Resource Center

Do We Over-Monitor Our Kids, Just Because We Can?

Jul 27, 2017 in Resource Center | Comments Off on Do We Over-Monitor Our Kids, Just Because We Can?

“We are tracking our children’s every move, and they can feel it.”

“We are tracking our children’s every move, and they can feel it,” says lawyer and educator Elizabeth Small in the Washington Post. Small’s concern is that children do not have a space that is private, where every moment of their lives is not monitored and shared by parents, teachers and others.

Children are being observed and photographed at school, their computer activity is monitored by parents at home, and their cell phones are tracked by parents who want to know where their children are and what they are doing every minute of the day. An article in the New York Times says, “One danger of these technologies, of course, is that many parents will be tempted to overuse them, and in intrusive ways. A parent who constantly micromanages a teenager’s life — Why did you stop here? Why did you go there? — risks stifling the independence needed to develop into an adult.”

Small recounts a conversation with her daughter after the daughter was called to her school office. She was afraid that she was in trouble for something. Small asked if her teacher had spoken to her about anything, and her daughter said no, but she worried that cameras in the hallway had caught her whispering to a friend in line. Cameras? “Yes mama, there are cameras everywhere.”

While Small loves having the information about her children that she receives through their teachers’ online journals, videos and social media posts, she wonders if it is healthy to have so much real-time access to her children’s lives. “I also remember what it was like to be a student. I loved school mostly because it was a place I could be invisible from my strict family. School gave me the freedom to experiment with my identity,” says Small.

Some experts are concerned that children have little or no say over how much of their lives are monitored and shared. Danah Boyd, the founder of Data & Society and a visiting professor at New York University, said that sharing digital information can be a sign of trust and respect between people with close relationships, but that it can become an abuse of power in unequal relationships.

She said that when she was working with teenagers she was disturbed to find that the privacy norms established by parents influenced the children’s relationships with their peers, such as sharing their passwords for social media and other accounts with boyfriends and girlfriends. “They learned this from watching us and from the language we used when we explained why we demanded to have their passwords,” said Boyd. “And this is all fine, albeit weird, in a healthy relationship. But devastating in an unhealthy one.”

Parents want to protect their children and be involved in their daily lives; however, Small recommends that parents be “deliberate about giving them spaces where we don’t, even by accident, seek a window into their world, or a way to monitor their lives. Parents need to make sure they are giving their kids age-appropriate levels of privacy, and letting them know what information they are accessing.”

Watch Out for Unclaimed Property Scams

Jul 27, 2017 in Resource Center | Comments Off on Watch Out for Unclaimed Property Scams

Does your state have money waiting for you?

The letter seems to promise good news. It says the state is holding money that belongs to you, and all you have to do to claim it is send your personal information or pay a fee. Although it appears to be legitimate, the letter may be from fraudsters looking to steal your money or your identity.

Every state has an unclaimed property fund. According to the National Association of Unclaimed Property Administrators (NAUPA), in 2015 the states collected $7.763 billion in unclaimed property and they were able to return $3.235 billion to the rightful owners. What money goes into the unclaimed property funds? According to Unclaimed.org, these assets are from accounts that have been dormant for at least one year. Common forms of unclaimed property include savings or checking accounts, stocks, uncashed dividends or payroll checks, refunds, traveler’s checks, trust distributions, unredeemed money orders or gift certificates (in some states), insurance payments or refunds, life insurance proceeds, annuities, certificates of deposit, customer overpayments, utility security deposits, mineral royalty payments, and contents of safe deposit boxes.

There are companies that obtain information about the owners of funds held by the states and send letters offering to claim the funds for them for a percentage of the amount received. Although this is legal, it is not necessary to use these intermediaries, as consumers can recover their funds directly from the states. Some states charge a small administrative fee to return the property, but there is usually no charge.

The scammers, however, are sending mass mailings to people who may or may not have unclaimed funds in an effort to collect an upfront fee or simply get them to provide their personal identifying information so the scammers can steal the consumer’s identity. “These scams are just rampant,” said David Milby, director of NAUPA.

The best way to avoid getting scammed or paying unnecessary fees is to ignore these letters and do your own search to determine if you are owed money. Even if you haven’t received a letter from anyone, you can start at MissingMoney.com, a site that allows you to search the records of almost every state at once. There are, however, a few states that do not include their data on that site, so you can also find links to each state’s database at Unclaimed.org. Be sure to check in states where you used to live and work, as well as your current state. And check under other names you may have used, such as a maiden name or business name. If you find that funds are being held in your name, you can file a claim to recover them.

A New Kind of Phishing Scam

Jul 27, 2017 in Resource Center | Comments Off on A New Kind of Phishing Scam

A phishing attack where you don’t have to enter your personal info.

In a typical phishing attack, users are tricked into keying in their passwords or other sensitive data on fake websites. However, the recent Google Docs phishing scam used OAuth, meaning that users didn’t have to enter any information to give the bad guys access to their email accounts.

What is OAuth?

OAuth is an open authorization standard that allows users to log in to third-party websites using their account with a site such as Google, Facebook, Twitter or Microsoft without disclosing their password for those services to the third-party sites.

Some sites allow you to log in using, for example, your Facebook account. To log in to the site, you are sent to Facebook where you enter your Facebook credentials, if you are not already logged in to Facebook. The third-party site never sees your Facebook password, but Facebook sends a token that lets them know who you are. The third-party site then gives you access. Depending on what permissions you set, you may also choose to give the third-party site access to some of your Facebook data, such as the names of your friends, or allow your Facebook friends to see what you are listening to on Spotify.

What happened in this scam?

OAuth is convenient when you are dealing with legitimate apps and websites, as you do not have to remember and enter a large number of passwords. You can use your credentials for a site such as Google or Facebook to log in to another site without revealing your Google or Facebook credentials to the other site.

In this scam, though, a fake app was created that caused users to believe they were dealing with a Google Docs app. Instead of a legit document, the email link initiated a process to give a phony app masquerading as “Google Docs” access to the user’s Google account. If the user was already logged in to Google, the connection routed that app into an OAuth permissions page asking the user to “Allow” access to the user’s legitimate Google Drive. It appeared authentic to most users, and there was nothing that would alert security software that the page was not legitimate.

Although Google shut the scam down quickly, an estimated one million users were affected. Because Google revoked the permissions granted by the scammy app, users’ information is now safe.

How can users avoid these scams?

Many experts expect that there will be many more of these attacks, and there is currently no automated way to detect a phishing email. You should follow best practices for avoiding phishing attacks of all kinds. Because an attack using OAuth can be especially hard to detect, technology expert Bob Rankin offers the following: “My policy is to avoid OAuth unless I know the party asking to use it is legitimate. I will register the tedious way instead, creating a username and password and providing a throwaway email address if necessary. Under no circumstances would I grant OAuth privileges to any sender of email that I was not expecting, even if it appears to come from a friend or trusted website.”

Pacemaker Data Used to Convict Arsonist

Jul 27, 2017 in Resource Center | Comments Off on Pacemaker Data Used to Convict Arsonist

The Tell-Tale Pacemaker

Anyone who watches police procedurals on television is aware that law enforcement often uses data from cell phones and electronic toll tags to verify a suspect’s movements and actions. With the advent of smart devices there is much more data available, and law enforcement is using it to help identify the guilty parties and clear the innocent in a variety of crimes.

Data collected from connected devices, including Amazon Echo, fitness bands, smart refrigerators, thermostats, cars and others, are increasingly being used in court to prove or disprove the claims of law enforcement, defendants and witnesses.

One recent case involved a man who was charged with arson, at least in part because of data from his pacemaker. When a house fire destroyed Ross Compton’s Middletown, Ohio home, he told investigators that he had been sleeping when the fire broke out. He said that he was able to pack some items into suitcases, break out a window and escape the fire with some of his belongings. Investigators learned that Compton has an artificial heart implant with an external pump and electronic pacemaker. They got a search warrant to obtain data from his pacemaker, which they had reviewed by a cardiologist.

The cardiologist’s opinion was that, “[I]t is highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions.” Based on this data, in addition to other physical evidence, Compton was arrested and charged with arson and insurance fraud.

This is not the only example of law enforcement using data from an electronic device to obtain evidence. As one example, in 2015 a woman in Pennsylvania told police she had been sexually assaulted in her sleep. Data from her Fitbit, a wearable fitness-tracker, showed that she was awake and walking around during the alleged crime. That information was used to charge her with making a false report.

Arkansas police found an Amazon Echo at a murder scene in Bentonville that they hope will help them with their investigation into the death of a man strangled in a hot tub. Although Echo only records what’s said to it after it’s triggered by someone saying its wake word (e.g., “Alexa”), police are hoping the Echo may have inadvertently recorded something that might be of use to them.

Amazon, however, is not eager to hand over this kind of customer information to law enforcement. Amazon stores voice recordings from the Echo on its servers to improve its services, but they declined to provide the voice recordings that were sought via a search warrant. Amazon has since turned over the data after the customer gave them permission to do so.

As the Internet of Things (IoT) records more data about our daily lives, it is inevitable that the courts will have to weigh privacy concerns against the interests of law enforcement. Jules Polonetsky, chief executive of the non-profit Future of Privacy Forum, said that while legal issues are still being debated, “you should always know if you have a device that is sending data elsewhere.”

Leaked NSA Tools Infect Computers Worldwide

Jul 27, 2017 in Resource Center | Comments Off on Leaked NSA Tools Infect Computers Worldwide

Weaponized software stolen from NSA, leaked.

Hacking group The Shadow Brokers has leaked more than a gigabyte worth of weaponized software exploits stolen from the United States National Security Agency (NSA). This toolkit gives anyone, even those without sophisticated technical knowledge, the technology to potentially compromise systems around the world. The Shadow Brokers had attempted to auction off the stolen technology, but when no buyers appeared they released it online for free.

One tool leaked by the group has been used to infect Windows computers with malware. Known as DoublePulsar, the malware is an extremely stealthy backdoor through which other malware can be loaded onto infected computers. The infected machines can then be used to distribute malware, send spam, and launch attacks on other computers. Once infected, those machines may be open to other attacks. Initial reports were that more than 10,000 computers may have been infected. According to Dan Tentler, founder of security consultant Phobos Group, “People [who] have gotten their hands on the tools just started exploiting hosts on the Internet as fast as they could.”

The good news is that patches exist to fix the vulnerabilities exploited by these tools. Microsoft has said that the exploits disclosed by The Shadow Brokers have already been addressed by previous updates to supported products, so customers with up-to-date software are already protected. The bad news is that some users are unable (or unwilling) to apply the critical Windows updates, leaving those systems open to infection. This would include users running systems that are no longer supported, such as Windows XP or Vista. Systems running Windows 10 were not affected.

The most important action consumers and businesses can take to protect themselves from these and similar threats is to keep their operating systems current and install all timely updates. As threats are discovered, Microsoft patches Windows to remove vulnerabilities.

Is Your Kid a Hacker?

Jul 27, 2017 in Resource Center | Comments Off on Is Your Kid a Hacker?

Is your child a tech genius—or a criminal hacker?

If your child spends most of their free time alone with their computer, seems to know more than they should about other family members, has multiple accounts you cannot access and their computer is full of encrypted files, they may be a talented computer whiz kid with a bright future in technology. Or, if they choose another path, they may become a criminal hacker.

Of course, not all hackers are evil. White hat hackers, also known as “ethical hackers,” use their skills to make the internet a safer place. They help online companies find and fix security holes so they are not exploited by the bad guys.

Young people may be attracted to illicit computer activities without understanding the possible ramifications. If they are using family computers and internet connections for illegal hacking, they could be putting themselves and their families at risk for legal penalties. How can you tell if your child has a healthy interest in technology or if they are involved in unethical or even illegal hacking? And what can you do to get your child hacker back on the right path?

Security expert Roger A. Grimes dealt with teen hacking in his own family. His 15-year-old stepson was part of a hacking club that indulged in malicious hacking such as DDoS attacks on popular websites and making malware. Grimes identified 11 signs that your kid may be involved in illicit hacking:

  1. They brag about how easy it is to hack.
  2. They seem to know too much about you. If they know things they could only know by reading your email or other online communications, that is a sign they may be hacking you.
  3. They use sophisticated security for their computer files, including strong encryption.
  4. They have multiple accounts that you cannot access. Multiple accounts are not the problem, but if they have secret accounts they will not share, that may be a sign of hacking or other illicit activities, such as porn.
  5. You find hacking tools on their computer. Note some file names of unfamiliar programs and do an internet search to see if they point to hacking.
  6. They use hacking terms such as Pwned sites, DDoS, doxing and others.
  7. Your internet provider warns you to stop hacking. Do not assume these warnings are off base. They may know more about what is going on with your internet connection than you do.
  8. Your child’s close friends have been investigated for computer crimes.
  9. They often switch to “boss screens” when you enter the room. These are fake screens mimicking spreadsheets or other files that hide what the computer user was doing. This may just be because the child desires privacy, or they may be hiding something.
  10. Installed monitoring tools never show activity. A lack of activity in the logs could mean that your teen hacker is using proxies or other workarounds to hide what they are doing.
  11. Their grades suddenly drastically improve. It could be a sign that they are hacking their grades in the school’s computer system.

Grimes points out that some of these may be normal teenage behaviors and not signs that your child is a malicious hacker. However, if your child is engaging in unethical or illegal activities, there are things you can do.

  • Let them know you are aware of what they are doing, that it is illegal, and it can have long-term consequences.
  • Tell them you will be monitoring their activities, and if you find evidence of any misbehavior all of their electronic devices will be taken away for a long time.
  • Move their computers into the main living area where you can monitor their use.

It is possible to channel malicious hacking into more positive activities, if parents are aware and involved with what their children are doing online.

Quarterly Newsletter

Jul 27, 2017 in Resource Center | Comments Off on Quarterly Newsletter

Study Shows Consumers May Be Making ID Theft Easier [Privacy]

Are you making ID theft easier?

A new study by Experian shows that although consumers are concerned about the security of their personal information, a majority underestimate their risk of identity theft. They fail to take action to protect themselves because they believe they will not be a target or it is too much of a hassle to constantly worry about securing their personal information, leaving themselves vulnerable.

Although most survey respondents said they felt very or somewhat informed about identity theft and fraud and how to protect their personal information, many of them hold incorrect beliefs about the dangers of identity theft. For example, 66 percent believe that the risk of identity theft diminishes over time after personal information is stolen.

Many believe they are unlikely to become victims of identity theft because they don’t make enough money. Seventy-two percent think that fraudsters are only interested in stealing the identities of wealthy people. And more than half (53%) falsely believe they do not have to worry about identity theft because the banks and credit card companies monitor their accounts.

While most respondents were aware of some of the ways identity theft can occur, such as data breaches (85%) and phishing (76%), only 60 percent were aware that criminals also commit identity theft by going through trash and mail.

The survey showed that even though survey respondents were aware that online activities could make them vulnerable to identity theft, many of them still engage in risky behaviors such as:

  • Using public WiFi to shop online (43%)
  • Sharing account usernames and passwords with others (33%)
  • Sharing mobile device passwords (29%)
  • Sharing credit card numbers or associated PINs (25%)
  • Allowing someone to use their personal information to get a job or credit (20%)

There was good news in the survey, too. Positive steps taken by respondents include:

  • Always or often using unique passwords for different online accounts (58%)
  • Always or often changing and rotating passwords for online accounts (46%)
  • Managing privacy settings for online accounts and mobile apps (44%)
  • Always or often reviewing privacy policies for online accounts or mobile apps (31%)
  • Never sharing credit card numbers or associated PINs (75%)
  • Never sharing their mobile device passwords (71%)
  • Never sharing usernames or passwords for online accounts (67%)
  • Never engaging in online shopping when using public WiFi (57%)

“Understanding the risks, being aware of the dark web, and researching what can help monitor and mitigate fraud aren’t optional these days. Unfortunately, the survey suggests consumers don’t consider these necessities a priority, which makes life easier for fraudsters,” according to Michael Bruemmer, vice president of identity protection at Experian.

Five Fast Facts About Credit Freezes

Jul 27, 2017 in Resource Center | Comments Off on Five Fast Facts About Credit Freezes

Fast Facts:

Five Fast Facts About Credit Freezes

A credit freeze seems like a simple way to lock down your credit and protect yourself from identity theft. It can be a good solution, but it is not right for every situation. Before choosing to freeze your credit, consider these five fast facts about credit freezes.

  1. Credit freezes are not free. Most states allow the credit bureaus to charge a fee (e.g., $5 – $10) to place or lift a credit freeze. Fraud alerts provide some of the same protections without the fees.
  2. You will have to lift the credit freeze if you apply for credit or an employer does a background check. You would then have to place the freeze again.
  3. You need to place freezes with all three credit bureaus: Equifax, Experian and TransUnion.
  4. Some entities will still have access to your credit file, including existing creditors and their debt collectors and government agencies under some circumstances.
  5. A credit freeze will not affect your credit score or prevent you from obtaining a free annual credit report. A credit freeze will not stop pre-screened credit offers. To do that, call 888-5OPTOUT or go online.

Travel Tips

Feb 8, 2017 in Resource Center | Comments Off on Travel Tips

  • traveltipsMake sure the airline claim check on your checked luggage is correct. The airline tag should match the airport at your final destination.
  • Always carry travel documents, medication, jewelry, keys and other valuables in your carry-on luggage. Items such as these should never be packed in checked luggage.
  • Label each piece of luggage on both the inside and the outside with your name and telephone number. Label your laptop computer as well.
  • Remove old claim checks on your luggage to avoid confusion.
  • Avoid wearing clothing, jewelry or other accessories that contain metal when going through the security checkpoints at the airport.
  • Having a travel kit perpetually stocked in a waterproof case will save in packing time before the trip and aggravation after arrival.
  • Before you leave on your trip, make two sets of photocopies of your valuable documents and tickets. Pack a copy and leave a copy at home.
  • Create your own packing list based upon your destination, accommodations, weather, tour activities and number of travelers
  • Wrinkles are caused by under-packing and over-packing. Avoid wrinkles by packing light and tight.
  • Buy an inexpensive camera with flash for children old enough to use it. The trip is then photographed from the child’s perspective.
  • When travelling with small children, take along a package of outlet covers. Most hotel rooms neglect to provide them and there are often outlets placed at children’s height.
  • To help kids remember their trip in their own words, buy postcards along the way and have them write on them. At the end of the trip, punch a hole in the corner of the postcards and put them on a ring.
  • Traveling with your pet? Affix a current photograph of your pet to the top of the crate for identification purposes. Should your pet escape from the carrier, this could be a lifesaver. Also carry a photograph of your pet.
  • Travel during off-peak times. If possible, book your flights mid-morning through early afternoon or in the evening from Monday through Thursday.
  • Before leaving the rental lot, inspect the car for the correct mileage information and any visible damage to the car. If damaged, a notation should be made on the contract before leaving the rental location.
  • A nylon tote bag that folds compactly into its own pocket can be used as a beach bag during your vacation and as an extra carry-on for your return home with fragile souvenirs.
  • Always carry a small kit with some basic first aid items in your hand luggage.
  • Bring an extra supply of prescription medications with you in case your trip is unexpectedly extended. Also, bring a hard copy of your prescriptions with you.

Five Digital Terms You Need to Know

Feb 2, 2017 in Resource Center | Comments Off on Five Digital Terms You Need to Know

New terms are added to our digital vocabularies all of the time. Here are five/six terms you should know.

Internet of Things (IoT) refers to the network of devices that feature an IP address for internet connectivity, allowing them to communicate with each other and other Internet-connected devices. The IoT may include security systems and cameras, thermostats, cars, appliances, lights, vending machines and more.

Metadata is “data about data.”  Metadata for a document may include such elements as file size, date created, author name, etc. that help to identify and locate data. You might think of it like a library card catalog for data files.

A geotag is metadata that contains geographic information. For example, photo geotags may include latitude, longitude, altitude, compass bearing and other attributes. Smartphones and many cameras automatically geotag photos, or tags may be added manually.

BitTorrent is a protocol that makes downloading large files faster on peer-to-peer (P2P) file-sharing networks.  Downloading a large file from one source can be very slow, so the BitTorrent system will locate multiple computers with the same file and download it in parts from several computers at once.

Emoji are small digital images or icons used to express an idea or emotion, typically used in text messages. You can see many popular emojis and their meanings at Emojipedia.org.