One technique for producing the prefect password
By karen | July 26, 2009
Everyone knows it’s bad to use the same password for different sites. People do it anyway because remembering different passwords is annoying. Remembering different difficult passwords is even more annoying.
Here is a foolproof technique for creating passwords, that are hard to crack and easy to remember. Plus, it takes just minutes to learn.
Step 1:
Start with an original but memorable phrase. For this exercise, let’s use these two sentences: I like to eat bagels at the airport and my first Cadillac was a real lemon so I bought a Toyota —just make sure it’s something you can remember without having to write it down. That’s the key!
Step 2:
Turn your phrase into an acronym. Be sure to use some numbers and symbols and capital letters, too.
I like to eat bagels at the airport = Ilteb@ta
My first Cadillac was a real lemon so I bought a Toyota = M1stCwarlsIbaT.
A sentence like: It’s 20 degrees in February, so I use Gmail, lets you set a new Gmail password every month and still never forget it: i90diSsIuG for September, i30diMsIuG for March, etc. (These aren’t realistic temperatures; they’re the month-number multiplied by 10.)
That’s it—you’re done.
Important to remember:
You should use different passwords for each of your social networking accounts—someone can do real damage by breaking into your Facebook or Twitter, so you want to keep them distinct. Reserve strong, most distinct passwords for the few very important accounts—your online banking, your computer, your online bills, and your e-mail accounts, which often contains the keys to everything else in your life.
You don’t have to keep unique passwords for every single site you visit—it’s perfectly OK to repeat passwords on sites that don’t need to be kept very secure. For instance, the New York Times, The New Yorker, and other online magazines, because it won’t hurt too much if someone breaks into those.
Topics: Helpful Resources, blog home, karen lodrick's blog | No Comments »
Carding, how individual hackers get paid for stealing information
By karen | July 26, 2009
“There is a bustling trade in credit card information and personal details among hackers, phishers and other online criminals. This is called “carding”, and is generally how individual technical hackers get paid by organized crime for stealing information. Occasionally spreadsheets, databases, and other lists of personal information end up in public places on the web and get spidered by Google.” –Alex Stamos, ISEC Partners.
Click here to read the story; a woman finds her personal and credit card information online.
Topics: blog home, karen lodrick's blog | No Comments »
Anti-malware expert and CEO, Eugene Kaspersky, talks about cybercrime
By karen | July 17, 2009
During the 10th Annual Kaspersky Lab Virus Analyst Summit, I had the chance to sit down with CEO Eugene Kaspersky who offered his theory for stopping cybercrime. But first, I learned about his company, Kaspersky Lab which specializes in anti-malware technology.
It started out of passion; and now is quickly becoming a household name worldwide.
I found Eugene very down to earth with a good sense of humor. He begins the interview by explaining the details of his job; a lot of plane travel, many interviews, conferences, exhibitions, and then continues on to the next town or country. He’s busy traveling the globe with his message to get users and their computers safe. And it is clear he loves his work.
Topics: Messages From Others, blog home, karen lodrick's blog | No Comments »
Koobface worms attacking social networks
By karen | July 8, 2009
As social networks become a mainstay, attacks targeting them continue to gain momentum.
The Koobface worms (over 575 new variants identified):
• Net-Worm.Win32.Koobface.a
• Net-Worm.Win32.Koobface.b
• Net-Worm.Win32.Koobface.c
• Etc
Targeted social networking websites (detected):
• Facebook
• MySpace
• Hi5
• Bebo
• Tagged
• Netlog
• Twitter
The Koobface worms come through social networks and transform victims’ machines into zombie computers to form botnets.
It spreads through the legitimate user’s account to their friends. Comments and messages sent by the worm contain a link to a fake YouTube style website which invites users to download a “new version of Flash Player”. The worm, rather than the Flash Player, is then downloaded to the victim’s machine. Once a user is infected, he or she will start spreading such messages to his or her friends.
The worms are designed to upload additional malicious modules via the Internet. It is highly probable that victim machines will not only be used for spreading links via these social networking sites, but the botnets will also be used for other malicious purposes, such as gathering personal information then taping into bank accounts or committing fraud.
Kaspersky Lab discovered the worm and detected these threats on July 31, 2008. “At the beginning of 2008 we predicted that we’d see an increase in cyber-criminals exploiting MySpace, Facebook and similar sites, and we’re now seeing evidence of this. I’m sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity,” says Alexander Gostev, Senior Virus Analyst at Kaspersky Lab.
Tips for Users:
- Be cautious when opening links coming through suspicious messages, even if the sender is one of your trusted Facebook friends.
- Use either Internet Explorer 8 running in protected mode or Firefox with NoScript installed.
- Divulge as little personal information as possible. Do not give out your home address, phone number or other private details.
- Keep your antivirus software updated to prevent new versions of malware from attacking your computer.
Topics: Helpful Resources, blog home, karen lodrick's blog | No Comments »
President Obama’s cybersecurity
By karen | May 28, 2009
It seems that everything relies on computers and the internet now — Cyber security involves protecting that online information by preventing, detecting, and responding to attacks. Some attacks are more serious than others. Among these attacks are viruses erasing entire computer systems, someone breaking into a system and altering files, or someone breaking in and stealing personal information and committing fraud or identity theft.
During Obama’s presidential campaign, he pledged to bump up the issue of cybersecurity to “top priority” and appoint a national cybersecurity adviser. And it seems he is gearing up to honor that promise. The commitment was to establish the proper structure within the government to ensure cybersecurity issues continue to receive top-level attention and enhanced coordination.
This new official would develop a strategy to protect the nation’s government-run and private computer networks. The idea is have a senior official who can contact the president, directly. READ MORE>
Topics: blog home, karen lodrick's blog | No Comments »
Education and awareness are major tools to protect against cyber crime
By karen | May 26, 2009
From January to December of 2008, the Internet Crime Complaint Center (IC3) website received 275,284 complaint submissions. This is a 33% increase compared to 2007. These complaints were composed of many different fraud types such as auction fraud, non-delivery, and credit/debit card fraud as well as non-fraudulent complaints such as computer intrusions, spam/unsolicited e-mail, and child pornography.
The total dollar loss was $264.6 million with the median dollar loss of $931.00 per complaint. This is up from $239.1 million in total reported losses in 2007. E-mail (74.0%) and web pages (28.9%) were the two primary mechanisms by which the fraudulent contact took place.
Education and awareness are the major tools to protect ourselves. READ MORE>
Topics: Announcements, Helpful Resources, blog home, karen lodrick's blog | No Comments »
Tips for working with your bank, if you’re an identity theft victim
By karen | May 16, 2009
In 2006, my bank provided an identity thief posing as me, debit card approval through an unauthorized phone number. Within a few days, the thief wiped out my checking account, stealing $8,000.00 before I realized what happened. For six months, the identity thief continued to victimize me. I lost $22,000.00, before I managed to catch the thief and stop the rampage. Yet, my bank was accusing me of forging my own identity.
It’s dreadful enough when you find out you are a victim of identity theft, but it adds insult to injury when your bank treats you like a criminal.
Did you know that many of the largest banks in the United States are frequently targeted by identity thieves? (Fig. 1) Fortunately, what I learned during my personal experience dealing with my bank after becoming a victim of identity theft may assist you if you’re ever a victim.
Figure 1: Courtesy of Chris Hoofnagle and the Berkeley Center for Law and Technology
Tips for working with your bank if you’re an identity theft victim:
TIP #1 - IMMEDIATELY CLOSE ALL COMPROMISED ACCOUNTS
If your bank doesn’t automatically provide you with a new account number, insist that they do so. In order to get any money reimbursed, you will need an account number that has not been compromised.
TIP #2 - GET PROTECTION ON ALL ACCOUNTS
Insist that your bank place an “Identity Theft Warning” message and password protection on all your accounts. I found it easy to do this for phone inquiries, but difficult for in-person inquiries. So when I thought I was safe because I had a new password-protected bank account, the identity thief managed to withdraw money in person from different bank branches. Through perseverance, I was able to locate a bank manager who was able to place a universal warning on all my accounts. I believe this helped me eventually track down my identity thief.
TIP #3 - ASK QUESTIONS
Knowledge is power. If you don’t understand the bank’s identity theft protocol, ask questions about it. It’s important to know what the bank is requesting of you. Understanding the bank’s procedures will help you deal with this crime. If you don’t understand the bank’s procedure or don’t think the procedure is useful in your particular circumstance, ask further questions and/or request additional assistance. I was able to get a new protocol put into place for my accounts (see Tip #2).
TIP #4 - KEEP RECORDS AND A JOURNAL
Create a file for your identity theft documents. Log all your conversations and transactions. Make sure to get full names of the people you talk to, keep track of all dates and times (noting how much time you spent dealing with each issue), and be sure to keep track of the amount of money lost or stolen including your time spent to recover. Creating these records will help you recall what happened, should you need to at a later date. Most importantly, if you ever go to court because your identity was stolen, you will have a clear record. Plus, you may be able to claim the loss on your taxes.
TIP #5 - MONITOR YOUR ACCOUNTS REGULARLY
Keep an eye on your bank accounts. Call your bank immediately if you notice a discrepancy, no matter how small as you may have a limited period of time to file a complaint. I regularly review my bank activity online. It saves a time and, if your mail has been stolen or redirected by an identity thief, you may not get your bank statements in time. Remember to be smart when banking online. Always log in using your bank’s official URL and never log-in by clicking on a link provided in an email or advertisement. Always log out when finished and close the browser window. Empty cookies from your computer system regularly and never allow the browser to remember your password (type in your password every time).
TIP #6 - KEEP PERSONAL INFORMATION OFF YOUR CHECKS
All you need are your first initials and last name on your checks. Your full name, address, Social Security number and phone number are not necessary. The bank knows how to handle your checks. The less your personal information is out there for a thief, the better. If a crook can’t match an exact name to a bank account, he/she will be less likely to use it.
As an identity theft victim, dealing with your bank may be a challenge. You may have to repeat the facts of your case to several different bank officials until the bank has a grasp of your specific circumstances. This can be frustrating. If possible, find one person that can handle your claim as quickly as possible. Ask to speak to a supervisor if you feel you are not getting the help you need or if someone treats you poorly. And trust that your situation will eventually get resolved.
Topics: Announcements, Helpful Resources, Uncategorized, blog home, karen lodrick's blog | No Comments »
Banks + Fraud = the Economic Crisis
By karen | April 7, 2009
Worth a LISTEN. Bill Moyers interviews William K. Black, the former senior regulator who cracked down on banks during the savings and loan crisis of the 1980s.
The financial industry recently brought the economy to its knees. Black offers his analysis of what went wrong and his critique of the bailout. How will identity theft ever be taken seriously when our banks/financial institutions are part of the scams?
Part 1 of 3
Part 2 of 3
Part 3 of 3
Topics: Books and Movies, blog home, karen lodrick's blog | No Comments »
Cyber-crooks targeting social-networking Web sites
By karen | March 5, 2009
Facebook has become prime hunting ground for tricksters and malicious software spreaders because it is the leading social-networking community, with more than 175 million people sharing personal information.
The bad guys know how to see all the things you post. You may be revealing personal information that is extremely valuable to them.
Even seemingly innocent information posted on profile pages can sometimes provide opportunities for criminals. For example, names of grandparents or pets in posted pictures can tip hackers off to answers for typical challenge questions asked before providing information about “forgotten passwords” to online accounts.
WATCH FOR:
1) Fraudulent applications sent warnings that the Web site was shutting down or that they had been reported for violating terms of service which was followed by instruction for correcting the issue.
If people followed the instructions in the bogus messages, software was installed on their computers that stole information and sent similar bogus messages to their friends on the site.
2) Messages claiming to be from Facebook friends wanting to share digital video. Clicking on the link results in a prompt to download viewing software that is actually a computer worm called KOOBFACE.
Then it steals your cookies (store identifying information such as user names and passwords) on your desktop; not just for Facebook but for a half-dozen social networking Web sites including MySpace.
Then, your account is compromised at that point. Using the hijacked cookie, it tries to log in as you, goes through your address book and starts posting messages and comments.
People can reduce the odds of becoming victims by being selective about friends at social networking websites and not clicking on links that take them outside the walls of their online communities.
Computer users are also wise to use unique complex passwords for each online account so if hackers get hold of one virtual key it won’t open other locks.
Topics: blog home, karen lodrick's blog | No Comments »
Bureaucracy Breeds Identity Theft
By karen | February 17, 2009
After I managed to captured the woman who stole my identity, she was set free. A good finger pointing isn’t going to slow down the fastest growing crime 9 years and running. I have read frustrating after frustrating story from victims’ identity theft. Here’s another frustrating story giving example to our cities’ and country’s need for the legal system to start surrounding it self around identity crimes.
Mark Giordano, lives in Fishkill, New York. An identity thief, with Mark’s credit card, rented an apartment in San Francisco, California , signed up for utilities, and ordered pizza.
Giordano knows who the thief is, so you would think this would be an open and shut case, even if the likelihood of doing jail time is minimal. But while the SFPD is actually working on the case they are waiting to hear from Giordano’s local police authority.
Fishkill is so small and has only a part-time force, nothing yet has happened. Unfortunately, that’s typical in these kinds of cases, which are notoriously difficult to track down and prosecute.
Giordano said, “I’ve talked to the FBI, the Federal Trade Commission, Department of Treasury, the Secret Service, my congressman and the San Francisco police.”
So he took matters into his own hands and called the crook on the phone.
“He starts apologizing to me,” Giordano said. “He’s telling me how sorry he is and how he is going to make it right. He’s going to pay the bills.”
A week later Giordano got another bill. The crook had opened a Netflix account in his name.
So a frustrated Mark Giordano contacted the San Francisco Chronicle, explaining how he couldn’t get anyone to do anything about his identity theft issue. In fact, he recalls talking to various authorities who told him “our hands are tied.” Boy, have I heard that one so many times I lost count!
WAY TO GO SF CHRONICLE!! This is why it is so important we keep our papers alive in this country.
Apparently the authorities hands were untied after the story broke in The Chronicle. The next day Giordano got a call saying a SWAT team had broken into the SF Parkmerced apartment, arrested the alleged crooks and discovered some 50 other stolen identities. By arresting one criminal they saved many victims. This is a happy ending!
Story from C.W. Nevius, SF Chronicle Columnist (02/17/09), Identity theft victim traces himself to S.F.
Topics: blog home, karen lodrick's blog | 1 Comment »
« Previous Entries Next Entries »