Facebook Announces it will Retain Profiles of Deceased Members

November 1, 2009

Recognizing the expanding role social networks play in chronicling lives, Facebook has launched new functionality that enables families to memorialize deceased family member’s sites.

This is important functionality, and it looks like Facebook has carefully addressed safety concerns. For example, memorial sites do not show contact information, new people will not be able to log in, the deceased’s profile will not appear in the “suggestions” section, and only confirmed friends of the deceased will be able to find the site in a search.

For families and friends, the ability to keep these digital scrapbooks permanently can be a tremendous source of comfort. Access to the information can also help generate the list of friends to notify of the death and funeral, and provide a format for allowing friends to share their memories of the deceased.

Linda


U.S. Ruling – IP Addresses Are Not Personally Identifiable Information

October 27, 2009

A federal judge for the United States District Court in Seattle has ruled that IP addresses are not personally identifiable information. ‘In order for “personally identifiable information” to be personally identifiable, it must identify a person. But an IP address identifies a computer,’ US District Court Judge Richard Jones said in a written decision.

The ruling came in response to a class action lawsuit filed in 2006 by consumers against Microsoft when a Windows update installed new anti-piracy software onto computers.

This ruling contradicts a European Union decision from January 2009 where Germany’s data-protection commissioner, Peter Scharr told a European Parliament hearing on online data protection reviewing the practices of search engines that when someone is identified by an IP, or Internet protocol, address, ‘then it has to be regarded as personal data.’

As soon as you visit any website, your IP address is available to that site. Websites typically collect a record of all IP addresses that visit, combined with information about the time of the visit, even if this record is never leveraged or associated to an individual. This information is useful because it indicates which ISP you use, and – with some exceptions – your general location like the city in which you live.

Unlike general websites, ISP’s know who you are even if your IP address is dynamic (meaning it changes periodically or every time you connect to the internet) because they know what number was allocated to which customer and when.

Linda


Join the Podcast: A Safer Internet With Linda Criddle

October 19, 2009

saferdates1Upcoming Radio/Podcast Show: 10/27/2009 4:00 PM (Pacific Time)

Call-in Number: (718) 766-4680

Join Safer Dates as we celebrate “National Cyber Security Awareness Month” by interviewing Linda Criddle, president of the Safe Internet Alliance, an organization devoted to promoting a safe Internet and better education to protect all users, especially children, teens and the elderly, from Internet corruption, crime, and abuse by driving initiatives through industry, education, government, and non-profit entities.

Linda is also the founder and President of LOOKBOTHWAYS, Inc., a company that develops internet safety technologies and products while providing product design, safety reviews, and other consulting services to leading technology companies, regulatory bodies, and law enforcement, as well as offering practical assistance to consumers navigating the online world through a consumer internet safety site, iLOOKBOTHWAYS.com.

Linda collaborates with local, state, national and international law enforcement agencies, teaching how to understand and track predators online. She works with government organizations in the U.S. and around the world to advise on, and prepare, internet safety regulations and legislation. In addition, Linda is an author of the award-winning consumer-oriented books, “Look Both Ways: Help Protect Your Family on the Internet,” and “Using the Internet Safely for Seniors For Dummies.” She has also written “Internet Safety for Educators”, a distance-learning course offered through Universities.

Our interview will explore tools to empower you to have a safer internet experience. The future of the internet is up to all of us. So let us join together and help promote an internet ethic of respect and accountability online.

Hope you can join us,

Linda


Soldiers Personal Data Still Leaking Online

October 4, 2009

Washington Post – Soldiers Personal Data Still Leaking Online

Sensitive personal data – including Social Security numbers, blood types, cellphone numbers, e-mail addresses, and the names of soldiers’ spouses and children – belonging to tens of thousands of U.S. soldiers continues to be compromised via P2P networks. As recently as this week computer users in countries like Pakistan and China have downloaded this information according to Tiversa, a company specializing in P2P intelligence.

According to the Washington Post, Tiversa saw personally identifiable data on Special Forces soldiers on servers in Pakistan in May and notified military criminal investigators. This isn’t the first breach, in April 2008, Tiversa found spreadsheets of Army promotions with personal data of 60,000 soldiers, as well as data on several thousand civilians and soldiers from the 1st Signal Brigade, and information about soldiers in the 3rd Special Forces Group.  

The Army’s Special Operations Command confirmed that data was breached, but insisted it was an isolated incident, that those involved in the breach had been punished, and that they now have measures in place to reduce the chances of a breach happening again.

Robert Boback, chief executive of Tiversa, said such precautions are not sufficient safeguards. “Every company, agency and defense contractor will say that they have a policy against P2P on company-owned equipment and blocking, usually through intrusion detection,” he said. “The fact remains that these documents are still going out.”

Given the tremendous sacrifice our soldiers are making to protect the safety of others, it is a sad reflection on the state of Internet (in)security that we are unable to defend our own troops.

Read the full article from the Washington Post here

Linda


“Unprecedented State of Web Insecurity” Says New IBM Report

September 15, 2009

“There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity,” said IBM’s X-Force Director Kris Lamb in a new and sobering report.

“Two of the major themes for the first half of 2009 are the increase in sites hosting malware and the doubling of obfuscated Web attacks,” Lamb said. “The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.” “The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West where no one is to be trusted.”

The data behind these conclusions is stark:

  • The number of new malicious Web links discovered in the first half of 2009 increased by 508%
  • The presence of malicious content on trusted sites has increased, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites.
  • Web application attacks with the intent to steal and manipulate data and take command and control of infected computers has significantly risen.
  • There were 3,240 new vulnerabilities discovered in the first half of 2009, yet 49% of all vulnerabilities disclosed in the first half of 2009 had no vendor-supplied patch at the end of the period.
  • Known PDF vulnerabilities in the first half of 2009 already surpass disclosures from all of 2008.
  • Trojans account for more than half of all new malware with a nine percent increase over the first half of 2008. Information-stealing Trojans (see bottom of article for definition of Trojans) are the most prevalent malware category.
    • A similar survey, by BitDefender, measuring malicious attacks between January and June 2009 found that Trojan-type malware now account for 83% of the global malware detected in the wild.
  • Phishing has decreased dramatically. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets.

What this means to you

In spite of the serious threats and stark warning, the answer isn’t to unplug your computer and head for the hills. Instead, it is essential that you make sure your computers and internet connections are secure with proactive protection software that automatically updates; that you use strong, unique passwords and you keep them private; and you learn to avoid socially engineered exploits. It also means that every family member and/or anyone else who uses your computer(s) follow the same security rigor.

  1. Secure your computer. If your computer isn’t protected from Trojans, viruses and other malware your financial information and passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use one of the excellent free services.
  2. Secure your Internet connection - make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here.
  3. Use strong passwords. A weak password is all it takes for someone to steal it. If you use the same password on multiple sites (or everywhere) you are asking for real trouble. Passwords do not have to be hard to remember, just hard to guess.
  4. When searching, Do NOT assume sponsored sites are safe. Because I use McAfee Site Advisor (it’s free), I see a warning notifying me of the risk. Without a tool like this, you have no way of judging if the site is legitimate or going to give you malware, spam, etc… There are other companies offer similar services; pick one and use it!
  5. Trust is Key. Know the Site. Know the User. Know the Company. Misplaced trust will land you in a world of trouble.
    1. You can no longer assume that links within trusted sites are safe. IBM’s research highlights the increase in malicious content placed on trusted sites.
    2. Be cautious and stay in the driver’s seat. Instead of clicking on a link, copy the URL into a search engine query and look at the results. Does the site have a positive safety rating? Don’t be pulled by links that may or may not take you where you want to go. This is particularly true with ‘shortened’ or ‘mini’ links used on sites like Twitter. If you do now have 100% confidence that the link is going to take you to a legitimate site, look up the material yourself.

Linda

What is a Trojan? In technology, a trojan is a term used to describe software that appears to be useful but contains malicious code that enables hackers to access and take over the computer remotely. Once controlled hackers can use the machine for a variety of criminal purposes including stealing identities (e.g. passwords, security codes, credit card information), installing additional malware, downloading or uploading files, deleting or modifying a user’s files, keystroke log the user’s activity, make the computer part of a botnet, and so on.


Digg Announces a “Nofollow” Policy to Better Protect Consumers

September 8, 2009

Congratulations to Digg. In an effort to reduce the amount of link spam on Digg, a social news website where people can discover and share content online, the company announced a change in their policy towards questionable links.

Spammers use sites like Digg to post their links in an attempt to drive lots of traffic to their sites. In addition to direct clicks by users, the spammers know that search engines are likely to rate their link as more important if their URL is found on Digg.

By adding a “rel=nofollow” tag to every link that Digg doesn’t trust to be legitimate, the company effectively instructs search engines to ignore the link so that it doesn’t positively influence the link’s ranking and bring it higher up in search results that consumers see. This undercuts the effectiveness of some types of search engine spam, and improves the quality of search engine results that you receive. The nofollow policy is applied to questionable links in stories, profiles and comments.

Digg’s VP of Engineering, John Quinn, commented on the change today in a blog informing users of the change:

We’ve made a few changes to the way Digg links to external sites that may impact some folks in the SEO [search engine optimization] community. These changes reduce the incentive to post spammy content (or link spam) to Digg, while still flowing ’search engine juice’ freely to quality content. We’ve added rel=”nofollow” this code is an HTML to any external link that we’re not sure we can vouch for. This includes all external links from comments, user profiles and story pages below a certain threshold of popularity.

This work was done … in an effort to look out for the interests of content providers and the Digg community.

Digg did not disclose how they determine which sites they mistrust, and that’s probably for the best as it doesn’t give spammers insight they may use to circumvent the blocks.

It is great to see companies that proactively protect consumers. Hats off to Digg.

Linda


Facebook Users, You can Thank the Canadians for Improved Privacy and Transparency

September 1, 2009

For more than a year, Canada’s privacy commission, under the leadership of Jennifer Stoddard investigated Facebook’s privacy policies and tools. They found that Facebook gave “confusing or incomplete” privacy information to subscribers and gave developers “virtually unrestricted access to Facebook users’ personal information.”

Under pressure to change, Facebook today announced plans to improve their service. “Our productive and constructive dialogue with the Commissioner’s office has given us an opportunity to improve our policies and practices in a way that will provide even greater transparency and control for Facebook users,” said Elliot Schrage, Vice-President of Global Communications and Public Policy at Facebook. “We believe that these changes are not only great for our users and address all of the Commissioners’ outstanding concerns, but they also set a new standard for the industry.”

Here are the specific changes Facebook will be making according to their Press Statement:

  • Updating the Privacy Policy to better describe a number of practices, including the reasons for the collection of date of birth, account memorialization for deceased users, the distinction between account deactivation and deletion, and how its advertising programs work.
  • Encouraging users to review their privacy settings to make sure the defaults and selections reflect the user’s preferences.
  • Increasing the understanding and control a user has over the information accessed by third-party applications. Specifically, Facebook will introduce a new permissions model that will require applications to specify the categories of information they wish to access and obtain express consent from the user before any data is shared. In addition, the user will also have to specifically approve any access to their friends’ information, which would still be subject to the friend’s privacy and application settings.

Facebook announced, “work on the planned changes will begin immediately. However, some changes will take some time before they are visible. For example, updates to the Privacy Policy will require a notice and comment period for users. In addition, the changes to how users share information with third-party applications will require significant time and resources, both for the updating and testing of the new Facebook API, and for third-party application developers to reprogram and test their applications. Facebook anticipates this entire process will take approximately 12 months.

Thank goodness. These changes are a long time in coming, and every Facebook user will benefit from the work now being undertaken. This is a significant step towards recognizing users’ right to privacy, choice, and transparency. 

Until the changes are in place (up to a year from now), I recommend that you do not use 3rd party applications, and that you carefully review the safety/privacy settings you currently have in place.

Linda


Looking Online for Health Info? – Which Sites Do You Trust?

August 18, 2009

onlinehealth1With the swine flu threat increasing as kids go back to school, and the whole winter-illness season approaching, health concerns are gaining more attention.

At the same time, economic woes are hitting families hard. According to a poll by the Kaiser Family Foundation, 1-in-3 American families to struggle paying medical bills and nearly half say a family member has postponed necessary medical care to save the expense of a doctor visit.

As a result, more consumers are seeking medical advice online – research conducted by the Pew Research Center’s Internet & American Life Project and the California HealthCare Foundation found that 61% of adults now look online for health information.

Knowing how to identify trustworthy sites and information is critical to ensure your safety – particularly if you are looking for medical guidance.

So how good are you at choosing trustworthy sites and advice? Pretty good actually.

MarketingCharts.com just released a list of the top 10 Health and Medical information sites used by consumers, and 7 of the 10 carry the

Health on the Net (HON) seal.

onlinehealth2Note: I added the Health on the Net (HON) seal and placed checkmarks next to those that have earned this designation.

The other 3 sites in the top 10 – Yahoo! Health, MSN Health, and AOL Health – host user-generated content, but prominently state that their sites do not provide medical or any other health care advice, diagnosis or treatment”.

This is a critical point as Pew’s research also found that 60% of survey e-patients (37% of adults) have accessed user-generated health information online and that it has an impact on their decisions.

Among survey participants who said their most recent medical search had an impact on their health decisions:

  • 60% say the information found online affected a decision about how to treat an illness or condition
  • 56% say it changed their overall approach to maintaining their health or the health of someone they help take care of
  • 38% say it affected a decision about whether to see a doctor

Fully 42% of all adults say they or someone they know has been helped by following medical advice found on the internet. The flip side however is sobering. Three percent of all adults, say they or someone they know has been harmed by following the medical advice they got online.

Keep safe when looking online for medical advice by sticking to reputable sites. These will carry the Health on the Net (HON) seal of approval. The HONcode is the oldest and the most used ethical and trustworthy code for medical and health related information available on Internet. Their seal is only given to sites that have been accredited against a strict set of principles. If you do not see this seal prominently displayed in the lower right corner on the health, medical, or wellness website you are visiting, go to the Health On The Net Foundation and look up the website using their Trustworthy health sites search.

Remember that while there may be great information in blogs and forums containing user-generated content, you need to be cautious basing decisions on other’s experiences. You do not want to find yourself among the 3% who were harmed by following medical advice they got online.


130 Million Credit and Debit Card Numbers Stolen – Is Yours Secure?

August 17, 2009

The largest case of ID theft ever prosecuted reads like a thriller. A small group of men stole more than 130 million credit and debit card numbers between 2006-2008. At the same time, the ringleader, Alberto Gonzalez, 27, played informant for federal investigators helping them catch his cohorts.

It appears that at the ripe age of 22, Gonzalez began his career into ID theft stealing Credit card information from a string of stores including Office Max, Barnes & Noble, Marshalls, and TJ Maxx, 7-Eleven, Heartland Payment Systems, and at least two unnamed national retailers. It is still unclear how many of these credit and debit card numbers were then sold online through the internet black market and used by other criminals to make unauthorized purchases and withdrawals from banks.

It is also unclear whether all victims have been notified that their cards were stolen as not all states have laws requiring stores to notify consumers of data breaches. NOTE: As of July 27, 2009, forty-five states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information according to the National Conference of State legislatures.

Speaking about the case and the involvement of Gonzalez in so many data breaches Erez Liebermann, an asst. U.S. attorney in the Justice Department’s New Jersey office, said it suggests that “perhaps the individuals capable of such conduct are a tighter-knit group than may have been previously thought.”

The indictment alleges that Mr. Gonzalez and his conspirators (11 have been indicted) reviewed Fortune 500 companies and selected which companies to target then visited targeted company stores to determine which payment systems were used. The criminals then launched attacks against these sites using flaws in the SQL programming language, commonly used for databases. Their malware programs intercepted credit card transactions in real time and transmitted the numbers to leased computers in the U.S, the Netherlands and Ukraine.

Sobering reality

Richard Wang, manager of SophosLabs, said the case demonstrates that retailers and banks need to strengthen industry standards. Current practices are that major banks only agree to encrypt this data only when it is stored, moving forward credit card numbers should be encrypted when passed between computers.

Mr. Wang also doubted that the world had seen the last significant theft of credit card numbers. “I’m not sure how likely it is that they [prosecutors] are going to get the Russian co-conspirators, obviously there are still plenty of people with the necessary expertise to pull off these kinds of attacks.”

To learn more about his case read

Linda


Banking online picking up steam – stay safer with a few tips

July 30, 2009

Banking online picking up steam – stay safer with a few tips

Summary

A new article by Herb Weisbaum – ‘the consumerman’ – on MSNBC outlines the sharp increase in the number of users of online banking services, and cites Linda Criddle for how to stay safer when doing so.

The article references a Harris Interactive survey that found 80% of U.S. households with Internet access – nearly 70 million households –– use some form of online banking service. That’s a sharp increase of over 2 million households in the last year.

The number of online banking customers is expected to continue rising. “We predict steady growth as more go online and see the benefit of doing your banking from anywhere at anytime, ” says Steve Shaw, director of strategic marketing at Fiserv, a financial services technology firm.

At the same time, banks are shedding retail branches. On Tuesday, Bank of America announced it is closing about 600 branches. The reason? Liam McGee, president of Bank of America’s consumer and small-business bank, said part of the reason for the move is that more customers prefer online and mobile banking.

So how do you bank online safely?

Internet security expert Linda Criddle, who runs the Web site www.ilookbothways.com, describes herself as an avid online banker. She says you need to ask yourself three questions before jumping online.

  • Is your computer secure? You must have up-to-date security software, which means antivirus and anti-spyware protection.
  • Is your connection secure? Make sure the firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information.
  • Do you have a secure password? It doesn’t have to be hard to remember, just hard to guess. Don’t share it with anyone and don’t respond to any e-mail requesting that information. That “urgent” message may look like it’s from your bank, but it’s bogus. A financial institution would never send you an e-mail asking for your PIN or password. Never!

“If you’ve done all of the above, then you’re off to a good start,” Criddle says. “You can have reasonably strong chance of having only positive experiences.”

You also need to be extremely careful when you conduct banking business away from home. Your laptop needs to be secure and so does your wireless connection. Criddle recommends avoiding computers at Internet cafes.

The bottom line: Before you conduct your most sensitive financial transactions you need to be absolutely certain both the Internet connection and the computer you’re using are secure. If you don’t have 100 percent confidence – don’t take the chance.

Read the full article here.

Linda


Follow

Get every new post delivered to your Inbox.

Join 1,765 other followers