The Security Catalyst

Identity Theft is a topic covered nearly every day in the newspapers, magazines and television programs we watch. It continues to be the top complaint filed with the FTC each year — and as this problem continues to grow, we suddenly have a lot of “experts” handing out misleading and wrong information!! Do you know what to do to protect yourself? Are you sure?
For our Security Insider Interview this week, we are joined by Identity Theft expert and author of Stolen Lives, John Sileo. John and I met this summer at the National Speakers Association, and I was skeptical at first about his expertise (since like I already wrote, there are a lot of people who claim to be experts). I’m happy to tell you that John is the real deal - and you’ll learn why and experience his passion in our interview.

This is a show you will want to listen to again and share with your friends. IF YOU DO NOTHING ELSE, PLEASE TAKE SOME ACTION TO PROTECT YOURSELF TODAY. John offers sound advice; if you follow his suggestions, you just might prevent your own personal disaster.

***

Continue the conversation in the FREE security catalyst forums by clicking here

***

To learn how to “think like a spy,” use this link to order the Stolen Lives Book.

You can reach John Sileo by visiting his website at: http://www.thinklikeaspy.com/

Please take a moment to rate the show in Yahoo! Podcasts with the links to the right. If you liked the show, please tell a friend. If not, please tell me: securitycatalyst@gmail.com.

 

 Episode 22 [32:33m]: Play Now | Play in Popup | Download

In this episode of the Security Catalyst, we not only examine the new IE vulnerability that could affect you and your users, but also some insights and ideas about how we need to tackle this and future vulnerabilities. In addition, we take a look at what it is, and what you should do about it to reduce any impact to you and your systems.

In this podcast, we also touch on personal responsibility in information security and examine the alarming trend in identity theft and data breach — the theft of laptops.

The new forums have been created, and can be accessed by clicking here.

Information, links and discussion about Security Catalyst Episode 21 can be found by clicking here.

 

 Episode 21 [21:45m]: Play Now | Play in Popup | Download

For those of you who read the earlier story on the hand-shredded credit card application, you’ll remember that the underlying message was “get a good shredder.” If you haven’t found a good price for one yet, head on over to the great “one-item-a-day” bargain retailer Woot! and pick up an inexpensive 5-sheet confetti shredder made by Fellowes.

Better hurry, though, as they tend to sell out pretty fast.

Firefox, of course, has long been known as the browser of choice for those desiring a more secure option than Internet Explorer. Today, an article crossed my aggregator listing several useful extensions to improve the security even further. It can be found here:

http://www.cerias.purdue.edu/weblogs/coj/secure-it-practices/post-22/

I’ll definitely be examining several of the extensions listed, both in the post, and in the comments added by readers of that blog.  Those of you who know of any other interesting extensions for Firefox, especially those that are security-related, please feel free to comment, or drop us a note.
Thanks to lifehacker for the pointer.

(For all those who religiously check the Security Catalyst website for my weekly column, I do apologize for the length of time it has taken me to get this article out, I have been battling the flu for the last couple of weeks and am just not getting over all the symptoms that have made me feel like death warmed over, and I was physically able to prepare this weeks column. Thank you for your patience.)
Picture this…

You are one of the countless millions of individuals in the United States who put off preparing taxes until the very last minute. You’ve been up most of the night on the 14th day of April rushing to meet the IRS deadline of Midnight April 15th. Finally all that hard work pays off and you’ve completed the horrid task of preparing your taxes and you use the e-File system for a faster refund. All is well with the world, now right?

Think again!

A very disturbing trend is cropping up, affecting hundreds of thousands of personal computers in the United States. Many tax preparation software packages, such as Turbo Tax, store your tax filing information directly on the hard drive for archival purposes. This, by itself is not bad — it’s handy to have in case the tax man wants to have a little chat with you about your return. Let me ask you this:

Do you have a peer to peer application installed on your computer?

You know programs like:

Kazaa
Bearshare
Limewire

If you do, there is a pretty good chance that your tax information is available for the entire world to download and view with just a few keystrokes. Very non tech savvy individuals make a simple mental mistake and instead of sharing a folder usually designated for audio and video files, they unintentionally share the entire contents of their hard drive, thus exposing every sensitive information about themselves or others in the household.

Since peer to peer software are legitimate pieces of software that are widely available, they are not scrutinized as computer threats by computer security software thus leaving the peer to peer software alone to share every bit of your hard drive to the world.

If you haven’t done so by this time, it’s time to examine all peer to peer software configurations to be sure that you are only sharing folders that are made specifically for the purpose of sharing files such as the folder marked as “Shared”, while at the same time removing all other folders from the sight of the peer to peer application so that your personal information doesn’t fall into the hands of the digital dumpster divers looking to capitalize financially on others mistake.
Bill Matherly is a computer security consultant in Oklahoma City, and is a regular contributor of The Security Catalyst website. He can be reached via email at bill.matherly.jr@gmail.com. All views and opinions expressed in this article are not necessarily the views and opinions of The Security Catalyst web site or administrators.

Back from Vegas, Matt Yoder shares his insights on email security. This candid interview includes some basic information, as well as the considerations every company should be taking into account when dealing with compliance and email security.

 

 Episode 20 [22:44m]: Play Now | Play in Popup | Download

First off, I want to apologize that I’ve been a bit lax about posts here. I blame it on the stupor imposed by a hearty return of winter weather to my home state of Colorado.

This article, however, was enough to snap me out if it, and call some attention to it:

The Torn Up Credit Card Application

I’ll go so far as to admit that I’m guilty of occasionally just hand-shredding a credit card application or two that arrives at my home in the past. Some part of my brain has always assumed that “Hey, there’s no way a credit organization would actually issue a credit card to someone who taped this back together and sent it in.”

As it turns out, my assumption was badly incorrect. The industrious and diligent author of the article went so far as to use a different address and phone number on the handtorn and taped credit application. As you have probably realized by now, he did, indeed, receive a credit card, with a $5000 credit limit, at the address he used on the application.

I have to reiterate his basic point:

• Buy a good shredder, which does crosscutting into very small bits, and, ideally can handle CD’s as well as paper.
• Put anything that has any information whatsoever that is personally identifiable as you into said shredder.

I’m already considering repeating his experiment, possibly with a “strip-style” shredder. It’s not a task I’m looking forward to from a purely practical viewpoint, but my curiosity is aroused, and I’m willing to take that hit to appease it.

What happens in Vegas stays in Vegas, or so I’m told. I’m over my jet lag, made it through an unanticipated hectic week and back in the saddle. As I edit some interviews and prepare some thoughts for the next episodes, I wanted to give you a quick update, share what I have been working on and invite you to get involved and help make a difference!

 

 Vegas Update [6:15m]: Play Now | Play in Popup | Download