Tuesday, November 27, 2012

Thanksgiving Day Macy’s Parade Oops.


Parade viewers were surprised to find shredded police report information with addition to the normal parade confetti. In a strange twist Confetti collected by spectators near 65th Street and Central Park West revealed arrest records, incident reports and personal information and that identified undercover officers. There was also information of Mitt Romney's motorcade route to and from the final presidential debate at Hofstra University.
From an interview with WPIX. "There are phone numbers, addresses, more Social Security numbers, license plate numbers," said Ethan Finkelstein, 18, of Manhattan, who gathered up some of the confetti with friends. "And then we find all these incident reports from police."

An investigation in to how this happened has discovered the records that landed on spectators at Macy's Thanksgiving Day parade were brought by a Nassau County Police Academy department employee. The employee has not been named by investigators.

Nassau County Police are considering upgrading to cross cut shredders for future use. Macy’s confirmed that the confetti used for the parade, supplied by Macy’s, is colored paper.


 

 

Retailers beware:


With the approach the holiday season, retailer’s and merchants will need to be diligent in watching over their operations. Identity thieves, scammers, hackers, and others criminal types will be going full-fledged during the holidays. They will be counting of the hustle and bustle to allow them to penetrate Point Of Sale systems across the country. They will use any tool they can, from virus to converting an employee, to steal the data that they want.

The scary part is that when they are successful the backlash at the merchant will be intense. For each merchant system that is compromised there will be questions and complaints as to how this could and did happen. The business that doesn’t have the correct answers, or failed to observe some security step, will in the end answer these ugly questions in a court of law.

Wednesday, November 7, 2012

POS Warning

In an article “Why Data Theft Experts Recommend Paying in Cash”, by Byron Acohido, published in USA Today the experts talk about the dangers of debit card theft. They also bring up the growing problem of POS terminal attacks. What they don’t talk about is how the public is going to respond to the exposure.

If you are a business owner or the manager of a store in a chain, you now have a duty to your company and customers to look at those terminals every day. The thieves are slick at what they do so you will need to be more vigilant in watching for tampering. If you suspect tampering, take that terminal off line and have it checked out. The first time it comes to light that a POS terminal was used, after being suspected, there might be a very ugly outcry from customers. There may even be action from attorneys against the store and or company.

For those companies and managers who don’t feel the need to be watchful and claim ignorance there will be an attorney who will clearly address the lack of due diligence. Business owners and leaders need to understand that these attacks are becoming more common the need for greater effort on their part is required.

The last part of the article brought up the age old advice that maybe people should carry and use cash. When people carried cash they were subjected to the threat of robbery. Now they need to be concerned about using a debit card. I stand by my position that consumers need to use credit cards for all transactions because of the higher legal safe guards of credit cards. I still believe that you should carry an ATM (only)card only for getting cash when you need it. The debit card is a direct pipe line into your bank account and can cause significant problems if it is lost or cloned. The risk versus reward for using a debit card is not good enough for me.

Wednesday, October 31, 2012

South Carolina Breach and Error


This past week I have been reading about the data breach in South Carolina. Hackers gained access to the records of the Department of Revenue and 3.6 million South Carolina Taxpayers data. Data ranging from Social Security numbers to home addresses was available.

In the days following the notice of the breach the Governor Nikki Haley has spoken about the data not being encrypted. In her comments she stated that “The industry standard is that most Social Security numbers are not encrypted. A lot of banks don’t encrypt. A lot of those agencies you might think encrypt Social Security numbers actually don’t. It’s not just that this was a DOR situation, but an industry situation.”  

For the past ten years I have tried to bring to the attention of the public that data exposure is a real problem. In California where the first data breach notice law was created, the standard is that if the data is encrypted then notice is not needed. This was included to provide business with a security step that would make encrypting the data a more cost effective option.

There are numerous ways to encrypt the DOR data and still allow DOR personnel to use it. I wonder if the Governor considers paying for 3.6 million people to have credit report monitoring is more cost effective. We are rapidly approaching the point where those who have a breach, and had not taken the step of encrypting the data, will find themselves discussing the standards in front of a jury of their peers.  

Monday, October 15, 2012

Webroot Hits a Homerun With ‘SecureAnywhere 2013’


In the time of caution and concern the users of computers can become confused by the various antivirus programs.  I make it part of my job to check out programs and evaluate them against what is currently available and what needs to implemented.

Webroot has created a new  tool to help fight against those who would hijack our information. Webroot’s antivirus software SecureAnywhere 2013 steps up to the plate with new features and functions that users need in our daily travels on the Internet, especially due to cybercrime and mobile devices.

SecureAnywhere 2013 has high speed antivirus scanning and perhaps the best malware detection tools that I have tested. I was provided with a demonstration of their tools last week during a call with the product manager and one of the engineers. In a live example I was shown that this software can detect and warn you of a number of web login scams. It empowers the everyday user and allows them to  link onto the Internet  safer than ever before.

For years I have told people to be careful of online login scams and the threat of malware. Webroot’s SecureAnywhere 2013 is a reasonably priced anti-virus tool that allows the user to trust this new antivirus program and focus on their project or task. I never minimize healthy distrust of what are clear scams but at least now I don’t need to worry when I login online to my bank because this tool will tell me if it is the correct site or not. Keyloggers and scam sites can’t penetrate this software so I feel safe in allowing my family to be online without concern. One additional feature that I love about this product is the speed of the antivirus scanning. Having used a number of products before that could take up to an hour to complete a scan, imagine my surprise to see a scan done in just minutes. I am talking about single digit minutes.
The following was taken from the press release for this product:
In the first review since its 2013 product release, Webroot SecureAnywhere AntiVirus again garnered the PC Magazine Editors’ Choice Award. In his review, PC Magazine Lead Security Analyst Neil Rubenking wrote, “Webroot SecureAnywhere AntiVirus 2013 gives you speedy scanning and excellent malware blocking in a ridiculously small package. Webroot remains an Editors' Choice for antivirus protection.

This software is a positive step forward and should be part of  a computer user’s arsenal of tools to protect and defend against the threats of online identity theft.

Tuesday, October 9, 2012

Job Seekers Be Wary


Computers have made job searching a lot faster. It has also opened the door to companies taking multiple applications for a single position. Now comes the trouble spot. Job seekers need to be careful that the application they are filling out is from a legitimate company and for a actual job. Scammers are offering jobs on line. You fill out the online application and never receive a call. Before you fill it out check it out.

Florida Realtors Warn to be on the Alert for Bogus Emails.


The Florida Department of Business and Professional Regulation is warning Realtors and other professionals with state licenses to watch out for emails supposedly coming from the Department. The scam is an email informing the recipient that they are subject of a pending disciplinary action. The target is directed to contact an investigator at a toll free phone number. During this interview the scammers collect a variety of personal and business information.

Sandi Poreda, communications director for the department, said that the scammers have managed to copy “the banner on our website and created an email signature that looks very much like ours.”

This scam should be a concern for any business person that has been licensed by the State. This scam will most likely be travelling across the country in the next few months. Every business person should think twice before providing information based on an email request.