Worst Passwords of 2015

Posted on January 19, 2016 by Carmelo

2015’s most used cracked passwords ranked by popularity… Yes, people still use bad passwords, despite the warnings to have some complexity. Perhaps we should code systems to reject simple passwords?

1. 123456 (UNCHANGED)
2. PASSWORD (UNCHANGED)
3. 12345678 (UP 1)
4. QWERTY (UP 1)
5. 12345 (DOWN 2)
6. 123456789 (UNCHANGED)
7. FOOTBALL (UP 3)
8. 1234 (DOWN 1)
9. 1234567 (UP 2)
10. BASEBALL (DOWN 2)
11. WELCOME (NEW)
12. 1234567890 (NEW)
13. ABC123 (UP 1)
14. 111111 (UP 1)
15. 1QAZ2WSX (NEW)
16. DRAGON (DOWN 7)
17. MASTER (UP 2)
18. MONKEY (DOWN 6)
19. LETMEIN (DOWN 6)
20. LOGIN (NEW)
21. PRINCESS (NEW)
22. QWERTYUIOP (NEW)
23. SOLO (NEW)
24. PASSW0RD (NEW)
25. STARWARS (NEW)

If you insist on keeping a horribly simple password, use Two-Factor or Two Step authentication!

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Worst Passwords of 2015

Own Your Online Presence #PrivacyAware

Posted on January 10, 2016 by Carmelo

I’m proud to announce that CarmeloWalsh.com is registered as a Data Privacy Day Champion. January 28th is Data Privacy Day. Please spread the word and share this post.

quote-Andy-Grove-privacy-is-one-of-the-biggest-problems-183691_1

#PrivacyAware

A lot of people don’t know this, but Facebook is the leading authoritative source for fraudsters to harvest data on you because it’s posted by you (and maybe some of your family and friends)! The company obviously wants people to share information on what’s happening with family, friends, and fans… those who want to know more about how to start restricting what’s publicly shared, there is the Facebook Privacy Basics page to learn more.

How to Own Your Online Presence

cartoons,funny,internet,privacy,socialnetworks-7078bbf6de5fbdc711d30d1e1d89fc27_h

Another method to control privacy that can be used:

facebook_privacy

Posted in Security Blog | Tagged , , , , , , , , , | Comments Off on Own Your Online Presence #PrivacyAware

Social Engineering Fraud Losses Doubled in 2015

Posted on January 10, 2016 by Carmelo

Consider the largest breaches of 2015 and realize they weren’t about getting financial data directly. It was all about personal details. Identity theft is a hotter commodity on the dark web, than credit card numbers.

  • Anthem
    • 80 million (Personal Details)
  • Ashley Madison
    • 37 million (Personal Details)
  • OPM Data Breach
    • 22 million affected (Personal Details)
  • Experian/T-Mobile
    • 15 million (Personal Details)
  • Premera
    • 11 million (Personal Details)
  • mSpy
    • 400,000  (Personal Details)
  • IRS
    • 330,000 users (Personal Details)
  • VTech
    • 12 million users, a little more than half of them children. (Personal Details)

The hotter the commodity, the more bold the fraudsters are though. Identity theft is a big ticket item, especially in children’s details. Credit cards can be de-activated and numbers can be changed, but a person’s identity can be used to open accounts with a line of credit, or health benefits; giving a fraudster much more money and time.

Credit cards have a cap on how much can be withdrawn, but a properly stolen and used identity can be used to take out a loan, especially if the victim had great credit scores.

As I was saying, children’s details are of higher demand because nobody checks credit and the identity theft status of their 2 year old; giving the fraudsters about 16 years of use of the identity.

Fraudster tactics include:

Telecom fraud Fraudsters obtain the phone number of an individual, often an elderly person, then call them pretending to be a family member or public service and claiming to be in urgent need of cash.
They ask for money to be deposited in a designated bank account or delivered by hand in order to settle a traffic accident claim, loan shark debt, or other pressing financial need.
Email scams Pretexting involves creating a scenario to engage a targeted victim; for example, impersonating a bank manager or tax inspector to convince the target to share personal information such as account numbers or passwords. This type of scam requires the criminal to conduct research on the victim, in order for the story to appear plausible.
Phishing is similar to pretexting, phishing uses a more generic scenario which is sent to a large number of people in an attempt to draw in as many victims as possible. This is usually done by e-mail and appears as if it comes from a legitimate source which many people frequent, such as popular online shopping websites, e-mail companies or computer tech support companies. The same techniques can also be executed by phone (Vishing) or by text message (SMishing).
CEO fraud / Manager fraud Fraudsters gather publicly available information – usually through the Internet – about the company to be targeted.
They find out details of the Head of the company, and those managers and employees who are authorized to handle cash transfers.
The criminals use this data in order to impersonate the head of company and coerce employees into making an urgent and high-value cash transfer to a designated bank account.
Hacking of e-mail accounts A cybercriminal hacks into an individual’s e-mail account and sends messages to their friends, relatives or colleagues claiming to be in trouble, for example, and needing money.
The recipient is unaware that the e-mail is not actually coming from the person they know, making them more inclined to assist – and thereby assist the criminal in gaining money or accessing their accounts.
Sweepstakes or lotteries A person receives a message along the following lines: ‘Congratulations, you are the grand prize winner! To claim your prize, all you need to do is pay a processing fee so we can release your winnings.’
Very often, names of popular companies or organizations are misused to give the lottery a trustworthy impression.
Despite making the requested payment, the victims never receive the expected prize winnings.
Other techniques include:
Forensic recovery -Analysis of non-securely disposed materials (USB keys, hard drives);
Quid pro quo – Exchange of sensitive information under a misunderstanding;
Baiting – Leaving an infected storage device to be picked up and plugged into a computer;
Tailgating – Following someone to access secured premises;
Diversion theft – Redirecting a courier or transport delivery to another location.

How to report a scam
Individuals
Follow the steps below:
Immediately contact your financial institution and report any unusual activity;
Change any passwords or credentials possibly hijacked. Where possible, choose a second layer of authentication, for example, combining a password and SMS verification;
Report the incident to police or the appropriate agency in your country;
Save all received and sent emails and text messages;
Save all documents of any transactions and remittances.
Companies
If you think you have revealed sensitive information about your company or organization, follow the steps described above.
In addition, report the details to the relevant people in your company, including your security and IT departments.

How to avoid a scam in the first place:
Follow my website, Facebook, or Twitter to stay updated on the latest news, awareness is key that you can use to unlock bad-guys secrets!

Here is an awesome post about Vishing and Smishing by the BBC.

Posted in Security Blog | Tagged , , , , , , , , , , , , , , , | Comments Off on Social Engineering Fraud Losses Doubled in 2015

A Trip to Yuma

Posted on January 8, 2016 by Carmelo

20160109_010935444_iOS

20160108_215944376_iOS

20160108_215821141_iOS

20160108_205521188_iOS

20160108_215650671_iOS

There was a beautiful memorial service and gathering with some very touching photos and wonderful memories shared.

We will definitely miss Uncle Forrest and Aunt Becky.

Posted in life | Comments Off on A Trip to Yuma

Happy New Years! Farewell 2015 and Welcome 2016!

Posted on January 2, 2016 by Carmelo

Another year has left us with many wonderful memories.

  • We will miss Uncle Forrest and Aunt Becky
  • We were very thankful for the joy that visiting family brought
  • Damien finished high school, got a part time job, and signed up for college
    20151006_035922223_iOS20151009_193259621_iOS
  • We were re-united with some friends we haven’t seen in many years!
  • Jaime and Carmelo had a wonderful vacation alone
    20150709_001702000_iOSIMG_1404
  • We got to participate in the very first birthdays of our nephews, Aiden and Beau!
  • Jaime got a new hobby!
    20151206_044443532_iOS
  • We got to witness Pat graduate college
    DSCF2179
  • Carmelo had his running journey!

Carmelo2015

Posted in life | Tagged | Comments Off on Happy New Years! Farewell 2015 and Welcome 2016!

Thanks for the 2015 Views!

Posted on January 1, 2016 by Carmelo

I’ve had an amazing 2015 for visitor traffic, nearly 12,000 views! Thank you to the many visitors! I honestly do try to be a credible source.

Have a fantastic 2016! Keep your data protected and your people informed!

carmelowalshdotcomviews2015b carmelowalshdotcomviews2015a carmelowalshdotcomviews2015

 

Posted in Security Blog | Tagged | Comments Off on Thanks for the 2015 Views!

2015 in Review

Posted on December 31, 2015 by Carmelo

Experiences and Accomplishments

1/1/2015: Started running at least a mile a day

2/7/2015: Arizona Renaissance Festival with period clothing!

2/10/2015: Flew to Walnut Creek to give presentations to the Executives

3/15/2015: Viviana’s First Birthday!

3/16/2015: Vehicle Telematics Device Hacking

3/21/2015: All new stainless steel appliances!

4/7/2015: legal discussion on Phishing in Walnut Creek

4/11/2015: Hung out with Efren

4/20/2015: RSA Conference in San Francisco
met Kevin Mitnick and Brian Krebs

Was featured in the Phoenix Comic Con Program Guide
went to Phoenix Comic Con

Damien Graduated High School!

6/9/2015: CSMC ESA Champions Kick-Off

6/16/2015: Risky Business Kick-Off

6/30/2015: Lost 6 inches around my waist and 30 lbs

7/14/2015: Vacationed in Hawaii

7/18/2015: Ran my first official 5K race and was acknowledged in the Honolulu Pulse

7/24/2015: Went to Comic Con Honolulu

8/16/2015: Reunited with Agnes after 33 years

Beau’s First Birthday in August

9/14/2015: Represented my team for Risky Business in September!

10/20/2015: Had a successful NCSAM month in October

Pat Graduated College with a Bachelor’s in Business Finance

Presented at the IT Business Review

Completed a year of running, lost 45lbs!

Posted in life | Comments Off on 2015 in Review

Christmas 2015

Posted on December 29, 2015 by Carmelo

Merry Christmas! Thanks for joining us and sorry I couldn’t participate as much as I wanted to.

20151217_034353638_iOS

20151217_034203816_iOS

20151223_195440879_iOS

20151223_232302408_iOS

20151224_051125755_iOS

20151224_220349478_iOS

SAMSUNG CSC

20151225_023731158_iOS

 

20151226_205913253_iOS

Posted in life | Comments Off on Christmas 2015

Merry Christmas/Happy Holidays!

Posted on December 24, 2015 by Carmelo

I hope you have an enjoyable holiday!

He’s making a database
He’s sorting it twice
SELECT * from contacts WHERE behavior = ‘nice’
SQL Clause is coming to town

Here are some scams to look out for. 
12Scams_Infographic_800X930_Holidays_fnl

Posted in Security Blog | Tagged , | Comments Off on Merry Christmas/Happy Holidays!

3.3 Million HelloKitty User Details Leaked

Posted on December 21, 2015 by Carmelo

Parents have been advised to change the passwords for their and their kids online accounts to sanriotown, the official online community for HelloKitty. Information leaked onto the Internet comes from accounts registered at a number of other Hello Kitty sites, including hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com.

Sanrio becomes the second company that makes child-focused products to suffer a data breach in the last month. VTech had information on five million customers, including passwords and IP addressess, stolen in November.

Hide yo kids, hide yo info, they hackin’ errbody!
#Funnynotfunny.

Posted in Security Blog | Tagged , , | Comments Off on 3.3 Million HelloKitty User Details Leaked