Saturday, January 20, 2018
Confessions of a Former Hacker
Consumers are daily targets of email and phone scams, not to mention the frequent cyberattacks on big data. So it's never been more important to safelock your online security as best as you can.
"The scams are changing every day and consumers aren't knowledgeable about the new scams that are going to be used against them," says Kevin Mitnick, top cybersecurity expert and author of "The Art of Invisibility: The World's Most Famous Hacker Teaches You How To Be Safe In The Age Of Big Brother And Big Data."
Formerly on the US government's "Most Wanted" list in the 1990s for hacking into cellphone companies, Mitnick served five years in prison for computer fraud. Since his release in 2000, he's built a career as a "white hat" hacker, working as a security consultant for companies around the world. In this new video series,"Confessions." Yahoo Finance interviews Mitnick to find out what security measures he takes to safeguard his own personal information online.
1) Use a password manager
2) Connect with a VPN service
3) Install HTTPS Everywhere
4) Use a separate device for your finances
5) Set up bank alerts
Stanley CD8820 Padlock
Stanley Hardware S828-160 CD8820 Shrouded Hardened Steel Padlock. Following my blog post on lock picking and lock bumping, some readers asked what I would recommend for a general use padlock. Perhaps the best general use padlock that you can pick up at your local hardware store or order from Amazon is the Stanley CD8820.
The padlock's strong points are:
- Shrouded shackle
- Made of molybdenum alloy steel
- Removable core
- Anti-pick pins
- Anti-drill plate
- 6 pins
- Price <$50
For a general use padlock, the Stanley CD8820 is a reasonable choice.
Bosnian Bill has a YouTube video about this lock, and discusses some upgrades to the lock.
Lock Picking Lawyer shows how to defeat this lock using a Ramset in his own YouTube video.
If you’re searching for something in the $20 range, the Stanley CD8823 padlock has everything the CD8820 has except a different body. Instead of a hardened steel body it has a laminated steel body with hardened steel end caps and recessed rivets.
Friday, January 19, 2018
MAKO Locks
We use padlocks to secure our lockers, toolboxes, sheds, gates, and any number of other things. In many cases the padlocks we use are something that we picked up at the local hardware or department store. The problem with these locks is that almost all of them can be easily picked or shimmed, giving a criminal quick and surreptitious access to whatever we are trying to protect.
If you are going to use a padlock to secure your property, you might as well use a good one. Some of the best padlocks I have come across for under $20 are the MAKO 427 - Re-keyable Rectangular Padlock and the MAKO 227 - Steel Disc Padlock.
Both of these locks are very well made, and include pick resistant cylinders. The MAKO 427 contains a 6-pin cylinder and the MAKO 227 contains a 5-pin cylinder. While any lock can be picked open (it took me 18 minutes to pick the MAKO 227, and over a half-hour to pick the MAKO 427), these locks are both going to be beyond the capabilities of the average criminal.
Being able to defeat physical attack (i.e. bolt-cutters, saws, and hammers) is also an important feature of any padlock and the MAKO 227 - Steel Disc Padlock provides a good resistance against this type of attack. The thinner shackle of the MAKO 427 is useful in places where the heavier MAKO 227 won’t fit, such as some lockers or toolboxes.
If you are currently using cheaper 4-pin locks (i.e. Master Locks) to secure your property against surreptitious entry, I would recommend upgrading to the higher security of MAKO Locks. You can review the features of MAKO Locks and place an order on-line at https://makolocks.com.
To see some of the world’s most skilled lock pickers open MAKO Locks, check out the following YouTube videos (while the locks get picked, they both agree that MAKO makes a great lock):
Bosnian Bill does a video review of both MAKO Locks
Lockpicking Lawyer does a video review of the MAKO 427 padlock
If you are going to use a padlock to secure your property, you might as well use a good one. Some of the best padlocks I have come across for under $20 are the MAKO 427 - Re-keyable Rectangular Padlock and the MAKO 227 - Steel Disc Padlock.
Both of these locks are very well made, and include pick resistant cylinders. The MAKO 427 contains a 6-pin cylinder and the MAKO 227 contains a 5-pin cylinder. While any lock can be picked open (it took me 18 minutes to pick the MAKO 227, and over a half-hour to pick the MAKO 427), these locks are both going to be beyond the capabilities of the average criminal.
Being able to defeat physical attack (i.e. bolt-cutters, saws, and hammers) is also an important feature of any padlock and the MAKO 227 - Steel Disc Padlock provides a good resistance against this type of attack. The thinner shackle of the MAKO 427 is useful in places where the heavier MAKO 227 won’t fit, such as some lockers or toolboxes.
If you are currently using cheaper 4-pin locks (i.e. Master Locks) to secure your property against surreptitious entry, I would recommend upgrading to the higher security of MAKO Locks. You can review the features of MAKO Locks and place an order on-line at https://makolocks.com.
To see some of the world’s most skilled lock pickers open MAKO Locks, check out the following YouTube videos (while the locks get picked, they both agree that MAKO makes a great lock):
Bosnian Bill does a video review of both MAKO Locks
Lockpicking Lawyer does a video review of the MAKO 427 padlock
TSA Master Keys
TSA Master Keys can unlock any brand "Travel Sentry" (https://www.travelsentry.org/us/) lock, no matter if it's from Master Lock, Brinks, Samsonite, American Tourister, Stanley, or any other manufacturer.
These locks were not really intended to provide you with security while traveling, rather they are intended to give the government (the TSA) a way to bypass your security. The shackles on Travel Sentry locks are so thin that they can be easily cut. The locks are very easily picked, and if you have a high-resolution picture of the master keys (as shown here - https://imgur.com/a/JQD7l - click on each picture for high resolution) you can easily make your own set of master keys.
TSA recommends that you use Travel Security locks, so that they are able to easily open your luggage for inspection. The problem of course is that when you give the government a way to bypass your security (ostensibly for a valid purpose) you also provide criminals a way to bypass your security, as well.
The hacking of the TSA Master Keys is a powerful example of the problem with creating government backdoors to bypass security, physically or digitally. Most security experts and computer scientists believe backdoors for law enforcement inevitably make systems less secure, and easier for criminals to break into.
Recently the FBI has been trying to convince technology companies to design some sort of special way for its agents to access encrypted communications on digital devices. But companies including Apple and Google have resisted this pressure, insisting that developing backdoors will only weaken security that they have worked hard to improve for the sake of average customers around the world.
The fact that TSA Master Keys are available to anyone goes to prove the stupidity of key escrow (the arrangement in which keys needed to decrypt communications are held in escrow to be accessed by a third party if necessary).
Thursday, January 18, 2018
Residential Burglary
Burglary is defined as unlawful or forcible entry or attempted entry of a residence. This crime usually, but not always, involves theft. The illegal entry may be by force, such as breaking a window or slashing a screen, or may be without force by entering through an unlocked door or an open window. As long as the person entering has no legal right to be present in the structure a burglary has occurred. Furthermore, the structure need not be the house itself for a burglary to take place; illegal entry of a garage, shed, or any other structure on the premises also constitutes household burglary. (Bureau of Justice Statistics)
Approximately sixty-six (66) percent of burglaries are residential. In residential burglaries most criminals (34%) gain access to your home through the front door, a first-floor window (23%), or through the back door (22%). Garages serve as the entry point for nine percent (9%) of burglars, unlocked entrances and storages six percent (6%), and basement windows four percent (4%). Only two percent (2%) of burglars climb to the second floor to make entry.
According to research published by Mastering the Lock, thirty-two percent (32%) of burglars would first attempt to make entry through an unlocked door, twenty-six percent (26%) would try to gain a forced entry (by breaking the door, locks, window, etc.), and twenty-four percent (24%) would try jimmying or prying. Only six percent (6%) of burglars would attempt picking the locks to gain an entry in homes.
What these statistics show us is that that while about a third of burglars will first attempt to find an unlocked door, only about six percent (6%) actually gain access this way. In most cases burglars are breaking, jimmying, and prying their way through front and back doors, and ground-floor windows. However, they won’t spend a long time trying to force their way into your home. According to A Guide to Home and Vehicle Security - The City of Portland, Oregon: “Many burglars will spend no longer than 60 seconds trying to break into a home.”
While we often think of burglars as breaking into homes at night, the fact is that most burglaries happen during the day between 10AM and 3PM. It is during these time that most homes are unoccupied with people away at work, school, or out doing other errands during the day.
- Most burglaries are committed by males under the age of 25.
- About fifty percent (50%) of burglars live within two-miles of homes they burglarize.
- They tend to be looking for small, expensive, items that can be easily converted into cash.
- Burglars use tools such as hammers, crowbars, or large screw-drives to break into your home.
- Once they have gained access to your home, burglars act quickly spending only between 8 - 12 minutes inside.
- While most burglars are amateur criminals, they are usually involved in other criminal offenses, such as assault, robbery, and drug-dealing.
KGW News (Portland) published a story: “We asked 86 burglars how they broke into homes.” (Oct. 31, 2016). Some of the things they found were:
- Burglars would kick in the door rather than break glass. "Loud bangs are better than loud glass breaking, plus you run the risk of getting cut, said one inmate."
- Burglars had mixed opinions about home security signs. Some burglars said it didn’t faze them. Others said they knew how to disable alarms or avoid setting them off. Most intruders said they would leave immediately if a security alarm went off.
- Generally, burglars agreed security cameras were a deterrent. But some said it also likely signaled there were valuables inside the home.
- If a homeowner had a big, loud dog most burglars would stay away. Smaller dogs don’t seem to bother them. "Dogs are a deal breaker for me," said one inmate. "Big breeds, home protectors are the best to keep people out."
- Most burglars feared someone might be home if they heard a radio or TV. They wouldn’t break in.
Your doors should all have good high-security dead-bolt locks installed. And as we have seen, it is also important that your doors be reinforced to prevent them from being easily kicked in. The Victoria, TX Police Department has an excellent video "Home Security Tips: How a 50 cent investment can dramatically strengthen your doors" that shows a simple method of improving the strength of your doors. I also recommend that you include reinforcement on your doors with a product like Door Armor MAX which will defeat many forced entry attacks. You may also want to consider Window Security Film to keep glass from being smashed out by burglars (especially glass that is in your exterior doors).
You can of course leave your TV on while you are away giving the impression that someone is home, but you can also use a FakeTV FTV-11-US Extra Bright Burglar Deterrent. You may also want to use timers to turn lights, a radio, or other devices on and off throughout the day.
Since most burglars will leave immediately if a security alarm goes off, it is probably worth investing in one. There are companies that provided professionally installed and monitored alarm systems, and if you can afford them, this is a good option. But something like the Fortress Security Store S02-A Wireless Home and Business Security Alarm System may be an option if you choose not to have a centrally monitored system.
Burglars generally consider security cameras a deterrent. Installing a good quality security camera can let you keep an eye on your home, even when you are away. If you choose not to install a real security camera system, a couple of fake security cameras mounted outside of your home may serve as a deterrent to some criminals.
Taking just a few steps to add security to your home can make a big difference in keeping you safe from burglary. Each step should be calculated to DETER a burglar from attempting to access your home (make it look occupied and/or guarded by a big dog), DETECT a burglar who attempts to gain access to your home (use alarms, cameras, and security lighting), and DENY a burglar access by using strong security (door armor, window security film, and high security locks).
Burglars generally consider security cameras a deterrent. Installing a good quality security camera can let you keep an eye on your home, even when you are away. If you choose not to install a real security camera system, a couple of fake security cameras mounted outside of your home may serve as a deterrent to some criminals.
Taking just a few steps to add security to your home can make a big difference in keeping you safe from burglary. Each step should be calculated to DETER a burglar from attempting to access your home (make it look occupied and/or guarded by a big dog), DETECT a burglar who attempts to gain access to your home (use alarms, cameras, and security lighting), and DENY a burglar access by using strong security (door armor, window security film, and high security locks).
Wednesday, January 17, 2018
National Consumer Telecom & Utilities Exchange Disclosure Reports
The National Consumer Telecom & Utilities Exchange (NCTUE) is a credit reporting agency whose membership is comprised of companies that provide services (telecommunications, pay TV, and utilities) and report and share data relative to their customers’ account to aid in risk management. NCTUE maintains data such as payment and account history reported by its members.
The NCTUE data report is a record of all telecommunication, pay TV and utility accounts reported by exchange members, including information about a consumer’s account history, unpaid closed accounts and customer service applications. This information is used by other telecommunication, pay TV and utility service providers, who are members of the exchange, to assist them in the decision to extend services.
The NCTUE Disclosure Report is the disclosure to a consumer of the information contained in his or her data report.
As a consumer, you can contact NCTUE to determine if they maintain information about you.
To request a copy of your NCTUE Disclosure Report, call them at 1-866-349-5185 (you will be asked for your SSN and the numeric portion of your address), or you can mail your request to:
NCTUE Disclosure Report
P.O. Box 105161
Atlanta, GA 30348
As with other credit reporting agencies, you can place a 'security freeze' or 'fraud alert' on your account to limit disclosure of your information.
NCTUE provides information to companies that provide consumers with pre-approved offers of credit. If you would like to Opt-Out and exclude NCTUE information about you from being used in lists provided to companies that make pre-approved offers of credit (as provided in the Fair Credit Reporting Act), you may call them toll tree at 1-888-327-4376.
Tuesday, January 16, 2018
Understanding Digital Footprints
This document provides material designed to assist law enforcement personnel in protecting themselves and their families from becoming cyber targets: protecting personal information, cyber dos and don'ts, and links to further cyber training and resources. (2.26 MB)
The National White Collar Crime Center (NW3C) also offers a short on-line course: Understanding Digital Footprints (CS 110) - This course introduces learners to the concept of digital footprints and best practices in protecting personal identifying information. Topics include understanding consequences of oversharing personal information, limiting an individual’s digital footprint, protecting privacy on social media sites and steps to take after becoming a target of doxing.
The National White Collar Crime Center (NW3C) also offers a short on-line course: Understanding Digital Footprints (CS 110) - This course introduces learners to the concept of digital footprints and best practices in protecting personal identifying information. Topics include understanding consequences of oversharing personal information, limiting an individual’s digital footprint, protecting privacy on social media sites and steps to take after becoming a target of doxing.
Washington State DOL Stops Giving Personal Info to Feds
OLYMPIA, Wash. - The Washington state Department of Licensing says it will no longer release personal information to federal immigration authorities without a court order unless required by law. The agency announced the change Monday following a report in The Seattle Times last week that showed the department was handing over personal information to federal authorities 20 to 30 times a month. Washington is one of the few states that allow people without proof of legal U.S. residency to get driver's licenses. Officials also said the agency would end its practice of collecting "information that isn't mandated and could be misused," such as information on license applications about where a person was born.
When DOL gave information to ICE, it redacts a field on the driver's license application showing a Social Security number, but left visible fields showing where someone was born and the ID used (passports or other documents) -- information that could be used as evidence of a foreign-born person who possibly could be in the country illegally.
Monday, January 15, 2018
Risks Incorporated
I have previously written about foreign travel here in the blog, and for most people having a basic understanding of travel security will be enough to ensure a safe and successful trip. However, in some cases more in-depth training is needed.
DOD personnel traveling overseas are required to receive a travel briefing and comply with the provisions of the DoD Electronic Foreign Clearance Guide. Unfortunately, the travel briefings provided to DOD personnel are often little more than cut and paste from the State Department's web-site and excerpts from the Foreign Clearance Guide itself. My experience with the foreign travel and security briefings I have received from DOD Anti-Terrorism Officers is that such briefings are little better than useless, containing no analysis or area specific research.
Risks Incorporated training however helps you understand the risks that exist in certain parts of the world, and most importantly teaches you how to best avoid, or if necessary confront, these risks. In addition to their training courses, Risks Incorporated offers a series of Free Counter Terrorism, Travel Security & Tactical Training Booklets, that you can download.
Risks Incorporated is a progressive, European - owned and managed bodyguard school and specialist protection company that has proven itself many times on sensitive international operations. They supply corporate investigations, specialist security services, maritime security, executive protection, tactical firearms training, kidnap and ransom, bodyguard services and training worldwide.
The Consular Travel Advisory System
The U.S. Department of State has long issued messaging for the purpose of helping U.S. citizen travelers abroad make the right decisions to keep themselves safe and secure. Some of these were for short-term issues, and others explained longer-term, systemic issues affecting the security environment in a particular country or even across an entire region. Many in the private sector use these products to help formulate security plans for their personnel or facilities positioned abroad, or to govern their policies for international travel. That system has now changed, and many of the products travelers have come to know (such as Travel Warnings and Emergency Messages) are being reformatted, rethought, and simplified.
The State Department's Bureau of Consular Affairs (CA) on January 10, 2018 launched improvements to public safety and security messaging that will make it easier for U.S. citizens to access clear, timely, and reliable information about every country in the world. CA has replaced its former countrywide products, Travel Warnings and Travel Alerts, with a single "Travel Advisory" for each country. Each Travel Advisory for every country around the world will be paired with a level of advice based on one of four tiers.
The four levels of advice are:
Level 1 - Exercise Normal Precautions: This is the lowest advisory level for safety and security risk. There is some risk in any international travel. Conditions in other countries may differ from those in the United States and may change at any time.
Level 2 - Exercise Increased Caution: Be aware of heightened risks to safety and security. The Department of State provides additional advice for travelers in these areas in the Travel Advisory. Conditions in any country may change at any time.
Level 3 - Reconsider Travel: Avoid travel due to serious risks to safety and security. The Department of State provides additional advice for travelers in these areas in the Travel Advisory. Conditions in any country may change at any time.
Level 4 - Do Not Travel: This is the highest advisory level due to greater likelihood of life-threatening risks. During an emergency, the U.S. Government may have very limited ability to provide assistance. The Department of State advises that U.S. citizens not travel to the country or leave as soon as it is safe to do so. The Department of State provides additional advice for travelers in these areas in the Travel Advisory.
Conditions in any country may change at any time.
The complete report can be viewed at OSAC.
Sunday, January 14, 2018
CBP Can Demand the Passwords to Your Electronic Devices
An article at "The Identity Project" - New DHS policy on demands for passwords to travelers’ electronic devices - stated that "US Customs and Border Protection [CBP], a component of the Department of Homeland Security, [on January 5, 2018] posted a revised policy on Border Searches of Electronic Devices and a Privacy Impact Assessment of some of the changes made by the new policy.
CBP now says as follows...
Travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents... Passcodes or other means of entry may be requested and retained as needed to facilitate the examination of an electronic device or information contained on an electronic device, including information on the device that is accessible through software applications present on the device. If an Officer is unable to complete an inspection of an electronic device because it is protected by a passcode or encryption, the Officer may... detain the device pending a determination as to its admissibility, exclusion, or other disposition.
It seems that according to this policy, CBP can demand that you provide them with the passwords for your electronic devices, allowing them to them go through whatever information those devices may contain. If you refuse to provide your password, CBP can "detain your device" [steal it?]!
More from the Identity Project can be found at https://papersplease.org/
Subscribe to:
Posts (Atom)