Copy machines can store your private info

• Tweet

March 17th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Today, copy machines, fax machines and many printers are just like computers; they're smart and they have hard drives or flash drives and can store data that can be extracted. Peripherals in the olden days, just like dot-com-heavy stock portfolios, were dumb.

Because of the increased demand of networked technologies, manufacturers of all these peripherals met the demand and built them so they can be easily accessed by everyone in the office.  These same peripherals are often wireless too. They also have memories, or caches, which allow them to store printing jobs when the copier is busy. This kind of memory has a consequence.

The issue here is that these devices are not always treated with the same security considerations as a computer. After all, PCs are often locked down, access is limited and the data might be encrypted. When someone upgrades to a new PC, the old PC's data is supposed to be removed, reformatted, etc. This procedure is often overlooked on a copier/printer/fax.

Consider what kind of data is copied (and therefore stored) at your doctor's, bank's, mortgage broker's and accountant's offices. There might be personally identifiable information that someone could use to create new accounts or take over existing accounts.

Where do old peripherals go? Many of them head to warehouses to be resold. Others end up on eBay. A quick search on eBay results in 13,314 copiers for sale, 1,874 of them are used . If I can buy an ATM off Craigslist with over 1,000 credit and debit card numbers on it, how much data do you think we can get from used copiers?

All the more reason to protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano Identity Theft Speaker discussing copy machine scams on CBS Boston

New Norton discount saves 15%

• Tweet

March 16th, 2010 - Posted by Kent

Norton has brought back its 15% discount, this time with the coupon code: CNEXTNIS. Just enter that code in at checkout and it brings the price of the award-winning Internet security software down to $59.49 for the year. We think it's well worth the price

To get the full scoop on Norton Internet Security and see how it stacks up against the competition, check out our Internet security software reviews and comparison chart.

Does the Carbonite remote access feature allow me to view any file or email individually from any computer, similar to the GoToMyPC program?

• Tweet

March 16th, 2010 - Posted by Kent

The following is an actual user submitted question:

Q: I am considering buying Carbonite and would like to know if I still need GoToMyPC remote access program if Carbonite allows for remote access? Does the Carbonite remote access feature allow me to view any file or email individually from any computer, similar to the GoToMyPC program?

A: Thank you for the question; it's a good one. Both GoToMyPC and Carbonite are invaluable tools for people who are frequently away from their main computer. Both programs allow you to access files remotely, they just do it in different ways. What you're suggesting would absolutely work; Carbonite backs up your emails (at least with Microsoft Outlook, Outlook express and Windows Mail) and you can use the remote access feature to read them. We just tested it, using a Mac to retrieve backed up email on a PC.

There is something to keep in mind, however. Since Carbonite's remote access is only about file retrieval and not remote control, you'll have to leave your email program up and running when you're away from it if you want access to your latest emails. The advantage of a true remote access program like GoToMyPC is that you can check your mail in real time. The other thing we found with our test is that emails are pretty deeply buried in the Windows file structure, so you have to navigate a little way down into the tree.

Does Vonage require high speed internet to work?

• Tweet

March 12th, 2010 - Posted by Tasha

The following is an actual reader submitted question:

Q.   Do you need to have high speed internet for Vonage to work?  Can you buy high speed internet from Vonage?

A.  Yes, you do need high speed internet in order for Vonage to function.  Vonage uses VoIP (Voice over Internet Protocol) technology which requires a high speed connection for operation.

Vonage works by hooking your existing phone up to the internet for crystal clear calls.  You'll be mailed a Vonage phone adapter as part of your Vonage plan.  The adapter translates sound ((ie, your voice) into data and then sends it over internet.  Once this data arrives at it's location (ie, the number you're calling) that data is converted back into sound.  The call will be so crisp the person you're calling won't notice any difference between a normal land line call and your call.  If you'd like to learn more about VoIP and how it works, check out our VoIP FAQs.

At this time Vonage does not sell high speed internet.  However, high speed internet is easy and fairly inexpensive to obtain.  Contact the telecommunications providers in your area to sign up for the service. You can often find discounted offers, especially if you are a first time customer.

Vonage World is a great deal right now.  If you sign up, the first 6 months of service are only $14.99 per month.  After that, the monthly fee goes up to $25.99 per month, which is still a good price for what you get.  With Vonage World you can make unlimited calls within the US and to 60+ countries.  This is a very pocketbook friendly service if you make numerous long distance and international calls a month, and Vonage World is the highest rated of all the VoIP providers we've reviewed.

Pay-at-the-Pump Skimming Using Bluetooth

• Tweet

March 12th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Skimming data off of debit and credit cards has been happening at ATMs, gas pumps and electronic funds transfer point of sale terminals for quite some time.

When criminals plant skimming devices, they have to physically attach a skimming device that fits over the face of the ATM's card slot. Then they install a small camera that shoots video of the pinpad which allows them to extract user PIN codes. The camera is often housed inside of a brochure holder or little box that may have a mirror glued to its face. The mirror is made to loom like a security feature preventing shoulder surfing.

Once the criminals attach the devices, they have to wait it out for someone to then use the ATM or gas pump before they can remove the device and download the data. It is in the best interest of the criminal to leave the skimmer on the machine for as long as possible to skim as many cards as possible. Because every time the skimmer is removed and replaced it becomes another opportunity for the thief to get caught or for something to go wrong.

In Utah, a group of criminals one-upped other ATM scammers by installing Bluetooth enabled skimming devices that broadcast the skimmed data to a nearby storage devise, probably a laptop. Bluetooth's range can be just a few feet to as much as a city block. So the criminals had to be in a car nearby.

What makes these devices even more sophisticated is that they skim the card data and grab the PIN code via the all-in-one combo skimmer and PIN pad device affixed to the face of the pump.

This entire process allows the criminal to steal data on demand and immediately turn it into cash. Further, it provides the criminal with the freedom to decide whether or not they want to retrieve the skimming device, thereby lessening their chances of being caught.

You can't protect yourself from this kind of skimmer by covering your PIN entry due to the fact that the device is the PIN pad. So if you use a device like this you may be screwed. Ultimately, you must pay close attention to your statements. Also, pay close attention to details, and look for anything that seems out of place. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases it can be as early as a week.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano Identity Theft Speaker discussing Pay-at-the-Pump skimming on Fox News.

Are Webroot and Trend Micro the same? Is it harmful to have them on at the same time? Or is it a waste of money, and am I doing double security?

• Tweet

March 11th, 2010 - Posted by Kent

The following is an actual user-submitted question:

Q: Are Webroot and Trend Micro the same? Is it harmful to have them on at the same time? Or is it a waste of money, and am I doing double security?

A: This is a good question. It reminds me of a scene from a Billy Wilder movie called Ace in the Hole. In it, Kirk Douglas plays a scheming reporter who tells his prospective employer that, "I've done a lot of lying in my time. I've lied to men who wear belts. I've lied to men who wear suspenders. But I'd never be so stupid as to lie to a man who wears both belt and suspenders." His point being that you can't slip one by a man who has redundant methods for keeping his pants up.

Back in the world of Internet security software, Web Root and Trend Micro are actually different Internet security products put out by different companies. You can read our reviews and see a comparison here. You actually should not have two Internet security products of any brand running at once. It's not so much that you're doing damage, but the products may interfere with each other allowing something else to damage to your computer. Instead of doing double security, you might actually be cutting your security down.

Webroot may do something that Trend Micro sees as virus-like activity, or vice versa. Of course, Webroot is not a virus, but its activities could be misinterpreted. At the very least, it's a bit of a resource drain. At worst, it could interfere in detection of an actual virus or firewall intrusion. So choose the one you like best and uninstall the other one.

In Ace in the Hole, it turns out that Douglas actually is lying. So, while Internet security software is neither belt nor suspender, the moral of the story is the same: sometimes being twice protected doesn't help at all.

SugarSync discounts personal plans

• Tweet

March 11th, 2010 - Posted by Kent

We reviewed SugarSync for Business on Monday. Today we're reporting that the online backup service is offering exclusive 15% discounts on its 60GB and 100GB plans. It's a limited time offer; in fact customers have until March 31st. We really liked SugarSync when we reviewed it. It's a fun and feature-rich service that's particularly useful for those with smart phones. It does not, by default, back up as many files as Mozy or Carbonite (users must manually select email and system preferences, and Microsoft Outlook backups are not supported), but it really excels at file-sharing and syncing between computers.

To read our thoughts on SugarSync, check out our review. If you like what you read come back here and click the links below; you must use the links in this blog post to get the discount.

15% off 60GB annual plans ($84.99 per year)

15% off 100GB annual plans ($127.49)

Credit Report Statue of Limitations

• Tweet

March 11th, 2010 - Posted by Tasha

The following is an actual reader submitted question:

Q:  How long does debt stay on your credit report?

A: According to the FTC's Fair Credit Reporting act, most negative credit information will stay on your credit report for 7.5 years (7 years + 180 days) from the date of delinquency.  It can be a bit confusing, but the jist of it is that the 7 year time clock starts 180 days from the first missed payment, which brings the entire period up to 7.5 years.  The exact quote is:

"The 7-year period shall begin, with respect to any delinquent account that is placed for collection (internally or by referral to a third party, whichever is earlier), charged to profit and loss, or subjected to any similar action, upon the expiration of the 180-day period beginning on the date of the commencement of the delinquency which immediately preceded the collection activity, charge to profit and loss, or similar action."

As with most legalese, there are some exceptions to this guideline.  The following items will remain on your credit report for the time period indicated.

1. Bankruptcy information: 10 years from the date of filing.
2. Civil suits, civil judgments, and records of arrest: 7 years or until the statute of limitations runs out.
3. Tax Liens: 7 years from the date they were paid
4. Information reported because of an application for more than $150,000 worth of credit or life insurance has no time limitation.
5. Information reported because of an application for a job with a salary of $75,000 or more has no time limitation.
6. Information reported because of a credit transaction involving a principal amount of $150,000 or more has no time limitation

By law, everyone is entitled to one credit report per year from each of the three credit bureaus, which you can get for free at www.annualcreditreport.com. Although this is a nice service, it only lets you know what your credit history is like at that point in time – it doesn't protect or monitor your credit report on a daily basis. Negative information can appear on your credit report at any time and you will suffer the consequences unless you are notified and can act immediately. Additionally, you can't get your credit score for free. Because of this we recommend subscribing to a credit report monitoring service like our top reviewed Identity Guard.

Vonage World Savings for the Military and International Calls

• Tweet

March 10th, 2010 - Posted by Tasha

We frequently receive user questions about whether their friend/spouse/coworker can make calls to the US using Vonage World.   In a word, the answer is yes.  That means that if you:

1.  Are in the military, deployed overseas OR
2.  Outside of the US, making calls to the US

AND you have a high speed internet connection, Vonage World would be a great money-saving plan for you. If you have a Vonage adapter sent to a US mailing address, and then you ship it whoever will be calling you from overseas, they would be able to call you as if it were a local call. And if you both have Vonage, calls are free (all you need to do is pay for the monthly service). That's right – Vonage to Vonage calls are free.

This is actually a great way to save money because the cost of 2 Vonage World phone plans is much lower than if you were calling internationally without them.  Right now Vonage World is even running a special where the first 6 months are only $14.99/month.

Hacking humans' naiveté

• Tweet

March 10th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Naiveté: A lack of sophistication or worldliness. That sums up a lot of people I know. "There's a sucker born every minute" is a phrase often credited to P.T. Barnum (1810 – 1891), an American showman. It is generally taken to mean that there are (and always will be) a lot of gullible people in the world.

Predator: A predator is an organism that feeds on another organism. That also sums up a lot of people I know. I observe them in person and in the news daily.

There are many ways how, and motivations why, a predator stalks their prey. Often it is just their nature to do so. Control and money top the list of motivations.

In the world of Information Security the "how" is "social engineering".

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying).

Social engineering or "social penetration" techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to be aware of and resist the most common attempts to trick them into letting down their guard.

The Register reports that pentesters, a.k.a ethical hackers, "regularly send client employees emails informing them that the strength of their login passwords is being tested through a new website. They are then instructed to follow a link and enter their credentials. The success rate: as high as 50 per cent."

As the article points out, humans have a tendency to trust one another. It's a survival instinct built on millions of years of evolution. "When one person saw that a group of his peers ate a particular berry and didn't die, he ate the same fruit – and survived as a result." That's trust, and it's exploitable.

This is where we throw around words like "naïve" and "sucker." You don't really need to be naïve, a sucker or stupid to respond to emails like this. Really, you just need to be nice, helpful and trusting.

I found a website called "Hacks4Sale" (a site which Norton Internet Security deems unsafe, so go there at your own peril) which employs similar tactics, but they claim are for different reasons:

A very large portion of our clients are the victims of spousal infidelity, nowadays the primary means people employ to communicate with their lover are e-mails and social networking websites, both of witch we can help you gain access to through our software. Our software solutions enable our clients to retrieve (no physical access to the user's computer is required) the login credentials to accounts at all the major e-mail and social networking providers (Yahoo,Gmail,Hotmail,Myspace,Facebook and many others).

Recognize that the predator uses these tactics to get what they seek. They will stop at nothing and consider you their natural prey.

Always question authority or those who claim authority.

Don't automatically trust or give the benefit of the doubt.

When the phone rings, an email comes in or you are approached, proceed with caution.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.