Monthly Archives: January 2012
Google, Microsoft, Yahoo!, AOL and Facebook are setting aside their online rivalry to fight a common enemy: email spam and “phishing” attacks.
The Web giants said Monday they have teamed up with Bank of America, PayPal and others to combat spam and phishing, where emails seeking to obtain passwords or other information are sent to unsuspecting recipients.
Following 18 months of private collaboration, they’ve announced the formation of a technical working group known as DMARC.org, drawn from the acronym for Domain-based Message Authentication, Reporting and Conformance.
“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole, industry cooperation — combined with technology and consumer education — is crucial to fight phishing,” said Brett McDowell, the chair of DMARC.org and senior manager of customer security initiatives at PayPal.
The members of DMARC are proposing email authentication standards for email senders and receivers designed to make impersonation more difficult for the fraudsters behind phishing attacks.
Currently, email providers must rely on “complex and imperfect measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing messages sent by a scammer.
By introducing a standards-based framework, DMARC has defined a more comprehensive and integrated way for email senders to introduce email authentication technologies into their infrastructure.
AOL, Google, Microsoft and Yahoo!, the leading email providers, are members of DMARC.org along with Bank of America, Fidelity Investments, PayPal, American Greetings, Facebook, LinkedIn and email security providers Agari, Cloudmark, eCert, Return Path and Trusted Domain Project.
The postponing of SOPA and PIPA last week was a relief to security gurus who foresaw major technical problems inherent in the bills’ provisions. Last week U.S. Congress was rushing to pass a controversial bill that most security experts maintained could throw a monkey wrench into the gearbox of the Internet.
The bills themselves have been postponed, and their main sponsors have specifically disavowed the supposed security pain points they contained.
The Stop Online Piracy Act (SOPA), filed in the U.S. House of Representatives, and its Senate counterpart, the Protect IP Act (PIPA), proposed that Internet Service Providers (ISPs) be called on to block the DNS addresses of websites suspected of violating the rights of copyright holders.
But after weeks of controversy from opponents of the legislation, capped by a one-day blackout of Wikipedia and other sites in protest of the measure, the sponsors of the bills decided to strip out the DNS requirements.
“After consultation with industry groups across the country, I feel we should remove Domain Name System blocking from the Stop Online Piracy Act so that the [Judiciary] Committee can further examine the issues surrounding this provision,” SOPA’s sponsor Lamar Smith (R-Texas) said.
PIPA’s sponsor, Patrick Leahy (D-Vermont), was skeptical of the critics of the DNS provisions in his bill, but also agreed to shelve the provision.
“I remain confident that the ISPs — including the cable industry, which is the largest association of ISPs — would not support the legislation if its enactment created the problems that opponents of this provision suggest,” he said. “Nonetheless,” he continued, “this is in fact a highly technical issue, and I am prepared to recommend we give it more study before implementing it.”
The DNS concessions were good news for white hats like Dan Brown, a senior security researcher with Bit9. “Anyone who understands how the Internet works thinks it’s a bad idea for Congress to fiddle with something they don’t understand,” he told TechNewsWorld.
“These bills are still bad because they will have a negative impact on free speech and free communication on the Internet,” he asserted, “but they appear to be moving in the direction of not having any major technological impact on the Internet.”
For more info check out this online article from PC World
Anonymous lashes out and promises more to come
Government and big business once again clashed with the anarchic hacker collective “Anonymous” last week. The sore point between the two this time was the FBI’s shutdown of the alleged pirate haven Megaupload and the arrest of its founder and other executives in the company.
Megaupload has been in and out of hot water since it was launched in March 2005. Since that time, according to the FBI, the site has produced $175 million in “criminal proceeds” for its owners.
In retaliation for the government action, the hacker group known simply as “Anonymous”, launched a series of denial of service attacks against servers at the U.S. Department of Justice, the Motion Picture Association of America and Universal Recording. The attacks were able to cripple or stop operation of those sites temporarily. To do so, however, the hactivists had to resort to unusual tactics.
Through Twitter and the group’s chat rooms, it spread a booby-trapped URL. Clicking on the Web address involuntarily turned the clicker into one of the Anonymous attacking hordes.
Now Anonymous is threatening to bring down Facebook this weekend in the same manner. They’re even asking for end users help with this “project” and suddenly we’re seeing videos supposedly from Anonymous (no one has verified that these videos can actually be attributed to the group – after all, they are Anonymous) but it’s interesting to see and listen to all the chatter.
Here’s a link to the video supposedly attributed to the hacker organization – to be fair, the group has tweeted publically that this video is a fraud. Boy… just who can you trust these days?
What’s your stand on this – should pirate sites like Megaupload and other torrent sites be allowed to store and share pirated and copyrighted movies and music for anyone to download for free? I’d love to hear your thoughts on this…
Instant facial recognition and detection, is it Science Fiction or Science Fact? Facial recognition and detection technology is getting cheaper, faster, and much more commonplace, raising the question of whether people will be able to remain anonymous in the near future.
Digital signs and sensors that detect and recognize faces are no longer a matter of science fiction. They are real and are popping up everywhere from malls to bars to smartphones.
So what’s protecting you from Big Brother tracking your movements and invading your privacy?
As of right now, technology is the only significant barrier.
Today, the technology is not quite robust enough to snap a photo of someone on the street and instantly know who they are. Computer processors aren’t fast enough to scan across billions of images in real time to match an offline face to an online photograph. But that’s coming soon.
“To match two photos of people in the United States in real time would take four hours,” said Alessandro Acquisti, professor of IT and public policy at Carnegie Mellon University’s Heinz College. “That’s too long to do in real time. But assuming a steady improvement in cloud computing time, we can soon get much closer to that reality than many of us believed.”
Acquisti and his research team at Carnegie Mellon have already developed a proof-of-concept iPhone application that can snap a photo of a person and within seconds display their name, date of birth and social security number.
Currently, the reference photos have to be uploaded to a database, but Acquisti said that processing speeds will soon become fast enough to do the whole process online and in an instant.
Though computers still have difficulty identifying faces in low light or poor photo quality, programs are now able to capture a profile of a face, build a 3D model of it, rotate the photo and identify the person the face belongs to.
If a future in which you can always be identified really is around the corner, what will stop advertisers or even the government from putting names to previously anonymous faces of people walking into a store, strolling down the street or protesting a convention? That’s what the Federal Trade Commission sought to find out at a facial recognition policy conference in Washington last month.
The answer as of now: industry self-regulation. The Digital Signage Federation, a consortium of companies operating digital signs that detect or recognize faces, developed privacy guidelines that require consumers to “opt-in” to being detected or recognized. But that “opt-in” can be made as simply as walking into a store that posts on its window that it detects faces.
As of today, no laws or regulations specifically prevent your face from being detected or recognized without your consent. “Is U.S. privacy law ready for facial recognition? It’s not even close,” said Daniel Solove, professor at the George Washington University Law School.
The solution, however, isn’t easy. Warning people that a particular venue is equipped with face detection technology means the only way for people not to be detected would be to avoid the location. But what if it’s a drug store and someone needs to get a prescription filled?
More than 35,000 developers have built apps that have detected and recognized more than 35 billion photos using Face.com’s online software. They range from fun toys like Celebrity Findr, which scours Facebook and Twitter for photos of celebrities, to practical tools like Fareclock, which tracks when employees punch in and out by scanning their faces.
Somewhere in between is Find Your Facemate. Upload your photo and the service will find a potential future love interest who uses the service and looks like you.
How long will it be before someone decides to put together all these online images into a central database and in many online repositories like Facebook and Twitter, our name is already linked to the photo.
Face recognition and detection is real, but the government doesn’t yet have a way to protect its citizens from potential abuse of the technology. With the vast network of internet based security cameras recording much of our daily lives, this is just the next logical step. Are you ready for this? In the future, can anyone remain anonymous?
Are you tired of creating and then trying to remember all your different passwords – never mind having to type them in each time you log into your iPhone, iPad, iOS or Windows based system?
Well, it looks like a company called SensibleVision may have the answer for all of us.
FastAccess Anywhere is your mobile device’s new best friend. Now you can finally use the most powerful sites and apps that have sensitive data—like banking, bill payment, and private email—by securely logging in with your face.*
So, say goodbye to the hassle of remembering and typing all your passwords on that tiny mobile keyboard. Or putting in a PIN or password just to check the weather or make a phone call.
Whether you use iOS or Android phones or tablets, or Windows desktops and laptops, FastAccess Anywhere has you covered. Protect the apps YOU want and instantly input usernames and passwords with your face.
And, unlike other “novelty” face recognition products that allow access with photos or videos of your face, FastAccess Anywhere has enterprise-level security so you don’t have to worry. It’s fast, safe, and fun!
Sync Passwords Across Devices…iOS, Android, & Windows!
FastAccess Anywhere syncs across phones, tablets, and even your Windows machines. Store passwords on any Android, iOS (Apple), or Windows device and automatically have them available on all of your other devices. Change a password and it updates everywhere!
Because security comes first with FastAccess Anywhere, all passwords are stored securely in the cloud, never permanently on your mobile devices. So, if your phone is ever lost or damaged, your passwords aren’t. That means someone who finds your lost device won’t have access to your credentials.
Proven Technology for People On-the-Go
Five MILLION users already love FastAccess facial recognition on Windows. Combining our patent-pending, class-leading facial recognition with an optional gesture or shape of your choice, FastAccess Anywhere uses proven technology for storing and retrieving your sensitive passwords on your mobile devices. Not even photos or videos can fool it.
By using your face with a second factor, the accuracy of the two technologies are multiplied to give you piece of mind. In addition, gesture “smudge attacks” are reduced because FastAccess Anywhere moves the gesture area around on the screen.
Up and Running in No Time
Our easy setup wizard will guide you through everything in just a few steps:
- Create a Cloud Account
- Teach FastAccess Anywhere your face
- Create a Gesture
You’ll be using your face to access sites & apps in minutes!
Try FastAccess Pro for FREE – get the free download at:
The software is currently available for Windows XP, Vista and Windows 7. FastAccess Anywhere for Mobile devices will be available in February. Watch as the company shakes up this month’s CES show with its pending release.
1. Back up your data!
Backing up important files and data seems like such an obvious step, but surveys continue to show that less than 10 per cent of us do it on a regular basis. But with cloud storage and automatic syncing between devices, there is less excuse than ever for shirking this basic routine. Don’t be one of those unfortunate businesses that wait until a hard drive crashes and you are out of business. Back up your data today!
2. ALWAYS use SECURE passwords!
We’ve seen at least 3 clients whose password was breached and they were hacked. It’s embarrassing if all your email list gets solicited to buy Viagra—from YOU! It’s worse when it compromises and brings down your website! A secure password is at least 8 characters—upper AND lower case letters, at least 1 number and at least 1 symbol. We like to take a familiar word and change out the letters for numbers and/or symbols. A BAD Example is: P@ssw0rd. Try using the password generator like the one at http:// strongpasswordgenerator.com for secure passwords
3. Seek continuing education:
Go to an industry conference, a Chamber seminar or use online web seminars to enhance your business skills. If learning more about Microsoft Word, PhotoShop or Facebook would help your business, you can find a full range of hundreds of subjects on Lynda.com. It’s inexpensive and the videos are easy to follow. Get more education!
4. Put a DESCRIPTIVE subject in all email subject lines.
If you regularly converse with someone by email or even if you never do—a good subject line gets your email opened and saves time when the reader is looking for past emails to review. It’s polite and effective.
5. Check SNOPES.com BEFORE you forward that email:
Unclog the internet by not forwarding that email that your brother-in-law sent promising FREE Dinner at the Olive Garden for forwarding this email… They are SPAM and a big time waster!
6. Update your website monthly:
It will attract more visitors because an updated website 1. gets looked at by the search engines and is much more appealing to humans, too.
7. Only download apps from reputable sources:
In his post, Is your smartphone doing dirty work for criminal gangs?, (http://www.sync-blog.com/sync/2011/11/is-your-smartphone-doing-dirty-work-for-criminal-gangs.html) Lee Mathews explained that, “… as many as 20,000 Android devices were actively communicating with servers known to be connected to cybercrime activities. Through the installation of Trojanized Android apps, those devices had become zombies and were now active participants in a mobile botnet.” So, make it a point to only get apps from reputable sources. And while you’re at it, read these tips on how to secure your internet-connected gadgets. (http://www.sync-blog.com/sync/2011/12/10-tips-on-protecting-your-new-internet-connected-gadgets.html) Thanks to blog post by Rhonda Callow for this tip!
8. Keep your computer’s critical security patches and virus definitions up to date:
If you keep putting off your updates, you may be setting yourself up for BIG troubles. Make it a habit to check every Friday before leaving for the weekend – make it a habit like cleaning your desk. Or, call us 1. for our ProWatch services—we remotely take care of all virus definition updating and Microsoft “patches” overnight so you never have to worry about it!
9. Embrace Social Media:
Over half of all Facebook users check in daily. Think of all the free impressions you are missing. Also, LinkedIn is a “Must Join” network of business professionals. It adds to your credibility and can get you hired.
10. Recycle your old electronics rather then simply discard them.
With decommissioned cell phones, old printers, and discarded desk top computers, your house or office can quickly start to look like a digital junk yard. Do the right thing and recycle your electronics – you will feel so much better when you do! (Start with those unwanted cell phones. Take advantage of the Verizon Wireless Trade-In Program or support their HopeLine.
For all your used and decommissioned computer equipment go to Recycle Computers 4 Cancer.
You’ll be helping both our environment and the Cancer Society (Scientific & Medical Coalition Against Cancer). You can drop off the old equipment locally or call to schedule a free pickup AND get a tax deduction as well.