The introduction, in the US Senate, of the Cybersecurity Act of 2012 (S 3414), takes the place of Lieberman-Collins Cybersecurity Act (S 2150). It calls for a National Cybersecurity Council, which would be chaired by the Secretary of Homeland Security.
If enacted, crucial privacy concerns would be addressed, with the council working with the operators and owners of critical infrastructures, to minimize cybersecurity risks.
Cybersecurity practices have been under fire, while the ACLU and private individuals have been questioning the role the Federal government would play, as presented in the previous bill, which included mandatory following of agency-enforced standards. In the new bill, these would be optional.
The “toned-down” language of the new bill may help it pass, as support for the initial bill had been fading, especially among Republicans. It’s still not a done deal.
Within the language of the bill, government agency programs for certification remains an area of concern, with how much power the council ultimately has being in question. Questions arise, with the possible regulating of a critical infrastructure sector by a federal agency.
With regard to self-certification, will enforcement be “loose,” as has been suggested by a PDF summary of the bill? Just how much power federal officials will have, remains to be seen.
blog sponsored by The Privacy Council
As stories of Apple’s in-app security issues continue, due to the hacking and resulting YouTube videos from Russian developer Alexey V. Borodin, questions regarding the adequacy of current transport layering and their cryptographic protocols seem in order. If high-tech entities are unable to stop supposedly secure information from being compromised, how can individuals assume their personally identifiable information (PII) is secure? Of course, it appears not to be.
The Secure Sockets Layer (SSL), originated by Netscape, affords users a cryptographic protocol when communicating on the web. Additionally, there’s Transport Layer Security (TLS) and Transport Layer Protection (TLP). Borodin appears to have infiltrated in-place layers of security and manipulated digital certificates, in order to avoid paying for in-app purchases. He then produced criminally instructional videos, which he offered on YouTube, showing others how he did it. Even after the blocking of his IP address, by Apple, and the successful removal of his initial video on YouTube, Borodin has continued his operation, utilizing an international server, somewhere outside of Russia.
An immediate need for an upgrading of website security seems obvious.
What implications are there for individuals?
Note: Beyond your password, hackers seeking to steal an identity, look for date of birth, available addresses and phone numbers, all of which are readily accessible on the web. It is recommended that passwords be changed on a regular basis. Protect other personally identifiable information, by not openly sharing it on the global expressway of information.
blog sponsored by The Privacy Council
One of the consequences of these thefts is the effect it has on free-app developers. Free-to-play apps require funding. Along with advertising, the free-app developers depend heavily on revenue produced by in-app purchasing.
Having someone like Borodin presenting iOS users criminally instructional YouTube videos, explaining how to “get around having to pay” for items, by installing a pair of security certificates and altering DNS settings, not only steals from Apple and its developers- it hinders the ability of free-app developers to offer no-cost apps.
Apple was able to have Borodin’s initial YouTube video removed, but another popped up. They blocked his IP address, making it more difficult for him to access their servers, but he is now reportedly utilizing an international server, located outside of Russia.
As Alexey Borodin continues to steal from Apple and their developers, how safe are other “secure” websites? Can Borodin’s methods be employed to intercept other traffic? Are bank accounts secure? In the wake of this ongoing threat, are any authorization and transaction procedures truly secure?
Blog sponsored by The Privacy Council
With yesterday’s announcement, by Yahoo, of 453,492 accounts being hacked, security breaching is in the news again. Yahoo Contributor Network usernames and passwords from AOL, Gmail, Bell South, Hotmail, MSN, Comcast, SBC Global and Yahoo accounts, were posted online by a hacker group, identifying themselves as D33D. The group blames this breach on a “lack of security.”
The freelance writer accounts compromised, were acknowledged by Yahoo, as well as other news agencies. An old Yahoo file is being blamed, as the D33D group claims to have utilized a “union-based SQL technique,” to tap into log-ins and user accounts.
You can check to see if you’re name or account is on the list, by going to Dazzlepod. If you find your name or account listed, change your password immediately.
Even if your name is not on any of these lists, it’s a good idea to periodically change your passwords, using a high degree of security (a combination of capital and lower-cased letters, numbers and symbols).
Blog sponsored by The Privacy Council
You may have recently heard about the FBI potentially shutting down your Internet access if your computer is infected with a certain virus. The news about what is called the Alureon Virus or the DNS Changer Bot Virus has been widespread but somewhat hard to understand. The virus basically changes the online Identity or IP address of your computer. It was created by a group in Estonia who were using it to redirect people to rogue websites to earn advertising dollars and steal your personal information. The FBI estimates roughly 250,000 computers still have the virus, which is down significantly from a peak of around 5,000,000 computers. They plan to shut down the computers that are still infected as a way to stop the spread.
You don’t need to be a computer geek to check if your computer is infected. You also don’t need to panic as the virus has been shut down and the people behind it arrested.
You simply need to check. There are 2 steps for checking to see if your computer is infected:
1. Visit this website to detect your computer’s IP address, which will be displayed as a group of numbers separated by periods. Mine is displayed below.
2. Visit the FBI’s official website and enter the IP address into the box provided and then click ‘check dns’. My DNS is clean which means my computer does not have the virus.
If you find you have the virus you may want to check for any signs of identity theft. You may have unknowingly given personal information to what was actually a copy of a popular website. If you are a victim of this, you can file a claim here.
Looking for a magic tool that can help you regain your online privacy? Well, you might have one. Abine, the leading provider of online privacy solutions recently announced that they are releasing a new product called Do Not Track Plus. This simple tool is designed to be straightforward yet effective so that online users can avoid being tracked. How the tool works is that it notifies the user when he or she is being tracked online so that the user can disallow the tracking.
We all know just how annoying those advertisements can be, too. We see them on social media sites, while browsing on the web or even shopping around on a particular website. While it’s nice to be linked to products or services that pertain to our lifestyle, how these advertisements are getting our information is not okay. Thanks to DNT+, users have more control over who’s tracking their online activity and when.
DNT+ is the first product that’s being launched in Abine’s collection, but there’s more to come. The company hopes to provide a range of practical tools for online privacy instead of waiting for Congress to come up with better laws. DNT+ works with all browsers, including Firefox, Google Chrome and Internet Explorer. Best of all, it’s free.
That’s right, you can download DNT+ directly from Abine.com and it will block hundreds of trackers that collect, use and sell your information. Being a company that’s promoting better online privacy, Abine never collects or shares information, so you can rest assured that what you’re downloading is safe. How the company makes its money is by selling its products for money, as there are a variety of tools and resources for people to utilize.
One click will get you better privacy, plus you can expect your websites to load and run faster. And don’t worry about how strict DNT+ is; you can adjust the settings so that you can play your favorite social games and shop for your favorite products without having to give up your online freedom. This is what makes DNT+ so unique; it’s not an all-or-nothing program, but one that gives online users the control and flexibility they need to be safe while online.
Image Source: news.cnet.com
With iOS and Droid systems getting the entire spotlight, you may not have noticed a new phone peak up from the clouds: a Windows phone. Windows has been trying to branch into the market for quite some time and finally made their mark with the Windows Nokia phones, with 710 available in stores now, and the 810 and 900 models to be followed soon after. The phone has received positive praise for its seamless operation, user-friendly platform and colorful apps. But just like any new phone, how do we know that what we download is safe and adhering to the privacy policies?
Last fall, Microsoft was under scrutiny that they had unintended behavior on their location services. For example, when using certain parts of the phone, it asked you to set your location. Microsoft was accused of tracking Windows phone locations without collecting consent or giving a reason for using this information. Your options were Allow or Cancel, which obviously, cancelling would just exit you from the application. Users were frustrated that they had to give out their location and have their phones tracked without ever agreeing to the tracking in the first place.
Congress is working hard to have better online privacy for computer users, but when it comes to mobile phone apps, many of these privacy policies are overlooked or simply ignored by developers. So yes, most mobile phone users are tracked and information collected, providing they are using the apps and having their location set. Since accountability is unclear, it’s easy to overlook privacy policies and still continue collecting information for the benefit of third party companies.
Windows is not exempt from this issue, as all phones deal with privacy policies. Fortunately, Windows and Apple have the same approach of having strict privacy policies in place that apps must adhere to before they are approved, unlike Google that has some defined policies, but generally wait until a problem is reported before they pull the application.
Image Source: en.wikipedia.org
Voting on the two sets of anti-piracy proposals – PIPA and SOPA – has been postponed indefinitely, the U.S. Congress reports. Last week on January 18, 2012, approximately 10,000 websites shut down as a way of showing their disapproval with these proposals that would limit free speech and allow internet censorship. At least that’s according to these sites, among which include Wikipedia, WordPress and Mozilla.
On the other side of the fence, SOPA and PIPA supporters argue that web creators need better tools that would help fight online piracy and copyright infringement. These proposals don’t come out of nowhere. They have been modified many times to reflect the needs of content creators. Initially, the proposals stated that they would have required the blocking of criminal sites, but have since removed this provision because of web content creators speaking out.
Supporters of PIPA and SOPA say that companies that participated in January 18th’s blackout are not sharing the whole story and are instead skewing the facts, which in turn is misguiding the public. These very sites that online users trust are misleading their users and encouraging them to vote against PIPA and SOPA, inevitably allowing piracy and online copyright infringement to keep occurring.
Of course, opponents fire back and say that these proposals will have many unintended consequences that will limit free speech and the internet as a whole. In fact, the whole framework that has made the internet so successful will be broken.
At this time, these online companies want Congress to take a step back, look at the proposal in depth and not rush through anything. Most importantly, they don’t want to have their websites shut down just because they’re affiliated with a site that is engaged in copyright infringement or piracy.
Voting was supposed to take place this month, but has now been placed on hold. PIPA and SOPA are not dead, but just postponed for now, as Congress works to restructure the proposal.
Image Source: iconarchive.com
How many times have you found yourself away from home and needing to check your account balance? We’ve all been there, and for most of us, we feel more comfortable using an app to check our balance than risk going overdrawn – again. But how safe are these mobile banking apps?
Smart phone banking is on the rise thanks to mobile apps that are fast, efficient and give us the information we need while on the go. These apps are not yet perfected, so they do carry some risk that could have your banking information in the hands of the wrong person.
The most important privacy issue to be aware of is that mobile apps can carry malicious software that steals information from your banking account. App stores don’t always review their apps, so it’s easy to slip this software into them. If you buy directly from Google or Apple, you can expect that the app should be safe, but other app stores – don’t be so sure.
Second, you don’t have the same type of security on your phone as you do on your computer. Therefore, if there is malicious software on the app, the phone won’t recognize it as a laptop or computer would.
Finally, many users choose to use their banking apps while on WiFi networks, which are unprotected and have many people – yes, hackers – watching over what others do. And think about your own phone; if anyone picked it up, it probably wouldn’t have a passcode that would keep an unwanted person out.
Fortunately, you can proceed with caution, even though apps have taken a recent hit with a 400 percent increase in malware in the Android market alone in 2011. First, see if you need an app in the first place. Some banks have a mobile-based website that you can use in place of an app. These banking sites are much more secure, although you still want to use caution when in a WiFi network.
Image Source: Flickr.com