Half of U.S. Drivers say Potential distraction issues Discourage Buying New Media Features in Cars

November 16, 2011

Concerns about driving distractions when using media features like navigation and Wi-Fi would deter half of U.S. users from purchasing these features according to a new survey from Altman Vilandrie & Company and uSamp.

In spite of safety concerns, the demand for new technologies in cars is strong, including media features like WiFi. This is especially true among younger drivers aged 18-24 who are twice as likely (40%) to say in-vehicle media capabilities influenced their most recent car purchase compared to older drivers.

The most desirable in car technology features? Voice-controlled navigation, real-time traffic updates, and the opportunity to turn their vehicles into wireless “hotspots” to enable internet access. Respondents were also interested in voice output–hearing emails, text messages, and social networking information.

The study also found that 70% of respondents have privacy concerns over the potential use of their driving data by car manufacturers and wireless carriers, though surprisingly those privacy concerns don’t extend to insurance providers. More than a third of respondents said they hoped to have their insurance rates determined by monitored driving habits.



74% of Consumers Concerned about Security when Making Mobile Payments

October 4, 2011

New research by the Ponemon Institute paints a sobering picture of consumer concerns when conducting transactions via a mobile device.  In addition to the 74% who are concerned about their online security when making mobile payments, 72% were worried about becoming the victim of online fraud.

Other findings:

  • Of those polled, 29% said they used their phones to engage in mobile banking, while 67% believe they are either completely or partially protected when engaged in mobile banking.
  • 51% use mobile transactions for the convenience it offers, and 25% do so because they believe it provides increased security.

The research concludes that consumers attitude regarding their security in online transactions more to do with how active they are online – the more frequently they make online transactions the safer they feel when doing so. Yet the researchers admonish companies that they are not off the hook; noting that the best way to increase consumer confidence is to increase company spending and oversight on providing rigorous security.

6 things you can do to be safer when transacting online:

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use caution on public WiFi hotspots. Do not log onto sensitive sites (banking, shopping…) from an unsecured connection.  When using a public computer, uncheck the box for remembering your information.
  3. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  4. Watch your surroundings. Pay attention to who is around you so that they do not see you type your passwords, credit card numbers, PIN’s, etc., or read sensitive information you may be sharing.
  5. Put a credit freeze on your accounts. Block ID thieves from opening new accounts under your name by freezing or blocking access to your credit files. Learn more about creating a credit freeze here.
  6. Check your credit reports. Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies: Experian – http://www.experian.com/consumer-products/triple-advantage.html, Equifax – http://www.econsumer.equifax.com, TransUnion – http://www.truecredit.com/?cb=TransUnion&loc=2091
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.


Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker

October 30, 2010

A few days ago I wrote about Starbucks’ new Digital network (WiFi) push giving users not only internet access, but also “a wide array of great, premium online content.” Included in that article were 6 steps to Safer WiFi use.

Now, with the launch of a new application called Firesheep, there are a couple more safety concerns you need to protect against.

What is Firesheep?

Firesheep is a new, free add-on application to Firefox developed by Eric Butler that makes it a easy for anyone to snoop on a WiFi network and steal other people’s online accounts – without even needing to steal their passwords. You just download the application, then go to any location with an open WiFi network and click the ‘Start Capture’ button in the app.

Instantly the app begins capturing login information of people in your vicinity, and it shows you the user names (and photos) of those logged into one of the services that Firesheep collects information from. Then, to log into a site as one of those users, just double-click on their name and you’re logged in using their account.

How does it capture your information?

“When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a “cookie” which is used by your browser for all subsequent [login] requests.

It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable.

Ian Paul at PCWorld has a good explanation of how Firesheep works.

Firesheep is basically a packet sniffer that can analyze all the unencrypted Web traffic on an open Wi-Fi connection between a Wi-Fi router and the personal computers on the same network. The extension waits for someone to log in to any of the 26 sites listed in Firesheep’s database -[including big sites such as Facebook, Twitter, Flickr, bit.ly, Google and Amazon].

When you log in to Amazon, for example, your browser’s Amazon-specific cookie communicates with the site and contains personally identifying information such as your user name and an Amazon session number ID.

As your browser swaps cookie information back and forth with the Website a third party can hijack that communication and capture info including your user name and session ID. Typically, the cookie will not contain your password. But even without your password, the fact that Firesheep has snagged your session cookie means that a hacker can, at least in theory, access your account and gain virtually unrestricted access. If the hacker got your Yahoo Mail cookie they could send an e-mail; if it was Facebook they may be able to post a message; and so on. Any operations that require your password, however – such as accessing your credit card information on Amazon – should not be possible using Firesheep.

Butler, defended releasing his add-on in a blog post on Sunday, saying that warnings about site insecurities by others have been ignored. “[Sites have] been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure Web,” Butler wrote in “My hope is that Firesheep will help the users win.”

Possibly, but in the short term, with an enormous 320,000 downloads since Sunday (an average of about 79,000 downloads per day), it’s a stretch to believe Butler’s ‘awareness campaign’ it isn’t going to do far more harm than good.

WiFi Risks aren’t new

For years, security experts have cautioned users that connecting to a non-encrypted WiFi network exposes you to malicious attacks, data theft and account hijacking. However, few users have paid much attention, casually  logging on to WiFi hotspots to check bank information, log onto social networks, shop online, read their email or browse the web.

That casual attitude has been based on two beliefs: 1)  the belief that most people are honest and just doing their own thing not trying to wreak havoc on others (which is true) and, 2) there really aren’t that many people who have the skills needed to steal information or harm devices if they wanted to.

Now that stealing your credentials has become so easy your grandmother could do it, you might want to reconsider that laid back attitude – particularly in light of the enormous numbers of people who have already downloaded the app.

The security gap with most cookies is a well known problem, but even very popular websites still fail to protect users by encrypting their cookies.  Unfortunately, until web service operators take your security more seriously and fully encrypt their services, you have few safe choices. You can choose to never use public Wi-Fi, which would be rather inconvenient for many users, or you can pay your way out of the risk by purchasing a cell phone provider’s 3G or 4G data plan.

Click here to learn more about other solutions security experts offer for defending against Firesheep snooping.

Mozilla can cripple add-ons to their browser, but Mozilla’s director of Firefox, Mike Beltzner, has said that Mozilla will not activate the kill-switch because Firesheep doesn’t exploit a vulnerability in their browser.

He instead suggested that Firefox users could protect themselves against Firesheep sniffing and hijacking by installing Force-TLS which would require their browser to use an encrypted HSTS (HTTP Strict Transport Security) connection when it accesses certain sites.

A ZDNet.com poll found that two-thirds of their readers who participated in the poll support Mozilla’s decision – I doubt the general public agrees.


Starbucks Launches Digital Network – 6 Steps to Safer WiFi Use

October 29, 2010

Digital networks, sometimes called public WiFi networks, allow you to connect wherever you are with ease. Now, Starbuck’s has announced they will be offering internet access, and “and a wide array of great, premium online content” to consumers in all of their shops.

“The vision,” says Starbucks’s Vice President of Digital Ventures Adam Brotman, “is for Starbucks Digital Network to be a digital version of the community cork board that’s in all of our stores.”

With ease and convenience of online access comes risk; but 6 simple steps can significantly increase your safety when browsing on WiFi networks.

  1. Connect to a legitimate WiFi network. Criminals frequently set up fairly convincing fake networks that incorporate the name of the coffee shop, hotel, campground, airport, park, or other place to trick you into using their network instead. If you get fooled into logging onto their network, they’ll steal the information off your laptop, tablet or phone.
    1. Solution: Ask for the location’s WiFi access name, and use their access keys to avoid being duped onto a malicious copycat network.
    2. Solution: If you don’t know the company, organization, or individual offering the WiFi access, be very cautious. Unscrupulous parties may be tempted to grab your information.
  2. Even legitimate networks may be compromised. Some online actions should never be done when using a public network.
    1. Solution: Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
  3. Update your anti-virus and anti-malware tools if they aren’t current. Whenever and wherever you log onto the internet, you need protection against viruses, spyware and other malware.
    1. Solution: If cost is preventing you from protecting your computer, search online for good free anti-virus and anti-malware options.
  4. Control your access points. Leaving your Bluetooth connection open lets criminals find and connect to your computer or phone.
    1. Solution: Change your setting to not discoverable, or turn it off.
  5. Remember, you’re in public. Big screens may make your information easy reading for those around you and they may take full advantage of the opportunity.
    1. Consider where you’re sitting and who may be able to see your screen or your hands while typing in a password. Consider whether someone outside the shop can see your screen if your back is to a window. Place yourself in a way that keeps your information private, and check periodically to see if your privacy is still maintained.
  6. Learn about their privacy policy. Most users assume that their information will not be reused in any fashion, but this is often not the case. Networks may sell information about the users that log on through their networks. It is always critical to understand how your information may be used – or abused – by any network or website you visit.
    1. Solution: Don’t assume. Ask about the privacy policy of any WiFi operator you use… and then take one further precaution. Read the privacy policy of any premium content offered through the service. Users often believe that an overarching privacy policy is in place when in reality the websites they offer are not likely to adhere to the same standard.


One in Five Americans Think Internet Less Safe than A Year Ago

October 6, 2010

Just 5.1% feel the Internet is safer today than it was a year ago.  68% feel it’s about the same, while 21.2% think it’s less safe. Half of Americans say they are most concerned about identity theft of all the possible things that could happen to them online, according to newly released Online Safety Study by the 2010 National Cyber Security Alliance and Symantec.

Computers lack security protections

The study also found that only 24% of Americans feel very safe and 61% feel somewhat safe that their home computers are protected. Unfortunately, while Americans may feel protected on their home computers, they are experiencing a false sense of security.

Comprehensive protecting means you have antivirus, firewall, antispyware, spam filter, anti-phishing, and identity protection tools in place and up-to-date.

In a consistently concerning trend, 58% of study respondents said they had a complete security software suite – but when their computers were actually scanned for security software, only 37% were fully protected.

This means 63% of home computers are unprotected, or under-protected, from malware, and  these  computer are unquestionably infected with malware.

In response to the survey question, Do you believe your computer is currently infected with a malicious program? 85% said no. That’s a lot of naïveté about what’s really going on with their computer and information.

The table to the right shows just how much information these unprotected users have already had compromised – and yet they wonder how their identity is stolen and their personal information exposed.

Half of Americans now have two-to-three computers at home, with 74% owning a laptop or netbook according to the study findings.  All told, 31% said their laptop or netbook is their primary computer.  Nearly 17% of respondents can connect to the Internet via their TV, and 24% connect via a gaming device.

Unprotected WiFi Use

This increased number of internet access points expose new security, safety and privacy risks. Wireless networks have reached high levels of adoption, with 70% of respondents saying they have a wireless router at home, but 43% admitted they have logged onto a wireless network without entering a password – a number that increases to 66% for 18 to 29 year olds. (see my blogs Starbucks Launches Digital Network – 6 Steps to Safer WiFi Use, Like Lambs to the Slaughter? Firesheep Lets Anyone be a WiFi Hacker and Google’s WiFi Data Collection Larger than Previously Known for more information about the risks with unprotected wireless networks.)

“Computer users can run into online threats regardless of where they might be connected and what device they’re using,” said Marian Merritt, Norton Internet Safety Advocate.  “However, on a Wi-Fi network, there are other risks consumers can run into, like ‘evil twin’ networks that trick people into connecting to unknown networks, giving cybercriminals access to their computer and its contents.  Consumers should ensure they’re connecting to a legitimate network, using the access keys or portal given to them by the Wi-Fi provider.”

Mobile Use

Particularly sobering are the study’s mobile use findings that show, users aren’t taking steps to protect themselves or their data.  Only 22.2% back up personal data stored on their phones despite using them to keep private information such as personal contacts, calendars and e-mail.

Surprisingly, more than 64% said they always or sometimes read an application developer’s privacy policy before downloading an app on their phones. Yet, only 5.7% believe they store passwords or account numbers in their apps.

Driving home the message that you must protect your internet connected devices

Unlike your toaster, the internet is not a plug-it-in-and-go experience.

  • It requires installing, or turning on security software onto your devices – and then setting the software to auto-update so it keeps your safety level current.
  • It requires creating strong passwords to log-in to the computer.
  • It requires ensuring any WiFi connection is password protected.
  • It requires changing passwords periodically
  • It requires getting educated on how to avoid scams, spam, and protect your privacy.

It also requires that you step up to your civic duty of protecting others. An infected device is the digital equivalent of Typhoid Mary – you may not intend to send infected documents, or be part of a botnet spewing spam and scams, contributing to denial of service attacks, or spreading viruses, but if you haven’t taken security precautions to keep your devices clean, you are part of the problem.

The full study can be found here.