Posts Tagged ‘Security’

Important security settings on Facebook

October 29, 2013 Leave a comment

Information security is important. Remember that: Without security there is no privacy!Today, E-Crime Expert presents several security measures Facebook has in place for securing your private data and account.

1. Change your password (Frequently)

i. Log on your Facebook Account, go to (click) “Settings” (1)and then click on “Account settings” (2) from the fold down menu(Fig.1).

Fig. 1


ii. Go to and select the “General Settings” menu on the left and then click on the “Edit” tab from the Password field (on the right side of the page). See Fig.2.

Fig. 2


iii. Now, you have to follow the three steps bellow:
-type your current password (for security reasons);
-type your new password (check this blog post here on how to have a strong password);
-type your new password again.
Click “Change password” and your password will be changed. (Fig.3).



iv. In order to be sure your password is effectively changed on all your devices, select the “Log me out of other devices” box, click on the “Submit” button from the displayed message that appears after you changed your password. That will enable you to sign out from all the devices you are automaticaley logged on. In this way, once you use them again, you will be prompted to type your new password. This is an extra security measure which enables you to protect your information if one of your devices got lost or stollen or when it is shared with other people (Fig. 4).

Fig. 4.


2. Check your active sessions

i. You can also check from where you logged on your account lately.
Click on the “Security settings” tab (see pictures above for how to get there) on the left and then go to the right-bottom of the page and select “Edit” from the “Active sessions” menu (Fig.5)



ii. Now, you can check from where you are logged on during the current session (top of the page) and also, you can check bellow from where you were logged on in your previous sessions.
*Note: if you notice that you appeared logged on from countries you never been or you have not been lately or from devices you do not use that means someone else logged on your account without authorization (Fig.6).
**If you notice any unfamiliar devices or locations, click ‘End Activity’ to end the session and automatically log out someone who’s using your account fraudulently.
Change your password immediately as explained under section 1 of this Blog post!



3. Secure browsing.

i. Go to “Security settings“, as explained above, find the “Login Notifications” menu and click “Edit“. (Fig.7)



ii. Then you can select either “Email” or “Text message“. Or you can always select both! Click “Save changes“.
This will enable you to be notified via email or text message when your Facebook account is accessed from a device that you do not recognize (Fig.8).



iii. Furthermore, you could set up a Log in approval used when login into your account from unknown devices.
Go to “Security settings” (see above) and from there to “Login approvals” (bellow to “Login Notifications”). Click “Edit” and then select the box that reads: “Require a security code to access my account from unknown browsers“. Don’t forget to click “Save changes“. Now you are set for receiving notifications or be prompted a code (that will be delivered via your email or text message as a one-time token) before logging into your Facebook account, from unknown devices (Fig.9).
In order to learn what an unknown or unrecognized device means, keep reading this post bellow.



4. Recognized devices.

You can always set up the devices of your choice when using Facebook.
Go to “Security Settings” (as explained above), click “Edit” on the “Recognized Devices” menu and see which your recognized devices are. Devices will be assigned to your account as recognized when you will first time log on your Facebook account (using a new password) from a certain device (You will be prompted with a message whether you would like to save a certain devices as a recognized device or not). Be careful; do not select as a “Recognized Devices” a computer from school, work, public library or hotel. For this reason and in order to check which are your recognized devices check that menu and see if the devices listed there are the one you trust. If not, you just simply click “Remove” on the right side of a particular device (for example when there is listed a device you used once in a library).
Don’t forget to click “Save changes” as usually (Fig.10).



5. Trusted friends

i. To get set up, visit your “Security Settings” (as explained above), where you can select three to five friends to be your trusted contacts.
Find “Trusted contacts” and click on “Edit” and then on “Chose trusted contacts“(Fig. 11).



ii. Type the names of 3-5 of your trusted friends. You can select them one by one.
Don’t forget to click “Confirm” (Fig.12).

To select good trusted contacts:

– Choose people you trust, like friends you’d give a spare key to your house.
– Choose people you can reach without using Facebook, ideally over the phone or in person, since you’ll need to contact them when you can’t log in.
– Choose more people to help you. The more friends you choose, the more people who can help you when you need it.



iii. As a security measures you’ll be prompted to introduce your account password (even if you are already logged on). Click “Submit” after you are done ( Fig. 13).

Fig. 13


iv. Immediately after, your trusted friends will appear under “Trusted Contacts“. You can now use them all, remove one or all if not pleased with your choice (Fig.14).



v. In order to make sure you are the one who made the selection of your trusted friends, Facebook sends you a message (check your mailbox linked to your Facebook account) confirming you added trusted friends (Fig.15).

If you did not do it, then someone most likely hacked into your account. Change your password immediately!



vi. Using Trusted Contacts

Once you’ve set up your trusted contacts, if you ever have trouble logging in, you’ll have your trusted contacts as an option to help. You just need to call your trusted contacts and let them know you need their help to regain access to your account. Each of them can get a security code for you with instructions on how to help you. Once you get three security codes from your trusted contacts, you can enter them into Facebook to recover your account.

With trusted contacts, there’s no need to worry about remembering the answer to your security question or filling out long web forms to prove who you are. You can recover your account with help from your friends.

***Note: If you have set up your secure browsing, login notifications and chose your recognized devices and you receive an email from Facebook notifying you that someone tried to log on your account on X day from Y location using Z device (and none of those are related to you), then Change your password immediately (as explained under section 1 of this Blog post), because definitely someone tried or succeeded to fraudulently log into your account! (See example in Fig.16).



Any questions can be submitted to:
Additional information can be found at:
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog


18 Blogs with Techniques for Preventing Identity Theft

April 30, 2013 3 comments

Our concern for privacy and information security aims to cover most of our daily life areas from IT, Social Networking Services, Online Commerce, to children or why not nannies.

For this reason, E-Crime Expert is glad to have as a guest today. is the most comprehensive guide for nannies seeking advice, support and information. It helps gaining resource for nannies, nanny employers and those interested in in-home childcare on the web. You can check out their website here.

The blog post bellow is provided by

“Identity theft has become an increasing problem as our world shifts to being more online and mobile.  Many people feel like there is no way to keep their information safe should someone want to steal it.  Is this the case, or are there things that you can do to make your information harder to steal?  These 18 blog entries touch on what you can do to protect your identity online, at work and when you are out and about living your life.  The press is doing an admirable job of bringing scams to light so that the public can be better informed and thus better able to protect sensitive information.  To learn what you need to know to keep your personal information safe, keep reading.


With more and more people shopping and banking online, keeping your information safe from thieves becomes both more important and more difficult.  Avoid common or easy to guess passwords, as many times you are making the thief’s job easier.  For more online safety tips, take a look at these six blog posts.

At Work

While your employer likely has their own security measures in place, you still need to make sure that you are keeping your personal information safe from hackers or other co-workers.  When you go to a meeting make sure that your desk and computer are locked.  Don’t get your personal e-mail on your work computer, as that information can stay in that computer, even if you delete it.  To learn more important safeguards, read these six blog articles.

Out and About

If you pay for your gas and other snacks with a credit card that you can tap and go, you may want to stop using it.  While it’s a convenient way to pay for things, it’s also an easy way for a thief to pick up the credit card number at the same time.  When you are out for dinner and you pay the bill by sending your credit card with the waiter, you may want to keep an eye on him.  Specialized equipment designed to steal credit card numbers in a hurry have been found in various restaurants.  Check out these six blog articles and learn more about identity theft scams going on today and how to avoid becoming a victim.

To read the original Article click here.

If you have any question you could contact:

Additional information can be found at:

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

E-Crime Expert’s contribution to:”Responding to a Data Breach”

E-Crime Expert is glad to feature a new  blog post on Data Breach Response Plan, provided by iPost. If you would like to find out more about iPost click here.

According to iPost: “Whether you are in healthcare, the financial industry or you run an independent business, you should have a data breach response plan. It is foolhardy to think that a data breach isn’t going to happen to you. It isn’t a matter of if, it is a matter of when. Is it an emergency? You better treat it like one”.

In order to read this interesting Article and to find out some solutions for responding to a Data Breach, please visit the original Blog Post here.

Bellow, is E-Crime Expert’s contribution and suggestions on how to prevent and facilitate a quicker Response to a Data Breach:

Cyber-security expert and consultant Dan Manolescu has some more suggestions“:

The organization could have a privacy/security policy in place which addresses potential privacy and security issues; establish risk mitigation practices and ensures standard and uniform action within the organization with regards to preventing, dealing/handling and providing review/feedback on privacy, security issues. Also, this privacy, security policy should state clearly the legal obligation with regards to protection of personal data of individuals.

Buy/develop a scanning software that scans all the incoming and outgoing messages within that organizations, programmed on different but specific keywords, such as security, alert, virus, scam, etc, in order to flag those messages containing those specific keywords, regardless of whether they are sent to inbox, trash or spam folder. This action could be done automatically without needing to provide access to any human operated action to the content of the message itself. Privacy/security audit trails could be also put in place. I will suggest that this practice should be notified to the employees along with the “computer and electronic usage” policy within that organization.

Other than that, providing periodical training to staff and management on these issues definitely helps to properly identify and handle these messages which could be important for an organization.

If you have any question you could contact:

Additional information can be found at:

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Bitcoin-The Virtual Currency

April 4, 2013 2 comments

Today, E-Crime Expert briefly explains what Bitcoin is.

This Blog post does not intend to make any advertising, encourage nor discourage people investing in Bitcoin. It is purely descriptive and provides our readers with the basic information on Bitcoin.

I. Characteristics:

Bitcoin is a decentralized digital currency based on an open-source, peer-to-peer internet protocol. It was introduced by a pseudonymous developer named Satoshi Nakamoto in 2009.

– can be exchanged through a computer or smartphone locally or internationally without an intermediate financial institution.

– in trade, one bitcoin is subdivided into 100 million smaller units called satoshis, defined by eight decimal points.

– It is not managed like typical currencies: it has no central bank or central organization. Instead, it relies on an internet-based peer-to-peer network. The money supply is automated and given to servers or “bitcoin miners” that confirm bitcoin transactions as they add them to a decentralized and archived transaction log approximately every 10 minutes (Fig. 1).

Fig. 1

II. Transactional model:

Bitcoin is the most widely used alternative currency and accepted by various merchants and services internationally. As of March 2013, the monetary base of bitcoin is valued at over $1 billion USD.
Each 10-minute portion or “block” of the transaction log (as time spent) has an assigned money supply that is awarded to the miners once a “block” is confirmed.

10 minutes time spent=certain Bitcoin amount

The amount per block depends on how long the network has been running and how much in transaction fees has been paid. Currently, 25 new bitcoins are generated with every 10-minute block. This will be halved to 12.5 BTC during the year 2017 and halved continuously every 4 years after until a hard limit of 21 million bitcoins is reached during the year 2140.

In October of 2011, a bitcoin was trading at around $5. Today, by contrast, a single bitcoin is worth just north of $140-$150.

The network’s software confirms transactions when it records them in the transaction log or “blockchain” stored across the peer-to-peer network every 10-minutes. Confirmation of future transaction records makes the ones before it increasingly permanent. After six confirmed records or “blocks” (usually one hour-10 minutes x 6 block), a transaction is usually considered confirmed beyond reasonable doubt.

Initiators of a bitcoin transaction may voluntarily pay a transaction fee for the confirmation of these records. Any fees are collected by the operators of bitcoin servers — often called nodes or “bitcoin miners”.

However, transaction fees may not cover the cost of electrical power required to operate a bitcoin miner. As a result the network server operators often rely on “mined” bitcoins as their only significant revenue.

Basically, mining means that a X user gets Y amount of Bitcoins (in transactions fees) for facilitating the transaction while lending out his resources (Computer, usage electricity, etc). It could be done either individually or by joining a mining pool. There is software for doing this: Python OpenCL Bitcoin Miner (poclbm, graphical interface (GUI), etc (Fig. 2).

Fig. 2


III. Authentication/Security:

The transaction log is authenticated by end-users through hashed ECDSA digital signatures (similar to a username and password-you could read E-Crime Expert’s Blog Post here) and confirmed by intense calculations of varying difficulty, performed by dedicated servers called bitcoin miners.

Based on digital signatures, payments are made to bitcoin “addresses” or “public keys”: human-readable strings of numbers and letters around 33 characters in length, always beginning with the digit 1 or 3, as in the example of 175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W.

Users obtain new bitcoin addresses as necessary; these are stored in a wallet file with links to cryptographic passwords or “private keys” that enable access to and transfer of bitcoins. A file or “wallet” containing bitcoin addresses is usually encrypted with an additional password.

An online purchase is considered safer with bitcoin versus a credit or debit card, according to Denis G. Kelly, a leading identity theft and fraud prevention expert.

When using payment cards, you are required to include your account number and your billing address,” Kelly said. “With this information, identity thieves are off and running. Whereas with Bitcoin, their encryption renders it so that only the owner of the bitcoins can use them.” (Fig. 3).



IV. Privacy:

Because Bitcoin transactions are broadcast to the entire network, they are inherently public. Using external information, it is possible, though usually difficult, to associate Bitcoin identities with real-life identities. Unlike regular banking, which preserves customer privacy by keeping transaction records private, loose transactional privacy is accomplished in Bitcoin by using many unique addresses for every wallet, while at the same time publishing all transactions.

If you have any question you could contact:

Additional information can be found at:

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Have you seen your digital footprint lately?

January 28, 2013 Leave a comment

Today, E-Crime Expert is featuring a very ineteresting article on digital footprint, provided by the Internet Society. This Article also provides three interactive tutorials developed by the Internet Society to educate users about online identity.

We are the raw material of the new economy. Data about all of us is being prospected for, mined, refined, and traded…

  . . . and most of us don’t even know about it.

 Every time we go online, we add to a personal digital footprint that’s interconnected across multiple service providers, and enrich massive caches of personal data that identify us, whether we have explicitly authenticated or not.

 That may make you feel somewhat uneasy. It’s pretty hard to manage your digital footprint if you can’t even see it.

 Although none of us can control everything that’s known about us online, there are steps we can take to understand and regain some level of control over our online identities, and the Internet Society has developed three interactive tutorials to help educate and inform users who would like to find out more.

 We set out to answer some basic questions about personal data and privacy:

 1. Who’s interested in our online identity? From advertisers to corporations, our online footprint is what many sales driven companies say helps them make more informed decisions about not only the products and services they provide – but also who to target, when and why.

 2. What’s the real bargain we enter into when we sign up? The websites we visit may seem free – but there are always costs. More often than not, we pay by giving up information about ourselves – information that we have been encouraged to think has no value.

 3. What risk does this bargain involve? Often, the information in our digital footprint directly changes our online experience. This can range from the advertising we see right down to paying higher prices or being denied services altogether based on some piece of data about us that we may never even have seen. We need to improve our awareness of the risks associated with our digital footprint.

 4. The best thing we can do to protect our identity online is to learn more about it.

 The aim of the three tutorials is to help everyone learn more about how data about us is collected and used. They also suggest things you need to look out for in order to make informed choices about what you share and when.

 Each lasts about 5 minutes and will help empower all of us to not only about what we want to keep private, but also about what we want to share.

 After all, if we are the raw material others are mining to make money in the information economy, don’t we deserve a say in how it happens?

 Find out more about the Internet Society’s work on Privacy and Identity by visiting its website.

 * Robin Wilton oversees technical outreach for Identity and Privacy at the Internet Society.

If you have any question you could contact:


Privacy Impact Assessment (PIA)

January 2, 2013 2 comments

Happy New Year!

We are back with a fresh Article on Privacy Impact Assesment.

What is a Privacy Impact Assessment (PIA)?

Privacy Impact Assessment is a process to determine the impacts of a program, system, service, scheme, initiative, application, information system, policy or administrative practice, or database, called for the purpose of this article as “project,” on an individual’s privacy and the ways to mitigate or avoid any adverse effects (risks).

Conducting a PIA is a good business practice that should be considered in a similar way to financial, legal, operational, and IT practices prior to proceeding with a new project development.

This Article was written by Dan Manolescu. If interested, you could read the full Article published by InfoSec Institute here.

If you would like to find out more about InfoSec, you could visit this page here.

Dan Manolescu is now a frequent contributer for InfoSec Institute.

If you have any questions please contact us at:

Cybercrimes: Battling a New Kind of Home Intruder

December 18, 2012 1 comment

As technology it is not slowing down and cybercrime is on the rise — it is crucial that information on cybercrime and awareness is made more available for all people. For this reasons, E-Crime Expert is glad to welcome Home Security, as a guest and feature their valuable website and material bellow.


Home is a constantly developing comprehensive Home Security and Personal Security information resource.

The blog post below is provided by Home Security.

In the not-too-distant past, the threat of hacking was confined to PCs and laptops. Today, we rely on a proliferation of electronic devices for communication, directions and entertainment – all potential channels of information for hackers with malicious intent. Wi-Fi and Bluetooth technology, cell phones, Global Positioning Services (GPS), Internet-enabled TVs, tablets and wired cars are all susceptible to thieves trying to access critical personal information.

Cybercrime is on the rise, one of the most rapidly growing areas of prosecuted crime. Hackers may be computer geeks with malicious intent, identity thieves, spies, traders in illegal pornography or businesses attempting to disrupt competitor’s websites. The impact on society can be staggering, ranging from downed systems for vital infrastructure like hospitals or emergency response systems to financial cost. Brand damage is difficult to measure, and the cost to repair and prevent future damage from hackers annually runs into the billions.

What Kinds of Cybercrime Exist?

While it seems that hackers crack codes for every new device that hits the marketplace, there are some defined forms of cybercrime that have been deemed illegal by state and federal authorities.

  • Harassment: The most common form of cybercrime, the term harassment includes obscenities or insulting comments directed towards an individual or group of individuals, and may or may not be related to sexual orientation, religion, ethnicity or gender.
  • Offensive Content: Obscene and distasteful content on the Internet is not only something that children should not see; it is illegal in many countries.
  • Fraud: Internet fraud can take many forms, but it is most often in the guise of misrepresenting oneself and enticing a consumer to provide sensitive information. Fraud is usually financial in nature and is often related to identity theft. Technically, it is also fraudulent to use your neighbor’s Internet signal if you are not paying for it.
  • Trespassing: Hackers illegally gain access to individual hard drives and can remove or copy files, install software, view browsing history and access your passwords. Trespassing is often fraudulent; for example, a cloned website of a familiar vendor may request that readers click a link or download a file that allows access to a hard drive.
  • Drug Trafficking: Encrypted emails are used by drug traffickers around the world to share manufacturing formulas and arrange deals and delivery of illegal drugs.
  • Hardware Hijacking: Some peripheral externals, like printers, contain design flaws that allow them to automatically receive software updates via an Internet connection. Criminals can surreptitiously download damaging files to these devices.
  • Spam: Unsolicited e-mail is not only annoying; it is often used for phishing, a practice that deceives users into providing delicate data such as Social Security numbers, birthdates, passport identification numbers or credit card numbers. This information is used by identity thieves, or to access bank and credit card accounts. Spam often contains malicious bits of code that can permanently damage your computer. Some spammers practice spoofing, allowing them to use your email address to send the same code to everyone in your address book.
  • Information Warfare: Targeted at businesses and large, complex systems, information warfare aims to disable these systems. These cybercriminals either use malicious code or repeatedly hit the server from multiple computers at once, causing the target server to crash.
  • Malware: A very common source of disabled devices is malware, or malicious software. Malware files can be downloaded to your device without your consent, sometimes even without your knowledge. These files allow criminals to monitor your activities on your device or crash it permanently. Cell phones are particularly prone to malware due to their small screen size; it may be easy to miss a link or download notification on a cell phone.

Devices other than laptops and cellphones are at risk. In April 2012, Sony’s PlayStation Network was famously hacked, shutting down its network and releasing personal information for 100 million users. Internet TVs, designed to allow access to streaming content like Netflix and Pandora, open a window for hackers to not only access your television, but any computers that are linked to the same network. Cars that are wired for personal use, which are increasingly popular in new models, may provide criminals a pathway to your phone and all of the delicate information kept therein. Alarmingly, it was recently proven that medical devices such as insulin pumps for diabetics can be hacked and controlled by an outsider.

Smartphone apps, those useful and helpful tools we love, can offer opportunities for hacking. Home alarm systems that are controlled by apps may allow an evil-minded hacker to access your home’s security features without your knowledge. Many popular apps are based on GPS systems, which are often provided to third parties without your knowledge. The ubiquitous Bluetooth technology is not immune to exposure; hackers can spam your phone, access its contents or take it over completely via Bluetooth channels.

Are We Defenseless?

While consumers should be aware of the possibilities, there is no reason to panic. Developers are creating code that resists hacking attempts as fast as hackers come up with new tactics, and the U.S. government is watchful. The Department of Justice, the FBI and the Department of Homeland Security all have personnel dedicated to the eradication of cybercrime, and hackers are prosecuted with misdemeanor or felony charges.

There is much you can do to protect yourself from cybercrime. Your devices are programmable for varying levels of protection, and manufacturers of the products you use pre-install protection measures and offer upgrades to security when necessary. Take advantage of these tools and make the following security best practices part of your routine:

  1. Turn off your computer. It is common practice to leave computers on all the time, especially given our impatience with rebooting. Unfortunately, leaving a computer in “sleep mode” offers no more protection than your antivirus software provides, and today’s high-speed networks can allow a hacker to access your PC or laptop swiftly. A computer that is turned off cannot be hacked from an external source.
  2. Update your antivirus software. Companies who manufacture this software are constantly revising code to keep up with new threats, and many issue patches within hours of the appearance of a new worm or malware. Even Macs, once considered immune to viruses, have been infected. Consider bolstering your current software with additional protection. Set your software to receive updates automatically, and ensure that you have spyware protection.
  3. Update your operating system. Similar to antivirus software developers, the manufacturers of your operating system are constantly reacting to new cybercrime threats. Unfortunately, some viruses, worms and malware take the guise of a software update and trick users into downloads. Take the extra few minutes to learn exactly how your system will notify you of an official update, and follow directions when prompted. If you are unsure whether an update is legitimate, check your system user’s guide.
  4. Download wisely. Never open an attachment from someone you do not know, and be suspicious of email forwards with unexplained or confusing attachments. Many antivirus programs, such as Vipre, offer an email protection setting that can alert you to a suspicious attachment from a known user; both traditional corporate and free email clients like Gmail can benefit from this extra protection. When surfing the web, set your page security settings high so that you don’t inadvertently download malware; a strong antivirus program will warn you or prevent you from accessing sites that are dangerous.
  5. Always turn on your firewall. Most laptops and PCs are equipped with a firewall, a barrier to malicious elements that can be configured to a single computer or to a network. Firewalls are commonly pre-configured into the hardware of your computer and protect you from all incoming information. Check the system security on your laptop or PC to see that you have a firewall and that it is turned on. You may also download additional firewall protection. A router for a home wireless network connection provides an extra layer of protection; routers that are set to provide wireless connectivity to multiple devices in your home automatically discard any malicious incoming traffic that is not directed to a single IP address.
  6. Be aware when traveling internationally. Any devices that you travel with, including cell phones, are vulnerable. Exercise caution where free wi-fi is offered, such as in coffee shops and airports. When you access a wireless signal outside of your home’s firewall protection, you are more vulnerable. Take only the devices you need, and back them up before you travel. Consider deleting sensitive data for the duration of your trip and using completely different access passwords for your devices. The FCC offers additional tips for travelers with electronic devices.

Vigilance and awareness are the two best defenses you can provide. The world of cybercrime is fast-moving, and talented individuals with evil intent are attempting to break into new devices as fast as they are developed. However, staying aware of current events in cybercrime news and the updates you may need, as well as fully exploiting the crime prevention tools at your disposal, will keep your home and your data safe from intruders”.

More resources provided my Home Security could be found here.

Also, please check out their other sections on the same topic:

Any questions can be submitted to:

Additional information can be found at:

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

%d bloggers like this: