Attacks on U.S. websites reveal vulnerability

• Tweet

July 8th, 2009 - Posted by Caitlin

The Wall Street Journal points out that the recent attacks on U.S. government and corporate websites reveal the vulnerability of U.S. networks. Security experts believe that although the recent attacks were not particularly damaging, they indicate the potential for hackers to disrupt vital information systems or gather valuable information. These experts are calling for coordinated international efforts to develop a more holistic approach to security. "This tells us the power and danger of these bad actors," said Vincent Weafer, a security expert at Symantec Corp. "Someone is trying to send a message."

To learn more about Internet security software, see our reviews and comparison chart.

New applications help avoid spammers on Twitter

• Tweet

July 8th, 2009 - Posted by Caitlin

If you suspect that your newest Twitter follower is a spammer, you're probably correct. If the Twitterer in question is following hundreds or thousands of people but only has a few followers, it's probably a spammer. If every tweet includes a brief sales pitch and a link, it's probably a spammer. If the account has a cutesy girl's name and a pornographic profile picture, it's probably a spammer.

It isn't particularly difficult to identify a Twitter spammer, but chances are, there are other things you'd rather be doing with your time. Topify is a new application that puts more information in your Twitter notifications, making it quicker and easier to block spammers. And TwitChuck uses a variety of methods to help you avoid, unfollow, block and report spam accounts.

Many Twitterers consider it polite to follow anyone who follows them. But when you follow a spammer, you are encouraging the practice and doing a disservice to all legitimate Twitter users. And when you block a spammer, you are making it easier for Twitter to find and remove the account, and therefore doing a favor to all legitimate Twitter users.

Just like any other spammers, Twitter spammers may be attempting to push a product, or lure victims to a phishing site, or trick them into downloading malware, or they may be building a mailing list that they can sell. They may be a mere annoyance, or they may be dangerous hackers or identity thieves.

So be wary of spam, on Twitter or elsewhere. And be sure to protect your computer from malware and phishing sites with Internet security software.

Social Security numbers can be cracked, creating a greater risk for identity theft

• Tweet

July 7th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

SearchSecurity.com reports that researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages and the publicly available Social Security Administration's Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the northeast and moved westward. This meant that people on the east coast had the lowest numbers and those on the west coast had the highest. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researches had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, "making SSNs akin to 3-digit financial PINs." "Unless mitigating strategies are implemented, the predictability of SSNs exposes them to risks of identify theft on mass scales," the researchers wrote.

While the researchers work is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations and educational institutions. Networks are like candy bars – Social Security numbers can be hacked from outside the hard chocolate shell or from the soft and chewy inside.

The problem stems from that fact that our existing system of identification is seriously outdated and needs to be significantly updated. We rely on nine digits as a single identifier, the key to the kingdom, despite the fact that our Social Security numbers have no physical relationship to who we actually are. We will only begin to solve this problem when we incorporate multiple levels of authentication into our identification process.

The process of true and thorough authentication begins with "identity proofing." Identity proofing is a solution that begins to identify, authenticate and authorize. Consumers, merchants, government don't just need authentication. We need a solution that ties all three of these components together.

Jeff Maynard, President and CEO of Biometric Signature ID, provides a simple answer to a complicated issue in four parts:

Identify – A user must be identified when compared to others in a database. We refer to this as a reference identity. A unique PIN, password or username is created and associated with your credential or profile.

Authenticate – Authentication is different than verification of identity. Authentication is the ability to verify the identity of an individual based specifically on their unique characteristics. This is known as a positive ID and is only possible when using a biometric. A biometric can be either static or dynamic (behavioral). A static biometric is anatomical or physiological, such as a face, a fingerprint or DNA. A dynamic biometric is behavioral, such as a signature gesture, voice, or possibly gait. This explains why, when authentication solutions incorporate multiple factors, at least two of the following identifiers are required: something you have, such as a token or card, something you are, meaning a biometric identifier, and something you know, meaning a pin or password.

Verify – Verification is used when the identity of a person cannot be definitely established. These technologies provide real time assessment of the validity of an asserted identity. When we can't know who the individual is, we get as close as we can in order to verify their asserted identity. PINs, passwords, tokens, cards, IP addresses, behavioral based trend data and credit cards are often used for verification. These usually fall into the realm of something you have or something you know.

Authorize – Once the user has passed the identification test and authenticated their identity, they can make a purchase or have some other action approved. Merchants would love to have a customer's authenticated signature to indicate his or her approval of a credit card charge. This is authorization.

Effective identification results in accountability. It is being achieved in small segments of government and in the corporate world, but not systematically. Unfortunately, we are years away from full authentication.

In the meantime, we must make the data useless to the thief. If a Social Security number can't be used to open a new credit account, we have solved one part of the identity theft problem. This can be done by investing in identity theft protection or setting a credit freeze.

Robert Siciliano, identity theft speaker, discusses identity theft.

[youtube]http://www.youtube.com/watch?v=PIFkQfI-SOg[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Beware of new credit card fees

• Tweet

July 6th, 2009 - Posted by Caitlin

An article in today's Wall Street Journal warns consumers to beware of unexpected credit card fees. In the current economic climate, it's no surprise that banks and credit card companies are looking for any excuse to earn an extra few dollars here and there. A CEO of a bank-card advisory firm is quoted saying, "The fee income is becoming increasingly more important as interest income is falling as a percent of total revenues." Late fees, loan origination, over-the-limit, and overdraft charges are becoming more essential sources of income for the banking industry.

So now, more than ever, it's crucial to read your credit card terms carefully and check your statements. Most fees are avoidable, so long as you're attentive to rules and deadlines and practice fiscal responsibility. And when opening a new checking account or applying for a credit card, take the various fees into account when deciding which one is right for you.

To learn more about credit cards and compare terms and rewards, see our reviews and comparison charts.

Where is the nearest Jenny Craig location?

• Tweet

July 6th, 2009 - Posted by Caitlin

The following post in our Reader Question series is an actual user submitted question. To maintain the integrity of the original question, we do not edit or change reader questions in any way.

Q: Where is the nearest Jenny Craig location to Shelbyville, TN?

A: According to JennyCraig.com, there are two locations near Shelbyville. One is in Franklin, Tennessee, and the other is in Nashville.

When you initially contact Jenny Craig for more information about their diet program, you provide your address and phone number and receive an instant call back from a Jenny Craig consultant at a location near you. Your local Jenny Craig consultant will answer any questions that you have about the service and tell you about program options, special offers, and getting started. You can also schedule a free consultation at your local center.

If you'd like to find the nearest Jenny Craig center or centers before contacting your local consultant, simply click through to the JennyCraig.com and use the search function in the upper right corner to find locations in or near your zip code.

To learn more about Jenny Craig or other diet services, see our reviews and comparison chart.

Three weeks of Nutrisystem meals for free

• Tweet

July 6th, 2009 - Posted by Joe

One of our top rated meal plan diets, Nutrisystem, is offering three free weeks of meals for NextAdvisor.com visitors.

This special three free weeks of food deal doesn't require any coupon or discount code. However, you must select the auto-delivery option when you sign up. You will receive on free week of food with each of your first three monthly meal deliveries.

We recommend Nutrisystem for dieters who are looking for the convenience and support of a meal plan diet without the commitment of weekly meetings and weigh-ins. Nutrisystem offers excellent phone and email support and has a very useful website for members that is full of resources.

You can learn more about Nutrisystem and other meal plan diets by visiting our comparison and reviews of meal plan diets.

New Symantec discount coupon code for Norton Internet security

• Tweet

July 6th, 2009 - Posted by Joe

NextAdvisor.com readers can save 20% on the popular Norton Internet Security suite by using discount coupon code CNEXT20 when purchasing the software online. Simply click on any Norton Internet Security link on NextAdvisor.com and enter the coupon code during the purchase process to take advantage of this exclusive offer.

Norton is one of the most trusted names in Internet security and the product generally performed very well in our testing. Consumers who are looking for a dependable Internet security provider with extensive customer support (Symantec offers free unlimited tech support for the first year) should definitely consider Norton Internet security.

You can learn more by visiting our detailed review of Norton Internet Security.

Getting a fake ID is as easy as 1, 2, 3

• Tweet

July 6th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Do an online search for "fake ids" and you'll be amazed to discover how easy it can be to obtain an ID allowing you to pose as someone else. Or how easy it can be for someone else to obtain an ID that will allow him or her to pose as you. Some websites peddle poor quality cards, others offer excellent quality, and many websites are simply scams.

The fact is, our existing identification systems are insufficiently secure, and our identifying documents are easily copied. Anyone with a computer, scanner and printer can recreate an ID. Outdated systems exasperate the problem by making it too easy to obtain a real ID at the DMV, with either legitimate or falsified information.

Another glitch is the potential for individuals to completely alter their appearances. Men with facial hair can wreak havoc on the current system. This is sometimes done as a prank. In other cases, the individual is attempting to subvert the system to maintain a degree of anonymity. New technologies, such as facial recognition, should eventually resolve some of these problems, but they are still years away from being fully implemented.

In Indianapolis, Indiana, a man was able to obtain six different IDs. He accomplished this by visiting various different registries throughout the state and using borrowed names and stolen information. He obtained job applicant data from a failed body shop business he had owned. He used the false identities to open checking accounts at multiple banks and write fraudulent checks to himself.  He was caught while applying for his seventh ID, thanks to facial recognition software. But it is disturbing to know that he was able to acquire six different identities, all stolen from real people, without detection. It was a bank employee who eventually noticed that he had two different bank accounts under two different names. If the man hadn't been so greedy, he would have gotten away with it.

Identity theft continues to be a major problem, due to failures in our existing identification systems. Until further notice, it will continue to be a major problem. In the meantime, it's up to you to protect yourself. The best defense against new account fraud is identity theft protection.

You can also set your own credit freeze at consumersunion.org. In most cases, it prevents new accounts from being opened in your name. Some of the identity theft protection services reviewed on NextAdvisor.com will do this on your behalf.

Robert Siciliano, identity theft speaker, discusses identity theft.

[youtube]http://www.youtube.com/watch?v=kPg-vyBHgPs[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Consumers, thieves like iPhones

• Tweet

July 2nd, 2009 - Posted by Kent

The iPhone and other smart phones are proving popular with the least coveted of all demographics: pickpockets and muggers. This article from Reuters points out that in New York City, while petty crime is not on the rise, the theft of the smart phone is. The article focuses on new anti-theft technologies that enable users to trace their phones, as well as activate alarms on them, and allow for remote wiping of the phone's data. The latter is particularly important for the prevention of identity theft. While a stolen iPhone is costly and inconvenient, the data that's on it may cost you a whole lot more.

There are other ways to help protect yourself from iPhone theft as well:

1. Ditch those white Apple iPhone earbuds; they're a telltale sign.

2. Make sure you're using a passcode (and wipe your screen down frequently, so no one sees the smudgy evidence of the passcode digits).

3. If you're really concerned about the passcode, you can download Apple's iPhone configuration utility and enable longer alpha numeric passcodes. The more characters you use, the larger the possible key combinations.

4. There's an option in the passcode settings to have the iPhone erase itself if the wrong passcode is entered 10 times. That will help protect your personal data if the iPhone falls into the wrong hands.

If you do lose your iPhone, check out our guide on how to recover from a lost or stolen iPhone. Remember, this is as much about information theft as it is about the loss of your device. You can protect yourself against identity theft by using one of the many options in our identity theft protection service reviews section.

Phishing for fun!

• Tweet

July 2nd, 2009 - Posted by Kent

You've heard of the dangers of phishing (a method that hackers use to gain access to personal info through facsimile websites) but how good are you at spotting it? We've posted a number of pieces on the importance of looking out for "suspicious" urls. Here's your chance to put that knowledge to the test. The Anti-Phishing Phil game was developed at Carnegie Mellon University to educate Internet users on how to spot phishing urls. The game plays right in your web browser, just use your mouse and a few keys to control it. Click here to play.

Being smart about phishing is one way to help prevent computer viruses and personal information theft. Also, check out reviews on Internet security software and identity theft services to see how you can better protect yourself from online fraud.