Posts

If You Hacked into Rupert Murdoch's Voicemail…

,

If you hacked into Rupert Murdoch’s voicemail, you would hear the message I just left him:

Thank you , Mr. Murdoch, I owe you one. I’ve spent the past five years trying to convince the world of something you managed to do with one simple scandal. I’m sorry that you will probably lose your reputation and much of your company and wealth because of it (not to mention your self-respect), but the world will be a better place for it. Why? Not just because our phone is ringing non-stop with companies and individuals that want to protect their private information.

It’s because you, Mr. Murdoch, awoke the PRIVACY BEAST! Two weeks ago, no one paid very much attention to voicemails being hacked. The average Facebook user was shrugging off the knowledge that their data was being systematically collected, aggregated and sold to the highest bidder all for Facebook’s financial gain. Android users ignored the warnings that malicious apps disguised as harmless games were funneling their bank account numbers, contact lists and geographic whereabouts to locations in Iran and North Korea. iPhone users continued to load their phones with as much data as a laptop without even password protecting the darn thing. Most of us lived in a comfortable, pitiful, stupor of privacy ignorance. But today, everyone suddenly cares .

Thank you for reminding us why privacy matters. You stole the voicemails of a murdered child, and that we cannot forget. For the sake of a pre-emptive scoop, you bribed officers who should have been focusing on capturing the culprit to feed your profit machine. You tempted the gods by abusing and misusing the Power of Information and now it is that very same power that will destroy you.

The emails of News of the World “reporters” discussing your phone-hacking exploits were backed up, archived, indexed and given a digital half-life of a million years. The smoking trail of digital DNA that you left behind while breaking the law, breaking our trust, breaking your business, will never disappear. And even if you didn’t do it, didn’t authorize it, didn’t know about it, it still happened under your watch.Most sadly of all, it happened under your son’s watch, who it appears more and more, takes after his father.

John Sileo speaks around the world on Privacy and Profitability to clients like the Department of Defense, Blue Cross and Homeland Security.

How Secure is Your Gmail, Hotmail, YahooMail?

I just finished an interview with Esquire magazine about the security of webmail applications like Gmail, Windows Live Hotmail and YahooMail. Rebecca Joy, who interviewed me on behalf of Esquire, wanted to know in the wake of the Rupert Murdoch phone-hacking scandal, how secure our photos and messages are when we choose to use free webmail programs.

The simple answer? Not very secure. Just ask Vanessa Hudgens (nude photos), Sarah Palin (complete takeover of her email account) and the scores of celebrities and power figures who have been victimized by email hacking.

Think of using webmail (or any web-based software, including Facebook, Twitter, Google Docs, etc.) as checking into a hotel room. Unlike a house, where you have tighter control over your possessions, the same is not true of a hotel. While you definitely own the items you bring into a hotel room (laptop, smartphone, wallet, passport, client files), you don’t have nearly as much control as to how they are accessed (maids, managers, social engineers who know how to gain access to your room). In short, by using webmail to communicate, you are exchanging convenience for control.

Here are the five most common ways you lose control:

  1. The password on your email account is easy to guess (less than 13 characters, fail to use alpha-numeric-symbol-upper-lower-case, don’t change it often) and someone easily hacks into your webmail account, giving them access to your mail, photos, contacts, etc.
  2. Someone inside of the webmail company is given a huge incentive to leak your private information (tabloids that want access to a celebrity’s photos and are willing to pay hundreds of thousands for it).
  3. You populate your password reminder questions (What high school did you go to?) with the correct answers instead of using an answer that is not easily found on your Facebook, LinkedIn or Classmates.com profile.
  4. You fail to log out of your webmail while on a public computer (hotel business center, school, library, acquaintances house), allowing them to log back in to your email account using the autosaved username and password (which by default tends to stay on a system for up to two weeks).
  5. You continue to deny the fact that when you store your information in places that you don’t own, you have very little actual control.

If you are sending sensitive information of any sort (text, photos, identity, videos or otherwise), don’t use webmail or social networking to send it. Use a mail program that resides on your own computer and encrypt the sensitive contents using a program like PGP. That gives you a much stronger form of protection than ignorantly exposing your information for all to see.

John Sileo is the award winning author of Privacy Means Profit and a professional speaker on data security, privacy, identity theft and social networking exposure.

 

Stock Plummets as Epsilon Breach Rears Ugly Head

,

When will corporations learn? I received 6 data breach emails yesterday because of the Epsilon’s lack of security.

Have you been inundated with more spam and phishing emails recently? If so, it may be due to one of the largest email and data breaches in Internet history. Epsilon is one of the world’s largest providers of marketing-email services and they handle more than 40 billion emails annually and more than 2,200 global brands.

Epsilon issued the following statement: “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only.”

The following companies have already sent out warnings (like those below) to their companies: Best Buy, Capital One, JPMorgan, Citibank, Kroger, Barclays Bank of Delware, Visa, American Express, US Bank, TiVo Inc. and Walgreen Co, Robert Half, Kraft, Home Shopping Network, QFC, Marriott Rewards, Ritz-Carlton Rewards, Ameriprise Financial, LL Bean Visa Card, Brookstone, Dillons, the College Board, McKinsey & Company, New York & Company, Disney Vacations, Staples, TIAA-CREF, Verizon, Borders, Smith Brands, Abe Books, Lacoste.

While the statement above says that only names and emails were compromised, experts are saying that both Marriott Rewards and Ritz-Carlton Rewards had member rewards points disclosed, along with names and e-mail addresses. This could give scammers more leverage when they attempt a targeted campaign. The Epsilon data breach not only exposed names, information and e-mails of its clients’ customers, but sent its stock down nearly 7 percent before the news was even hours old.

The stolen information will allow scammers to send authentic-looking email messages that appear to come from a bank or other business with whom the user has an existing relationship. The emails will try to trick people into parting with information such as their usernames and passwords for bank accounts or other online accounts, or they could try to trick people into downloading malware on to their systems. People who don’t fall for such scams should be fine. (ComputerWorld)

So how do you know if you have been affected by this massive breach? Watch out for emails (like the ones I received for being a customer of the institutions below) alerting you to the breach. But observe the following precautions:

  • Be on the lookout for sophisticated phishing emails that seem to be sent from your bank or other financial institution. Now that the bad guys have your name AND email address, they can make them very authentic and already know that you bank with that particular institution.
  • Keep software protection updated.
  • Don’t click on any links within the breach emails you receive, as scammers will undoubtedly send phishing versions in the name of data security to extract even more data out of you. Always retype the known website address (www.USBank.com) into the toolbar. You can also move the mouse over the link to see if the domain name matches the company.
  • Make sure that all websites you visit start with https (which signals that it is a secure connection – not a perfect indicator, but better than nothing).
  • Don’t give out any sensitive information out via email and be wary about giving it out over the phone.
  • If you are ever unsure call the number listed on the company website.

These companies will start to lose customers because of the Epsilon breach, and Epsilon will begin to lose stock value and reputation within the industry. Can you imagin a corporation trusting them with their private data again?

John Sileo speaks and consults to clients about information leadership, including identity theft, social media exposure and reputation management. His clients include the Department of Defense, Pfizer, Blue Cross and Homeland Security. Learn more about bringing John to your organization at www.ThinkLikeASpy.com.