Defense Against Crime

12/10/2017

Cyber Security Tips and Tricks


cyber-security-month-oct-2017

Unless you have been living in a cave, you should know by now that the credit reporting firm Equifax was hacked and your personal data may have been stolen.  First, let me rant this.  At no time that I am aware of did I give Equifax, Transunion, or Experian permission, or contract with, to collect or control my credit or personal information. Did you?  Who did? What gave them this ability and why was it never challenged?  I think this in and of itself should be grounds for a law suit. I think that anyone who wants to have credit has to sign a contract to have these services.  Now the really, really sad point, with all these warning that other firms and entities have been hacked in the recent past like Yahoo (more than once),Target, Ashley Madison, Ebay, Home Depot, Sony Pictures and others Equifax should have done its due diligence to make sure they were secure.  They didn’t.  They were also warned months ago that they had a security weakness in their system. Still they did nothing. End of rant.

As hacks, data breaches, and other cyber-enabled crime become increasingly commonplace, this year’s incidents is an important reminder of the need to take steps to protect yourself and your family when using the Internet. When these breaches happen, there is very little you can do once data is breached, there are a few things you can so to limit your access to your personal information. However, companies like Equifax has all the information a person needs to open credit, get a loan, buy a timeshare, etc. using your identities.

Since October is National Cybersecurity Security Awareness Month brings to light what you already know – cruising the internet and filling out web forms can be harmful if you don’t follow best security practices. The good news is you don’t need to be a cybersecurity professional to employ smart online safety habits that can go a long way in guarding against online crime.

Cybersecurity best practices make up an expansive list of things to do, but for the individual user, the few tips below will be the ultimate steps you can take to protect your data.

How can you protect yourself?

  • Limit the amount of real information you have on your social media profile. Do you have your real birth year on your profile? What about the real town where you live? How about all the schools that you went to.  Are you providing all the information for someone to fake, being you?   What will happen when those databases are hacked…the thieves will have this information, and you provided it. Personally, I have two Social Media IDs real one and a fake one.
  • In general, be cautious with social media networking. Don’t post pictures or texts that reveal any personal information like home addresses, phone numbers, birth dates, or places you and your family regularly attend, such as schools or recreational complexes.I saw a demo where a cop was able to track a girl just from her photos. She was a cheerleader, and posted a pic.  So, he knew where she was going to school Other info she posted led him to her front door. Just as a lesson on how much information she was giving away. Someone with ill intent could use that information to harm you or your children. Don’t use the check-in feature on Facebook or the like. You don’t know who is getting that info, or are you really sure their security is working. (So did all those companies that were hacked).  When in doubt, remove it. Never accept connections from people you don’t know, and be sure you have your profile set to private so only those you trust can see your information.  See tip #1
  • Did I mention securing your Social Media, banking and other internet logins with two factor authentications? (There are articles on this blog about how to do this!)
  • Now is the time to purchase Identity theft insurance. Please note I said insurance, not a monitoring service. When South Carolina had a data breach. The state gave the people who filed state income taxes free credit monitoring. All a monitoring service does not prevent identity theft, and can only alert you of suspicious activity. If your identity is stolen, it is up to you to fix it, which can take hours, and hours, and hours.  A good identity theft insurance policy assigns someone to fix the issue for you.  This is the feature you need to shop for.

 

  • Think of download ‘free software’ or ‘free versions of expensive software’ like having sex with a prostitute. You may end up picking up something that can cause your computer great harm. So don’t do it. Even some web videos can contain viruses… you’ve been warned.

 

  • If you happen to find a USB Drive on the ground, DO NOT STICK IT IN your home or work computer. This is a common method that hackers use to upload a virus to systems that either allow them to secretly install spyware, or viruses.

 

  • Consider encrypting your computer. Recent versions of Microsoft Windows provide support for Bitlocker, a program that comes with Windows that will encrypt everything on your hard drive. You could also use third party encryption products. If your computer becomes lost or stolen, encryption can prevent prying eyes from seeing and using your personal data.

 

  • Worse than stolen data is unusable data. Aside from data breaches, we have also seen the rapid spread of hi-jacked data through the use of ransom-ware. You are wise to back up your data on a non-networked device. Also know that any data you have on connected cloud drives are also vulnerable. So be sure to discount these when you are not using them
  • Take time to learn about the IC3 (www.ic3.gov)—and use it if you’re ever an id theft or internet crime or internet scam victim. The Internet Crime Complaint Center (IC3) is a reliable and convenient reporting mechanism for citizens to submit complaints about Internet crime and scams to the FBI. The IC3 uses the information from public complaints to refer cases to the appropriate law enforcement agencies and identify trends
    .
  • Practice good cyber hygiene. This is the establishment and maintenance of an individual’s online safety. It encapsulates the daily routines, occasional checks and general behaviors required to maintain a user’s online “health” (security). This task entails A person knowing how select and maintain high quality passwords, install and maintain security software on the digital devices, keep their virus definitions up-to-date, run regular security scans on their digital devices, adhere to cyber security policies, protect their personal data, and avoid potential sources of infection. This is included at work and at home on all your connected devices.
  • Use computer/electronic protection products. A comprehensive host-based security suite provides support for anti-virus, anti-phishing, anti-malware, safe browsing, Host-based Intrusion Prevention System (HIPS), and firewall capabilities. These services provide a layered defense against most common threats, and you can enable the automated updates to keep software up-to-date. Think of it as adding a security guard, guard dogs, and electric fence around your residence.

 

  • Keep ALL application software updated. Since many software programs don’t have an automated update feature, attackers frequently target those programs to gain unauthorized access to a computer. Several software products will let you know what applications installed on your PC are vulnerable to attack and need to be updated. It would be wise to Install an automated software update monitoring manager such as Secunia Personal Software Inspector, FileHippo App Manager, ManageEngine or others.
  • Know the risks of the Internet of Things (IOT). Cyber security goes beyond your computer, digital devices and cell phone. Many homes are now filled with Internet-connected devices, such as home security systems, connected baby monitors, smart appliances, personal assistants (Echo, Google Home, etc) and Internet-connected medical devices. All of these devices present opportunities for hackers to spy on you and get your personal information. Using strong passwords and purchasing IOT devices from companies with a good security track record are just a few of the things you can do to protect your family and home.Keep an inventory of anything in your home that connects to the Internet. This includes video gaming systems, smart televisions, programmable thermostats, tablet, smart appliances and video security cameras, electronic locks. These devices are vulnerable to attack due to their limited ability to update their software. If a vulnerability is found in the software, there could be no way to update it to a safer version. Always change the default passwords for these devices. When possible, segment them from your home and work networks, and unplug them when they aren’t in use. Review and learn their various privacy configurations, and set them to the highest possible privacy setting. After all, do you want to have your home hacked?

 

  • Update your operating system in a timely fashion. This would be within a year of being released. If you are using MS Office, also keep that updated.  If you’re using Windows, bite the bullet and upgrade to the latest edition for the latest security preventions. For example, Windows 10 Home can push to your PC patches immediately upon their release. Microsoft Office 2016 can block macros from loading in certain high-risk scenarios. Macros are a set of commands intended to automate specific functions, and are often used by attackers to run malicious software on a victim’s computer. Make sure you either use auto update, or apply updates on a regular schedule.

 

  • If you are an Apple person, it is wise to create two accounts for your Mac. The first account created when configuring a Mac for the first time is the local administrator account. You should also create a non-privileged “user” account and use it for the majority of activities on your computer. Your administrator account should only be used to install updates or software, or to reconfigure the computer as needed. Browsing the web or reading email as an administrator provides a path for an attacker to gain unauthorized access to your computer.

 

  • Never ever ever ever  tamper with your smartphone base config. This is often referred t to as “jailbreaking” or “rooting” your devices. Those terms refer to hacking the software on your phone or tablet. Users sometimes hack the software on the phone to allow it to do something it was not originally intended by the manufacturer. Hacking the software can cause vulnerabilities and can void the phone warranty and open you up to bigger issues. Word you remove the lock from your house to allow easy access?

 

  • If you are a regular reader of this blog, you are aware of some of the type of Exercise caution when opening emails. Beware of emails with attachments or links urging immediate action, especially those purportedly from a delivery service or bank. Some malicious emails seem to come from popular businesses, but the attachments or links in them may surreptitiously download malware. When you open any email, even one from a friend, be cautious about clicking on any links or attachments. If your friend’s email account has been hacked, you could easily receive an email that purportedly comes from your friend, when in reality, it comes from the attacker.

 

  • Be careful when using FREE Wi-Fi hotspots. Free public Wi-Fi may cost you. When you connect to Wi-Fi, your communications may not be private unless you’re using a Virtual Private Network. A VPN allows you to send and receive data across a public network as if you were actually on a private network, so anyone intruding on the Wi-Fi connection cannot see or capture your data or login credentials. Attackers often set up “open” Wi-Fi access points with names similar to the name of the establishment. This fools users into using the attackers’ “open” network, allowing them to capture your keystrokes and spy on your communication. For example, at O’Hare Airport, there could be a fake network called Chicago Airport and an authentic network called OHare-Public. If there are no signs telling you the name and password of the authentic network, you won’t know unless you ask.

 

  • Be vigilant regarding common fraud and theft tactics. Look for credit/debit card skimmers at gas pumps and ATM machines. Usually hidden, skimmers are small devices that can scan and store data from the magnetic strips on the back of credit and debit cards. Pull on the card reader to be sure it is part of the permanent fixture. If it is movable, report it to an attendant and don’t use it.Scammers often attach what looks like a genuine piece of the machine over the top of the slot where you insert your card. That piece copies your card number. On ATM machines, in addition to installing skimmers, thieves often install a tiny spy camera that records a digital video of you typing in your PIN. Use a magazine, or at least your hand, to hide your PIN from prying eyes. Jiggle the part of the machine where you insert your card to see if it comes loose. If it does, don’t use the machine.

    Beware that some new cards with RFID can easily be read by someone with an RDIF reader walking next to you.

 

  • Use Bluetooth sparingly. Although Bluetooth is useful for connecting headsets, hands-free speakerphones, and speakers to your cellular phone, it can also be a hidden door for unwanted devices and malware. If possible please, keep your Bluetooth disabled until you need to connect to a device.

 

  • Backup your data. Backup your data regularly with an offline device. If you become a victim of ransomware and you only have a cloud-based backup service, your files in the cloud will also become encrypted. This includes Dropbox, Google Drive, Microsoft One Drive, Apple Drive and many others.

 

  • Oversee your children’s computer usage. Children should use a computer in a common area of the home so parents can ensure their children aren’t communicating with people or sites that could cause harm. Many different devices have internet connectivity, so monitor children using cell phones, tablets, e-readers, gaming devices and laptops. Know all the passwords for your children’s devices in case your child becomes endangered by someone online and authorities need to conduct an investigation into your child’s online communication. Know your children’s social networking connections and the people they play online games with. Keep computer webcams covered with painter’s tape or a sticky note when they aren’t being used to communicate with family members and friends. Attackers who have access to your computer can remotely turn the cameras on without a user’s knowledge. Regularly talk to you children about online safety, but keep the tone informal.

 

 

Internet thieves are becoming more and more clever, and it is difficult to know all the latest and greatest hacks, and trips. But if you just stick with the basics and treat your computer like a living entity you should be relatively safe.
PepperEyes.com Self-Defense Products is dedicated to providing you with the best and most affordable self-defense products, survival and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high-quality discount self-defense products. Survival kits and arm yourself with the knowledge about self-defense and security products and information of the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option.

 

Advertisements

27/01/2015

I Hate Customers Like These


Last week PepperEyes.com received a large order from a customer in Florida for a our Nap Alarms (http://www.peppereyes.com/swnapz). This in and of itself is not unusual. It is one of our popular items that we tend to get lots of bulk orders for.  We cleared the transaction even thou PayPal said it was a NO-US email.  Again, nothing really unusual. Generally scamwhen orders come in during the evening they are sent to the warehouse the next day. The database will flag this as a ‘NEW ORDER’. The warehouse usually takes 1-2 to process orders as they have lots of them to process.  during this time the order status is changed to ‘IN PROCESS’  Once the order is processed and shipped, we then update the status to ‘COMPLETE’ and the tracking info is entered into the database. This information is related to the customer on the e-mail receipt that they receive once their order is placed.  The receipt also informs the customer that they can check their order status at any time by simply typing their order number in the order tracking page that is provided to them.

Two days after the order was placed the client started bombarding me with e-mails wanting to know the status of their order. Our customer service representative kindly responded telling the client how they could track their order. In one e-mail provided their Fedex Tracking number etc. When we attempted to call the client using the phone number they provided,we found the number didn’t work.  (597 Area code..which isn’t US)

The next thing we knew they filed a complaint on paypal (on the day after they received the order), they didn’t receive their order, and we didn’t respond to their e-mail. So PayPal immediately reverse the put a hold on the payment.  While this isn’t the first time this has happened, an in the past it was just frustration of holiday mail going to Puerto Rico.  So we gathered our evidence, the string of e-mails that we received, and our responses, along with the FedEx Tracking information, including the info from their site showing proof of delivery.  Now we have to wait up to 30 days for PayPal can make a decision.

We are looking at our policies to see what changes we need to make.

We are constantly making changes to our policies to safeguard us against scams, and paypal is good, but often slow with protecting on-line sellers.

So I ask you…what would you have done differently?

 

PepperEyes.com is also one of the leading on-line providers of a wide variety of specialty selected high quality, discount Pepper Sprays, discount Stun Guns, and other self-defense products, as well as Guardian Survival Gear. Protect yourself and family, your home, car, school, or your business with PepperEyes.com Self-Defense Products including, real and fake Security Cameras and Surveillance/Spy Gear, Alarm Systems, Hidden or Diversion Safes or other personal Protection Products. Our premium Streetwise products are one of the best on the market and many of them are made in the United Stated. Purchasing our Lab Certified Pepper Sprays or powerful Stun Guns allow you to deliver a powerful defensive “fight back” opportunity to escape imminent danger. We also sell Guardian Survival Gear to allow you and your family to hold out in an emergency or natural disaster.

06/11/2014

Pepper Spray Day Catches Students’ Eyes


pepper_sprayI saw this article from one of our clients about their Pepper Spray Day(http://capitalnews.vcu.edu/2013/04/03/pepper-spray-day-catches-students-eyes/)  We have been working with Virginia Common Wealth University for the past few years providing them some of out best Personal Alarms

There are a wide variety of personal alarms on the market. Choosing the correct one for you can sometimes be tricky. Read on for tips on how to make the right choice.

The point of a personal alarm –  The function e of a personal safety alarm is to shock and disorientate an attacker, giving you vital seconds to get away.

 Personal Alarms Important features 

  • The most important feature of an alarm is the sound it emits. If an attacker is to be shocked enough to pull away from you, this sound needs to be as loud and as shrill as possible.
  • It also needs to be different from those which are commonly heard. For example, if a personal alarm pulsates like many car alarms, the sound may not be as effective as it is not so shocking.  How many times have you ignored car alarms? The most effective sound is continuous and over 130 decibels (approximately 138db is ideal).
  • Your person alarm needs to be easy to carry and easy to use. However, consider whether a very lightweight and tiny alarm will be as loud as you need it to be. Consider if it is so small that, it will get lost at the bottom of your bag, or in your laundry.  Some small alarms can still be very loud – although the sound may not last for very long – and can be easier to handle for some people.  The best compromise is in an alarm which can fit easily into the palm of your hand but is still very loud.
  • Ease of use also needs to be considered: How would you operate the personal alarm in an emergency? There are many different ways to activate different types of alarms, including push caps, push buttons and pull out pins.  How fiddly is it to activate it?  Do you have problems using your hands or fingers?  Can it be operated simply by being pushed against something?

When,, where  & how to use a personal alarm

The primary purpose of a personal alarm is not to attract or help. You cannot rely on them to do that.  Firstly, there may not actually be anyone within earshot. Secondly, hearing an alarm does not necessarily attract help.  Often personal safety alarms sound like a car alarm and we are all desensitized to this sound and often ignore it thinking it’s a false alarm. The most effective sound is a loud continuous shriek.

If you are able to attract the attention of people nearby, you are more likely to get help if you shout a specific instruction – such as “Help! Call the police!”  This makes it clear that you are in danger and need help.

Once you have set off your alarm, leave the situation as quickly as you can, moving to a busy area if possible.  Don’t wait to check that your alarm has had the desired effect; just go.

Remember that a personal alarm should be just one part of your personal safety plan: There are lots of other ways in which you can help yourself to avoid violence and aggression.

Some of our personal alarms also have multiple functions such as serving as anti-theft devices, door alarms, and much more

For more safety advice and products including a selection of personal safety alarms, please click here to visit our online store.

PepperEyes.com is dedicated to providing you with the best and most affordable self-defense products, and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high quality discount self-defense products and arm yourself with the knowledge about self-defense and security products and information of the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option. PepperEyes.com is a division of Onyx Knight Enterprises

19/08/2014

How your House got Hacked!


Many of the top out of the box home security systems sell high-end systems designed to look as if they will provide you with the best security to protect your residence and family if 13_hai_panelsomeone decides to target your home.  Many of these new systems allow you to control and monitor your system remotely. While statistically homes with a home security system are less likely to be targeted by robbers than those with one, don’t think your new high-end system is perfect.  As someone said if you build a better mouse trap, nature will build a better mouse.

You see all those fancy electronics have inherited flaws. For example two researchers say that some of the top-selling home alarm setups can be easily subverted to either suppress the alarms or create multiple false alarms that would render them unreliable. False alarms could be set off using a simple tool from up to 250 yards away, though disabling the alarm would require closer proximity of about 10 feet from the home. Thieves can walk up, pick your lock, suppress your alarm, do what they want, and then leave without so much as a peep from your alarm,

The underlying technology of many of these wireless alarm systems rely on radio signals between the various wireless components and depending on the setting on the alarm panel and the sensors the alarm system will interpret an event.  With the right equipment you can pick up and decrypt those signals and do what you will.  Now mind you most burglars don’t have this type of equipment, but high-end neighborhood will attack high-end crooks.

 

Additional Resources

 

PepperEyes.com is dedicated to providing you with the best personal protection products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for yourself, your home or your business, buy our high quality discount personal protection products and arm yourself with the knowledge of the best way to stay secure in an ever-increasing violent world. In today’s society being equipped mentally and physically is no longer an option.

07/08/2014

Protect Your Online Account With Multi-Layered Authentication.


Yesterday I tweeted (@PepperEyes), and posted on the Defense Against Crime LinkedIn page the latest cyber-breach story about the Billions of Stolen Passwords from the Russians
(http://news.msn.com/science-technology/report-russian-hackers-steal-12b-passwords). Communications connectivity

So just to keep count and to bring you up to speed,  here is a list of cybersecurity issues that we know happened in 2014.

  • There have been over 447 in 2014 according to the idtheftcenter.org
  • There was the heart bleed virus threat of 2014
  • There have been reports of fake mobile banking apps that are stealing sensitive data
  • There are always new viruses/malware being released to exploit security breaches.
  • Cyber Thieves can now hack many wireless Security Systems
  • China and Russia Hackers are continuously cyber attacking US Computer networks.

Have your heard enough?   Are you scared yet?

One IT Security specialist I know says he doesn’t even leave his home computer plugged into the network or turned in to prevent any kind of attack.  What about the rest of us who live on the net? Is there a better way to secure your computer accounts without having to create new elaborate passwords every month?

One of the methods I use to secure many of my on-line accounts (PayPal, Google, Facebook, Bank..etc) is 2 key authentication or what is called Multi-Factor Authentication (MFA). The device that serves as my second key receptacle is my cell phone

What is Multi-factor authentication (MFA)

Multi-factor authentication (MFA) is a cyper security approach to security authentication which requires the presentation of two or more of the three independent authentication factors: a knowledge factor (“something only the user knows like a password“), a possession factor (“something only the user has like a fob or cell phone“), and an inherence factor (“something only the user is”). After presentation, each factor must be validated by the other party for authentication to occur. You have probably seen system used in many movies where the person types in their security password (knowledge) and then either has to have a palm scan or retina scan (possession) and a certain terminal (inherence).  For example to access on-of my online accounts I enter my user name and password (knowledge), their system then send me a text message (possession) and the system will let me in.  So if someone in China steals my user name and password and sells them to someone in Nigeria, without my cell phone, the information is kinda useless and they move on to their next victim.  Google actually monitors where you long in and will question if all of a sudden you try to log in from France when your last login was in New York City.

PayPalFob

PayPal Provides FREE MLA Devices

 

 

 

 

 

 

 

Cyber-thieves are really clever

According to many security advocates, MFA could drastically reduce the incidence of online fraud, online identity theft, and other cybercrimes, because the victim’s password would no longer be enough to give a would be thief permanent access to your information.  However given the persistence and cleverness many cyber-thieves, many MFA approaches remain vulnerable to Phishing, man-in-the-browser, and/or  man-in-the-middle attacks. Think about all those movies or TV Shows where the criminals got access by to cleaver bit of technology or hacking.

In addition to such cleaver direct attacks, three additional aspects must be considered for each of the factors in order to fully realize the potential increase in confidence of multi-Factor authentication:

  • The inherent strength of the mechanism, i.e. theentropy of a secret, the resistance of a token to cloning, or the uniqueness and reliability of a biometric. For example  the new IPhones added a finger print security system. Within a week someone figured out a flaw.
  • Quality of provision and management. This has many interesting aspects, such as the confidence you can have that a token/fob or password has been securely delivered to the correct user and not an imposter, or that the correct individual has been biometrically enrolled, as well as secure storage and transmission of shared secrets, procedures for password reset, disabling a lost token, re-enrollment of a biometric, and prompt withdrawal of credentials when access is no longer required. For example some of the online system have a link that allows the user to bypass the MFA by saying that they don’t have the key. The hacker only has to know some of the other information about you like mother’s maiden name of last 4 of your driver’s license to access your account, change your mailing address and have another fob mailed to them.
  • Proactive fraud detection, e.g. monitoring of failed authentication attempts or unusual patterns of behavior which may indicate that an attack is under way, and suitable follow-up action. Many systems only allow you three login attempts and then it locks you out. You either have to call their 800 to have your password reset or hit the I can’t remember my password which will usually links to your email account that I hope you have a MFA for.

The Bottom Line

In the age of continuous data breaches and cyberattacks, just changing your password on a regular basis is not enough, you are going have to add extra layers of security of your cyber life. Many of us have two locks on the doors of our residence, plus an alarm system and perhaps a dog. We are going to have to take steps to secure our cyber homes against cyber-robbers. Multi-Layered in a great st

Related articles

PepperEyes.com is dedicated to providing you with the best and most affordable self-defense products, and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high quality discount self-defense products and arm yourself with the knowledge about self-defense and security products and information of the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option.

Next Page »

Blog at WordPress.com.

%d bloggers like this: