August 8, 2017

"Long passwords that contain four words are much harder to break than shorter ones with a mix of letters, characters and numbers"

The man who came up with the safe password rules admits he was WRONG

Bill Burr's 'bible' on password security was written in 2003 while he worked for the US Government.  His guidance was to change passwords often, use numbers, include non-alphabetic symbols and try capital letters and change passwords every 90 days. He says he now 'regrets' his advice as passwords that use these guidelines are often easier to hack.

'It just drives people bananas and they don't pick good passwords no matter what you do,' he said.
'Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess',

Experts now believe long passwords that contain perhaps four words are much harder to break than shorter ones with a mix of letters, characters and numbers. Cartoonist Randall Munroe found it would take 550 years to crack 'correcthorsebatterystaple' where as the password 'Tr0ub4dor&3' - which was previously considered strong by Mr Burr's calculations - could be hacked in three days.

There's a Simple New Way to Find Out if Hackers Already Have Your Password

When massive data breaches happen to the companies we actually trust with our online credentials, our usernames and passwords can become totally exposed – but luckily, there's now a simple way to find out if you've been compromised

Troy Hunt is an Australian security researcher and the man behind Have I Been Pwned (HIBP), a website that lets people check if their email addresses and usernames have been involved in some of the biggest data breaches ever – involving companies like Myspace, LinkedIn, Adobe, Dropbox (and sadly hundreds more)....He has created a new tool called Pwned Passwords that does the same kind of thing, but this time it lets you enter just your passwords to see if they've been leaked in any of the aforementioned hacks.

There's a staggering 320 million leaked passwords stored in this database...none of the passwords here are stored alongside the email addresses or usernames that they pair with....Hunt explains  "It goes without saying but don't enter a password you currently use into any third-party service like this! I don't explicitly log them and I'm a trustworthy guy but yeah, don't."

Your 'Anonymous' Browsing Data Isn't Actually Anonymous

It requires an astonishingly small amount of browsing information to identify an individual out of an anonymous dataset of 3 million people. Since everyone's browsing habits are unique, it only takes about 10 website visits to create a "fingerprint" for an individual based on which websites they are visiting and when.....

the most worrisome part of collecting browsing data is that it is legal and relatively cheap to obtain. After contacting over 100 data brokers, Eckert said that the quoted prices she received for a month's worth of browsing data ranged from 10,000 to 500,000 euros—chump change in the world of politics...Even companies like Web of Trust, whose business model is built on safe and anonymous web browsing, are liable to unintentionally expose users browsing habits.

The Company That Knows Everything About You Is Now Punishing Thoughtcrimes

Google, which is worth $498 billion and employs more than 60,000 people worldwide, was not big enough in the end for the triggering perspective of a single engineer.


I've switched to DuckDuckGo as my default search engine.  It doesn't store my personal info or track me or follow me with ads.


Posted by Jill Fallon at 8:35 PM | Permalink

June 23, 2017

Double Pulsar - the cyber 'nuclear bomb'

In the New York Times - A Cyberattack ‘the World Isn’t Ready For’

Two weeks after IDT was hit, the cyberattack known as WannaCry ravaged computers at hospitals in England, universities in China, rail systems in Germany, even auto plants in Japan. No doubt it was destructive. But what Mr. Ben-Oni had witnessed was much worse, and with all eyes on the WannaCry destruction, few seemed to be paying attention to the attack on IDT’s systems —

Worse, the assault, which has never been reported before, was not spotted by some of the nation’s leading cybersecurity products, the top security engineers at its biggest tech companies, government intelligence analysts or the F.B.I.....the assault on IDT relied on cyberweapons developed by the N.S.A. that were leaked online in April by a mysterious group of hackers calling themselves the Shadow Brokers — alternately believed to be Russia-backed cybercriminals, an N.S.A. mole, or both.

The WannaCry attack — which the N.S.A. and security researchers have tied to North Korea — employed one N.S.A. cyberweapon; the IDT assault used two... EternalBlue...and DoublePulsar. The N.S.A. used DoublePulsar to penetrate computer systems without tripping security alarms....“The world is burning about WannaCry, but this is a nuclear bomb compared to WannaCry,” Mr. Ben-Oni said. “This is different. It’s a lot worse. It steals credentials. You can’t catch it, and it’s happening right under our noses.” And, he added, “The world isn’t ready for this.”
The chances that IDT was the only victim of this attack are slim. Sean Dillon, a senior analyst at RiskSense, a New Mexico security company, was among the first security researchers to scan the internet for the N.S.A.’s DoublePulsar tool. He found tens of thousands of host computers are infected with the tool, which attackers can use at will. “Once DoublePulsar is on the machine, there’s nothing stopping anyone else from coming along and using the back door...

More distressing, Mr. Dillon tested all the major antivirus products against the DoublePulsar infection and a demoralizing 99 percent failed to detect it....The Shadow Brokers resurfaced last month, promising a fresh load of N.S.A. attack tools, even offering to supply them for monthly paying subscribers — like a wine-of-the-month club for cyberweapon enthusiasts.
Posted by Jill Fallon at 10:39 AM | Permalink

May 26, 2017

The "erosion of privacy is a cancer of digital life"

Your Data Is Way More Exposed Than You Realize WSJ

To get a handle on your online privacy, first understand how much of your data is already out there, and how it can be weaponized.

Privacy wasn’t a concern for her until it was too late.....She suspected her ex of stalking her online, and posting her information to fuel harassment. “It is psychological torture,” she told me.....Her nightmare, which is ongoing, might not resemble your life or mine. But it’s a stark reminder that erosion of privacy is a cancer of digital life. And while we might not talk about privacy as often as the latest cool app, it’s only getting worse.

I hear this all the time: “I have nothing to hide.” The truth is, pretty much everybody does something online they have reason to keep private. You can’t see the future. The woman I spoke to said she never planned on getting into what she described as a terrible relationship.
I have a theory: People would care a lot more about privacy if they realized how exposed they already are. So I invited a half-dozen volunteers I hadn’t met before into my lab to see how much extremely personal information I could find about each of them in under an hour.  I managed to shock every person. It wasn’t even very hard.
Level one was calling up what’s out there and totally public. Lots of people have googled themselves, but fewer are familiar with “people search engines” like and Spokeo, which pull together and cross-reference public data, such as property records and court reports, into one place. Anyone can use them to look for birth dates, current and former addresses, phone numbers, gobs of relatives—even ex-lovers and roommates.
Level two in my privacy test was looking at data we willingly give to companies like Google. My volunteers brought their laptops and logged in. What we found provoked their most uncomfortable reactions.

Why privacy is so important

From  The Unwanted Gaze: The Destruction of Privacy in America by Jeffrey Rosen, a legal scholar

“Privacy protects us from being misdefined and judged out of context in a world of short attention spans, a world in which information can easily be confused with knowledge. True knowledge of another person is the culmination of a slow process of mutual revelation. It requires the gradual setting aside of social masks, the incremental building of trust, which leads to the exchange of personal disclosures. It cannot be rushed...In a world of short attention spans, privacy is necessary to protect citizens from the misjudgments that can result from the exposure of too much information as well as too little information. Filtered or unfiltered, information taken out of context is no substitute for the genuine knowledge that can only emerge slowly over time...

“Privacy is necessary for the formation of intimate relationships, allowing us to reveal parts of ourselves to friends, family members, and lovers that we withhold from the rest of the world. It is, therefore, a precondition for friendship, individuality, and even love. In The Unbearable Lightness of Being, Milan Kundera describes how the police destroyed an important figure of the Prague Spring by recording his conversations with a friend and then broadcasting them as a radio serial. Reflecting on his novel in an essay on privacy, Kundera writes, “Instantly Prochazka was discredited: because in private, a person says all sorts of things, slurs friends, uses coarse language, acts silly, tells dirty jokes, repeats himself, makes a companion laugh by shocking him with outrageous talk, floats heretical ideas he'd never admit in public, and so forth.”

“We are trained in this country to think of all concealment as a form of hypocrisy. But we are beginning to learn how much may be lost in a culture of transparency: the capacity for creativity and eccentricity, for the development of self and soul, for understanding, friendship, and even love. There are dangers to pathological lying, but there are also dangers to pathological truth-telling. Privacy is a form of opacity, and opacity has its values. We need more shades and more blinds and more virtual curtains. Someday, perhaps, we will look back with nostalgia on a society that still believed opacity was possible and was shocked to discover what happens when it is not.”

Google Is About To Start Tracking Your Offline Behavior, Too

It’s no secret that Google already monitors its users’ online shopping activity, but now it will follow them out of their homes and keep a close eye on every interaction they make. The tech giant announced a new system to track users’ in-store credit card purchases Tuesday in a statement published on the company’s official blog.

Top 9 Reasons to Stop Using Facebook... Now.

1. Facebooks creates false endorsements for products from you to your friends - and they never reveal this to you.....
3. They read your private messages and the contents of the links you send privately.....
4. They’ve introduced features that turn your phone’s mic on without telling you....
7.They’ve used snitching campaigns to trick people’s friends into revealing information about them that they chose to keep private.....
8.They use the vast amount of data they have on you, from your likes, things you read, things you type but don’t post, to make highly accurate models about who you are – even if you make it a point of keeping these things secret. There are statistical techniques, which have been used in marketing for decades, that find correlating patterns between someone’s behavior and their attributes. Even if you never posted anything, they can easily work out your age, gender, sexual orientation and political views. When you post, they work out much more. Then they reveal it to banks, insurance companies, governments, and of course, advertisers.
9. Facebook is demanding to track what you buy, and your financial information like bank account and credit card numbers. You’ve already agreed to it in the new Terms Of Service. It’s already started sharing data with Mastercard..
Posted by Jill Fallon at 5:21 PM | Permalink

May 10, 2017

The insecurity of the Internet of Things

‘How can I have a doctorate in physics from MIT and trust technology?

Dr. Herbert Lin, one of the nation’s pre-eminent thinkers on cybersecurity policy, shuns the internet-connected devices that fill some American homes.  He’ll have nothing to do with “smart” refrigerators, hands-free home speakers he can call by name, intelligent thermostats and the like.....Part of what he distrusts is the “internet of things,” and the ease with which hackers can penetrate “smart” devices with digital worms and shanghai them into massive robotic networks to launch crippling digital attacks or generate ever greater quantities of spam.
Internet-enabled devices are exploding in number. Gartner, a research giant in technology, says the devices will climb from 6.4 billion at the end of last year to 25 billion by 2020. Such growth sharply augments the power of hidden robotic networks, or botnets....Weaponized digital worms are entering the scene and infecting masses of devices that obediently await instructions from a remote master to spring to action, possibly a new botnet attack.
Many consumers don’t realize that internet-enabled devices are unregulated and insecure – simpleton digital recruits in potential malicious armies.

A botnet already made headlines once. Last Oct. 21, a botnet slowed internet activity to a crawl along the Atlantic Seaboard. A hacker using a malicious worm dubbed Mirai – Japanese for “the future” – took over thousands of internet-connected security cameras and other seemingly innocuous devices and ordered them to fire relentless digital “pings” at a New Hampshire company, Dyn, that oversees part of the backbone of the internet. Dyn was overwhelmed, and popular sites such as Twitter and The New York Times were temporarily inaccessible.
Posted by Jill Fallon at 2:48 AM | Permalink

March 8, 2017

Digital brain disorders and tips for easy stress-relief

5 new brain disorders that were born out of the digital age

1. Nomophobia - the feeling of panic one has upon being separated from one's phone or tablet. In one U.K. survey, 73 percent of respondents felt panic when they misplaced their phone. And for another 14 percent, that panic spiraled into pure desperation.
2. Technoference - It could also be dragging down our relationships. In one 2014 study, more than half of the 143 participants said that tech devices interrupt their leisure time, conversations, and meals with their significant other. The researchers gave these interruptions a name: "technoference." Not surprisingly, higher technoference correlated directly with lower relationship and life satisfaction.
3. The phantom ring - Fauxcellarm, phantom ringing, and ringxiety are new to our lexicon, thanks to the universal presence of our buzzing, pinging smartphones. These terms refer to the perception that one's mobile device is ringing (or, more precisely, vibrating) when, in fact, it is not.
4. Cyberchondria - Hypochondria is not a new disorder, but the internet has taken it to the next level. In the broadest definition, cyberchondria refers to people who research and diagnose their own illnesses online. Sure, we've probably all done that — in fact, one in three American adults say they have used the internet to self-diagnose. But for some people who might already be prone to hypochondria, this can be detrimental.
5. Truman Show Delusion. Do you ever have that spooky feeling that someone's watching you? In the 1998 film The Truman Show, Truman Burbank had that feeling too, only his turned out to be true.---while it isn't directly caused by our digital devices, Truman Show Delusion is a product of our overly connected, reality-TV obsessed, social media–driven lifestyles that nurture our most narcissistic qualities.

The last one, #5, may not be a delusion at all given the latest Wikileaks drop, Vault #7, which show the CIA tapping just about everyone through our phones, smart TVs, and deliberately insecure software.                                                 

New Neuroscience Reveals 4 Easy Rituals That Will Make You Stress-Free

1. Clench your facial muscles and relax them: (If you use Botox, just skip to the next tip.)

2. Take slow, deep breaths: If it gets Navy SEALs through Hell Week, it’ll get you through tax season.

3. Splash your face with cold water: Wakes you up, calms you down and cleans your mug. Now that’s efficiency.

4. Play some music and do a little dance: Add a “neuroscience” playlist to Spotify.

Even easier ways to  kill stress and be happier with almost no effort whatsoever.

Research shows that owning a dog reduces stress. In fact, the effect is so powerful that just watching a video of a cute animal reduces heart rate and blood pressure in under a minute.

Watch nature documentaries to instantly boost your mood

A new study has found even watching small clips of shows such as Planet Earth II boosts people's emotions of awe, contentedness, joy and amusement.  It also can instantly help reduce anxiety, fear and tiredness.

Findings come from the BBC research, in collaboration with University of California, Berkeley.
Reviewing 150 further studies as part of the project, Berkeley's Professor Dacher Keltner found that our connection to nature enhanced our attention, cognitive performance and sense of calm. This made us more social and effective teamworkers and could even improve our physical health.
Posted by Jill Fallon at 1:04 PM | Permalink

September 12, 2016

An even darker side to identity theft

When victims of identity theft become criminal suspects and law enforcement or creditors mistakenly targeted them because someone else used their identity to commit crimes.

Stolen Identities, Stolen Lives

Identity theft is one of the fastest growing crimes, taking billions from American consumers each year. Now the NBC Bay Area Investigative Unit has uncovered a more insidious form of stolen identity that can also take your freedom.

The Federal Trade Commission monitors identity theft crimes nationwide. The Investigative Unit combed through years of FTC complaint data and found nearly 15,000 reports since 2013 from victims of identity theft who mistakenly had criminal and civil actions waged against them.
NBC Bay Area’s investigation found that the current system to track and catch identity thieves is so fragmented thousands of people like Jennifer become trapped for years, unable to extract themselves, even when they do everything officials tell them to do.

It’s a nightmare that dental assistant Jennifer Vrooman says she has been living for over a decade.
After a decade of saving every receipt, every memo, every police report and credit application, Jennifer Vrooman says she’s done everything to protect herself, yet still finds her entire life stolen held hostage to that person out there who might pop up and use her identity again.
Posted by Jill Fallon at 11:44 AM | Permalink

August 24, 2016

What Facebook knows or is trying to discover about you

Here are the alarming 98 facts and secrets Facebook knows about YOU

Social network reveals the astonishing amount of data it holds on people who uses its services....Now Mark Zuckerberg’s firm has revealed the 98 “data points” it holds on all users, which can be found in a new website revealing how it targets users with advertising....Here are the facts and secrets Facebook has found out about you or is trying to discover, according to the Washington Post.

1.  Your location
2. Age
3. Generation
4. Gender
5. Language
6. Education level
7. Field of study
8. School
9. Ethnic background
10. Income and net worth
11. Home ownership and type of home
12. Value of home
13. Size of your property
14. Square footage of home
15. The year your home was built
16. Who lives in your house
17. Whether you have an anniversary approaching in the next month
18. If you’re living away from family or hometown
19. Whether you’re friends with someone who has an anniversary, is newly married or engaged, recently moved, or has an upcoming birthday
20. If you’re in a long-distance relationship
21. If you’re in a new relationship
22. If you have have a new job
23. If you’re recently engaged
24. If you’ve just got  married
25. If you’ve moved house recently
26. When your birthday is coming up
27. Parents
28. Expectant parents
29. Mothers, divided by ‘type’ (which includes ‘soccer mums’ or other maternal tribes)
30. If you are likely to engage in politics
31. Whether you are conservative or liberal
32. Relationship status
33. Employer
34. Industry
35. Job title
36. Office type
37. Interests
38. Whether you own a motorcycle
39. If you’re planning to buy a car
40. If you have purchased auto parts or accessories recently
41. If you are likely to buy auto parts or services
42. The style and brand of your car
43. The year your car was bought
44. Age of car
45. How much money you’re  likely to spend on next car
46. Where you are  likely to buy next car from
47. How many employees your company has
48. If you own small businesses
49. If you work in management or are executives
50. If you have donated to charity (divided by type)
51. Operating system
52. If you play browser games
53. If you own a gaming console
54. If you have created a Facebook event
55. If you have used Facebook Payments
56. If you have spent more than average on Facebook Payments
57. If you administer a Facebook page
58. If you have recently uploaded photos to Facebook
59. Internet browser
60. Email service
61. Early/late adopters of technology
62. If you are an expat and what country you left
63. If you belong to a credit union, national bank or regional bank
64. If you are an investor
65. Number of credit lines
66. If you are an active credit card users
67. Credit card type
68. If you own a debit card
69. If you carry a balance on your credit card
70. If you listen to the radio
71. What TV shows you like
72. If you use a mobile device and what brand it is
73. Internet connection type
74. If you have  recently bought a smartphone or tablet
75. Whether you access the Internet through a smartphone or tablet
76. If you use coupons
77. The type of clothing your household buys
78. Which time of year you do the most shopping
79. Whether you are a ‘heavy’ buyer of beer, wine or spirits
80. What groceries you buy
81. Whether you buy beauty products
82. Whether you buy medications
83. Whether you buy/spend money on household products
84. Whether you buy/spend money on products for kids or pets, and what kinds of pets
85. If your household makes more purchases than is average
86. If you tend to shop online or offline
87. The types of restaurants user you eat at
88. The kinds of stores you shop at
89. If you’re interest in adverts offering auto insurance, mortgages or satellite telly
90. Length of time user you have lived your house
91. If you are likely to move soon
92. If you are are interested in the Olympics, football or cricket
93. If you travel frequently
94. Whether you commute to work
95. The type of holiday you enjoy
96. If you have recently returned from a holiday
97. If you have used a travel app
98. Whether you are involved in a timeshare
Posted by Jill Fallon at 11:04 PM | Permalink

George Soros: Dark Lord Sowing Chaos Around the Wold

Dark Lord: Hacked Documents Reveal Magnitude Of George Soros’s Domestic Influence

Reviews of the more than 2,500 documents hacked from the servers of George Soros’s Open Society Foundations highlight the undue influence the billionaire financier exerts domestically, from attempting to remake the American electorate to successfully lobbying for changes in U.S. immigration policy to funding initiatives targeting local police forces.

While many of the documents spotlight Soros’s global network, focus on the hacked materials from his Foundations’ U.S. contingent begins to expose the many tentacles of the Democratic Party mega-donor’s operation and its deep impact over the policy objectives of the Obama administration, often utilizing a slew of U.S.-based progressive groups and activist organizations. The revelations in the hacked documents also raise questions about Soros’s future influence over presidential candidate Hillary Clinton, especially since the billionaire is one of Clinton’s top donors.


On The Bizarre Media Blackout Of Hacked George Soros Documents

Scandal: Leaked documents released a few days ago provide juicy insider details of how a fabulously rich businessman has been using his money to influence elections in Europe, underwrite an extremist group, target U.S. citizens who disagreed with him, dictate foreign policy, and try to sway a Supreme Court ruling, among other things. Pretty compelling stuff, right?  Not if it involves leftist billionaire George Soros. In this case, the mainstream press couldn't care less.

On Saturday, a group called DC Leaks posted more than 2,500 documents going back to 2008 that it pilfered from Soros' Open Society Foundations' servers. Since then, the mainstream media have shown zero interest in this gold mine of information.  We couldn't find a single story on the New York Times, CNN, Washington Post, CBS News or other major news sites that even noted the existence of these leaked documents, let alone reported on what's in them.  Indeed, the only news organization that appears to be diligently sifting through all the documents is the conservative Daily Caller, which as a result has filed a series of eye-opening reports.

• Soros' far-flung international organizations attempted to manipulate Europe's 2014 elections. The "List of European Elections 2014 Projects" details over 90 Soros efforts he had under way that year...
• nearly $4 million into anti-Israel groups, with a goal of "challenging Israel's racist and anti-democratic policies."
• $650,000 to "invest in technical assistance and support for the groups at the core of the burgeoning #BlackLivesMatter movement."
• "extensive networks" to pressure the Obama administration into increasing the number of refugees it would take to 100,000, despite concerns that Islamic terrorists could use the refugee program to infiltrate the U.S.
• $7 million to the Clinton-supporting Priorities USA super-PAC, and a total of $25 million to support Democrats and their causes.
• A separate memo details how Soros tried to use his clout to sway Supreme Court justices into approving President Obama's unilateral effort to rewrite immigration law.

Leaked e-mails show George Soros paid $650K to influence bishops during Pope’s US visit

Leaked emails through WikiLeaks reveal that billionaire globalist George Soros - one of Hilary Clinton's top donors - paid $650,000 to influence Pope Francis’ September 2015 visit to the USA with a view to "shift[ing] national paradigms and priorities in the run-up to the 2016 presidential campaign." The funds were allocated in April 2015 and the report on their effectiveness suggests that successful achievements included....

Grantees were PICO, a faith-based community organizing group, and Faith in Public Life (FPL), a progressive group working in media to promote left-leaning ‘social justice’ causes. Soros has funded left-wing causes the world over and was just found to have been funding an effort to eliminate pro-life laws around the globe....The grant specifically targeted the ‘pro-family’ agenda.

Caroline Glick in Our World: Soros’s campaign of global chaos

The first thing that we see is the megalomaniacal nature of Soros’s philanthropic project. No corner of the globe is unaffected by his efforts. No policy area is left untouched.  On the surface, the vast number of groups and people he supports seem unrelated. After all, what does climate change have to do with illegal African immigration to Israel? What does Occupy Wall Street have to do with Greek immigration policies? But the fact is that Soros-backed projects share basic common attributes.

1. They all work to weaken the ability of national and local authorities in Western democracies to uphold the laws and values of their nations and communities.

2. They all work to hinder free markets, whether those markets are financial, ideological, political or scientific. They do so in the name of democracy, human rights, economic, racial and sexual justice and other lofty terms. In other words, their goal is to subvert Western democracies and make it impossible for governments to maintain order or for societies to retain their unique identities and values.

Black Lives Matter, which has received $650,000 from Soros-controlled groups over the past year, is a classic example of these efforts. Until recently, the police were universally admired in the US as the domestic equivalent of the military. BLM emerged as a social force bent on politicizing support for police. Its central contention is that in the US, police are not a force for good, enabling society to function by maintaining law and order. Rather, police are a tool of white repression of blacks.  Law enforcement in predominantly African American communities is under assault as inherently racist....

3. Soros’s groups are on the ground enabling illegal immigrants to enter the US and Europe. They have sought to influence US Supreme Court rulings on illegal immigration from Mexico. They have worked with Muslim and other groups to demonize Americans and Europeans who oppose open borders.

The DCLeaks exposed the immensity of the Soros-funded Left’s campaign against the foundations of liberal democracies. The “direct democracy” movements that Soros support are nothing less than calls for mob rule.

The peoples of the West need to recognize the common foundations of all Soros’s actions. They need to realize as well that the only response to these premeditated campaigns of subversion is for the people of the West to stand up for their national rights and their individual right to security. They must stand with the national institutions that guarantee that security, in accordance with the rule of the law, and uphold and defend their national values and traditions.
Posted by Jill Fallon at 9:46 PM | Permalink

August 1, 2016

"47% of Americans have had their medical record hacked in the past 12 months."

On The Dark Web, Medical Records Are A Hot Commodity

More than 113 million medical records were hacked in 2015 alone, according to data compiled by the Health and Human Services. A newly released report from the Institute for Critical Infrastructure Technology, a cybersecurity think tank, found that some 47% of Americans have had their medical record hacked in the past 12 months. As cardiologist and author Eric Topol points out, the majority of patients haven't ever accessed their medical record before that happens.
On the dark web, medical records draw a far higher price than credit cards. Hackers are well aware that it's simple enough to cancel a credit card, but to change a social security number is no easy feat. Banks have taken some major steps to crack down on identity theft. But hospitals, which have only transitioned en masse from paper-based to digital systems in the past decade, have far fewer security protections in place.
On the dark web, complete medical records typically contain an individual's name, birthdate, social security number, and medical information. These records can sell for as much as (the bitcoin equivalent) of $60 apiece, whereas social security numbers are a mere $15. Stolen credit cards sell for just $1 to $3. During the tour, we spotted one hacker who claimed to have a treasure trove of just shy of 1 million full health records up for grabs.
Posted by Jill Fallon at 1:28 PM | Permalink

May 7, 2016

Another spectacular hack

Cyber Experts: Change Passwords After Massive Hack

The thefts involved some of the biggest email providers in the world such as Google, Yahoo, Hotmail and Microsoft. The bulk of the stolen accounts—some 272.3 million—.... according to Alex Holden, founder and chief information security officer of Hold Security who discovered the theft.

"We know he's a young man in central Russia who collected this information from multiple sources," Holden told NBC News. "We don't know the way he did it or the reason why he did it."

The user names and passwords were being offered for sale on the so-called "dark web" where hackers hock their goods.

The Dark Web

The dark web is a part of the internet that remains unindexed by search engines and can only be accessed using specific web browsing tools such as Tor. It is frequently used by whistleblowers, activists in tyrannous countries, and technology professionals, but its advanced anonymity and concealment also makes it a frequent habitat for cyber-criminals including hackers, terrorists, and pedophiles.

Since the mass hack has been discovered, security professionals are advising that anyone with a personal email account immediately change their password. This includes anyone who has an account with Hotmail, Microsoft, Gmail (Google Mail), Yahoo, and

The second step to take is to Set Up Two-Factor Authentication

Don't let the fancy name throw you, it just means that to log in to your account you need two ways to prove you are who you say you are. It's like the bank or DMV asking for two forms of ID.

The idea is that a hacker is going to have a much harder time getting both forms of ID, and it's true. Most major services and companies, such as Google, Facebook, Microsoft and Apple, offer two-factor authentication now....

In most cases, one of the "factors" is a randomly generated code sent to your cellphone. If a hacker steals your password and tries to log in to your account on an unknown computer, the site will ask them for the second code. Unless they also stole your phone, and were able to unlock it, they won't be able to get the second code to log in. ....a bit more effort at first, but it gets easier fast and the security benefits are huge. Plus, you can set up "safe" computers and gadgets, such as your home computer or tablet, where you don't have to go through the whole sign-in process every time
Posted by Jill Fallon at 7:06 PM | Permalink

April 6, 2016

When kids are more sensible than their parents

The Tech Rules Kids Wish Their Parents Would Follow

Hiniker and her colleagues wanted to understand what kids want from their parents when it comes to technology. The team asked 249 parent-child pairs, with kids ages 10 to 17, to respond to a survey about their rules, expectations and desires around technology use.
Many children said they wish their parents would unplug at certain times and not use technology at all so that they could be "more present," the survey found. Unsurprisingly, children also wanted their parents to use technology in moderation, and to avoid texting or calling while driving, even while sitting at a stoplight.

Children also chafed at hypocrisy. Kids thought that parents who spend their dinnertimes typing out that last email for work shouldn't expect their children to abide by a "no devices at dinner" rule,
"Twice as many children as parents expressed concerns about family members oversharing personal information about them on Facebook and other social media without permission," .... "Many children said they found that content embarrassing and felt frustrated when their parents continued to do it."
Posted by Jill Fallon at 6:31 PM | Permalink

March 29, 2016

Poisoning the water supply

Muslim hackers infiltrate water utility’s control system, change levels of chemicals used to treat tap water

The location of the utility has not been revealed and its name has been changed in Verizon’s report, but given the fact of Verizon’s involvement, this likely happened in the U.S. — all the other incidents discussed in the report linked in The Register’s article took place in America. And we know that jihadis have long wanted to poison the water supply. As far back as 2002, the feds arrested two jihadis who were carrying plans about how to poison water supplies. In 2003, al-Qaeda threatened to poison water supplies in Western countries. In 2011, a jihadi in Spain likewise planned to poison water supplies.

And in May 2013, seven Muslim “chemical engineers” were caught trespassing at the Quabbin Reservoir, a key supply of water for Boston, after midnight. Only months later and indirectly did we hear that it was a “criminal matter.” A month later, locks were cut at the aqueduct that supplies water to Greater Boston. 

Also in May 2013, jihadists were caught in Canada who had considered poisoning air and water to murder up to 100,000 people. In October 2013, the FBI was investigating a possible water supply threat in Wichita. In January 2014, a Muslim broke into a water treatment plant in New Jersey.

The Register article by John Leyden Water treatment plant hacked, chemical mix changed for tap supplies

The cyber-attack is documented in this month’s IT security breach report from Verizon Security Solutions. The utility in question is referred to using a pseudonym, Kemuri Water Company, and its location is not revealed.

A "hacktivist" group with ties to Syria compromised Kemuri Water Company’s computers after exploiting unpatched web vulnerabilities in its internet-facing customer payment portal, it is reported.
Verizon's RISK Team uncovered evidence that the hacktivists had manipulated the valves controlling the flow of chemicals twice – though fortunately to no particular effect. It seems the activists lacked either the knowledge of SCADA systems or the intent to do any harm.

The same hack also resulted in the exposure of personal information of the utility’s 2.5 million customers. There’s no evidence that this has been monetised or used to commit fraud.
Posted by Jill Fallon at 6:07 PM | Permalink

March 24, 2016

“We’re attacked about every 7 seconds, 24 hours a day,” CIO Beth Israel Deaconess hospital

5 Major Hospital Hacks: Horror Stories from the Cybersecurity Frontlines

In real-world war, combatants typically don’t attack hospitals. In the cyber realm, hackers have no such scruples. “We’re attacked about every 7 seconds, 24 hours a day,” says John Halamka, CIO of the Boston hospital Beth Israel Deaconess. And the strikes come from everywhere: “It’s hacktivists, organized crime, cyberterrorists, MIT students,” he says.
These attacks may all sound like nightmare scenarios, but the experts say they’re becoming almost routine. And hospitals have not made cybersecurity a priority in their budgets, Halamka says: “In healthcare, we spent about 2 percent on IT, and security might be 10 percent of that.” Compare that percentage to the security spending by financial firms: “Fidelity spends 35 percent of its budget on IT,” he says. 
Posted by Jill Fallon at 8:23 AM | Permalink

January 19, 2016

Security: Don't get stuck on stupid

It is unbelievable that people are still using passwords on the list below.  Don't get stuck on stupid.  Create a strong password or better a pass phrase.  A pass phrase is  4 unrelated words that mean something to you.  Like "exercise+horse+Paris+****star".  Or "Get + over + Tom + shine."    The MIT Technology Review says

making a password longer or adding symbols is a better way to strengthen it than by adding uppercase characters or numbers.

Use a password manager.  Enable 2-factor authentication where ever you can.  Avoid phishing by never responding to any email requests to update your password. 

These are the worst passwords of 2015

Every year, SplashData releases a list of the most popular passwords discovered in data breaches released online over the past 12 months. And this year, "123456" and "password" topped this list.  Just like last year. And the year before that.
For now, at least, consumers are probably best off trying trying to remember strong, unique passwords for important services and turning on two-factor authentication, a system where they have to go through another step to confirm their identity when they log in -- usually entering a code that's texted to their phone.

Here's their list:

1) 123456
2) password
3) 12345678
4) qwerty
5) 12345
6) 123456789
7) football
8) 1234
9) 1234567
10) baseball
11) welcome
12) 1234567890
13) abc123
14) 111111
15) 1qaz2wsx
16) dragon
17) master
18) monkey
19) letmein
20) login
21) princess
22) qwertyuiop
23) solo
24) passw0rd (using zero)
25) starwars

How Your Digital Life can be Compromised in 47 Seconds

Somehow, many of us think that we are immune to cyber security threats and continue to use the same weak passwords for multiple accounts. But we are all vulnerable to hacking, and it can happen in under a minute.
Many password managers today make it easy to create strong, secure passwords and keep them in a safe, encrypted place, accessed only by one master password.

This is one way to keep your identity secure online, but there is more that you can do, including limiting ad tracking, masking your email address and credit cards, and more. Simply changing your password every few months will not necessarily help, as this might cause you to create weaker passwords that are easier to remember. Password managers are essential in protecting your online privacy. If you want to learn more, check out this Top 5 list for free cybersecurity education websites.

Hackers and thieves become more advanced each day and find new ways to steal your identity, including using your Internet-connected devices such as your SmartTV or programmable coffee maker which contain your personal information. By being proactive, you can attempt to stay one step ahead of hackers and protect your privacy.

Password service LastPass was forced to increase its security

Password manager LastPass was forced to up its security measures following the release of research showing just how easy it is to convince its customers to hand over their password.....

But security researcher Sean Cassidy published a blog post that showed how it could take criminals "less than a day" to build a spoof version of LastPass that could convince people to hand over their email address and passwords.

In response to Cassidy's post, LastPass upped the security requirements for people trying to log into the service. Anybody logging into the service now has to visit their email inbox and manually approve every sign-in attempt. That makes it harder for criminals to steal any passwords.
Posted by Jill Fallon at 7:21 PM | Permalink

May 15, 2015

Smart kid

This is the first time I heard this story.  Kidnapper releases 10-year-old who wouldn't stop singing a gospel song

A gospel song saved a 10-year-old Atlanta boy from his kidnapper. Willie Myrick said he was in his front yard and bent down to pick up money when somebody grabbed him and threw him in a car.

“He told me he didn’t want to hear a word from me,” Myrick said. That’s when Myrick began to sing a gospel song called “Every Praise is to  Our God.” The kidnapper started cursing and repeatedly told Myrick to shut up, but he wouldn’t. He sang the song for about three hours until the kidnapper let him out of the car.

The little boy ran to a nearby home and asked the resident to call his guardian.  Myrick, who was reportedly born to atheist parents, was raised by his godmother Codetta Bateman. She often took him to church where he learned about God and developed a passion for the Bible.

When asked who his best-friend is, he said, "I always think that God is with me everywhere I go."

Willie's story has since made headlines around the world and has led to an appearance on Arsenio Hall and radio interviews across the country. He even had the chance to perform "Every Praise" with Grammy award-winning artist Hezekiah Walker, who wrote the song.

Here they both are - Hezekiah Walker and Willie Myrick  starting at 3:40 at the video link

 Willie Myrick+Hezekia Walker

Posted by Jill Fallon at 1:37 PM | Permalink

May 1, 2015

A CARD that unlocks your phone

A decent overview of the new technologies that will save us from repeatedly entering our passwords.

Forget passwords, now there's a smart CARD that automatically unlocks your phone or tablet when you're nearby

The Salt card is designed to end the tiresome task of manually unlocking a smartphone or tablet by automatically making it come to life whenever the user is nearby. The credit card-sized gadget also locks devices again as soon as a user moves out of range at a distance of 10 feet.  Salt connects to an app on a user’s Android handset or iPhone via Bluetooth and also tells them if they have strayed too far from their wallet, where the firm suggests the Salt card is stored.
The Salt card is made of durable plastic with a matte finish and is the same height and length as an ordinary credit card.  However, it's three times as thick because it has to be big enough to store the battery, which lasts for 18 months.

 Salt Card

SALT | Keyless entry for your phone.

Posted by Jill Fallon at 1:11 PM | Permalink

April 27, 2015

"We spy on each other"

In the Telegraph, Robert Collins interviews Dave Eggers, author of  A Heartbreaking Work of Staggering Genius.

Eggers has published short stories, novels, anthologies and children’s books. In 2002, he founded a literacy centre, 826 Valencia, for schoolchildren in San Francisco. On the back of its success, he opened a string of them across America, which led to others being set up in Europe. Eggers has come to Paris to visit the latest of these.

In between all this, he has written screenplays – including the film adaptation of Where the Wild Things Are, directed by Spike Jonze in 2009 – and founded an organisation that helps American university students find funding. He runs his own publishing house and literary magazine, McSweeney’s. And he has set up another literary magazine, The Believer, as well as founding a series of oral histories about human rights crises, a theme he covered in his 2009 book Zeitoun, which recounted the ordeal of a Syrian-American arrested in New Orleans in the chaos following Hurricane Katrina. Eggers is not so much a literary darling as a one-man social enterprise.
In his state of Zen suspension from smartphones and wireless technology, he has recently entered a remarkable renaissance in his fiction – something his career had always promised yet until now never quite delivered. In the past three years, he has produced a fascinating triptych of novels, each of which offers a different elegy to the passing of a safer, more optimistic America.
This nostalgic vision of America seems to be the fuel that is powering Eggers’s dismay at the onslaught of technology in modern life. In The Circle, all life happens online, in full and continuous public view. …They ultimately have 10,000 people in a controlled environment, where all of their actions, preferences, behaviors can be observed, monitored, monetized.”

“Well, of course,” Eggers says, grinning. “I’ve been asking my friends who’ve been married a long time whether they track their spouses on their iPhones, and they all do. They’re like: 'Well, it’s because I want to know when he’s going to come home.’ Of course, there’s a convenience to this, but you’re under surveillance. And I do think that any society or individual under surveillance is not free.

What’s funny is that we’re worried about the NSA and GCHQ, but so many of us are complicit. We spy on each other. Our tolerance for being spied upon has increased exponentially. If our parents wanted to spy on each other, it would be either following each other in a car or hiring a private detective. This is the same level of surveillance that we’re capable of now with a phone. And nobody thinks anything of it.”

Posted by Jill Fallon at 1:28 PM | Permalink

April 20, 2015

Edible passwords

Paypal developing stomach acid-powered pill that automatically logs you into accounts

PayPal is developing a new generation of edible passwords which stay lodged in your stomach to let you log in.
Jonathan Leblanc, the company’s top developer, said that the devices would be powered by stomach acid and include mini computers.  He said that technology had become so advanced that it allowed ‘true integration with the human body’.  The next wave of passwords will be edible, ingestible or injectable and will remove the need for what he called ‘antiquated’ ways of confirming your identity, such as fingerprint scanning.
Mr Leblanc, the Global Head of Developer Evangelism at PayPal, said in a presentation called ‘Kill All Passwords’ that he wants to ‘put users in charge of their own security’.  He said that passwords as they are now were not working and that users need to ‘harden it with something physical behind it’.
Posted by Jill Fallon at 1:57 PM | Permalink

March 20, 2015

On demand passwords

Yahoo announces on demand passwords so users 'never have to remember a password again'

Yahoo has introduced a new "on demand" password system that allows you to log into your account anytime using an individually generated unique code that the company will text to your phone.

It's essentially two factor authentication without the first step.

The feature is an inevitable move towards making user accounts more secure. Google and Apple have both dealt with high-profile security flaws and consumers are notoriously bad at practicing good password hygiene. Despite warnings, many still rely on easy to remember personal information or family names rather than unique codes generated by a password manager.

Yahoo explains this new simple way to log-in

Posted by Jill Fallon at 1:06 PM | Permalink

February 14, 2015

Apple CEO on human right to privacy

Apple CEO Tim Cook made a bold pitch for his company's commitment to user privacy at a White House summit on Friday, taking implicit shots at Apple's Silicon Valley rivals as well as the federal government. …. Cook described privacy online as a human right and linked it to the struggle for freedom for LGBT people.

“Too many people do not feel free to practice their religion or practice their opinion or love who they choose,” said Cook, who is gay.  “In a world where that information can make the difference between life and death,” he continued, “if those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life.
"We don't sell advertisers information from your email content or your web browsing history," Cook told the audience at Stanford University. "We don't try to monetize the information you store on your iPhone or in iCloud … We set the industry's highest standards and we are deeply committed to living up to them."
Posted by Jill Fallon at 1:30 PM | Permalink

February 9, 2015

Continuing cyberwar on many fronts affects your identity, security and privacy

It's not just your your medical records that may be insecure, the cyberwar continues on many fronts.

Attacks on state databases. Massive Utah cyberattacks — up to 300 million per day — may be aimed at NSA facility

Five years ago, Utah government computer systems faced 25,000 to 30,000 attempted cyberattacks every day.  At the time, Utah Public Safety Commissioner Keith Squires thought that was massive. "But this last year we have had spikes of over 300 million attacks against the state databases" each day: a 10,000-fold increase.  Why? Squires says it is probably because Utah is home to the new, secretive National Security Agency computer center, and hackers believe they can somehow get to it through state computer systems.

Or in your carsReport Sees Weak Security in Cars’ Wireless Systems

In addition to finding “a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle” or hackers who wish to “collect and use personal driver information,” the report expressed concerns over how automakers track drivers’ behavior and collect, transmit and store that information…..The report found that large amounts of data on driving histories are harvested, frequently without consumers being explicitly aware that the information is being collected or how it will be used.

Is your smart TV spying on you? Samsung warns users its smart sets can capture every word. If you enable voice recognition. In its privacy policy, the South Korean firm has warned users that if their conversations contain 'personal or other sensitive information', this will be captured and transmitted to an unidentified third party.

Facebook can follow you just about everywhere and you probably agreed to it. Now Facebook can follow you on other sites: Social media network has started harvesting data on links you click and searches you make

Facebook has started collecting information about the other websites users visit, the links they click on and their searches.
The social media site already harvests details people share on their profiles, including where they went to school, their interests and where they live.  But under a new privacy policy – to which anyone who has signed into Facebook since Friday has been opted in automatically – it can track activity outside the website, including online searches and some of the details users share with retailers.

A Facebook spokesman said: ‘It takes into account pages and places visited on Facebook, alongside browsing on the internet.’
She added that the changes help Facebook 'to better serve more relevant advertising to you.'
The site uses cookies – small files which it places on your web browser or device – to collect information which can then be transmitted back to Facebook.  The new terms were introduced as part of a wider update to Facebook's privacy policy, which - the social network claimed - was designed to make the rules easier to understand.  However, most users remain unaware of the radical change they have signed up for.

Using stolen identities to file fraudulent tax returns and claim refunds.  TurboTax halts e-filing for state returns due to fraud, stealing of refunds

Intuit, the parent company of TurboTax, has stopped e-filing all state tax returns due to increased suspicion of fraud. The company says it is investigating criminal attempts to use stolen data to file fraudulent returns and claim refunds, after hearing concerns from a handful of states, Intuit spokeswoman Diane Carlini told MarketWatch. After a preliminary examination with security experts, Intuit believes its systems weren’t breached, but crooks may have used TurboTax software to file fraudulent returns after stealing identities, she said.

Intuit said in a release that “the information used to file fraudulent returns was obtained from other sources outside the tax preparation process.” The company called pausing e-filings to states a “precautionary step.”

In light of this breach, Paul Bleeg, CPA and Partner, EisnerAmper LLP argues that you should go back to snail-mail to file your taxes this year.

E-filing isn't mandatory. Taxpayers may elect not to e-file their federal return, and all but a handful of states also allow an "opt-out" of e-filing, including California. So why would you want to choose the inconvenience of mailing paper tax returns?

1. E-filed returns have a higher rate of being chosen for examination (audit) by the IRS…..
2. E-filed returns are at-risk for identity theft. The South Carolina Department of Revenue reported that 3.9 million e-filed tax returns were exposed in a hacker attack. That means that the names and social security numbers of every parent and child listed on those tax returns, as well as investment account details and other personal information, are now in the hands of hackers, who may be connected with organized crime. The South Carolina Department of Revenue is paying the cost of credit-monitoring services for all those taxpayers exposed, including the children of taxpayers. Each state has different e-file security measures that should be considered.
3. Fraudulent e-filed returns using real taxpayers' names and Social Security numbers is a rapidly growing problem…With the correct name and social security number of the victim, criminals are e-filing tax returns that report zero income. When they e-file, the IRS and many of the states just issue refunds of the taxpayers' withholdings and estimated tax payments since there are no tax liabilities reported on these fraudulent returns. These refunds are direct-deposited into the criminal's bank account, or issued as a debit card and sent to the criminal's P.O. Box. When the real taxpayers try to file their tax return, they receive a rejection message, saying a return has already been e-filed.
Posted by Jill Fallon at 12:10 PM | Permalink

February 8, 2015

How secure is your personal information with your medical insurer?

Health insurer Anthem hit by massive cybersecurity breach

Health insurer Anthem Inc , which has nearly 40 million U.S. customers, said late on Wednesday that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees.
The No. 2 health insurer in the United States said the breach did not appear to involve medical information or financial details such as credit card or bank account numbers.

The information accessed during the "very sophisticated attack" did include names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, the company said.
Anthem said that it immediately made every effort to close the security vulnerability and reported the attack to the FBI. Cybersecurity firm FireEye Inc said it had been hired to help Anthem investigate the attack.
Medical identity theft is often not immediately identified by patients or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.

Anthem didn't encrypt data stolen in hack

Health insurer Anthem Inc. did not encrypt the 80 million Social Security numbers stolen by hackers last week, but that's probably more common than you think….The Wall Street Journal explained, and though it appears Anthem  encrypted data moving out of its database, it didn't do so for information simply being stored.  Instead, a spokesperson told the WSJ, the company used other security measures to protect that information.

Security experts say cyber criminals are increasingly targeting the $3 trillion U.S. healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features. 

Anthem said it would send a letter and email to everyone whose information was stored in the hacked database. It also set up an informational website,, and will offer to provide a credit-monitoring service.  The company said on the website's FAQ page that 'The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.' 

New York Times. What Anthem Customers Should Do Next After Data Breach

Although Anthem says the attackers did not get any medical records, they did get access to medical identification numbers found on insurance cards. ….. “You don’t need a complete medical record to commit medical identity theft if you have the correct name and Social Security number,” said Pam Dixon, executive director of World Privacy Forum. “The chief harm for medical identity theft is that your medical record will change without your knowledge.”

THEFT TYPES In large-scale breaches like the one at Anthem, experts said the criminals could pose as medical billers and fraudulently charge consumers’ insurance companies for medical services and drugs. Not only is your insurer paying for something that you didn’t ask for, but the fraudsters can also alter your medical record, Ms. Dixon said.
WHAT TO DO Consumers should try to create their own copy of their medical file so they have an accurate version of their history should a fraudster make any changes, said Ms. Dixon, who has worked with many medical identity theft victims. Think about any significant or chronic medical conditions, surgeries or accidents — particularly for the last few years — and get a record from your doctors’ offices, hospital or other provider. Also get a record of your blood type and any drug allergies. If you have access to an online patient portal, try to print out or save a copy of those files elsewhere.

“You want to print a baseline record so that if it is altered without your knowledge by fraudulent activity,” Ms Dixon said, “you have something that is really clean.” That will help prove your case, she said, and rebuild an accurate history.
Posted by Jill Fallon at 11:49 PM | Permalink

December 18, 2014

Passwords: the secret life and body parts

In the New York Times Magazine several weeks ago was a fascinating article  The Secret Life of Passwords

by Ian Urbina. We despise them – yet we imbue them with our hopes and dreams, our dearest memories, our deepest meanings. They unlock much more than our accounts.

SEVERAL YEARS AGO I began asking my friends and family to tell me their passwords. I had come to believe that these tiny personalized codes get a bum rap. Yes, I understand why passwords are universally despised: the strains they put on our memory, the endless demand to update them, their sheer number. I hate them, too. But there is more to passwords than their annoyance. In our authorship of them, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives. Many of our passwords are suffused with pathos, mischief, sometimes even poetry. Often they have rich back stories. A motivational mantra, a swipe at the boss, a hidden shrine to a lost love, an inside joke with ourselves, a defining emotional scar — these keepsake passwords, as I came to call them, are like tchotchkes of our inner lives. They derive from anything: Scripture, horoscopes, nicknames, lyrics, book passages. Like a tattoo on a private part of the body, they tend to be intimate, compact and expressive.

There was the former prisoner whose password includes what used to be his inmate identification number (“a reminder not to go back”); the fallen-away Catholic whose passwords incorporate the Virgin Mary (“it’s secretly calming”); the childless 45-year-old whose password is the name of the baby boy she lost in utero (“my way of trying to keep him alive, I guess”).
When I described keepsake passwords to Paul Saffo, who teaches engineering at Stanford and writes often about the future of technology, he coined the term “crypto haiku.”
“Keepsake passwords .  In our authorship of passwords, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives. Many of our passwords are suffused with pathos, mischief, sometimes even poetry.

On the other hand, we are at the dawn of development in using parts of our bodies as the authenticator for our unique identity instead of passwords. 

As usual, Apple leads the way with fingerprint sensors in the newest iPhones and iPads.  Now there are companies where the password can be your heartbeat, your iris, the veins on your palm. 

Read more at CNN - How your body will be your password.

Posted by Jill Fallon at 7:27 PM | Permalink

November 13, 2014

IBM and Google Vie for your DNA

IBM's Watson Wants to Examine Your DNA

With the help of Pathway Genomics, consumers might one day be able to "Ask Watson" for insights into their health.
IBM's Watson Group today announced an undisclosed investment in Pathway Genomics to create the first cognitive consumer app based on a user's genetic makeup.

Citing research on genomic medicine, IBM said the bioinformatics market is expected to grow to $12.86 billion by 2020. Few consumers, however, have access to or can benefit from personalized wellness-related recommendations tailored to their individual needs. Which is where IBM and Pathway Genomics come in.

By leveraging the natural language processing and cognitive capabilities of Watson, consumers will be able to "Ask Watson" for insights, based on their own genes, wearable data, and other wellness information, like emotional, physical, and social well being.

"The medical industry is undergoing a dramatic and systemic change, putting the consumer more in charge of their own health care," Michael Nova, chief medical officer at Pathway Genomics and member of the Watson Advisory Board, said in a statement. "Giving the consumers access to a powerful tool built upon cognitive learning and Watson will make the change even more transformative."

Your DNA falls into the realm of "the world's information," and it seems that Google is making a play to organize that, too.

For a spit of saliva and $2,500, your genetic test results are securely delivered to your computer screen with your genetic likelihood for 18 medical conditions, from Alzheimer's to rheumatoid arthritis to several types of cancer. Navigenics aims to boost disease prevention by providing customers reports on their DNA that they can share with their doctors. The company addresses privacy concerns by encrypting customer identities, and screens only for conditions it deems to have scientifically sound genetic studies. The company also offers genetic counseling.
in 2007 Google invested at least $4.4 million in a genetic screening company, 23andMe, that was started by Anne Wojcicki, the wife of Google co-founder Sergey Brin, and her business partner.
Interestingly, Navigenics and 23andMe don't consider themselves competitors. Navigenics' DuRoss says "23andMe has taken the approach of providing you a fun, social, and ancestral look at your DNA," adding that her company "has taken the view that science, clinical utility, and the ability to do something about your health is of paramount importance."

MIT Technology Review Google Wants Your DNA too. For $25 a year, Google will keep a copy of any genome in the cloud. 

Google is approaching hospitals and universities with a new pitch. Have genomes? Store them with us….The idea is to create “cancer genome clouds” where scientists can share information and quickly run virtual experiments as easily as a Web search, says Sheila Reynolds, a research scientist at the Institute for Systems Biology in Seattle. “Not everyone has the ability to download a petabyte of data, or has the computing power to work on it,” she says.
Posted by Jill Fallon at 1:58 PM | Permalink

November 8, 2014

Do You Really Want a Smart TV?

One lawyer took the time to read the 46 page privacy notice that came with his smart TV and this is what he said.

I’m Terrified of My New TV: Why I’m Scared to Turn This Thing On — And You’d Be, Too
Michael Price

I am now the owner of a new “smart” TV, which promises to deliver streaming multimedia content, games, apps, social media, and Internet browsing. Oh, and TV too.
The amount of data this thing collects is staggering. It logs where, when, how, and for how long you use the TV. It sets tracking cookies and beacons designed to detect “when you have viewed particular content or a particular email message.” It records “the apps you use, the websites you visit, and how you interact with content.” It ignores “do-not-track” requests as a considered matter of policy.

It also has a built-in camera — with facial recognition. The purpose is to provide “gesture control” for the TV and enable you to log in to a personalized account using your face…..

More troubling is the microphone. The TV boasts a “voice recognition” feature that allows viewers to control the screen with voice commands. But the service comes with a rather ominous warning: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” Got that? Don’t say personal or sensitive stuff in front of the TV.

You may not be watching, but the telescreen is listening.
According to retired General David Petraeus, former head of the CIA, Internet-enabled “smart” devices can be exploited to reveal a wealth of personal data. “Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvester,” he reportedly told a venture capital firm in 2012. “We’ll spy on you through your dishwasher” read one headline. Indeed, as the “Internet of Things” matures, household appliances and physical objects will become more networked. Your ceiling lights, thermostat, and washing machine — even your socks — may be wired to interact online. The FBI will not have to bug your living room; you will do it yourself.
Posted by Jill Fallon at 9:50 AM | Permalink

Do Not Use Default Passwords

Peeping into 73,000 unsecured security cameras thanks to default passwords.. A site linked to 73,011 unsecured security camera locations in 256 countries to illustrate the dangers of using default passwords.

Security cameras are supposed to offer security, not provide surveillance footage for anyone to view. Businesses may be fine with that, but cameras that are not truly locked down in homes invite privacy invasions.

There were lots of businesses, stores, malls, warehouses and parking lots, but I was horrified by the sheer number of baby cribs, bedrooms, living rooms and kitchens; all of those were within homes where people should be safest, but were awaiting some creeper to turn the “security surveillance footage” meant for protection into an invasion of privacy.
Posted by Jill Fallon at 9:44 AM | Permalink

October 29, 2014

White House hacked and you will be too

Gizmodo.  Report: The White House Got Hacked by Russians

The Washington Post reports that computers at the White House were hacked recently by people possibly working for the Russian government.

According to the report, which is based on information from unnamed sources, security officials were able to contain the breaches relatively quickly, and that no classified networks were compromised. The NSA and FBI are investigating the attack, which we only found out about thanks to information from an "ally."

"How does an ally figure that out?"  Ben FitzGerald, with the Center for a New American Security in Washington, D.C. said. "What were they monitoring that we weren't?"

Scott Johnson at PowerLine reports

the computer network within the Executive Office of the President has been down for close to a week, and staff throughout the various components still lack basic access to their files (though many are now able to access e-mail and the Internet). He advises that EOP staff have been told not to say anything about the situation to anyone.

He updates

Our source Describing the problem as a “major data loss,” he believes that repair is expected to take weeks.  From what he understands, this is a serious problem. He asserts: “We are potentially talking OMB, USTR, ONDCP, OPM, and the White House itself(!). Top-line executive deliberations. Gone. Stolen? No idea.”

In his most recent message, our source reports:  EOP employees told to think very carefully about what personal information might have been located on their computers – still “weeks away” from a fix.

Officials warn 500 million financial records hacked

Federal officials warned companies Monday that hackers have stolen more than 500 million financial records over the past 12 months, essentially breaking into banks without ever entering a building.

"We're in a day when a person can commit about 15,000 bank robberies sitting in their basement," said Robert Anderson, executive assistant director of the FBI's Criminal Cyber Response and Services Branch.

The U.S. financial sector is one of the most targeted in the world, FBI and Secret Service officials told business leaders at a cybersecurity event organized by the Financial Services Roundtable. The event came in the wake of mass hacking attacks against Target, Home Depot, JPMorgan Chase and other financial institutions.

"You're going to be hacked," Joseph Demarest, assistant director of the FBI's cyberdivision, told the business leaders. "Have a plan."

His advice was directed to the banks, but it's just as applicable to you.  What are you doing to protect yourself?

Posted by Jill Fallon at 6:16 PM | Permalink

October 2, 2014

Another day, another huge security breach

JPMorgan data breach affects 76 million households

JPMorgan Chase Co. says that a recent cyberattack compromised customer information for about 76 million households and 7 million small businesses.

The New York-based bank said Thursday that customer information including names, addresses, phone numbers and email addresses were stolen in the cyberattack.

However, JPMorgan said there’s no evidence that the data breach included customers’ account numbers, passwords, Social Security numbers or dates of birth.

The lender said it has not found any unusual customer fraud related to this data breach.


And More IRS Employees Busted for Stealing Taxpayers' Identities

Just days after revealing that the tax agency's failure to follow its own rules put the private data of 1.4 million people at risk, the Treasury Inspector General for Tax Administration publicized the sentencing of Tax Examining Technician Missy Sledge for aggravated identity theft and mail fraud, and IRS employee Monica Hernandez for making and subscribing a false income tax return, wire fraud, and aggravated identity theft.
in addition to IRS personnel, 14,000 contractors have "staff-like" access to Sensitive But Unclassified (SBU) information. Such protected data includes "any information under the IRS's authority that the loss, misuse, unauthorized access, or modification of could adversely affect the national interest, the conduct of IRS programs, or the privacy to which individuals are entitled under law." To gain that access, contractors have to submit to background checks…..

The tax collection agency failed to perform background checks when handing out five reviewed contracts for courier, printing, document recovery, and sign language interpreter services. The report also found a dozen other contracts where the IRS planned to perform background checks, but didn't get to all of the people on the job.
Posted by Jill Fallon at 6:36 PM | Permalink

Apple never told you about its hidden tracking system

Phone? It's a spyphone: Apple devices can record your every movement

It is tracking your every move – recording the exact time you left for work, where you bought your coffee and where you like to shop.
But this isn’t a futuristic spy drone or some sinister Big Brother state – it’s the iPhone sitting in your pocket.

Hidden in Apple phones is a function which logs every journey. The iPhones are then able to analyze the data to figure out where you live and work, basing decisions on the frequency and timing of trips.

The function – called the Frequent Locations feature – was quietly introduced to iPhones a year ago. But since access to the program is buried beneath five layers of settings menus, few people know it exists.

Apple claims the data never leaves your phone without your permission, and that it was only designed to improve mapping services.

But Professor Noel Sharkey, one of Britain’s leading computing experts, described Apple’s ability to track people as ‘terrifying’. ‘This is shocking,’ he said. ‘Every place you go, where you shop, where you have a drink – it is all recorded. This is a divorce lawyer’s dream. But what horrifies me is that it is so secret. Why did we not know about this?’

Smartphones have had the ability to track their owners’ movements since they were first installed with GPS chips and mapping functions.  But this feature, which is automatically installed on any iPhone with the iOS 7 or an iOS 8 operating system, is the first to display the movements clearly on a map. The phone records the date of every one of your journeys, your time of arrival and departure and how many times you have been to each address.


The Frequent Locations function is automatically installed on any phone with iOS 7 or iOS 8.

• To access Frequent Locations, go into Settings, choose the Privacy option and then Location Services.
• Go right down to the bottom and select System Services – then click Frequent Locations.
• Your data will be displayed under a History heading divided up into cities and districts – click on each one to see how your phone monitors, analyses and maps everywhere you go.
• To disable Frequent Locations, select Clear History and make sure Improve Maps is deselected.
• Finally, turn off the Frequent Locations tab. This does not stop data being recorded, it only stops it being packaged up in a map.
• To stop it being logged at all, you can disable Location Services in the Privacy menu – but this will leave you unable to use your phone’s mapping software.
Posted by Jill Fallon at 3:47 PM | Permalink

September 10, 2014

Security breaches everywhere

What are you doing to protect yourself from becoming collateral damage in the persistent ongoing digital war?

Hackers make 10 times more money from stealing your medical records – and they’re easier to get as hospitals' cyber security is so poor

Cyber criminals can make ten times more money hacking someone's medical information rather than their credit card details, new research has shown. ….Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.
The FBI has warned US health care providers of the new threat after a group of Chinese hackers stole personal information from 4.5 million patients after targeting the computer network of Community Health Systems Inc. Internet security experts believe the $3 trillion US healthcare industry is a ripe target for cyber criminals because many many health care providers use older computers with inadequate tools to protect the confidential information.
The data for sale includes names, birth dates, policy numbers, diagnosis codes and billing information. Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers, according to experts who have investigated cyber attacks on healthcare organizations.

Personal data belonging to 4.5 MILLION American hospital patients stolen in cyber attack by Chinese

Community Health Systems revealed the cyber attack in a SEC filing on Monday. 'The Company and its forensic expert, Mandiant (a FireEye Company), believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the Company’s systems,' Community Health Systems said. 'The attacker was able to bypass the Company’s security measures and successfully copy and transfer certain data…. The stolen information included patient names, addresses, birth dates, telephone numbers and social security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in the regulatory filing. It did not include medical or clinical information.

Home Depot Suffers Second-Largest Retail Data Breach on Record; 56 Million Debit and Credit Cards Affected

Home Depot said that 56 million debit and credit cards are estimated to have been breached in a data theft between April and September at its stores in the U.S. and Canada. That makes it the second-largest breach for a retailer on record.  The disclosure puts the data breach behind TJX Cos.’s theft of 90 million records, disclosed in 2007 and ahead of Target’s pre-Christmas 2013 breach which compromised 40 million credit and debit cards.

5 million Gmail User Accounts, Passwords Hacked

A database containing nearly 5 million Gmail user accounts and passwords was leaked on Bitcoin Security, a popular Russian website devoted to the cryptocurrency. The text file was published on Tuesday night by user tvskit, according to CNews, the Russian news outlet that first broke the story. The leaker claimed that the majority of the accounts belong to users who speak English, Russian, or Spanish, and that approximately 60 percent are active. The passwords not only give access to Gmail, but a slew of other Google services such as Drive and the mobile payment system Google Wallet.

Hack leaks hundreds of nude celebrity photos   Apple says its iCloud security was not breached.  The culprit was weak passwords The hackers figured out user names, passwords, and security questions of the celebrities.

Half of us are at risk of cyber-attacks ‘because we don’t install anti-virus software on laptops or phones’
National Crime Agency is launching new campaign to increase awareness of the dangers of not protecting yourself online.

.Researchers find it’s terrifyingly easy to hack traffic lights 

Open wireless and default passwords make controlling a city's intersections trivial. …..the most upsetting passage in the entire paper is the dismissive response issued by the traffic controller vendor when the research team presented its findings. According to the paper, the vendor responsible stated that it "has followed the accepted industry standard and it is that standard which does not include security."

What if your body is hacked?  Microchip Implants in Healthy People

In March 2009, British researcher Mark Gasson had a chip injected under the skin of his hand. The chip, a slightly more advanced version of the tags used to track pets, turned Gasson into a walki• ng swipe-card. With a wave of his wrist, he could open security doors at the University of Reading laboratory, where his experiment was being conducted, and he could unlock his cell phone just by cradling it.

A year later, Gasson infected his own implant with a computer virus, one that he could pass on to other computer systems if the building's networks were programmed to read his chip. As Gasson breezed around the the workplace, spreading the virus and corrupting computer systems, certain areas of the building became inaccessible to his colleagues.
Posted by Jill Fallon at 2:39 PM | Permalink

July 23, 2014

Too good not to pass on

The Plague of Passwords. Senior trying to set a password

WINDOWS: Please enter your new password.

USER: cabbage

WINDOWS: Sorry, the password must be more than 8 characters.

USER: boiled cabbage

WINDOWS: Sorry, the password must contain 1 numerical character.

USER: 1 boiled cabbage

WINDOWS: Sorry, the password cannot have blank spaces.

USER: 50bloodyboiled cabbages

WINDOWS: Sorry, the password must contain at least one upper case character.

USER: 50BLOODYboiledcabbages

WINDOWS: Sorry, the password cannot use more than one upper case character consecutively.

USER: 50BloodyBoiledCabbagesShovedUpYourAssIfYouDon’tGiveMeAccessNow!

WINDOWS: Sorry, the password cannot contain punctuation.

USER: ReallyPissedOff50BloodyBoiledCabbagesShovedUpYourAssIfYouDontGiveMeAccessNow

WINDOWS: Sorry, that password is already in use.
Posted by Jill Fallon at 11:42 AM | Permalink

June 17, 2014

The Jammer Cloak of Invisibility

'Cloak of Invisibility' lets you hide from Google: Padded coat blocks radio waves to stop firms accessing your phone's data

Data collection has become a growing concern for many users of smart technology, which can record numerous personal details, some of which is collected without their knowledge.  With that in mind Coop Himmelb(l)au, an Austrian architecture company, created the Jammer Coat to protect the wearer from unwanted data collection. The Jammer Coat is a padded cloak that contains metallic fibres designed to block radio waves, shielding the wearer from tracking devices.

All signals are designed to be blocked from reaching devices once they are stored inside the coat, meaning vital information from important items such as credit cards is protected from those looking to obtain it. This also means it is blocked from WI-Fi networks, mobile providers and more.  And with numerous pockets of different sizes the coat can accommodate smartphones, tablets and a range of other devices. The white coat is also patterned with black spots, which have been designed to mask the wearer’s true body shape.

'The CHBL Jammer Coat is a piece of clothing that enables its user to disappear: Google cannot find you anymore,' said a spokesperson for Coop Himmelb(l)au.  The piece is made of metallised fabrics, which are blocking radio waves and shielding the wearer against tracking devices.  You are no longer reachable on your mobile phone and no information from your credit card can be captured.

 Jammer-Invisibility Cloak

Even though it looks like duvet,  I rather like it, but then I've always liked the elegance of desert robes, especially  their coolness in the summer heat. 

  Lawrence Of Arabia

Posted by Jill Fallon at 7:20 PM | Permalink

June 9, 2014

20 to 30 cybercrime groups operating on a ‘nation-state level’

Hackers are holding the world to ransom: Cyber attacks cost the global economy more than £328 billion a year, claims report

Failing to protect yourself online is so irresponsible, it could threaten the economy of entire nations.
That's according to a security report by California-based group, McAfee, which suggests cybercrime is now such big business, it is worth more than the wealth of some countries.
As a business, cybercrime would be ranked 27th in the world based on revenue, and the attacks are currently costing the world more than £328 billion ($400 billion) a year.
They claim the big problem remains a lack of understanding among the public about different threats that exist.
As part of the report, Samani revealed there are 20 to 30 cybercrime groups that are operating on a ‘nation-state level’.
This means they are working on an industrial scale, and overcome almost any sort of web defence they face.
‘We want the economy to grow, and it’s being held back by cybercrime.
‘If you’re not taking important measures you’re contributing to criminals, and I mean nasty criminals, making money off you. Not taking action is resulting in people losing their jobs,’ he said.
The report found that more than 200,000 jobs had been lost as a result of cybercrime - through reputation damage or loss of assets.
The news comes in the wake of continued efforts to improve web security before the ‘two-week threat’ elapses, and two viruses that have infected thousands of computers are active again.
The U.S. Department of Homeland Security urged users to install anti-virus software on their computer and ensure that the latest operating systems were also installed on their computers.
If systems do not offer automatic updates, people should enable it, the department said.
It also advised changing passwords, as original passwords may have been compromised during the infection.
Posted by Jill Fallon at 9:32 PM | Permalink

May 22, 2014

Beware of doing online banking on your mobile phone.

Beware of doing online banking on your mobile phone.   Security expert reveals that ANYONE can hack a bank's app using free internet tools

Mobile security expert Wilson Bond, a technical manager at mobile security firm Arxan Technologies has demonstrated how a banking app can be hacked.

He built a dummy app and used reverse engineering to connect to a server. When sending money, the server was able to obtain the user’s password

It was then programmed to piggyback onto the payment and transfer money to the hacker’s account.  There are also tools and online tutorials to teach hackers the process.  He did point out that iOS apps and software are more secure and closely monitored than Android, for example - except on jailbroken devices.

'Jailbreaking' is the process of removing certain restrictions Apple places on apps and downloads, for example, and makes it easier for developers to adjust settings.
Posted by Jill Fallon at 6:35 PM | Permalink

May 21, 2014

Are you one of the 128 million who ever bought anything on Ebay?

Change your password now

eBay hit by major cyber attack: 128 million are urged to change their password NOW after hackers access personal details

What personal details were stolen?
Hackers gained access to eBay customers' names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth.
It is unclear whether all, or any, of the details were taken but security experts are warning people to assume the worst.

Are my credit cards details safe?
The firm said that the infiltrated part of the network did not contain any financial details, so in theory, yes.

Will changing my password solve the problem?
Changing passwords will stop hackers from being able to use any login details that were stolen.
However, they could still use names, addresses and birth dates to commit identity fraud.
It’s a good idea to change passwords following any attack such as this. It’s also important to update login details on any sites that use the same password.
If a hacker has your password and email address they could use it to attempt to access other sites that use the same combination.
As a rule, the same password should never be used across different sites.

Should I change my PayPal password as well?
PayPal, which owns eBay, has confirmed its accounts and customers have not been affected by this cyber attack.
However, as a matter of course, it’s good practice to change all related passwords across different sites, including PayPal.

Which countries are affected?
At the moment, we can assume that all eBay customers worldwide will be affected by this breach, until eBay says otherwise.

Is this hack a result of the Heartbleed bug?
When Heartbleed was exposed, eBay announced its customer’s account were secure and had not been affected. This suggests the latest hack is a separate attack.

How did hackers steal the information?
It is unclear how the hackers got hold of the information but eBay said it is working with forensic teams to get an answer to this question.

Why did it take so long for eBay to inform customers of the breach?
MailOnline has contacted eBay for an answer to this question. It is unclear what caused the delay.
Typically, following cyber attacks, a firm will investigate the breach to try and determine how many people are affected, and the severity of the attack, before issuing advice.
Posted by Jill Fallon at 2:12 PM | Permalink

April 14, 2014

Heartbleed and heartbreak that NSA didn't warn us about but exploited for itself

The biggest flaw in Internet history affecting as many as two-thirds of the world's websites.

The Heartbleed bug lets hackers eavesdrop on supposedly secure communications.

German developer Dr Robin Seggelmann admitted he wrote the code. It was then reviewed by other members and added to OpenSSL software. This addition led to the Heartbleed flaw in the open-source program
Code was added in December, 2011, and no-one picked up the error.

As if the fact that we all have to change our passwords yet again were not bad enought, Bloomberg reports NSA Said to Exploit Heartbleed Bug for Intelligence for Years

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
“It flies in the face of the agency’s comments that defense comes first, said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.”
“We’ve never seen any quite like this,” said Michael Sutton, vice president of security research at Zscaler, a San Jose, California-based security firm. “Not only is a huge portion of the Internet impacted, but the damage that can be done, and with relative ease, is immense.”

The potential stems from a flawed implementation of protocol used to encrypt communications between users and websites protected by OpenSSL, making those supposedly secure sites an open book. The damage could be done with relatively simple scans, so that millions of machines could be hit by a single attacker.

Ace comments  What the hell. What the unholy hell.

This is scary. I'm not even so much bothered by the NSA itself preserving a backdoor into my private stuff. I always figured they could do that anyway, if they wanted.

But they've also exposed everyone to criminal hacking and even compromise by foreign intelligence services.

What the hell. What the unholy hell.

Biz Insider Here's How To Protect Yourself From The Massive Security Flaw That's Taken Over The Internet

Security firms are urging users to only change passwords on sites that have confirmed they are safe

'Changing your password on a vulnerable site makes little difference because the site is still open to attack….'This means your old password would have been at risk, but you're also giving hackers access to your new password - a double whammy.


Affected sites include a number of Google services, including Gmail and YouTube, Facebook, Tumblr, Yahoo and Dropbox.  All of these sites have been patched and security experts are advising people to change their passwords on these accounts, even if the sites themselves aren't issuing the advice.

Business Insider  Find Out Instantly If A Site Has Been Infected By 'Heartbleed'

Posted by Jill Fallon at 11:21 AM | Permalink

March 25, 2014

Can we give away our constitutional rights by accepting to download a free app?

I never knew that some smartphone apps

contain computer code that allow the app developer to use the cell phone’s camera or microphone at any time, and record cell phone conversations at any time.  Listening to a cell phone conversation in the past would require that the police take evidence to a court and ask a judge to sign a warrant allowing a police wiretap.  Yet today, many apps effectively usurp the privacy of downloaders at the push of a phone button.

Can we give away our constitutional rights by accepting to download a free app?

Right now these rights can be taken away by the state only after a long and arduous legal process.  A convicted felon, for example, will lose his right to vote.

Up to now, a person could give away copyright rights to a photograph, for example, only by physically signing a photo release.  Or he could sign away the copyright protections for a piece of music to a record company.  But apps today could sneak in language that states that any music transmitted by a smartphone becomes the property of the person who developed the app.  This was all made possible because written signatures were replaced by the e-signature, and now only a click of the "accept" button is required.

John McAfee has had enough of excessive app permissions launched Cognizant on March 1st

The product is called Cognizant, a free to download app for Android mobile phones and tablets.  It protects those devices by empowering the user to be fully aware of all the permissions that applications have been granted on a device, knowingly or not.
In a non-descript Montreal office building, McAfee demonstrated how one popular chat application in particular had by default been granted what can only be described as excessive permissions.  The application has access to things like:  all call history, contacts, GPS, camera access, the ability to silently make calls and even turn off notifications of these activities to the user.  I install the app on my own phone to see this and sure enough, it’s pretty shocking.  If you think about it, if one were to describe a program that did all of these things on a PC, it could be called malware.  McAfee states that there are thousands upon thousands of apps out there doing the exact same thing, taking more permissions than are clearly necessary or that you may be comfortable with.

While awaiting a similar app for the iPhone, I just got rid of a bunch of apps that I never used.

Posted by Jill Fallon at 4:36 PM | Permalink

February 28, 2014

When love makes you vulnerable

Just as the Pew Research Center released a survey showing Americans would give up TV before they would give up the Internet.

53 percent of US Internet users would find it "very hard" to give up Web access, up from 38 percent in 2006….
35 percent of all US adults television would be very hard to give up, compared with 44 percent in 2006…..

Using the Web -- browsing it, searching it, sharing on it -- has become the main activity for hundreds of millions of people around the globe," Pew said.

Comes this news of the "'mind boggling' stash of 360 million stolen web site credentials for sale online in what could be biggest breach in history

A cybersecurity firm has uncovered stolen credentials from 360 million accounts that are available for sale on cyber black markets…they warn the discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system….'The sheer volume is overwhelming.'….

Alex Holden, chief information security officer of Hold Security LLC….believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.

He said he believes the credentials were stolen in breaches that have yet to be publicly reported.  The companies attacked may remain unaware until they are notified by third parties who find evidence of the hacking, he said.
'We have staff working around the clock to identify the victims,' he said.

Do you think this will change anyone's mind? 

Posted by Jill Fallon at 10:06 AM | Permalink

February 10, 2014

"Most identity theft in the United States is medical-related" ; New Credit Cards for Everyone

Medical Identity Theft and Obamacare

  1. Most identity theft in the United States is medical-related, according to a recent report from the Identity Theft Resource Center…..In 2012 alone, medical identity theft increased by nearly 25 percent, affecting 1.85 million Americans
Michael Ollove, a reporter for Stateline, noted that 43 percent of identity-theft incidents in the United States are medical-related,a far greater chunk than identity thefts involving banking and finance, the government and the military, or education. The U.S. Department of Health and Human Services says that since it started keeping records in 2009, the medical records of between 27.8 million and 6.7 million people have been breached.”

Regardless, as many as 31 states do not conduct background checks on Obamacare navigators, who have access to enrollees’ names, Social Security numbers, financial records, and health information. A recent NR report found that in California, at least 43 navigators approved by the state health exchange had prior convictions, including for forgery and welfare fraud.

All American Credit Cards Will Disappear In 2015 And Be Replaced With This New Tech

Every credit card in the U.S. will be replaced by October 2015 with new cards that contain the chip-and-PIN technology that the rest of the world has had for years, according to the Wall Street Journal.  Both Visa and MasterCard are committed to the switch, which will render extinct the plastic in your wallets and purses right now.

No more black magnetic stripes; no more signing on the dotted line.

Americans who have traveled to Europe in recent years will know that the U.S.'s credit card system is embarrassingly old-fashioned by comparison. It's often difficult to use American credit cards abroad because the Europeans abandoned magnetic stripes and signatures years ago — they were too easily hacked. Credit and debit cards in the U.S. are about 10 years behind the rest of the world.

The new cards contain a microchip and require the owner to enter a PIN into a payment machine at checkout. They are more secure for a couple of reasons.

First, requiring the PIN prevents checkout staff from handling your card — they will simply hand you the point-of-sale device and customers will insert their cards and verify payment themselves.

Second, the chip replaces the magnetic stripe, which is easily copied and therefore vulnerable to hackers, as the Target sting proved. In France, chip-and-PIN allegedly reduced credit-card fraud by 80% (although the sourcing for this number is vague).
Posted by Jill Fallon at 12:45 PM | Permalink

February 6, 2014

Scary is the word for the cybersecurity at federal agencies

It's not just that's  a "honeypot for hackers" where applicants have "no reasonable expectation of privacy"

Senate cybersecurity report finds agencies often fail to take basic preventive measures against even modestly skilled hackers.

The report…paints a broader picture of chronic dysfunction, citing repeated failures by federal officials to perform the unglamorous work of information security. That includes installing security patches, updating anti-virus software, communicating on secure networks and requiring strong passwords. A common password on federal systems, the report found, is “password".

The report levels particularly tough criticism at the Department of Homeland Security, which helps oversee cybersecurity at other federal agencies. The report concluded that the department had failed even to update essential software — “the basic security measure just about any American with a computer has performed.”

Report: 4 in 10 Government Security Breaches Go Undetected  DHS, DOJ, DOD, EPA, NASA, Energy, State routinely hacked

Nearly every agency has been attacked, including the Departments of Homeland Security, Justice, Defense, State, Labor, Energy, and Commerce. NASA, the EPA, the FDA, the U.S. Copyright Office, and the National Weather Service have also been hacked or had personal information stolen.

In one example, hackers breached the national Emergency Broadcast System in February 2013 to broadcast “zombie attack warnings” in several midwestern states.
Even worse, nearly four in 10 intrusions into major civilian agencies go undetected….
The Nuclear Regulatory Commission, which contains volumes of information on the nation’s nuclear facilities, “regularly experiences unauthorized disclosures of sensitive information,” according to the report.

The agency has “no official process for reporting” breaches, cannot keep track of how many laptops it has, and kept information on its own cybersecurity programs, and its commissioner’s “passport photo, credit card image, home address, and phone number,” on an unsecure shared drive.
“Weaknesses in the federal government’s own cybersecurity have put at risk the electrical grid, our financial markets, our emergency response systems, and our citizens’ personal information,” Coburn, ranking member of the Homeland Security and Governmental Affairs Committee, said in a statement. “While politicians like to propose complex new regulations, massive new programs, and billions in new spending to improve cybersecurity, there are very basic—and critically important—precautions that could protect our infrastructure and our citizens’ private information that we simply aren’t doing.”
Posted by Jill Fallon at 10:07 AM | Permalink

January 22, 2014

The Rockabilly culture

The people who are STILL living like it's 1951: Captivating portraits take a look inside America's Rockabilly community

Photographer Jennifer Greenburg, an assistant professor of photography at Indiana University, has been photographing the Rockabilly culture for 10 years.

People that not only dress like it’s the Fifties, but also drive perfectly preserved Cadillacs and decorate their homes with furniture to rival the retro sets of Mad Men.

'At first I thought the culture was about fashion,' the 36-year-old photographer told MailOnline. 'Then I realized it was much, much, more than that. I realized that this was a culture of people who functioned as a community.'

 Young Rockabilly -Cowboy

The community of people Ms Greenburg has documented, she believes, usually have a desire for this kind of joyousness that was lost in the 21st Century. 'Happiness, I believe, is everyone’s primary full-time job. And living a life that resembles, visually, the 1950’s helps make that just a little easier,' she said.

From re-wiring a lamp, to re-sewing the seams of a Fifties cocktail dress, Ms Greenburg added that most true participants of the culture are skilled at repairing and restoring most of their possessions.
'I realized what a special and lovely thing I found myself a part of,' she said. 'I have a friend in every city in America that I can call today and go visit tomorrow. That friend will open up his door to me,  and, help me with anything that I need -- a laugh, a drink of water, a shoulder to cry on -- just like only the best of friends do.'
Posted by Jill Fallon at 11:18 PM | Permalink

January 9, 2014

"His code name was T5"

From Reflections of a Paralytic » Sperm Donor Recalls Meeting His Donor-Daughter Decades Later

All Narelle Grech from Australia knew of her father was that his code name was T5, he was brown-haired and brown-eyed with O-positive blood type. “When I was a teenager, I carried that information around with me on a scrap of paper, the way other kids carried a photograph of their dad,” she said. “It was my way of keeping a link to him because I had nothing else.”

Born in 1983, Narelle started searching for her biological father fifteen years ago. That search became even more urgent when she was diagnosed her with advanced bowel cancer in 2011, a disease which doctors said might kill her within the next five years. The disease is genetic and she didn’t get it from her mother’s side. Shortly after her diagnosis, Grech has also discovered that she has eight half-siblings created with her biological father’s sperm: “Each one may be a genetic time bomb waiting to go off and it’s probable that they don’t know anything about it.”

Narelle was finally united with her biological father in February of 2013, she passed away just one month later at the age of 30. Last October Ray Tonna was a guest on an Australian talk show to discuss his experience with anonymous sperm donation. In this teaser video for the episode, he recalls what it was like meeting his daughter for the first time:
Posted by Jill Fallon at 7:17 AM | Permalink

January 8, 2014

Entanglement of Technology

It’s complicated  Human ingenuity has created a world that the mind cannot master. Have we finally reached our limits?

We are now living with the unintended consequences: a world we have created for ourselves that is too complicated for our humble human brains to handle….a world where nearly self-contained technological ecosystems operate outside of human knowledge and understanding. As a scientific paper in Nature in September 2013 put it, there is a complete ‘machine ecology beyond human response time’ in the financial world, where stocks are traded in an eyeblink, and mini-crashes and spikes can occur on the order of a second or less. When we try to push our financial trades to the limits of the speed of light, it is time to recognize that machines are interacting with each other in rich ways, essentially as algorithms trading among themselves, with humans on the sidelines.
ever since the Enlightenment, we have moved steadily toward the ‘Entanglement’, a term coined by the American computer scientist Danny Hillis. The Entanglement is the trend towards more interconnected and less comprehensible technological surroundings. Hillis argues that our machines, while subject to rational rules, are now too complicated to understand. Whether it’s the entirety of the internet or other large pieces of our infrastructure, understanding the whole — keeping it in your head — is no longer even close to possible.
Intellectual surrender in the face of increasing complexity seems too extreme and even a bit cowardly, but what should we replace it with if we can’t understand our creations any more?

The examples Samuel Arbesman uses include:  the Traffic Alert and Collision Avoidance System (TCAS), financial trading, software, our legal system which includes the tax code and Obamacare and  evolutionary programming.

In Wired, How the NSA Almost Killed the Internet

Google, Facebook, Microsoft, and the other tech titans have had to fight for their lives against their own government. An exclusive look inside their year from hell—and why the Internet will never be the same.
The hard-earned trust that the tech giants had spent years building was in danger of evaporating—and they seemed powerless to do anything about it. Legally gagged, they weren’t free to provide the full context of their cooperation or resistance. Even the most emphatic denial—a blog post by Google CEO Larry Page and chief legal officer David Drummond headlined, “What the …”—did not quell suspicions. How could it, when an NSA slide indicated that anyone’s personal information was just one click away? When Drummond took questions on the Guardian website later in the month, his interlocutors were hostile:

“Isn’t this whole show not just a face-saving exercise … after you have been found to be in cahoots with the NSA?”

“How can we tell if Google is lying to us?”

“We lost a decade-long trust in you, Google.”

“I will cease using Google mail.”
“The fact is, the government can’t put the genie back in the bottle,” says Face­book’s global communications head, Michael Buckley. “We can put out any statement or statistics, but in the wake of what feels like weekly disclosures of other government activity, the question is, will anyone believe us?”
At an appearance at a tech conference last September, Facebook’s Zuckerberg expressed his disgust. “The government blew it,” he said. But the consequences of the government’s actions—and the spectacular leak that informed the world about it—was now plopped into the problem set of Zuckerberg, Page, Tim Cook, Marissa Mayer, Steve Ballmer, and anyone else who worked for or invested in a company that held customer data on its servers.
“At first we were in an arms race with sophisticated criminals,” says Eric Grosse, Google’s head of security. “Then we found ourselves in an arms race with certain nation-state actors [with a reputation for cyberattacks]. And now we’re in an arms race with the best nation-state actors.” Primarily, the US government.
Research estimates that as much as $180 billion could be lost due in large part to overseas companies choosing not to patronize the American-based cloud. “American companies are feeling shellacked by overeager surveillance,” says US senator Wyden. “It reduces our competitiveness in a tough global economy.”

“I was naive,” says Ray Ozzie, who as the inventor of Lotus Notes was an early industry advocate of strong encryption. “I always felt that the US was a little more pure. Our processes of getting information were upfront. There were requests, and they were narrow. But then came the awakening,” he says. “We’re just like everybody else.”
Posted by Jill Fallon at 10:15 AM | Permalink

December 17, 2013

Facebook, Google and Privacy

Gizmondo offers advice on How to Erase Yourself from the Internet, especially from the four largest social media sites: Facebook, Twitter, Google+, and LinkedIn

Facebook's rule change may help pedophiles to target 13-year-olds

Until now 13 to 17-year olds barred from making posts visible to all users. But Facebook removed that protection and images can be shared publicly.  Move condemned as a 'disaster' by campaigners.

Study: Facebook Use Predicts Decline In Happiness

A new study shows that Facebook may help people feel connected, but it doesn’t make them any happier.  In fact, according to the research, which was conducted by the University of Michigan, Facebook use actually predicts a decline in a person’s well-being.

Facebook users are committing 'virtual identity suicide' in droves and quitting the site over privacy and addiction fears

Report suggests Facebook recently lost active users in the U.S and UK.  The majority of people quitting the site blamed concerns over privacy.    Other reasons included fear of addiction, and shallow conversations

Facebook tracks everything you type even if you DON'T post the update or comment

A Facebook data scientist studied the HTML code of 3.7 million profiles to discover 71% of users regularly type comments and statuses before deciding not to post them. The study, also found men are more likely to abandon a post on the social network site, than women.

From Neatorama  Facebook Security Simulator

Most epic read of our time?  Google's terms and conditions, say scientists

Google's latest terms and conditions are more difficult to understand than Anglo-Saxon saga Beowulf, say researchers

Google will soon put your face, name, and content in its ads

If you always wanted to see your shining face next to Google ads, your wish will soon be granted. Today Google announced plans to roll out “shared endorsements,” which will augment its own advertisements with information from users who rated, reviewed, or gave a +1 to the service or location in question.

The move echoes Facebook’s “sponsored stories,” where the social network started turning users’ likes or check-ins into ads on its site, all without asking permission or even notifying them. A public outcry, class-action lawsuit, $20 million settlement, and limitations on the use of users’ content followed.

Google revealed its shared endorsements scheme in a change to its terms of service. The updates state that going forward, friends, family, “and others” may see a user’s Google profile name, photo, and any endorsement they’ve created for a company alongside ads for that company.
Users are opted in to Google's new scheme by default. In the past, Google gave itself permission to use users’ +1s alongside advertisements unless the user specifically opted out. The new “shared endorsements” are an extension of that setting, wherein Google gives itself permission to take even more of a user’s content and place it alongside ads.
To opt out of being a shared endorsement, Google users must go to the “shared endorsement” settings page, which is currently not linked anywhere from either their Google+ account or privacy settings (the ads have yet to go into effect, so Google may be waiting to integrate the page until the feature is live). At the bottom of the page is a checkbox next to the phrase “Based upon my activity, Google may show my name and profile photo in shared endorsements that appear in ads.”

MIT Technology Review  The Real Privacy Problem

As Web companies and government agencies analyze ever more information about our lives, it’s tempting to respond by passing new privacy laws or creating mechanisms that pay us for our data. Instead, we need a civic solution, because democracy is at risk.

Too much information

Our instincts for privacy evolved in tribal societies where walls didn't exist. No wonder we are hopeless oversharersm‘.  Thinking about online privacy doesn’t come naturally to us,’ Loewenstein told me when I spoke to him on the phone. ‘Nothing in our evolution or culture has equipped us to deal with it.’

When a boy hit puberty, he disappeared into the jungle, returning a man. In today's digital culture this is precisely the stage at which we make our lives most exposed to the public gaze
The need for privacy remains, but the means to meet it — our privacy instincts — are no longer fit for purpose.
Over time, we will probably get smarter about online sharing. But right now, we’re pretty stupid about it. Perhaps this is because, at some primal level, we don’t really believe in the internet. Humans evolved their instinct for privacy in a world where words and acts disappeared the moment they were spoken or made. Our brains are barely getting used to the idea that our thoughts or actions can be written down or photographed, let alone take on a free-floating, indestructible life of their own. Until we catch up, we’ll continue to overshare.

Posted by Jill Fallon at 11:50 PM | Permalink

December 3, 2013

Security at the website is worse than before

With less than three weeks to sign up for insurance or pay a penalty, problems with the website are still unresolved.  It is impossible to imagine the anxiety and suffering of the millions who lost their health care policies and who don't want to put their identities at risk by going online to

Expert: Security Risks Even Worse After ‘Fix’

“It doesn’t appear that any security fixes were done at all,” David Kennedy, CEO of the online security firm TrustedSec, told the Washington Free Beacon.

Kennedy said fundamental safeguards missing from that were identified by his company more than a month ago have yet to be put in place.
After warning Americans when testifying before Congress on Nov. 19 to stay away from, Kennedy now says the situation is even worse.

“They said they implemented over 400 bug fixes,” he said. “When you recode the application to fix these 400 bugs—they were rushing this out of the door to get the site at least so it can work a little bit—you’re introducing more security flaws as you go along with it because you don’t even check that code.”

Get this.  The Federal Government doesn't have to notify anyone if the site is hacked.

“States are required to notify in the event of a breach, the federal government is not,” he added. “So in the event that gets compromised and all their information gets taken out of it they don’t have to notify anybody.”

Kennedy said the team working on is more likely to hide its security flaws than address them. When it was revealed that the most popular searches on the website were hack attempts—confirmed by entering a semicolon in the search bar—the website simply removed the tool.

The White House won't even give classified briefings to Congress about the security problems of  Chairman of the House Intelligence Committee Mike Rogers said,

“They could not even provide someone — CMS and HHS, the two folks responsible for the website — in a classified setting to come up and talk about the breaches that they know have happened. That’s just unconscionable.”

He warned that there is currently no coordinated effort within the administration to test the website’s newly-written code which was completed over the past two months of repairs, leaving it vulnerable to breaches. “You’re encouraging people to go to a site that our own government knows doesn’t meet safety standards when it comes to security of private information.”

78% Fear ObamaCare Site Security, Could Deter Signups

The latest IBD/TIPP Poll finds that 78% say Americans should be worried about the security of the ObamaCare exchange website, and 53% say they should be "very concerned." This view was shared across parties, with 69% of Democrats saying security concerns are warranted.

More worrisome for the law's success, 82% of those aged 18-24 say concern is justified. These are among the people ObamaCare most desperately needs to enroll to keep overall premiums from spiraling out of control.

John Podhoretz writes in Commentary,  No, Healthcare.Gov Isn’t Working.    Much of the backend hasn't been constructed yet. 

There is no such thing as a functioning website if the “back end” isn’t working. The “back end” is the catchall phrase for everything you don’t see when you visit a website. It refers to the software that translates pictures and words into what you see here. It refers to the software that mediates the relationship between 1) users who enter information, 2) the servers that store the website’s information, and 3) third parties hired to take some (but not all) of the information and process it on their servers and computers. It refers to the security systems put in place so that the website cannot be disabled by an outside attack and so that the data entered cannot be stolen or otherwise compromised.
In other words, the back end is the website. What many people are seeing now at is a visual demonstration of a sign-in. If the sign-in data are not transferred to a database, nothing has happened. It’s like taking a practice test; it’s not scored and it’s not registered and it means nothing.

New Obamacare Headache: Is Your Enrollment Real?

Obama administration officials acknowledged today that some of the roughly 126,000 Americans who completed the torturous online enrollment process in October and November might not be officially signed up with their selected issuer, even if the website has told them they are.
While the front-end of the website has been vastly improved, the back-end glitches remain a serious concern, IT experts and industry officials say.
For those who thought they enrolled in a plan through the federal exchange since October, the Obama administration now advises that individuals contact their insurance company to verify coverage and if none exists, to start all over again.

Errors plague one third of Obamacare online enrollees

The Washington Post is reporting the bad news for Obama; about of consumers enrolled through have serious errors in the plans they chose.

The mistakes include failure to notify insurers about new customers, duplicate enrollments or cancellation notices for the same person, incorrect information about family members, and mistakes involving federal subsidies.
Posted by Jill Fallon at 10:18 PM | Permalink

August 8, 2013

Government spying is worse than we thought

The spying by the government on American citizens is so far beyond what anyone thought was possible, it's hard to comprehend its scope.  Except that it gets bigger and bigger.

New York Times. N.S.A. Said to Search Content of Messages to and From U.S.

To conduct the surveillance,’ reads the report, ‘the NSA. is temporarily copying and then sifting through the contents of what is apparently most e-mails and other text-based communications that cross the border…[the] computer searches the data for the identifying keywords or other “selectors” and stores those that match so that human analysts could later examine them.’

Revealed: How the NSA will spy on you if you just put the word Osama in an email, text message or Facebook chat

By identifying the recipient of the emails or text messages as the target of the surveillance instead of the sender, the NSA sidesteps a 2008 law that allows spying on domestic soil without warrants as long as the target was a noncitizen abroad.
The official said the remaining emails, those not selected by the software, are deleted.  Nonetheless, privacy proponents were in disbelief.

‘The program described by the New York Times involves a breathtaking invasion of millions of people's privacy,’ American Civil Liberties Union deputy legal director Jameel Jaffer said in a statement. ‘The NSA has cast a massive dragnet over Americans' international communications, collecting and monitoring virtually all of them, and retaining some untold number of them in government databases. This is precisely the kind of generalized spying that the Fourth Amendment was intended to prohibit.’

Reuters.  Exclusive: U.S. directs agents to cover up program used to investigate Americans

A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial. If defendants don't know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence - information that could reveal entrapment, mistakes or biased witnesses.

"I have never heard of anything like this at all," said Nancy Gertner, a Harvard Law School professor who served as a federal judge from 1994 to 2011. Gertner and other legal experts said the program sounds more troubling than recent disclosures that the National Security Agency has been collecting domestic phone records. The NSA effort is geared toward stopping terrorists; the DEA program targets common criminals, primarily drug dealers.

"It is one thing to create special rules for national security," Gertner said. "Ordinary crime is entirely different. It sounds like they are phonying up investigations."

In a follow-up article Reuters reports Exclusive: IRS manual detailed DEA's use of hidden intel evidence

Details of a U.S. Drug Enforcement Administration program that feeds tips to federal agents and then instructs them to alter the investigative trail were published in a manual used by agents of the Internal Revenue Service for two years.

The practice of recreating the investigative trail, highly criticized by former prosecutors and defense lawyers after Reuters reported it this week, is now under review by the Justice Department. Two high-profile Republicans have also raised questions about the procedure.

Meanwhile, Other Agencies Clamor for Data N.S.A. Compiles

“It’s a very common complaint about N.S.A.,” said Timothy H. Edgar, a former senior intelligence official at the White House and at the office of the director of national intelligence. “They collect all this information, but it’s difficult for the other agencies to get access to what they want.”

“The other agencies feel they should be bigger players,” said Mr. Edgar, who heard many of the disputes before leaving government this year to become a visiting fellow at Brown University. “They view the N.S.A. — incorrectly, I think — as this big pot of data that they could go get if they were just able to pry it out of them.”

Report:  Feds Demand Major Internet Companies Turn Over User Passwords

The federal government has demanded that major internet companies turn over users’ stored passwords, two sources told the respected tech website CNet.
“If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user,” the report says. “Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.”  But it doesn’t end there. The government is not only requesting the passwords, but its also asking for algorithms and even security questions:

At the same time, the government is doing everything it can to protect its own secrets, today's example, the EPA

The EPA's Game of Secret Science  The agency pursues rules that will cost billions but refuses to reveal its research.

As the Environmental Protection Agency moves forward with some of the most costly regulations in history, there needs to be greater transparency about the claimed benefits from these actions. Unfortunately, President Obama and the EPA have been unwilling to reveal to the American people the data they use to justify their multibillion-dollar regulatory agenda.

To cite a few examples of where the EPA would like to take the country, the agency is moving forward with strict new limits on ozone that by its own estimates will cost taxpayers $90 billion per year, which would make the regulation the most costly in history. Other examples include a Mercury and Air Toxics Standard for power plants (previously known as "Utility MACT") that the EPA estimates could cost up to $10 billion a year. Yet more than 99% of the EPA's health-based justifications for the rule are derived from scientific research that the EPA won't reveal. Taxpayers are supposed to take on faith that EPA policy is backed by good science.
Posted by Jill Fallon at 9:59 PM | Permalink

What happened to Barnaby Jack?

Was this computer nerd killed after discovering how to murder anyone with a pacemaker?

When the acclaimed television drama  series Homeland climaxed with a devious plot by terrorists to kill America’s vice-president by hacking into his electronic pacemaker, critics scoffed at the ludicrousness of the idea.

But the outrageous storyline was thought credible by many in the world of computer security.  Among those was the New Zealand-born computer hacker Barnaby Jack.  The 35-year-old — who, unlike many in the business, used his skills ‘ethically’ — had spent his career demonstrating the dangers posed by unscrupulous hackers combined with computer manufacturers’ failure to install proper safety devices on equipment.
 Barnaby Jack
Jack thought it highly plausible that a terrorist could hack into someone’s pacemaker and speed up their heartbeat until it killed them.  He also believed it was possible to infect the pacemaker companies’ servers with a bug that would spread through their systems like a virus.

‘We are potentially looking at a “worm” with the ability to commit mass murder,’ he said. ‘It’s kind of scary.’ Jack certainly knew what he was talking about — having become famous after demonstrating how he could sabotage cash machines and make them dispense large sums of money (a trick he called ‘Jackpotting’) by hacking into a bank’s computer system.

Another stunt was to reveal how a diabetic’s insulin pump — which is designed to deliver insulin to the body day and night — could be hacked from 300ft away, so it could dispense a fatal dose.

Jack, who had been obsessed with computers since childhood, emigrated to the U.S. at the age of 21 and joined a firm specializing in computer security issues.
In recent years, he had developed a specific interest in what is known as ‘embedded’ technology, the hardware and software built into everyday objects such as cars, banking systems, home appliances and medical devices. Jack thought it plausible that someone could hack into a pacemaker and speed up their heartbeat until it killed them

He was preparing to demonstrate his work two days ago at a major computer-hacking convention in Las Vegas.

In an address to the Black Hat convention titled ‘Implantable medical devices: hacking humans’, Jack was due to show an audience of hackers and cyber security experts at Caesar’s Palace how he could hack into devices such as pacemakers and defibrillators.
However, he was never to give the demonstration. A week beforehand, Jack was found dead in his flat in the San Francisco neighborhood of Nob Hill. His body was believed to have been found by his girlfriend, Layne Cross, a 31-year-old model. According to friends, he was found dead in bed.

To say his sudden death  remains shrouded in mystery is putting it mildly.

Predictably, for someone who worked in such a shadowy world, there have been countless theories about how he was killed. Hackers are a suspicious bunch who have become even more paranoid since the U.S government’s efforts to silence whistleblowers such as ex-soldier Bradley Manning (who faces jail for leaking secret government cables to WikiLeaks).  The absence of even the most basic details about Barnaby Jack’s untimely death has ignited a firestorm of speculation that foul play could be involved.
Posted by Jill Fallon at 1:14 PM | Permalink

July 30, 2013

They stole 160 million credit card numbers

U.S. Says Ring Stole 160 Million Credit Card Numbers

A prolific gang of foreign hackers stole and sold 160 million credit card numbers from more than a dozen companies, causing hundreds of millions of dollars in losses, federal prosecutors charged on last Thursday in what they described as the largest hacking and data breach case in the country.

The scheme was run by four Russian nationals and a Ukrainian, said the United States attorney for the District of New Jersey, Paul J. Fishman, who announced the indictments in Newark.

The victims in the scheme, which prosecutors said ran from 2005 until last year, included J. C. Penney; 7-Eleven; JetBlue; Heartland Payment Systems, one of the world’s largest credit and debit processing companies; and the French retailer Carrefour.
“It is a really potent reminder of what researchers have been saying: The bigger threat is coming from criminal gangs, most of which are coming from Russia,” said Fred H. Cate, director of the Center for Applied Cybersecurity Research at Indiana University in Bloomington. “It’s far more immediately impactful than threats coming from China.”

The Hackers Who Stole 160 Million Credit Cards and Almost Got Away

In a scam that dated back to 2005, the suspects first targeted retailers, surreptitiously visiting their checkout counters and exploiting vulnerabilities in the payment systems they used. By 2007, they were hacking into the financial systems of Nasdaq, the largest US electronic stock market, and major corporations like 7-Eleven, France’s Carrefour SA, JCPenney and the Hannaford Brothers supermarket chain.

They hit the real paydirt, authorities allege, when they hacked directly into some of the biggest credit card payment processors themselves to steal literally oceans of personal financial data.
Once inside the network, they used malware (malicious code) to create a “back door” that gave them return access, even after some companies identified breaches and thought they had fixed them. Then they installed “sniffers,” or programs to identify, collect and steal vast amounts of personal financial data, individually known as dumps, that they secreted in a network of computers around the world.
Posted by Jill Fallon at 2:38 PM | Permalink

July 25, 2013

Obamacare data hub a "honey pot" for ID thieves

John Fund reports on Obamacare’s Branch of the NSA  Community organizers will use a Federal Data Hub to sign up people for subsidies — and even ballots.

The Department of Health and Human Services is about to hire an army of “patient navigators” to inform Americans about the subsidized insurance promised by Obamacare and assist them in enrolling. These organizers will be guided by the new Federal Data Hub, which will give them access to reams of personal information compiled by federal agencies ranging from the IRS to the Department of Defense and the Veterans Administration. “The federal government is planning to quietly enact what could be the largest consolidation of personal data in the history of the republic,” Paul Howard of the Manhattan Institute and Stephen T. Parente, a University of Minnesota finance professor, wrote in USA Today. No wonder that there are concerns about everything from identity theft to the ability of navigators to use the system to register Obamacare participants to vote.
This spring, House Oversight and Government Reform Committee lawyers were also told by HHS that, despite the fact that navigators will have access to sensitive data such as Social Security numbers and tax returns, there will be no criminal background checks required for them. Indeed, they won’t even have to have high-school diplomas. Both U.S. Census Bureau and IRS employees must meet those minimum standards, if only because no one wants someone who has been convicted of identity theft getting near Americans’ personal records. But HHS is unconcerned. It points out that navigators will have to take a 20–30 hour online course about how the 1,200-page law works, which, given its demonstrated complexity, is like giving someone a first-aid course and then making him a med-school professor.
Indeed, voter registration is among the goals of the folks hawking Obamacare. The People’s World newspaper reports: “California’s Secretary of State Debra Bowen is designating the state’s new Health Benefit Exchange, Covered California, as a voter registration agency under the National Voter Registration Act. That means Covered California will be incorporating voter registration into every transaction — online, in-person and by phone — it has with consumers.” It seems as if some Obama supporters have found a new way to fill the void left by the bankruptcy of ACORN, the notorious left-wing voter-registration group that saw dozens of its employees in multiple states convicted of fraud.
“Giving community organizers access to the Federal Data Hub is bad policy and potentially a danger to civil liberties,” House Budget Committee chairman Paul Ryan told me recently. “But it’s one of the most underreported stories I’ve seen. If people only knew about this Data Hub program, it would touch off a huge public outcry.”

Obamacare data hub a 'honey pot' for ID thieves, warn critics

"It's the greatest collection of private identification information ever assembled on Americans that will be put into one place," said Rep. Patrick Meehan, who chairs a House cybersecurity subcommittee. "It is every bit of sensitive information one would need to know to completely take over the identification of a person," said the Pennsylvania lawmaker.

The Obamacare data hub, he added, "creates a honey pot and the day that it goes online it is going to be a target for hackers and others and they are unprepared to protect the system."

Doctors are skeptical and confused about Obamacare, survey finds

To combat wide spread skepticism, ‘Obamacare’ National Marketing Campaign To Cost Nearly $700 Million

Study: Obamacare could cause 1 million low-income Americans to move from work to welfare 

Posted by Jill Fallon at 5:02 PM | Permalink

July 11, 2013

Typewriters and DuckDuckGo

To Avoid Cyber Espionage, Russia's Switching Back to Typewriters

Hackers aren't going anywhere any time soon, so Russian spies are wising up and taking their most sensitive intelligence offline. Not offline like off the internet. Offline like off computers altogether.

The Russian state procurement agency FSO recently announced that it was interested in spending up to 486,000 rubles (about $14,800) on at least 20 old fashioned typewriters to handle top secret documents. After all, cyber security isn't an issue when ink and tree are involved.

Little known search engine that refuses to store data on users doubles web traffic amid NSA tapping scandal

Web-users who want to protect their privacy have been switching to a small unheard of search engine in the wake of the 'Prism' revelations.
DuckDuckGo, the little known U.S. company, sets itself aside from its giant competitors such as Google and Yahoo, by not sharing any of its clients' data with searched websites. This means no targeted advertising and no skewed search results.

Aside from the reduced ads, this unbiased and private approach to using the internet is appealing to users angered at the news that U.S. and UK governments (the National Security Agency (NSA) in the U.S. and GCHQ in the UK), have direct access to the servers of big search engine companies, allowing them to 'watch' users.

Entrepreneur Mr Weinberg had the idea for the company in 2006….From there he had the idea to develop a 'better' search engine, that does not share any user information with any websites whatsoever.

Search data, he told the paper, 'is arguably the most personal data people are entering into anything. You're typing in your problems, your desires. It's not the same as things you post publicly on a social network.'

DuckDuckGo, named after an American children's tag game Duck Duck Goose (though not a metaphor), was solo-founded by Mr Weinberg in 2008, in Valley Forge, Pennsylvania.  He self-funded it until 2011 when Union Square Ventures, which also backs Twitter, Tumblr, Foursquare and Kickstarter, and a handful of angel investors, came on board.
The 33-year-old CEO, who lives in Paoli, a suburb of Philadelphia, PA, with his wife and two children, explains that when other search engines are used, your search terms are sent to that site you clicked on; this sharing of information is known as 'search leakage'.

'For example, when you search for something private, you are sharing that private search not only with your search engine, but also with all the sites that you clicked on (for that search),' he points out on his website.

'In addition, when you visit any site, your computer automatically sends information about it to that site (including your User agent and IP address). This information can often be used to identify you directly.

'So when you do that private search, not only can those other sites know your search terms, but they can also know that you searched it. It is this combination of available information about you that raises privacy concerns,' he says.

I'm switching.

Posted by Jill Fallon at 6:02 PM | Permalink

June 6, 2013

Malware on Facebook - Watch what you click

Computer virus found on Facebook steals bank details and money from accounts when users click on links

A computer virus that steals bank details and empties money from accounts has been found on Facebook.
Eric Feinberg, who controls the U.S National Football League Facebook page, discovered the malicious links were being posted on his brand's page by fake profiles.

The links are believed to be controlled by the Russian Business Network - an online criminal gang accused of stealing internet users' identities and private information.

The link discovered by Feinberg was for a page called 'Bring the N.F.L to Los Angeles'. The page has since been removed.
Security firm Trend Micro claim that there may be many more hidden on pages, or even being spread inadvertently by Facebook friends.

When a Facebook user clicks the links the Trojan - which gets its name from the Trojan horse the Greeks used to enter the city of Troy undetected - is installed on their computer.  It then scans all the personal files and steals any private information.

The malware is also able to collect login details, even if they aren't stored in documents on your PC, by using keystroke logging.  Keystroke logging, also known as keylogging, can record which keys on a keyboard are being pressed.  It can then wait until the user types in their online banking address and login details and steal them.
Once they have the logins, the cybercriminals can enter your online accounts and steal your money.

It is a six-year-old malware program that has seen a resurgence recently on Facebook and other social network sites.  The Zeus Trojan, also known as ZBOT, has infected millions of computers worldwide - with reports claiming 3.6 million are in the U.S alone - and can sit in the background dormant and virtually undetected.
Posted by Jill Fallon at 11:36 PM | Permalink

April 30, 2013

Learn from the experience of others. Back up what you don't want to lose

 For My Lost Laptop

Posted by Jill Fallon at 12:27 PM | Permalink

March 21, 2013

Facebook Identity Theft

‘If you tell me your date of birth and where you’re born on Facebook, I’m 98 per cent of the way to stealing your identity,’

Catch Me If You Can conman issues stark warning on the dangers of revealing personal information on Facebook

'World's greatest conman' Frank Abagnale says social network is rich seam for identity thieves.  He said children in particular need to be made aware of the serious risks of unwittingly revealing information online…..‘Technology breeds crime.’

‘What I did 40 years ago as a teenage boy is 4,000 times easier now,’ said Mr Abagnale, who is known as one of the most successful impostors of all time, assuming the identities of pilots, doctors, lawyers, and even a U.S. prison agent.

Is Facebook setting you up for identity theft?

"Something seemingly innocent, like posting our birthday on Facebook, can provide thieves with just enough information to access bank accounts, credit cards, sign up for credit and more."

You also give away a few more pieces of the identity puzzle by sharing whom or what you "like" or "follow."  When you like a particular store or your neighborhood bank, for instance, you are giving a potential thief one more link to steal your information.

Hackers utilize the following distribution "touch points" to deceive users: malicious links and code, spam, friend requests, private messaging, user groups, gaming forums, videos and music.

"Social networking scams are 10 times more effective in spreading malware than email" is, said George Waller, executive vice president and co-founder of StrikeForce Technologies in Edison, N.J.
Blanton, who was once a police officer, added that people have always used personal information to commit crimes.

"The Internet just makes it easier," she said.  And now social media has provided a gold mine for bad guys.

7 Ways to Avoid Identity Theft Before Facebook Gets Hacked

1. Change your name. If you tweak your name just a little, or use a nickname, life will be easier for you after the inevitable hack.
2. Stop geotagging your photos.
3. Lie about your age. While it's fun to get birthday greetings on your wall, it's a key piece of information needed to steal your identity. At least post the wrong year.
4. Don't store your credit card information on the site. Facebook has several services that require a credit card. Buyer beware.
5. Have some boundaries. When Facebook asks you where your photo was taken, keep it to yourself.
6. Less is more (peace of mind). …. Go through your timeline and remove posts that provide personally identifiable information.
7. Deactivate your account.
Bonus Pro Tip: Don't use your Facebook password anywhere else. That's making it way too easy for the bad guys.
Posted by Jill Fallon at 8:38 AM | Permalink

September 24, 2012

New statistics are chilling

Suicide is now the leading cause of injury deaths.  Too many people are living lives of despair as the miserable economy takes its toll.   

More people commit suicide than die in car crashes.    A report in the American Journal of Public Health says suicide ranks first followed by car crashes, poisoning, falls and murder.

"Suicides are terribly undercounted; I think the problem is much worse than official data would lead us to believe," said study author Ian Rockett, a professor of epidemiology at West Virginia University…. For the study, Rockett's team used data from the U.S. National Center for Health Statistics to determine the cause of injury deaths from 2000 to 2009.

Deaths from intentional and unintentional injury were 10 percent higher in 2009 than in 2000, the researchers noted. And although deaths from car crashes declined 25 percent, deaths from poisoning rose 128 percent, deaths from falls increased 71 percent and deaths from suicides rose 15 percent, according to the study.
In 2009, more than 37,000 Americans took their own lives, and more than 500,000 were at risk of suicide, according to Pamela Hyde, administrator of the U.S. Substance Abuse and Mental Health Services Administration.

How to Stop Hospitals from Killing Us.

Medical errors kill enough people to fill four jumbo jets a week. A surgeon with five simple ways to make health care safer. 

All of them have to do with transparency

  • online hospital performance ratings
  • teamwork scores  Good teamwork meant safer care.
  • compliance cameras
  • open notes
  • no more gagging

A staggering 94 million Americans exposed to potential identity theft through breaches in government agencies
.  And it's probably much worse.

ABC News reports 

Furthermore, out of 268 breach incidents reported since 2009, the 67 of the public agencies responsible (and I use that term loosely) couldn't even figure out how many records were lost. That fact alone will tell anyone with basic math skills and a lick of common sense that this epidemic is much worse than we know. …..

Premeditated attacks by hackers accounted for only 40 breaches since 2009, a mere 15 percent of the total….Plain and simple stupidity and negligence caused most of the rest.
the sad truth is that our own government's security policies -- or lack thereof -- have put us all at risk. …The GAO's report found that out of 24 major government agencies, 18 had inadequate information security controls….the Department of Veterans Affairs and the Department of Health and Human Services, each of which have met just over 50 percent of the law's requirements.

Robert Morgenthau: The Death of Peter Wielunski

For every soldier killed in combat, 25 veterans are dying by suicide. It's time to broaden efforts against PTSD.

Posted by Jill Fallon at 1:55 PM | Permalink

August 7, 2012

Maybe the cloud is not so safe

Cloud safety: Internet storage service Dropbox admits security breach as fears grow over storing information online

Online storage service Dropbox has admitted to a security breach that led to many of its members receiving unsolicited emails.  A stolen password had been used to access an employee's accounts and copy a 'project document' containing user emails addresses.

The US company said that usernames and passwords stolen from other sites had also been used to sign in to some of its members' accounts.
'The Dropbox incident underlines the necessity of having different passwords for every website,' said Graham Cluley, senior technology consultant at Sophos.  'As people pile more confidential information onto the web, hackers are being given a greater incentive to penetrate accounts.

Matt Honan over at Wired tells how his entire digital life was destroyed.

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
Posted by Jill Fallon at 11:50 AM | Permalink

July 24, 2012

Taxpayer identity theft

An amazing illusion that I found here.


Speaking of illusions, how safe are you from identity theft?

A report by the Treasury Inspector General for Tax Administration (TIGTA) reveals that that taxpayer identity theft more than doubled in 2011, skyrocketing to 641,052 taxpayers affected as compared to 270,518 the prior year.

As Eileen Ambrose of the Baltimore Sun explains, once a fraudster has someone's Social Security number, all they have to do is "make up W-2 information, submit a return before the legitimate taxpayer files and receive a refund directly deposited on a debit card."

That, said Taxpayer Advocate Nina Olson during a July 10th House Judiciary Committee hearing, can mean a nightmare for victims.  "Identity theft wreaks havoc on our tax system in many ways," explained.  "Victims not only must deal with the aftermath of an emotionally draining crime, but may also have to deal with the IRS for years to untangle the resulting tax account problems. Identity theft also impacts the public …(Treasury)… as Treasury funds are diverted to pay out improper refunds claimed by opportunistic perpetrators….Identity theft is not a problem the IRS can solve on its own."

Phishing emails, stolen Social Security numbers, and fraudulent tax preparers are all cited as potential pathways for taxpayer identity fraud to occur.
Amy Feldman, writing for Reuters, says that "Fighting taxpayer identity theft is a bit like going after Nigerian email scammers, a constant battle that seems unlikely to be won anytime soon."
Posted by Jill Fallon at 11:33 AM | Permalink

June 8, 2012

"Free services in exchange for personal information"

Cary Doctorow in Technology Review, The Curious Case of Internet Privacy, Free services in exchange for personal information. That's the "privacy bargain" we all strike on the Web. It could be the worst deal ever.

What we agree to participate in on the Internet isn't a negotiated trade; it's a smorgasbord, and intimate facts of your life (your location, your interests, your friends) are the buffet.

Why do we seem to value privacy so little? In part, it's because we are told to. Facebook has more than once overridden its users' privacy preferences, replacing them with new default settings. Facebook then responds to the inevitable public outcry by restoring something that's like the old system, except slightly less private. And it adds a few more lines to an inexplicably complex privacy dashboard.

People don't value privacy until they lose it. 

Posted by Jill Fallon at 1:15 PM | Permalink

September 27, 2011

Facebook is Big Brother

You aren't the customer, you're the product being sold says Michael van der Gallen in The 8 ways Big Brother's Facebook's New Changes Alienate Its Users

Most of the changes aren’t meant to make life easier for users — that means: for you and me — but for advertisers. The goal clearly is to make it easier for them to target people whose Internet behavior implies they may be interested in a company’s products. If that means that you and I have a more difficult time using the world’s largest social network, so be it. Facebook has more important things to consider, namely money.

I am horrified to learn that Facebook is asking users to share their medical history, that the new profiles are "The biggest Breach of Your Privacy in Facebook's History" and that its new "Open Graph" creates a permanent record over which the user has no control.

Lauren Weinstein — an expert on the Internet and privacy – adds rather succinctly: Biggest fans of Facebook’s new Open Graph:

FBI, CIA, NSA, TSA, + (all Department of Homeland Security departments and assets)
Local Law Enforcement
Your boss
Your medical and life insurance companies
Your auto insurance company
Department of Motor Vehicles
All lawyers (especially divorce and personal injury)
Anyone else who might want to know how you’ve spent your time, at any point in the future, based on the permanent data record created automatically by your activities at vast numbers of sites, all collected in one place for ease of court orders.
Posted by Jill Fallon at 11:02 PM | Permalink