Archive for November, 2010

by Ondrej Krehel

Keeping your computer in tip-top shape not only enhances your online experience, it can help make attacks from malware, viruses and spammers more obvious. If your computer is always running slow and choppy, it’s not so easy to tell if a webpage or newly installed program is slowing things down.

These few basic maintenance steps will help speed-up your Windows PC and ultimately help you stay aware of your computer’s performance:

1.    Turn on Automatic Updates in Windows Update. This will make sure you have the latest software patches, which are usually published to fix known bugs and security flaws.

2.    Run Disk Clean Up. This Windows program, in the Start menu under Accessories/System Tools, removes temporary and system cache files that can unnecessarily take up hard drive space. There is also a good free version of , which can be used in unison with Disk Clean Up.

3.    Uninstall programs you don’t use. New computers come bogged down with software, often times from the computer manufactures themselves and range from special photo tools, printing software and cumbersome tech support packages. On the Control Panel in Windows there is a very straightforward place to Add and Remove Programs. Go through the list a remove whatever you don’t use. But be careful! If you don’t know what the program is ask a computer-savvy friend and don’t uninstall until you’re sure it’s not needed. Combined with Disk Clean Up, this is a powerful way to free hard drive space.

4.    Defrag your hard drive. Defragmenting your hard drives puts files in order, which quickens the seek time for documents and other data. Windows comes with a basic defragmenter, also under Accessories/System Tools. Microsoft has good step-by-step directions on defragmenting and disk clean-up .

5.    Clean your registry. As you install and uninstall programs in Windows, commands are being written to your computer’s registry, which you can think of as the directions Windows follows to get up and running when it’s first turned on. Programs such as will scan your registry for old directions, missing links and automatically clean it up for you. But beware: a poorly edited registry can cause system trouble, so always backup a copy before you clean it. (CCleaner will automatically prompt you to backup.)

6.    Disable unneeded services, including indexing services. They consume resources and decrease performance of your computer.

7.    Manage your startups. By managing your operating system startup programs you can free vital CPU resources. This is a quick and easy tweak to speed up PC CPU access time. You can access this quickly by typing “msconfig” in the Windows run bar.

8.    Antivirus, antivirus, antivirus! You’ve heard me say it before, but make sure you’re running an antivirus program, and set it to automatically update and scan your system, at least once a week. There are free online scans from the major antivirus vendors, such as , , and . And free programs available such as AVG.

9.    Anti-Malware, anti-malware, anti-malware! Again, this is a necessary repeat. You should be running some kind of malware removal program. There are several free programs available for personal use that will scan your system, such as , and .

10.    Run a firewall. Don’t believe the myth that they slow down your computer significantly. Windows, Linux and Mac all have built-in firewalls, which are far better than nothing at all.

11.    Update your browser. is winning the browser war. Whether on a Mac, PC or Linux, Firefox is the browser of choice for security and speed. Make sure you set it to automatically update. Look at the and install ones you like— Adblock Plus and NoScripts are a good place to start.

Your computer will run as well as the time you invest in maintaining it. Being an educated user will help you increase performance and security.

Ondrej Krehel, Chief Information Security Officer,

Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.

by Ondrej Krehel

Smart Phones

There are cell phone apps for everything these days, including as it turns out, spying. Yes, that’s right, spying—like 007 himself. And they’re not as hard to use as you may think.

an application from the Android marketplace that . The idea is simple: a message is sent to one phone, and without the user knowing it, it automatically forwards it to a second phone. It’s as easy to setup and install as Angry Birds, or any other cell phone app out there.

Other spying applications can track cell phones via GPS. The Android game acts as a shell for the app GPS Spy. Tap Snake sends GPS data every 15 minutes to a second phone with GPS Spy enabled. Though considered malware, the program is still .

There are some that can —record email messages and SMS sent from the phone and monitor the phone location via GPS. They run in the background, hidden from the user, and are marketed primarily toward parents wanting to keep track of their kids and employers suspicious of their employees.

The more sophisticated our phones get the more programming possibilities—good, bad and ugly. With all that’s happening, is it surprising that we’re seeing a rise in anti-malware and for ? Probably not. It’s something to consider along with more generic security procedures such as password locks and application prompts for GPS and Internet access.

Ondrej Krehel, Chief Information Security Officer,

Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.

Image:

by Eduard Goodman

When it comes to regulating privacy, the United States is often considered an outlier in the international community.

First, we take a sector-specific approach to privacy. Other countries typically have one blanket policy that covers all aspects of life. We have numerous specific privacy regulations that cover everything from criminal law to credit histories to video rental records and health care information.

As a result of our disparate approach to privacy, unlike most other modern nations, we’ve never had an agency or individual whose sole duty is to protect privacy. We have no “Data Protection Authorities.”

However, we’ve been fortunate. In the past decade, the (FTC) has stepped up to play an active role in regulating and enforcing consumer privacy in the U.S. But the FTC typically addresses privacy issues within the context of consumer protection. The FTC has the authority to go after “unfair or deceptive acts or practices in or affecting commerce.” Data protection isn’t the agency’s sole duty. It doesn’t enforce privacy for privacy’s sake.

But is our lack of a designated Privacy or Data Protection Authority that exceptional?  Look at it this way: Every European Union member nation (all 27 countries) has a designated data protection authority. Canada and Mexico both have dedicated data protection authorities. Argentina? Dubai? Israel? Russia? Check, check and check. And while China, to my knowledge, does not have a data protection authority per se, Hong Kong does. In fact, it’s difficult to think of countries without a privacy commissioner.

So until recently our lack of a privacy post has made it difficult for the U.S. to sit at the table and present our take on emerging issues in international privacy. That’s why I was so pleased to find out that at the recent 32nd International Conference of Data Protection and Privacy Commissioners held this past October in Israel, the FTC’s application for membership was finally accepted. (Previous attempts at membership were flatly rejected.)

So what does this mean? First, the FTC now officially represents U.S. privacy interests to the international privacy community—not the Department of Commerce or the Department of State. Second, it’s a tacit recognition by European countries that, like it or not, the U.S. takes a different approach to enforcing privacy.

My hope is that this recognition from other countries means they acknowledge that different isn’t better and different isn’t worse. Different is just different, especially since when it comes to privacy, no country has managed to get it quite right anyway.

Eduard Goodman, Chief Privacy Officer,

An internationally trained attorney and privacy expert, Eduard has more than a decade of experience in privacy law, fraud and identity management. He is a member of the state bar of Arizona and served as the 2008-2009 section chair of the bar’s Internet, E-Commerce & Technology Law Practice Section.

by Ondrej Krehel

Online sales are predicted to cash in at $52 billion this holiday season, up 16% from last year, . If you’re planning on doing any holiday shopping online, here’s an extensive list of tips to keep you safe while you cyber-shop, courtesy of .

• Shop on secure sites. They’ll have “https” in the address bar and a yellow padlock logo to the right of the Web browser address bar. Double-click on the lock to see a digital certificate of the website. Review these certificates on unfamiliar sites.

• Enter correct URLs. Hackers often buy misspelled domains to trick people into entering personal information.

• Never enter your Social Security number or passwords to email and bank accounts as part of the buying process with online retailers.

• Leave suspicious websites immediately. Don’t click on any of the site’s buttons, run content or download software.

• Create “strong” passwords for online retailers and personal email accounts that have numbers, upper- and lower-case letters and symbols. For example, “3Dogz$$!” is better than “1006.”

• Use different passwords for online retailers, personal email and banks accounts. If a hacker cracks one password, he won’t have access to others.

• Read site reviews before making any purchases. compares prices and users’ comments on retail websites. , and monitor retailers, site performance, possible issues and deals.

• Never save personal information on an online retail website. Retailers will offer convenience and better deals, but many customer databases are breached by identity thieves. It’s not worth the risk.

• Read website return and privacy policies before making purchases. If there’s any doubt about fairness, find another site.

• Be aware of phishing email scams that include website links advertising incredible deals. Don’t click on them. Type the link directly into your browser.

• Use credit cards, not debit cards. Try to use credit cards with low limits to minimize the damage if a thief takes over the account. Or, use a “one-time” credit card number from payment processors such as PayPal.

• Never link a bank account to an online pay service such as PayPal. Hackers could break into the PayPal account and drain money from the linked bank account.

• Never send payment information via regular email. It’s not secure. Make sure all personal information transactions are done on a secure site.

• Uncheck boxes advertising “additional offers.” These services are sometimes offered for a low initial fee that later increases to a high, recurring charge on your credit card. Also, they’ll issue your contact information to spammers.

• Save records of all purchases either in an electronic document or on paper. Save records digitally with the free Adobe PDF print driver or PDFCreator.

• Secure mobile phones used for shopping. Back them up regularly and enable security features such as power on password and inactivity time lock. Learn how to clear browser caches and, if available, enable data encryption and antivirus applications.

• As always, install and update antivirus, anti-malware and firewall software on your computer. Update its operating system and Internet browser with the latest security patches.

• Don’t forget to power off your computer completely when you are finished using it.

Happy shopping!

Ondrej Krehel, Chief Information Security Officer,

Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.

by Eduard Goodman

As parents, we do everything in our power to protect our kids and teach them to respect themselves and others. It starts early with warnings of “Hot! Don’t touch.” Then discussions evolve to cover the more challenging topics of sex, drugs and alcohol use.

My parents set a good example about what to do—and what not to do. But they only had to cover the sex talks and requisite Nancy Reagan, “Say No to Drugs” lecture. Privacy issues weren’t on their radar.

Raising kids today is a world apart from 20 to 30 years ago. I struggle with how to teach my two small children the importance of privacy in a digital world. How do we explain that a respect for privacy is essential to preserving their dignity and that of others? How do we convey that privacy is an American value?

The daily news offers examples of why teaching kids about privacy is important. Take the tragic case of Rutgers University freshman , whose roommate broadcast his romantic encounter with another man over the Internet. This violation of Tyler’s privacy and public outing led to his suicide on Sept. 22, 2010. (His suicide note was reduced to a status update on Facebook that read, “Jumping off the gw bridge sorry.”)

When I was in college, the concept of someone secretly filming and broadcasting my activities “live” to the world was something out of James Bond. Now everyone carries pocket-sized cell phones with a GPS, camera and Internet connection.

Problems with sexting and online bullying among teens should underscore the need to have conversations with our children about the pitfalls of oversharing.  As kids get older, these conversations will naturally spill over into talks about respect for others, respect for privacy, as well as the concept of discretion. It’s never too early to start the conversation though.

But how early? How do you start this conversation with a kid who isn’t even in kindergarten? I’m trying to figure that out myself.  Maybe it starts with imparting upon them the importance of keeping a secret for a friend when they confide in you or why we don’t pick our noses (in public). Establishing the boundaries between public and private, and teaching about the risks of “oversharing” information can start before age 5, you just need to know how to frame it.

If you have any ideas, let me know.

Eduard Goodman, Chief Privacy Officer,

An internationally trained attorney and privacy expert, Eduard has more than a decade of experience in privacy law, fraud and identity management. He is a member of the state bar of Arizona and served as the 2008-2009 section chair of the bar’s Internet, E-Commerce & Technology Law Practice Section.

by Ondrej Krehel

Earlier this year CBS News brought national attention to an interesting —digital copy machines. Since 2002 nearly all large copy machines store images to an eternal hard drive, essentially saving to disk whatever paper is placed on the glass and copied.

CBS News bought four copiers and with free recovery software pulled volumes of documents off their hard drives, including documents from the Buffalo Police Department’s sex crimes division and thousands of medical files from a New York healthcare provider. The latter had to contact three government agencies and 400,000 clients to . Many of the copiers were actually sold overseas, primarily to developing countries, before the data in them was properly scrambled.

Since the report, New Jersey has considered a , but it has yet to be passed. As it stands, despite this obvious potential goldmine for identity thieves, there is no law or mandatory safeguard to stop the buying of used copy machines for stored personal information. Until that changes, the onus on protecting your identity when it comes to digital copiers is solely on you.

The first step is awareness. If possible, avoid making copies of sensitive documents, such as Social Security cards, tax records, medical documents or police reports on copiers where you can’t verify that security measures are in place. If you must, avoid using a public copier like the one down at the corner store. (This issue does not affect big players, such as FedEx Office, which have a different setup and delete user data.)

Use your home or office copier and make sure you know how to wipe or remove the hard drive or flash memory if the machine is ever sold or thrown away. Ask your businesses IT staff if they enabled security features such as image overwrite after copying and printing, data encryption, full disk encryption and limited queue of stored documents for reprint.  Ask them specifically how the corporate and your personal data are secured.

For your home machine, a little Internet research will go a long way—try Googling the name and model number of your machine plus “hard drive.” Go to the copier vendor site and review the specifications. Call them if you are unsure.

If you must use a small store, ask the clerk about their erasure policy. Most newer copy machines have a way to easily clean the hard drive. Don’t hesitate to ask the clerk to show you how they sanitize data. Yes, they might be a little irritated, but it sure beats the alternative.

Ondrej Krehel, Chief Information Security Officer,

Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.