Tuesday, September 9, 2014

Tips to Keep Your Kids Safe Online

Surrounded by computers, tablets, and smartphones, children in this day and age tend to be extremely tech-savvy. This is largely an advantage as our modern world is growing more technologically advanced.

This comes with many benefits, as kids can get an academic edge by accessing educational programs on a tablet or online. Likewise, by using a computer to learn about things they are interested in, or even just to play games and connect with friends, they become better equipped for the future. After all, technology is not going away, and most of us use it daily for school, work, socializing, and recreation.

However, modern parents know that the vast world of the internet can also be a seedy and dangerous place. Precautions are necessary to protect the privacy and safety of your children and family in general, so here are some tips to reduce internet related risks.

Set Limits and Be Involved

This varies depending on the age of your children, but limiting internet usage is usually a good idea. Whether its 30 minutes after school for games and chatting with friends, followed by a set homework-only computer usage time after dinner, you decide the rules for what and how long your kids use the internet for. Enable parental controls and content blockers to better prevent your children from accessing inappropriate materials.

Likewise, be involved. Know what sites your child visits and what their favorite games or activities are. For younger children, it may be good to check out sites they are interested in beforehand. Place computers in a centralized place to better monitor what is being accessed on it.

Use Antivirus and Security Software

All devices, especially if used by children, should have good security and antivirus protections in place. Kids are more likely to make accidental clicks or be tricked by disguised links. Keep your devices updated and enable firewalls to thwart viruses, Trojans, and other malware from stealing your family’s information if they are inadvertently downloaded.

Talk With and Teach Good Online Behavior

Reduce your child’s vulnerability to risks and tricks on the internet by educating them. Teach them about cybercrime, cyberbullying, viruses, spam, pop-ups and email/chat solicitations, as well as how to react in those situations. Teach them not to click on links or ads and what to do if they accidentally download or access questionable content.

Talk to them about who they are chatting with and remind them that friends they make online might not be who they say they are. Discuss why they should never agree to meet online friends in person or share their full name, address, phone number, or pictures of themselves. Things like having a strong password, logging out of their account, and protecting their online reputation are equally as important.

Kids (in all stages of their lives) are better protected if they learn good online behavior, how to guard themselves, and what the related consequences are. Don’t neglect teaching and talking with your children as this is a critical way to protect them and your family.

Friday, July 25, 2014

How to Secure Your Tablet

Designed to be halfway between a smartphone and laptop, tablets are often considered to have the best of both worlds. As functional as a laptop while still being compact and portable enough to carry around in a small bag or purse, for many individuals their tablets are their go-to device. This also makes tablets a tempting target for thieves and hackers. While most people know to secure their laptops and keep a careful hand on their smartphones, tablets can contain just as much vulnerable information.

From social media to banking, many individuals use their tablets for more than just playing Candy Crush. Wherever you happen to fall in that category, here are three more tips on how to better secure your tablet.

Download Carefully

In this day and age of prevalent technology, all of us at some point have been told to “Think before you click!” and other points of advice about keeping our devices safe. Nevertheless, accidentally downloading malicious files or apps is still very common. Even if you’re on a protected network, a more secure connection won’t be much help if you don’t exert caution when downloading.

Make sure that you only download from trusted sites, especially when it comes to tablet apps. Rather than risk malware from third-party sites, stick to reputable and official sources like the Google Play Store, iOS App Store, and the Amazon App Store. Also read the reviews and app permissions before downloading a new app. Many negative reviews or questionable permissions are often a good sign that something is wrong with the app or that it’s just not worth having in the first place.

Browse Selectively

If you must use a public Wi-Fi and don’t have a secured connection, be very selective when browsing through websites. Encrypted websites that have “https” addresses (instead of just ordinary “http” addresses) are more secure. As long as your provider encrypts the entirely of your email session, you are probably safe to check your emails without worrying that some stranger on the Wi-Fi is snooping on what you’re doing. However, avoid financially sensitive things like making online purchases or checking your bank account. Wait until you’re back on your secure home network or use a reliable VPN service while travelling.

Back Up Your Data and Use Security Apps

Simple to do yet so valuable, backing up your tablet data can be a lifesaver. Whether it gets lost, stolen, hacked, or just stops working, data backups are a basic step you can take to ensure that you don’t just lose everything. Some people prefer frequently backing up an external hard drive, saving their files to cloud storage services like Dropbox, investing in software that manually or automatically captures their data, or any combination of the above.

Another step is to consider is using security apps. These often provide features like virus protection, device location, and remote wipe functionality. There are many options as several apps that secure smartphones, like the Lookout Mobile Security app, also work for tablets.

Wednesday, July 2, 2014

4 Ways to Keep Safe on Social Media

Whether you are on the job hunt or just like staying in touch with family and friends, social media is a great tool for building and improving social networks. Especially for job seekers, a well maintained social profile can bolster their chances of hearing about employment opportunities and getting hired. Even international relationships can be fostered, as you can easily contact individuals on the other side of the world with a simple click.

This networking capability is truly impressive; however, the information rich world of social media also attracts less savory characters. Here are four more security precautions to keep in mind when using social media.

1. Have A Social Media Only Password

With so many high profile data breeches happening over the past few months, password security is a topic that’s been covered quite extensively on the news. Still, it’s important enough to merit repeating: If you’ve been in the habit of recycling or reusing passwords, now is the time to change. Your social media accounts should have a unique password of their own. Never use your social media password for other sites, especially sensitive and valuable accounts like for work or banking.

2. Stay On the Civil Side

One thing to remember is that while your social media profile is your own, the power of the internet means that anything you post, say, or tweet has the potential to instantaneously reach the general public. Avoid offensive language and try to stay civil as much as possible. Especially if you’re upset about something, cool down before you post something you regret.

While on the internet in general, a good rule of thumb is to be careful how you word and express your opinions. Since people can only see what you type and have very limited cues about your tone of voice or temperament, misunderstandings are just more likely to happen.

3. Beware of Online Scammers

It’s unfortunate, but even a slight sense of anonymity tends to bring out the worse in people. Since everyone “creates” themselves when making a social profile, online cyber-criminals may pose as a perfectly nice individual that wants to be your friend since they share similar hobbies, interests, or other connections to you. Then, once inside your social network, they might suddenly be in urgent need and ask for money, or offer fraudulent “opportunities” to you. Even sneakier, they might use your contacts to gain personal information that can then be used to steal your identity or trick your real friends and family.

Don’t be afraid of making friends online since most are really great people, but be careful as not everyone is who they appear to be.

4. Limit the Details You Share

While there’s nothing wrong with mentioning your pet’s name or reminiscing about your very first car, be tactful. You really don’t need to post every personal detail, as tempting and easy as social media sites make it to share. It never hurts to be cautious, as those seemingly innocuous details might give observant cyber-criminals the information they need to bypass things like bank security questions.

Monday, June 23, 2014

The NSA, Facial Recognition Technology and You

The month of June saw many concerns being raised over the National Security Agency, data collection, and privacy. From a report published by The New York Times on May 31, the NSA’s use of facial recognition technology has increased in recent years. This report by was based off of 2011 documents from Edward Snowden, the ex-agency contractor who made similar security revelations around this time last year.

Now, according to these documents, the NSA has broadened their focus on other identifiers during their data collections. More than just tracking written communications and oral communications like email and phone conversations, the NSA has been gathering fingerprints and facial images as well. Recognizing the “tremendous untapped potential” of private images included in online communications, the NSA appears to be turning towards facial recognition technology to “revolutionize the way that the N.S.A. finds intelligence targets around the world” as part of their efforts to monitor individuals such as suspected terrorists.

The NSA intercepts a staggering amount of images. According to the report, millions of images are collected from private communications such as email, text messages, social media, and video conferences each day. Of these, about 55,000 are “facial recognition quality images”. In addition, this secret image-gathering program by the NSA appears to have become more advanced and sophisticated from when it first began in 2010, with the ability to identify faces despite facial hair and hairstyle changes.

Detailed in the report, a NSA presentation of their image surveillance program showed an unidentified man in different settings and varied appearances (such as bearded and clean shaven), as well as more than two dozen data points about his known associates, passport or visa status, and other intelligence information. The documents were unclear about how many images or individuals have been involved in the NSA’s broad data collection efforts in this manner.

As a result, many Americans have expressed concerns about privacy, especially as facial recognition programs gain increased invasiveness as their algorithms continue to improve. When asked on June 3 at a Bloomberg government cybersecurity conference about whether this program collects images of U.S. citizens, NSA director Admiral Michael S. Rogers replied, “If we have to do anything involving a U.S. person, we have specific legal constraints we must comply with. We do not do this in some unilateral basis against U.S. citizens.”

Since images are categorized as communications, the NSA must get court approval in order to collect images on Americans, just like they would in order to wire-tap phone conversations or read emails. From this, it would appear that only images of individuals overseas or involved in on-going NSA investigations are being collected. In addition, Vanee M. Vines, the NSA spokeswoman, said that the agency “did not have access to photographs in state databases of driver’s licenses or to passport photos”. However, she declined to comment whether the NSA had access to the photos of foreign visa applicants found in the State Department database or if the NSA had collected facial images of Americans from social media sites like Facebook.

Monday, June 16, 2014

Alternative Lock Screen Security Options

With identity theft becoming more prevalent, people are beginning to realize the need to guard their personal data whether it’s on their computers, tablets, or phones. To prevent snoopers and protect the information in your smartphone, having a lock screen is definitely a good idea. For some however, the standard lock screen options (Face/Voice Unlock, Pattern, PIN, and Password) are just not enough.

Whether you enjoy customizing every aspect of your phone, want different security choices, or simply desire to add some functionality, consider these lock screen options.

Picture Password

Many smartphone users like the idea of swiping a pattern to unlock their device. However, two frequently mentioned drawbacks of the standard Pattern lock screen is the limited number of swiping options and how tell-tale smudges on the screen can give away your pattern.

With the Picture Password app, users set a chosen background image and unique gestures as their unlock pattern. By allowing you to draw a combination of points, circles, or lines on a specific part of the image, there is a substantially greater (and thus more secure) amount of unlock patterns. Since the swiping pattern is unique, shoulder-surfers also have a harder time picking out your pattern from ordinary smudges made by other smartphone actions.

Hidden Lock

This app features a lock screen that doesn’t look like a lock screen. Hidden Lock displays a snapshot of what your phone looked like before being turned off. Your smartphone will appear unlocked but can’t be used without pressing the invisible unlock button (the location of which you set somewhere secret on the screen). If someone picks up your smartphone and attempts to use it, Hidden Lock’s setup can fool them into thinking the phone isn’t working and deter them from prying further.

NiLS Notifications

While this is technically a widget and not a lock screen app, it’s great for those who want to see all their notifications without having to unlock their phone. NiLS Notifications supports all apps that create standard notifications, including emails, text messages, missed calls, and Facebook alerts. It is also quite customizable in terms of background, text color, opacity, and notification size.

Samsung devices are unable to use Pin or Pattern lock security with lock screen widgets; however, the app explains workarounds like the NiLS floating panel in its FAQ.


For those who love customization, WidgetLocker is a lock screen replacement app that really lets you individualize your lock screen. There are several built in styles as well as user themes to choose from. WidgetLocker also lets you customize the type of unlock feature you want to use, as well as block or allow certain widgets.

One of WidgetLocker’s most characteristic smartphone features includes allowing you to personalize the actions of sliders on the lock screen. This allows users to have useful slider functionality like Slide-to-Camera or Slide-to-Call a Contact. While currently $2.99 in the Google play store, WidgetLocker might be worth the price to those who want a wide range of lock screen customization.

What is your favorite Lock Screen that you use? Let me know in the comments!

Thursday, June 5, 2014

What You Need to Know About the eBay Data Breach

With Target’s security breach and the Heartbleed bug still fresh in many consumers’ minds, eBay, the online marketplace giant, revealed recently that its entire user database was compromised in a hacking attack. While some eBay users have received emails urging them to change their passwords, others only heard of the database breach from third party sources and not officially from eBay itself.

In comparison to Target’s breach, which involved up to 110 million customers’ personal details and 40 million credit card records, this attack on eBay is much larger. It is estimated that 233 million people’s personal data was stolen. Furthermore, it is clear that the cybercriminals intend to profit from the info they stole. On Sunday, May 23, the personal information of 715 individuals was advertised online for sale, all apparently from the eBay breach.

With this perspective, many are upset by eBay’s overall slow response, and with good reason. According to the official statement on eBay’s website, the database was hacked in late February and early March, nearly three months ago. This is made even more concerning by the fact that eBay only detected this security breach around the week of May 4
th, and finally broke the news to the public on May 21st.
As explained by eBay’s statement, this security and data breach was the result of cyberhackers gaining unauthorized access to eBay’s network by figuring out employee log-in credentials. The data that was compromised includes: eBay customers’ names, email addresses, physical addresses, phone numbers and birthdates. Hackers were also able to steal away encrypted passwords.

These passwords were only encrypted however, and not hashed and salted, which would have been more secure. While encryption might slow the hackers down, eBay’s lack of using a more protected format for storing passwords offers little comfort. After all, as the 2012 LinkedIn data breach already illustrated, 60% of stolen LinkedIn passwords (which were hashed) were cracked within 2 days of the theft. Thankfully, while eBay also owns PayPal, the online giant reported that the personal and financial information of PayPal users was not compromised in the attack, as that data is apparently stored on a separate secure network.

All eBay customers are encouraged to change their password immediately if they have not already. Any sites that share the same password, especially if they are sensitive like your online banking account, should also be updated. This is important as cybercriminals often attempt to break into other sites using your stolen info, such as email and eBay password. When updating your information, also be wary of phishing emails that attempt to look legitimate in order to steal more data. If you are unsure, go to the website directly to make changes.

For internet security in general, try to use unique passwords for each site. Avoid commonly guessed passwords that involve your name or birthdate, as those personal details are easily discovered (or in eBay’s case, have already been stolen). If you struggle remembering more than a few passwords, this may be a good time to begin using a password manager.

Wednesday, May 28, 2014

Protecting Your Privacy - A Basic Rundown of Smartphone Kill Switches

A lot of debate has arisen over smartphones and kill switches. This is predominately a response to the actions of several state senates, including Minnesota and California, which passed controversial bills in the beginning of May. While varying in specific details, these bills are intent on requiring cell phone manufacturers to include “kill switch” technology in all their smartphones.

First things first, what does kill switch technology do?
Also known as “bricking” a cell phone, these kill switch programs are intended to allow the owner to render a device useless and its data unobtainable in the case of theft or loss. Some newer smartphones already have this feature available, such as Apple’s iOS 7, where it is called Activation Lock. Samsung has similar lock and kill switch features. Apple also already has a Find My iPhone app accessible for all their phones, iPads, and Macs that helps owners track their devices and decide if it was truly stolen or just simply misplaced.

How big of an issue is smartphone theft?
While some feel that features like kill switches or tracking apps are already widely available for concerned owners, others feel that even more must be done.

There is certainly no doubt that smartphones are a tempting target to thieves. Depending on the brand and value of the device, thieves can net themselves hundreds of dollars on the black market, and that's before we get into the profits reaped from selling your data and identity. iPhones are usually the most profitable, and iPhone theft has become so common that it has been nicknamed by some as “apple picking”.

Most prevalent in metropolitan areas, it was estimated that last year in 2013 an estimated 3 million Americans were hit by smartphone robberies. In addition, according to the D.C. Police Department, 40 percent or more of reported robberies in every large city region, such as Washington D.C., San Francisco, and New York, involved the theft of smartphones.

More than physical endangerment, theft of smartphones can also lead to identity theft if the phone is unprotected or not password locked.

What is being done and what are the concerns?
Clearly smartphone theft is a major problem. In a way however, the bills passed by Minnesota and California’s senates are just making doubly sure that the payoff of stealing smartphones is greatly reduced. This is because the concept of widely implementing “kill switches” to make smartphones unsellable and thus less attractive to thieves has already been addressed.

On April 15th, most major cell phone companies announced their participation in CTIA’s “Smartphone Anti-Theft Voluntary Commitment”, pledging to have “baseline anti-theft tools” (basically kill switch technology) downloadable or pre-installed in all smartphones manufactured after July of 2015. Participating companies include Apple, HTC, Google (Android), Motorola, Samsung, AT&T, Verizon, Nokia, T-Mobile, Sprint, and other large organizations.

Don’t expect news stations to stop discussing the “kill switch” controversy however. Some are concerned that implementing this type of technology will in fact make smartphones less secure, citing possible danger from hackers using those same “kill codes” to steal sensitive data and maliciously disable smartphones that are still in the hands of their owners.

Wednesday, May 21, 2014

Why All Internet Users Should Use a VPN

Two technical results are achieved by using a virtual private network connection, or VPN. First, you can make it look like you’re accessing the internet from a different location, country, or machine than you actually are, thanks to the VPN hiding your real IP address. Secondly, a VPN encrypts your connection, so your online activity cannot be seen by eavesdroppers and nosy criminals. Do you really need a VPN though? Yes, I believe you do, in fact, I believe everyone should have one, and here’s why.

Privacy Is a Basic Right

If you believe that you should have the right to receive and send information over the internet without the authorities, hackers, or anyone besides the intended recipient viewing your communications, cataloging and following what you do, then you need a VPN. Philosophically, that’s probably a good enough reason to get one, but let us look at specific examples of how a VPN can help protect your online privacy:

Avoid tracking and reprisals for web research – There are a number of reasons you would want to keep your internet research private. Reporters, celebrities, law enforcement officers, and market researchers are some of the most common researchers who would want to remain anonymous. By masking your IP address, a VPN can do this.

Make VOIP calls private – If you are not familiar with the term, VOIP stands for voice over internet protocol. Basically, it is internet telephoning. Skype and Lync are examples of this, unfortunately is incredibly easy to listen in on. A VPN is able to cloak your calls.

Avoid internet marketing based on your search history – Every web search you perform is logged by Bing, Google, and other search engines. These searches are associated with your IP address, which the engines then use to direct advertisements at you. It can be annoying, and is the digital equivalent of advertisers yelling your name as you walk down the street, trying to hawk their wares.

Added Benefits of a VPN

For anonymous browsing and confidential emails, the Wi-Fi in a hotel or the hotspot at Starbucks is not a safe option. Anyone savvy enough to eavesdrop can do so fairly easily, since public Wi-Fi typically offers zero encryption to users and monitoring software is freely and cheaply available. If you think you need to be especially talented to steal data over Wi-Fi, think again, there are plugins for browsers that beginner hackers are able to utilize at the click of a button to see everything you are doing online, these plugins can even collect passwords and typed information, and steal enough data to compromise your identity. A VPN is able to keep all of your data encrypted no matter where you are.

Many organizations, such as schools, offices and even a number of countries have draconian rules about what you can access on their computers. They end up censoring popular sites and services like Twitter, Facebook, Flickr, Netflix, and YouTube. With a VPN, you can unblock these sites and access any site you want.

Choosing the Right VPN

VPN’s are a dime a dozen these days, finding the right one might seem tough at a glance, but do a little research and it becomes clear which ones are dedicated to protecting your privacy, and which ones are are simply paying lip service. It’s a competitive field, so subscription prices keep falling. Whatever you do, do NOT sign up for a free VPN service. Right now, I use Ironsocket VPN and DNS Proxy and have been really impressed with their service. It’s cheap, feature-packed and their customer service is just brilliant. If you’re in the market, I heartily recommend them. There are some other relatively decent options, but I’ve yet to find one that’s as open and transparent, and which provides the value they do.

Friday, May 16, 2014

Much Ado About the Heartbleed Bug

What to Do to Stay Safe in the Wake of the Heartbleed Bug
Heartbleed has come and gone, no need to worry, right? Wrong. Since March of 2012, the Internet’s most popular cryptographic library, OpenSSL, has been potentially bleeding information due to a massive security vulnerability. Yes, it’s been patched, but unless you’ve been proactive about your online security, you may still be at risk.

For many it is hard to tell if you are affected since most users do not even know whether a site they visit is using OpenSSL. Many sites that do use OpenSSL have been fairly good about communicating the fact that users need to update passwords, and providing information on what needs to be done. That said, quite a few have been startlingly lax, and either haven’t sent emails out in a timely manner or haven’t sent them at all. I say if in doubt, change everything.

OpenSSL Is Apparently No Longer Vulnerable

The people who maintain OpenSSL fixed the vulnerability just before the bug was revealed to the public. Swapping out the cyberlocks that protected their data, it is up to Internet companies to also create fixes for their own software. Going forward, you are probably protected as long as you’ve updated your password information. The scary part is thatsince OpenSSL ha been vulnerable for the past two years, any information you sent over the Internet could have been compromised.

Though there is little you can do about the Heartbleed bug now, there are steps you can take to ensure you are unaffected if similar issues arise in the future:

·         Remain calm – The vulnerabilities exposed this week have already been secured by all of the major Internet companies, including Google and Amazon.

·         Public Wi-Fi networks are not your friend – Limit your Internet usage to transactions that are not especially sensitive and things you would not mind people being able to see if you are hopping on the Wi-Fi in public places like Starbucks. When in doubt, use a VPN.

·         To see which sites are vulnerable, do a test–There are apps available on the web that will tell you when the encryption on a site was last updated, what type of encryption they use, and if the site is still vulnerable to the Heartbleed bug.

·         Use a VPN – Connect using a VPN if it is offered by your school or company. Or, you can purchase VPN services for fairly cheap. These provide unparalleled encryption above and beyond that offered on most websites. It’s their business to keep you safe online, many of them are good at it.

·         Every few months, change your password – This is a good practice to have no matter what, since so many of our transactions happen online. There are a number of excellent password managers out there that help you generate cryptographically strong passwords, and store them for you so you don’t need to remember them. Change them regularly, and for goodness sake, don’t use the same password for multiple sites!

Thursday, May 8, 2014

Is Google Chrome's "Incognito Mode" Really Secure?

The most used browser in the world is Google Chrome, with StatCounter indicating that nearly half of all desktop internet users are Chromeites. Chrome’s “Incognito” feature has proven extremely popular, and remains a large reason why the browser has secured such a large following in Russia, Europe, the Americas, Australia, and many other regions around the globe.

But What Is “Incognito”, How Anonymous is it?

Without your browsing history being recorded within Chrome, users can visit sites across the internet when in the “Incognito” browsing mode. All of your browsing history is instantly deleted when you launch an Incognito browsing session. Also, any cookies created during the session are deleted when the Incognito window is closed.

Many people believe this is a safer way to use the worldwide web, because it doesn't allow them to be tracked online. This is only partially true, because Incognito does not actually make your internet experience more secure or safe, from prying external eyes (such as your employer or marketers). Incognito is a good way to make sure others who use your device or computer are not able to see what websites you have been visiting, and that's about it.

Routers, websites you visit, and your ISP can, and do log where you have been spending your internet time.

What Can You Do To Make Your Browsing Secure?

Using a VPN, or virtual private network, is by far the best and easiest way to ensure your browsing is secure and your data kept private. Good VPNs use high powered encryption to send your information and communications over the Internet at the source, making sure absolutely everything you do online is safe and anonymous. Outside sources simply will not be able to log your web browsing, IP address, your download history, or any other information about you.

In addition, good VPNs give you an array of different region IP's to choose from, making it appear as though you are using the internet in a different country, even on the other side of the globe. One of the benefits of  appearing to access the internet from a different country is that you will also be able to visit country specific content. For example, Netflix and Hulu only offer services in certain countries, and even then, they alter what is available for specific countries. With a VPN you can get all the content you want, and browse the web freely without worrying.