Home Search

90 Minutes to Privacy

In light of this being National Data Privacy Day for the U.S. and Canada, here are eight tips to create safe, online personal security habits. 
Previously we covered best practices when working with passwords,
ensuring your software is up to date, and that you’re working with a decent
anti-virus solution, get ready to start the timer and do what you’ve been
meaning to do for years.
Image representing Google as depicted in Crunc...
Image via CrunchBase
Reconnoiter – 15 Minutes
The first step in securing your privacy is to
find out just what is out there for the world to see.  If you’ve never Googled yourself, now is the
time.  Google searche to check on:
1.   
your name
2.   
your name + your city
3.   
your name + your employer  
4.   
your phone number
5.   
your address
6.   
your email addresses
7.   
screen names
8.   
gamer tags 
Google
search anything that you’ve ever used to identify yourself.  Don’t forget
to do an image search while you’re at it.
You might be surprised to find that your dating
profile, gaming history, forum posts, site memberships, comments, pics from the
office party, etc. are easily uncovered.
Now find out what Google knows about you here
Turn off your Google search history here.  
Get your credit report.  You should know what’s on there, and it’s
easy and free to request it.  Look for
anything suspicious or incorrect and contact the agency immediately if anything
is amiss.

You don’t need to pay for the upgraded service, there is no charge to receive your credit report.

Canada – Equifax [PDF]
              – Transunion

USA – Equifax/Transunion/Experian

Call your doctor and get a copy of your medical
history.  Most people have details about
every oil change they’ve ever paid for but have no clue about their own health
records.
Depending on where you live, you’ve got the
right to access different information that is on file about you.  Insurance companies, payroll companies,
social services, etc. should all supply you with what they know about you.
 Shrink
your footprint – 20 minutes
Haven’t used a Groupon in 6 months but still
getting spammed daily?  Sign up for 5
different streaming radio services but only use Songza? Find your true love but
still have profiles on dating sites? Now is the time to delete any accounts
that you no longer use.  It’s a pain, but
it only takes a minute.  If your myspace
page is still sparkling and blaring music out there, just put it out of its
misery.  As an added bonus, your inbox
will thank you.
Can’t remember all the crap you’ve signed up
for?
Look through your spam folder.
Check your purse or wallet for points cards,
rewards cards, coupons, etc.
Location services – Maybe you love Google’s
location aware search results, but there is no need for most apps to know where
you are.  Similarly, nobody needs the GPS
coordinates of the party you were at last night.  If the app doesn’t need to know where you are
to work, then turn it off.
Delete –
10 minutes
Take ten minutes to go through the files and
folders on your computer.  Delete
anything and everything you can.  Be
merciless.
Tighten
your social media belt – 10 minutes
Adjust your privacy settings.  Facebook is the big transgressor here, but be
sure to check your LinkedIn, Twitter, Foursquare, Pinterest, etc. as well.  Even if you don’t care, your contacts might.
Your privacy settings on sites like Facebook and
LinkedIn don’t only affect you.  Take the
time to make sure that you’re not sharing any data about your friends with
people that you don’t have today.  Why
let strangers creep all of your contacts on LinkedIn and share friend’s data
with third party developers on Facebook?
Go on a
friend diet – 10 minutes
Prune your lists of friends:  Facebook, LinkedIn, Google+, Skype, MSN, ICQ,
AIM, IRC, etc.  If you haven’t talked to
them in the last year, you probably never will. 
If you need to look them up, you can always do so. 
Go on an
app diet – 10 minutes
Look through the apps on your phone.  If you haven’t used it in a month, uninstall
it.  No matter how many times you tell
yourself otherwise, you are never going to use Google Sky.  Bored with Fruit Ninja? Downloaded Layar just
to show off your phone?  Get rid of
them.  You can always install them again
later, even the ones you’ve paid for. 
The same goes for any facebook apps you may be annoying
your friends with.  Ditch them.  Nobody cares about your farm or what you just
played in Words With Friends.
 Create an
alias – 10 minutes
Not just a username, make a whole person.  First name, last name, email address,
birthday, pet.  When you need to sign up
for something non-critical, use your alias. 
If they don’t need your real name, don’t give it to them.  With the birthday/email/pet, you should even
be able to recover your password if you forget it.  Now is your chance to have the supercool name
that you always wanted.  Hello, Mr. Mike
McCool.
Lockdown
– 5 minutes
Make sure you use lockscreens on your phone,
tablet, computer, etc. Set them to lock after 2 minutes.  No exceptions. 
Install Prey or similar tool on your devices
just in case. preyproject.org
Sign out of everything you log into, whether
it’s a site, a program or a computer.
Tell us how you did with the 90 Minute to Privacy Plan. Did it take more or less than 90 minutes? 

Enhanced by Zemanta

Malware Spread Optimization

Mt. San Miguel is on fire. San Diego County w...Image by slworking2 via FlickrWhen I heard of Corey Haim‘s death, shortly after fond recollections of License to Drive and The Lost Boys cinema moments, I wondered how soon the unfortunate news would be used in the spread of malware. Well it didn’t take long. Hours after the announcement of Haim’s death, search results for his name came up with domains used to spread rogue antivirus software.

Using search engine optimization (SEO), online criminals force their malware hosting sites into higher billing slots within search engine results. Often a series of redirection sites are traveled through by the user before the final malicious domain is contacted. This creates a level of separation from the actual malware and allows a variety of domains to be constantly created, altered, and moved around, evading detection and termination. Using timely and highly popular topics of interest. domains referring to these topics stay in the leading search engine results. Recent topics covered in SEO campaigns include the Haiti disaster, the Olympics, the Oscars, and unnamed Facebook applications.

So why do these attacks work so well? Amazingly there is still a level of trust by users for top resulting sites of search engine queries. It is common for people to see familiar sites time and again on the first page of search results, and popular sites deemed primarily benign usually take dominant billing. Perhaps this is why folks rarely question clicking on the initial links provided by their favorite search engines. They hadn’t been burned in the past when trusting the top resulting URLs, so why should they now question the validity and intention of every suggested link? Malware is why.

I don’t always keep up with the latest events, but with a little social interaction and casual reading I hear about most events I find interesting and usually several others I don’t, all within a reasonable amount of time. When I want to receive my news from a specific source I usually go to one location online or watch Robin Meade on HLN in the mornings. (There’s no such thing as bad news when Robin reads it.) I use search engines like everyone else to gather information on various inquiries but I don’t do grab bag research, blindly clicking on any keyword matching domains. I’ve never used the “I’m feeling Lucky” button because I never felt that lucky about randomly visiting unknown domains across the internet, and I certainly don’t want to be a punk. (nod to Dirty Harry in case that was missed)

Choosing a default news site to read about all things newsworthy would seem to be an obvious point to suggest here, just as a safety precaution. However, the simple facts behind these breaking stories are not commonly what people are after. There is usually a promise of a sex tape or footage of a celebrity’s death, which can’t be found on CNN. What they can’t find on news sites is what sends users searching, which is ironic because most people only go searching for this bonus material after reading about its availability outside of regular news sites. Maybe news site restriction or loyalty would keep more users safe from attack. But then there’s always Facebook and Twitter and forums/comment/email spam to shield your eyes from as well.

When I want to know what people are searching for I go to Google Trends: http://www.google.com/trends. I assume this is what criminals intent on spreading their malware also do. Topics that are “On Fire” and “Volcanic” are being queried the most and make for prime targets. If you want to try a little safer searching, wait for topics to cool down a little before clicking around. Even better, find a news site you trust and go there for your news. Anything outside of seeking the facts may just land you in some fire of your own.

Matt Sully
Director
Threat Research & Analysis

Reblog this post [with Zemanta]