The original notice on GameOver Zeus appeared on the US-CERT site. If you’d like to go directly to the tests for the GameOver Zeus virus, scroll down.
Overview of GameOver Zeus
GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.
Systems Affected by GameOver Zeus Virus
Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Impact of GameOver Zeus
A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.
Solutions to GameOver Zeus
Users are recommended to take the following actions to remediate GOZ infections:
Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date.
Change your passwords – Your original passwords may have been compromised during the infection, so you should change them
Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it
Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.
www.decryptcryptolocker.com(link is external) FireEye and Fox-IT have created a web portal claiming to restore/decrypt files of CryptoLocker victims. US-CERT has performed no evaluation of this claim, but is providing a link to enable individuals to make their own determination of suitability for their needs. At present, US-CERT is not aware of any other product that claims similar functionality.
The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.
GOZ has been associated with the CryptoLocker malware. For more information on this malware, please visit the CryptoLocker Ransomware Infections page.
Added FireEye and Fox-IT web portal to Solutions section – August 15, 2014
John Sileo is an an award-winning author and keynote speaker on cyber security and data breach. He specializes inmaking security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
https://sileo.com/wp-content/uploads/2014/10/gameover.jpg500500johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-10-07 15:34:102022-10-10 15:58:51GameOver Zeus Virus Test
Apple has us ooing and ahhing about the iPhone 6, it’s big brother the 6+ and finally the Apple Watch. But the biggest announcement of all didn’t even have to do with gadgets. The most significant announcement was about a new service that will be built into those devices…
It is Apple Pay, Apple’s own version of a “mobile wallet” that will allow Apple users to pay for items with just a tap or wave of their device. That is if those items happen to be in stores that have agreed to install the technology necessary to allow near-field communication (NFC – no not the football conference, the radio-wave technology) to work. Of course, Apple has done the background work to ensure a lot of big names (MC, Visa, AMEX and retailers such as Target, Macy’s and McDonald’s to name a few) are already on board, which is a significant mark in their favor. And with the upcoming mandatory implementation of EMV technology, Apple may have just timed this perfectly.
I’ve always been a bit freaked about digital wallets because the Internet giants offering them (Google, Amazon) are the same companies that collect reams of personal data, from search behaviors to my product preferences, and I don’t want any one company having all of that.
Many companies have tried to get mobile payments off the ground in the past without much success. So why might Apple be different (security implications in red)?
Apple is a master at integrating hardware and software. This doesn’t just mean that their payment system will be more user friendly than previous offerings (which it will), it also means that Apple has more control over the security and the privacy of each transaction. For example…
No cardholder data will be stored on the iPhone itself, OR on Apple’s servers. This is a significant divergence from previous offerings (Google Wallet) and is an extremely smart play on Apple’s part. Why? Because…
Apple has basically chosen to stay out of the information collection business to focus on what they do best, which is produce innovative digital devices and the corresponding behind-the-scenes software that make their devices so practical and useful. Consequently, they will continue to be a more trusted brand than their direct competitors. Unlike Microsoft, Facebook, and Google, Apple doesn’t appear to want to become a data-mining company. Apple executives have stated that they have no desire to collect or share user data. This could change when Apple realizes the profit they are passing up for the sake of privacy, but in the meantime…
The same companies that have always collected your purchasing data (Visa, MC, Amex and the retailers you buy from) will be responsible for the same sensitive cardholder information they’ve always had access to, and Apple will simply be passing the transaction through, using a unique series of numbers that will reveal nothing of value should the phone be hacked.
Finally, like it or not, Apple will make mobile payments sexy (did I just say that – I think maybe I’ve drunk too much of the Apple CoolAid). That sounds shallow, but their similar effort (iTunes + iPods, iPhone + App Store) revolutionized the music and smartphone industries. Apple has had a knack for getting consumers to warm up to ideas that have been tried before but never really took off (think iTunes, music players, smart phones, and tablets) Also, they have done what others who have tried mobile wallet concepts in the past have not: they’ve made it sexy.
Instead of a credit card that reveals all of its secrets on a magnetic stripe (no security there), Apple Pay will require a thumbprint scan (which never leaves the device) in order to make a charge. In other words, it utilizes CHIP & PIN technology, which every retailer is required to implement before 2015 ends anyway. Apple’s timing is impeccable – let’s just hope the technology is up to the task.
I’m not in any way saying that Apple doesn’t face huge challenges in terms of security, privacy and adoption of Apple Pay. Of course they do. I’m simply saying that they have the best shot yet at bringing together the hardware, software, industry connections and marketing chops to finally make mobile secure payments, well… pay.
John Sileo is an an award-winning author andkeynote speakerwho specializes inmaking security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includesfrequent media appearanceson shows like 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
00johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-09-12 19:27:132022-10-10 15:36:21Apple Pay Makes Mobile Payments Sexy; But Secure?
It often amazes me to find out how many people shy away from implementing ideas that they KNOW will make them safer. There are a multitude of reasons I know:
Ignorance: “I didn’t know there was a helmet law in this state.”
Fear: “But if I put my money in a bank, there could be a run on it. It’s safer under my mattress.”
Misunderstanding: “Well, I thought that sign meant I could park here for free on Sunday.”
Laziness: “It’ll be okay to leave my laptop on the table while I run to the bathroom real quick.”
I could reel off ideas for literally hours, and every one of these reasons relate directly to not safeguarding your passwords as well. But I want to assure you that it may be THE most important thing you do to secure your data. One of the easiest things anyone can do is utilize a password manager program. There are a lot to choose from but the one I personally recommend is the award-winning 1Password, which remembers and securely encrypts all of your passwords so you don’t have to. You merely come up with one secure master password and then train 1Password to log in to sites for you.
So what exactly are the features of 1password? There are a LOT! The best:
Strong password generator— a single click gives you a random, extremely strong new password using combinations of hyphens, digits, symbols and mixed cases letters. No more having to think of (and try to remember!) catchy, unhackable passwords for each account.
All these strong passwords are saved within 1Password in a highly protected way, and are ready to be automatically accessed when needed by simply typing one master password that only you know.
Ease of use–one click can open your browser, take you to a site, fill in your username and password, and log you in.
1Password can sync your data across all your devices automatically through iCloud and Dropbox, or locally over Wi-Fi where your data never leaves your network.
The vault will store your credit cards, reward programs, membership cards, bank accounts, passports, wills, investments, private notes and more. It has been compared to a 21st-century digital wallet. (But no one can pickpocket you.)
1Password is one of the few password manager options to allow file attachments, so you can safely store related receipts and images, and it will also keep track of your software licenses.
1Password can show all your items with weak, duplicate, and old passwords so you can decide which ones to fortify and update. No more using five variations of your childhood dog’s name. It will look at the strength of each password as well as find duplicate passwords and replace them with strong, unique ones.
1Password is fluent in multiple platforms and browsers, including Mac, Windows, iPhone, iPad, Android, and Windows Phone.
If your 1Password vault is in Dropbox or a USB thumb drive, you can decrypt and use it from any traditional computer in the world with a modern browser including Safari, Chrome, Firefox and Opera. This has security implications of its own, which I’ll address in a later post.
The prices vary based on the platform used and license purchased, but the prices are reasonable and worth it!
Fully 50% of the corporations that I work with and speak to have had data breaches due to poor password habits. Surprising, given how many of those would have been avoided had they simply used password manager software like 1Password.
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes inmaking security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
00johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-08-14 18:52:472022-05-04 15:25:33A Smarter Solution for Thief-Proof Passwords
Facebook Privacy Settings… Some may say it’s too little, too late. I’m relieved that Facebook is finally responding to concerns about their confusing and weak privacy settings. The social media giant (who has been losing customers of late) has recently made several changes to their settings.
Facebook Privacy Settings Update
Additional photo settings. Your current profile photo and cover photos have traditionally been public by default. Soon, Facebook will let you change the privacy setting of your old cover photos.
More visible mobile sharing settings. When you use your mobile phone to post, it is somewhat difficult to find who your audience is because the audience selector has been hidden behind an icon and this could lead to unintended sharing. In this Facebook privacy settings update, they will move the audience selector to the top of the update status box in a new “To:” field similar to what you see when you compose an email so you’ll be able to see more easily with whom you are sharing.
Default settings for new users. Instead of automatically defaulting to “public”, new users will now have their default set to “friends”. They will also be alerted to choose an audience when they post for the first time. This is a significant step in the right direction of a business best practice called Privacy by Default.
Privacy checkup tool. Users may encounter a “privacy dinosaur” (pictured above) that pops up to lead them through a privacy checkup. (At this time, it is not a consistent feature: Facebook is “experimenting” with it.) The privacy checkup tool will cover a number of settings, including who they’re posting to, which apps they use, and the privacy of their profile information.
Public posting reminder . The privacy dinosaur will also remind you when you’re about to post publicly to prevent you from sharing an update with more people than you intended.
Anonymous login. This feature allows you to log into apps so you don’t have to remember usernames and passwords, but it doesn’t share personal information from Facebook. Traditionally, people using Facebook Login would need to allow the website or app to access certain information in their profiles. I’m also happy to see Facebook moving in this direction, as universal logins are one of the easiest backdoors for cyber criminals to exploit.
Facebook has been criticized for having unreasonably complicated privacy settings, had to pay a $20 million settlement for giving away users’ personal information, and frankly never seemed to care very much about personal privacy.
I’m guessing that Facebook has learned a valuable lesson: that by giving their customers the privacy controls they desire, they are creating happier, more loyal users, which is a long-term strategy for success. The need for change hasn’t disappeared, but these Facebook privacy settings are a step forward.
John Sileo is an an award-winning author and keynote speaker on identity theft, social media privacy, fraud training & technology defense. John specializes inmaking security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
https://sileo.com/wp-content/uploads/2014/06/facebook-dinosaur.jpg168299johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-06-04 03:51:042022-05-04 15:25:34Facebook Privacy Settings Get Needed Update
Recently, I was asked to do a segment for The Rachael Ray Show that demonstrated very visually how many audience members face immediate identity theft risks. Watching them move across the stage as we exposed two or three common sources of identity theft was remarkable. Once we had experienced the numbers, we ventured into the house of one of Rachael’s audience members to see how to mitigate the risk. Watch the video to see if you would have joined the “at risk” group, or read the transcript below:
Rachael: We had the audience stand back here because we all carry several items on any given day, EVERY given day, that put us at risk. So John, you’re going to weed out our audience so we can all learn in how many areas we are seriously at risk if we have certain items on us, correct?
John: Perfect.
Rachael: Okay, how are we going to get them started?
John: The first one is your Social Security card. If you carry your Social Security card.
Rachael: If you have your actual your Social Security card, I’d like you to cross the room and come to this side of the studio. (Audience members cross.) A few people–not many. I don’t carry mine, either.
John: A few have got it. A lot of us do it.
Rachael: To me, Social Security numbers- they ask for them everywhere. The bank, the doctor–everywhere. I know the number. I don’t carry the card, but it is like your signature.
John: It is. It’s your net worth. It’s your future buying power, so a thief with a Social Security number–they can buy a home as you. That’s what happened in my case. They purchased a home. They go bankrupt as you.
Rachael: A house?
John: Yes, she bought a house. It was a woman.
Rachael: Just like in the movie! That is amazing. And a woman took your Social Security number and it didn’t even occur to anybody- it’s not a man named John?
John: I know and then went bankrupt-as me.
Rachael: Oh my God–I just want to feed you spaghetti! Okay, I think we’re going to move a lot of people on this next item. Tell them the next item.
John: Yes. If you have a smartphone without a passcode on it. So without the four digit code or some sort of a passcode.
Rachael: If you have an unprotected phone, move it. (Many audience members move.) I knew we’d get a lot of them on that one. Okay, now explain why you’re even more at risk without a passcode, even though it’s fairly obvious.
John: You bet. So the smart phone is part of who we are, right? It’s become an extension of ourselves. It’s literally part of our identity.
Rachael: Access to everything.
John: Let me give you an example of how easy it is. The thief takes it off the table at a cafe, right? They walk outside- no passcode on it. So they quickly surf through your websites or your contacts. They see where you bank. Then they go, ON THAT PHONE, to the bank’s login page and they hit the “forgot my password” link…
Rachael: And it sends it to you!
John: And it emails it to the thief!
Rachael: AGGGHHH!
John: They’re right in your account. Bam! It’s that easy.
Rachael: One more thing. We’ve gotta move more people. Give us one last item that puts us at risk that you think most, if not all, of these people have.
John: If you have a debit card or bank card. (Almost everyone else crosses room.)
Rachael: Now everybody has to have their bank card with them. I carry mine, too. Don’t you carry one?
John: I don’t. I’m not saying you can’t carry a debit card or a bank card. It’s how you carry it. It’s that you’re smart with it. Your debit card, your checkbook, connects directly to your bank account.
Rachael: (Looks at remaining audience members who didn’t move.) We have about ten/twelve people left. You guys don’t have any bank or debit cards on you? Wow, That’s amazing!
John: It’s doable. Use your credit card. I realize it’s a great budgeting tool, but if you can get it out of your purse when you don’t need it…lock it up at home- just like you do your Social.
Rachael: Get cash once or twice a week. Leave the card at home and carry credit cards that have protection.
John: Yes, you have much better protection liability-wise. The money doesn’t come directly out of your account when it’s stolen.
Rachael: It’s amazing. I love the visual of watching the risk factor.
New segment
Rachael: We wanted to take this a few steps further. We didn’t have time to go to every single person’s home here, so we sent you to one of our viewer’s homes to find the places in our homes where we’re putting ourselves at even more risk, right?
John: Yes, at Lisa’s.
Rachael: So, he went to Lisa’s house. We’re going to have these guys take a seat. You check out what happened at Lisa’s and we’ll meet back here.
Video
(Shows family activities at Lisa’s house.)
Lisa: I’m a wife and a mother of three and I just want to do everything I can to protect my family. About a year and a half ago we were victims of identity theft. You feel like your whole life has been stolen from you. At first when that identity theft happened, we were taking steps. We put alerts on with credit reporting agencies, but I think I fell back into being more lax about it.
(John arrives at Lisa’s house.)
John: So our plan of attack today with Lisa is to take her around the house and we’re just going to look at the different ways her data might be exposed.
(In her office)
We’ve got a file cabinet…a locking file cabinet that undoubtedly is …unlocked. (It is. John looks through items) Birth certificates…
Lisa: I try to hide it.
John: You try to hide it, yeah, but we all hide it in the same way. What I really suggest is a locking fire safe. You can buy these big, heavy safes that protect against water and fire, but they also allow you to store these documents in a really safe way.
(On to Kitchen)
Lisa: My purse is over here.
John: Wow. What is this, an organizer? (Huge, overflowing wallet) You keep your life in here, don’t you? Let’s see what we’ve got. Debit cards, multiple credit cards…I would get in the habit of thinking, “Okay, I’m going out to do this shopping. What cards do I need? Take the cards that you use most often and get in the habit of leaving the rest at home. On a credit card or debit card, one thing that I recommend is that you simply write Photo ID Required on it. It lets the retailers know, “Hey, my identity matters. Ask for it.” It makes it harder for someone to shop and impersonate you. (Continues to look through wallet) Cash-we don’t worry too much about that. It’s really the data that we’re looking at. And a lot of times the thieves will take the cash, they’ll take photos of this (other cards/data), and they’ll put it all back. They don’t want you to know they’ve taken it.
Lisa: I didn’t even think of that.
(They head outside to Lisa’s trash can.)
John: You have to be really mindful of what we leave outside of the door. We put things in our trash that are incredibly valuable. This is called dumpster diving. (John looks through trash.) This looks good here. Looks like a bank statement, we’ve got an insurance statement. We’ve got a credit card statement. It has your full account number on it-right there. Bonanza! You also need to shred anything with any identity on it.
(Moves to mailbox- unlocked out on the street)
Do you mind if I go through your mail a bit?
Lisa: Not at all.
John: Allright, so here’s a pre-approved credit card offer. This makes it really easy for somebody to apply for a credit card in your name. There’s an easy solution. It’s called opting out. You can opt out of financial junk mail so it’s never in your mailbox in the first place.
Lisa: I didn’t even know you could do it.
John: You should take this now and shred it. Everything that you can shred, you shred.
(Moves to Lisa’s computer.)
John: I love talking to people about their computers because it is the jackpot in the house of all our financial information. I was glad to see that you have a password to get in. That way if somebody walks out with the box, it’s a little more protected. Do you shop online at all?
Lisa: Yes, I do. I shop online a lot. I’ve been using my debit card a lot more lately.
John: Okay, shopping online- I’m totally good with. Using your debit card is risky. It’s connected to your bank account. I recommend you use a credit card and, in fact, I think it’s smart to have a separate credit card you use online and a credit card you use out and about. That way if something happens online, you can shut down the one card and you’ve kind of cordoned it off.
(Back to studio. Rachael welcomes Lisa and introduces Privacy Means Profit.)
Rachael: The biggest thing that I got out of that segment that I want to do immediately when the show is over–putting the stickers on every single front of my credit card or debit card (that says) “Ask for Photo ID”. You said everyone ignores it on the back, but everyone demands it on the front.
John: That’s exactly right.
Rachael: Everyone could buy “stickems” and that’s a really good one. That’s so easy and fantastic. So Lisa, that was enlightening. Thank you for letting us into your home. What did that feel like from your side of it? Did you feel like “Uh!” (slaps forehead) “I can’t believe I did that”?
Lisa: I couldn’t believe everything I was doing wrong. John gave me such great tips- just little things you can do to protect your identity. It was scary because I thought I was being more diligent than I was.
John: We all do.
Rachael: That’s the thing. It seems so obvious when he puts a highlighter pen over it. Then we all say “I do that, I do that, too.” I love that sticker thing though. Isn’t that a great tip?
Lisa: Yes. Actually I started to implement that. That was the first thing I did.
Rachael: (To John) So, who are identity thieves? What are the most popular types of identity thieves?
John: It breaks down into three big categories. The first is friendly fraud. It’s the people that we know. I see these every week. It happens constantly. It’s the college roommate who visits who has fallen on hard times so they sneak a check out of the middle of your checkbook. The second is the local. This is the person in your neighborhood who is a drug addict, a gambling addict, they need a little extra money and they’re willing to filter through your trash or your mail to get it. The third, the fastest growing one, is organized crime. These are international people who have huge resources to hack into very secure databases. These are not poor databases.
Rachael: They’re really investing in their crime with top quality computer programmers.
John: Absolutely, that’s exactly what they do.
Rachael: So, tell us about medical identity theft.
John: It’s so quickly growing because health insurance is really expensive, right? Here’s one we see a lot of right now. They wear a pair of Google Glass glasses that record, or they have an iPhone. They walk through the emergency room where people are totally stressed out and they’re filling out forms and they’re looking at them.
Rachael: That is so creepy!
John: And listen to this one: photocopiers. You have your doctor photocopy stuff- that has a hard drive in it and when someone services it…
Rachael: You’re giving me hives!
John: So you photocopy it at home.
Rachael: So how do you protect yourself from it?
John: Number one-those benefits statements that we get? Review them, just like you would your credit card statement. If something is wrong, you shut it down. You call them immediately.
Rachael: Pay more attention.
John: Yes, pay more attention.
Rachael: And guard what you’re writing.
John: Yes, they can be snapping photos. A lot of times what I’ll do is put it on a sticky note and I’ll take it off after. It doesn’t stay on their records, but it stays in the system. It’s a little bit better protection.
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes inmaking security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
00johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-03-27 14:24:442022-05-04 15:25:34Over 90% of Rachael Ray Show Audience Faces Identity Theft Risks
Biometrics are like passwords that you leave everywhere (fingerprints, facial recognition, voice patterns), except that unlike passwords, you can’t change them when they’re lost or stolen. It’s easy to change your password, a bit harder to get a new retina. Like passwords, risk goes up as they are stored globally (in the cloud) versus locally (on a physical device).
In addition to the biometrics mentioned above that most of us have come to accept as commonplace, there are many other methods in use or under exploration:
signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.)
gait analysis
heartbeat signatures
At the 2014 Annual International Consumer Electronics Show, inventors displayed dozens of devices using biometrics, some of which will become just as commonplace as fingerprints in the near future, some of which will not catch on and be replaced by something even more amazing. Some of the hot biometrics items this year:
Tablets that measure pupil dilation to determine whether you’re in the mood to watch a horror movie or a comedy.
Headbands, socks and bras that analyze brain waves, heart rates and sweat levels to help detect early signs of disease or gauge a wearer’s level of concentration.
Cars that recognize their owner’s voice to start engines and direct turns and stops, all hands-free.
(Do a search for “current biometric uses” if you want to be entertained for a while!)
Some less outlandish examples that are currently in place:
Barclays Bank in Britain utilizes a voice recognition system when customers call in.
Some A.T.M.s in Japan scan the vein pattern in a person’s palm before issuing money
World Disney World in Orlando, Fla., uses biometric identification technology to prevent ticket fraud or illegitimate resale as well as to avoid the time-consuming process of photo ID check.
Biometric passports contain a microchip with all the biometric information of holders as well as a digital photograph
Law enforcement agencies, from local police departments, to national agencies (e.g., the FBI) and international organizations (including Europol and Interpol) use biometrics for the identification of suspects. Evidence on crime scenes, such as fingerprints or closed-circuit camera footage, are compared against the organization’s database in search of a match.
Child care centers are increasingly requiring parents to use biometric identification when entering the facility to pick up their child.
And, of course, the most popular example has to be the use of fingerprint sensors on the iPhone to unlock the devices. It will also increasingly be linked to mobile payment services.
So, the million-dollar question is: Are Biometrics a Better Way to Protect Your Personal Identification?
The answer is yes…and no.
Biometrics are hard to forge: it’s hard to put a false fingerprint on your finger, or make your iris look like someone else’s.
BUT…
some biometrics are easy to steal. Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look. If a biometric identifier is stolen, it can be very difficult to restore. It’s not as if someone can issue you a new thumbprint as easily as resetting a new password or replacing a passport. Remember, even the most complex biometric is still stored as ones and zeros in a database (and is therefore imminently hackable).
A biometric identifier creates an extra level of security above and beyond a password
BUT…
if they are used across many different systems (medical records, starting your car, getting into your child’s day care center), it actually decreases your level of security.
Biometrics are unique to you
BUT…
they are not fool-proof. Imagine the frustration of being barred by a fingerprint mismatch from access to your smartphone or bank account. Anil K. Jain, a professor and expert in biometrics at Michigan State University says (emphasis mine), “Consumers shouldn’t expect that biometric technologies will work flawlessly… There could and will be situations where a person may be rejected or confused with someone else and there may be occasions when the device doesn’t recognize people and won’t let them in.”
The scariest part of the biometrics trend is how and where the data is stored. If it is device specific (i.e. your fingerprint data is only on your iPhone), it’s not so bad. But if the information is stored on a central server and unauthorized parties gain access to it, that’s where the risk increases. A 2010 report from the National Research Council concluded that such systems are “inherently fallible” because they identify people within certain degrees of certainty and because biological markers are relatively easy to copy.
I also feel compelled to mention the inherently intrusive nature of biometrics. While it’s true that using facial-recognition software can help law enforcement agencies spot and track dangerous criminals, we must remember that the same technology can just as easily be misused to target those who protest against the government or participate in controversial groups. Facebook already uses facial recognition software to determine whether photos that users upload to the site contain the images of their friends. Retailers could use such systems to snoop on their customers’ shopping behavior (much like they do when we shop online already) so that they could later target specific ads and offers to those customers.
How long before we have truly entered into Tom Cruises’s Minority Report world where we are recognized everywhere we go? “Hello Mr. Yakamoto and welcome back to the GAP…”
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes inmaking security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
00johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-02-03 04:11:432022-10-10 15:55:03Biometrics are Like Passwords You Leave EVERYWHERE
John Sileo appeared on CBS’s The Rachael Ray Show on January 29, 2014 to talk about the latest identity theft trends and threats.
Rachael asked John to go into one of their audience members homes and pick it apart from a privacy standpoint. John took a look at everything, from items hidden under the mattress to filing cabinets, trash cans, computers, mobile devices and more. Take a look to learn how to bulletproof your home and self against identity theft.
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes inmaking security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
00johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-01-28 15:50:582022-05-04 15:25:35Identity Theft Expert John Sileo on The Rachael Ray Show
Data Security Expert John Sileo talks with Fox Business about the recent Target data breach.
https://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.png00johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-01-21 18:14:142022-05-04 15:25:35Data Security Expert John Sileo on Fox Business (Target Data Breach)
Data Breach Expert John Sileo goes on Fox & Friends to discuss the 110 million records breached at Target.
https://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.png00johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-01-21 18:09:212022-05-04 15:25:35Data Breach Expert John Sileo on Fox & Friends – Target Data Breach
Is your health and fitness app sharing your health score with your insurance company? Do health apps pose privacy risks?
I recently had the opportunity to attend a very informative webinar presented by the Privacy Rights Clearinghouse entitled “Mobile Health and Fitness Apps: What Are the Privacy Risks?”
It was based on a nine-month study on privacy apps that many individuals use to monitor their health, learn about specific medical conditions, and help them achieve personal fitness goals. Such apps may include those that support diet and exercise programs; pregnancy trackers; behavioral and mental health coaches; symptom checkers that can link users to local health services; sleep and relaxation aids; and personal disease or chronic condition managers.
These apps appeal to a wide range of consumers because they can be beneficial, convenient, and are often free to use. However, it is clear that there are considerable privacy risks for users – and that the privacy policies (for those apps that have policies) do not describe those risks.
The most common way that these apps invade your privacy is through connecting to third-party sites and services (imagine having your health score shared with insurance companies!). The idea that these sites do so without informing users seems to be the norm, not the exception. In fact, more than 75% of free apps and 45% of paid apps use behavioral tracking, often through multiple third-party analytics tools.
Here are some of the key findings of the report:
Many apps send data in the clear – unencrypted – without user knowledge.
Many apps connect to several third-party sites without user knowledge.
Unencrypted connections potentially expose sensitive and embarrassing data to everyone on a network.
72% of the apps assessed presented medium to high risk regarding personal privacy.
The apps that presented the lowest privacy risk to users were paid apps. This is primarily due to the fact that they don’t rely solely on advertising to make money, which means the data is less likely to be available to other parties.
Advice for consumers when using fitness or health apps:
Research the app before you download it.
Consider using paid apps over free apps if they offer better privacy protections.
Make your own assessment of the app’s intrusiveness based on the personal information it asks for in order to use the app.
Assume any information you provide to an app may be distributed to the developer, third-party sites the developer uses for functionality, and unidentified third-party marketers and advertisers.
Try to limit the personal information you provide, and exercise caution when you share it. If the app allows it, try the features first without entering personal information.
Ask a tech savvy friend to help you determine what information an app is asking for, help you navigate settings, and potentially help you restrict the information an app gathers.
If you stop using an app, delete it. If you have the option, also delete your personal profile and any data archive you’ve created while using the app.
I would hope that mobile app developers would create products with privacy in mind and implement responsible information privacy and security practices. Until that time, users should assume that everything in an app is sent to the developer and possibly many unidentified third parties,so should only use apps and provide information they feel comfortable sharing.
John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.
https://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.png00johnsileohttps://sileo.com/wp-content/uploads/2022/03/Sileo-Logo-2020-Horizontal-Color-Flat-web.pngjohnsileo2014-01-02 17:36:122023-07-06 13:15:20Do Fitness Apps Share Your Health w/ Others (Insurance Co’s)?
