New Weekly Headlines Inspired Online Safety Lesson: This Year’s Social Networking Trend: Private – It’s the New Public!

December 28, 2011

As promised, I’ll be posting the weekly internet safety lessons that I’m writing in collaboration with the internet safety group iKeepSafe that will introduce digital literacy, safety, security and privacy topics to students and families through current news articles.

The latest lesson is This Year’s Social Networking Trend: Private – It’s the New Public!

Here’s a quick overview: News reports about the repercussions of sharing thoughts, attitudes, actions photos, videos, and more through online services have increasingly been making headlines this year. Whether personal information and private comments are exposed through leaks, hacks, changes in privacy settings, new features, or general indiscretion, the fallout is beginning to catch up with consumers of all ages. This lesson will help students and families develop an understanding of the very real likelihood that any content they post online will be seen by far more people than they intended to share with, and how understanding this reality can help them make smarter choices about what and what not to share. Take a look and start the conversation in your home…..

Linda



It’s not Just British Tabloids; Cell &Email Snooping is Increasing

August 3, 2011

The phone hacking scandal that’s rocked Britain, shut down the 168-year-old News of the World tabloid, led to the resignation of high ranking British police officials and Downing Street’s communications director, and put Rupert Murdoch in the hot-seat is but one symptom of an overall increase in cell and email snooping.

While the British scandal centers around the hacking of a murdered schoolgirl’s phone, and the subsequent hacking of phones belonging to rich and famous people, relatives of slain servicemen killed in Iraq and Afghanistan, and possibly the families of British victims of the 9/11 attacks, most cell phone and email hacking is much more mundane.

According to a July 2011 Retrevo Gadgetology Report, snooping by romantic partners via email and cell phone is on the rise. – And they didn’t survey those who are snooping on ex’s.

Among their findings:

  • Overall, 33% of respondents said they had checked the email or call history of someone they were dating without them knowing in 2011, up 43% from 23% in 2010.
  • 47% of respondents younger than 25 have snooped, up 24% over 2010.
  • 41% of women admit to having checked the email/call history of a romantic partner or spouse, 28% higher than the 32% of men who have done so.
  • 32% of overall respondents say they would secretly track a spouse/partner using an electronic device if they suspected wrongdoing. This includes 33% of women and 31% of men, giving women a 6% edge.
  • 59% of overall parents say they would secretly track a child using an electronic device if they suspected wrongdoing. This includes 64% of mothers and 53% of fathers, making women 21% more likely to snoop on a child.
  • Slightly more married couples snoop on their spouses (37%).
  • The number of parents snooping is highest among parents of teenagers, with 60% snooping on their kids and possibly for good reason, as 14% of those parents reported finding something they were concerned about.
  • Overall, adults are 84% more likely to secretly track a child than a spouse/partner. This differential is 94% for women and 71% for men.
  • 34% of parents of children age 13-19 have used Facebook to learn more about the parents of their children’s friends. This makes parents of teens the most likely of all parents of children younger than 20 to snoop on Facebook in this way, followed by parents of children age 6-12 (29%) and children age 0-5 (25%).

­­­­9 Steps to avoid becoming a phone or email hacking victim

A few basic precautions can significantly reduce the chances your phone or email will be hacked by friends or romantic partners, ex-friends or -romantic partners, students, teachers, parents, children, or others you know.

  1. PIN/password protect your cell phone and email.  Strong, unique, PIN numbers and passwords are a must.  Choosing ‘password’ or something else obvious doesn’t cut it. The same goes for PIN numbers. You must change your phone’s default PIN number to something unique. Choosing easy to guess numbers like your birthdate or ‘1234’ is asking for trouble.
    1. Once you have created safe logins don’t tell anyone what they are and change them periodically.
  2. Be consistent about locking your phone and email accounts. All the passwords in the world are useless if you leave your account/phone unlocked and unattended. Make a habit of locking accounts whenever you are not in control of the device – whether it’s your phone or your computer.
  3. Do not use any automatic sign-in functionality or password reminder tools on shared computers.  If you do, everyone who shares the computer may have full access to your accounts.  XXXXXX Similarly, many phone services allow you to call your own voicemail without having to enter your PIN if you call from your own phone number. While this is convenient for you, it’s even more convenient for someone else who wants to hear your voice messages.  The problem is that your voicemail isn’t actually checking to see if the call came from your phone, it just checks to see if it came from your phone number which is very easy to spoof or fake.  All someone has to do is use a service like SpoofCard that allows a user to make their number appear to be whatever number they want it to be – like yours. Then they dial ‘their’ number to hear your messages.  By the way, SpoofCard now allows you to spoof SMS’s as well. Just imagine how much additional damage this can cause in the hands of a bully, stalker, or other freak with malicious intent.  To best protect yourself, skip the convenience of automatically retrieving your voice messages, and set your voicemail to require your PIN to keep would-be snoopers at bay.
  4. Use strong, up-to-date security products on your cell phone and computers. All it takes to learn everything on your device is one little piece of malware – and there are only two things between you and an infection: 1) Strong security software, and 2) your ability to spot fraud.
    1. Strong security software: Most professional hackers collect passwords using malware that has been installed on your computer or mobile phone, and savvier snoopers can do the same. Be sure your anti-virus and anti-malware programs are up to date.  Also be sure that any operating system updates are installed. See my blog Are You a Malware Magnet? 4 simple steps can make all the difference and Malware reaches New Highs, Spam Dips; Mobile Malware New Frontier.
    2. Your ability to spot fraud: Spam and scams come at us from all angles; in the mailbox in front of your home (junk mail) in your email inbox, via IM, social networking sites, chats, forums, websites, and sadly, now also on your phone. Learn these  14 Steps to Avoiding Scams, and practice on some of the examples (scroll further down the webpage) to see how well you can avoid the common consumer pitfalls scammers want you to stumble over.
  5. Avoid logging into accounts when using public wireless networks – you don’t know if these are safe or compromised. See my blog Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker. Since many smartphone users use free WiFi hotspots to access data (and keep their phone plan costs down) smartphones are also more susceptible when leveraging public networks.
  6. Validate the legitimacy of any program/game/app before downloading it.  See my blogs Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware and More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware.
  7. Check your computer and phone for monitoring tools. Family safety tools are designed to help parents protect their children, but all too often these tools are used to monitor spouses, friends, ex’s, etc. To know if you are being monitored – and all your interactions recorded and reported – you’ll need to check for monitoring tools. Online Tech Tips has an article titled How to detect computer & email monitoring or spying software that can be quite helpful.
  8. On phones, consider who sees your monthly statement. If family members have access to your statements, they can see who you called (phone number look up), who called you, and the times of day these occurred. This is also true of your text messages. If this is more information that you want snooped through, get your own plan and don’t leave your statements lying around.
  9. Don’t use location tools that track and broadcast your location.  There are two types of location tools, those that you can ping to get information like driving directions, and those that track your location to broadcast to others. If you don’t want to be snooped, tracked or stalked, don’t use a tool that can track you.

Applying these precautions to your mobile and email usage will not guarantee that you aren’t snooped or hacked, but they will go a long way towards protecting you from the snoops in your life.  If nearly half (47%) of the under-20 crowd are snooping, the non-snooping half had better start defending.

Linda


Responding to Spam Volumes, Hotmail Adds “My Friend’s been Hacked” Feature

July 21, 2011

Sending spam from legitimate user’s email accounts has become rampant as spammers switch from using botnets. This week alone, I’ve received spam sent via my mother’s and two friend’s email accounts – and received frantic calls asking how to fix the problem. Read more on fixing the problem later in this blog.

To address the nearly 30% of Hotmail generated through compromised accounts, Microsoft has launched a new feature in Hotmail. Called “my friend’s been hacked” and found under the “Mark as” dropdown, a simple click allows friends to report compromised accounts directly to Hotmail.

Microsoft’s Dick Craddock explains that “when you report that your friend’s account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest “signals” to the detection engine, since you may be the first to notice the compromise.”

Once Hotmail has marked the account as compromised, two steps are taken:

  • The account can no longer be used by the spammer
  • You (or your compromised friend) are put through an account recovery flow that helps them take back control of their account.

What’s really cool about the work the Hotmail team has done is that it can be used to report problems with accounts hosted by other email providers as well. So for example, Yahoo! or Gmail receives a notice from Hotmail if one of their user’s accounts has been compromised and can take action.

Additionally, the Hotmail team has recognized that weak passwords are a large part of the problem – it’s just too easy for spammers to hack flimsy passwords. To address this, the service will soon roll out a new feature requiring stronger passwords. If you’re currently using a common password, you may be asked to strengthen it in the future.

Changing spam tactics

The takedown of the Rustock botnet dealt a telling blow to spammers and dropped spam volumes by almost 30% overnight (see Kudos to MSFT for Strangling the Rustock Spambot) and highlights a vulnerability in the botnet approach. Not only did spammers have to pay to rent the botnets, their distribution method could be shut off in one well-researched swoop.

A report out this month by Commtouch explains this shift in tactics sayingThe move away from botnet spam can be attributed to the use of IP reputation mechanisms that have been increasingly successful in blacklisting zombie IP addresses and therefore blocking botnet spam.

The blocking of spam from compromised accounts based on IP address is more difficult for many anti-spam technologies, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail).

One of the primary aims of the larger malware outbreaks and phishing attacks of this quarter is therefore to acquire enough compromised accounts to make spamming viable. The catch for spammers: While spam from compromised accounts is less likely to get blocked by IP reputation systems, the volumes that can be sent are lower due to the thresholds imposed on these accounts. This at least partially accounts for the lower spam volumes seen this quarter.”

What to do if your email account is hacked

  1. Check your security. Most hackers collect passwords using malware that has been installed on your computer or mobile phone. Be sure your anti-virus and anti-malware programs are up to date.  Also be sure that any operating system updates are installed. See my blog Are You a Malware Magnet? 4 simple steps can make all the difference
  2. Change your password and make it stronger after your anti-virus and anti-malware programs are updated. Learn how to create stronger passwords in my blog Safe passwords don’t have to be hard to create; just hard to guess.
  3. Practice greater safety online.
    1. Learn to spot spam and scams
    2. Secure your home’s wireless network
    3. Avoid logging into accounts when using public wireless networks – you don’t know if these are safe or compromised. See my blog Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker
    4. Validate the legitimacy of any program/game/app before downloading it.  See my blogs Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware

Linda


8 Tips to prevent student hackers from accessing school computers

September 2, 2010

Back-to-School time means hacker-proofing school’s computers. While protecting students online safety is a must, so is protecting school computers from malicious students.

It’s an administrator’s nightmare – students hacking school databases to change grades, stealing computer passwords, infecting computers with key-stroke logging malware, accessing secure sections of school sites, posting pornography or hate content on school sites, or hijacking a school’s website.

And it is a reality schools across the country struggle with.

“Students are very, very tech-savvy. Far more savvy than the majority of adults at our school,” says Michael Wilson, the principal of the 775-student Haddonfield Memorial High where keystroke logging malware was used to discover passwords and gain access to protected areas on the school’s computer network.

School systems are uniquely vulnerable to hacking, says James E. Culbert, an information-security analyst for the 135,000-student Duval County schools in Jacksonville, Fla. “In the case of our school system, we’ve got 135,000 [potential] hackers within our district, inside of our same network that houses our student-information systems and HR systems.”

Staying ahead of would-be hackers is not a one-fix solution; it’s an ongoing process that periodically assesses new and existing threats and updates security practices.

If you’re school is struggling with hacking, or you are unsure of the steps your school is taking, review the 8 Tips to preventing student hackers from accessing school computers:

  1. Ensure school computers have up-to-date security software installed, and that it automatically updates. Be sure firewalls are set, and enforce the use of  strong passwords.
  2. Set the ground rules that outline what is (and isn’t) acceptable use of school computers, and make sure students and their parents are aware of both the rules and the consequences for hacking, harassment security breaches, or failing to adhere to the schools acceptable use policy. Talk about these standards periodically, not just during the first week of school.
  3. Leverage content filtering technologies that help prevent students from seeking out inappropriate online content.
  4. Swiftly and consistently, address any misuse of the schools computer system.
  5. Require each user – teacher or student – to use a unique login. Some schools have strengthened their networks by clearly identifying if it is a teacher or a student who is logging in. Some also time-stamp when the account was last accessed allowing teachers to quickly see if their account has been compromised.
  6. Use two networks – one for students, another for teachers and staff. This makes it harder for students to hack into sensitive information.
  7. Educate teachers, staff and parent volunteers about the school’s internet access policies so they can stay vigilant in monitoring students online use and actions.
  8. Teach internet safety and digital responsibility to help students develop a strong online ethic.

Its the start of a new school year, let’s get it started securely.

Linda