Thursday, August 20, 2015

Should one fret over the leaked Ashley Madison data?

Several news sites have reported that 15 GB of identity data stolen last month from online has been made available on the darknet. Three sites have since sprung up with allows interested parties to query the site to ascertain the identity of Ashley Madison users. allowed married people to have short extramarital affairs. While the morality of the services provided may be questionable, and is perhaps best left to judgment of individuals, there is a serious risk of reputation damage if the data is fake.
There are several reasons why it may be. Firstly this is not the first leak to appear online; there have been several in the span of the last month. Then, there is the question of the validity of the email address and other details which were never verified. There is always a probability that a prominent person or an associate’s identity was used to create a profile. From one analysis, it seems that 90% of the users were male and most of the female profiles were fake. If this is true than users subscribed but may not have been able to use the site. Many users may have subscribed due to curiosity or for fun. Some articles seem to suggest that once subscribed removing a personal profile from the site was not easy. Finally, there is a strong suspicion that some of this data may have been amalgamated from other breaches.

On the flip side there seems to be several reports of individuals claiming to verify that they were users of the site and confirming their email ids in the released data.
Whatever, may be the truth, I would like cybercitizens to know that though it seems to be a sordid affair not to disrupt your personal lives purely by data that cannot be verified put out on the net. 

Tuesday, August 18, 2015

8 steps to prevent a stolen phone from ruining you digital life

Smart phones are lost because they were accidental forgotten at public places or stolen. A phone today, is a cybercitizens gateway to their digital life. It allows use of apps for services such as for banking, social networking and taxi booking, storage for personal pictures and videos, email, instant messaging and telephony.
Most phones have an Internet finder program which helps to locate phones connected to the Internet. The service works well, if the phone is forgotten at places which are likely to have a lost and found counter like airports and restaurants where the staff is unlikely to pocket it. More often, the key risk is the loss of battery life effectively shutting down the phone. Even when a phone is lost and picked up by a person wanting to return it, a study has shown that most of the people browse private data like contact and pictures, understandably to locate the owner.
Most thieves quickly switch off the phone and remove the SIM card to effectively disable the Internet finder applications. When a phone is stolen or lost there are three risks that the owner face.
Financial Loss
Typically, you lose the value of the phone and the additional cost of calls made from the phone which obviously, one has to pay for. While there may be insurance that can be bought to recover part of the cost of the phone; to prevent fraudulent calls the cellular provider needs to be quickly alerted to deactivate the number.  Ensuring that the phone is protected by a strong screen saver password will mitigate the risk of expensive calls.
Reputation Loss
Many personal applications like Facebook, twitter, email or such social media accounts are logged on and can be accessed without a password allowing personal information to be read or malicious comments to be written. Such comments may affect personal reputation or be defamatory which may results in soured relationships or legal action. Hereto a strong screen saver password can help. If the thief is unable to crack the password, the simplest action would be to format the phone, reload the operating system and sell it in the black market
Privacy Loss
Privacy can be lost in two ways. By viewing data stored directly on the phone memory or on memory cards such as personal pictures, by reading private posts, email and by looking up the browsing history. Private data such as sexting pictures of other individuals received and stored on the phone may compromise their privacy.
Four steps that cybercitizens should take to reduce the risks to themselves and the incentive a thief gets from a stolen phone:-
1.        Set a strong password and short lock screen timeout.  If your phone provides the option to erase data after several unsuccessful tries to enter a passcode, typically 10, activate it. New phones disallow the formatting of the operating system without a password thereby rendering the phone worthless and reducing the incentive to steal it. A strong password or passcode has at least 8 characters that include some combination of letters, numbers, and special characters
2.        Try to avoid using external memory cards unless they are encrypted
3.        Update the phone regularly, to ensure that  vulnerabilities which can be exploited to unlock password protected phones is patched
4.         Backup contacts and other data
Four steps that cybercitizens should take when the phone has been stolen or lost and returned.
1.        Use the Internet finder app to locate the phone and erase data
2.        Reset all passwords for apps and accounts even if the phone has been returned
3.        If returned, reformat and reload the operating system to avoid any malware being surreptitiously loaded. Malware can be used to spy, steal credentials and cause an even bigger financial loss
4.        Block you SIM card by calling up your cellular provider

Saturday, August 15, 2015

LuciusonSecurity among the Top 50 Infosec Blogs 2015

Digital Guardian a Gartner Quadrant leader in the Data Protection product market has named this blog as one of the Top 50 Infosec Blogs you should be reading.

Thanks you Digital Guardian

Friday, August 14, 2015

I lost money because my petrol pump was hacked by attendants!

The neighborhood petrol pump which I occasional use, was in the news for allegedly tampering with the meter readings. Some of the staffers had hacked the circuitry to modify the pulser readings which converted the flow volume to the digital readout. As a consequence, 5% of the bill value was inflated. Hacking is typically associated with software and remote Internet connections, but all sort of meter readings can be tampered with to skim small sums of money or develop glitches that result in inflated bills.
The only way to tackle such misuse is by surprise calibration checks and stringent penalties. In the case of the above petrol pump, the ingenious system also had a switch to toggle back to normal values during a calibration inspection.

The police believes that this particular fraud may be widespread, which simply demonstrates the ease with which the perpetrator of the modified pulser is able to sell his invention without being caught.