Archive

Posts Tagged ‘cyber-threats’

Did you get a New electronic device for Christmas?

January 6, 2012 Leave a comment

Happy New Year to everyone! Wish you all the best for this year, but most importantly, I wish you to be healthy and around your families! Also, stay safe!

Maybe for some of you Santa was kind enough and brought you new electronic devices such as a new laptop, desktop, iPad, tablet or smartphone. That sounds exciting, but have you thought what are you going to do with your old electronic device? Giving it away to charity? Selling it on a classified website, or giving it to a family member or friend? In any of these cases you should first be sure that you are not involuntarily sharring your private info and data. For this reason, E-Crime Expert presents again today some tips on how to remove this personal data from your old electronic device before being given away.

Please watch this video tutorial here:

More details are provided bellow:

A large volume of electronic data is stored on computer systems and electronic media. Much of this data consists of confidential and sensitive information, including patient records, financial data, personnel records, and research information.

If you are with a company or organization that accepts donations or properly dismantles computers, electronics, or hard drives, take them there.

If you have a computer or computer equipment that you believe is beyond repair or is too old to be useful take it to a dismantling centre.

Many computer manufacturers and computer hardware manufactures also have their own recycling or trade in programs. When you buy a new computer you could perhaps trade in the old one.

All computer systems, electronic devices and electronic media should be properly cleared of sensitive data and software before being transferred from you to another seller or dismantling centre.

Computer hard drives should be cleared by using software and then be physically destroyed. Non-rewritable media, such as CDs or non-usable hard drives, should be physically destroyed (ie. scratched, broken into pieces).

Try to destroy or dismantle you hard drive, external hard drive, printer, fax, cell phone, computer, camera, web camera, GPS, laptop because all these devices have internal memory where sensitive data is still stocked even if properly deleted manually or with a software.

When you sell an old laptop or PC, try first to “format” your device and reinstall the operating system- If you are not able to do this, at least try to DELETE:

  • All your photos, videos, music files, located on the following folders: Desktop or My Documents, My Music, My videos (Movies),
  • Archives
  • The folder that retrieves your Mail inbox on your computer
  • Recent documents folder
  • Downloads
  • Library folder
  • Data storage folder
  • Maildownloads folder
  • Info.plist document
  • Key chain, the folder that stores your passwords on a computer
  • Cookies folder
  • Calendar folder
  • Printer folder
  • Cache folder
  • Favorites folder
  • Logs folder
  • Web browser (Safari) folder
  • Sync Services folder used for cloud computing or to sync with other devices
  • Address book

Note: these folders are available on a MacBook Pro device (with Snow Leopard  OS), the order or name of the folders  may differ from computer to computer or from one operating system to another. But the principle is the same.

When you sell your used cellular phone try to do a “factory data reset” and all the information and personal settings will be removed. This is mandatory when you sell your used device.

Step 1: go to settings

Step 2: select SD&phone storage

Step 3: select Factory data reset

This should reset all your information on your phone.

Note: these folders are available on HTC Desire running on Android version 2.2. 

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used any of those methods? Are you thinking to use any of them? How do you dispose of your electronic devices and gadgets you no longer use?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Advertisements

Warning: Domain name personal data retrieval!

October 4, 2011 3 comments

This post is a special edition as this type of data vulnerabilities and scamming risks are significant.

The blog shows how sensitive personal data can be retrieved without authorization, in one of the easiest ways I personally experienced:

-Anyone can type in their browser: http://www.who.is/whois/

Next step: type in the search box a web address they know or find freely on the Internet such as: http://www.e-crimeexpert.com, then hit “enter”

Fig. 1

-After, from the bottom of the page, the link under “For complete domain details go to” can be easily copied and further use:

http://who.godaddy.com/whoischeck.aspx?Domain=E-CRIMEEXPERT.COM.

Fig. 2

-Once the link will be introduced in a web browser (copy and paste),  sensitive and complete personal data as shown bellow, will be made available:

Registration domain

Registrant’s  full name

Complete email address

Complete home address

Complete phone number

Registration date

Expiration date

Last update

Fig.3 

 

Indeed there is a “no data use” warning posted on the page, but personally I have doubts that this will stop anyone from using this data, (outlined in the red circle).

What someone can do with this data? A scam! Any kind of scam, but mostly it is preferred the domain registration one.

How it works:

A letter will be send on the name and to the address available on WHOIS website claiming to pay the registration fees for your domain name. The expiration date is indicated (it is real) and it is available on the website for anyone.

The same letter will ask the registrant to pay the registration fees for another two years and provide the credit card number and  credit card expiration date details.

Fig. 4

 

Fig.5

What would they do with it? The scammer will clone your card and buy products online or from offline stores (such as electronics, computers, jewelries) having the purpose of selling them for cash.

A website address may be a public domain but the registrant’s name, home address, email address, phone number should not be public at all!

To me not the scam itself it is the most concerning but the easiness how sensitive personal data is available to ANYONE on the world wide web !!!

There are never ending discussions about how policies should be like, how new SNS’s features should be like, but do those policies and features help effectively protect many users from privacy intrusion, unauthorized access of personal data, fraud and scams? I am not sure, but what I am sure about is that AWARENESS, EDUCATION, KNOWING which are the risks, and how could be defeated, can protect users from being victims of identity theft, privacy intrusion, financial frauds, access of personal data.

When registering a domain name, one can chose to keep the registration details private, but unfortunately the account comes with this settings set public by default, instead to be set private by default. How many users know about these risks and how to protect against them? In order to get the registration private, some steps should be done which it is not known by many users/registrants.

This post aims to emphasis one more time how vulnerable our private data is on the Internet.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Did you know this scam? Did you know how to retrieve such info? What do you think about the easiness of this method?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Video: How to protect your offline and online privacy

September 18, 2011 3 comments

As announced in yesterday’s post How to protect hard copy & electronic private dataE-Crime Expert is presenting the video tutorial: “How to protect your offline and online privacy“.

A proper protection of your private data and personal information (online or offline) could protect you against identity theft, scams, child pornography, financial frauds, privacy intrusion or cyberthreats.

 

The hard-copy of this presentation could be downloaded here.

Tomorrow, E-Crime Expert is presenting what a Data Protection Officer is, what are his/her duties, why he/she is useful in an organization, how he/she can help protect your business, clients, private information, intellectual property.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used any of those methods? Are you thinking to use any of them? How do you dispose of your paper mail, bank records? How do you dispose of your electronic devices and gadgets you no longer use? Do you have additional tips you would like to share?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

How to protect hard copy & electronic private data

September 17, 2011 7 comments

As announced on yesterday’s post (Privacy: online versus offline), E-Crime Expert is presenting today “How to protect hard copy & electronic private data“.

A proper protection of your private data and personal information (online or offline) could protect you against identity theft, scams, child pornography, financial frauds, privacy intrusion or cyberthreats.

1. Offline

Never assume that anyone is not interested in your paper garbage, letters, etc.

Contact your credit card companies, banks and utility companies and ask them to make your accounts “paperless.” You can retrieve and pay your bills online and won’t have to deal with so much potentially dangerous paperwork. Keep a logbook of your bills to review at least once a month because you won’t have the incoming mail to trigger your memory.

If you need to use bank statements on paper, bills, etc, then use a paper shredder device to destroy them after expired or no need (I suggest to keep them for at least 6 month before destruction).

If you don’t have a paper shredder device, then try to see if any of your friends/family members have one and ask regularly to use it.

Also, you could ask for permission to use the existing paper shredder device at your working place if any available.

If they also do not have a shredder, try to buy in common with your friends, family, neighbors one and share it.

If this does not work for you, then another option is to keep your bills and papers with sensitive information and go regularly to the library, a printing shop, or bank where they may have a shredder that you can use.

Another option for those living in a house with a fireplace or outdoor fire pit, is to burn them regularly in those places, but carefully and respecting the fire bans and rules in your area.

If a standard hand-style shredder is more affordable, buy one and use to shred your sensitive documents. Distribute the strips into more than one recycling bag.

Another option can be to tear/rip them in the smallest pieces you can, by using your hands or scissors and after put them in separated paper containers/bags at different periods of time,.

Destroy the important parts of your documents. If you don’t have a shredder, just destroy the parts that identify you personally. Use scissors or a hole punch to obliterate your name, account number and credit card number before you throw the document away. Take a close look at your credit card bills; some include your card number in as many as five places, including buried within code numbers across the top or bottom. Destroy your name and address, and the account number along the bottom, of any checks and bank deposit slips-especially those free checks sent by credit card companies.

You could also soak them in a can/recipient where you could also add bleach, then drain and dispose of pulp in the trash. This would be my last choice as I encourage recycling, which can be done with shredded paper as well, but not when using this method.

Attend free and public community shred events. Just bring your old personal documents and papers that should be shredded.

Take your box of personal documents directly to the municipal recycling center and put it in the large recycling hopper. This will immediately mix your documents in with several tons of other paper, and it minimizes the risk of the middleman sorting through your papers, etc. It is a lot harder for someone to break into the facility and rummage through a giant steel container packed densely to the top with paper than it is to go through a few garbage bags.

2. Online

A large volume of electronic data is stored on computer systems and electronic media. Much of this data consists of confidential and sensitive information, including patient records, financial data, personnel records, and research information.

If you are with a company or organization that accepts donations or properly dismantles computers, electronics, or hard drives, take them there.

If you have a computer or computer equipment that you believe is beyond repair or is too old to be useful take it to a dismantling centre.

Many computer manufacturers and computer hardware manufactures also have their own recycling or trade in programs. When you buy a new computer you could perhaps trade in the old one.

All computer systems, electronic devices and electronic media should be properly cleared of sensitive data and software before being transferred from you to another seller or dismantling centre.

Computer hard drives should be cleared by using software and then be physically destroyed. Non-rewritable media, such as CDs or non-usable hard drives, should be physically destroyed (ie. scratched, broken into pieces).

Try to destroy or dismantle you hard drive, external hard drive, printer, fax, cell phone, computer, camera, web camera, GPS, laptop because all these devices have internal memory where sensitive data is still stocked even if properly deleted manually or with a software.

When you sell an old laptop or PC, try first to “format” your device and reinstall the operating system- If you are not able to do this, at least try to DELETE:

  • All your photos, videos, music files, located on the following folders: Desktop or My Documents, My Music, My videos (Movies),
  • Archives
  • The folder that retrieves your Mail inbox on your computer
  • Recent documents folder
  • Downloads
  • Library folder
  • Data storage folder
  • Maildownloads folder
  • Info.plist document
  • Key chain, the folder that stores your passwords on a computer
  • Cookies folder
  • Calendar folder
  • Printer folder
  • Cache folder
  • Favorites folder
  • Logs folder
  • Web browser (Safari) folder
  • Sync Services folder used for cloud computing or to sync with other devices
  • Address book

Note: these folders are available on a MacBook Pro device (with Snow Leopard  OS), the order or name of the folders  may differ from computer to computer or from one operating system to another. But the principle is the same.

When you sell your used cellular phone try to do a “factory data reset” and all the information and personal settings will be removed. This is mandatory when you sell your used device.

Step 1: go to settings

Step 2: select SD&phone storage

Step 3: select Factory data reset

This should reset all your information on your phone.

Note: these folders are available on HTC Desire running on Android version 2.2. 

Tomorrow, E-Crime Expert is presenting the video tutorial: “How to protect hard copy & electronic private data“.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used any of those methods? Are you thinking to use any of them? How do you dispose of your paper mail, bank records? How do you dispose of your electronic devices and gadgets you no longer use?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Creating a strong password video tutorial

September 5, 2011 13 comments

For the past few days, by E-Crime Expert presented a series of posts that is summarizing the Cybersecurity in Europe” Workshop. You could read the first blog post here, the second post here, the third one here and the fourth one here. The First presenter in the series was CERT (Computer Emergency Response Team), followed by ENISA and, CERT Hungary and PricewaterhouseCoopers’s.

As requested by an increased number of readers of this Blog with regards to “Tips for a better, stronger password” post available here, E-Crime Expert presents to you today a new video tutorial on how to create a stronger password.

The video titled “Creating a strong password” is part of a series developed by E-Crime Expert, which aims to combat cybercrime and cyber-threats by offering advice and tutorials. Stronger passwords are important to better protect your online activities and personal data.

To download the presentation please click here.

Any questions can be submitted to:
 dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

What did you think about this video? Do you use a strong password, or an “easy-to-guess” one? Do you think these tips help you having a stronger password? Did you know any of these tips? Do you know other tips that you would like to share with us?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

“Cybersecurity in Europe” Workshop-Part 4

September 4, 2011 1 comment

E-Crime Expert started a series of posts that is summarizing the Cybersecurity in Europe” Workshop. You could read the first blog post here, the second post here and the third one here. The First presenter in the series was CERT (Computer Emergency Response Team), followed by ENISA and by CERT Hungary.

Today, E-Crime Expert offers the PricewaterhouseCoopers’s presentation: “The cyber Savvy CEOGetting to grips today’s growing cyber-threats”. This is the last presentation in the series.

 Specific particularities of the cyber domain:

-The cyber domain is a world of opportunity-yet media coverage of attacks has created a perception that is mainly characterized by threats and risks

-business and government must raise their game as cyber is different from the traditional physical world: it is an environment without barriers

-organizations need to reshape themselves, by adopting new structures, governance and roles that transforms their ability to manage cyber opportunities and threats.

Taxonomy of attacks:

I. Financial crime: this involved criminals, often highly organized and well-funded using technology as a tool to steal money and other assets

II. Espionage: theft of intellectual property is a persistent threat, and the victims often do not even know it has happened

III. Warfare: this may involve states attacking private sector organizations and especially the critical national infrastructure

IV. Terrorism: this overlaps with warfare but attacks are undertaken by terrorist groups, again attacking either state or private assets

V. Activism: this overlaps with other categories, but the attacks are undertaken by proponents of an idealistic cause.

Same key barriers to effective cyber security:

-the people engaged in securing cyberspace face the challenge of continuing to raise their game faster that attackers

-cyber security is still pigeon-holed as an IT issue, creating a communications gap between managers in the business and the security team

-traditional organizational structures tend to be too slow and rigid to enable the speed and flexibility of response needed in the cyber world.

The presentation given by PricewaterhouseCoopers identifies that processes and people are overlooked components when developing approaches to cyber security. There will be a reversion to technology driven by increases in the volume of data, speed of processing and communication technology, and the emergence of more complex threats.  All these may lead to:

1)    Infrastructure revolution

2)    Data explosion

3)    An always-on, always connected world

4)    Future finance (online) models

5)    Tougher Regulations and Standards

6)    Multiple Internets

7)    New identity and trust models

The PricewaterhouseCoopers’s presentation explains five steps that help to become a cyber-ready organization:

1)    Clarify roles and responsibilities at the ‘C-Suite’ (may require the creation of new roles at boardroom level)

2)    Achieve 360 degrees situational awareness (gaining a clear understanding of the scope and scale of the organization’s evolving risks and opportunities)

3)    Create a cyber response team which cuts across the organization (they should create a cyber response team to ensure information, intelligence and decisions can flow quickly)

4)    Nurture and share skills (investment in skills for the cyber world)

5)    Take an active and transparent stance (by adopting a more active stance towards attackers)

To find more about PricewaterhouseCoopers, click here.

Any questions can be submitted to:
dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

How do you find these predictions? How do you find the advice given for organizations Has your country participated in such an exercise? How do you find the future of the internet(s)?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog. The blog post is the final part of the Cybersecurity in Europe Workshop series summarized by E-Crime Expert.

*Many thanks and credits for their wonderful presentations, are given to:

CERT. Visit: http://www.enisa.europa.eu/act/cert

ENISA. Visit: http://www.enisa.europa.eu/

CERT Hungary. Visit: http://www.cert-hungary.hu/en

The PricewaterhouseCoopers. Visit http://www.pwc.com/

 

“Cybersecurity in Europe” Workshop-Part 3

September 3, 2011 1 comment

E-Crime Expert started a series of posts that is summarizing the Cybersecurity in Europe” Workshop. You could read the first blog post here, the second post here. The first presenter in the series was CERT (Computer Emergency Response Team), followed by ENISA.

Today, E-Crime Expert offers the CERT-Hungary’s presentation: “Network and Infrastructure Security Threats and Prevention”.

CERT Hungary identified the following current and potential threats:

-dependence concurrently with the evolution of dangers: organized crime, asymmetric warfare

-defacement of public websites

-intrusion into public registers

-monitoring government communications

-publishing sensitive data

-hacking critical information infrastructures (electricity exchanges, power plants, money transfer systems).

Enabling factors and circumstances:

Insufficient or lack of:

-preparedness

-early warning

-manpower

-coordination

-communication with internal partners

-media work

Responses to mitigate risks:

-Government support (national strategy, uniform regulations, responsible high level officials, financial means)

-crisis management plan

-early warning systems

-National Cyber Security Centre

-National coordination body (private sector, policy makers, law enforcement, CERTs)

-National Certification scheme (products, services, organizations)

-involvement of international community (Forum of Incident Response Team)

-communication plan, awareness raising, education

-regular exercises.

The lesson learnt from the first Pan-European exercise: the Hungarian perspective:

-communication check exercise with a complex scenario

-thorough preparation, ENISA’s pivotal role

-good teamwork of Member States

-need for a Standard Operation Procedure

-need for a EU wide “phone book”

-need for stabile national Point of Contact(s)

-involvement of more Member States and private sector

-going beyond communication check level

-integration of national exercise

-EU sectoral exercise: EU banking working group.

Role of national CERTs in the development of  a European cyber incident contingency plan:

-national CERTs as a national Point of Contacts

-co-operation with private sector players

-bottom-up scenario writing

-doing the manual work

-test beds for complex exercises

-follow-up activities (leasson learnt, refinement of Standard Organization Procedures, proposal for policy making

-involvement of European Governmental CERT Group.

To find more about CERT Hungary click here.

Any questions can be submitted to:
dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

These types of transnational joint efforts make you feel more secure? Has your country participated in such an exercise? What do you think about CERT Hungary?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog. The following posts will be part of the Cybersecurity in Europe Workshop series summarized by E-Crime Expert.

%d bloggers like this: