Dropbox a Crystal Ball of Cloud Computing Pros & Cons
Dropbox is a brilliant cloud based service (i.e., your data stored on someone else’s server) that automatically backs up your files and simultaneously keep the most current version on all of your computing devices (Mac and Windows, laptops, workstations, servers, tablets and smartphones). It is highly efficient for giving you access to everything from everywhere while maintaining an off-site backup copy of every version of every document.
And like anything with that much power, there are risks. Using this type of syncing and backup service without understanding the risks and rewards is like driving a Ducati motorcycle without peering into the crystal ball of accidents that take the lives of bikers every year. If you are going to ride the machine, know your limits.
This week, Dropbox appears to have altered their user agreement (without any notice to its users), making it a FAR LESS SECURE SERVICE. Initially, their privacy policy stated:
… all files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password. (Quoted from PCWorl)
Currently, the privacy policy says that Dropbox can access and view your encrypted data, and it might do so to share information with law enforcement. Why is that important? Because it means that the encryption keys that keep your files private are actually stored on Dropbox’s server, not on your own computer. This puts the keys to your data (and every other Dropbox user) in the hands not only of Dropbox employees and law enforcement, but vulnerable to hackers. When the encryption key is located on your computer, at least the risk is spread over Dropbox’s user’s network.
Today Show Uncovers Baby Identity Theft
Identity thieves are increasingly targeting children, in some cases stealing their identities even before they are born.
A TODAY Show/NBC investigation into child identity theft revealed that criminals routinely use a child’s untouched credit record to their advantage and get away with it for years or decades. This story shows how in more and more cases Social Security numbers are being stolen even before the child has been born.
Why is it so easy? Because Social Security numbers are not assigned randomly, meaning that they can predicted with a certain amount of accuracy. A SSN is simply a code that includes the location and date of where and when a baby was born. Thieves have figured out a system to predict these numbers and used them before they have been issued. The federal government maintains that in the next month or so, these numbers will be randomized and harder to predict and therefore, steal.
Once a thief gains access to a legitimate Social Security number, they are able to take out car loans, mortgages and credit cards combining their name with the stolen number. Many banks don’t verify that the name and Social Security number match up because it costs them a few extra pennies. That is exactly how a woman was able to buy a home in my name, because the bank didn’t verify that the SSN belonged to me, not to her.
Facebook Apps Leaking Your Information
A report was recently published claiming that nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users’ profiles. Symantec released the report and said that an app security flaw may have given apps and other third parties access to users’ profiles. Facebook maintains that they have no evidence of this occurring.
In their report, Symantec wrote:
We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
These “access tokens” help apps interact with your profile.They are most often used to post updates from the application to your wall. When you add the applications to your profile you, as the Facebook user, is giving the apps access to your information by accepting their conditions. According to the investigation, these tokens were included in URLs sent to the application host and were then sent to advertisers and analytics platforms. If the recipient recognized the codes (meaning they have to be qualified to read and write HTML code), they could gain access to the user’s wall’s and profile.
Facebook Nigerian Scam Costs Victim $300,000+
At this point, we are all pretty used to the classic Nigerian Scam. Someone who is recently wealthy needs your help to gain access to the funds. They will let you keep $1 million if you will simply send them your bank account number so he can transfer $30 million to you. Its a dream come true to most!
What happens when that same scam is used on Facebook by one of your friends, by someone you trust? The results can be disastrous. One woman was scammed out of $366,000 because she felt sorry for the scammer’s sob story. The woman contacted the local authorities after realizing she had been conned by her Facebook “friend”. Police arrested six male suspects in Kepong, all allegedly connected to the Facebook scam: two Nigerians, two Bangladeshis, and two Malaysians. Investigators only managed to recover $5,000 in cash of the victim’s money, although they also seized 18 ATM cards, seven cell phones, and a laptop.
At least in this case the men were apprehended. In most scams of this nature there is no chance of finding the scammers and the money is long gone. Even when one of your Facebook friends asks you for something (money, help, information), your first reaction should be healthy skepticism. Verify that what they are saying is true (call them before sending money). Often times, a thief will take over a friend’s account or create a false account in order to gain your trust and eventually, your money.
Skype’s Apple Mac Client Has a Dangerous Flaw
It was recently discovered that there is a significant security hole in the Skype design for Apple Mac users. While logged in to Skype, a security researcher discovered a zero day vulnerability (meaning that the software developer, Skype, doesn’t know that the security hole even exists). This hole can give a hacker temporary remote access to the victim’s Mac via Skype. In other words, it means that someone else can take control of your computer while you are logged into Skype.
Solution: For now, I recommend you update your software with the fix made available on April 14th. To do this, get into your software and click on Skype -> Check for Updates, or you can download the software here. Make sure you check for an even newer update in the coming weeks.
Skype has been alerted to the problem and released the following statement:
“Last month, we were contacted by Pure Hacking, a group of ethical hackers in Australia, who reported what they believed to be a zero-day vulnerability in Skype for Mac 5.x. This vulnerability, which they blogged about earlier today, is related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized, hence the term malicious contact.
Study Shows Identity Theft of Children 51X More Likely
Based on a recent assessment of 40,000+ SSNs of children, it was found that more than 10% those SSNs were being used by someone other than the child, far in excess of the rate of misuse in the adult population. The study points out the major issues that surround child identity theft and why we need to start paying attention now. It is more prevalent than many think and the threat is growing. Here are a few of the statistics that were found:
- 4,311 or 10.2% of the children in the report had someone else using their Social Security number – 51 times higher than the 0.2% rate for adults in the same population
- Child IDs were used to purchase homes and automobiles, open credit card accounts, secure employment and obtain driver’s licenses
- The largest fraud ($725,000) was committed against a 16 year old girl
- The youngest victim was five months old; 303 victims were under the age of five
Parents need to stop ignoring child identity theft. It is one thing to ignore it for yourself, but failing to protect children, who are otherwise helpless to this crime, shows a definite lack of parental responsibility.
Acting now on behalf of your child will protect them from consequences common to child victims. Click on Child Identity Theft Protection Tips to learn more about the steps you should take.
Sony Data Breach Grows by 25 Million – $1 Billion Price Tag
Sony just admitted this week that their Sony Online Entertainment (SOE) division, which they though was not affected by the recent breach, has also been compromised. They believe that the hackers stole personal information from an additional 25 million users and that the breach included credit card information.
In an unrelated article, Mizuho Investors Securities analyst Nobuo Kurahashi estimated the cost of Sony’s recovery from the data breaches to be approximately $1.25 billion:
Kurahashi estimates that the data breach will cost Sony about Y100 billion, or $1.25 billion from lost business, various compensation costs and new investments–assuming that no additional security problems emerge. The cyber attacks on Sony in recent weeks involved the theft of personal data that include names, passwords and addresses from accounts on its PlayStation Network and Sony Online Entertainment gaming services. Sony has also said that more than 10 million credit-card numbers may have been compromised.
The return on investment of Sony simply protecting their customer data properly in the first place would be thousand-fold. But if companies were doing more to protect themselves before the attack, what would we write about?
John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.
WiFi Security Flaw in Smartphones Threatens Your Wallet
Recent information available in Britain has shown that popular hotspots can be easily mimicked by thieves, which leaves consumers vulnerable to identity theft.
Tests conducted showed that security experts were able to obtain usernames, passwords and messages from phones using WiFi in public places. The tests all used volunteers so that no actual breach occurred. In cases where the iphone 4 was targeted, the information could be taken and stored without the user even knowing.
This issue is a huge problem for the UK’s nearly 5 million BT hotspots located in train stations, coffee shops, hotels, and airports. While the smartphone service providers have knows about these WiFI security flaws for some time, they have still not done anything about it.
Using inexpensive communication equipment and free software that you can download from the internet, thieves can set up bogus hotspots to start sniffing your personal information. Once you have established a connection with one of these impersonators, whether on a phone or laptop, they can start decrypting your sensitive data.
While this is a huge issue, identity theft experts have found that a bigger problem is when these fake WiFi hotspots ask you to pay for the service and then gain access to your credit card number. Thieves state that once they have your personal logins and your credit card number, they can do almost anything, including buying gifts, purchasing gift cards for any amount, wire transferring funds to themselves, in addition to other methods for turning your privacy into profits.
iPhone Location Tracking Leads to Privacy Lawsuit
Apple has been hit with a lawsuit in Florida alleging the company is violating iPhone user’s privacy and committing computer fraud. The case came in response to news that the iPhone maintains a time stamped location log, and that data is also stored on user’s computers.
The lawsuit was filed in Federal court in Tampa Florida on April 25 by two customers who claimed Apple was tracking iPhone owner’s movements without consent, according to Bloomberg.
The case was filed after word that the iPhone and iPad with 3G support maintains an unencrypted log file showing where users are based on cell tower triangulation. That file is transferred to user’s computers during the sync process with iTunes and is maintained as part of the device’s backup file collection.
Location logging has been active in the iPhone and 3G iPad since the release of iOS 4 last June, which means some users have nearly a year’s worth of data stored away. Apple is denying that they are actively tracking user locations.
Award-winning author and identity theft keynote speaker John Sileo trains executives and employees to respect and protect the data that makes their company profitable. His clients included the Department of Defense, Homeland Security, FDIC, Pfizer, Blue Cross and organizations of all sizes. Contact him directly on 800.258.8076 or watch him deliver an Identity Theft Speech.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
