Bits & Bytes Computer Store

12 reasons why we’re losing the identity theft battle (and why you should care)

1. Zero Liability has made consumers feel they have nothing to lose. The notion of zero liability came from a blend of federal law (the FACT Act or FACTA) and marketing savvy by financial institutions, to shift losses to identity theft from consumers and victims to the financial industry. The financial industry has often seen absorbing identity theft and fraud losses as the cost of doing business and keeping customers happy, but an unfortunate side affect: consumers believe that zero liability means zero responsibility or loss.

2. Law enforcement lack resources to handle id theft cases. The number one complaint I hear from victims is the indifference from law enforcement to identity theft and its victims. And most police departments I work with admit that at best they investigate less than 1% of identity theft cases. Most police departments don’t have the resources to investigate identity theft, but many don’t understand that they need to be more sympathetic to victims who arrive on their doorstep desperately looking for help.

3. Consumers think we’re winning the battle. Consumers have become increasingly apathetic to identity theft in the last few years, either because they believe they have little to lose (or zero liability will take care of everything) or because they think the enemy is on the retreat. This increase in apathy has led to a decrease in vigilance as consumers continue to keep their guard down.

4. Organized crime gave cybercrime and identity theft a whole new lease of life. They have pumped millions of dollars into sophisticated and well organized scams, hiring some of the most talented hackers and thieves in the world, creating some of the most sophisticated new kinds of malware (like banking Trojans) and operating in regions where law enforcement can’t, or won’t, reach them. Organized crime gangs around the world have upped the stakes, turning identity theft into a global business that they have no intention of abandoning any time soon.

5. Financial institutions need to talk to their customers about identity theft. Financial Institutions need to educate their customers about identity theft and other security risks. If done right, talking to customers more often about identity theft can create a powerful marketing and brand building opportunity.

6. The small business community is still ignoring their security responsibilities. I’m a small business owner and have worked with small businesses and Chambers of Commerce for years. The small business community represents a major vulnerability both to identity theft and national cyber security, yet most small business owners don’t consider data and customer protection a priority. Small businesses in America employ an estimated 130 million workers, many of them computer users. That means tens of millions of internet-connected computers with little security are being used by employees with little security awareness or training. These unprotected computers and employees are not just an easy target for the spread of viruses, Trojans, and phishing emails, they are also very vulnerable to bots that can enlist these computers in attacks on other computers and networks. Even targets of national security importance.

7. Thieves are emboldened because they know they’re unlikely to be caught. Some studies have suggested that one in every 700 cases of identity theft is ever prosecuted. And even if those numbers are true, many of those convicted face few consequences. The punishments for identity theft are now very severe, with stiff prison sentences for the worst offenders. But when the vast majority of identity theft cases go uninvestigated, unprosecuted, and unpunished, thieves know this is a criminal career worth pursuing.

8. Consumers are still not protecting their computers or changing their habits. In spite of repeated advice and warnings, most consumers are still not checking their credit reports often enough, not changing their passwords often enough, and not updating their security often enough. And they’re still not as cautious and vigilant as they should be, especially in their online habits.

9. Check verification still has too many loopholes. While retailers have the option to use sophisticated technologies to instantly verify that a check being presented in a store is legitimate, many don’t bother using them. Identity thieves are very aware of this, which is why so many thieves trawl through phone books, pick names and addresses at random, and use home computers to create fake checks with random account numbers and routing numbers. If the store doesn’t verify that the account number is genuine, the check is presumed authentic and the thief wins every time.

10. Many banks are not using all the authentication and verification options available because they think more security challenges will annoy customers. Banks still fear that the more steps they require a customer to take to verify their identity for security purposes, the more likely they are to frustrate or even lose that customer.

11. Consumers are giving away too much personal information on social networking. Study after study has shown that consumers are literally giving their information away to thieves, especially on sites like Facebook, MySpace, and Twitter. Information like birthday, employer, family names and photos, friend connections, interests and hobbies are all immensely valuable to identity thieves who need this information to piece together a cloned identity.

12. Businesses and consumers are becoming indifferent to data breaches. There are now so many publicized data breaches — an average of 10 per week throughout 2009, according to the Identity Theft Resource Center — that consumers are becoming indifferent to them. For example, the highly publicized data breach at retail giant TJX in early 2007 was one of the worst on record, affecting more than 45 million customers and threatening the financial future of a chain of stores that includes TJ Maxx, Marshalls, and Home Goods.

14 September, 2010
By Neal O’Farrell, Consumer Security Adviser for Intersections IncSource: http://www.echannelline.com/canada/story.cfm?item=DLY091410-3

Clickjackers Could Hijack Webcams

Adobe Systems warned users Tuesday that hackers could use recently-reported “clickjacking” attack tactics to secretly turn on a computer’s microphone and Web camera.

Flash on all platforms is susceptible to clickjacking attacks, Adobe said in an advisory posted Tuesday. By duping users into visiting a malicious Web site, hackers could hijack seemingly-innocent clicks that, in reality, would be used to grant the site access to the computer’s Webcam and microphone without the user’s knowledge.

“This potential ‘Clickjacking’ browser issue affects Adobe Flash Player’s microphone and camera access dialog,” acknowledged David Lenoe, the company’s security program manager, in a post to Adobe’s security blog.

Although a patch is not ready — Lenoe said one would be issued by the end of October — Adobe’s advisory listed steps users can take immediately to block Webcam and microphone hijacking. Adobe recommended that users access Flash’s Settings Manager using a browser to select the “Always deny” option.

Adobe rated the vulnerability as “critical,” its highest threat ranking.

According to Robert Hansen , one of the two security researchers who first raised the warning about clickjacking last month, Adobe will patch the bug in Flash 10, which already has been pegged for other fixes, including a flaw that’s been used by attackers for over a month to poison clipboards with URLs to malicious sites.

Hansen noted that Macs are particularly vulnerable to the Flash clickjacking attack, since all recent Apple notebooks and desktop systems include built-in cameras and microphones.

At the same time that Adobe posted its advisory, it gave Hansen and his research partner, Jeremiah Grossman, the green light to reveal clickjacking details that they had kept confidential at Adobe’s request.

Hansen posted a long entry to his blog that spelled out a dozen different clickjacking attack scenarios. Two weeks ago, when they provided only a general description of clickjacking, Hansen stressed that it was not a single exploit, but a new class of exploits. He hammered that theme again on Tuesday. “There are multiple variants of clickjacking,” Hansen said in his blog post. “Some of it requires cross-domain access, some doesn’t. Some overlays entire pages over a page, some uses iframes to get you to click on one spot. Some requires JavaScript, some doesn’t. Some variants use [cross-site request forgery] to pre-load data in forms, some don’t.”

source: http://www.itbusiness.ca/it/client/en/CDN/News.asp?id=50234

Windows and security

Rogue security apps strike again: Fortinet
5 October, 2008
By Vanessa Ho

For the second consecutive month, rogue security applications topped Fortinet’s top 10 most reported high-risk threats for September 2008.

For the month, rogue security applications made up 61.5 per cent of total activity. In particular, the W32/Inject.GZW!tr.bdr was the most prolific variant of the rogue security Trojans.

“When we see unprecedented volume, it usually indicates that the attacks are working and cybercriminals are trying to act fast to take full advantage of the situation. It also shows the depth of resources available to this criminal organization,” stated Derek Manky, security researcher for Fortinet

Full story: http://www.connectitnews.com/canada/story.cfm?item=6197

Twelve Unnecessary Vista Features to Disable

Vista, thy name is bloat!

The latest Windows packs a lot of code—more than any version of Windows ever—and some of it is just plain unnecessary. All of that excess code has a way of slowing down an operating system. Resellers can regain some PC performance for their customers by removing unneeded features.

 I’ve identified a dozen Vista features that you can turn off right now. Some are shiny baubles that slow down graphics performance, while others are optional utilities that hog memory when they shouldn’t. A few can actually be quite useful, though they play a major role in bogging down your PC.

Should you really turn off all of the following features right this minute? That depends on your customer’s computer, work habits, and tastes. (I’ve turned off only seven and a half on my PC, because while none of these features are required for Vista to function, some are still kind of nice and my computer is fast enough to handle them.)

Just to be on the safe side, make sure to create a restore point before you turn any of the items off. That way you can quickly return your machine to its present state should you decide that you don’t like the change. To make a restore point, click Start, type sysdm.cpl, and press Enter. Choose System Protection, Create, and then follow the prompts.

I list the features in the order that would make them easiest to turn off. For instance, I’ve put features that you can remove in the same dialog box next to each other.

Sidebar

You pay a heavy performance price for the analog clock, thumbnail slide-show viewer, and centric RSS news feed that dock in the Windows Sidebar. Turning the whole thing off gives you a big speed boost, especially at boot time.

To remove the Sidebar, right-click anywhere on the Sidebar and select Close Sidebar. Uncheck Start Sidebar when Windows starts, and then click OK.

Aero

Among these features are the thumbnails of your windows that appear when you hover the mouse pointer over the taskbar, as well as the Flip 3D view you get by pressing Windows-Tab. Aero adds a little practicality and a lot of panache to the Vista user interface, and personally, I like it.

If your PC is underpowered or overloaded, however, Aero may be more trouble than it’s worth. To turn it off, right-click the Windows desktop and select Personalize, Window Color and Appearance. In the resulting ‘Window Color and Appearance’ dialog box, click Open classic appearance properties for more color options (if you don’t see the option, that means Aero is already turned off). Select Windows Vista Basic and click OK.

 Assorted Interface Beautification Options

You can save some additional clock cycles by turning off all or some of Vista’s pretty interface options, not all of which are directly connected to Aero.

To see the options, click Start, right-click Computer, and select Properties. Click the Advanced System Properties link, the Advanced tab, and then the Settings button inside the Performance box.

You can uncheck all of the listed options by selecting Adjust for best performance, or you can simply uncheck the ones you don’t care for. I unchecked Fade or slide menus into view, Fade or slide ToolTips into view, Show shadows under menus, and Slide open combo boxes. The rest I left on.

Remote Assistance

Don’t worry about turning this item off if you run Vista Home (Basic or Premium). You don’t have it. If you run Vista Business or Ultimate, though, you can use Remote Assistance to control one PC from another—a useful tool if you regularly provide tech support for a relative living far away.

On the other hand, if you’re not providing long-distance support, or if you prefer a third-party remote-control program, Remote Assistance is just a waste of resources. To get rid of it, click Start, right-click Computer, and select Properties. Click Remote Settings. Uncheck Allow Remote Assistance connections to this computer.

Internet Printing Client

Do you ever print documents over the Internet? Neither do I. Chances are, you won’t miss out on anything by disabling Vista’s Internet Printing Client.

Open the ‘Programs and Features’ control panel and click the Turn Windows features on or off link on the left; you’ll get the Windows Features dialog box. Expand the Print Services section and uncheck Internet Printing Client.

Click OK at this point, and then wait several more minutes for the system to ask to reboot.

Windows Meeting Space

I like this program, which lets you share files across a network while editing them with a remote colleague. But I don’t have any use for it in my daily life, and neither do most of the people I know.

So I shut Windows Meeting Space off. You can, too. Simply uncheck Windows Meeting Space while you’re in the Windows Features dialog box.

Windows Ultimate Extras

One of the best things you can do exclusively in Vista Ultimate Edition is turn off the really pointless features that are found exclusively in Vista Ultimate Edition. I refer, of course, to Ultimate Extras, a set of downloadable add-ons available only to Ultimate users. If you didn’t pay for the most expensive version of Vista, these useless add-ons aren’t a concern.
If you do own Ultimate, go to Windows Update (Start, All Programs, Windows Update), click View available updates, and check out all the worthless stuff Microsoft has made available exclusively to people who paid through the nose for the most bloated version of Vista.

As of this writing, the extras include a poker game, some BitLocker and EFS enhancements that hardly anyone uses, several sound schemes, and an odd tool called Windows DreamScene that lets you waste your precious system resources by using video as your wallpaper. If PC World ever asks me to write an article on pointless ways to slow down Vista, I’ll start with DreamScene.

You can turn Windows Ultimate Extras off in the Windows Features control panel by clicking Turn Windows features on or off to open the Windows Features dialog box, and then unchecking Windows Ultimate Extras.

 Tablet PC Stuff

I own a tablet PC, and I love Vista’s tablet-oriented features—especially the Input Panel for writing with the stylus. But if you don’t have a tablet, these features are useless to you.

Turning off Vista’s tablet features is a two-step process: Start in the Windows Features dialog box.

You complete the job in the Services window, which you open by clicking Start, typing services, and pressing Enter. Find and double-click Tablet PC Input Services. In the ‘Startup type’ drop-down menu, select Disabled, and then click OK.

ReadyBoost

If you’re not using this much-hyped Vista feature—which supposedly speeds up Vista by caching memory to a flash drive—it’s actually slowing your system down a tiny bit. (And if you are using ReadyBoost, it’s probably still a drag on your PC. You turn off ReadyBoost in Services. If you aren’t already there, click Start, type services, and press Enter. Find and double-click ReadyBoost. In the ‘Startup type’ drop-down menu, select Disabled, and then click OK.

Search Indexing

This one is a real trade-off. Turning off Vista’s indexing will slow searches to a crawl—I’m talking minutes, not seconds. But ditching this convenient feature could very likely speed up your general PC use significantly.

In other words, turning off indexing will help your PC’s performance only if you seldom search by file content, or if you use a third-party search tool such as Copernic Desktop or Google Desktop (in which case you probably have two indexing routines running at the same time, which is an even bigger waste).

If you match either of those descriptions, turn off indexing by clicking Start, typing services, and pressing Enter. Find and double-click Windows Search. In the ‘Startup type’ drop-down menu, select Disabled, and then click OK.

Offline Files

If you work on files stored on a server somewhere, and you can’t depend on that server always being available, Vista Business and Ultimate’s Offline Files feature makes your life easier by copying the files to your hard drive and keeping them synced.

Of course, that sort of thing isn’t for everybody, which is probably why Microsoft didn’t include Offline Files in the Home editions of Vista. But if you have Business or Ultimate and still don’t need Offline Files, turn it off by clicking Start, typing services, and pressing Enter. Find and double-click Offline Files. In the ‘Startup type’ drop-down menu, select Disabled, and then click OK.

Windows Error Reporting Service

Every time Windows experiences an error—either with its own processes or with a third-party program—it offers to report the problem to Microsoft. In theory, doing so can help the company locate problems with its OS (and heaven knows that would be a good thing). But more than likely, your report will either go unresolved or just end up in a big ol’ pile of other people’s reports on the same problem. Either way, you’re wasting your system’s precious resources on a feature that isn’t doing you any good.

To disable this unhelpful service, open the Services window: Click Start, type services, and press Enter. Find and double-click Windows Error Reporting Service. In the ‘Startup type’ drop-down menu, select Disabled, and then click OK.

UAC: Boon or Bloat?

One of Windows Vista’s most controversial new features is User Account Control (UAC), which attempts to protect your system from malware by forcing you to authorize certain system-altering actions by clicking through a dialog box from time to time. To some people, this feature is an unwanted annoyance that must be eliminated. Other users appreciate the added security. While I wouldn’t go so far as to lump UAC in with the other wasteful features in this article, I can certainly understand why some folks would like to turn it off—or at least minimize its intrusive behavior.

source: http://www.itbusiness.ca/it/client/en/CDN/News.asp?id=49831

Websense Discovers Worm Proclaiming WWIII

Source: http://www.connectitnews.com/canada/story.cfm?item=5912

Websense Security Labs ThreatSeeker Network has recently discovered another Storm worm spam campaign that centers on the start of World War III because U.S. forces have allegedly invaded Iran. The messages offer a video of this alleged recent drama.

However, instead of clicking on a video, users would download an executable that turns their machine into a botnet which the spammer can now use to send more spam or distributed denial of service (DDOS) attacks from that infected machine.

“Storm is the most popular botnet of all time,” said Stephan Chenette, manager of Websense Security Labs. “This attack more than any surround key events that are happening [in the world] and [this time] it focuses on the tension that exists between the U.S. and Iran and exploiting people’s interest in that story.”

If a victim of such an attack, Chenette said that users can become liable for any spamming or DDOS that originates from their machine, even if they are unaware of it happening as most law enforcement officials look at where the spam is coming from and not necessarily the spam’s author.

Since there are no patches available to stop Storm and since the worm relies on the social-engineering aspect of the web to get its message out, Chenette recommended that people install a web filtering product that does pre-emptive and real-time scanning to filter malicious URLs. As well, common sense can provide the biggest protection. He cited that people should be wary when they receive links they never heard of and always be cautious when surfing the web.

Even after interest in the tense relations between the U.S. and Iran dies down, Chenette said don’t expect the Storm worm to stay quiet.

“Storm will continue to surround itself to the next event as long as it is intriguing to the user,” he added. Chenette warned that users should be on the lookout for Storm attacks around the Beijing Olympics and the U.S. presidential election.