JBM Security, Networking & Web Development
Home - JB Maclean Consultion Inc.Secuirty Conferencing - JB Maclean Consultion Inc.News and Events - JB Maclean Consultion Inc.Links - JB Maclean Consultion Inc.Audio - JB Maclean Consultion Inc.Multimedia - JB Maclean Consultion Inc.Contact - JB Maclean Consultion Inc.
SaveID
Register Tutorial
Jbm Newsletter Sign-Up
Mission statement
Ceo bio and announcements
Remote back up service
Digital privacy manager - usb flash drive encryption
Investor relations
Corporate services (one page ad)
Corporate directory / client affiliations
E-books on cyber crime
Cyber vandalism
Security matters magazine
Cyber insurance
Finance and public relations
Sponsors / corporate affiliations
Apple affiliation
Dispersing the fog
Canadian intelligence solutions inc.
Cyber defence solutions inc.
Gucci
Rcmp
National security
The trump tower
Hardware & software /free virus/security scans
Richard bransons biography
E-commerce
Jays watchlist
The businesscast
The next generation search engine
The cyber crime report
Internet research
Money laundering
Ransom insurance
Networking
Remote application access and management security
Corporate security
On-line radio
Canada press
Truth about 911
Corporate security techniques
Ethical hacking
Security in the news
Identity theft
Investigative research
Identity recovery
Intellectual property theft
Fraud research and solutions
Identity theft case studies and statistics
Famous security and fraud quotations
Biometrics
Web development
Internet addiction and top issues
Media
Comments and questions
Corporate acknowledgment
Cyber-cops
Cyber-terrorism
Cyber-intelligence / social networking analysis
Privacy policies
Corporate services
Under construction
HOME / MEDIA 

MEDIA




'Gullible' people often give up data'
Infamous computer hacker outlines ways thieves get information over phone
Mar 08, 2007 04:30 AM
Raju Mudhar
Staff Reporter

Two years ago, on the shooting set of The Path to 9/11, the corner of Wellington and York streets was made to resemble New York and nobody thought much about the mess of paper literally blowing in the wind. Until an extra took a closer look; the papers were actually discarded medical records literally loaded with personal information that would have made an identity thief's year.

It turned out the recycling company that had been charged with destroying the records sold them to a prop company. As soon as the company learned about the privacy breach, they immediately cleaned up the movie set. But for hours, all that information was there for the taking, and it was only because the extra notified the Toronto Star that Ontario's Privacy Commissioner launched an investigation.

It doesn't seem like a week goes by without hearing about a high-tech security breach involving personal data. However, there are several simple, low-tech ways that criminals can get our information.

"A lot of identity theft is really because of the gullibility of people," says security consultant Kevin Mitnick, who is better known as the teenage hacker who was jailed for his computer mischief and phone phreaking. After his release from jail, he wrote The Art of Deception, detailing some of the methods criminals use to get data. Early on in the book, he talks about how much information he could get with just a phone and the right tone of voice.

"In America, and I'm sure it's similar in Canada, there are so many organizations like health care, schools, phone companies, places that you work, that all have so much of your information," he says. "There's also the simple methods like stealing mail, or going dumpster diving, or looking for discarded information where it gives the criminal enough information to basically hijack a target's identity."

The nature of personal information is that one piece tends to lead to another and it's one of the low-tech but sophisticated methods – called social engineering or pretexting – that Mitnick details in his book.

Basically, this is the use of a story (the pretext) or scripts to get information.

"A lot of this is done over the phone where people call purportedly from, for example, a radio station or other business, and ask the victim to provide information under the pretext that they are going get some service or product for free.

"So people think if they're going to benefit them in some way, they'll be helpful," he says.

"Or it's the reverse, where someone could be posing as the person from the utility company and says there is a risk of cutting off their power ... to get the person to believe they are going to suffer some sort of loss so they comply and give them all kinds of information."

He warns of another scam where a prize is offered in exchange for completing a survey. While it can seen innocuous, he says to watch out for questions that are similar to ones that are used as password hints, such as "What is your mother's maiden name?" or "What is your pet's name?"

Brent MacLean is the founder of JB MacLean Consulting, a local security firm that has worked with police on identity theft issues. He can't believe how foolhardy some people are.

"I've seen people pull their SIN card right out of their wallet," he says. "Or others who carry their birth certificates.

"I remember telling one (person), that ... he's got enough ID for someone to easily create a clone of himself.

"And trying to get those documents back, it would take weeks, if not months." MacLean thinks that identity theft is such a conceptual crime, many people don't take it seriously. "There are so many cases happening we don't have enough officers to deal with it. And beyond the methods that we do know about like dumpster diving or mail fraud, they're coming up with new ways to steal information all the time."

In terms of how to protect yourself, both MacLean and Mitnick suggest services like creditalert.com, which notifies customers if anyone applies for a credit card or a line of credit in their name. There are other simple suggestions, like shredding all of your personal documents before they are thrown out, and not carrying important cards that you don't need on your person, in particular a SIN card.

"It's just being careful," says MacLean. "It's good to have a healthy awareness, not paranoia; that's too strong a word about this stuff. It's like leaving your wallet on your desk at work and walking away. You trust your fellow employees to a certain point, but if someone gets it you're going to have a headache for a long time."


Password overload fuelling stress

Recalling many codes is driving us nuts

mb_0206_password_art

Password fatigue — or forgetting codes for all the sites we visit — is a hazard of the digital lifestyle.


“I think the ability for people to memorize multiple passwords for multiple sites is severely limited.”

michael geist


Ask Kim Brunhuber to come up with another password and he’ll throw his arms up in disgust. “I literally reached the point of not being able to remember one more number,” says the Toronto writer, whose password combinations are mostly made up of basketball players’ numbers. “One more password and I’m out!”

Brunhuber, 33, has lost e-mail, magazine subscriptions and computer service-provider accounts because of password problems.

Just last week he tried to get into his home voicemail from work. With upwards of 20 passwords jostling for space in his brain, he couldn’t remember the three-digit code. “I’ve tried every single combination,” he said.

Brunhuber is hardly alone when it comes to password fatigue, what with all the codes needed for bank machines, online sites, home alarm systems, entry to offices — the list goes on and on.

Rick Broadhead, author of numerous books on the Internet and e-commerce, liken online password requirements to a toll booth. “We’re going to give you the content for free but in exchange we need information from you,” he says.

Still, most people can’t be bothered to come up with a new password everytime they register on a site. “I think the ability for people to memorize multiple passwords for multiple sites is severely limited. I don’t know many people who can do it,” says law professor Michael Geist of the University of Ottawa.

The problem with generic passwords, he notes, is that they can compromise user security. For a safe password, Brent MacLean of JBMacLean Consulting Inc. suggests starting with the initials of a phrase.

For example, MHALL stands for “Mary had a little lamb.” You can then replace letters with symbols. In this case, you can replace “A” with the “at” symbol, and then add a few numbers at the end, or more symbols. Use a mix of uppercase and lowercase when allowed, thus creating a hard-to-crack code: “mH@LL8926!”

MacLean, whose company is hired by businesses to assess the security of their sites, also favours combining words from different languages, noting that he uses a password that combines French and Italian.

As for keeping track of multiple codes, Worden is a strong advocate of password-remembering software. He uses a program that keeps track of dozens of passwords.

Brunhuber prefers a low-tech solution. He pulls out his daily planner where he points to a list of websites, usernames and passwords.

“The irony is you’re working in a high-tech paperless world and the only way to function is to go back to paper and pencil,” he said.




The lowdown on safety in Windows Vista

Learn about the features that ensure PC security

By Andy Walker


Having good locks on your doors, windows that seal, and perhaps a well-designed alarm system are important when it comes to home security. Such measures provide families with a sense of safety and protection.

It should be the same with your computer. "One of my biggest concerns about using my computer is security," says Kerry Bernknopf, a mother of three who worries about keeping her credit card and personal finance information from prying eyes.

Bernknopf has reason to be concerned. The people who profit from electronic theft are using increasingly sophisticated technologies to obtain personal data. Using a toolbox of what geeks call "malware", which includes viruses, spyware and Trojan horses; they infect computers, get hold of personal information, or use computers for illicit purposes.

The new Windows Vista operating system, touted as the most secure Windows version to date, has been designed to address these concerns.

"Microsoft has attempted to give users the tools that they will need to do a better job of watching and protecting their systems," explains security expert Brent MacLean.

Control your account

One of those new security features is called User Account Control ("UAC" for short). It is perhaps the most potent weapon Vista uses to stop digital infections.

Each time a system change is initiated — whether it's the installation of a new program or a change to Windows settings — the UAC steps up like a security guard.

A UAC dialog box appears and asks the computer user to approve the action. If it's a change they initiated, the user clicks the "Continue" button. If the change wasn't requested by the user, then it's possible something like malware, for example, may be trying to install itself or be making changes to the computer. In this case, the user simply clicks "Cancel" to stop the action.

Phishing prohibited

Another weapon in Vista's security arsenal is the anti-phishing filter built into Vista's Web browser, Internet Explorer 7.

Phishing is an email technique used to fool people into giving up sensitive information, such as their personal banking details, passwords or social security numbers. An email that looks like it's from a bank or online payment service arrives, stating there is some kind of problem with the account and asking for confirmation of the user ID and password.

If you update the information by clicking the link provided in the email, you're directed to a fake website. While it may look like it belongs to a legitimate company or institution, it's actually not a secure website at all. By inputting your data, you provide access to your online account.

Vista's anti-phishing filter alerts you to fraudulent email and prevents you from visiting these kinds of websites.

Keep the kids safe

Bernknopf says she also worries about her three daughters — ages five, 8 and 11 — using the computer. "I forbid my kids from entering chat rooms," she says. "You really never know who's in them."

To that end, Microsoft has added Parental Controls to help parents monitor their children's computer and Internet usage. Parents can set up electronic rules for time limits; they can also ban or limit the use of specific software programs such as the chat utilities disallowed by Bernknopf. Parental Controls also provide parents with reports on their children's computer use, including games played and Websites visited.

Of course all these new tools don't replace common sense. "The weakest component of any security system is the user," says MacLean, who runs the security advice Website JBM.net. "(But) if we can keep them better informed and keep things simple, that will minimize the security risks."

Andy Walker is the author of Microsoft Windows Vista Help Desk and Absolute Beginners Guide to Security, Spam, Spyware and Viruses.

Published February 2007
Pay Now - Paypal
Security Networking Newsletter
Submit Your Security Articles
Security Survey
Security Risks
Encrypt Stick
Business Security Analysis
Data Backup Service
Virgin Galactic
Trump Toronto
GUCCI
Cluuz Search
Google Map
Dns Stuff
Canada 411
Google News
e-Commerce Alert
Internet Radio, Citizen Broadcasting, Social Media Podcasts - Blog Talk Radio
Intelligence Summit
BusinessCast Podcast
Security Matters - A magazine for Canadian businesses.
Copyright 2010 JB MacLean Consulting Inc.
All rights reserved.