40 Million People Hacked - YOU as Identity Theft Victim

Saturday, MasterCard blamed a vendor of ALL credit card providers called CardSystems Solutions, Inc., a third-party processor of payment card data, as the source of loss of 40 million consumers credit card information.

As is pointed out by several newspaper and web articles over the last few weeks, each recapping long lists of financial information data breaches, something's gotta give before we entirely lose trust in financial institutions, data brokers and credit bureaus. How much privacy loss can we take without acting?

These types of data loss were very likely common and have very probably been going on for a very long time. The difference is that now, THEY ARE REQUIRED BY LAW TO DISCLOSE THOSE LOSSES - not just in California, but in many states. National disclosure laws on data security breaches are being considered in Congress.

I suggest that these breaches of data security all came to light due to the California law requiring disclosure from companies suffering hacking loss or leaks or social engineering or crooked employees or organized crime rings posing as "legitimate" customers. All of the above have been given as reasons for security lapses or poor security policies.

About three years ago, a friend told me his paycheck deposit to Bank of America went missing from account records after he took his check to the bank on Friday. By Monday, Bank of America was in the news claiming a computer glitch had disappeared the entire day's deposits. I mumbled to myself, "I'll bet that was a hack and that hacker just made a huge offshore banking deposit with B of A depositors' money."

But we didn't find out why it happened in that particular case because there was no disclosure law in place at the time. Now we have disclosure laws that mandate notice of security breaches. Now suddenly - huge financial services hacks and devious criminal social engineering outfits posing as legitimate customers and apparently "innocent" losses by transport companies of backup tapes begin to come to light.

This spate of data loss incidents is proof of the need for corporate "sunshine laws" that make public notice mandatory of those data losses that threaten customer information.
Who is going to lose here - the public, the corporations, the criminals, or the government? I'd prefer that the bad guys get the shaft and take down crooked company insiders that either facilitate data loss by underfunding security and encryption or participate in data theft or loss in any form - even if that participation is security negligence.

Financial companies and data brokers have been covering up the losses and keeping quiet about hacks so as not to worry or frighten their customers. But that practice is essentially ended now that they must notify the public and disclose those losses instead of hushing them up.
Keeping the breaches hidden from public view is bad practice as it maintains the status quo. Disclosure will facilitate internal corporate lockdowns on the data and all access to it. Disclosure will educate the public to the lack of security and danger to the sensitive information we all provide rather casually and routinely to businesses.

As the following link to a silicon.com story suggests, we cannot take much more of this lack of regard to privacy and must lock down financially sensitive data securely and must begin to hold data brokers, bureaus and handlers VERY accountable.

Insist to your elected representatives that your financial data be locked down, encrypted and guarded by those entrusted with storing, transporting and using it. Since our financial, medical and legal lives are increasingly being housed in digital form and transmitted between data centers of multiple handlers - we need to know it is secure. We also need to know when that security has been breached and our data compromised or lost.

Thieves are becoming more aware of the ease with which they can find and access financial data. Hacking is not the source of the greatest losses.

Organized crime has easily found their way into our financial records by simply paying for it by posing as "legitimate" business customers of information brokers such as ChoicePoint and Lexis/Nexis. Any business can buy financial and credit information from those information bureaus and credit reporting agencies by meeting rather lax requirements for "need to know" that data.

As long as it is possible to purchase our sensitive data from brokers and bureaus, organized crime will "legitimately" buy it from those sources, then ruin our credit by selling that information at a higher price in identity theft schemes.

Since disclosure laws have come into effect, those breaches have been made public, credit cards cancelled before losses can occur and credit reports monitored to watch for suspicious activity. The bad guys activities are squelched because we are made aware of the possibility our information has been compromised.

Not all blame can go to financial institutions and data brokers. Protect your own private data by protecting your computer records at home, in the office, on your laptop and in your PDA by using basic keyword security and locking down files. Use built in encryption on your operating system and your home network to keep data secure. Then be certain to clear that sensitive data off the computer when you sell it or throw it away.

Data security is something we all need to take seriously and the corporate breaches are dramatic illustrations of how important it has become to build digital fortresses around our critical financial, legal and medical information.

Mike Banks Valentine is a privacy advocate and blogs aboutprivacy issues at PrivacyNotes.comYou can read more about identity theft issues at:Publish101
Contact MikeValentine for Search Engine Optimizationhttp://www.seoptimism.com

Article Source: http://EzineArticles.com/?expert=Mike_Valentine

The Meaning of Hacking and the Different Kinds of Hackers

When you hear news about 'hackers' penetrating a website, your reaction will typically involve dilating pupils and astonishment -- if the website is your own, symptoms may include a big deal of swearing and deep hate for the hacking community as well.

What you probably don't know, though, is that not all hackers are doing this for their pure amusement: some of them may have done it without malicious intentions, some others even with the aim of improving your security system.

Despite what you may have heard, the meaning associated to the word 'hacking' is a positive one, and it mainly refers to the ability and desire to understand the inner mechanisms through which different components in the ICT world (typically computer programs) work. For this reason, even regular computer programmers are sometimes referred to as 'hackers'.

However, it would be impossible to group all 'hackers' in a single category: the reasons that may bring someone to break a site (or computer program) security can be varied and span from noble intentions (security testing/improving by attack simulation) to not-so-noble ones (testing their programming ability, accessing secret information, or just doing it for the sake of doing it). or even for political reasons.

For this reasons, the hacker community usually distinguishes its members into the following groups, mainly based on the individual aim and ability:

CRACKERS (or Black Hat Hackers): those who will enter your computer just for the fun of it, or to prove their technical skills, which are usually mid to high level.

BLUE HAT HACKERS: A blue hat hacker is someone outside computer security consulting firms that are used to bug test a system prior to its launch, looking for exploits so they can be closed. The term has also been associated with a roughly annual security conference by Microsoft, the unofficial name coming from the blue color associated with Microsoft employee badges.

GRAY HAT HACKERS: A gray hat hacker is a hacker of ambiguous ethics and/or borderline legality, often frankly admitted (the color itself stands somewhere in between 'black' and 'white', the 'bad' and the 'good' guys).

WHITE HAT HACKER: A white hat hacker (sometimes referred to as 'ethical hacker') is someone who breaks security but who does so for altruistic or at least non-malicious reasons. White hats generally have a clearly defined code of ethics, and will often attempt to work with a manufacturer or owner to improve discovered security weaknesses, although many reserve the implicit or explicit threat of public disclosure after a "reasonable" time as a prod to ensure timely response from a corporate entity. The term is also used to describe hackers who work to deliberately design and code more secure systems. To white hats, the darker the hat, the more the ethics of the activity can be considered dubious. Conversely, black hats may claim the lighter the hat, the more the ethics of the activity are lost.

SCRIPT KIDDIES: Script kiddie is a pejorative term for a computer intruder with little or no skill; a person who simply follows directions or uses a cook-book approach -- typically using other people's scripts and shellcodes -- without fully understanding the meaning of the steps they are performing.

HACKTIVIST (rare): A hacktivist is a hacker who utilizes technology to announce a political message. Web vandalism is not necessarily hacktivism.

These categories tend to have a 'closed' approach with one another, meaning white hatters will tend to stay away from black hatters, and vice versa -- which is mainly due to the fact that the single most important thing all these communities have in common is the central role of their 'online reputation'.

Check out the author's website for more articles: http://wysinnwyg.altervista.org/

Article Source: http://EzineArticles.com/?expert=Dario_Borghino

Secure Your Online Business From Hacking

Consumers are generally wary of online transactions. They worry that companies will share their personal data with other corporations without permission or that hackers will steal their personal data submitted online. They may trust your company but are unable to trust your website or your payment processor. You have to work with your customers to help them build trust in your website.

Building Trust in Your Website.

Install a Secure Server Certificate on your server. Put a ‘lock’ on people’s browsers so the information remains secure.

Have a clear, clean privacy policy statement. Tell people you do not sell addresses; have a legal document as required by the Federal Trade Commission (FTC).

Secure your server. Pay attention to the Web server’s activities and best practices and to the software, they run. Keep up-to-date on patches.

Install an Intrusion Detection System. This will prevent the hackers from breaking into your system.

Turn off unneeded services and ports. Do away with unused software as well. Make your system invisible to Internet messages from other servers if you don’t need to access a database from other systems.

Fraud-Proof Your Online Business.

Secure your online e-business against the ‘phishing’ scams and direct e-mail campaigns to your customers posing as your business by unscrupulous hackers.

Protect your password. Change your passwords regularly. Never share password for sensitive applications with anyone. Change it after web designers or programmers finish their work.
Use proven service providers. For custom programming, use the services of only reputable companies to protect sensitive data.

Shred everything. Shred bank statements, check stubs, printed e-mails, name lists and other related items that can lead someone back to you, your customers, your accounts or your online address.

Fight the clone wars. Keep an eye out for illegal copies of your website posing as your business. Threaten their hosting company and their domain registrar, and tell them all to desist from illegal activity.

Troll eBay regularly. Sign up with eBay’s Vero program to get the offenders selling bootleg copies of your products to shut down. Set up automated searches to mail you any time a listing is placed with your name.

Do not share information. Never leave your incoming or outgoing mail in your mailbox overnight. Be careful of any shareware. Download only secure software to avoid spyware or viruses to steal or spoil your software.

Securing Your Computer

Keep your computer safe and running at top-notch speed. Maintain it properly, clean the unit and keep components in cool place.

Have a robust operating system.

Install secure anti-hacker and ant virus software.

Perform daily maintenance on your computer to keep it free from unneeded programs.
Have a backup drive to upload the information from one to another computer.
Keep important duplicate data off-line to protect it and you from hackers.
Keeping your online business secure from hacking is essential to gaining the trust of your customers and retaining them. Hackers are getting smarter by the day. Do keep updated on latest techniques to avoid being caught unawares.


Alexander Gordon is a writer for http://www.smallbusinessconsulting.com - The Small Business Consulting Community. Sign-up for the free success steps newsletter and get our booklet valued at $24.95 for free as a special bonus. The newsletter provides daily strategies on starting and significantly growing a business.

Business Owners all across the country are joining "The Community of Small Business Owners” to receive and provide strategies, insight, tips, support and more on starting, managing, growing, and selling their businesses.

As a member, you will have access to true Millionaire Business Owners who will provide strategies and tips from their real-life experiences.

Article Source: http://EzineArticles.com/?expert=Alexander_Gordon

Hacking is a Crime, So What Can You Do?

We have all heard the horror stories about hackers busting into computers and learning secrets, that are suppose to be secure. And we have seen the movies where terrorists hack into highly secured government computers and take over, shutting down electric and water systems, and getting nuclear bomb codes. Although these are rare, and major if they ever did happen, there is still a lot of everyday hacking that is happening to the general public, such as Identity thief. This is a process where people get your personal information, either from computer files or even on paper. And they use it for their own gain.

We all have information stored on computers. Even if you don't own one your information is still in large computer systems everywhere. Our banking systems use them, our government agencies, our schools, and work places. In all these computer lays our very critical details. Such as Driver's License number, Social security numbers, bank accounts, credit cards, health records, etc. And if you do use a computer for personal use such as shopping, then you have had to give your information over a computer many times. And if you make purchases over the internet often you my have your information saved so you don't have to enter it every time, and this could make it easier for someone to get a hold of it for the wrong reasons.

Online banking is another good example of our information being accessible on a computer. These hackers learn how to get our information from our personal computers, or even our banks. And they collect important pieces of our lives. Anyone who has ever been a victim of identify thief can tell you what a nightmare it can be. Your savings could be wiped out and your hard earned credit rating destroyed. So what can be done? Our banking systems and other high level organizations have top notch security measures in place to help protect us and our information. They also have people working everyday on improving security, and learning how to handle and avoid new threats. On our personal computers we need to take the proper precautions. And have different types and levels of security software in place. Hopefully this will help prevent anything bad from happening to our detailed information.

When you are shopping, or doing anything on the internet that requires you to give out details about yourself that can fall into the hands of a thief, be careful, and make sure the site you are giving this information to is secured and legitimate. Microsoft windows has an alert systems in place that tells you if you are entering an unsecured web page, it also checks the security certificates of a website and if there is a question it will advise you not to go there.

Pay attention to all the alerts when they are given, they are there to help protect you. Computers and the internet have made our lives much more fulfilling and easier. You just need be little careful and cautious. Just like walking to your car in the dark late at night, Just pay attention.

SEO Consultant Specialist is a famous SEO. He also writes about variety of topics including computer science and internet.

Article Source: http://EzineArticles.com/?expert=Hayi_Mansoor

What Is Ethical Hacking?

An Ethical Hacker is an expert hired by a company to attempt to attack their network and computer system the same way a hacker would. Ethical Hackers use the same techniques and tactics as those used by illegal hackers to breach corporate security systems. The end result is the company's ability to prevent an intrusion before it ever occurs.

A company can't know if their security system is solid unless they test it. It's hard, though, for a company's IT team to thoroughly ring out the system. Try as they might, the techs can't go at the system with all the malicious or mischievous motives of a true illegal hacker. To thoroughly uncover vulnerabilities, the theory goes; you must examine your security system through the eyes of an illegal hacker.

The word hacking has strongly negative connotations, and, for the most part, rightly so. But ethical hacking is much different. It takes place with the explicit permission of the company whose system is being attacked. In fact, their "good guy" role is underscored by the nickname "white hat" Ethical Hackers have been given. The nickname is a throwback to old Westerns where the good cowboys could be identified by their white hats.

The company and the Ethical Hacker enter into a legally binding contract. The contract, sometimes called a "get out of jail free card," sets forth the parameters of the testing. It's called the "get out of jail free card" because it's what harbors the Ethical Hacker from prosecution. Hacking is a felony, and a serious one at that. The terms of the agreement are what transform illegal behavior into a legal and legitimate occupation.

Once the hacker has exhausted his attempts, he reports back to the company with a list of the vulnerabilities he uncovered. The list in and of itself, however, is not particularly useful. What's most valuable is the instructions for eliminating the vulnerabilities that the Ethical Hacker provides.

An Ethical Hacker works to uncover three key pieces of information. First, he determines what information an illegal hacker can gain access to. Next, he explores what an illegal hacker could do with that information once gained. Last, the Ethical Hacker ascertains whether an employee or staff member would be alerted to the break-in, successful or not.

At first it might sound strange that a company would pay someone to try to break into their system. Ethical hacking, though, makes a lot of sense, and it is a concept companies have been employing for years. To test the effectiveness and quality of product, we subject it to the worst case scenario. The safety testing performed by car manufacturers is a good example. Current regulatory requirements including HIPAA, Sarbanes Oxley, and SB-1386 and BS 799 require a trusted third party to check that systems are secure.

In order to get the most out of the assessment, a company should decide in advance the nature of the vulnerabilities they're most concerned with. Specifically, the company should determine which information they want to keep protected and what they're concerned would happen if the information was retrieved by an illegal hacker.

Companies should thoroughly assess the qualifications and background of any Ethical Hacker they are considering hiring. This individual will be privy to highly sensitive information. Total honesty and integrity is of the utmost importance.

Paul Walsh, of http://www.protocolsolutions.co.uk asks the scariest question out there: Think your network is safe from malicious attack? Find out for sure - a quick, complimentary chat will help you sleep better.

Article Source: http://EzineArticles.com/?expert=P._Walsh

Security and Open Source Content Management Systems (CMS)

21 April 2008 - By Sean Fishlock

It is every IT manager's nightmare. Your website has been hacked, defaced, private and sensitive information has possibly been compromised, possibly even exposing gateways to internal systems. This can happen to any business and due to the rapid expansion of the open source software industry is particularly effecting small business.

One of the often overlooked when evaluating web software is security. Choosing an open source CMS, for example, particularly the popular ones can leave you wide open to hackers. No matter what size of site your company is or how big or small your site is, this is something you should definitely take into account. Make sure you read between the lines.

Many of our competitors "sell" solutions which include these open source packages. This offers a price advantage, as they don't have to pay for the software they use in their solution. They will often choose the most popular systems, because they offer the most features and extensive communities. In doing so, they forfeit much control over the software that they build their solutions in, lack understanding on how it works and how to protect it from attack and unless they actively update and maintain the software and apply patches (which many don't), they leave their customer's security wide open. When they customise it, how do you know that they aren't exposing new holes in the software to attack ? This concerns you whether you outsource your website hosting or host your own website. Do you really know which system your developer has built your website with and how much do you trust it ?

Having been burnt on my own personal hobby projects by Mambo, Joomla and PHPBB (all open source systems), I can tell you first hand that it is not a pleasant experience when things go pear shaped and you don't know for why. While I had applied every update and patch available and although I did not customise one bit of code I had both of these systems hacked and it caused me a lot of frustration and pain to get the sites up and running again. I have also heard firsthand of many of the disasters that happen when uni students and amateur developers whack websites together with these tools. There is a big difference between this and a professional approach.
There are a few key principles to consider here: read more go here

http://www.datalink.com.au/company/blog/best_practice_strategy/open_source_cms_security

Bypass proxy at Your Company

Step 1: If Bess used to filter URL at comp or school, visit https://vtunnel.com/
Use v-tunnel, you'll be able to surf anyplace you like.

Step 2: Just enter the website address you want and click "submit" button, you can find lots of working web-based proxies at http://www.aplusproxy.com/webproxy.php.

step3.Download free proxy software like Freenet, JAP, and Tor then can automatic search the proxies from the Internet and configure the browser setting for you. For more info, please go to http://www.aplusproxy.com/torpark.php.