The Cyber BLU Project

Gang Stalking Pt 2

2009-08-06T03:10:00.001-04:00

Gang Stalking Techniques

Crowding/Mobbing,
Directed Conversation,
Electronic Harrassment,
Entrapment,
Intimate inftration,
Mimicking,
Slander,
Street theatre,
Telephone redirects,
Etc

Gang Stalking

2009-08-03T01:23:00.001-04:00

Gang Stalking is really a covert government or police investigation.
It's similar to Cointelpro or red squads, and it's being used on a lot
of innocent people to ruin them and make them look crazy. Gang
Stalking is all about government disinformation, and using civilian
spies/snitches to help with stalking and monitoring innocent people.

Resources/Links:

http://www.newswithviews.com/Stuter/stuter78.htm

http://www.urbandictionary.com/define.php?term=gang%20stalking

http://gangstalkingworld.com/

Not Crazy... Gang Stalking Victim?

2009-08-03T01:15:00.001-04:00

http://www.newswithviews.com/Stuter/stuter78.htm

gang stalking

2009-08-03T00:20:00.000-04:00

gang stalking

Gang Stalking is really a covert government or police investigation.
It's similar to Cointelpro or red squads, and it's being used on a lot
of innocent people to ruin them and make them look crazy.

Gang Stalking is all about government disinformation, and using
civilian spies/snitches to help with stalking and monitoring innocent
people.

Remove Malware

2009-08-03T00:04:00.001-04:00

Why #malware is a Form of Virus and What You Need to Do to Remove Bad
#malware

http://url4.eu/APN3

Twitter link:
http://twitter.com/MalwareNews/status/3096544479

Tweet from InformationWeek

2009-07-04T00:23:00.000-04:00

InformationWeek Analytics: Data Loss Prevention http://tinyurl.com/nc3dqh

http://twitter.com/informationweek/status/2464897118

If You Need Help With an Internet Problem You're Screwed

2009-02-21T19:15:00.001-05:00

If you need help with an internet problem the FBI can't help you. One of my blogs was hacked exposing me and my readers to a world of problems. All of my internet accounts were affected. I did what I was supposed to do. I filed a report with the FTC, the credit agencies, and called the social security adminstration. I also call the local FBI office. Where I was asked to leave messages, hung up on, and then finally told there was nothing they could do. I am not only angry, but scared. I asked one person there, "Do you mean that if if one or more citizens called in a internet attack it would take the FBI weeks to respond?" "What is homeland security doing?" She said I should call my congressman.

I'll post more details of this problem in the next coming weeks. In the mean time check one my new twitter page.

FBI Forced To Divert Antiterrorism Agents To Help Untangle $50 Billion Madoff Swindle

2008-12-22T23:50:00.001-05:00

Yep. Bush genius at work. Pick a cause already. Spying on Americans just got a lift.
About Bernard Madoff
Read the Article at HuffingtonPost

Dennis Blair: Director Of National Intelligence?

2008-12-20T18:26:00.001-05:00

Are these American spy programs working? How do we know? We still can't find bin laden, but there is a housewife in Montana who's a threat.
Read the Article at HuffingtonPost

Protecting Your Privacy When Job Hunting

2008-11-27T05:48:00.001-05:00

You are correct to be concerned that a job search might no longer be a private affair, especially when executed on the Internet. In the early days of digital job hunting, many job seekers' biggest concern was whether their current employers would get wind of what they were doing.

read more | digg story

Verizon Employees busted spying on Obama cell records

2008-11-21T04:23:00.001-05:00

Records from a cell phone used by President-elect Obama were improperly breached, apparently by employees of Verizon Wireless, his transition team said Thursday.

read more | digg story

New Visa Card, Generates Random Security Codes

2008-11-21T04:19:00.001-05:00

In response to popular concerns with online credit card fraud, Visa Europe has announced a newly designed credit card, complete with a keypad and digital number display, according to the Daily Mail.

read more | digg story

Report: White House e-mail system attacked

2008-11-21T04:16:00.005-05:00

It was revealed this week that the presidential campaigns of Barack Obama and John McCain were hacked over the summer. Now, a report has surfaced that the White House has suffered multiple attacks in recent months as well.

read more | digg story

New Visa Card, Generates Random Security Codes

2008-11-21T04:16:00.003-05:00

Deleting your digital past -- for good

2008-11-21T04:16:00.001-05:00

Can you erase your tracks online? We tried to get a few bad mentions off the Net forever. Here's how we did.

read more | digg story

Feds can track cellphones without consulting providers

2008-11-21T04:15:00.003-05:00

Documents obtained by civil liberties groups under a Freedom of Information Act request suggest that "triggerfish" technology can be used to pinpoint cell phones without involving cell phone providers at all.

read more | digg story

How a camera can 'steal' your keys

2008-11-21T04:15:00.001-05:00

Hide those keys. A quick camera phone picture could unlock your doors.

read more | digg story

Oregon Woman Loses $400,000 to Nigerian E-Mail Scam

2008-11-21T04:14:00.001-05:00

An Oregon woman who is out $400,000 after falling for a well-known Internet scam says she wasn't a sucker or an easy mark.

read more | digg story

How to catch hackers on your wireless network

2008-11-15T11:22:00.007-05:00

And how to defend your Wi-Fi from future attacks

read more | digg story

Social networking sites to be snooped on by security service

2008-11-15T11:22:00.006-05:00

Information collected from the sites is likely to be used to build a new super-database at the heart of Government, allowing officials to monitor people's every online move.The plans were dismissed as "Orwellian" by Opposition parties while campaigners said that monitoring internet traffic was evidence of the rise of the "stalker state".

read more | digg story

Study: Only 4.13% of the Web is Standards-Compliant

2008-11-15T11:22:00.003-05:00

Opera has developed a new indexing system that analyzes the structure of web content and it found that only 4.13 percent of the 3.5 million pages indexed by the system actually pass the W3C's validator.

read more | digg story

Preview: Top security threats for 2009

2008-11-15T11:21:00.004-05:00

Cellphones will become members of botnets. VOIP systems will get hit by blackmailing denial-of-service attacks. The cybercrime economy will thrive, even as the global economy struggles.

read more | digg story

Hackers spy on your keyboard by reading electromagnetic data

2008-11-15T11:21:00.001-05:00

Some folks from the Security and Cryptography Lab at Switzerland's EPFL have managed to eavesdrop on the electromagnetic radiation shot off by shoddy wired keyboards with every keystroke. The attack works through walls, as far as 65 feet away, and analyzes a wide swath of electromagnetic spectrum to get its results.

read more | digg story

Hackers tap in to Obamamania

2008-11-15T11:20:00.004-05:00

Obama supporters under fire.

"Hackers seeking to exploit the global interest in Barack Obama’s sweeping election victory have bought their way to the top of Google results page. Searches involving the keyword Obama generated a sponsored link reading "Download Now”. People who clicked on the link would reach a web page infected with malicious software."

read more | digg story

Humiliate Plagiarists in 3 Easy Steps

2008-11-15T11:20:00.003-05:00

A simple and easy way to ensure plagiarists stop stealing your website content.

read more | digg story

Why is Google Running Ads for Known Malware Sites?

2008-11-15T11:19:00.001-05:00

While researching an antivirus article here at Maximum PC, we noticed something very curious: a Google AdWords link called “Antivirus xp 2008,” which led to the url “antivirus-world-2009.com.” (Don't go there)

read more | digg story

Kevin Mitnick Tells All in Upcoming Book

2008-09-15T03:23:00.001-04:00

Kevin Mitnick Tells All in Upcoming Book -- Promises No WhiningNow that the statute of limitations has lifted on many of his crimes -- as well as a seven-year court ban prohibiting him from writing about them (the ban ended midnight on January 28, 2007) -- former hacker Kevin Mitnick is telling his story in a book to be published next year.

read more | digg story

10 Extremely Useful Websites to Stop Big Brother From Snooping on You

2008-09-15T03:21:00.004-04:00

If you are tired of receiving junk mail, spam and annoying telemarketing phone calls, then this list is for you. If you desire to take steps to stop the snooping from the government, hackers and marketing agencies, then this list will show you the way to privacy freedom.

read more | digg story

Top 5 Gadgets That Could Get You Arrested

2008-09-15T03:21:00.003-04:00

OK, we'll admit it. Some of us are drawn to dangerous gear like bears to a picnic basket. Although we'd never condone breaking the law with these five gadgets, we can't deny our morbid fascination with them. Just remember: If misused, these gizmos could get you slapped with a set of handcuffs along with a criminal record.

read more | digg story

Wireless Security In-Depth

2008-09-15T03:15:00.004-04:00

If we had told you eight years ago, when 802.11b was really taking off, that one day in the future you would be able to pick up at least ten different wireless networks on any given block of a major metropolitan city, you might have believed us.

read more | digg story

Court: warrant needed to turn cell phone into homing beacon

2008-09-15T03:15:00.003-04:00

It just got a bit harder for law enforcement agencies to turn your cell phone into a personal tracking device: a federal court yesterday slapped down the Justice Department's appeal of a February ruling that required investigators to seek a probable cause warrant before acquiring historical records of a cell phone users physical movements.

read more | digg story

Social Engineering Fundamentals, Part I: Hacker Tactics

2008-05-24T19:41:00.003-04:00

Social engineering is the technique of circumventing technological security measures by manipulating people to disclose crucial authentication information. In this article, SecurityFocus writer Sarah Granger begins a two-part look at social engineering, including a look at motives, different techniques, and some accounts of successful attacks.

read more | digg story

UK to monitor and record every phone call, web page & email

2008-05-23T17:28:00.003-04:00

We're not sure if these plans will ever make it to reality, but the Telegraph is reporting that Britain's Home Office is working on database designed to store the details of every phone call, email, and web page accessed by British citizens in the previous year. The idea is to have various telecom providers hand over their records...

read more | digg story

5 Important Security Apps for Linux, Mac, and Windows

2008-05-21T13:52:00.001-04:00

We've got you covered with five freeware or shareware security tools for Linux boxes, Macs, and Windows machines, all recommended by Ars staffers.

read more | digg story

The ABCs of securing your wireless network

2008-05-21T13:51:00.001-04:00

Sometimes you don't need to know everything about wireless to secure a home or home-office network; you only need to know what's important.

read more | digg story

Wiretapping is really, really easy

2008-05-21T13:50:00.006-04:00

Ask Pellicano, whose case went to the jury last week, and offered arguably more for people who enjoy talk of encryption software, code-wiping booby traps or the low-tech secrets of phone company networks than anyone else.

read more | digg story

Government wiretaps—the ones we know about—up 20% for 2007

2008-05-21T13:50:00.004-04:00

Data released this week on 2007 wiretaps shows that nearly all intercepts are for "portable devices" and 80 percent of all taps target drug criminals. Secret FISA warrants are also up, and no one knows what's happening with warrantless surveillance at the NSA.

read more | digg story

Where The Web Is Weak

2008-05-21T13:49:00.001-04:00

Many of the Web's millions of insecure pages can be hacked with just one or two tricks. But patching the bugs in each of those vulnerable sites requires a unique solution.

read more | digg story

The Steps of Reporting Identity Theft

2008-05-21T13:48:00.004-04:00

I hope no one has to go through that step, but just in case ...

read more | digg story

“Formatting” An iPhone To Wipe Data

2008-05-21T13:47:00.001-04:00

You can easily recover data from a refurbished iPhone. Here's a guide to overwriting your personal data. via Hackaday

read more | digg story

Acceptable Use: What Privacy are You Entitled to at Work?

2008-05-09T00:28:00.002-04:00

You're screwed. Many employers monitor all employee communications-and are within their rights to do so.

read more | digg story

Wiretapping is really, really easy

2008-05-08T22:41:00.001-04:00

Government wiretaps—the ones we know about—up 20% for 2007

2008-05-08T22:40:00.001-04:00

Tracking On the Net

2008-03-21T19:18:00.001-04:00

The New York Times

A Push to Limit the Tracking of Web Surfers’ Clicks
By LOUISE STORY
Published: March 20, 2008
The use of target advertising on the Internet is being challenged by members of the New York State Assembly.

Google Can be Scary

2008-02-23T21:39:00.001-05:00

RFID

2008-02-23T21:21:00.000-05:00

An End to Internet Privacy?

2008-02-23T21:16:00.001-05:00

Disk Encryption in notebooks vulnerable

2008-02-23T03:19:00.001-05:00

A team from Princeton University has developed ways to break disk encryption, including Bitlocker, Truecrypt, Apple encryption, and Linux encryption, if the computer is in sleep mode or sitting at a password prompt, or even if it's just been turned off.

read more | digg story

Bad Form: Companies Still Send Passwords via Email

2008-02-21T02:10:00.001-05:00

"Why is it that some companies still insist on sending me my password via email right after I create my online account? The reason I have a password in the first place is so that it doesn’t flow back and forth openly in cyberspace only to reside peacefully on multiple mail servers."

read more | digg story

Make Sure You Know When Someone Hacks Your Email

2008-02-21T02:06:00.003-05:00

If someone has cracked your email password, it may not be apparent to you. A snooper can easily read an email then mark it as unread again. So the best thing to do would be to set up an “electronic tripwire” so if someone breaks into your account, you’ll know about it.

read more | digg story

10 Extremely Useful Websites to Stop Big Brother From Snooping on You

2008-02-12T22:23:00.001-05:00

CIA Says Hackers Have Cut Power Grid

2008-02-12T22:20:00.001-05:00

Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.

read more | digg story

CIA Says Hackers Have Cut Power Grid

2008-02-12T22:19:00.001-05:00

Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.

read more | digg story

R.I.P. American Privacy. We will miss you.

2008-02-12T22:18:00.001-05:00

The FBI is gearing up to create a massive computer database of people's physical characteristics, all part of an effort the bureau says to better identify criminals and terrorists.Slowly, but surely everything we know about privacy is changing. The scary thing is we have very little control over it. The only protection is knowledge. If you know it's happening you (we) can make better decisions.

read more | digg story

Hackers brutalize Scientology's security defenses

2008-02-12T22:12:00.001-05:00

This evening, Splongcat of project chanology revealed IP adresses, which were hacked through prolexic Anti-DDoS services. Appareantly PROLEXIC security is no match for Anonymous hackers, who claim that the company is "amateuristic and unable of basic networking at best."Splongcat comments: We did it for lulz

read more | digg story

Microsoft slams the door on Vista pirates

2008-02-12T22:11:00.001-05:00

With the launch of SP1 Microsoft promised to put an end to two popular hacks used by pirates to allow a non-genuine install of Windows Vista to function in the same way as a genuine install. Testing that I’ve carried out in the lab today suggests that Microsoft has been true to its word.

read more | digg story

Google's Growth Prompts Privacy Concerns

2008-02-12T20:46:00.001-05:00

Can Google become one of the greatest privacy risks on the Internet? Maybe it's too much of a good thing.

read more | digg story

Five Mobile Trends for 2008

2008-01-18T18:47:00.001-05:00

Among them: wireless carriers sharing networks and pushing data services, and the release of more multimedia devices like the iPhone

read more | digg story

The Big Brother Watching Your Screen !!

2008-01-13T02:28:00.001-05:00

Van Eck phreaking is the process ofeavesdropping on the contents of a CRT displayby detecting its electromagneticemissions.Information that drives the videodisplay takes the form of high frequencyelectrical signals.

read more | digg story

Defend privacy: support EPIC

2008-01-13T02:26:00.001-05:00

EPIC defends everyone's privacy. Read about EPIC's 2008 privacy campaigns and how you can help.

read more | digg story

How to Stop Identity Theft: An Essential Guide

2008-01-13T02:07:00.001-05:00

Great tips on preventing identity theft.

read more | digg story

Do You Trust Your Cell Phone?

2007-12-23T00:12:00.000-05:00

Ask Eraser

2007-12-22T20:02:00.000-05:00

I love this privacy feature. Ask.com has a feature called "Ask Eraser". When turned on the Ask.com servers will NOT save your searches. Both Yahoo and Google search engines save your searches FOREVER.

The FTC ID Theft Quiz

2007-12-17T22:36:00.000-05:00

I found this quiz from the FTC very useful in my own fight with ID theft. I think you will too.

http://onguardonline.gov/quiz/idtheft_quiz.html

Will You Be My Friend? CyberBLU on MySpace

2007-12-12T01:17:00.000-05:00

Visit My Blog on Myspace for even more information you can use. http://www.myspace.com/thecyberbluproject

Google's Fight

2007-12-02T15:38:00.000-05:00

He's nailed it. Again it's the money that talks. What do you think?

Google is fighting the wrong battle on that subpoena

by Daniel Brandt
February 25, 2006

I've been asked more than once what I thought of Google's opposition to the Justice Department's request for search-term data. Recently the Department received information on search terms from Microsoft, Yahoo, and AOL. Google, however, is resisting the Department's subpoena, and the two sides will be in court next month. Both Google and the Department have now explained their positions in written briefs.

My response has been that Google is posturing, and it deserves to lose this case in court. Microsoft, Yahoo, and AOL did the right thing by complying with the subpoena, which is not to say that they are good guys. They'll probably do the wrong thing the next time they get a subpoena. The main problem with the Justice Department's request is that it's a slippery slope, and the next subpoena could request identifying information. But in this case the Department did not ask for, and does not want, any information that is personally identifiable. Google is hurting everyone's chances of prevailing on the next case, by advancing weak arguments on the current case. That's why I call it "posturing."

For years, Google has shown search-term statistics on their "Zeitgeist" pages, and they even break it down by country now. A big screen in the lobby of Google's corporate headquarters has a real-time display of search terms, along with the city or country where the search originated. Pornographic terms are filtered out before this data is analyzed or displayed, since it's designed as a gimmick to show how cool Google is. The Justice Department wants unfiltered data. A court has said that the government needs more information on how well the Internet is protecting children from access to porn.

This week the Department filed an answer to Google's misguided screed about trade secrets and "privacy perceptions" (yes, trade secrets are much more important to Google than privacy). The subpoena requested that Google remove any identifying information from the search requests. "The study does not involve examining the queries in more than a cursory way. It involves running a random sample of the queries through the Google search engine and categorizing the results," a statistics professor at the University of California said.

Google is worried that if they provide raw data on search terms, then everyone will know what many already know. The dark secret for search engines is that the protection of children gets a much lower priority than advertising revenue. For Google to even use the word "privacy" in this case is bogus.

Why did Google pick this particular fight, which is ill-advised at best? It may have been perceived as good short-term public relations. Ever since its IPO in 2004, most of the spin from the Googleplex is aimed at keeping its stock price in the stratosphere. One gets the feeling that much of this spin is disorganized, and devoid of any long-term considerations.

Ironically, Google's position on this subpoena has resulted in a substantial increase in Scroogle traffic. While Google-Watch and Scroogle have said for years that Google saves everything they can find out about you, and never deletes anything, during those years the pro-Google pundits ignored us. They just threw out some slurs about my tin-foil hat, and that was the end of the story for them. Now Google's position makes it clear that they do have the information that I said they had. Recently, Google even admitted to a reporter that they can call it up by the globally-unique ID in the cookie or by IP address. Google's position on the subpoena has broadcasted the same message in a few weeks, that I unsuccessfully tried to broadcast for more than five years. Among those who have so far heard about the subpoena, most had no idea that Google saved all that information.

It's easy to see why Google thought their position would be well-received in the short term. How many superficial pundits have presented Google as heroic for its position on this subpoena? Now how many of them have ever mentioned the term "data retention" in same sentence as "Google" at least once during their career? If Google was interested in privacy at all, they wouldn't indefinitely save all that data that they collect on you. They don't need more than a few weeks worth to profile you, and it's not illegal to truthfully tell the government that the older data you once had, has already been deleted. But it never occurs to pro-Google pundits that if the data exists, it is subject to subpoena. The first questions should be, "Why does it exist at all? Why is Google saving all this stuff?"

Google's arrogance will be its downfall. Their undeserved wealth, 99 percent of which comes from ads that are the driving force behind web spam, has isolated them from reality. Increasingly Google lacks the capacity to assess the long-term consequences of its actions. They are starting to make mistakes. Most pundits don't notice this yet, because Wall Street loves bubbles.

Google needs a smarter legal department, and it will never happen. Larry, Sergey, and Eric make all the major decisions, and any lawyer with a realistic sense of what's happening in the legal, political, and social sphere, and can competently pick which battles to fight, would not get hired. He wouldn't be cool.

Cyber Tips- Part One

2007-11-30T23:34:00.000-05:00

| View | Upload your own

Social Engineering -You Can't Trust Anyone.

2007-11-25T00:59:00.000-05:00

I have said it before and I will continue to say it. We are the Number One threat to our privacy. We give friends and coworkers our passwords, give personal information to strangers, and post our entire lives on the internet. Most of the time just because we're asked too (Social Engineering).

The number one solution to privacy issues and ID theft is both easy and hard. Stop trusting people. Step two, Lie. When you're online lie about your name, address, occupation, etc. I have an email I used for family, and another I use for everybody and everything else. Every once in a while I delete the everybody & everything email and start over. We have got to change our habits and mindset first to successfully fight for our privacy.

Facebook Ruins Christmas? [Privacy]

2007-11-21T19:51:00.001-05:00

Facebook sucks!! I have no idea why they would even want to give out this info. I think they really just don't care. We need to make them and others like them give a damn.

MoveOn.org is annoyed with Facebook over privacy issues. Apparently, people on Facebook can see what you've been buying on sites unrelated to Facebook and share this information with your friends. According to MoveOn.org, this is not only a violation of privacy (the feature is opt-out rather than opt-in), it's been ruining Christmas/Holidays/Birthdays/Whatever for Facebook users.

From MoveOn.org:

"Oh my gosh, my cousins entire christmas shopping list this week was displayed on the [Facebook News] feed. thats so messed up. This has gotta stop!" - Tasha Valdez from Michigan:

"I saw my gf bought an item i had been saying i wanted... so now part of my christmas gift has been ruined. Facebook is ruining christmas!" - Matthew Helfgott from NY We thought this sounded psychotic so we logged in to our mostly-neglected Facebook account and sure enough...one of our friends had bought a T-shirt from Busted Tees. We asked him if he knew that this information was being broadcast on Facebook.

Guy We Know: man that is kinda creepy

Consumerist: apparently this is ruining people's shopping for gift-type sh*t

Guy We Know: yeah I would prefer they'd not

Guy We Know: "User privacy is extremely important to Facebook. We designed Facebook Beacon to enable effortless sharing, but we've also put in features to protect user privacy. When you send an action to Facebook, the user is immediately alerted of the story you wish to publish and will be alerted again when they sign into Facebook. The user can choose to opt out of the story in either instance, but the user doesn't need to take any action for the story to be published on Facebook."

Guy We Know: yeah that never happened

Consumerist: Ugh.

Facebook must respect privacy [MoveOn via BoingBoing]

(Photo:Boris Veldhuijzen van Zanten )

Bush homeland security adviser resigns (AP)

2007-11-20T02:10:00.001-05:00

AP - Fran Townsend, the leading White House-based terrorism adviser who gave public updates on the extent of the threat to U.S. security, is stepping down after 4 1/2 years.

MPAA: Linking college funding, piracy is 'perfectly legitimate'

2007-11-20T02:03:00.001-05:00

They are out of their minds. Bastards. Anything for money.

WASHINGTON--What's wrong with Congress being a little stingy about doling out taxpayer dollars to universities if they let peer-to-peer file-sharing pirates run amok on campus networks?

Not a thing, says the Motion Picture Association of America's top lawyer in the nation's capital.

MPAA Washington general counsel Fritz ...

PayPal Secure Card Offers Protection

2007-11-20T01:57:00.001-05:00

Great Idea. I may use paypal more now.

Online payment service PayPal is preparing to launch PayPal Secure Card, a software utility that's designed to help users fill out payment info on e-commerce sites in a secure way. PayPal Secure Card generates a unique MasterCard number every time a PayPal user uses the software on an ecommerce site—and because it's a MasterCard number, the software even lets PayPal users conduct transactions on sites that don't accept PayPal.
Secure Card has been in wide testing over the last year, with an estimated 3 million PayPal users checking out the system. PayPal Secure Card will be available as a browser plug-in beginning November 20 to U.S.based PayPal users; support for international markets sh

Senate passes cybercrime bill aimed at restitution - Network World

2007-11-19T05:08:00.001-05:00

Senate passes cybercrime bill aimed at restitution - Network World

Whoo Hoo...It's about time! The rights of the victims first.

Now, a way to stop ID theft -Great advice

2007-11-12T20:33:00.001-05:00

For the first time, everyone in America can now do something to prevent identity theft. Read on and I’ll show you how.

On Nov. 1, the nation's three credit bureaus gave all U.S. consumers the ability to shut down access to their credit reports, making it almost impossible for a stranger to get the data needed to commit financial identity theft. The process is called a security freeze.

The change was not really voluntary. The credit bureaus battled with state legislators for nearly four years to avoid making the freezes available to consumers. But after 39 states passed security freeze laws of one kind or another, the industry decided earlier this year to make the option available to everyone. But there's a catch.

Using security freezes can be costly, and they can be a hassle. But that's just the bad news. I'll save the good news for later.

Here's the main “gotcha.” For most of you, it will cost $10 to establish a security freeze. And once a freeze is in place, you won't be able to apply for new loans without "thawing" the report so a lender can assess your credit information. That costs money too -- $10 each time you need a car loan or a home loan. That doesn’t sound too bad until you realize that there are three credit bureaus, and many households have two adults. That means it could cost a couple $60 each time they set up or lift a freeze.

Then there's the hassle. Setting up a freeze requires irritating paperwork like sending certified letters. And it means keeping track of freezing and thawing. It does no good to freeze one or two reports. If you want real identity theft protection, you'll have to freeze all three. If you want to get a new credit card, you’ll have to thaw at least one report. To buy a new house, you’ll probably have to thaw all three, then make sure they are frozen again.

Here's the good news. All those state laws about security freezes are still in effect, and some forward-thinking legislatures imposed price caps on the process. So a freeze might be cheaper, depending on where you live. In Maryland, for example, consumers pay a maximum of $5 for freezes. In New York, the initial freeze request is free.

Advice for ID theft victims

There's more good news: ID theft victims everywhere can now get and maintain security freezes for free – free to set, free to thaw and free to permanently remove.

The advice for ID theft victims is easy: Follow the links below and freeze your credit reports immediately. A security freeze is the best way to restore your peace of mind. The freeze won't stand in your way when you need a new credit card or loan; there will just be a small speed bump. You will have to give the bureaus a password -- a PIN code similar to a debit card password – to let you unlock your report so a creditor can peek at it. You might have to think a bit more before you obtain new credit, but that's not such a bad thing.

To get a free freeze, you will need a police report or similar government document to prove you are a victim.

One note about the process of recovering from a bout with an identity imposter: The police or your financial firm might suggest that you set up a "fraud alert" or “security alert” on your account. The proper term is “fraud alert,” which is very different from a security freeze.

Fraud alerts are easy to set up (a simple phone call will do) and free. Unfortunately, they often don't work. The alert is simply a note in your credit file that advises businesses that you might be a victim of ID theft. Lenders can still pull your credit report and dole out loans or credit cards in your name. Fraud alerts also expire in 90 days, unless you follow up with paperwork, so you might as well get a freeze.

Security freezes provide much stronger protection. No one can access your credit report without your permission, period.

The credit bureaus encourage consumers to get only a fraud alert because their agenda is to keep you an active participant in the credit market (i.e., they want to keep pushing credit cards at you). You are better off with a security freeze, and don't let anyone tell you otherwise.

Advice for everyone else

The decision to freeze or not is a bit more nuanced for those who haven’t been victimized by identity theft. It's hard to tell someone to pay $60 and fill out of bunch of paperwork as a purely preventative measure. In states where security freezes have been available for years, very few consumers have signed up.

Consumers Union is very high on freezes. Gail Hillebrand, the group's credit bureau expert, compares freeze fees to paying for insurance.

"If you are the person in the household who will have to unravel the identity theft after it happens, then you probably think $10 a pop is a good deal," she said. Consumers who are already paying for $10-per-month credit monitoring services should cancel and pay for security freezes instead, she said.

For consumers who pay their bills on time every month and stay on top of their paperwork, a freeze is a good choice. But many consumers will have a difficult time keeping track which reports have been frozen and which have been thawed, and how much they’re paying in fees. If that's you, I can't recommend setting up and paying for freezes. Instead, take the time to write one letter to your state legislator asking why consumers in New York get freezes for free and you don't.

There is a class of consumers who are great candidates for a freeze: Those whom Hillebrand describes as "mature in the credit market." Many older consumers have as many credit cards as they'll ever need and have no plans to buy a car or a house in the near future – or perhaps ever again. For them, a security freeze is great insurance against becoming a victim of elder fraud, and obviously won’t be a hassle to maintain, as thaws are unlikely. If you or your parents fit that bill, the $30 or $60 that it costs to sign up for freezes would be money well spent.

In a few states, seniors get to freeze their reports for free. Check the links below for specifics.

How to do it

Setting up a freeze isn't rocket science, but it will take you about as much time as it takes to make a loaf of bread. So here's the recipe.

Instructions for residents of each state are slightly different. Fortunately, the three credit bureaus have fairly simple grids on their Web sites explaining what the costs are and the process is. Remember, you'll have to get a freeze at all three bureaus.

Equifax

General info:

http://www.equifax.com/securityfreeze/index.html

State-by-state information

http://www.equifax.com/securityfreeze/state_file_freeze_grid.html

To get a freeze, Equifax wants you to send a certified letter with seven specific elements to Equifax Security Freeze/P.O. Box 105788/ Atlanta, Georgia 30348. The elements are spelled out clearly on the general information page, but they are, basically -- name, address, date of birth, SSN, utility bill for proof of address, payment and a police report if you are a victim.

Experian

General info and state-by state information

http://www.experian.com/consumer/security_freeze.html

To get state-specific information, scroll to the bottom of the page and pick your state from the drop-down menu.

Before giving you the information you need, Experian will warn you that a security freeze may make your credit life very difficult. Take that with a grain of salt, and then pick your state. You'll send the request by certified or overnight mail to Experian/ P.O. Box 9554/ Allen, TX 75013. Again, the recipe is listed on the firm's Web site, but it will call for a name, SSN, date of birth, current and past addresses dating back two years, a copy of your driver's license, and one utility bill.

TransUnion

General info and state-by-state information

http://www.transunion.com/corporate/personal/fraudIdentityTheft/preventing/securityFreeze.page

Send your freeze requests to Trans Union/Fraud Victim Assistance Department/ P.O. Box 6790/ Fullerton, CA 92834. A few state residents can call instead of write -- check the link above. Trans Union wants the following on the letter: name, address, Social Security Number, a copy of your driver's license and payment.

I know you are busy, and I know this is a hassle. But if you throw a loaf of bread in the oven, you'll be able to fill out the necessary paperwork by the time it’s done. And you'll have twice the sense of accomplishment.

There are a couple of asterisks I need to tell you about. While the freeze provides solid identity theft protection, it's hardly foolproof. It can't stop non-credit-related forms of ID theft, such as the creation of a duplicate driver's license or criminal identity theft (when a suspect gives your name to police when booked for a crime). It also won't stop an undocumented worker from using your Social Security Number to obtain employment.

And sadly, it won't stop every company from accessing your credit report. New creditors are largely frozen out, but existing lenders -- your current credit card company, for example -- can still view your report and offer you new credit cards. It also won't stop those pre-approved credit card offers. The bureaus can still give your name and address to credit card companies. Of course, you can stop those mailings by calling 1-888-5OPTOUT or visiting http://optoutprescreen.com.

Finally, a freeze may lead to minor inaccuracies in your credit report. Companies that provide data to the bureaus might not be able to update your address information or other vital statistics if you move or change your name. So if you get a freeze, you should check your credit report at least once a year at AnnualCreditReport.com and make sure the information is accurate.

Despite these imperfections, a credit freeze is the best thing you can do – and in fact, the only thing you can -- to stop identity theft before it starts. Think of it like The Club you place on car steering wheels. Yes, the car can still be stolen, but many car thieves see a Club and move on to another target. ID thieves who face security-freeze speed bumps when trying to get credit cards or loans in your name are just as likely to move on to the next Social Security number.

Techdirt: Privacy Is About Controlling Information About Yourself

2007-11-12T20:27:00.001-05:00

Techdirt: Privacy Is About Controlling Information About Yourself

Okay, He has lost his damn mind. I will NOT turn over my privacy to anyone. I should trust them with my information? Hell, no!

Privacy Video

2007-11-10T00:15:00.000-05:00

I have included on my blog a collection of video dedicated to personal privacy. Just scroll down to the bottom.

What Do You Do When No One Believes You?

2007-11-10T00:00:00.001-05:00

You're crazy. Why would they do that? You're just paranoid. When I first realized my office was bugged I tried to tell someone. No one believed me. No one. Not my family or my friends. There were people at work who thought it was true. Either because they thought they too were bugged or heard of others on campus who had been in the past. What do you do? Hire professional help.
Hired a Private investigator. They can do a bug sweep, tell you what they can legally can and cannot do, and help you to gather hard evidence. Most people are trusting my nature, so it is sometimes unbelievable to them that people could be so evil.
Yes, there is no privacy at work, but audio surveillance was not allowed, and they should not have (but did) go through my personal belongs.

Technorati

2007-11-09T17:33:00.000-05:00

Technorati Profile

Is Your Boss Spying on You? Inside New Workplace Surveillance

2007-10-25T17:41:00.001-04:00

More stealthy and prevalent than ever before, corporate security software is monitoring your every move inside and out of the office, whether it’s with your corporate computer, e-mail, phone or BlackBerry. As PM’s senior technology editor reports in his biweekly trends column, your employer has more powerful tools to watch over you than the cops—and there’s nothing you can do about it.

Source - Popular Mechanics

Reddit It | Digg This | Add to del.icio.us

More People Are Freezing Credit Reports - AOL Money & Finance

2007-10-24T20:58:00.001-04:00

I actually see this as a great option. It put people in control of their credit. It's empowering.

More People Are Freezing Credit Reports - AOL Money & Finance

Disposable Email Addresses & Phone Numbers

2007-10-22T10:23:00.001-04:00

How many times has this happened...

You want to take a look a registration-first website but it looks a little shady and you fear eternal spam if you fill out the form. This is especially irritating when you are reading an article and halfway through, you get the old, "Please register to continue".

The concept is free and simple. Generate an email address, use it and dump it. It's seriously just that easy.

If you give Web sites and new contacts a disposable email address instead of your real one, you can selectively disable a disposable address as soon as you get spam through it, but continue using all other aliases. Disposable email address services provide this basic functionality, but some have other neat features that make life with email less spam and more fun.

PookMail.com is a disposable email account system. Use PookMail.com to avoid giving your personal email address to suspicious websites.It's very easy, anonymous and fun! Just think up a name and GO!

Mailinator is one of the best and top rated disposable email services that gives you a temporary mailbox on the following address format e.g. something@mailinator.com

MyTrashMail is another good temporary mail service that gives you a mailbox in the address format e.g. something@trashymail.com and also gives you secure temporary mailbox if you signup

MailExpire stands out in the crowd by giving you the option to have a temporary inbox ranging from 12 hours expiry to as long as 3 months

TemporaryInbox is yet another simple and easy to use temporary email service that gives you an email address in different formats

MailEater gives you a free temporary email inbox in the format e.g. something@MailEater.com

More services can be found at Top 20 Temporary and Disposable Email Services

Also, I happened upon a site named numbr. This site actually provides you with disposable phone numbers.I looked into it, tried it and frankly it's pretty cool. As of today they support 23 US cities, block telemarketers and allows for parental controls. In addition this crazy thing lets you embed a link to your website allowing your blog or website readers to reach you without knowing your real phone number.

More at their benefits page.If you want to check this out, visit numbr.com.

7 Tips for Improving Internet Security

2007-10-22T10:21:00.001-04:00

With the growth of the internet on a world wide basis, there has also been an increase in the number of scams and attempts to procure money or identity details illegally. This has given rise to the need to exercise caution in the websites frequented and to use credit card details responsibly for online purchases. Here are some guidelines to increase safety and protect your identity.

1. Always ensure that your browser version is keep up to date. This ensures that you are not exposed to old security flaws that are exploited by ‘phishers’. You can also consider using a browser such as Firefox which is less susceptible to attacks than Internet Explorer.

2. Always install operating system updates, service packs and released patches. This prevents outside attacks from exploiting known system vulnerabilities or taking control of system commands.

3. Install virus software and run this on a regular basis. Always update this continually to keep your database current. This will insulate your system against current known agents and help to remove or quarantine any suspicious files.

4. Run regular spyware and malaware checks to remove any files the software considers a problem. With browser hijackers, keyloggers and advertising tracking all presenting potential security threats, running regular system checks will keep your system free of unwanted files.

5. Do not reply to complete security or account details email requests unless you are absolutely sure the email is authentic. Many commercial companies are being targeted by ‘phishers’ who email account holders and direct them to third party websites under the false pretense of updating personal details. Individuals who comply are exposed to potential identity theft.

6. Complete online banking through secure channels and log out immediately after you have finished. Do not provide any account details to individuals over the internet or through email.

7. Install a firewall and keep it regularly updated. This will protect your computer from system attacks and port scan attempts by hackers looking for vulnerabilities.

If you follow the above advice you greater improve your personal security and minimize the chances of security breaches and identity theft. The best defense against malicious behavior is to take offensive action by installing appropriate security software and maintaining regular protocols when using sensitive personal details.

Guest Post By Andrew Winthorp - owns and operates http://www.phishing-defense.com. To publish a guest post on this blog , please leave a comment.

Google. Who's looking at you? - Times Online

2007-10-21T11:13:00.001-04:00

Google. Who's looking at you? - Times Online

Google as friend, or Big Brother | Technology | Guardian Unlimited

2007-10-21T11:12:00.001-04:00

Google as friend, or Big Brother | Technology | Guardian Unlimited

10 ways you can use open records to investigate environmental stories

2007-10-18T00:31:00.003-04:00

Today is Blog Action Day. Over 8,500 bloggers have promised to do a post today that relates in some way to the environment.

Our contribution is a list:

10 ways you can use open records to investigate environmental issues.

Since we focus on state and local FOIA, we’re going to focus on environmental concerns at the state and municipal level. We know that some of our readers think the government should do more to protect the environment and some of our readers don’t see the need for that.

However, each set of readers needs to know what, exactly, a local unit of government IS doing about the environment before they know whether by their lights it is too much, too little or just right. And that’s where open records comes in.

So, here’s a list of 10 open records requests you could file with a state agency, a city or county government, or a school district.

One.

The first tip is: start a blog. The story you uncover might be terrific but “small”. Blogs are great places to tell stories that can’t quite compete for space in the newspapers, but where the audience for your story can find it.

Two.

Is there a municipal golf course near you? What fertilizers and pesticides does it use? How much does it pay for irrigation? Send a FOIA request to the government agency that oversees the golf course and ask for those records. Ask for the records for 2-3 years to see if you can identify a trend.

Three.

One of the more controversial stories of the year was when the Tennessee Center for Policy Research sent out a press release about Al Gore’s energy consumption at his home near Nashville. They were able to legally obtain this information because in Tennessee, utility bills for anyone are a matter of public record. Whatever the law in your state about utility bills as public documents, there are bound to be some well-known buildings that are owned by a government agency.

In Wisconsin, the Governor’s Mansion:

is publicly owned. You can file a FOIA with the agency that takes care of a publicly owned building, asking to see the utility bills, even if private utility bills are not available in your state.

Four.

When you went to school for parent’s night, did you see any light bulbs that look like this?

If not, are you wondering when you ever will see any lightbulbs that look like that, at school or in the city or county offices? File a FOIA and ask for a copy of their energy management policy. (Of course, you might find out that they don’t have an energy management policy…which is a story in its own right.)

Five.

Do you ever wonder whether your local government is in the hip pocket of developers? File a FOIA with city or county politicians, asking to see their e-mail lists, or asking to see any and all e-mails they’ve received in the last month. This helps you understand who is communicating what to your elected officials.

Six.

You probably installed one of these at home years ago. Can the same be said of the local government buildings? How much did it cost and what impact has it had on energy use? File a FOIA to find out.

Seven.

By any chance, is your city planning to invest large sums of money in a new coal plant? Start filing FOIAs. Questions to ask: Can I see a copy of a feasibility study? A contract?

131 blog posts later, one blogger is still asking.

Eight.

As cities, counties and states come under increasing pressure to reduce greenhouse emissions, consultants will emerge to advise them. Who are these consultants? How much are they paid? Do they have an agenda? What is it? Are they working on a no-bid model because your local government wasn’t aware of any alternatives? File a FOIA.

Nine.

Does your city follow a fair permitting process? Do they abide by it? You can find out. Just file an open records request.

Ten.

Does your city or county have a policy on carbon emissions? (If you don’t know, by now you know one way to find out.) If they do have a policy, they have to have a way to track how things are going. You’d want to know what that method is, wouldn’t you?

That’s it. 10 ways you can use open records to investigate environmental stories.

Update: Chris Joyner has more ideas.

Og-Blog and pipelines.

Follow me and the Tennessee Department of Revenue down the open records rabbit hole.

2007-10-18T00:31:00.001-04:00

Bill Hobbs notes that the Associated Press was stonewalled recently by the Tennessee Department of Revenue, and that it’s the second time this year they’ve misread the law.

The first time, they declared that they weren’t going to give public records to the Tennessee Center for Policy Research (TCPR) on the grounds that it is not a “legitimate group”.

That assessment of TCPR by the Tennessee Department of Revenue has had, and still has, legs in some parts of the blogosphere. When TCPR sent out a press release in March based on Al Gore’s home energy consumption claiming he was an energy hypocrite, the Tennessee Department of Revenue’s assessment of TCPR as “illegitimate” became part of the story.

This blogger, for instance relies on a quote from an e-mail written about TCPR and its president Drew Johnson by the Tennessee Department of Revenue in order to draw the conclusion that:

He’s a well-known right-wing sociopath/gadfly.

This Huffington Post piece also draws on what the Tennessee Department of Revenue said about TCPR in response to TCPR’s open records request by way of discrediting TCPR.

The Tennessee Department of Revenue’s assertion that it didn’t have to give public documents to TCPR because it is not legitimate also shows up here.

And here too.

Reading all those blog posts, I think I’ve learned something valuable. Stay with me on this.

Media Matters for America reports that Drew Johnson of TCPR was once a Fellow at the Institute for Humane Studies.

My husband is on the board of the Institute for Humane Studies.

Perhaps even more significantly, Drew Johnson and I are friends on Facebook.

As I mull this over, I have concluded that:

Since I am married to someone who sits on the board of an organization that Drew Johnson was once attached to,

Since we know from the Tennessee Department of Revenue that TCPR and Drew are illegitimate,

Since illegitimacy is crippling and contagious,

Since I once worked for a newspaper that took Associated Press feeds (admittedly, only typing classified ads),

Since I am, ergo, on the wrong side and since I support the AP’s contention that the Department of Revenue ought to hand over those documents,

And since the Tennessee Department of Revenue’s beliefs about organizations are clearly credible, I disagree with them, and my associations are highly suspicious,

The Tennessee Department of Revenue therefore does not have to give the requested documents to the Associated Press.

I learned a lot when I took Relevance Logic in graduate school. It’s been enormously helpful to me in understanding these situations.

Bill would let ID theft victims seek restitution

2007-10-18T00:30:00.003-04:00

A bipartisan bill that would let victims of identity theft seek restitution for money and time they spent repairing their credit history was introduced on Tuesday in the Senate.

The legislation would also give federal prosecutors more tools to combat identity theft and cyber crime, according to sponsors Democrat Patrick Leahy of Vermont and Republican Arlen Specter of Pennsylvania.

Source - Washington Post

Reddit It | Digg This | Add to del.icio.us

Internet privacy stepped up with new rules

2007-10-18T00:30:00.001-04:00

Websites which publish people’s personal details such as their criminal record or sexual preferences will face heavy fines if the privacy protection body CBP gets its way.

The organisation has just published new recommendations to increase internet privacy which would give people the right to demand information about them is removed from websites.

Source - DutchNews.nl

Reddit It | Digg This | Add to del.icio.us

Rx data mining: Improving health care or invading privacy?

2007-10-17T04:40:00.001-04:00

Dr. Deborah Harrigan remembers the day two pharmaceutical company representatives told her she wasn't prescribing enough of a drug they sold.

The Rochester family physician, who was working at the city's Avis Goodwin Community Health Center at the time, said she was surprised they knew so much about her prescribing history.

The information comes from data mining companies, which collect, analyze and sell details about the type of prescriptions Harrigan and other physicians write. The practice isn't without controversy — Harrigan, for example, said she believes doctors at least should be told if their data is being collected and sold. That isn't now required.

Source - Fosters.com

Reddit It | Digg This | Add to del.icio.us

Social engineering (security) - Wikipedia, the free encyclopedia

2007-10-15T01:53:00.001-04:00

Social engineering (security)From Wikipedia, the free encyclopedia•
Ten things you may not know about images on Wikipedia •Jump to: navigation, searchThis article is about the manipulation of individuals. For social engineering in terms of influencing popular behavior, see Social engineering (political science).

Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information.

[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.Contents[hide] * 1 Social engineering techniques and terms o 1.1 Pretexting o 1.2 Phishing + 1.2.1 IVR/phone phishing o 1.3 Trojan horse/gimmes + 1.3.1 Road apple o 1.4 Quid pro quo *

2 Notable social engineers o 2.1 Kevin Mitnick o 2.2 Others *

3 United States law o 3.1 Pretexting of phone records o 3.2 The Gramm-Leach-Bliley Act (GLBA) *

4 Social engineering in popular culture *
5 See also * 6 Notes * 7 References * 8 Further reading * 9 External links[edit] Social engineering techniques and termsAll social engineering techniques are based on flaws in human logic known as cognitive biases.

[2] These bias flaws are used in various combinations to create attack techniques, some of which are listed here:[edit] Pretexting.
Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is typically done over the telephone. It's more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information (e.g., for impersonation: date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.This technique is often used to trick a business into disclosing customer information, and is used by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager (e.g., to make account changes, get specific balances, etc).

As most U.S. companies still authenticate a client by asking only for a Social Security Number, date of birth, or mother's maiden name, the method is effective in many situations and will likely continue to be a security problem in the future.

Pretexting can also be used to impersonate co-workers, police, bank, tax authorities or insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the target. The pretexter must simply prepare answers to questions that might be asked by the target. In some cases all that is needed is a voice of the right gender, an earnest tone and an ability to think on one's feet.Voice over IP programs are starting to become a standard in pretexting, as the absence of a traceable number makes the pretexter less vulnerable to being caught.[citation needed][edit]

Phishing Main article: PhishingPhishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an email that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not done. The letter usually contains a link to a fraudulent web page that looks legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.[edit] IVR/phone phishingThis technique uses a rogue Interactive voice response (IVR) system to recreate a legitimate sounding copy of a bank or other institution's IVR system. The victim is prompted (typically via a phishing email) to call in to the "bank" (via a provided toll free number) and verify information. A typical system will continually reject logins ensuring the victim enters PINs or passwords multiple times. More advanced systems will even transfer the victim to the attacker posing as a customer service agent for further questioning.[edit] Trojan horse/gimmes Main article: Trojan horse (computing)Gimmes take advantage of curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything from a "cool" or "sexy" screen saver, an important anti-virus or system upgrade, or even the latest dirt on an employee. The recipient is expected to give in to the need to see the program and open the attachment. In addition, many users will blindly click on any attachments they receive that seem even mildly legitimate.[edit] Road appleA road apple is a real-world variation of a Trojan Horse that uses physical media and relies on the curiosity of the victim. The attacker leaves a malware infected floppy disc, CD ROM or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk), gives it a legitimate looking and curiosity piquing label, and simply waits.For example: An attacker might create a disk featuring a corporate logo, readily available off the target's web site, and write "Executive Salary Summary Q1 2007" on the front. The attacker would then leave the disk on the floor of an elevator or somewhere in the lobby of the target company.An unknowing employee might find it and subsequently insert the disk into a computer to satisfy their curiosity, or a good samaritan might find it and turn it in to the company.In either case as a consequence of merely inserting the disk to see the contents, the user would unknowingly install malware on their computer, likely giving an attacker unfettered access to the target company's internal computer network.This method often uses "Autorun" systems so the user's computer is compromised the second the media is inserted.Note that the term 'Road Apple' has been re purposed from an older use meaning horse manure.[edit] Quid pro quoSomething for something: * An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access and/or launch malware. * In a 2003 information security survey, 90% of office workers outside of their building gave away what they claimed was their password in answer to a survey question in exchange for a cheap pen [1].[edit] Notable social engineers[edit] Kevin MitnickReformed computer criminal and security consultant Kevin Mitnick popularized the term, and points out that it's much easier to trick someone into giving you his or her password for a system than to spend the effort to hack in.[1] He claims it to be the single most effective method in his arsenal.[edit] OthersOther social engineers include Frank Abagnale, David Bannon, Peter Foster and Steven Jay Russell. Others under the pretense of Social Engineers include common confidence tricksters who have no real computer hacking expertise.[edit] United States law[edit] Pretexting of phone recordsIn December 2006, United States Congress approved a Senate sponsored bill making the pretexting of telephone records a Federal Felony with fines of up to $250,000 and 10 years in prison for individuals (or fines of up to $500,000 for companies). It was signed by president George W. Bush on January 12, 2007.[3][edit] The Gramm-Leach-Bliley Act (GLBA)Signed into U.S. law in 1999 specifically addresses pretexting of banking records as an illegal act punishable under federal statutes. Under the common law, pretexting is an invasion of privacy tort of appropriation; see Restatement 2d of Torts § 652C.When a business entity such as a private investigator, SIU insurance investigator or an adjuster conducts any type of deception, it falls under the authority of the Federal Trade Commission (FTC). This federal agency has the obligation and authority to ensure that consumers are not subject to any unfair or deceptive business practices.US Federal Trade Commission Act, Section 5 of the FTCA states, in part: "Whenever the Commission shall have reason to believe that any such person, partnership, or corporation has been or is using any unfair method of competition or unfair or deceptive act or practice in or affecting commerce, and if it shall appear to the Commission that a proceeding by it in respect thereof would be to the interest of the public, it shall issue and serve upon such person, partnership, or corporation a complaint stating its charges in that respect...."The statute states that if you are securing any personal, non-public information from a financial institution or the consumer, the action is covered by the statute. It relates to the consumer's relationship with the financial institution. For example, the pretexter is using false pretenses to get from the consumer's bank the consumer's address, that would be covered. Or, if the pretexter is going to the consumer and getting the name of his or her bank through false pretenses, that would be covered. The determining principle is that it is only pretexting if the information is obtained through false pretenses.While the sale of cell phone records has gained significant media attention, and telecommunications records are the focus of the two bills currently before the United States Senate, many other types of private records are being bought and sold in the public market. Alongside many advertisements for cell phone records, wireline records and the records associated with calling cards are advertised. As individuals shift to VoIP telephones, it is safe to assume that those records will be offered for sale as well.It is currently legal to sell phone records, but illegal to obtain them.[4]U.S. Rep. Fred Upton {R-Kalamazoo, Michigan}, chairman of the Energy and Commerce Subcommittee on Telecommunications and the Internet, expressed concern over the easy access to personal cell phone records on the Internet during Wednesday's E&C Committee hearing on “Phone Records For Sale: Why Aren't Phone Records Safe From Pretexting?”Illinois became the first state to sue an online records broker when Attorney General Lisa Madigan sued 1st Source Information Specialists, Inc., on 20 January, a spokeswoman for Madigan's office said. The Florida-based company operates several Web sites that sell cell phone records, according to a copy of the suit.The attorneys general of Florida and Missouri quickly followed Madigan's lead, filing suit on 24 January and 30 January, respectively, against 1st Source Information Specialists and, in Missouri's case, one other records broker - First Data Solutions, Inc.Several wireless providers, including T-Mobile, Verizon and Cingular, filed earlier lawsuits against records brokers, with Cingular winning an injunction against First Data Solutions and 1st Source Information Specialists on January 13.US Senator Charles Schumer (D-New York) introduced legislation in February of 2006 aimed at curbing the practice. The Consumer Telephone Records Protection Act of 2006 would create felony criminal penalties for stealing and selling the records of mobile phone, landline, and Voice over Internet Protocol (VoIP) subscribers.Hewlett Packard's Former Chairman, Patricia Dunn, reported that the HP board hired a private investigation company to delve into who was responsible for leaks within the board. Dunn acknowledged that this company used the practice of pretexting to solicit the phone records of board members and journalists. Chairman Dunn later apologized for this act and offered to step down from the board if it was desired by board members.[5] Unlike Federal law, California law specifically forbids such pretexting, and this case is being investigated by the California Attorney General.[edit] Social engineering in popular culture * In the film Hackers, the protagonist used a form of social engineering, where the main character accessed a TV network's control system by phoning the security guard for a modem number, posing as an important executive. Although the film is not highly accurate, the particular method demonstrates the power of social engineering.[edit] See also * Phishing * Confidence trick * Dumpster diving * Certified Social Engineering Prevention Specialist (CSEPS) * Physical information security * Vishing[edit] Notes 1. ^ a b CSEPS Course Workbook, p. 4 2. ^ CSEPS Course Workbook, unit 3 3. ^ Congress outlaws pretexting, Eric Bangeman, 12/11/2006 11:01:01, Ars Technica 4. ^ "Art of Deception", p. 103 5. ^ HP chairman: Use of pretexting 'embarrassing' Stephen Shankland, 2006-09-08 1:08 PM PDT CNET News.com[edit] References * John Leyden. April 18, 2003. Office workers give away passwords for a cheap pen. The Register. Retrieved 2004-09-09. * SirRoss. January 20, 2005. A Guide to Social Engineering, Volume 1 A Guide to Social Engineering, Volume 2. Astalavista. * Kevin Mitnick, Alexis Kasperavičius. 2004. "CSEPS Course Workbook." Mitnick Security Publishing. * Kevin Mitnick, William L. Simon, Steve Wozniak. 2002. "The Art of Deception: Controlling the Human Element of Security". John Wiley & Sons. ISBN 0-471-23712-4.[edit] Further reading * Boyington, Gregory. Baa Baa Black Sheep (Bantam Books, 1990) ISBN 0-553-26350-1[edit] External links * Social Engineering Fundamentals * Social Engineering, the USB Way - Dark Reading (7 June 2006) * Should Social Engineering be a part of Penetration Testing? Darknet * Federal Trade Commission on Pretexting * "Protecting Consumers' Phone Records" - US Committee on Commerce, Science, and Transportation - February 8, 2006 * Kaplan, David A.. "Intrigue in High Places", Newsweek, 2006-09-06. Retrieved on 2006-09-06. * Plotkin, Hal. "Memo to the Press: Pretexting is Already Illegal", What I Really Want to Say, 2006-09-08. Retrieved on 2006-09-13. * Abercrombie, Paul. "Risky Business", [2], 2006-07-01. Retrieved on 2007-03-01.

Social engineering (security) - Wikipedia, the free encyclopedia

Social Engineering Part One- The Worst Privacy Enemy

2007-10-15T01:28:00.000-04:00

Trust. It will bit you in the ass everytime. It's the biggest threat to anyone's privacy. A friend or coworker asks you for your password, maybe asks you over for dinner to get personal information about you, or someone you trust steals personal information from your home.

Social engineering. Being attacked by kindness.

Track an Email

2007-10-15T00:58:00.001-04:00

track an email

Someone send you an email that you know isn't spam, but you have no idea where it came from? I once got a very detailed threat to my work email account account and had no way of figuring out who sent it.

Email: Verify an Email Address

2007-10-15T00:55:00.001-04:00

If, for whatever reason, you need to verify someone's email address, try Verify-Email.org, a free email address verifier. Just enter in the email addy, click "verify",and go. The format, domain, and user are all checked by actually connecting to the mail server to see if everything is kopasetic. Somewhat disconcerting, but sure to come in handy in some way.

Check Businesses online With the BBB Site

2007-10-15T00:52:00.001-04:00

Yesterday morning on 5 On Your Side, Monica LaLiberte did a roundup of scams and things you should look out for as a consumer. She mentioned that you should always check out a contractor with whom you want to do business. The Better Business Bureau makes this very easy with an online business lookup site.

HOW DO YOU KNOW IF A BUSINESS IS LEGAL IF YOU DON'T CHECK?

Send an email from your friends account!

2007-10-15T00:49:00.001-04:00

I don’t know about you but I love pranking my friends. One of my favorite pranks is sending emails from their account to friends, girlfriends or family. But how do you do that? You might be thinking you need to hack into an account or install some spy ware but you don’t.

(more…)

I'M NOT SAYING YOU SHOULD DO THIS ONLY THAT IT CAN BE DONE!!!

ACLU: Hundreds of New Documents Reveal Expanded Military Role in Domestic Surveillance

2007-10-15T00:48:00.001-04:00

New documents uncovered as a result of an American Civil Liberties Union and New York Civil Liberties Union lawsuit reveal that the Department of Defense secretly issued hundreds of national security letters (NSLs) to obtain private and sensitive records of people within the United States without court approval. A comprehensive analysis of 455 NSLs issued after 9/11 shows that the Defense Department seems to have collaborated with the FBI to circumvent the law, may have overstepped its legal authority to obtain financial and credit records, provided misleading information to Congress, and silenced NSL recipients from speaking out about the records requests, according to the ACLU.

Source - ACLU Press Release

Reddit It | Digg This | Add to del.icio.us

My finanical records and credit records were abused by my employers (Eastern Connecticut State) when I made a racial discrimanation complaint. They used it to follow my every move and harrass me.

There will never be any privacy if we let people do whatever they want!!!!

Escalating Health-Care Costs Fuel Medical Identity Theft

2007-10-15T00:47:00.001-04:00

When a wallet is lost or stolen, the first thing most Americans do is call their credit-card company. But if health-care ID or pharmacy cards are among the missing items, you should also alert your insurer.

... [Mike Stergio, director of Aetna Inc.'s special investigation unit] is currently investigating a case in which Aetna was hit with claims totaling $3.5 million over a two-week period for treatments supposedly provided to 400 of its members. The sheer volume of claims and suspicious patterns of procedures -- four colonoscopies in one family -- prompted the insurer to investigate and freeze payments.

One of the biggest threats posed by medical identity theft is that victims can receive the wrong medical treatment based on the fraudulent information in their medical records. (You are allergic to penicillin, the imposter isn't.) In addition, theft can cause victims to fail pre-employment medical exams or become uninsurable. (What about that cancer diagnosis?) And their credit can become badly damaged. At a broader level, health-care fraud leads to higher health insurance premiums, higher taxes and higher co-payments.

Source - Wall Street Journal

Reddit It | Digg This | Add to del.icio.us

Privacy.org - The Source for News, Information, and Action

2007-10-13T04:45:00.001-04:00

October 12, 2007More Information Sought About New York City's 'Ring of Steel' Camera Surveillance PlanIn an attempt to resolve privacy questions about the city's plans to set up thousands of closed-circuit television cameras and license plate readers in lower Manhattan, the New York Civil Liberties Union has filed requests for more information from local and federal agencies. The proposed surveillance system is modeled on London's Ring of Steel, and is designed to protect what Police Commissioner Ray Kelly has called "the most sensitive stretch of real estate on Earth." It is expected to be completed by September 2009.Closed-circuit camera plan raises privacy issue, Newsday, October 11, 2007.Posted by EPIC at October 12, 2007 11:06 AM

Privacy.org - The Source for News, Information, and Action

TX: Dinner, with a side of I.D. theft

2007-10-13T04:43:00.001-04:00

For many diners at the Cotton Patch restaurant on North Street, the meal was only the first taste of a months-long investigation of credit card theft, mail fraud and stolen identity.

But after finding that 140 victims of stolen credit card numbers had all dined at Cotton Patch during the summer, The U.S. Postal Inspection Service will close its investigation of the case because of a lack of new leads.

Source - Daily Sentinel

Reddit It | Digg This | Add to del.icio.us

TSA Promises Privacy For Subjects Of Clothing-Penetrating Scans

2007-10-13T04:42:00.001-04:00

The U.S. Transportation Security Administration today promised to protect air travelers' privacy as TSA personnel peer through their clothes.

... "We are committed to testing technologies that improve security while protecting passenger privacy," said TSA administrator Kip Hawley in a statement. "Privacy is ensured through the anonymity of the image: It will never be stored, transmitted, or printed, and it will be deleted immediately once viewed."

Ensuring privacy, as the TSA describes it, involves having security officers view images from remote locations. Thus, the security officer cannot identify the passenger, visually or by some other means, but can send word to fellow officers if a threat is detected.

According to the TSA, the scanning system applies a security algorithm to further protect passenger privacy by obscuring the passenger's face.

Not everyone finds such assurances credible. In a statement, Barry Steinhardt, director of the ACLU's technology and liberty program, spelled out three objections to the TSA's plans.

Source - InformationWeek

Reddit It | Digg This | Add to del.icio.us