Archive for Data protection

RB | July 2, 2011
No comments

AccountKiller KO’s Online Accounts

Data theft AccountKiller.com says it is a website dedicated to helping social network users reclaim their  personal data. The web site helps users reclaim their personal data by explaining and ranking social networking sites. The web site explains how to delete accounts and ranks them by how hard it is reclaim your personal information.

AccountKiller provides instructions to remove your account or public profile on most popular websites, including Skype, Facebook, Microsoft (MSFT) Windows Live, Hotmail, MSNTwitterGoogle (GOOG) and many more.

Data MiningThe creators of AccountKiller have also created a blacklist of  sites that do not allow their users to reclaim their personal information.  According to the web site a black-listed site indicates it’s probably impossible or highly difficult to get rid of your account. Among the sites AccountKiller as blacklisted are:

The grey-listed sites may cost your some irritation or effort – but it should be possible to terminate your account says AccountKiller. These sites will require you need to send a mail to the site, send a message using a webform or even call them to recover your personal information.

The creators of AccountKiller say that sites purposely make it difficult or even impossible to delete your account for two reasons. First, because they are profiting from their users data. These sites are in the business of data customer retention.  Alternatively, they suggest that these developers may simply be ignorant, lazy or incompetent, i.e. not being able to create some account deletion function.

Michigan iron ore miner

Lets see what can be dug up on you

Kudos the creators of AccountKiller, I now recommend this site to anyone who has questions about these social networking sites. It is time for social networking sites to provide transparency into their real business model, data collection, otherwise there could be a social networking bubble.

What do yo think?

Do you know how to get out of your social networking sites? Can you?

Are we in a social networking bubble?

Related articles
Apple (AAPL)
Category: Data protection, Social Networking | Tags: , , , , , , , , ,
RB | April 6, 2011
No comments

BP Data Spill

Data breachNational Public Radio (NPR) reports that British Petroleum’s (BP) problems in the US now includes a data spill as well as the oil spill. BP is paying compensation amounting to $4,000,000,000 to victims of its mishap incident disaster in the Gulf of Mexico last summer.

Now BP has lost the personally identifiable information (PII)  on approx. 13,000 of its victims who are seeking compensation for oil spill damages. NPR reports that names, addresses, phone numbers and social security numbers, were lost opening these people to identity theft.

British PetroleumBP spokesman Curtis Thomas told NPR that the oil giant mailed letters to roughly 13,000 people whose data was stored on the missing computer, notifying them about the potential data security breach and offering to pay for their credit to be monitored. The company also reported the missing laptop to law enforcement, he said. The laptop was password-protected, but the information was not encrypted, Mr. Thomas said.

The employee lost the laptop on March 1 during “routine business travel,” said BP”s Thomas, who declined to elaborate on the circumstances. “If it was stolen, we think it was a crime of opportunity, but it was initially lost,” Thomas said. Asked why nearly a month elapsed before BP notified residents about the missing laptop, Mr. Thomas said, “We were doing our due diligence and investigating.”

Matt O’Brien, part owner of Tiger Pass Seafood, a shrimp dock in Venice, La., who said he had filed a claim with BP, told an AP reporter this was the first he had heard about the possible compromise of his personal information by BP. “That’s like it’s par for the course for them.” Mr. O’Brien said of BP, “They can’t seem to do nothing right.”

Once again, 13,000 lives are disrupted because a single laptop which was not encrypted, was lost or stolen “during routine business travel”. SophosNaked Security blog pointed out in 2008 that laptops are easy to lose. The security vendor cited a survey which found that 12,000 laptops are lost every week at US airports alone. The trend h

In that 2008 survey, almost three years ago now, 53% of people said that their laptops contained confidential business information, with two-thirds having taken no measures to secure their data. Clearly, some companies still aren’t taking proper measures.

RB-

As BP again has demonstrated, we all need to lift our game, As Sophos says, even if your organization is willing to take risks with your own data, firms have a clear moral duty not to take risks with data you keep about other people.

During these economic times, many organizations are saving a few pennies by doing as little as possible about encryption-related security. Why not consider the value of encryption to your business, instead of considering only the cost?

What do you think?

Oil spills, Data spills, Outrageous gas prices – Is BP out to get the US?

How secure is your customer data?

 

Category: Data protection, Security | Tags: , ,
RB | March 2, 2011
One comment

Meds Talk M2M

PfizerDon’t worry about Big Brother, its Big Pharma that gets the latest award for invading your space. Dailywireless.org reports that drug maker Pfizer (PFE) wants to boost the profitability of its cholesterol-lowering Lipitor by calling you to nag remind you to take your script. According to Dailywireless.org if every Lipitor pill prescribed were taken, Pfizer expects that to increase it sales of the cholesterol-lowering drug by an extra $7 billion a year. Pfizer intends to use Vitality GlowCaps to grow its Lipitor business to $17 billion a year.

Vitality GlowCapVitality GlowCaps, are a wireless, Internet-connected bottle cap, that uses light and sound to alert users and phones home if they forget to take their Lipitor. Vitality and automated communication company Varolii, developed the GlowCap which has an embedded computer chip that communicates via low-frequency RF with a cellular-connected nightlight. The nightlight sends information to Vitality via a GE864-QUAD chip from Telit, a leader in the machine-to-machine (M2M) communications, over AT&T’s (T) GSM/GPRS network.

If a user misses a dose, an alarm will sound that gradually escalates “from a three-note arpeggio to an 11-note arpeggio,” Vitality President Josh Wachman told MobiHealthNews.  The GlowCap can also flash a light, play a ringtone, send text messages or e-mails and even call the user’s mobile phone to remind them to take their drugs.  The Dailywireless.org says that if the GlowCap remains unopened long enough, a patient will receive an automated call that asks a series of questions on why they didn’t take their drugs. GlowCaps also include a button that starts a call between the user’s phone and their pharmacy when the medication needs to be refilled.

Vitality iPad AppVitality CEO David Rose told MobiHealthNews that the company was developing an iPad app for its pharma brand managers to help them track in real-time the success of their GlowCap programs. As part of the deal, Vitality gave away iPads to any GlowCap customer, which Mr. Rose said included pharmacos and insurers, that distributes more than 10,000 GlowCaps to its customers. “With the secure app, they can see adherence patters as they emerge, everyday, in realtime. For example they can see the total value higher adherence creates for the brand. The resulting cost-savings, in the case of insurers. Even how adherence varies by demographic slice or geography (media market),” Mr. Rose wrote.

The AT&T cellular-enabled GlowCaps which can be bought on Amazon.com for $99, comes with the night-light that connects wirelessly to AT&T’s cellular network, a bottle cap and a six-month subscription to the service. After six months, subscriptions cost $15 a month.

rb-

Talk about convergence! Mobile-to-Mobile + Connected health-care +Data protection. Any wonder why we need IPv6?

According to RCR Wireless, “Connected Healthcare” is a term used to describe a model for healthcare delivery that uses technology to give healthcare remotely. Connected healthcare is a sub-set of all Machine to Machine (M2M) devices which are expected to increase by 36 percent this year. Utilities, healthcare and securities industries will lead the charge to a total of 2.1 billion “connected M2M devices” by 2020, according to research from Analsys Mason.

What do you think?

Does the idea of getting harassed by your own script sit well with you?

Are you comfortable with Pfizer data-mining your day-to-day health-care activities?

Category: Data protection, Security, Wireless | Tags: , , , ,
RB | February 23, 2011
No comments

The Value of Stolen Credentials

data theftThe evolution of Web 2.0 services and the parallel world of cybercrime is driving up the price that criminals charge each other for user credentials. The price of a file of user credentials, aka  a `dump’ in hacking circles, depends on the Internet service(s) where they can be used, Amichai Shulman, CTO of Imperva told Help Net Security.

imperva “Just five years ago, the illegal trade in credit card details was a rising problem for the financial services industry, as well as their customers, with platinum and corporate cards being highly prized by the fraudsters,” he said. “Today, however, there are reports of Twitter credentials changing hands for up to $1,000 owing to the revenue generation that is possible from a Web 2.0 services account. This confirms our observations that credentials can fetch a high sum according to both the popularity of the application, and the `popularity’ of the account in question,” the Imperva CTO told Net Security.

twitterThis is illustrated by the `going rate’ of $1.50 for a Hotmail account, and $80.00-plus for a Gmail account. As a service, Hotmail has fallen out of favor, while Gmail’s all-round flexibility means it is central service for business users, Mr. Shulman said. This means that Gmail credentials can also give access to a range of Google cloud services, including Google Docs and Adword accounts. Mr, Shulman explained that Google Docs can contain valuable additional information on the legitimate owner, while an Adwords account can allow criminals to manipulate existing and trusted search engine results.

And it’s a similar story with Twitter accounts, but with the added dimension of the immediacy of a social networking connection, said Mr. Shulman.  “Twitter accounts are valuable to criminals that they will use almost any technique to harvest user credentials, including targeted phishing attacks. Once a fraudster gains access to a Twitter account, they can misuse it in a variety of ways to further their fraudulent activities,” he said. What’s happening is that users are re-using passwords that they’ve used on other sites, and some of those other sites turn out to have not been secure.

That’s the thing; as soon as any of the sites you log in to gets compromised, the email address or username and password associated with it can be tried by the bad guy on various other services. Since most people re-use passwords, there’s a high likelihood that they will gain access to your account. From there, who knows what kind of damage they might cause. If you’re lucky, you’ll notice something’s amiss.  Twitter advised that people are continuing to use the same email address and password (or a variant) on multiple sites.  We strongly suggest that you use different passwords for each service you sign up for.

In a related article, Trusteer reports that most of online banking customers reuse their login credentials to use non-financial and much less secure websites. Trusteer found that 73 percent of bank customers use their online account password to get access to other websites, and that 47 percent use both their online banking user ID and password to login elsewhere on the Internet.

Cybercriminals are exploiting the widespread reuse of online banking credentials. These criminals have devised various methods to harvest login credentials from less secure sources, such as webmail and social network websites. Once acquired, these usernames and passwords are tested on financial services sites to commit fraud.

The report’s key findings include:

  • 73% of users share the passwords which they use for online banking, with at least one nonfinancial website
  • 47% of users share both their user ID and password with at least one nonfinancial website
  • When a bank allows users to choose their own user ID, 65% of users share this ID with nonfinancial websites
  • When a bank chooses the user ID for its customers, 42% use the bank issued user ID with at least one other website.

“Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and passwords,” said Amit Klein, CTO of Trusteer and head of the company’s research organization. “Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites.”

“If this isn’t a wake-up call to anyone with multiple IDs that use the same password, I don’t know what is. Internet users – especially those with business accounts – need to use different passwords for different services, or they could face the disastrous consequences of taking a slack approach to their credentials,”Shulman told Help Net Security.

Category: Business, Data protection, Security | Tags: , ,
RB | March 30, 2010
No comments

Digital Swiss Army Knife

Victorinox, the firm behind the legendary Swiss Army Knife, fas introduced the Victorinox Secure Pro. The Secure Pro has a USB memory stick integrated into it. The firm claims it the most secure USB stick of its kind available to the public. It uses several layers of security including a fingerprint scanner linked to a heat and oxygen sensor capable of determining whether the user’s finger is still attached to a living person – so that a detached finger will not yield access to the memory stick’s contents. Any attempt to forcibly open the Victorinox Secure triggers a self-destruct mechanism that destroys the CPU and memory chip.

The Victorinox Secure Pro uses AES256 technology, together with MKI’s Schnuffi Platform Single Chip Technology. Martin Kuster, CEO of security chip specialist MKI, told InfoWorld,  “I’m concerned about the way technology is progressing, with all our personal data going into “the cloud.” Soon everything will go into the cloud – and I don’t like it! Perhaps one day I will have to buy back all this information from eBay!”  The security integrates Single Chip Technology, meaning that there are no external and accessible lines between the different coding/security steps, as on multi-chip solutions; this makes cracking the hardware impossible.

Victorinox was so confident of its new product’s security that it offered a $150,000 prize to a team of professional hackers if they could break into it during the two hours product launch event. The money went uncollected. Victorinox Secure’s designer Kuster, stated, “Life is becoming more digital every day… And yet people do so little to protect their data. The world’s most common password is ‘12345’ - and even encryption can be broken given time.”

“We wanted to create not only a product for today’s modern lifestyle but a new generation of memory stick that had all the values of functionality and reliability that the iconic Swiss Army Knife has come to represent” stated Carl Elsener Jr., Victorinox’s CEO. “We think of the Victorinox Secure as the digital Swiss Army Knife.”

The Secure Pro was launched 03-25-10  in London  and  is available in 8GB, 16GB and 32GB sizes and will sell for $75 to $270. Additional features include:

  • LED Mini White Light
  • Retractable Ball Point Pen
  • Blade
  • Scissors
  • Nail File with
  • Screwdriver
  • Key ring

David Reinsel, group vice president of storage and semiconductor research at IDC was on-point when he stated, “It’s a cool product that will capture attention,” said . But “adoption en-masse by corporations is quite another thing.” Reinsel told Newsfactor.com that there’s no doubt that data breaches are expensive for businesses in many ways. However, so is data on a computer that sits behind an encryption key that only the employee knows, he said. “Hence the age-old issue — corporations (most of them) want to control the encryption methodology and the keys,” Reinsel said. “Any corporate solution would have to allow for some type of master-key so that the company can get at a rogue employee’s data.”

rb-

Mr. Reinsel is on-point, this device, no matter the cool-factor is a threat to the enterprise’s data. The size of the device can swallow a whole database and once it is encrypted with an individuals key, it is pretty much gone. There is also the risk that some overambitious TSA agent will “confiscate” it if the user forgets to put the knife part of the device in checked baggage.

Despite all of that the cool-factor is high and I want one.

Category: Data protection, Security | Tags: ,
« Older Entries  

Switch to our mobile site