Payment cards that are Near Field Communication (NFC) are experiencing charging errors in the UK
What is NFC you say? It’s a card that is intended to work without it having to touch the card reader. The problem is some people are getting charged twice even though they didn’t take the card out of their wallets or purse. It’s a good idea to get a RFID-shielding cover for your debit / credit cards and your passport. Or you can make a cover from aluminum foil, instructions here http://www.rpi-polymath.com/ducttape/RFIDWallet.php
Note: the cover might not keep the card or passport from being read entirely, but it will cut down on the distance that the contents can be read at.
I do not recommend trying to damage the RFID chip.
This story is a timely reminder to keep an eye on your financial transactions!
Posted: May 19, 2013 by IntentionalPrivacy in Financial vulnerabilities, Privacy, Vulnerabilities
Tags: credit card theft, financial safety, NFC
What’s a “Patent Troll”? One definition of a patent troll is an organization that owns a patent which it intends to use for the sole purpose of suing someone else. A patent troll typically does not market or manufacture the product that the patent covers. The FTC calls them “patent assertion entities” or PAEs, and recently released a 309-page report on patents available here http://www.ftc.gov/os/2011/03/110307patentreport.pdf.
Why would you care? Well, according to articles in Ars Technica, a patent troll recently has been sending letters out to small businesses of between 10-100 employees demanding that they pay a licensing fee per employee for using the scan-to-email function on their multifunction printer because of patents owned by MPHJ Technology. You can read more details of this story in http://arstechnica.com/tech-policy/2013/04/meet-the-nice-guy-lawyers-who-want-1000-per-worker-for-using-scanners/.
Personally, I found the promoted comment from Dinglehoser (who says he is a patent attorney) on page 2 at the bottom of this article http://arstechnica.com/tech-policy/2013/01/patent-trolls-want-1000-for-using-scanners/2/ enlightening. His comment talks about AIA, the America Invents Act, and how it could affect patent trolls. According to http://www.lexisnexis.com/community/patentlaw/blogs/patentlegislationandreform/archive/2013/02/19/patents-post-grant-patent-trolls-drive-demand-for-new-aia-post-grant-proceedings.aspx, AIA is supposed to make patent litigation faster and more cost-effective.
What is “medical record theft” and why would someone want to steal your medical information? Simple.
The hospital or clinic a person goes to most likely keeps their records on a computerized system called an “electronic medical record” or EMR. What is a thief looking for? Your medical record contains information like your insurance company information, other identity information, financial information, and drug information. The thieves use this information to steal medical services, obtain prescriptions, and maybe even identity and financial information to use in identity theft.
And what if the hospital or clinic shares information with another business partner, such as a consulting doctor?
Recent health care breaches:
- 780,000 medical records stolen from the Utah Department of Health on April 9, 2012. The article stated that the cyber-hackers were operating out of Eastern Europe.
What can you do if your records are stolen? Here’s what the FTC recommends: http://ftc.consumerdev.org/bcp/edu/microsites/whocares/medicalidt.shtm
The FTC is holding hearings on Medical ID theft.
References: SC magazine http://www.scmagazine.com/id-thieves-find-gold-in-medical-data/article/236302/
Bitcoin is an open-source, peer-to-peer digital currency, using an MIT license. The site http://bitcoin.org/en/ explains what Bitcoin is and how to use it. It’s a very cool idea …
So what’s the downside you ask?
All you have to do is Google “Bitcoin issues” and a bunch of hits will come up dated within the last month:
But maybe one of the worst problems of all is an article published on May 2,2013 by Parity News: http://paritynews.com/web-news/item/1034-esea-league-stuffed-bitcoin-mining-code-inside-client-software. It started as an April Fool’s joke, where the E-Sports Entertainment Association (ESEA) League mined Bitcoins from their users by inserting code in their client software. At least, one of their administrators took responsibility for the “joke,” which wasn’t very funny in the end. Several users even claimed that their video cards were damaged because of overheating caused by the ESEA malware.
A cool idea, but maybe not a mature enough technology to use yet. Sometimes it’s a good idea to wait and see, especially if it involves your money or your privacy.
Do you think more public surveillance cameras will make you safer? Will they make you feel safer? Or will they allow the authorities to track down perpetrators more easily? Reason.com’s article “Saying Privacy Is ‘Off the Table,’ NYC Police Commissioner Demands more Surveillance Cameras” is very enlightening.
B-Sides Austin March 21-22, 2013, kicked off the night before with Jeremy Zerechak’s 82-minute documentary about the origins and present reality of computer privacy issues.
Code 2600 introduces modern cyber security via Sputnik and the Cold War which brought about the Defense Advanced Research Projects and the first computer network. The film also weaves in the threads of telephone systems and phone phreaking, and the transmutation of the computer from the behemoths of corporations and governments to the homebrew hacks that birthed the Apple computer. The result was an assault on your privacy which is magnified today by government agencies and private companies that compete for the control of the information that you create about yourself.
More subtly, in the Cold War, we could see our attackers. We would know who launched the missiles. Today, the clues left by a cyber-attack are harder to trace. The war is going on right now with the governments of the USA and China hacking each other, as well as Britain hacking Norway. And corporations are really the leading edge players: everyone – civilian or military, government or corporation – uses the same operating systems and applications programs. The military is no longer the leading edge of technology: they buy it from the same places that you do.
The success of AOL was a milestone. When the computer information service bought Time-Warner it heralded the blossoming of the information age. But we are still in the middle of the story. We will not know for 50 years how this plays out.
“What should we be teaching young people about computers?” is the wrong question. Young people should be teaching us about how they use their devices, apps, and media, because that is the future.
Official Movie Trailer on YouTube here.
Posted: February 11, 2013 by IntentionalPrivacy in Privacy, Traveling
Tags: DHS, EFF, privacy, traveling
Read this article at http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/ about how the Department of Homeland Security (DHS) can seize and search your electronic devices at the border without cause. The border as defined by DHS extends 100 miles inland from the physical US border.
How long can they keep your devices? It’s not really defined, although according to the Electronic Frontier Foundation (EFF), devices are usually return within 5 days. How long can DHS keep your data and what can they do with it? Again, according to the EFF, procedures are not clear for handling sensitive or confidential data.
If you need to travel with electronics, the EFF has a guide on how to “make your data less vulnerable at the border” at https://www.eff.org/deeplinks/2010/11/effs-guide-protecting-devices-data-border. Always make sure that you back up your data before traveling, just in case any of your electronic devices are confiscated, lost, stolen, or damaged.
If you value your privacy, the EFF website is worth reading on a regular basis.
Ok, now Adobe has released a security update for Flash, which applies to Flash versions for Windows, Macintosh, Linux, and Android operating systems, as well as Google Chrome and Internet Explorer browsers.
- The version you should be running for Windows and Mac is Adobe Flash Player 11.5.502.149.
- Linux users should update to Adobe Flash Player 184.108.40.2062.
- If you’re using Google Chrome as your browser, it should automatically update to the latest Chrome version. Chrome’s latest version runs Adobe Flash Player 220.127.116.11 for Windows, Macintosh and Linux.
- If you’re using Internet Explorer 10 on Windows 8, it will automatically update to the latest version of Internet Explorer, which includes the latest version of Adobe Flash Player, 11.3.379.14 for Windows.
- Android 4.x devices should be running Adobe Flash Player 18.104.22.168.
- Android 3.x devices should be running Adobe Flash Player 22.214.171.124.
How to keep up with all these security updates? You have several choices.
- Sign up for US-CERT email bulletins and follow the instructions.
- Run Secunia PSI and set it to check for updates weekly.
- Set Adobe and Java to send you updates automatically. Java will ask you questions; make sure you check for any obnoxious add-ons before you click ok.
In the Adobe security bulletin about this Flash vulnerability that you can read at http://www.adobe.com/support/security/bulletins/apsb13-04.html, Adobe recommends that you verify the version of Flash running on your device.
- To verify the version of Adobe Flash Player installed on your system, access the About Adobe Flash at http://www.adobe.com/software/flash/about/, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
- To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.
Posted: February 8, 2013 by IntentionalPrivacy in Identity theft, Privacy, Vulnerabilities
Tags: alerts, computer security researcher, identity theft, privacy, router security, security research, technology, UPnP
What is Universal Plug and Play? It is a protocol that allows network devices to talk to each other and it often runs on devices unless it is turned off. I have listed a few examples of devices that might have it enabled, which include such devices as home routers, printers, smart TVs, IP cameras, and home automation systems, but there could be many other types of devices that could have it turned on.
The first thing to check is your home router. How do you find out if your router is vulnerable? Rapid7 is a security research firm that has a free website-based tool that will check your router, available here http://upnp-check.rapid7.com/. Click the button “Scan My Router.” You do not have to install any software. It should take about 30 seconds to run.
If you want to check more than your router, there is a program on that page that you can download and run.
There is also a link to a page listing answers to frequently asked questions as well as a link to a more in-depth, technical explanation if you’re interested.