The spirit of giving has hit Google. They are generously providing free Wi-Fi at 47 airports from November 10, 2009 to January 15, 2010. That's great, but there are a few precautions you should take to keep yourself safe.
Using the free service is simple. You simply select the free Wi-Fi and accept the terms of service and there's no need to give any form of payment. However, Google wants you to catch the giving spirit and give a donation to any of the three non-profit organizations [2] they've partnered with. But, donate [2]once you're using a secure Internet connection at home - not on the Wi-Fi network. In addition to providing free Wi-Fi, Google's having a photo contest. You could win a prize just for submitting a photo [3] of you using the free Wi-Fi.
You can take advantage of Google's generosity at one of the following 47 airports:
| Austin (AUS [5]) | Indianapolis (IND [6]) | Panama City, FL (PFN [7]) |
|
Baltimore (BWI [8]) |
Jacksonville, FL (JAX [9]) | Pittsburgh, PA (PIT [10]) |
| Billings (BIL [11]) | Kalamazoo (AZO [12]) | Portland, ME (PWM [13]) |
| Boston (BOS [14]) | Las Vegas (LAS [15]) | Sacramento (SMF [16]) |
| Bozeman (BZN [17]) | Louisville (SDF [18]) | San Antonio (SAT [19]) |
| Buffalo, NY (BUF [20]) | Madison (MSN [21]) | San Diego (SAN [22]) |
| Burbank (BUR [23]) | Memphis (MEM [24]) | San Jose (SJC [25]) |
|
Central Wisconsin (CWA [26]) |
Miami (MIA [27]) | Seattle (SEA [28])* |
| Charlotte, NC (CLT [29]) | Milwaukee (MKE [30]) | South Bend (SBN [31]) |
| Des Moines (DSM [32]) | Monterey (MRY [33]) | Spokane (GEG [34]) |
| El Paso (ELP [35]) | Nashville (BNA [36]) | St. Louis (STL [37]) |
| Fort Lauderdale (FLL [38]) | Newport News (PHF [39]) | State College (SCE [40]) |
| Fort Myers (RSW [41]) | Norfolk (ORF [42]) | Toledo (TOL [43]) |
| Greensboro (GSO [44]) | Oklahoma City (OKC [45]) | Travers City (TVC [46]) |
| Houston Hobby (HOU [47]) | Omaha (OMA [48]) | West Palm Beach (PBI [49]) |
| Houston Bush (IAH [50]) | Orlando (MCO [51]) |
*Seattle launches late November
Airport Wi-Fi - like other public hotspots - is not secure and you should avoid logging into your bank account or other sites with sensitive info. Wireless network security can be compromised and put your passwords and other data out in the air and available to a fellow traveler with the right hacking tools.
We don't mean to scare you out of using the Google's Wi-Fi gift but to educate you about the potential risks
Here are some tips on how to protect yourself when using any Wi-Fi connection:
This video from Forbes provides more details on what you should watch out for:
Check out Google's Free Wi-Fi for the Holidays [52] site and their FAQ page [53] for more details.
July 2009 not only brought the hopes of fun summer activities, but it also brought the new vicious Trojan virus called Clampi. Clampi is a newly sophisticated virus designed to attack online banking systems. And unlike most Trojan viruses this virus can be picked up from trusted sites like blogs, online magazines, search engines and mainstream news websites, not just gambling and pornography sites. It also is only designed to attack computers running the Microsoft Windows operating system. So Mac users are safe from Clampi, for now.
Currently, Clampi is tracking over 4,500 financial websites. Most Trojan viruses usually track 30-40 sites at a time. Clampi is designed to watch: banks, credit card companies, e-mails, retail sites, utilities, online casinos, wire transfer services, share brokerages, government sites and mortgage lenders. Clampi is also not just limited to the United States. It has been found attacking in the United States, Britain and other English speaking countries.
Once Clampi has been picked up it settles into your computer and waits. What does it wait for? It waits for the user to log on to a bank account, credit card or some other financial website. Once the login information is entered, Clampi grabs it and shoots it to the cyber criminal's computer. From there the criminal uses the information to fulfill their desires. Whether it is taking money from a bank account, using a credit card to make purchases or reek whatever havoc they may.
Maybe you're thinking that this can't happen to you and maybe it won't. But it has been reported that through the use of Clampi criminals have stolen $75k from a car parts company in Georgia, $30k from a non-profit childcare organization [56] in Seattle, $480k from an online city bank account [57], $150k from a public school district in Oklahoma, $350k from a Chicago-are school district [58] and $700k from the Western Beaver School District [59] in Pennsylvania. There have also been reports of companies losing anywhere from $10k to $500k because of this one virus. There is really no telling how many people have been victims of the Clampi virus.
The most important thing you can do is to be proactive about protecting yourself from getting Clampi. Here are some ways to be proactive:
Have you ever taken one of those ridiculous and inane quizzes on Facebook that tell you which color you are ("I'm Orange! Now what do I do?"), which Harry Potter character you are (see above), or which superhero your dog resembles?
Maybe you hate these quizzes and avoid them completely, but do your friends on Facebook take them? If so, all your private info is likely being shared with the quiz developers - whoever they may be. This access to your personal information has alarmed many groups, including the ACLU. Here is a warning from the ACLU of Northern California:
Even if your Facebook profile is “private,” when you take a quiz, an unknown quiz developer could be accessing almost everything in your profile: your religion, sexual orientation, political affiliation, pictures, and groups. Facebook quizzes also have access to most of the info on your friends’ profiles. This means that if your friend takes a quiz, they could be giving away your personal information too.
The ACLU of Northern California has heard from thousands of concerned internet consumers using the popular social networking software, Facebook, about privacy issues. The ACLU went digging and found there is good reason for concern: as it stands, quiz developers have access to just about everything in your profile and postings and those of your Facebook Friends.
Here are a series of screenshots where we show exactly what happens when you take a quiz or run other applications on Facebook:
As you can see, Facebook tells you specifically that it will let the application developer "... pull your profile information, photos, your friends' info, and other content that it requires to work.
This is the privacy problem. Your friends are agreeing to share your information without your knowledge or consent. Not good.
These, I believe, are the default privacy settings for applications. As you can see, you or your friend are agreeing to share a lot of personal information with a completely unknown party.
Even if you are careful about your privacy settings in Facebook, quiz developers probably will be able to access your profile and your postings through the accounts of your Facebook Friends. To drive the point home the ACLU created their own short, instructional Facebook quiz [64]. (And no, according to their privacy policy, the ACLU will not collect or sell your information from their Facebook quiz.) Even though I was expecting some kind of revelation it was a bit creepy to suddenly see my Facebook profile information and photos start scrolling on the screen.
More on this story from the San Jose Mercury News [65].
From a recent UC Berkeley report:
More than half of the internet’s top web sites use a little known capability of Adobe’s Flash plug-in to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies.
Under the direction of Chris Hoofnagle of the Information Privacy Programs at the Berkeley Center for Law and Technology, the researchers discovered that most web users aren’t familiar with Flash cookies and that Flash web cookies can’t be controlled through the cookie privacy controls in a browser. Even more interesting was the use of Flash cookies to ‘re-spawn’ or bring back to life traditional browser cookies that had been deleted on customer computers. In the study even several federal government web sites were found to contain Flash cookie ID information. The federal government has a policy of banning the use of traditional browser cookies.
What’s all the fuss about? Internet web sites often attach browser ‘cookies’—small strings of identifying text and numbers—to your computer to help them keep track of you and your preferences when you visit their sites. In theory this is a useful connection between you and the web sites you visit. For instance, an online book vendor could store your customer preferences information to better help you find what you want and make it easier to make your purchases.
However, like many useful, good things on the web, browser cookies have turned out to be an avenue for identity thieves to find us and our personal information. A cookie that no one knows about and that is not controllable through our web browsers, and can be used to re-spawn traditional browser cookies—could be a useful avenue for identity thieves indeed.
Removing Current Site Cookies
Turns out, Adobe has a Settings Manager on its site where you can control how Flash cookies are stored along with other things. If you right-click on a piece of Flash code in your browser you can select "Settings" and get to this special place. Or you can just click our handy link: Adobe Website Storage Settings Panel [68].
What you should be seeing is something like this:
Here you can see which cookies have been written to your computer along with the ability to DELETE all of them. That's something I would strongly consider. Remember, however, that there are some benefits with these cookies. If you frequent sites that use this technology (and many do) you will be deleting some of your settings with those sites and you may have to re-enter text each time you visit.
There is risk/reward with every choice you make in life...
Even if you decide to push the Delete all Sites button, you still have some work left.
Stopping New Sites from Writing Cookies
Even if you deleted the cookies that have already been written to your computer, you'll need to keep new cookies from being written as well. Luckily, Adobe has created a way to do that:
Adobe Global Storage Settings Panel [69]
If everything goes according to plan, you should be seeing something that looks like this:
Here you can tell Flash not to store any cookies in the future. Just drag the slider over to "None" and select "Never Ask Again." That's it!
Here are some other tools if you want 3rd party help with managing or controlling Flash cookies:
Windows:
Mac OS X:
You can always go to the directory where the cookies are stored and remove them manually. It's not a permanent solution - new cookies will get created in the future - but it works.
Windows:
LSO files are stored typically with a “.SOL” extension, within each user’s Application Data directory, under Macromedia\FlashPlayer\#SharedObjects.
Mac OS X:
For Web sites, ~/Library/Preferences/Macromedia/FlashPlayer. For AIR Applications, ~/Library/Preferences/[package name (ID)of your app] and ~/Library/Preferences/Macromedia/FlashPlayer/macromedia.com/Support/flashplayer/sys
GNU-Linux:
LSO files are stored in ~/.macromedia.
Now you know about the mysterious and curiously difficult to remove Flash cookies. They are pervasive - even on government web sites [73] - and won't be going away anytime soon.
Please post any follow-up questions or concerns below...
The Better Business Bureau (BBB) has announced that April 18th is Secure Your ID Day and is offering free document shredding at various locations across the U.S. [76]
You can bring up to three boxes/bags of paper documents and they will shred them on the spot. Even if you have your own shredder I imagine they'll have a bigger one that will be much faster, so it's worth checking out.
If you're wondering what to bring, check out our shredding page [77] and get a few tips. The short answer is you should shred any documents that has a signature, account number, social security number, or medical or legal information (plus credit offers).
Enjoy!
When Barack Obama famously refused to relinquish his treasured BlackBerry, he became the first president in American history to use email while in office. He will also be the first to have to worry about personal internet security.
The president's new BlackBerry is a special modified variation with top-notch encryption features—further details are not being shared with the media. Vice President Joe Biden and other key officials have also been given this most limited of limited edition devices.
But famed hacker Kevin Mitnick says that despite its special security features, no BlackBerry is impossible to compromise. In an interview with Fox News, Mitnick said "It's a long shot, but it's possible. You'd probably need to be pretty sophisticated, but there's people out there who are."
According to Mitnick, who is credited with hacking Motorola, Nokia, Sun Microsystems, FBI, and Pentagon networks (among many others,) the best course of action for a hacker would probably be to infiltrate the personal computer of somebody close to Obama. Then, the hacker would have to use that person's identity to divert Obama to a compromised website that would upload malicious code onto the BlackBerry.
That's precisely why the president's security team is keeping his email address such a closely guarded secret [80]. Obama will also have to frequently change his email address.
Who exactly has this address is unknown, but the number is believed to be considerably less than 50, with Biden, advisers David Axelrod and Valerie Jarrett, press secretary Robert Gibbs, and chief of staff Rahm Emanuel almost certainly at the top of the list. Beyond that, one can only guess: top supporter Oprah Winfrey, secretary of state Hillary Clinton, celebrity email buddy Scarlet Johanson, DNC chair Tim Kaine? One can only speculate.
If any of our readers are on the list, please let us know so we can send him our suggestions on the economy...
Remember when the McCain campaign had that garage sale a few months back and sold two BlackBerries with hundreds of GOP contacts [83] still saved on them? It may have seemed like a silly blunder to those who heard about it at the time, but it turns out that most of us are just as careless with our mobile phones and handheld devices as the McCain staffers were with theirs.
According to a study by Regenersis [84], one of the leading electronics recycling firms in the world, 99 percent of recycled cellular phones are handed over with their owners personal information and contact lists completely intact. The company did a random sampling of 2000 devices in the month of December, and found that only a handful of consumers had bothered to delete information like emails, banking data, or addresses.
Very few recyclers offer the service of wiping devices before they pass them along, but even if they did, you'd still be handing over an extensive catalog of personal information to a perfect stranger and trusting them to do the right thing.
To take matters into your own hands:
That's it! That wasn't hard, was it?
Unfortunately, if you own an iPhone or BlackBerry, it can be a little more complicated but these videos should help:
If you've got national security secrets on your phone or maybe mission briefings and data from U.S. soldiers in Iraq and Afghanistan [85], it's important to remember that there's no way to completely erase a handheld device. Sophisticated forensic recovery methods are capable of reversing pretty much any data-destroying trick that doesn't involve a hammer or a blowtorch, so for highly sensitive data, you should probably contact a specialist. For the rest of us though, the above methods should do the trick.
To read more about phone recycling, head on over to Earth911 blog [86].
Medical identity theft is a growing problem. Experts estimate that between 200,000 - 500,000 people are already a victim of this crime - and most don't even know it.
The World Privacy Forum [89] has been a pioneer in identifying and researching medical identity theft issues. Here's how they describe the problem:
Medical identity theft occurs when someone uses a person's name and sometimes other parts of their identity -- such as insurance information -- without the person's knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim’s name.
So how does medical identity theft occur and how can it affect you? Here's a video from CBS' The Early Show that explains the basics:
The World Privacy Forum has great information on detecting and preventing medical identity theft. Here are the things to watch:
Health insurance companies often send out notices in the mail that describe recent medical events. Pay attention to these and contact your health care provider if they don't look familiar.
Look over these files to make sure that all the information is familiar. Report any errors or strange information to your health care provider.
Medical expenses should eventually show up on your credit report - especially unpaid accounts that were created by an identity thief.
This is a benefit of HIPAA (the Health Insurance Portability and Accountability Act). This relates to all of the documents you now sign when going to your doctor relating to privacy and information sharing. You can request a list of all the times your medical information has been shared along with the reason for sharing.
More information from World Privacy Forum [91].
Whether you're a business traveler touching base with the home office or a vacationer catching up on some last-minute Christmas shopping during holiday travel, airport wireless networks are a welcome distraction during a layover.
But beware...
According to a recent article in Forbes [94], anyone who logs on using an airport wireless connection is instantly exposed to data and identity theft.
Forbes interviewed a so-called "white-hat hacker," working for AirTight Networks (which makes wireless security software and hardware,) and found that during AirTight's survey of 20 American airports, agents had identified serious security flaws in nearly every network. Some airports even allowed critical baggage handling and ticketing data to pass through their network unencrypted---a potential security risk in more than just the digital sense.
The purpose of the tests was to alert airports to the problem in the hopes that they would choose to hire AirTight as their security provider, but in the short term, let it stand as a warning to travelers: You are nowhere near as safe logging in at an airport hub as you are even at home. Even shopping malls and many universities provide more network protection to their users, and since there are currently no laws on the books that require airports to try any harder, don't expect any of this to change overnight.
Here's a quote from Forbes on how bad things are:They found rampant phony Wi-Fi hot spots created by phishers and, at several large airports, plenty of open or insecure networks run by critical operations such as baggage handling and ticketing. Almost all public networks allowed data such as user names and passwords to pass through the air unencrypted. Only 3% of people used something more secure.
Most security experts would recommend these four steps to relative safety on public wireless networks like those found in airports:
These steps won't guarantee you 100 percent safety, but it's a good start if you decide that uploading those Christmas photos to Flickr can't wait until tomorrow.
This video from Forbes provides more details on what you should watch out for:
Thanks to our friends at Kroll Fraud Solutions [97], we have some excellent 2008 tax season tips for avoiding identity theft:
The U.S. economy may not be the only beneficiary of the recently passed federal economic stimulus package – identity thieves are getting a boost, too. Why? In the wake of the recent IRS announcement that more than 130 million Americans will receive tax rebates this year, identity thieves are using the promise of extra cash to lure Americans into disclosing their sensitive personal information.
These “phishing” schemes can take a variety of forms, the most common of which involves an identity thief who calls or e-mails a consumer pretending to be an IRS employee. The consumer is promised a sizable rebate if they file their taxes early. All the caller needs in exchange is the consumer’s bank account number to deposit the check.
The bad news is that schemes like the one described above are common; the good news is that falling victim to one is avoidable – as long as consumers get smart on the facts and follow the proper precautions.
Below ID theft expert Brian Lapidus, chief operating officer of Kroll’s Fraud Solutions, offers some important advice that every consumer should know about protecting their personal information during tax season. At Kroll, Lapidus oversees a highly-skilled team that includes veteran licensed investigators who meet regularly with IRS agents to stay apprised of emergent tax fraud issues – bolstering the team’s specialized work supporting breach victims and restoring individuals' compromised identities to pre-theft status.
Links:
[1] http://fightidentitytheft.com/blog/airport-wi-fi-isnt-secure-even-if-google-makes-it-free
[2] http://www.freeholidaywifi.com/give-back/
[3] http://www.freeholidaywifi.com/photo-contest/
[4] http://fightidentitytheft.com/%20%20%20a.href%20%20%20
[5] http://www.google.com/search?q=AUS airport
[6] http://www.google.com/search?q=IND airport
[7] http://www.google.com/search?q=PFN airport
[8] http://www.google.com/search?q=BWI airport
[9] http://www.google.com/search?q=JAX airport
[10] http://www.google.com/search?q=PIT airport
[11] http://www.google.com/search?q=BIL airport
[12] http://www.google.com/search?q=AZO airport
[13] http://www.google.com/search?q=PWM airport
[14] http://www.google.com/search?q=BOS airport
[15] http://www.google.com/search?q=LAS airport
[16] http://www.google.com/search?q=SMF airport
[17] http://www.google.com/search?q=BZN airport
[18] http://www.google.com/search?q=SDF airport
[19] http://www.google.com/search?q=SAT airport
[20] http://www.google.com/search?q=BUF airport
[21] http://www.google.com/search?q=MSN airport
[22] http://www.google.com/search?q=SAN airport
[23] http://www.google.com/search?q=BUR airport
[24] http://www.google.com/search?q=MEM airport
[25] http://www.google.com/search?q=SJC airport
[26] http://www.google.com/search?q=CWA airport
[27] http://www.google.com/search?q=MIA airport
[28] http://www.google.com/search?q=SEA airport
[29] http://www.google.com/search?q=CLT airport
[30] http://www.google.com/search?q=MKE airport
[31] http://www.google.com/search?q=SBN airport
[32] http://www.google.com/search?q=DSM airport
[33] http://www.google.com/search?q=MRY airport
[34] http://www.google.com/search?q=GEG airport
[35] http://www.google.com/search?q=ELP airport
[36] http://www.google.com/search?q=BNA airport
[37] http://www.google.com/search?q=STL airport
[38] http://www.google.com/search?q=FLL airport
[39] http://www.google.com/search?q=PHF airport
[40] http://www.google.com/search?q=SCE airport
[41] http://www.google.com/search?q=RSW airport
[42] http://www.google.com/search?q=ORF airport
[43] http://www.google.com/search?q=TOL airport
[44] http://www.google.com/search?q=GSO airport
[45] http://www.google.com/search?q=OKC airport
[46] http://www.google.com/search?q=TVC airport
[47] http://www.google.com/search?q=HOU airport
[48] http://www.google.com/search?q=OMA airport
[49] http://www.google.com/search?q=PBI airport
[50] http://www.google.com/search?q=IAH airport
[51] http://www.google.com/search?q=MCO airport
[52] http://www.freeholidaywifi.com/
[53] http://www.freeholidaywifi.com/faq/
[54] http://fightidentitytheft.com/blog/airport-wi-fi-isnt-secure-even-if-google-makes-it-free#comments
[55] http://fightidentitytheft.com/blog/new-trojan-virus-attacks-world-online-banking
[56] http://voices.washingtonpost.com/securityfix/2009/09/online_bank_robbers_target_hea.html
[57] http://www.theregister.co.uk/2009/10/14/microsoft_windows_bank_thefts/
[58] http://www.eschoolnews.com/news/top-news/news-by-subject/technologies/index.cfm?i=61006
[59] http://www.computerworld.com/s/article/9138636/School_boards_hit_with_cash_stealing_Trojan
[60] http://www.fightidentitytheft.com/blog/airport-wireless-network-not-as-safe-as-you-think
[61] http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
[62] http://fightidentitytheft.com/blog/new-trojan-virus-attacks-world-online-banking#comments
[63] http://fightidentitytheft.com/blog/facebook-quizzes-sharing-your-private-data
[64] http://apps.facebook.com/aclunc_privacy_quiz/?ref=mf
[65] http://www.mercurynews.com/topstories/ci_13210334?nclick_check=1
[66] http://fightidentitytheft.com/blog/facebook-quizzes-sharing-your-private-data#comments
[67] http://fightidentitytheft.com/blog/new-breed-super-cookie-defies-removal-almost
[68] http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
[69] http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html
[70] https://addons.mozilla.org/en-US/firefox/addon/6623
[71] http://www.ccleaner.com
[72] http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-os-x/
[73] http://www.securecomputing.net.au/News/152723,top-websites-using-flash-cookies-to-track-user-behavior.aspx
[74] http://fightidentitytheft.com/blog/new-breed-super-cookie-defies-removal-almost#comments
[75] http://fightidentitytheft.com/blog/secure-your-id-day-april-18th
[76] http://www.bbb.org/us/secure-your-id-participants/
[77] http://fightidentitytheft.com/shred.html
[78] http://fightidentitytheft.com/blog/secure-your-id-day-april-18th#comments
[79] http://fightidentitytheft.com/blog/obamas-blackberry-security-strategy
[80] http://www.nytimes.com/2009/02/01/us/politics/01obama.html
[81] http://fightidentitytheft.com/blog/obamas-blackberry-security-strategy#comments
[82] http://fightidentitytheft.com/blog/learn-how-dispose-old-cell-phone
[83] http://www.sciam.com/blog/60-second-science/post.cfm?id=reporter-finds-private-campaign-inf-2008-12-15
[84] http://www.fonebak.com
[85] http://www.informationweek.com/blog/main/archives/2009/01/new_zealand_man.html
[86] http://earth911.com/blog/2009/01/29/study-finds-most-cell-phones-not-wiped-of-data-before-recycled/
[87] http://fightidentitytheft.com/blog/learn-how-dispose-old-cell-phone#comments
[88] http://fightidentitytheft.com/blog/medical-identity-theft-protect-yourself
[89] http://www.worldprivacyforum.org/medicalidentitytheft.html
[90] http://fightidentitytheft.com/credit_report.html
[91] http://www.worldprivacyforum.org/medidtheft_consumertips.html
[92] http://fightidentitytheft.com/blog/medical-identity-theft-protect-yourself#comments
[93] http://fightidentitytheft.com/blog/airport-wireless-network-not-as-safe-as-you-think
[94] http://www.forbes.com/forbes/2008/1208/052.html
[95] http://fightidentitytheft.com/blog/airport-wireless-network-not-as-safe-as-you-think#comments
[96] http://fightidentitytheft.com/blog/-2/keep-identity-thieves-at-bay-during-the-2008-tax-season
[97] http://www.krollfraudsolutions.com
[98] http://www.antiphishing.org/index.html
[99] http://www.irs.gov/individuals/article/0,,id=106778,00.html
[100] http://www.irs.gov/publications/p552/ar02.html#d0e617
[101] http://fightidentitytheft.com/blog/-2/keep-identity-thieves-at-bay-during-the-2008-tax-season#comments
[102] http://fightidentitytheft.com/blog/categories/Privacy?page=1