echelon Adrian J.F. Leatherland and was able to ask him a few questions about the service. Adrian provided me with a brief response, but has not yet replied to my further inquiries. I am still optimistic that I may hear back from him in the near future!
What is IP-Echelon
Their website states “we monitor Internet piracy. We report on how it affects you. We educate about legal alternatives. We protect your rights.”
IP-Echelon is a service that maintains distributed physical ‘listening stations’ throughout North America, Europe and Australasia. These stations continuously monitor networks for the appearance or transfer of ‘content of interest’ and utilize advanced geo-location techniques to narrow down the location of infringers for marketing intelligence and law enforcement. This information is kept indefinitely and can be exported in a variety of ways from their online portal to be used as evidence in court. In addition they provide online reporting services, with a powerful suite of utilities to process the vast amount of data collected by their monitoring systems.
Monitor, Report, Educate, Protect.
The four bolded words in their header image (you can see it on their website) are monitor, report, educate and protect. The words that I think are of interest to most internet users are in the first phrase “we monitor internet piracy”, obviously in order to monitor internet piracy one must monitor both legal and illegal transfers of data and then analyze that data to determine if a copyright infringement is taking place. IP-Echelon is very secretive about what they call their “listening stations” and wouldn’t go into any detail with me about their methods or what technology they employ other than to quote their website we “Operate a global network of monitoring stations across North America, Europe and Australasia, we continuously monitor networks for the transfer of content belonging to our clients.”
Mr. Leatherland shared with me that his company IP-Echelon does not “issue press releases and have a very meagre web presence but service some of the largest copyright holders in the world and various law enforcement agencies on non-copyright related projects.”
What are your thoughts on a service like IP-Echelon?
The law is very clear when it comes to copyright infringement. However a whole lot of grey areas emerge when we begin to deal with the way that evidence is collected. A service like IP-Echelon while providing a great tool for their clients and law enforcement agencies could very easily cross over into dangerous territory gathering too much intel from their listening stations.
What are you thoughts on monitoring of this type? Especially private companies collecting information on your internet activities?
Update (May 25, 2011)
I was asked kindly by IP-Echelon to remove their copyright images and logos from this site so I have complied with that today. As I disclaimer I want to communicate that I do not intend to portray a service such as IP-Echelon in a bad light. I feel these types of services are valid, and have a role in our society. This article is simply intending to share an opinion on privacy concerns that some people may have with a service of this nature. Though I have not been told directly I would assume that a service like IP-Echelon does not operate at a carrier level but is more likely monitoring torrent sites in some capacity. Ultimately the people doing “bad” would be exposed with a service of this nature, and those who are not doing anything wrong really should have nothing to fear. Would love your thoughts on this topic in the comments below.
Security Through Minimalization
Posted by Trevor Sullivan in Computer Security, Guest Posts on September 26, 2010
In today’s world, you probably have at least one computer or mobile device that they use on a regular basis. After all, how are you reading this article right now? These devices may be used for purposes as simple as browsing the web and checking e-mail, but often times, you probably have higher expectations from your computing devices. In order to satisfy these needs, you probably have installed software on your device(s). These software programs can come from a variety of sources:
- Friend sends you a copy of a program
- Download from the Internet
- Purchased at the store
- Download from Apple AppStore (iPhone, iPod Touch)
Regardless of where you get your software from, it’s important for you to know exactly what programs are living on your computer or mobile device. Software that is on your computer — that you don’t know about — could be malicious, and may be gathering information about you that you don’t know about, or don’t want it to. The more programs you have installed on your computer, the more likely it is that a malicious program could slip in “under the radar.” By educating yourself about what’s installed, and controlling that list, you can help ensure your security in a heavily connected world! I’d encourage you to take a few minutes to clean out software from your computer or mobile device, today!
If you’re running Microsoft Windows, you can simply go to the Control Panel, and select Add/Remove Programs (Windows XP) or Uninstall a program (Windows Vista & 7). Go through the list of installed programs, and remove things that you don’t recognize, or don’t use on a regular basis. Here are some example of things you can probably safely remove:
- Internet “toolbars” that get installed for Internet Explorer or Firefox — these claim to be helpful, but generally only serve to worsen your computing experience
- Unwanted advertising programs
- Smiley face add-ons for instant messenger programs (editors note: these are almost always really BAD news!)
- Registry cleaners (there are only a select few legitimate tools like this)
- Software for your old printer or camera (eg. Nikon, Canon, Kodak)
- Anything that emphasizes being “FREE!” — If someone really has to push this, there’s probably a catch
Take a few minutes and clean out your computer today! It will help mitigate security issues, and just might help your computer run faster! If you’re not sure whether or not to remove something, hold off, and ask a tech-savvy friend for help.
Until next time …!
‘Here You Have’ my opinion, enticing users to click.
Posted by Daniel Snyder in Computer Security, My Thoughts on September 11, 2010
I like to compare the internet to real life, as a way of helping people understand information security. I am often amazed at how people who are so quick to be sure their homes and cars are protected do not even give a second thought to their online security. For some reason there is still a mass misconception that the internet is a safe place. The net is like any city, it’s got beautiful parks and nice malls to shop in, but it’s also got a red light district and dangerous back alleys. Navigating the net requires perhaps a little more knowledge than staying secure at home does. When you go to bed at night it’s common sense and part of your routine to make sure your house is secure, you lock your doors and windows, and perhaps set an alarm, or turn on some motion lights in the yard. The same is true of the web, you have to be proactive, but online it’s always a dark night so you better make sure you’re protected. Sometimes it requires more than just a security system as the recent ‘Here You Have‘ worm has demonstrated (yet again!), internet users are still prey to the most basic of social engineering tricks and still think ‘buying speakers out of a car trunk in a busy parking lot’ is a good idea.. or perhaps that every nice person that knocks on your front door with a deal is legit. If you are the kind of person that would buy a vacuum off a guy at your front door for a thousand dollars, than you may need to upgrade your security common sense. (By the way, that vacuum is probably worth no more than two hundred bucks)
The Most Basic Trick in CyberCrime
The ‘Here You Have’ worm utilized one of the most basic tactics in cybercrime, users receive an email which enticed them to click a link to a web site that offered them something that sounded interesting for free (likely porn), clicking on the link executes the virus. First rule of email security: Never click directly on links, rather type known links into your browser. This gets a little confusing however since you often need to click long links full of numbers and other characters in order to get an email address verified, or gain access to a website. It’s true, the ‘rule of thumb’ always has exceptions and that is what makes net security so complex. No matter how secure your system is, how well you’ve made sure that you’re antivirus is up to date, that your firewall is in place, and that your software is updated – you can still be enticed to go down a back alley that you shouldn’t. The virus was ultimately responsible for taking down email servers at NASA and numerous other companies including cable giant Comcast Corp.
If the long history of cybercrime has taught criminals anything, it is that users will always be susceptible to clicking on things they shouldn’t… if you just feed them the right line. Kaspersky Anti-Virus is one of my highly recommended products that does a fantastic job of monitoring all virus entry points leaving you with a virus-free PC! Click Here. Is it possible to educate people on the dangers of being socially engineered and the risk of clicking unknown links, particularly links received in email? You can read more about Social Engineering in this article “How long can I browse the web without antivirus protection“.
China orders foreign computer security software out!
Posted by Daniel Snyder in My Thoughts, Security News on August 30, 2010
Communist China continues to go to extremes and has ordered its banks and other major companies to limit the use of computer security software developed outside of China. That means popular antivirus vendors will lose existing and potential business inside mainland China, and setting up an impending trade clash with the USA and Europe. Of course this is just like China as they continue to build up their own technology sector by hiding away from global competition. If you ask me, it seems pretty apparent that China is aggressively shutting out competition.
Considering the population of China software developers know that this is a very large viable market, and being shutout is definitely a frustration.
A manager of an inspection company said 10 to 20 per cent of enterprises that its technicians looked at in higher security tiers used technology from Cisco and other foreign providers. He said they were told to switch to or add Chinese-made firewalls or other technology.
“We asked clients to make changes and warned them they would fail to pass the inspection if they don’t,” said the manager at Guangdong Southern Information Security Industrial Base Co. He would give only his surname, Chen.
Essentially this Multi-Level Protection Scheme (MLPS), requires that core security software that is used by government and major companies that support major infrastructure (banks, transportation, airports etc…) must be provided by Chinese companies only. Foreign companies are being pushed to disclose encryption technology, which of course comes on the heels of some nations threatening to disable Blackberry service. So what does this make you think? Does this come as a surprise? I don’t think the majority of Westerners are at all surprised by a move like this. And it really isn’t a surprise since it’s been alluded to and in the works for over three years by the Chinese government. To what extent this may effect foreign developers we can only speculate. As I understand it many American and European firms were targeting China as a market that had the potential to pull them out of the recent recession. Now that they’ve been effectively shutout they’ll have to turn their attention elsewhere… but where?
Sources: Joe McDonald, Canadian Press Computer World, China Policy could force foreign security firms out.
ATM Biometrics Coming to a Corner Store Near You!
Posted by Daniel Snyder in Security News on August 24, 2010
Looks like ATM machines around North America are due for a security upgrade. This year Barnaby Jack demonstrated both local and remote ATM attacks at Black Hat 2010, and showed how easy it could be to hack an ATM and make it spit cash. Barnaby Jack also revealed a multi-platform ATM rootkit and discussed protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.
Biometric Iris Scanners Coming to A Corner Store Near You!
One protection mechanism that we are now seeing become reality is biometrics. Although it has been in the works for years, it looks like all the futuristic spy movies we watched as kids are coming true as biometric iris scanning ATM machines are looming on the horizon, and in some parts of the world already in action. Of course you’re not likely to see one in your local corner store just yet, but they may well be coming soon! According to Jeff Carter of Global Rainmakers Inc. we’re all going to be connected to the iris system within the next decade.
The computer in a biometric ATM can identify a bank customer and scan their iris even from a distance of greater than three feet. The camera inside the machine takes a focused photo of the eye in black & white, while the system then measures the structure of the iris, and how light and dark areas fall upon it, a successful ID generates a code which is essentially the customers PIN. The latest method of biometrics is “finger vein” technology — an authentication system developed by Japanese tech giant Hitachi. Poland’s cooperative BPS bank says it’s the first in Europe to install a biometric ATM — allowing customers to withdraw cash simply with the touch of a fingertip. The company says that an infrared light is passed through the finger to detect a unique pattern of micro-veins beneath the surface – which is then matched with a pre-registered profile to verify an individual’s identity. “This is a substantially more reliable technique than using fingerprints,” Peter Jones, Hitachi’s head of security and solutions in Europe.
“Every person, place, and thing on this planet will be connected [to the iris system] within the next 10 years,”
But what’s happening now is Global Rainmakers Inc. (GRI), based out of New York City, has announced that it will use iris scanning technology to begin creating what it claims will be “the most secure city in the world” in Leon, Mexico. The task is to hook up all of GRI’s city wide iris scanners to a massive database created with law enforcement authorities.
“In the future, whether it’s entering your home, opening your car, entering your workspace, getting a pharmacy prescription refilled, or having your medical records pulled up, everything will come off that unique key that is your iris,” Jeff Carter, CDO of GRI tells tech website FastCompany.com. Jeff Carter claims “Every person, place, and thing on this planet will be connected [to the iris system] within the next 10 years,”.
You can read more about Global Rainmakers plans at Prison Planet, here.
Seems to me that things are changing so rapidly, the world around us is quickly become like that of every futuristic movie we’ve ever seen. Nothing is impossible anymore, and with creations and technology such as this the world is supposed to become a more secure place. Do you see this as a step forward, or do you have any objections to this kind of technology?
Sources: CNN World, "Biometric ATM gives cash via 'finger vein' scan." Prison Planet, "Biometric Iris Scanning Technology Rolled Out across entire city". Black Hat USA 2010 ATM Marketplace "Back to the Future: Biometrics Revisited"
Big Banks force Weak Security on Members
Posted by Daniel Snyder in Computer Security, Security News on August 17, 2010
Do you bank online? Your account may not be as secure as you’d like to think it is! The other day I was setting up my online account for my television cable provider and was asked to select a password. As I normally do I created a unique complex password for the site and stored it in a master database which is also password protected (by a different password of course!), my passwords are always complex and usually anywhere from 10 to 12 characters in length. I was frustrated when my cable provider rejected my 11 character password by notifying me that I was limited to a maximum of 8 characters and no special characters!
I have not found this uncommon either, I often find myself registering with websites that essentially force me into selecting a weak password. American Banks in particular have been under fire from security professionals for their current lack of strong security. A recent report by the OSCE which is of particular significance to U.S. banking customers reveals that “Bank network security, especially regarding log-on procedures, falls short of consumer expectations. Log-on protocols elsewhere utilize strong authentication. U.S. banks generally fail to meet that standard.” Read more about this on the E-Commerce News website, “Are Banks Short-Changing you on Security?“
Here are a few quick (and somewhat disturbing) facts about the current state of password security…
- 61% of passwords were either only lowercase letters or all digits (examples: iloveyou or 123456).
- 60% of web users only have one password that they use for all of their online accounts, including Facebook, PayPal, email, and banks, according to a recent study.
- An estimated 1 in 9 people use one of the Top 500 passwords posted on WhatsMyPass.com
A study by Trusteer Inc. a New York based online security vendor found that 73% of bank customers use their Internet banking password to access non-financial — and less secure — websites. While Forty-seven percent use both their online banking user ID and password on other websites.
Security Expert Bruce Schneier wrote an article about a British Bank (Lloyd’s) that rejected a man’s password because they felt it was “not appropriate”. The article though not directly applicable to what we are discussing today, does conclude by mentioning that at least that bank allowed more than four characters in their password. Albeit stopping the customer at six characters (which honestly, isn’t any more secure.) You can read all of Bruce’s article here.
How quickly can you be hacked?
Spend a few minutes at the Online Password Generator, and you can find out just how quickly your password could be hacked by brute force. A four character password no matter what special characters or numbers are used can be hacked in less than one second (if unlimited attempts were possible). Add two more simple characters and the time only increases to 53 seconds on a Intel® Core™2 Duo E4500. An eight character password utilizing numbers and letters will take about 19 hours, 19 minutes. Punch in a twelve character password that utilizes upper and lower case, numbers and special characters and it will take a whopping 377283354 years, 7 months to crack.
Not as Secure as the Bank would have you believe
In summary, online banking is simply not yet as secure as banks would like you to believe. Internet Criminals are aggressive and use many methods to steal information which include database hacks, brute force attacks and phishing scams. The majority of these attacks will be performed on social networking sites such as facebook or twitter where the stolen information can then be turned around and used on banks. If you are one of the 47% that uses the same information on a social networking site as you do at your bank, then consider yourself seriously warned. If on the other hand your bank allows complex passwords (like the one mentioned in the above paragraph), and has a secure (HTTPS) login, well then… bank online at your own risk!
Read more on password security as well as some interesting facts at the infocarnivore password archive.
Welcome & About Info Carnivore
Top Commenters