Welcome!

Blog Feed Post

Cyber Security 2014: An Oxymoron

Cyber Security 2014

If we learned anything this past year, it’s that information we store online is exceptionally vulnerable. Our metadata (the data that describes who we are and what we do) is in the hands of people who are about as successful at protecting it as 1850′s bankers were at protecting money in the Old West. Sure, the metal safe looked strong and secure, but a motived bank robber with a stick of dynamite had all the tools required. In just the past few weeks hackers have had their way with Target Stores, Snapchat and thousands of other “targets of opportunity” that you will never hear about.

How do they do it? Every way you can imagine (and a bunch of ways you can’t).

We can start with the government. It’s not strictly hacking; it’s more like manhandling, but… by now it should be abundantly clear that the NSA has access to everything that it wants to have access to. Everything on your iPhone, your Wi-Fi signal, laptops you bought online, your private cell phone conversations, your email address books… the list goes on and on and on. At this point, anything the NSA wants to know about you, it will know about you.

I’m not making a political statement, nor am I suggesting that there is anything right or wrong with the government having access to virtually everything it wants to have access to. That said, there are all kinds of additional security issues caused by systems that allow certain information to be tracked by some systems, but not by others. To say nothing of the psychological issues caused by the knowledge that when you are connected, your electronic trail is available. And, for all practical purposes, cannot ever be erased.

Add to this, malicious hackers who are interested in profiting from the sale of your information, interested in making a name for themselves or simply trying to make a point about something. There’s nothing anyone can do about this group of hackers or these types of hacks. They are a fact of life in the Information Age. However, there are a few things you can do to protect yourself in 2014.

Target’s Black Friday Breach

Over 40 million credit cards were compromised after a massive attack on Target during the weeks leading up to Christmas. There’s nothing much Target can do to help you at this point. Sure, its CEO is offering free credit monitoring, the company is on the hook for $3.6 billion in fines and banks are capping cash withdrawals after it was announced that yes, the breach compromised PIN numbers, too, even though Target initially said they were safe – they’re not safe and you’re on your own.

If you shopped at Target between the middle of November and the middle of December, there’s a good chance your card is compromised. If your bank hasn’t canceled your card already, strongly consider calling up your credit card company and canceling it yourself. Here’s a helpful guide as to what to do if your credit card is stolen. Basically: cancel your card, monitor your statements, create a fraud alert, and move on.

Target’s breach was both better and worse than most other hacks we saw in 2013. It was worse because its repercussions could be of a greater impact than having your Yahoo password stolen, for instance. Having someone gain access to your credit card info could max out your credit cards and destroy your credit score. But it’s better because every financial institution is aware of the breach, and most credit cards have fraud protection, ensuring you won’t be stuck paying for anything you didn’t actually buy.

Target’s breach was also an example of just how helpless we are. All you did was buy Christmas presents, or maybe just some groceries, and suddenly your life became far more complicated and annoying. And, this is just the beginning – expect this kind of thing to happen on a regular basis – truly, nothing can stop it.

Snapchat’s Phone Number Leak

It’s already known that even though Snapchat is designed to make it seem like your snaps (the photos you send your friends and family) disappear once you open them, anyone can actually save them without you even knowing. Forget a “Screenshot!” alert; you can sneak in through the back door of Snapchat and save anything and everything you receive. While it’s not a hack organized crime would bother with, it’s worth repeating that snaps and every other picture you ever take with a digital camera enter the body of knowledge of mankind and will be seen by everyone in the world. So, “Carlos Danger,” never take a picture of something you don’t want the world to see.

Back to bigger hacks. This past August, Gibson Security published a report that said the coding in Snapchat made it possible for anyone to find out a bunch of information about any account, including your username and phone number. Gibson published a new report about the same thing in December, which Snapchat addressed by saying that it wasn’t an issue. Well, it turns out that Snapchat was wrong and that it was, in fact, an issue. A website called snapchatDB posted SQL/CSV files that contain the username and associated phone number for a “vast majority” of the service’s users – over 4.6 million users, to be precise.

There’s not a lot of text-based private information on Snapchat – you don’t need to fill in too many fields to start texting selfies to your friends. But Snapchat’s user base is mostly teens and tweens, and Kevin Poulsen of Wired Magazine points out the biggest fallout from this leak: possible stalking. How’s that for your first tech life lesson? Don’t have fun with your friends or you might be harassed because bad men want to ruin your day!

What Can We Do?

The most important thing we can do is to remain vigilant. Keep track of everything, and if anything seems suspicious, act on it. Start getting a bunch of weird emails? Can’t log in to an account you should be able to? See some weird pending charges on your credit card statement? Take action!!! YOU are the best defense against the mean, awful, angry world of hacking.

If you suspect your accounts are compromised, change your passwords. Make them as secure as can be. Spending a few extra seconds typing in a password every once in a while is worth it to make your account more difficult to crack. Use the guidelines I laid out. It might seem like a hassle, but keeping unique passwords for every site you use (I know, you probably have accounts for dozens if not hundreds of sites) will keep all your other accounts secure. But it’s (arguably) better than the alternative: having one hacked site force you to change dozens of passwords at once.

If your credit card statement looks funky, call your bank immediately. Dispute any charges, then cancel your card. People can get your credit card information any number of ways; banks (usually) won’t hold that against you. Be proactive, rather than reactive, and make sure you’re protected.

Lastly, and most importantly, keep all of your credit card numbers and the associated contact information for canceling your cards in a place where you can quickly, securely get to them. Using a password wallet or other specialized software will make it much easier to go through the process. “Best practices” says to keep copies of this data in several different places (including on paper) and stored as safely as you store your household cash or jewelry. The goal is to be able to quickly contact every credit provider. That’s all you can do. The hacks we’re seeing now are being done by professionals who simply want to sell your information and defraud the financial institutions you patronize — they don’t care about you personally — it’s strictly business.

Read the original blog entry...

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

Latest Stories
SYS-CON Events announced today that Technologic Systems Inc., an embedded systems solutions company, will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Technologic Systems is an embedded systems company with headquarters in Fountain Hills, Arizona. They have been in business for 32 years, helping more than 8,000 OEM customers and building over a hundred COTS products that have never been discontinued. Technologic Systems’ pr...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
SYS-CON Events announced today that Auditwerx will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Auditwerx specializes in SOC 1, SOC 2, and SOC 3 attestation services throughout the U.S. and Canada. As a division of Carr, Riggs & Ingram (CRI), one of the top 20 largest CPA firms nationally, you can expect the resources, skills, and experience of a much larger firm combined with the accessibility and atten...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
MongoDB Atlas leverages VPC peering for AWS, a service that allows multiple VPC networks to interact. This includes VPCs that belong to other AWS account holders. By performing cross account VPC peering, users ensure networks that host and communicate their data are secure. In his session at 20th Cloud Expo, Jay Gordon, a Developer Advocate at MongoDB, will explain how to properly architect your VPC using existing AWS tools and then peer with your MongoDB Atlas cluster. He'll discuss the secur...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buyers...
Imagine having the ability to leverage all of your current technology and to be able to compose it into one resource pool. Now imagine, as your business grows, not having to deploy a complete new appliance to scale your infrastructure. Also imagine a true multi-cloud capability that allows live migration without any modification between cloud environments regardless of whether that cloud is your private cloud or your public AWS, Azure or Google instance. Now think of a world that is not locked i...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, will present a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to m...
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...