Archive for category Online Safety

My Heart Bleeds: What you need to know about Heartbleed

Guest Blog Entry By Christopher Burgess, CEO Prevendra

Heartbleed, is the name given to the bug which was found within the OpenSSL and has rendered many of our individual passwords compromised. The situation has been making the news over the past few weeks since the bug was discovered in late March and the patch put out in early April.

What makes Heartbleed so important, is the companies who are using SSL (that is the HTTPS in your browser window) all have to make patches to their software, and you as a user have to change your password once this has been accomplished.  To help, we’ve compiled some information, which you as an individual user need to know about Heartbleed and the ensuing aftermath of criminal activity surrounding exploiting us as we move through the remediation steps. Let’s start with, “what is Heartbleed?”

What is heartbleed:

Heartbleed was a bug within the OpenSSL code which many organizations and companies used to provide Secure Socket Layer (SSL) connectivity between your computer and the server hosting the website which you were connecting. The bug, located in the portion of the OpenSSL code called the “heartbeat” went undetected for almost three years. Once discovered, a patch was provided by OpenSSL, the U.S. Cyber Emergency Response Team (CERT) provided guidance on how to patch. The role of the individual user was to wait and then change your passwords, as Heartbleed compromised the SSL.

What is being done:

Most companies are patching their servers, renewing their security certificates and advising their constituents via postings on their page to change their passwords, or sending advisory emails asking you to visit the site and change your password (more on this below).

What can you do:

You can be patient and attentive. To prepare you should locate a strong password generator tool, as you will be changing a lot of passwords.  Here are two:

Password Generator Tool(available for download) from Source Forge

Ultra High Security Passwords from GRC the perfect password

Now go to each site where you log-in and check if the site has updated for the Heartbleed bug which rendered the site vulnerable.  How can you do that? Use one of these tools.

Github:  Heartbleed Test

TrendMicro:  Heartbleed Test

If the site has updated or is not vulnerable to the Heartbleed vulnerability, change your passwords and use a STRONG password.

What to watch out for:

Now it should come as no surprise to you that miscreants are using this period of high activity and rapid change to slide into the mix and get folks to click and download various items.  Phish and Scams taking advantage of Heartbleed are making their rounds. They have been seen as full-on spoofing of your bank – An email comes in ostensibly from your bank, advising you that the Heartbleed patch has been made and now you should “click this link” to change your password.  Others come in from friends whose email accounts or social network accounts have been compromised and carry content similar to, “have you read about Heartbleed, you need to read this one to stay safe” and then the reader clicks on the URL link and is taken to a site which contains malware (malicious software) waiting to be downloaded to your device.

Do NOT click on links in passwords or website or social network posts advising you to update and change your passwords – instead – type in the URL directly in your browser window.

Is there more to come?

The Heartbleed vulnerability has been identified and a remedy availed to industry. Some devices which contain the OpenSSL version with the vulnerability are a bit slower to remedy as it may require an update to firmware on the device. These include routers, DVR’s, etc. which many of us have in our homes. Keep an eye on these, and check for the software update feature (regularly) as this is the avenue by which the manufacturer will close the vulnerability.

Stay safe, and secure.

Christopher Burgess

About Senior Online Safety

Read more about online safety and scams at Senior Online Safety – published daily (alternating days in English and Spanish) and Follow along by connecting via Twitter, Facebook, and Google-Plus – Senior Online Safety exists as so many of us are answering questions for our parents, aunts, uncles and grandparents; as it matters not what age we are, if we know how to keep each other safe, we all win.

The guide: Senior Online Safety is available at all e-book retailers (including Amazon – Kindle, iBookstore – iBook and Barnes & Noble – Nook)

About Christopher Burgess:

Christopher Burgess is the CEO of Prevendra, a security, privacy and intelligence company.  He is also an author, speaker and advocate for effective security strategies, be they for your company, home of family. Christopher authored the e-book, “Senior Online Safety” (Prevendra, March 2014) and is the voice behind the website, Senior Online Safety.” Prior to the founding of Prevendra, Christopher held a variety of private and public sector positions, which included, chief operating office of a big data analytic company, Atigeo; Senior Security Advisor to the CSO of Cisco, a Fortune 100, and 30+ years within the Central Intelligence Agency, which awarded him the Distinguished Career Intelligence Medal upon his retirement.  Christopher lives in Woodinville, WA with his family, two dogs and two horses.

No Comments

Child Grooming

Child Grooming. Recognizing this behavior for what it is!!

Guest blog entry courtesy of Kim Estes.  Kim  is a child safety expert and the founder of Savvy Parents Safe Kids. Kim believes that every child deserves a safe childhood and that adults have the power to keep children safe.

The past week has been a firestorm surrounding the Penn State Child Sexual Abuse scandal. We have by now figured out what when wrong. We know horrible mistakes were made. We know horrific crimes were committed.

Walking in on a child being raped is obviously Child Sexual Abuse in progress. However, it didn’t start “just like that”.  Sandusky had a process that he followed to gain access to that child. So how exactly do predators get to the point where they have complete access to a child and complete immunity within a community?

The answer is simple. It is called grooming.

We hear about grooming of children, but before that can happen, a predator must groom the adults. Grooming adults clears the way to victimizing children.  If we want to stop children from becoming victims, we need to be able to identify when adults are being tricked and groomed and what the predators grooming steps are.

 

Steps and Signs of Child Grooming:

Identifies opportunities, organizations and communities with children

Builds trust through friendships and/or leadership (with the adults and children)

Begins to identify potential victims

Gains access to children

Begins testing boundaries (with children and adults)

Provides presents, praise and privileges (to both the adults and the children)

Creates secrecy

Abuse begins

Uses threats (towards children and sometimes adults) to keep their crimes secret

Adults are responsible for keeping the children in our lives safe. If you observe what you believe is child grooming in progress it is your duty to intervene. Talk to a supervisor, talk to your partner, talk to the police, talk to a specialist in Child Sexual Abuse prevention. Limit that person’s access to children immediately. Predators like to fly under the radar. If you start making noise and asking questions you will make it harder for them to be stealth in committing their crimes against children.

Visit Kim’s website at www.savvyparentssafekids.com

 

1 Comment

Human Predators & Personal Safety While Walking or Jogging

The Animal Kingdom

Think back to the documentary on television where the lioness is hunting.  She stalks a herd of deer as they approach a water hole.  She waits in the same place because she knows that the deer, being highly predictable, will come by at the same time every day. They must do so to drink.

As she moves in, she stays well hidden and singles out her target; usually the very young or very old, the sick member of the herd or the animal least aware of its surroundings! They are easy or “soft targets”. The inattentive animal doesn’t look up from grazing and hardly scans its surroundings. This is the animal that is also not listening and clearly does not know what is going on behind it. The lioness is much attuned to the body language of the inattentive. So are human predators!

If she is not hunting under her preferred cover of darkness, she will try to have the sun behind her so the herd is blinded making her even more difficult to see. She moves in as close as she can and then launchers her attack from behind, her victim’s blind spot.  If possible she will run her prey toward a terrain feature such as a steep embankment to be sure she channels it in the direction of her choosing. By the time her victim realizes what is going on its too late and the attack is complete.

If her intended prey starts to pay more attention to its surroundings and moves back into the middle of the herd where it will find safety in numbers, the lioness will wait, pass over what has now become a “hard target” and look again for an easy mark. This is called the victim selection process and is not unlike the process human predators go through. Victims are chosen, the process is not random and the attack plan well thought out.

Human predators operate in much the same way. Their ideal target too exhibits the three elements that make them “a victim looking for a place to happen”;  lack of awareness of surroundings, predictability of schedule, and placing themselves alone in an isolated environment.

Some Tips and Safety Strategies to Consider now that it is Getting Darker Earlier

  • If you run with one or two buddies, you are safer and have made those isolated areas less of a threat.  This is even more important in early morning and evening low light hours.
  • If you walk or run on different trails on different days at slightly different times with you buddy team you have exponentially hardened your target profile. Remember, predictability is one of your enemies.
  • Hearing is your parallel primary protective special sense. It’s on par with vision, so leave the head phones at home. People who have had close calls often tell us they heard someone coming up behind them before they saw them, giving them time to react.
  • If you must run alone, choose busier well light streets and run FACING traffic, making it difficult for a vehicle to pull along side. Also let someone know your route and the time you expect to return.
  • Always know where your “safe havens” are located. This could be a busy coffee shop or retail area, a well light parking lot or even a knowing at which homes along the route people are home.
  • Always bring your cell phone with you and be sure to keep track of any areas where there is weak or no signal.  Place it in a small Ziploc bag if you are worried about moisture.
  • If you carry pepper spray, carry it in your hand with a wrap band. It will only be of help to you if you can bring it to bear and discharge in an instant. Buy fogger sprayers NOT stream dispensers!
  • One of the best “things” you can bring on a run or walk is a dog. Regardless of size, they are good early warning systems and are just another layer of complications for a would be assailant.
  • If it’s cold wear earmuffs, NOT a hoodie which robs you of peripheral vision. Hoodies can also be grabbed and used as a “handle” by which to control you.
  • Remember that the most important area to be aware of is the blind spot behind you. The place ambush or blitz attacks are launched from.
  • Carrying a small personal alarm is preferred by some as is a small very high intensity flashlight that can temporarily blind an assailant and illuminate those dark areas that offer great hiding places.  These items can be easily clipped onto your waistband which is where your cell phone should be too.

Social Media and your Personal Safety

  • Do not plan runs or announce rendezvous points to your exercise buddies  via any social media or networking platform
  • If you want to post about a pleasant exercise outing, do so after the fact and keep the details, especially the route and location very vague.

 The Danger of Complacency

At this very moment and as you read this would be criminals or predators are not your primary enemy. Complacency is.  Do not fall into a false sense of security telling yourself “We live in a good area” or “Nothing bad ever happens here”.  Anything can happen anywhere. Don’t take chances. Implement your strategy and engage it with discipline. Be smart. Be safe and stay healthy!!

 

 

No Comments

Social Media Security Concerns UK Financial Services Company

Social Media Security Concerns UK Financial Services Company

Property Risk

Reuters recently cited findings from a study by Legal & General, a multinational financial services company headquartered in London, United Kingdom. The company was looking into the impact social media has on risk with regard to property and content. The report was called the “Digital Criminal”

Legal & General polled 2,092 people:

  • 38%- posted where and when they were going on their next vacation
  • 33%- posted where and when they would be on the upcoming weekend

Of 100 “friend requests” sent out during the study

  • 13 percent were accepted on Facebook – without any checks.
  • 92 percent on Twitter — without any checks.

Obviously Legal & General’s concern is revolves around risk to property and theft as people share way too much information online to include photos of the interior of their homes and valuables.

(More on the Reuters article written by Belinda Goldsmith)

 

 Employees and Family Personal Safety

It goes without saying that broadcasting where we will be or where we presently are at in real time, gives another set of criminals, those that would want to do harm to you, a family member or one of your employees, easy targeting opportunities.

Despite good access control and security which makes your place of work much safer,  social media is offering alternate non-worksite targeting venues and opportunities as employees broadcast where they will be and at what times.

A perpetrator might be a disgruntled worker or the batterer of one of your staff. The incidences of opportunistic targeting, which can lead to stalking, also increase with careless use of social networks.

 Social Media Security and  Safety Tips: Common Sense but Not Commonly Adhered To

  • Spend a moment vetting “friend” requests. The fact that you have “mutual friends” with someone you know well means nothing given the information revealed in the above study.
  • Never let people know where you are or will be; only where you were of have been! This includes posting photos upon return from an outing or vacation.
  • Try and be vague about where you have been and what time you were there. This makes it more difficult for someone to build a predictive profile on your habits and patterns.
  • Be cognizant of which photos you are included in and ask friends not to “tag” you.
  • Never tag your children in any photos.
  • Turn off the GPS feature on your Smart Phone before you use its camera. If not, the coordinates of where the photo was taken will remain embedded in the image code.
  • Think like a criminal. The layout of your home and valuables that appear in the background of any photo are useful pieces of information.
  • Be sure to disable the GPS feature on individual apps as well. If not, your location will be broadcast with each post or Tweet once again leaving a convenient trail as to your patterns and habits.
  • Ask yourself who benefits when you “Check in” via a location based app? We have polled audiences during our trainings. 95% of them say they really don’t care where you are and what you are doing. The only people that care as much as you are the criminal element mining social networking platforms for easy targets.
  • Is the “Out of Office” reply really necessary?  It is often the data point that alerts prying eyes to start tracking you online, since they know you are not at work.

 

Social Media Security and Safety Training for Companies

 

No Comments

Social Media Safety and Security

Our Predictability as a Vulnerability

Social media safety and security are a growing concern. As more people engage in social media the amount of information being shared in relatively open forums continues to grow.

Best practice is to post information and photos after an event rather than letting people know where you will be or where you are right now. It is also a good idea to be cautious about “checking in” when using locations based services. Geo location is a growing concern amongst social media safety experts.

If you exercise the discipline of only posting after an event, keep this tip in mind; if you frequent the restaurant or establishment mentioned in your post, you are still leaving a criminal with enough information to start building a predictive profile on you.

What do I mean by this? Simply put, our predictability is one of our primary vulnerabilities. It provides criminals a good map of when and where we will be.  This information helps them streamline their planning and victim selection process whether it may be a burglary or a violent crime on a person.

Humans are creatures of habit. We tend to walk and drive the same routes and stick to schedules that become quite obvious to those who might be observing. This is why those charged with protecting dignitaries and high profile people continuously change the routes, vehicles and departure times while transporting their clients.

Even if you are careful, but mention several times over the course of a few weeks that you are home from a specific location; a restaurant you frequent, your gym, your child’s school or a more regular after work activity, you have supplied enough information for someone to predict when you will be back at one of those locations.  This information greatly enhances the targeting opportunity.

So keep in mind, even if posting after an event, keep the specifics and location vague. Predictably is our Achilles Heel.  Again keep the specifics and location very vague!!

You might think that only friends and family in your social media network are privy to anything you share. You also might think that your friends have vetted the friends they share their platforms with.  Think again!

A Reuters article on a British company, Legal & General published some statistics from a study they did several years ago.

Their study revealed that only 13% of Facebook users vetted a friend request and a staggering 92% accepted new follows on Twitter without doing any checks!!

They also found that 38% of people on Twitter and Facebook would post about an upcoming vacation.

Social Media Safety Training Available onsite or in webinar format / One hour duration

Related:

Back to School Safety Tips — Social Media, Device Security, Malware by Christopher Burgess (For the Huffington Post )

Password- Creation and Usage – Online Safety & Security by Christopher Burgess

2 Comments