The federal government fails to encrypt its own data

Posted by Caitlin on July 31st, 2008

Thanks for visiting the NextAdvisor Daily blog. You may want to subscribe to our RSS feed.

The United States Government Accountability Office recently released an information security report which states that at 24 major U.S. agencies, 70% of sensitive information on laptops and mobile devises was unencrypted as of last September. For the purposes of this report, sensitive data includes personal medical records, other personal information, law enforcement data and records essential for homeland security.

According to the report, “While all agencies have initiated efforts to deploy encryption technologies, none had documented comprehensive plans to guide encryption implementation activities. As a result, federal information may remain at increased risk of unauthorized disclosure, loss, and modification.” The report also points out that the Federal Information Security Management Act (FISMA) requires agencies to protect their data, as do other laws. The White House Office of Management and Budget (OMB) has been recommending that agencies encrypt all sensitive data on laptops since 2006. Many agencies have failed to do so, and many agencies have reported missing or stolen laptops.

Representative Bennie Thompson and Representative Zoe Lofgren, both of whom are members of the U.S. House of Representatives Homeland Security Committee, expressed disappointment with U.S. agency encryption efforts when the GAO report was released on Monday. Lofgren, a California Democrat, stated that federal agencies “lag far behind the private sector” when it comes to protecting and encrypting data.

Sensitive data loss can put countless American citizens at risk for identity theft. To learn more about identity theft protection services, view our reviews and comparison. If you are interested in learning about what you can do to protect the data on your own laptop, click here to read about security software.

• California identity theft protection guide: facts, trends and resources
• Texas identity theft protection guide: facts, trends and resources
• Arizona identity theft protection guide: facts, trends and resources
• 25 million identities left unprotected in the UK
• How to steal Colin Powell’s identity

New VoIP E911 law

Posted by Caitlin on July 31st, 2008

Last week, President Bush signed H.R. 3403, the New and Emerging Technologies 911 Improvement Act of 2008. This law ensures that VoIP users will have the same level of access to 911 services as those calling from standard landlines. We described the law in a blog post last month, when the law was passed by Congress. Now that this bill has been signed into law, VoIP subscribers and those considering switching over to a VoIP service should feel at ease, knowing that in the event of an emergency, they will have equal access to 911 service.

To learn more about VoIP services, view our reviews and comparison.

• Apple OKs VoIP over wifi for the iPhone
• Traditional phone service losing ground to VoIP
• New bill will improve VoIP 911 calling
• Mobile VoIP developments run rampant in 2008
• VoIP comes to the iPhone

How to recover from a lost or stolen iPhone

Posted by Joe on July 29th, 2008

Apple’s iPhone, like any smart phone with the capability to store significant amounts of personal information, can put you at risk for identity theft if it is lost or stolen. Fortunately, there are many precautions you can take to ease the pain of a lost iPhone. If your iPhone has already been lost or stolen and you have not taken these proactive measures, your options are more limited, but there are still steps you should take to mitigate the risks and costs of iPhone loss.

What to do BEFORE your iPhone is lost or stolen

Password protect your iPhone. Setting a a password on your iPhone is very simple and adds an immediate layer of security should it be stolen.

From the home screen of your iPhone:

• Click on the Settings button
• Click on General
• Click on Passcode Lock
• You will be prompted to enter and confirm a four digit passcode for your iPhone

Your iPhone passcode is now set and you will be prompted to enter the four digit number any time you attempt to access your phone. This simple step can greatly decrease the chance that a criminal is able to access your personal information on your iPhone if it is lost or stolen. While having a passcode will potentially prevent unauthorized access to information stored on your iPhone, it is still possible to make outbound calls. So, it is important to alert your wireless carrier immediately after you discover that your iPhone is lost or stolen so you are not potentially liable for calls made by someone else.

Write down your iPhone’s IMEI Number. Your iPhone’s IMEI, or International Mobile Equipment Identity, is a fifteen digit number that can be used by wireless carriers to identify your specific device. It is located on the back of your iPhone near the FCC ID and serial number (you may also want to write down your iPhone’s serial number for your records, although this information is not really that useful in helping with recovery). Keep the IMEI number in a safe place so you can easily find it if your iPhone is ever lost or stolen.

Keep your iPhone backed up by frequently synching with iTunes. It is a good idea to always make sure that all of the information on your iPhone is also backed-up on your computer by frequently syncing through iTunes. This will make the process of recovering the data from your lost or stolen iPhone relatively painless. For even more protection you may want to consider using an online backup service to store copies of all of the files on you computer. This way you still be able to restore your files if both your iPhone and computer go missing at the same time.

Guard against identity theft with an identity theft protection service. To an identity thief, a lost or stolen iPhone is a potential goldmine of information. Losing your iPhone could expose your online bank account, online brokerage account, name, address, telephone number, and email address, passwords, e-mails and other personal data to a criminal. If your iPhone does go missing, an identity theft protection service will help prevent and detect identity theft.

Treat your iPhone like its cash equivalent. You wouldn’t leave two crisp hundred dollar bills lying around so don’t be as careless with your $199 iPhone. Treat your phone with the same level of security and care you use when safeguarding your wallet, purse or other important items.

What to do AFTER your iPhone is lost or stolen

Notify your cellphone carrier. You should contact AT&T, the exclusive cell phone carrier for the iPhone, as soon as you realize that your phone has gone missing. AT&T will be able to deactivate the wireless account associated with your iPhone which will prevent criminals from running up big cell phone bills in your name that you could potentially be held liable for.

File a police report. While some police will not be particularly interested or concerned about helping you recover your iPhone, others are surprisingly helpful. We have read online accounts from a police detective that claims to have recovered four out of five stolen iPhones in cases brought to his attention. This is when it is useful to have the IMEI number available.

Notify your contacts. All of the personal information stored on your lost or stolen iPhone is now potentially accessible by anyone, especially if it is not password protected. It is important for all of the contacts stored in your phone to know that their personal contact information is potentially in the hands strangers. It is not uncommon for criminals to perpetrate crimes against those listed in the phone’s contact list by posing as the rightful owner.

Notify your employer. If your iPhone is linked to your company’s network or has confidential business information stored within, you need to notify your employer immediately. It is a good idea to let your supervisor or other company official know as soon as you realize your phone is missing. Make sure to change the password on your work email address immediately if it is linked to your iPhone. This will prevent the phone from being able to download additional email messages.

Change all your online passwords. Your iPhone has a powerful web browser with the ability to store any of your online passwords for easy access to web based accounts. Whoever has your lost or stolen iPhone in their possession can now potentially gain access to your online bank and brokerage accounts, email, PayPal, eBay, Amazon and any social networking websites you belong to. Change those passwords now to prevent your online accounts from being compromised.

You may also be interested in our lost or stolen laptop recovery guide.

• Apple OKs VoIP over wifi for the iPhone
• VoIP comes to the iPhone
• Stolen laptop returned to lucky professor
• Researchers launch free tracking software for lost or stolen laptops
• Our review of Apple’s new movie download service - Stick with NetFlix!

Vonage launches Vonage Pro

Posted by Caitlin on July 28th, 2008

Back in January, we described Vonage’s “MyVonage” product strategy, which included a number of planned next generation enhancements for Vonage subscribers.

Today, Vonage announced the launch of Vonage Pro, which is a new service designed to give Vonage customers access to their home phone while traveling. Vonage Pro will allow customers to access their home phone number from any computer with access to a high speed internet connection. With Vonage Companion, a  next generation SoftPhone client, customers can make and receive calls using their PC’s built-in microphone and speakers or use a headset with a microphone. Incoming calls will ring on the customer’s home phone as well as Vonage Companion. Customers can also use both devices simultaneously, which essentially provides a second phone line. Vonage Companion also offers customer requested features such as selective call block, conference calling, personalized ringtones and call recording.

This type of remote access VoIP service is the first of its kind from any VoIP provider. Vonage Pro comes with Vonage’s Residential Premium Unlimited Plan, and will be available to new customers for a plan fee of $34.99 per month, plus taxes and fees. As part of an initial promotion, the first month is free. Existing customers who are already on the Residential Premium Unlimited Plan can add Vonage Pro for an additional $10 per month, and the first month is also free for these customers.

To read more about Vonage and other VoIP services, see our comparison and reviews. We recommend that consumers interested in learning more about Vonage Pro call their toll-free number specifically for NextAdvisor.com readers: (800) 560-4243.

• T-Mobile launches discount VoIP service with a few big downsides
• Reader Question: Is Vonage Going Out Of Business?
• Vonage starts 2008 with a clear legal slate
• Court decision will keep Vonage subscriber fees low
• Vonage makes customer support a top priority

Facebook exposes personal information of up to 80 million members

Posted by Joe on July 28th, 2008

We have warned previously of the potential identity theft risks that exist for Facebook users. One issue that we didn’t specifically address was the risk that the popular social network would inadvertently expose personal information of its users through a technical glitch. Unfortunately, that is exactly what happened earlier this month when many of Facebook’s 80 million users had their full birth dates exposed on their profile pages.

Graham Cluley, a security expert with Sophos, was one of the first to uncover the breach of date of birth information and alerted Facebook immediately. The problem was fixed shortly thereafter.

The main issue in this case is that many of the impacted Facebook users had proactively set their date of birth to be non-visible to other Facebook users. This is a precaution we recommend in our Facebook identity theft protection guide.

Cluley recommended that, in addition to keeping date of birth hidden in the future, Facebook users take additional steps to protect this sensitive information in the future.

“My advice to Facebook users would be, even if your date of birth
is set to be non-visible, change it to a made-up date in case this kind
of blunder happens again. Facebook and other social networking websites
need to be more careful about protecting their members’ data, or risk
losing users.”

Learn more on how to protect yourself on Facebook by visiting our Facebook identity theft protection guide.

• Facebook phishing scams increase risk of identity theft on the popular social network
• Facebook moves to protect users in partnership with 49 states
• Fake Facebook profile page victim awarded $43,000 in damages
• Facebook security flaw exposes personal information
• Your new Facebook friend just stole your identity

ID Watchdog launches dedicated 24/7 toll free hotline for NextAdvisor.com visitors

Posted by Joe on July 25th, 2008

ID Watchdog, a recent addition to our comparison of identity theft protection companies, has launched a dedicated toll free number for NextAdvisor.com readers. This means anytime access to ID Watchdog representatives who are ready to answer questions or process new subscriptions 24 hours per day and seven days per week. NextAdvisor.com readers can access this new information line by calling (800) 233-1845.

We believe that ID watchdog has the best identity theft recovery guarantee that we have seen in the industry. The guarantee covers every conceivable form of identity theft including financial, social security, medical and more. If an ID Watchdog subscriber is the unfortunate victim of identity theft, the company won’t stop until the identity has been completely restored. The only thing that ID Watchdog’s guarantee doesn’t cover is out of pocket costs and restitution of stolen funds (although no other service identity theft protection guarantee we have seen covers these items either).

You can read our full review of ID Watchdog and other identity theft protection services by visiting our identity theft protection service comparison.

• ID Watchdog identity theft protection service review
• Identity Truth launches toll free number for NextAdvisor.com readers
• Identity Truth launches exclusive 30 day free trial; Earns 5 star rating
• LifeLock’s $1 Million Guarantee - Separating Fact From Fiction
• Identity Theft Shield from Kroll and Pre-Paid Legal Review

Online banks may have major security flaws

Posted by Joe on July 25th, 2008

A new report published by University of Michigan researchers found that 75% of online banking sites reviewed included serious security flaws that could put users at risk. Researchers found that of the 214 banking websites evaluated:

47% placed secure login boxes on insecure pages.

55% put contact information and security advice on insecure pages.

Some banks use social security numbers or e-mail addresses as user IDs.

28% don’t state a policy on passwords, or allow weak passwords.

31% e-mail passwords or statements to customers.

30% redirect customers to a site outside of the bank’s domain for certain
transactions without warning.

Some experts in the information security field are challenging the findings of the report as the research was conducted in 2006 and not published until 2008. The nearly two year gap means that many of these issues have likely been addressed in the meantime. There is also some debate about the quality of the research methodology used.

That being said, it is always a good idea to be aware of exactly how the sensitive data that you share over the Internet is being protected. Its a good idea to review the privacy policy and terms and conditions of any website where you are submitting sensitive personal information so that you understand how that information will be used and protected.

Internet security software can help web surfers identify and block suspicious websites. Additionally, these software programs can prevent spam, virus and phishing attacks. Read our guide to Internet security software providers to learn more.

• Researchers launch free tracking software for lost or stolen laptops
• Identity Guard adds 30 day free trial and free ZoneAlarm software
• Data Breach Alert: Hundreds of thousands of computers infected by Russian hackers
• How to recover from a lost or stolen iPhone
• Shop safely this holiday season

iPhone applications from VoIP providers

Posted by Caitlin on July 24th, 2008

Back in March, we blogged about Apple’s announcement that they would allow third-party software developers to create applications that would enable iPhone owners to use the phone’s wifi connection to make VoIP calls. Recently, Apple began offering these types of third-party applications through their online App Store. VoIP applications for the iPhone allow users to avoid the high cost of international phone calls. A few of the VoIP applications released so far include Packet8’s MobileTalk for iPhone, which uses the cellular voice network instead of wifi, and Truphone Anywhere. JAHJAH’s iPhone application and iCall are not available just yet, but should be released within a month or so.

If you are interested in learning more about VoIP services, view our reviews and comparison.

• Apple OKs VoIP over wifi for the iPhone
• VoIP comes to the iPhone
• New bill will improve VoIP 911 calling
• Traditional phone service losing ground to VoIP
• 2008 VoIP trend alert - VoIP services let consumers keep traditional phone service too

Identity Truth phone representatives now available on Saturdays

Posted by Joe on July 23rd, 2008

Identity Truth launched a special toll free number for NextAdvisor.com visitors back in late May. At the time, the Identity Truth representatives were only available to take calls from our readers Monday through Friday. As of last week they are now accepting calls on Saturdays as well.

Consumers that have questions about Identity Truth’s unique technology centric approach to identity theft protection, or any other aspect of the service, can now call (866) 736-0165 Monday through Saturday between 8am and 6pm EST to receive an immediate answer. Calls made during off hours or on Sundays will be answered the next business day.

Read our full review of Identity Truth to learn more about their service.

• Identity Truth launches exclusive 30 day free trial; Earns 5 star rating
• Identity Truth launches toll free number for NextAdvisor.com readers
• NextAdvisor reviews Identity Truth
• Vonage makes customer support a top priority
• 3 tips for VoIP 911 calls

Mozy 10% discount promotion code for July 2008

Posted by Joe on July 23rd, 2008

While we realize July is quickly coming to end, there is still time for NextAdvisor.com visitors to save 10% on Mozy’s one or two year memberships.  Mozy is one of our top rated online backup services and offers low prices, a simple to use interface and unlimited storage.

To save 10% on Mozy, simply click on this link and enter the promo code JUNE when prompted during the check out process.

To learn more about Mozy or other online backup services, please visit our online backup service reviews and comparison.

• Mozy discount promo code for April 2008
• Mozy 10% discount promotional from July 2008
• Mozy online backup discount promo codes for March 2008
• Mozy offers 25% discount in response to Upline’s downtime
• Mozy promotional discount code for April 2008