Do You Know Where Your Kids Are Playing Online?

surprised faceKeeping up with kids is difficult and keeping up with changing technology that affects them can really leave you feeling overwhelmed. A study by Intel Security lets us know that now, we even perceive what kids are doing is better than what actually may be.

We know no kid is better behaved and honest than yours. But they are a curious lot and no matter how great they may be, they still are likely going to go poking around online when given the opportunity. The three misperceptions found in the study come down to trust, online safety methods, and thinking kids know more than parents about technology.

You may be able to trust the kids, but you can be sure that you should not trust the Internet. There are a lot of scary things out there and malware is probably one of the least to worry about. Online predators are real and dangerous. They are sneaky and can take advantage of the fact that a kid’s brain does not fully form until he or she is into the 20s. Decision making is a learning process. Scammers are lurking around every corner trying to get any information that may lead them to a payoff and malware hides behind all sorts of links, including advertisements that seem harmless. Teach them how to make the right choices.

Be sure to have a frank conversation with kids about online security. Start as soon as they start using computers or smartphones. Explain that they should never reveal their names or address, any sensitive data or otherwise without asking permission from a parent first.

Learn the sites they like to visit and what they are all about. Make their social networks your hangout too and create a “village” to help keep an eye on them. No matter how trustworthy they are, you still need to monitor the roads they go down. It’s just like making them clean their rooms. If you aren’t there, they will probably take the other fork.

Take the time to learn new technologies that are all the rage with the kids these days. Don’t assume that you can’t figure it out. If you truly cannot, ask for help. This includes learning how to use their mobile devices.

The physical and virtual worlds are dangerous places. Just as you help them understand stranger danger, teach them online safety too.


© Copyright 2015 Stickley on Security

Android Bug Sends Video Malware Via Text

video malwareFor all the smartphone and tablet users out there, another bug has been reported in the Android operating system. Before you panic, it is not suspected to be currently exploited by hackers and there is already a patch available, but there is some not so good news.

The researcher, Joshua Drake, who discovered it in his lab, sent the patches along with the issue to Google a few months ago. Google also released it. The problem is that the manufacturers of the devices and the service carriers may not have pushed it out to their customers.

The vulnerability may allow an attacker to perform functions on Android devices without the end user doing a single thing. If a video is created with malware inserted and sent in the form of a text, as soon as it is received by the device, it can perform functions. The user doesn’t have to view it or open it.

Issues like these underscore the importance of applying patches and updates as soon as they are made available. Also make sure you are running some type of anti-malware on mobile devices and that is always kept updated. It is recommended that you configure the settings to update the files automatically. Then, you don’t have to worry about that.

One of the criticisms security professionals and others have about patches for mobile devices running on the Android operating system is that it is ultimately up to the manufacturers and carriers as to when to release patches for vulnerabilities such as this one and for the most part, that does not appear to be a priority because they would rather users buy new devices than patch them. So, you can also try lobbying your mobile service providers and device manufacturers to push out the updates in a timely manner.

In addition, since this affects the default messaging programming on Android, consider using another one for the time being; as long as it isn’t Google Hangouts. That program processes videos right away so the user does not have to spend time searching for them.

According to researchers, only about 20% of the Android devices will get updated with an upper optimistic estimate of 50%. Another fun statistic from security firm F-Secure, is that in the first quarter of 2014, 99% of mobile malware threats were designed to run on Android devices.

© Copyright 2015 Stickley on Security

ATM Skimming, What You Need to Know

skimmingA thief stealing from unsuspecting ATM users is not new. However, it no longer means they hang out until the money is withdrawn and then rob the customers. The current trend is ATM Skimming. A crime ring in New York compromised over 26,000 transactions of 1,400 issuers in this manner. Losses were in the range of $3.5 million. Recently Wichita, Kansas’ police found seven card skimmers at various financial institutions in the city.

You may be asking what is an ATM card skimmer. It is a device that is placed over the actual machine’s card reader, often using double-sided tape. In some cases, the machines are tampered with and noticeable damage can be found. The skimmer reads the information off of the magnetic stripe on the card. Complementing that, a camera may be found nearby aimed at the keypad capturing PIN numbers.

How can you protect your information?

• The first rule is don’t use an ATM that is in a low traffic or low light area. It is typically considered more secure to use ATMs at banking locations as opposed to standalone machines. Not only for the safety of your money, but for physical safety as well. The thieves run a higher risk of being seen in these areas, so they tend to not use them as often.

• Identity thieves will often even construct their own machines in an attempt to steal data. To that point, use a machine with which you are already familiar whenever possible. It will be easier to detect anything different when you approach it. If it looks different from what you expect, and you are uncomfortable, use another one.

• Protect your PIN number by placing your hand or a piece of paper over the keypad when entering your number. This will prevent any cameras that may be installed from seeing what you pushed.

• Since tape is often used to attach the skimming devices, if something looks odd, wiggle it to make sure it doesn’t come loose.

• Don’t necessarily believe the instructions on a sign that looks unusual. Financial institutions will not ask you to swipe your card on a separate reader before putting it into the ATM, for example. Yet scammers will try this and it often works.

• Make sure you check bank statements for fraudulent charges and report anything suspicious to your financial institution in a timely manner. This is general good practice, regardless of whether or not you feel you may have been scammed.

• If anything makes you feel uncomfortable about a particular ATM, don’t feel bad about walking away and finding another one. The machines feelings will not be hurt.

• If someone offers to “help” you use the ATM, immediately decline and leave.

• If the machine doesn’t give you money, or gives you an immediate message that the machine malfunctioned, call the financial institution and let them know.

Criminals are getting smarter about using skimmers and often it is nearly impossible to detect the device. However, take a few moments to look around before putting your card into the machine. If anything strikes you as odd, report it to the financial institution.

Thieves use the information gained from these devices to create duplicate cards. Then they use them to make purchases or withdraw cash. They can steal a lot of money in a very short period this way.

Fortunately, there hasn’t been a skimmer that transmits wirelessly found, yet. So the criminals have to return to the machine to retrieve the data. An investigation regarding the Wichita scams is ongoing, and the police have released photos of the alleged perpetrators, possibly as they returned to do just that.

ATM skimming has become so popular among criminals that a task force has been created to get all segments of the ATM industry as well as the U.S. Secret Service involved in skimming investigations. As a result, some of the technology of ATMs is improving to a level making it more difficult to tamper with them. However, because of our 24-hour desire to have access to our money, and the sheer number of ATMs required to meet this, it will be a while before skimming is a thing of the past. It is getting there. For now, don’t avoid the machines. Just be aware and report anything suspicious.

© Copyright 2015 Stickley on Security

Study Finds Complex Passwords Not So Complex After All

passwordA study by a Texas-based information security company has determined that all the chatter about creating complex passwords may actually make them easier to crack.

The study involved analysis of 34 million stolen passwords from three separate data breaches: LinkedIn, eHarmony, and Rockyou. Out of that 34 million, they found that 50 percent of them followed the same structure.

The advice for making complex passwords is not bad. It is still best to use a combination of characters including upper and lower case letters, numbers, and special characters. However, the issue the researchers had was that when applications and websites require users to create a password using those rules, they don’t specify the placement of the various characters. And perhaps they should not. Creating complex passwords is frustrating enough for some people. However, it doesn’t mean it’s advised to ignore a well-structured one.

The study found that the structure most people used when following the strong password guidelines is that they used exactly one upper case letter and it was at the beginning of the password. As a result, passwords are easier to crack.

The guidelines are still the same, however and there is no reason to panic. Just keep in mind when you are creating and changing passwords that it’s worth shifting the placement of those special characters and consider using more than one of each to make it even more complex. And remember to always use at least eight characters and consider using pass phrases. It may make it easier to remember that way too.

© Copyright 2015 Stickley on Security

Scam Of The Week: Internet Capacity Warning

scamHere is the latest scam, possibly fueled by the recent news that we have run out of IPv4 addresses in the U.S.: Employees receive an email which claims to be from the “IT Services Support Department”. Obviously this is not legit, and a phishing scam tricking users so they enter their email account login credentials.

It tells the recipient their Internet capacity has reached 70% and that is why they need to contact support to avoid further problems. There is a “contact us” link in the email message so that the user can resolve the issue. Clicking the link redirects the user to a bogus “Help Desk” webpage asking them to submit their email account username and password, and when done, a Thank-You page appears.

The user may think the issue has been resolved, but the data has been harvested by cyber criminals and they will try to hijack the user’s email account for other criminal purposes.


Increased Card Security Coming This Fall


At NASA Federal, we know security is a top member concern. That’s why we’ll be adopting chip card technology this fall to increase the security of NASA Federal Credit and Debit Cards.

Chip card technology is becoming the standard in the U.S. for card payments, with its next level of protection and successful fraud reduction around the world. As it rolls out here in the U.S., NASA Federal is bringing it to you as a commitment to your security. So be on the lookout for more information over the coming months!