Tag Archive for: encryption

Cybersecurity Experts Fight for Your Encryption Rights

cybersecurity experts encryption

Cybersecurity experts and privacy advocates like myself are stepping up to protect strong encryption standards, which are facing an all-out legislative assault from the current administration and the Senate. But we need the help of business leaders like yourself to maintain the privacy of your data. Here is an excellent excerpt from Joseph Marks of The Washington Post:

The bill, called the Lawful Access to Encrypted Data Act, is the harshest among a number of efforts to weaken encryption across the Justice Department and Congress.

It would effectively require tech companies to weaken access to their secure systems to ensure law enforcement with a warrant can track terrorists, sexual predators and other criminals. But that would also make it far easier for cybercriminals and adversary nations to hack into troves of government, financial and health records,“ (emphasis mine).

C-level executives, board members, business managers and entrepreneurs, here is what I have learned from 15 years in this business: you can either listen to and evaluate the overwhelming consensus of cybersecurity experts before the damage is done, or you can attempt to recover once it is too late. Most leaders choose to pay attention to these topics only after they have been directly affected, which is a far costlier and more painful path. If I were advising your board or executive leadership team, I would recommend that you contact your Senator and Representative and swing as much weight as possible to dissuade this bill from passing.

Nothing is more important than catching criminals and protecting our children, but this bill is a wolf masquerading in sheep’s clothing.

John Sileo is a cybersecurity expert, award-winning author and media personality as seen on 60 Minutes, Anderson Cooper and Fox & Friends. He keynotes conferences around the world and is the CEO of The Sileo Group, a technology think tank based in Colorado

Mobile Apps Turn Smartphone Into Weapon

You and I have come to think of our Smartphones as indispensable tools. Flaws recently discovered in mobile apps for Facebook, Linkedin and Dropbox could turn our tools into weapons by exposing us to data theft at many levels, including personal identity theft and corporate data loss.

Taking  extra precautions now will protect not only your Smartphone but other devices, too, as the flaw may well be present in other mobile applications including many iOS games.

Apparently, Facebook’s iOS and Android apps don’t encrypt their users’ login credentials. These flaws expose users to identity theft by saving user authentication keys (usernames and passwords) in easily accessible, plain text files. These unencrypted files may be stolen, transferred to another device in a matter of minutes, and used to access the victim’s accounts without ever having to enter any user login credentials.

Security researcher Gareth Wright reported discovering the flaw in the mobile Facebook application for iOS late last week. Wright sent his Facebook .plist to an associate — Scoopz blogger Neil Cooper — who copied the file onto his own device, opened up the Facebook app, and had immediate, full access to Wright’s Facebook account.”

Facebook is working on closing the gap in security according to Wright  but the app developers must start encrypting the 60-day access token that Facebook supplies. Otherwise, there’s a world of private information just waiting to be tapped. Think of the chaos in trying to recover from identity theft of that magnitude.

In the meantime, here are some actions you can take to protect yourself:

  1. Don’t plug your Smartphone into a shared PC, public dock or charging station.
  2. If you do use a PC for charging, lock your device for the charge, and don’t unlock it until you remove it from the PC.
  3. Use strong passwords including letters, numbers, symbols, upper and lower case. Don’t rely on a four-digit password.
  4. Turn on the ‘Find My iPhone’ function.

The potential for criminals to exploit this flaw is enormous. You’ll be well served to take every precaution before you feel the nauseating pit of your stomach once you’ve been hacked. Further Resources on Mobile App Hacking.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

U.S. Lags Europe on Credit Card Security

We can be as patriotic as we want to be, but today, the US lags behind other countries in credit card technology and consumer safety. Our current-day magnetic-strip technology is archaic compared to the chip-embedded cards of our European counterparts.  Though some larger US retailers are offering support of the “smart-chip” cards, a mandate for their use (and greater protection for the consumer) is down the road. (Click here for the original story on NPR).

According to Andrea Rock, a senior editor at Consumer Reports who wrote an article about the security gap in the credit card industry (emphasis mine):

“The account information that’s needed to make a transaction on American cards is stored, unencrypted, on a magnetic stripe on the back of each card,”

And that means, until the industry changes, you are at risk. In the mean time, here are a few steps you can take to increase your security:

  • Limit use of your debit card. The bank offers you less protection on debit transactions than credit transactions. Additionally, with debit cards, there is a PIN involved, potentially providing immediate cash access to your accounts by clever thieves. If fraud occurs, you are out the money until it is resolved.
  • Use your credit card instead.  It’s safer.  Typically, credit card issuers offer zero-liability for losses associated with unauthorized transactions. You also have a longer time frame to catch and report the fraud.
  • Set up automatic account alerts so that you receive an email or SMS text anytime a transaction is made. That way, if someone is using your card illegally, you are notified and can shut it down immediately before it becomes a big problem.
  • Let your credit card provider know that in order to keep your business, they need to update to the latest security technologies.

John Sileo is the award-winning author of Privacy Means Profit, The Smartphone Survival Guide and The Facebook Safety Survival Guide. Learn more at www.ThinkLikeASpy.com.