Source: net-security

Members of online social networks may be more vulnerable to financial loss, identity theft and malware infection than they realize, according to a new survey from Webroot.

Surveying over 1,100 members of Facebook, LinkedIn, MySpace, Twitter and other popular social networks, Webroot uncovered numerous behaviors that put social networkers’ identities and wallets at risk. Among the highlights:

• Two-thirds of respondents don’t restrict any details of their personal profile from being visible through a public search engine like Google;
• Over half aren’t sure who can see their profile;
• About one third include at least three pieces of personally identifiable information;
• Over one third use the same password across multiple sites; and
• One quarter accept “friend requests” from strangers

Social Networks Present New Opportunities for Cybercriminals

Cybercriminals employ various types of trickery and malware to capitalize on risky behaviors. One common tactic is phishing, which hackers use to entice victims into downloading an infected file, visiting a disreputable site outside the social network, or wiring money to a “friend in distress.”

Summary of Key Findings

Social networkers make private information public:

• 80 percent allow at least part of their profiles to be searchable through Google or other public search engines; 66 percent don’t restrict any profile information from being visible through public search
• Over half (59 percent) of respondents aren’t sure who can see their profile
• Over one quarter (28 percent) accept friend requests from strangers; of those, one third (36 percent) do not cloak any of their profile information
• About one third (32 percent) include at least three pieces of identifiable information

Privacy concerns outweigh protective actions:

• 78 percent expressed some concern over the privacy of the information they share in their profiles
• However, 36 percent use the same password across multiple sites
• And 30 percent do not have adequate protection against viruses and spyware

Younger users take more risks – 18-29 year olds are more likely to:

• Use the same password across multiple sites (51 percent, versus 36 percent overall)
• Accept a friend request from a stranger (40 percent, versus 28 percent overall)
• Share more personal information that may compromise online privacy (67 percent share birth date, versus 52 percent overall; 62 percent share home town, versus 50 percent overall; 45 percent share employer, versus 35 percent overall)
• Experience a security attack (nearly 40 percent, versus 30 percent overall)

Source: net-security

June is Internet Safety Month, and simple identity theft protection steps such as shredding your mail and keeping careful tabs on your bank accounts and credit cards are essential first layers of protection against identity thieves. But there is an open door in many homes that is inviting criminals into personal information, and it is often left unprotected – the computer.

A recent study by online security provider Tiversa found more than 13 million online files have been breached over the last year, and P2P sharing services seem to be a popular way for criminals to get in.

There are steps consumers can take to reduce their risk for identity theft through the use of P2P file sharing services. LifeLock offers the following online safety tips:

• Install file-sharing software carefully, taking special note of default settings and permissions

• Use security software and make sure you keep it up-to-date.

• Be sure to close your connections when you are done with a file-sharing session.

• Maintain backups of all important documents.
• Talk with your family about safe file-sharing practices

• Before providing personal information to your doctor, attorney, insurance company, employer or anyone else make sure to ask for details on how they will keep this data secure

Identity theft is costing Americans more than $1.8 billion annually, according to the Federal Trade Commission, and the latest FTC reports show the number of identity theft complaints has grown by 80 percent since 2000. Among the forms of identity theft and fraud reported to the FTC in 2008 are credit card fraud, medical benefit fraud and falsified government or employment documents.

Source: infosecurity

News, yesterday, of the latest censorship actions targeting BlackHat presenters. This time, Juniper Networks has muffled the presentation slated for the hack confab by Barnaby Jack, an employee of the networking concern. Not surprisingly, his presentation, focused on Automated Teller Machine vulnerabilities, was seen as a threat. A short snippet of the original news item appears after the jump.

From the original Risky.Biz post: “Juniper Networks Gags “ATM Jackpot” Researcher“

“RISKY.BIZ EXCLUSIVE — A demonstration in which security researcher Barnaby Jack would “jackpot” an ATM live on stage at the upcoming Black Hat security conference in Las Vegas has been pulled by his employer. Security and network device vendor Juniper Networks forced Mr. Jack to cancel his presentation, an anticipated highlight of the Black Hat event, following pressure from the affected ATM vendor. The demonstration would have seen the researcher hack an ATM live on stage, causing it to spit out cash, or “jackpot”. “The affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected,” a statement issued by Juniper Networks reads. “Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack’s presentation until all affected vendors have sufficiently addressed the issues found in his research…”

Source: truthtellers

What’s the most powerful action a patriot can take to defeat the federal hate bill now? Call all members of the Senate to say: “Attorney General Holder testified in Judiciary that the hate crimes bill discriminates and will not protect all Americans against hate crimes. Please ask your staff and Senator to watch Holder’s shocking testimony in the 10-minute video at www.truthtellers.org.” (Video HERE)

Since at least the 1960s, the Democrat Party has advertised itself as champion of equality for all Americans (except Christian/conservative, heterosexual white males and the unborn). This has been their clarion cry as they spearheaded equal rights for blacks, women, and now homosexuals. Liberals in Congress, as in state legislatures, have been persuaded to support ADL’s hate laws with assurances that these laws are progress toward equality and justice for all.

Now you can inform Democrat Senators of the testimony of the Attorney General that the hate bill is not about protecting everyone. Instead, it creates a legal apartheid, favoring the few over the many.

Call all Senators toll-free 1-877-851-6437 or toll 1-202-225-3121 (names available HERE on the action page at www.truthtellers.org).

Source:truthtellers

Senate Judiciary Democrats have stacked Thursday’s hate bill hearing with pro-hate bill witnesses, apparently by a ratio as high as 5 to 1!

At the same time, Christian/conservative groups, attempting to submit their own lists of witnesses against S. 909, are being turned away!

The official hearing notice/witness list at judiciary.senate.gov gives special importance to the testimony of Atty. Gen. Eric Holder in favor of the hate bill.  He is followed by these other witnesses:

• Janet Langhart Cohen, wife of former Clinton Sec. of Defense William Cohen, undoubtedly pro-hate bill.
• Dr. Mark Achtemeier, theology professor from Dubuque Theological Seminary.  He has been the center of controversy for allegedly homosexual-friendly statements and is very probably pro-hate bill.
• Gail Heriot, commissioner, U.S. Commission on Civil Rights, definitely pro-hate bill.
• Brian W. Walsh, The Heritage Foundation, opposing the hate bill.
• Michael Lieberman, counsel for the Anti-Defamation League of B’nai B’rith, originator of the hate bill.

Judiciary Bias against Christian/Conservatives

Janet Porter of Faith2Action told me conservative groups, such as Traditional Values Coalition, have submitted names of scholarly opponents of the hate bill as potential witnesses.  These include internationally recognized hate law authority Robert L. Knight.  But, she said, they are all being turned away.

Thus, we face a hate bill hearing in which are featured not only the Attorney General in support of the bill but liberals by a probable ratio of 5 to 1!

Lovers of freedom must loudly protest starting early Wednesday morning! Call all members of the Senate toll-free 1-877-851-6437 or toll 1-202-225-3121 (names listed HERE on the action page at www.truthtellers.org).  Give this message: “We demand a balance between conservative and liberal witnesses in the Judiciary hate bill hearing on Thursday.  This hearing is rigged in favor of liberals by a probable ratio of 5 to 1!“

Source:onenewsnow

A pro-family advocate is releasing a free textbook on family values.

The textbook is called Redeeming the Rainbow: A Christian Response to the Gay Agenda and was authored by Scott Lively, an attorney, pastor, and international consultant on family issues. Lively says the book is a compilation of more than 20 years of research and is available for free download as a PDF on DefendtheFamily.com.

According to Lively, the book is a useful tool for families with children in the junior high to high school range. He adds that the book takes a close look at how the homosexual movement pushes its agenda.

“Understanding the terminology that the gay movement has used to gain power and how that language has been used as a form of actual psychological manipulation of the public,” Lively explains some topics the book covers.

Lively says the book is written in terms that anyone can understand and admits that he is offering the book for free because he wants to get the material out as quickly as possible.

Source: TechRepublic

IT professionals must encourage their users to follow several security practices to minimize virus, spyware, and malware exposure. But many computer techs are too busy to spread the word, or they don’t have the time to build an appropriate memo or handout.
With that in mind, here’s a handy reference list of 10 steps end users can adopt to avoid infection (including when using home systems to read and send work e-mail, create, edit, and distribute documents and spreadsheets, access the corporate VPN, and perform other office tasks).

1. Install quality antivirus: Free -anti virus and\or  free anti-malware programs typically don’t provide adequate protection from the ever-growing list of threats.

2. Install real-time anti-spyware protection

3. Keep anti-malware applications current : Antivirus and anti-spyware programs require regular signature and database updates. Without these critical updates, anti-malware programs are unable to protect PCs from the latest threats.

4. Perform daily scans

5. Disable autorun

6. Disable image previews in Outlook : Simply receiving an infected Outlook e-mail message, one in which graphics code is used to enable the virus’ execution, can result in a virus infection.
7. Don’t click on email links or attachments : Users should never click on email attachments without at least first scanning them for viruses using a business-class anti-malware application. As for clicking on links, users should access Web sites by opening a browser and manually navigating to the sites in question.
8. Surf smart: Many business-class anti-malware applications include browser plug-ins that help protect against drive-by infections, phishing attacks (in which pages purport to serve one function when in fact they try to steal personal, financial, or other sensitive information), and similar exploits. Still others provide “link protection,” in which Web links are checked against databases of known-bad pages. Whenever possible, these preventive features should be deployed and enabled.

9. Use a hardware-based firewall

10. Deploy DNS protection: Users can protect themselves from all these threats by changing the way their computers process DNS services. While a computer professional may be required to implement the switch, OpenDNS offers free DNS services to protect users against common phishing, spyware, and other Web-based hazards.

Source: HelpNet Sec

Security expert Aviv Raff declared July 2009 as “Month of Twitter Bugs”. He’s doing so in order to raise awareness of the Twitter API issue he recently blogged about.

Aviv said: “MoTB could have been easily converted to any other “Month of Web 2.0 service bugs”, and I hope that Twitter and other Web 2.0 API providers will work closely with their API consumers to develop more secure products.”

Every day during July a new vulnerability in a 3rd party Twitter service will be published on twitpwn. As those vulnerabilities can be exploited to create a Twitter worm, Aviv is going to give the 3rd party service provider and Twitter a heads-up of at least 24 hours before making the vulnerability public.

Source: HelpNetSec

Here’s a sobering statistic: according to the 2009 Verizon Data Breach report, 285 million records were compromised in the 90 cases that Verizon investigated in 2008. That is close to one exposed record for each of the roughly 305 million citizens in the USA.

Data security in today’s business world is a classic Catch-22. We need to protect both data and the business processes that rely on that data. To do so we need to move from a reactive fear (or compliance) driven mode to a proactive risk-adjusted data security plan, centered on an analysis of an organization’s unique data risk factors and the use of a risk-adjusted methodology to determine the appropriate data-protection processes, policies and solutions for that organization.

End-to-end encryption

There are different definitions of end-to-end encryption. To some people it means encrypting data throughout its entire lifecycle, from capture to disposal. This sort of end-to-end encryption (or tokenization) does provide the strongest protection of individual data fields.

Another way to think about end-to-end, and a very practical approach to data protection, is to provide end-to-end encryption between specific parts of a solution that are in high risk areas. This approach can be applied within an enterprise or between organizations. In the latter case a supporting infrastructure that includes functions to establish trust and key management can take a long time to implement. Encryption can only provide confidentiality and integrity and must always be combined with other aspects of security, including authentication, authorization and monitoring to provide a secure overall solution. While I am a strong proponent of end-to-end encryption, not every bit of data needs to be encrypted throughout its lifecycle. The sensible approach to adopt is a risk-adjusted methodology that protects data according to its value with the appropriate layers of security.

The risk level of the data collected, used and stored in the enterprise

…

Malware trends

…

Enterprise data protection

Businesses can look at enterprise-class end-to-end encryption solutions along with newer approaches — such as tokenization, Format Controlling Encryption, and Database Activity Monitoring.

Tokenization

…

Read the full post

Source: truthtellers

Bowing to massive protest and demand for hate bill hearings, Senate leadership has abandoned, at least for now, attempts to fast forward the federal hate bill to vote in the Senate as an amendment.  A hearing in the Senate Judiciary Committee is scheduled for 10 a.m. EDT, Thursday, June 25.  Atty. Gen. Eric Holder, who recently came out strongly in favor of the hate bill, is the only witness yet listed at the SJC’s website (http://judiciary.senate.gov/).

This is exactly where we want the pro-hate bill Judiciary Democrats — forced to answer whether they, like House Judiciary Democrats, will refuse to exclude pedophiles from special protection under the hate bill.

Conservative leadership groups should immediately submit a list of expert witnesses, like Robert L. Knight, to the Senate Judiciary Committee.

But will Senate Judiciary Republicans put up the same fight their House counterparts did seven weeks ago?  They have a dismal record of almost no vocal opposition to the hate bill during final passage by the Senate in the previous Congress.  Only Sen. Orrin Hatch really put up a vehement and systematic protest. (See, Hate Bill Manipulators Should Come Clean)

It is vital that you call Judiciary Republicans NOW (names available HERE at www.truthtellers.org).   Call toll-free 1-877-851-6437 or toll 1-202-225-3121.   Ask the staffer to relay this message to the Senator: “Please vigorously oppose the hate crimes bill in Judiciary hearings next Thursday.  Demand an amendment excluding pedophiles from special protection.”

Call Judiciary Democrats and all members of the Senate (also on the Action Page at www.truthtellers.org).  Ask them not to vote for the pedophile-protecting hate bill.  S. 909 is still extremely dangerous legislation, and Judiciary Chairman Patrick Leahy will undoubtedly conduct the same “kangaroo court” hearings Conyers did in the House, ramrodding the hate bill through while giving the illusion of due process.  Democrats might also propose their own sham amendment, seeming to ban pedophiles but actually not. (See, Democrats Fear Hate Bill Hearings)  Demands must go NOW to the entire Senate for a “no” vote on the hate bill if rapidly sent to the floor for a vote after next week’s hearing.