Hey IT Nerd! The CBC Says That My Credit Card Info Is Easily Stolen Using Smartphones. How Do I Protect Myself?

I’ll start by explaining where this question comes from. The CBC reported yesterday that credit and debit cards with RFID chips can easily be accessed using smartphones and apps that grab this sort of info. This is called “skimming” and this is something that is common in Europe with not only credit cards, but with RFID enabled passports. I’m not surprised by this as I once had a incident several years ago where I was buying a coffee at Tim Horton’s and I accidentally paid for it using my MasterCard rather than the cash I was intending to use due to the fact that my wallet with my credit card in it was close to the RFID scanner. Not good.

So, how do you stop this from happening? Here’s what I did. I got a wallet that blocks RFID transmissions. ThinkGeek.com has the one that I am currently using. Since Canada is moving towards using RFID enabled passports, I also decided to be ahead of the curve and I got a RFID blocking passport billfold as well for myself and my wife. Speaking of my wife, she got a RFID blocking wallet as well from this site.

Seeing as there are criminals who want this information, it makes sense that you do all you can to protect yourself.

LinkedIn Accused Of Sending Unrequested Invite To Man’s Ex-Girlfriend…. Awkward!

Here’s a really awkward moment. Say you’re a guy who broke up with a woman ages ago. All of a sudden, your LinkedIn contact info is added to her profile via a invite that you didn’t send. Creepy isn’t it? Good thing that it can never happen right? Wrong. It has happened:

An aggressive expansion strategy by LinkedIn has backfired spectacularly amid accusations of identity fraud. Users complained the social network sent unrequested invites from their accounts to contacts and complete strangers, often with embarrassing results.

One man claimed LinkedIn sent an invite from his account to an ex-girlfriend he broke up with 12 years ago who had moved state, changed her surname and her email address.

“My wife would like to know why I am suddenly linked to a girlfriend I broke up with 4 years before we met,” wrote Michael Caputo, a literary agent from Massachussetts, US, on LinkedIn’s support forum.

“This ex-girlfriend’s Linked in profile has exactly ONE contact, ME. My wife keeps getting messages asking ‘would you like to link to (her)? You have 1 contact in common!’”

LinkedIn did not respond to several requests for comment before publication.

How could this happen? Here’s how:

Speculation on support forums suggested a bug in LinkedIn’s algorithm was responsible for sending unrequested invites without users’ knowledge. Two threads about unrequested invites ran to more than four pages in LinkedIn’s support forums.

This could explain why I get unsolicited invites on my LinkedIn profile. And I have to admit, it’s annoying and is likely an invasion of the privacy of LinkedIn users. Now not only is LinkedIn not responding to the author of this story, but they also did this:

LinkedIn had closed one of the earliest threads to comments on its forum. Angry users in that thread, started in February, were already threatening to leave the network.

This is not how you deal with an issue like this. You need to come out and explain the issue as well as how you’re going to fix it. You also have to say you’re sorry. LinkedIn should really keep that in mind and rethink how they address this.

Meanwhile, I’ll rethink having a LinkedIn account.

Online Tracking – You’re Being Watched

 

Original Source: Backgroundcheck.org

Got A WiFi Enabled Phone? Stores Can Track You…. Yikes!

If you have a smartphone that has WiFi, and you visit retail stores, I have bad news for you. You’re being tracked:

How would they do it? Pretty simple really. When you come within range of a properly configured WiFi access point, it can record the wireless MAC address of your phone – a unique 12-digit number. Every time you pass by, that AP can log that number. If you enter that store or café every day, it will soon have a detailed record of when you (or at least your phone) entered and departed.

It gets better, or worse depending on your perspective:

From the retailer’s perspective, this information can be a virtual gold mine. For the first time they can easily track where customers go after they enter the store. They can identify repeat customers and first timers. They can find out whether shoppers are spending a lot of time in the toy aisle but rarely visit sporting goods or home appliances, and reconfigure the store layout accordingly. They can share data across different locations – to gauge whether the same customers spend more time in their discount outlets or shop at the locations closer to major freeway exits. They can even track people who walk by the store every day but never go in, or if more people enter after a window display is changed.

Needless to say, your privacy is at risk here. So what can you do? Two things come to mind. You can either turn off WiFi on your phone, or you can leave it at home before you go to the mall. Since these stores don’t tell you that they’re actually doing this sort of tracking, you’ll have no idea which stores to avoid. That’s not good.

Perhaps it’s time for some laws that regulate this sort of thing?

Instagram Changes TOS…. Users Angered…. Instagram Back Down

I deliberately waited to publish this story just so that I can see how this would play out. Earlier today, Instagram changed its terms of service effective in early January. Here’s the key thing:

Instagram does not claim ownership of any Content that you post on or through the Service. Instead, you hereby grant to Instagram a non-exclusive, fully paid and royalty-free, transferable, sub-licensable, worldwide license to use the Content that you post on or through the Service, except that you can control who can view certain of your Content and activities on the Service as described in the Service’s Privacy Policy, available here: http://instagram.com/legal/privacy/.

In English, Instagram has the perpetual right to sell users’ photographs without payment to you or any prior notification. Sucks to be an Instagram user.

This of course set off the usual firestorm of outrage online. People freaked out and rightfully so. Instagram responded this way:

Since making these changes, we’ve heard loud and clear that many users are confused and upset about what the changes mean

They then put some spin on these changes.

Here’s the bottom line. Instagram was bought by Facebook and these changes put Instagrm in line with what Facebook does when it comes to their terms of service. Users might be ticked off, but they have you by the shorthairs. You might want to kill your Instagram account, and that’s easy to do. But consider this, if you kill your Instagram account, how will your friends know what you’re doing? You’ll likely think twice and keep your Instagram account. That’s what they’re counting on. So if you really want to send a message, convince your friends to quit Instagram. IF a huge mass of people leave Instagram, they’ll get the message. But I don’t expect any mass defections. That means companies will continue to do stuff like this.

Pity.

 

Rent To Own Laptops May Be Watching Your Every Move: FTC

Are you someone that has decided to rent to own a laptop? If so, according to Wired, you might be one of 420,000 users in the USA who have spyware installed on those laptops that is watching everything you’re doing:

The software, known as Detective Mode, didn’t just secretly turn on webcams. It “can log the keystrokes of the computer user, take screen shots of the computer user’s activities on the computer, and photograph anyone within view of the computer’s webcam. Detective Mode secretly gathers this information and transmits it to DesignerWare, who then transmits it to the rent-to-own store from which the computer was rented, unbeknownst to the individual using the computer,” according to the complaint.

Apparently the software took pictures of children, individuals not fully clothed, and couples engaged in sexual activities. How delightful. The FTC found out about this and decided to do something about it. But:

Claudia Bourne Farrell, an FTC spokeswoman, said in a telephone interview the agency does not have jurisdiction when it comes to criminal offenses. She said the agency, when it believes criminal conduct may have occurred, will forward that to the appropriate agencies. But the agency, she said, has a policy against disclosing when it has done so.

“We don’t have criminal authority. We only have civil,” she said.

The companies were not fined, she said, because “we don’t have the authority to impose civil fines for the first violation of the FTC Act.”

Thus the deal that they came up with goes like this. The software stays but they can’t use it to spy on people and they have to warn users the software is there. It should be noted that the software can also be used to disable computers and track their locations. So it’s not like this software is all bad. But it’s clearly bad enough.

Clearly, the FTC doesn’t have the balls to really smack these idiots around. Thus one hopes that criminal charges are used in this case as I can’t see how the FTC settlement would act as any sort of deterrent.

Hey IT Nerd! What Do You Think Of The Privacy Issues That Elections Ontario Have?

For those of you who don’t live in the Province of Ontario, there was a major privacy breach reported last week. Two USB drives with roughly 2.4 million voters names, birth dates, addresses, genders, and even if they voted or not disappeared without a trace. Here’s something that blows me away. This happened in April. We’re only finding out about it now. The risks for identity theft are through the roof.

So what do I think of this?  First of all, why would such sensitive data be on USB drives that anyone could access? That’s a huge problem in itself because data that sensitive should be someplace that is hard to get to. Second, if you must have this stuff on some sort of removable media, it should be encrypted. That way if it fall into the wrong hands, it’s useless. That brings me to my third point. Elections Ontario had policies to stop this from happening:

Elections Ontario stressed that protocol was not followed in this instance.

Its policies dictate that USB keys must be password protected and encrypted if they carry personal information, and that the keys must be in the custody of staff at all times.

In this particular case, two staff members, who were working in a warehouse in late April updating the permanent register of electors for Ontario, did not follow the the rules.

The two were supposed to secure the USB keys at the end of the work day, but failed to do so.

The next morning when they returned to work, the keys were gone.

Well, if you don’t follow your own rules, that’s a #epicfail. That has to change.

Here’s the bottom line. This data is likely being used for evil purposes as you read this. That is something that you can take to the bank. And that should scare voters in Ontario. It should also lead to laws that hold people and organizations accountable for stuff like this. By accountable, I mean fines and jail time. Make it hurt and stupidity such as this will stop.

Cisco Responds To Router Firmware Backlash….. They Fail To Make Friends And Influence People

I’ll admit right off the top that I’ve been a bit late to post this. But I figured better late than never…..

Frequent readers of my blog will recall that Cisco auto downloaded a firmware update that took come control of a user’s router away from the user and moved it to the Cisco cloud. On top of that, there were some really nasty terms of service that allowed Cisco to go after you if you used the router to surf for porn and download illegal material. To nobody’s surprise, users were pretty ticked off. Well, Cisco responded to this via their blog:

Cisco prides itself on offering the best customer experiences, and privacy and security are at the core of everything we do.  That goes for Cisco Connect Cloud too. When a customer signs up for a Cisco Connect Cloud account, personal information is used only to establish an account in order to provide customer support.  Consistent with Cisco’s practices, Cisco Connect Cloud does not actively track, collect or store personal info or usage data for any other purposes, nor is it transmitted to third parties.

We also wanted to clear up any confusion about Cisco’s ‘opt in’ practices. Cisco Connect Cloud was delivered only to consumers who opted in to automatic updates. However, we apologize that the opt-out process for Cisco Connect Cloud and automatic updates was not more clear in this product release, and we are developing an updated version that will improve this process.

Now that sounds almost apologetic. But I’m guessing that this didn’t go over well. I base that statement on the this. Go to the blog post and scroll down to the bottom. You’ll notice this:

Cisco added a link to a second entry which provides far more clarity than the original blog entry. One wonders why they didn’t just do that in the first place? The second thing that you’ll notice is that comments are closed for this blog entry. That seems inconsistent with this statement on the original entry:

We apologize to any of our customers who were inconvenienced. We take feedback very seriously.  It is our mission to provide the highest quality offerings where customer satisfaction is always paramount.

Sure you do. That’s why comments are closed on the blog entry. Right?

Sorry Cisco, this is a #fail.

Google And FTC Close To Settlement Over Safari Privacy Issues

According to the LA Times, Google is close to reaching a deal that would require the company to fork over $22.5 million to make their issues with bypassing Apple Safari’s privacy controls go away:

Though the settlement still requires final approvals and could be changed before being announced to the public, people familiar with the matter say the agency and Google have agreed on a proposed settlement.

The dollar value is a significant one believe it or not:

If the settlement does come in at $22.5 million, the report says that amount would be the largest penalty ever imposed by the FTC but not the most Google has ever had to pay in a settlement — that distinction belongs to a $500-million settlement the company came to with the Justice Department last year for allegedly “promoting unlawful sales of prescription drugs,” according to the Journal report.

But Google’s problems aren’t over. The EU is looking at Google as well and they likely won’t be as nice as the FTC.

So much for not being evil.

Cisco Router Firmware Upgrade Angers Users

If you have one of the new Cisco routers with Cisco cloud capability, specifically the EA2700, EA3500 and EA4500, you likely got a firmware update recently. One of the things that the update does is moves all the router administrators features from your home network to Cisco’s cloud. That means that you can’t administer your router from their traditional web based interface and you’re forced to use their cloud to do it. Not only that, but you have to agree to some rather nasty terms of service:

You agree not to use or permit the use of the Service: (i) to invade another’s privacy; (ii) for obscene, pornographic, or offensive purposes; (iii) to infringe another’s rights, including but not limited to any intellectual property rights; (iv) to upload, email or otherwise transmit or make available any unsolicited or unauthorized advertising, promotional materials, spam, junk mail or any other form of solicitation; (v) to transmit or otherwise make available any code or virus, or perform any activity, that could harm or interfere with any device, software, network or service (including this Service); or (vi) to violate, or encourage any conduct that would violate any applicable law or regulation or give rise to civil or criminal liability.

While we are not responsible for any content or data that you choose to access or otherwise use in connection with the Service, we reserve the right to take such action as we (i) deem necessary or (ii) are otherwise required to take by a third party or court of competent jurisdiction, in each case in relation to your access or use or misuse of such content or data. Such action may include, without limitation, discontinuing your use of the Service immediately

So let me get this straight. As far as Cisco is concerned, it if you use the Web to view porn or download copyrighted files without paying for them, Cisco is really going to have a problem with you. It gets worse though. ExtremeTech found that Cisco has deleted a portion of a privacy statement that said Cisco would keep track of Connect Cloud customers’ “network traffic” and “Internet history.”

Thus it shouldn’t come as a shock that users are really ticked off about this.

Now if you want to control your router again, Cisco has instructions that allow you to roll back the firmware update. The next thing is to log in and to uncheck the automatic upgrade option. Something that I strongly suggest that you do if you have one of these routers.

Now what does Cisco have to say about this? They posted on their blog that “Cisco Connect Cloud does not actively track, collect or store personal info or usage data for any other purposes, nor is it transmitted to third parties.” Hmmm…. What does that mean? Perhaps Cisco only track users activities when they feel like it? Or when asked by someone? It’s a reasonable assumption that those are possible as the terms of service give Cisco the right to nail you if you violate their terms of service. And that wouldn’t be there if they didn’t plan on using it.

Sorry Cisco. I wasn’t a fan of your routers due to my previous experiences with them. But this is a major incentive to never buy your routers ever again. I’m pretty sure that many others feel the same way.