Sunday, December 7, 2014

5 Holiday Shopping SecurityTips.

5 Holiday Shopping tips to stay safe.

1.     Only use cash! 

The days of trusting that merchants are NOT infected with credit card spying programs are over. Target, Home Depot, Michaels, Neiman Marcus, bebe all compromised should be proof enough. You don’t have to take this advice, but don’t complain to me when your bank or CC Company issues a mandate that you must change your card at some point in the future. Also if you take this advice to only use cash, PLEASE READ TIP #2. As of this writing there are no reports that cash has been hacked.

2.       If you are distracted for ANY reason (person asking for directions, and incident occurs that   catches your attention) immediately grab for your wallet/purse.  
When I was a young teen my mother and father went to go grocery shopping. An hour or so later they returned visibly upset. While shopping, someone had stopped my father asking for directions, this also grabbed my mom’s attention and while my father delivered the directions someone grabbed the wallet out of my mom’s purse. They didn’t realize it had happened until after the loaded grocery cart was rang up at the register. That week my 5 siblings and I ate beans and rice.  

3.       Park in well lighted parking lots and if possible within line of sight of security cameras, security guards of any other witnesses that can alert law enforcement (Salvation Army kettle attendants come to mind).
During the Holiday season most retailers with increase security to deter shoplifting, this includes monitoring security cameras. You want to be a visible as possible and the bad guys want to stay invisible as possible. So this will prevent you and them from crossing paths.
4.       If you are shopping at multiple merchants, use your trunk. If you don’t have a trunk, take a sheet to cover shopping bags and packages.

Most thieves are opportunist, but they aren’t stupid, chances are you will find more of them casing a Dillard’s store than a Dollar store. Unfortunately retailers like to advertise via the shopping bags with which you leave the store. If you don’t want to advertise to the thieves cover up your shopping items if you can’t put them in the trunk.    


5.       Find your keys before leaving the store to go into the parking lot, carry them in your hand and if you have a remote entry with a panic button place your finger on it. If you are approached for any reason, activate your alarm.
This will prevent you from fumbling around your purse or pockets for keys while you are a easy mark for robbers. If you feel at any point that your safety is compromised, activate your alarm. Most alarms can be activated by holding one of your remote buttons down for several seconds. This will attract attention to your location and that’s the last thing someone who may steal or harm wants.

Have a Happy and safe Holiday Season!!!  

Friday, December 5, 2014

BeBe Stores confirm security breach

Yesterday Brian Krebs broke the story that credit cards from an East Coast bank were being sold on a new website. The bank purchased some of the cards belonging to its customers and analyzed the
purchases to determine the compromise came from Bebe stores. Today Bebe confirmed the breach.

This brings up a frightening trend, the credit cards from Home Depot, Target and others compromised last year were selling for around $20 each. Maybe the hackers want to up their game and get cards with higher credit limits. Bebe would certainly fit into this scenario. Is Louis Vuitton, Gucci and Coach next?

Tuesday, December 2, 2014

The “track your package” virus

As Christmas grows closer a new threat emerges. This one uses several of the hacker’s favorite tools, a little social engineering, email spoofing and Zero-day exploitation. Here’s how it works:

You receive an email from a spoofed email address posing as FedEx, UPS, DHL, or USPS with a subject line of “Package Tracking Information”. The social engineering part is the hackers know everyone is shopping online and expecting packages to be delivered this time of the year.  Usually in the body of the email there is a link to click on to track your package. Clicking the link will certainly lead you to an exploit kit that will try to infect your computer usually with a never discovered vulnerability exploit (Zero-Day).

The Crypto Locker virus, the one that encrypts all your personal files and holds them hostage for $300.00, was being delivered this way last Christmas (2013). No telling what they have for us this year.

Here are some tips to avoid this from happening to you this holiday season:

·         If you are going to click links in web based email, use an iPhone, iPad, Mac or other non-Windows based device.

·         The online retailers will usually have a way to track packages on their websites, use it!

·          Never assume an email is from where it appears to be from. It’s just so easy to spoof email addresses.

Stay Safe and happy Holidays!  

The Internet Security Brief - Introduction

For the last decade I have trained new employees for the healthcare company I work for every two weeks in network and Internet security. The following is a summary of that training.

The first thing you need to understand about the Internet is, it’s just a baby, well a teenager now, and it’s still growing up. So to get a good understanding of the state of security we need to rewind the hands of time to about 2002. Prior to that year the Internet was mostly static pages of information. Back then it was called the Information Highway. In 2002, Google published a white paper entitled “Web 2.0” meaning we would see an upgrade from the Information age as it was called at the time.

The paper stated how the new web 2.0 was going to be more dynamic, more interactive, and today we certainly see that came true. It’s like a virtual city that delivers real things, from education to soul mates. Almost everything you can do in a real city you can do on the Internet. For instance, you can, shop, bank, invest, find a job, get an education, check your medical labs, socialize, and yes, even find your soul mate! But who would build a city and put all those goods and services, but never build a Police department?

That’s right, the Internet is a City without any security departments, and in fact it’s left up to you alone to provide your own protection. Beware!

Have you ever been to Russia, China, Indonesia, or Pakistan?  One thing about this new city on the wire is it’s big, real big because it’s global. So even if you don’t have the resources or even the desire to visit those countries, you are but one click away from them. Who agrees there are countries in this world that don’t like the United States or her citizens, well they are only one click from us and you! Scary huh?

The pre-2002 Internet, wasn’t without viruses or even hacks, but most of it was benign, website defacement with shoutz outs to hacking groups and girlfriends, most hackers were even nice enough to backup the original webpage so the site could be restored. I refer to this almost playful type of hacking as Cyber tagging. But oh how things have changed, just like a baby, through the tweens, teens and now approaching adulthood, life starts to get serious.

Remember how I said the new web 2.0 would be dynamic, interactive, even fun? The tool kit to make that happens comes from a vast network of companies that plug into your Internet web browser. Companies like Adobe, Oracle, Apple, Microsoft, and many more. For instance, if you’ve ever watched a video on YouTube, you were using the Adobe flash player. Have you ever opened a PDF file? That’s the Adobe Acrobat Reader.  Playing games on your computer? Chances are you were using Sun Microsystems/Oracles ‘Java.  And the list goes on and on, iTunes, QuickTime, MS Silverlight, etc.

Every one of those programs plugged into your web browser is vulnerable, even the Browser itself can be vulnerable. In fact Java is the worst of all. Even the Department of Homeland security issued an advisory for Americans to uninstall it from their devices. You can diligently try to update them all, Sigh

But not all is lost, with the Internet came new opportunities. Industry have been born on the wire, look at eBay, Facebook, Google, billion dollar companies, would have never happened without the creation of the Internet.
But there is another industry making its living on the Internet. The Cyber Criminal industry selling not only stolen information, credit cards, and even the viruses used to steal them. Hackers are for hire and virus writers can customize a virus to your specification. Case and point you can buy the virus that infected Target on the Internet for $1000.

How security breaches are found.

The answer might surprise you.

When you hear about the security breaches at retailer like Target and Home Depot, you might think internal security audits found them but that typically isn’t how it’s done. Most companies are alerted by third parties, such as credit card companies, security experts or law enforcement when it’s determined a number of customer credit cards are being used or are up for sale on the black markets.
For instance, take the 40 million credit cards stolen from Target, of them only 5% were sold for around $20. The clearing houses that sell these cards even compete against each other and like so many online resellers, they even ran a sale on stolen credit cards yesterday, Cyber Monday 2014.   


Hi my name is Steve Parker and I've been in Information Technologies for 20 years. Sure I have the skills in Cisco and Microsoft, SQL, Exchange, etc. But my passion is in security, and that's what I plan to Blog about here. I believe most people on the Internet today have no clue of the dangers that exist on the Internet. Sometimes I'll blog about technical incidents and issues, other times I'll blog about social engineering. I hope my blogs will be interesting and helpful. -Steve