Federal Trade Commission shuts down the Internet’s largest spam ring

Posted by Caitlin on October 15th, 2008

Thanks for visiting the NextAdvisor Daily blog. You may want to subscribe to our RSS feed.

On Tuesday, a federal court in Chicago froze the assets of a spam network known to authorities as HerbalKing and ordered the group to shut down. According to SpamHous, a nonprofit anti-spam research group, at one point HerbalKing was responsible for about one third of all spam on the Internet. The HerbalKing network used a global network of computers infected with malicious software to send billions of messages a day, mainly promoting various pharmaceuticals. Officials and investigators say this international spam operation may be the largest they have ever encountered. F.T.C. commissioner Jon Leibowitz hopes that “at some level this will help make a small dent in the amount of spam coming into consumers’ in-boxes,” but Graham Cluley, a senior technology consultant at spam-fighting security firm Sophos, stated that “it wouldn’t be a surprise if people don’t notice any difference in their in-box.”

If you are interested in reducing the amount of spam in your in-box, many Internet security software programs offer spam blockers. To learn more about Internet security software, see our reviews and comparison.

• None Found

Firefox stores your passwords without encryption

Posted by Caitlin on September 22nd, 2008

If you are currently using Firefox, your passwords and usernames may be easily visible to anyone with access to your computer. In Firefox, select Tools > Options > Security > Saved Passwords > Show Passwords to see all your passwords alongside usernames and web addresses. Firefox stores your passwords under the default setting. To protect your passwords from prying eyes, click Remove All in the Show Passwords window, then go back to the Security tab and de-select “Remember passwords for sites.”

If you do want to store your passwords, you can create a master password from within the Security tab. You will need to enter your master password once per session, and it will protect your saved passwords. If you’re interested in other options for protecting stored passwords, Lifehacker readers recently voted on their favorite password managers.

If you are concerned about protecting your privacy on the Internet, take a look at our reviews and comparisons of identity theft protection services and Internet security software.

• Data Breach Alert: Hundreds of financial records exposed in Michigan
• Shop safely this holiday season
• How to recover from a lost or stolen iPhone
• Data Breach Alert: Utah hospital loses thousands of patient records
• Reports say passport snooping is part of training program

Sarah Palin’s email was easy to hack. Is yours?

Posted by Caitlin on September 18th, 2008

Earlier this week, a hacker infiltrated Republican vice-presidential nominee Sarah Palin’s Yahoo email account and posted screenshots online. According to Wired, gaining access to Palin’s email was a relatively simple process. All the hacker needed was some basic, easily obtainable personal information to reset Palin’s password. Since Palin is a public figure, the hacker was able to find her personal information using Wikipedia. You might not have your own Wikipedia page, but if you have a Facebook or MySpace profile, your email might be just as easy to hack. Today, Lifehacker posted some tips on how to protect your email from hackers by creating more secure passwords and password questions.

If you are concerned about protecting your online privacy, see our reviews and comparison of Internet security software.

• None Found

Symantec promises “zero impact performance” from Norton Internet Security 2009

Posted by Caitlin on September 2nd, 2008

Symantec recently released a “pre-release beta” version of Norton Internet Security 2009, which is the latest in a series of updates to their market leading Internet security software. After working hard to make Norton 360 and Norton Internet Security 2008 less resouce intensive than older Symantec Internet security software, the company claims that the newest release will provide “zero impact performance.” According to iTWire, Symantec lives up to its promise that Norton Internet Security 2009 can indeed run consistently in the background without slowing down even older computers. Installation takes only 30 seconds and live updates are faster and more frequent. Norton Internet Security 2009 promises a memory usage of only 6 mb while scanning for viruses. Symantec has also added a range of new features.

Look for an updated NextAdvisor review when the final release version is avalailable in stores. In the meantime, for more information on Norton and other Internet security software services, see our reviews and comparison.

• Type carefully when looking for a free credit report

Smart phones are the newest target for hackers

Posted by Caitlin on August 12th, 2008

According to a recent article from the Wall Street Journal, smart phones are the latest online security risk. BlackBerrys, iPhones and other personal devices that connect to the Internet are rarely protected by firewalls or security software. Not only can hackers use spyware to read your emails and text messages, they can also track your device’s location. So far, there have only been a handful of reported mobile attacks, and the reported attacks tend to consist of spam or stolen contact information. Chris Hoff, chief security architect for security software provider Unisys Corp. says that while hacked smart phones have only been a nuisance at this point, “it will definitely escalate.” Experts predict that soon, going online without installing anti-virus software on your smart phone will be just as unheard of as failing to use any security software for your computer.

FlexiSPY is a program marketed toward husbands and wives who suspect their spouse of cheating. It allows the user to track the location of the phone and read text messages, emails and call logs. The information is uploaded to a server and the person who installed the software can peruse that stolen data from his or her personal computer. This software could easily be used to steal confidential company information.

Some smart phone applications include hidden software that creates vulnerabilities to keystroke capturing programs. BlackBerrys that do not use the BlackBerry Enterprise Server software are particularly vulnerable to spyware. According to Dan Hoffman, chief technology officer of security-software maker SMobile Systems Inc., the iPhone is also susceptible to hackers, since the password protection is not difficult to circumvent and the iPhone does not encrypt data. “White Hats,” a group of ethical hackers who attempt to raise awareness of potential security vulnerabilities, were able to successfully deliver malicious software to an iPhone.

Many companies are currently developing encryption software and new spyware and virus protection designed specifically for smart phones. While smart phone vulnerabilities do not typically lead to identity theft or other types of fraud at this point, it is still important to be informed of upcoming trends in security threats. When using your smart phone and especially when downloading applications, keep in mind that your phone is far less secure than a computer.

To learn more about Internet security software, see our reviews and comparison.

• Shop safely this holiday season
• New legislation gives all VoIP subscribers access to standard 911 services
• Skimp on your phone service says Redbook editor
• Facebook poll shows college students don’t know VoIP
• How to recover from a lost or stolen iPhone

Data Breach Alert: Hundreds of thousands of computers infected by Russian hackers

Posted by Joe on August 6th, 2008

A group of hackers, likely based in Russia, may have infected as many as 378,000 PCs over a 16 month period with a software program, called Coreflood, that could extract significant amounts of personal information from the computer owner. The attack was targeted against large corporations and government agencies.

Most corporate or government networks are maintained by a small group of administrators, often just a single person. These administrators use certain tools to interact with dozens or even thousands of computers at once. In this case, hackers were able to leverage these same tools to distribute a malicious software, or malware, program. This malware is able to record keystrokes which, in turn, exposes untold types of personal information, such as passwords, bank account details, social security numbers, email accounts and more, to the criminals involved.

These types of administrative attacks are nothing new according to Joe Stewart, the security expert that discovered the attacks and reported them to the FBI. Stewart told the New York Times that he had been able to track the perpetrators to the Ukraine by way of a data center located in Wisconsin. The hackers had used the midwest data center to control as many as 100,000 computers at the time Stewart discovered the operation.

Unfortunately, hundreds of thousands of individuals who likely believed that their personal information was secure on a business computer have been victimized. This case shows how important it is for each individual computer user to take control of their PC’s security, even if it is a company owned computer. To learn more, read our guide to Internet security software programs that can help prevent malicious attacks from viruses, spyware, phishers and email spammers.

• Identity Theft Restitution Act adds harsher federal penalties for identity thieves and hackers
• Identity Guard adds 30 day free trial and free ZoneAlarm software
• Data Breach Alert: 60,000 impacted in Ohio data breach
• Mozy and Carbonite receive high marks in security
• Data Breach Alert: Tens of thousands impacted in Antioch College data breach

Identity Theft Restitution Act adds harsher federal penalties for identity thieves and hackers

Posted by Joe on August 4th, 2008

A bill which would enable harsher penalties for many forms of identity theft as well as give the federal government more jurisdiction in such cases is one step closer to being signed into law. The Identity Theft Restitution Act was amended to H.R. 5938 by the Senate last week and will return to the House of Representatives in its new form for a vote. If passed and signed into law, H.R. 5938 would:

• Give identity theft victims the ability to seek restitution from identity thieves for the time and money expended to restore their credit and remedy other negative impacts of identity theft.
• Give business who are impersonated by criminals the same protection as individuals under federal identity theft laws.
• Allow for federal prosecution of any crimes which involve stealing information from any computer regardless of location. Currently only interstate crimes where the criminal’s computer is physically located in a different state then the victim’s computer can fall under federal jurisdiction.
• Make it a felony to use spyware or keyloggers to damage ten or more computers regardless of the actual financial damages. Current laws have minimum financial damage qualifiers so that an identity thief that attempts to steal large volumes of personal information from multiple computers but is unsuccessful may simply get off with little or no sentence.
• Give the federal government jurisdiction over any theft of information from a computer regardless of which state the perpetrator and victim reside in. Current laws only allow for federal persecution if information is stolen from a computer that is located across state lines.
• Make it a felony to threaten to release or steal information from a computer. Current laws are only applicable if a criminal explicitly threatens to damage a computer or otherwise render it inoperable.
• Force the United States Sentencing Commission to re-evaluate and update its guidelines for identity theft and cyber crimes.

We believe that the Identity Theft Restitution Act is a strong stand against identity theft and cyber crimes which include the theft of information stored on personal and corporate computers. We will continue to monitoring the progress of this legislation and keep our readers up-to-date on its progress.

While these types of laws would enable harsher penalties for identity thieves and hackers, it is important to remember that they do little to actual prevent criminals in the first place. It is a good idea to protect your personal information both online and offline to prevent being victimized. To learn about services that will protect your identity read our guide to identity theft protection services. To learn more about software that will keep personal information on your PC safe, read our guide to Internet security software.

Please share this post:
These icons link to social bookmarking sites where readers can share and discover new web pages.
• 
• 
• 
• 
• 
• 
• California identity theft protection guide: facts, trends and resources
• Arizona identity theft protection guide: facts, trends and resources
• Texas identity theft protection guide: facts, trends and resources
• Data Breach Alert: Hundreds of thousands of computers infected by Russian hackers
• Is your state putting your identity at risk?
Identity Theft Protection, Internet Security Software
No Comments »

The federal government fails to encrypt its own data

Posted by Caitlin on July 31st, 2008

The United States Government Accountability Office recently released an information security report which states that at 24 major U.S. agencies, 70% of sensitive information on laptops and mobile devises was unencrypted as of last September. For the purposes of this report, sensitive data includes personal medical records, other personal information, law enforcement data and records essential for homeland security.

According to the report, “While all agencies have initiated efforts to deploy encryption technologies, none had documented comprehensive plans to guide encryption implementation activities. As a result, federal information may remain at increased risk of unauthorized disclosure, loss, and modification.” The report also points out that the Federal Information Security Management Act (FISMA) requires agencies to protect their data, as do other laws. The White House Office of Management and Budget (OMB) has been recommending that agencies encrypt all sensitive data on laptops since 2006. Many agencies have failed to do so, and many agencies have reported missing or stolen laptops.

Representative Bennie Thompson and Representative Zoe Lofgren, both of whom are members of the U.S. House of Representatives Homeland Security Committee, expressed disappointment with U.S. agency encryption efforts when the GAO report was released on Monday. Lofgren, a California Democrat, stated that federal agencies “lag far behind the private sector” when it comes to protecting and encrypting data.

Sensitive data loss can put countless American citizens at risk for identity theft. To learn more about identity theft protection services, view our reviews and comparison. If you are interested in learning about what you can do to protect the data on your own laptop, click here to read about security software.

• California identity theft protection guide: facts, trends and resources
• Texas identity theft protection guide: facts, trends and resources
• Arizona identity theft protection guide: facts, trends and resources
• 25 million identities left unprotected in the UK
• How to steal Colin Powell’s identity

Online banks may have major security flaws

Posted by Joe on July 25th, 2008

A new report published by University of Michigan researchers found that 75% of online banking sites reviewed included serious security flaws that could put users at risk. Researchers found that of the 214 banking websites evaluated:

47% placed secure login boxes on insecure pages.

55% put contact information and security advice on insecure pages.

Some banks use social security numbers or e-mail addresses as user IDs.

28% don’t state a policy on passwords, or allow weak passwords.

31% e-mail passwords or statements to customers.

30% redirect customers to a site outside of the bank’s domain for certain
transactions without warning.

Some experts in the information security field are challenging the findings of the report as the research was conducted in 2006 and not published until 2008. The nearly two year gap means that many of these issues have likely been addressed in the meantime. There is also some debate about the quality of the research methodology used.

That being said, it is always a good idea to be aware of exactly how the sensitive data that you share over the Internet is being protected. Its a good idea to review the privacy policy and terms and conditions of any website where you are submitting sensitive personal information so that you understand how that information will be used and protected.

Internet security software can help web surfers identify and block suspicious websites. Additionally, these software programs can prevent spam, virus and phishing attacks. Read our guide to Internet security software providers to learn more.

• Researchers launch free tracking software for lost or stolen laptops
• Identity Guard adds 30 day free trial and free ZoneAlarm software
• Data Breach Alert: Hundreds of thousands of computers infected by Russian hackers
• How to recover from a lost or stolen iPhone
• Shop safely this holiday season

Is online data storage the secret to eliminating many data breaches?

Posted by Joe on May 6th, 2008

We cover many different types of service providers at NextAdvisor which gives us a unique insight into how some of them may intersect to provide even more consumer value than an individual service may provide as a standalone product. One such trend may be the use of online file storage to help prevent the impact of data breaches and identity theft.

There is an alarming trend in the data breaches of personal information that we cover. A significant portion of these data breaches are caused by the loss of some sort of computer storage device, whether it is a USB drive or a laptop hard drive.

We have previously written about the many benefits of online file storage for backing up important files on your computer. We are now starting to wonder whether or not online file storage could be a major step that consumers and corporations could take to prevent the impact of data breaches involving the loss of laptops or other offline file storage devices.

The primary function of online backup services such as Mozy or Carbonite is to securely store a copy of important files you also store on your computer. However, these services also provide direct access over the Internet to files that are stored secure on these services. It would be possible for an individual to store all of their sensitive files, such as those that contain personally identifiable information, remotely and only access files from the Internet as they need them.

This would likely prevent many of the issues associated with losing a laptop or a portable file storage device because it would eliminate the need to store large amounts of personal data or financial data locally on your hard drive or storage device.

There are some logistical issues, such as the fact that you would need to be connected to the Internet in order to access files. However, it seems like there may be something to this given advances in online storage technology coupled with the increasing risks of identity theft.

Have any thoughts on the use of online file storage to help prevent identity theft? Let us know in the comments below.

• Wake up and backup!
• NextAdvisor launches new detailed online backup service FAQs
• 5 reasons why online backup services are superior to offline home storage solutions
• NextAdvisor reviews new online backup service ElephantDrive
• Users report bugs on Apple’s backup solution