Basic Consumers… Deal with Breaches

After a breach to a business you frequent or used to frequent now has extra steps. This news video has some basic steps on what to do after a breach. Don’t ignore it, just do it.
Check your balances. Check your credit report.
If you think your identity was stolen, report it.

  1. The Federal Trade Commission. The FTC is the federal agency responsible for receiving and processing complaints by people who believe they may be victims of identity theft. Trained counselors will provide information on the steps you should take to resolve problems and repair damage to your credit record. Certain cases may be referred to law enforcement agencies, regulatory agencies or private entities that can help. Call toll-free 877-IDTHEFT (438-4338). The FTC also maintains the U.S. government’s central Web site for information about identity theft at www.consumer.gov/idtheft. Go there to fill out an online consumer complaint form or link to educational materials.
  2. The three major credit bureaus. Ask them to place a fraud alert in your file, so that lenders and other users of credit reports will be careful before starting or changing accounts in your name. The special toll-free numbers for the fraud departments are: Equifax at (800) 525-6285, Experian at (888) 397-3742 and Trans Union at (800) 680-7289.
  3. Your bank, credit card company or any other financial institution that may need to know. Ask to speak with someone in the security or fraud department, and follow up with a letter. If necessary, close old accounts and open new ones, and select new passwords and “PIN” numbers (Personal Identification Numbers). Your call also alerts the financial institution to a possible scam that may be targeting other customers.
  4. Your local police or the police where the identity theft occurred. Fill out a police report that will detail what happened. Get a copy of the completed report because that can help you clear up questions and problems when dealing with your creditors and other financial institutions.
Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on Basic Consumers… Deal with Breaches

Shepler’s Western Wear

Wichita, Kansas-based Sheplers, which has 21 stores in eight states, said in its announcement Friday that the breach potentially affects customers who used payment cards at its retail locations between June 11 and Sept. 4, 2014. It said the information at risk includes names, account numbers for both credit cards and debit cards, and card expiration dates.

The retailer said it has found no evidence that debit card PINs have been compromised, and it does not believe that social security numbers, which are not stored on payment cards, could have been accessed.

PINs? Do they store PINs? Why would they have customer ssn? I’m confused.

Posted in Security Blog | Tagged , , , , , | Comments Off on Shepler’s Western Wear

Viator/TripAdvisor

TripAdvisor has suffered a data breach at its Viator tour-booking and review website.

An estimated 1.4 million Viator customers are potentially affected by the compromise, which the firm admits may have exposed payment card data.

The compromise also potentially aired 1.4 million email addresses, passwords and Viator “nickname” associated with accounts. Viator only became aware of the breach after investigators looking into incidents of credit card fraud made the link that victims were also users of its site.

The cause of the breach, much less who might be behind it, is currently undisclosed and quite possibly unknown at this stage of the ongoing investigation. How bad-guys decrypted “encrypted” credit or debit card numbers exposed by the breach is also unclear and the suspicion must be that this information was not as strongly protected as it ought to have been.

Posted in Security Blog | Tagged , , , , , | Comments Off on Viator/TripAdvisor

Zemot Malvertising

Google has confirmed that their ad technology foundation to create, transact, and manage digital advertising for the world’s buyers, creators and sellers; has been exploited to deliver malicious advertisements to millions of internet users that could install malware on a user’s computer.

Malvertising (Malware Advertising) is nothing new.

Malicious advertisements lead users to websites containing Nuclear exploit kit, which looks for unpatched versions of Adobe Flash Player or Internet Explorer running on victim’s system. If found one, it downloads the Zemot malware, which then communicate it to a remote server and downloads a bunch of other malicious applications.

zemot4

Update from Malwarebytes blog @ (09/19/14 9:20 AM PT): It appears that the malicious redirection has stopped. Last activity was detected by our honeypots around midnight last night, and nothing else since then. We are still monitoring the situation and will update here if necessary.

Lesson learned: Keep your systems updated, and scan for viruses (McAfee, Symantec, Windows Defender) and malware regularly. You may also want to get an adblocker like adblockplus.

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on Zemot Malvertising

Privacy? Not in the US

fbi system

In a recent post from the FBI: The FBI and Congress have thus far failed to enact meaningful restrictions on what types of data can be submitted to the system, who can access the data, and how the data can be used. The Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Division announced on September 15th, the achievement of full operational capability of the Next Generation Identification (NGI) System. The FBI’s NGI System was developed to expand the Bureau’s biometric identification capabilities, ultimately replacing the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) in addition to adding new services and capabilities.

The image searching system will eventually replace the FBI’s fingerprinting system as well as provide the agency with many kinds of new services and capabilities. Roughly 4.3 million of the database’s 52 million photos will be civilian images by 2015, taken for non-criminal purposes like employment identification.

Makes me think of great movies like Enemy Of The State, Eagle Eye, and Live Free or Die Hard

Posted in Security Blog | Tagged , , , | Comments Off on Privacy? Not in the US

Encrypting Your Android Phone

I’ve been a huge fan of Android based phones. New Android phones will be encrypted by default, but if you have had your smart phone for over a month, you probably do not have encryption enabled.

Why would you want to encrypt your phone? Well, the answer is quite simple. The answer is encryption does more than just bar a person from accessing information on your phone, as the lock screen does. You can think of the lock screen as a lock on a door: Without the key, uninvited guests can’t come in and steal all your belongings. Encrypting your data takes it a step further. It makes the information unreadable even if somehow a hacker got through the lock screen. Software and hardware vulnerabilities that can let someone do that are found from time to time, though they’re usually quickly fixed. It’s possible for determined attackers to hack lock screen passwords.

The downside to encrypting your mobile data on Android devices, is it’ll take longer for you to log into your device.

Here’s how to do it:

  1. Plug your phone into a charger
  2. Make sure you can be without your phone for an hour or so
  3. Go to Settings
  4. Scroll down to Security
  5. Think of a 6 character password that is alpha-numeric
  6. Select Encrypt device

It can take awhile to encrypt all your mobile data.
encryptandroid
Once you are completed with that step, don’t forget to also encrypt your external SD card.

You have all seen at least one person unlock their phone in front of you. Don’t be that guy… It defeats the purpose of setting up a pin and password for your phone if you are going to advertise.

Posted in Security Blog | Tagged , , , , , | Comments Off on Encrypting Your Android Phone

Home Depot Confirms 56 Million Payment Cards

Home Depot says 56 million payment cards affected by data breach.

hdhack

From the Home Depot Website
On Sept. 8, we confirmed that our payment data systems were breached, which could potentially impact customers who used a payment card at our U.S. and Canadian stores in 2014, from April to September. Today, we are able to tell you that the malware used in the recent breach has been eliminated from our U.S. and Canadian networks.

We also want you to know that we have completed a major payment security project that provides enhanced encryption of payment card data at point of sale in our U.S. stores, offering significant new protection for customers. The rollout of enhanced encryption to Canadian stores will be completed by early 2015. Canadian stores are already enabled with EMV “Chip and PIN” technology.

We apologize for the frustration and inconvenience this breach may have caused.

We also want to emphasize that you will not be liable for any fraudulent charges to your accounts, and we’re offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on.

You can learn more about the identity protection services and how to sign up for them at https://homedepot.allclearid.com/.

I, just signed up with allclearid.com and it literally takes seconds. They ask for your name and email.

register_storybody

From Krebs:
The malicious software that unknown thieves used to steal credit and debit card numbers in the data breach at Home Depot this year was installed mainly on payment systems in the self-checkout lanes at retail stores, according to sources close to the investigation.

Posted in Security Blog | Tagged , , , , | Comments Off on Home Depot Confirms 56 Million Payment Cards

Cyber Risk Video!

Huge favor to ask any followers of mine. Go to this site and watch my video on cyber risk. It’s not so much a video as it is a presentation with voice recorded.


http://csaa-insurance.aaa.com/content/aaa-ie/b2c/en/risky-business/day-4-video-cyberrisk.html

Posted in Security Blog | Tagged , | Comments Off on Cyber Risk Video!

Marc and Jolyn’s Baby Shower

Family Pic

From left to right
Carmelo, Jaime, Denise, Jim, Courtney, Pat, Jolyn, Mark, Beau, Maria, Tricia, and Peter

Today was Marc and Jolyn’s baby shower and this awesome picture was taken. I can’t wait to meet baby Aiden!

Posted in life | Comments Off on Marc and Jolyn’s Baby Shower

An Introduction to Cyber Security

The Open University Presents: An Introduction to Cyber Security, which starts on October 13th, so register now!

This free online course will help you to understand online security and start to protect your digital life, whether at home or work. You will learn how to recognize the threats that could harm you online and the steps you can take to reduce the chances that they will happen to you.

This course has been developed by The Open University with support from the UK Government’s National Cyber Security Programme and can be accessed free of charge.

Learn more and enroll in this MOOC here.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on An Introduction to Cyber Security