Tag Archives: Privacy

AVG

Santa’s Security Secrets

Leave a comment

We all think we know Santa – where he lives (to the nearest Pole!), what he likes to wear (on one day of the year!) – but what do we really know about this mysterious character? What does he do during the rest of the year, what are his hobbies, where does he work on the other 364 days of the year,  what is his ‘real’ name, and more importantly – who is on his naughty list?! None of these personal details have ever been revealed, and even in today’s connected world, Santa has managed to keep his identity a closely guarded secret – but how, and what best practices can we learn from our favorite festive character?

 He wears the AVG Invisibility glasses
Santa saw AVG’s Invisibility Glasses in February and sent us a letter saying “Dear AVG, those Invisibility Glasses are just what I need to keep me invisible during the year. I have been a good Santa, and I hope you can help me out.”

The glasses make it difficult for cameras or other facial recognition technologies to get a clear view of Santa’s identity, so Facebook can’t automatically tag him in that embarrassing picture under the mistletoe, for example! We, of course, agreed to provide a pair, enabling Santa to travel the world without being tracked, seeing sights that would have been difficult to visit due to the number of people taking pictures to post online. Santa has provided us some pictures from his travels that we can share with you here…XXXX.
Cameron, Obama and Santa

Bono and Santa

Taj Mahal and Santa

Eiffel Tower and Santa

While not generally available yet, unless you’re Santa, the concept serves as a reminder to protect your privacy online. There are, of course, many other methods Santa uses to stay private – he has shared a few of them with us in this exclusive interview!

He stays away from social media
“There are hundreds of Santa impersonators on Facebook, but I – the real Santa – am nowhere to be found,” says Santa. Staying away from social media completely might be a challenge for the rest of us, but it’s worth thinking about the information we share via these channels at this time of year. Make sure to check your security and privacy settings to ensure you’re not exposing any information you’d rather not be. “You may want to think twice about posting those pictures of the latest high-tech gadgets you’ve been gifted too – you never know who might be looking!”

He still uses a POLARoid camera
“I never take selfies,” says Santa, “they may get leaked online and that could be awkward.” But with most of us now using our smartphones to take pictures, there are privacy issues you may not have considered. Aside from pictures getting into the wrong hands – the recent VTech hack which may have enabled hackers to steal children’s photos is an example – you might not know that smartphone photos are also oftengeotagged’, meaning that others can find out exactly where your pictures were taken.

His sleigh is Wi-Fi free and disconnected
“Checking out if you have been good or bad is now even easier with people posting so much of their lives on their online profiles. I avoid being located, tracked or leaving things to chance by using an encrypted Virtual Private Network (VPN) when using the Internet,” says Santa. But It would be impractical for most of us to avoid the Internet completely. There are ways to make sure you’re surfing securely and privately though.

Secure your home Wi-Fi with encryption using a strong password. Also avoid public Wi-Fi hotspots when transferring personal details online during bank transfers for example, or follow Santa’s example and use a VPN. Phishing emails also tend to spike around the festive season as cybercriminals try to tempt us with too good to be true deals. If at any point you think the email is spam and fraudulent then do not open or click on any links, just delete the email!

He pays for everything with toys
Santa told us that his “route and present list is a closely guarded secret. I use very strong passwords and a reindeer for two-factor authentication”. If you’re doing last minute shopping online this year, it’s worth taking to time to remember good password practice – to save time, and a potential headache, later! This means using strong passwords that are different for each account, along with additional security codes or the ‘two-factor authentication’ Santa refers to where available.

So now you know a bit more about Santa and his security secrets – hopefully they’ll also help you to stay safe and secure this Christmas. Happy Holidays!

 

 

Image sources:
The British Foreign and Commonwealth OfficeErik (HASH) HersmanTANAKA Juuyoh (田中十洋)Sreejith KBrian Burk

 

AVG

4 Tips for Successful Online Sales over the Holiday Season

Leave a comment

Christmas is nearly upon us, but is your website ready to make the most of it? In fact, let’s go one step further: are is your website, social media and IT systems all singing the same song?

Preparation and a co-ordinated set up is essential if you’re going to make the most out of any uplift in customer attention and desire to buy from small businesses instead of the big brands.

You can have a killer website but if your social media channels aren’t up-to-date too then you’ll look behind the times and disorganised.  If your IT systems that enable you to take, process, and dispatch orders aren’t up to scratch, then any online sales you do make might go to waste.

The web is available 24/7/365 – this is as level a playing field as it gets for small business, especially when advertising and marketing budgets don’t match those of the large and well established brands.

Customers can be fickle and have short attention spans too, hopping from website to website in a matter of seconds if they don’t see what they’re looking for. This is the same for all businesses, but it underlines the importance of having everything ready, up to date and aligned.

Here are four things you can do to make the most of the holiday season for your small business online:

1. Have a dedicated webpage and keep it live all year round
Have a dedicated web page on your site for popular sales events like Small Business Saturday, Black Friday and Cyber Monday… and keep it live all year round! That might sound counter-intuitive when we’re only talking about one day in the year, but there’s a very good reason you should do this. Once a web page is live it’s far easier to manage: the basic structure can stay the same even if the copy and imagery change. Plus, people don’t always follow the rules when it comes to searching for offers and deals online – they’ll start searching for them whenever the mood takes them, wherever they happen to be. As recent research reveals, when people start looking for information about a purchase, they could be doing it using a mobile on the train, a desktop PC at work, or a tablet when they’re snuggled up in bed.

For example, If they start searching for details about Small Business Saturday in September and October – as Google search data shows – then having your web page already live will allow people to find you. Currys use this tactic with their Black Friday web page.

If you take down your page after the event, then search engines won’t be able to show it to customers whenever they start searching for it next year. They’ll draw a blank and you’ll be starting from square one all over again. Why shoot yourself in the foot? Competition for online orders is tough enough as it is.


2. Facebook is a great starting point for a conversation
“Like” it or not, Facebook is a force to be reckoned with. 84% of internet users between the age of 35-44 are on at least one Facebook service, meaning Facebook, Facebook Messenger, Instagram or WhatsApp. That figure goes up to a whopping 90% for 16-24 year-olds. This is where your customers – existing and future – are likely to be spending a lot of their social media time, so if you’re not on there, they won’t see you.

Make sure you’ve set up a Facebook business page. They won’t want to see a constant stream of sales related messages though. Imagine your business page to be a little bit like your personal Facebook page: it should express the everyday goings on and personality of your business. And in between those posts, you can publish business event or sales related messages. If you’re short on ideas, have a look at how other small businesses have used Facebook to grow their business.


3. Make sure your IT system is safe and secure
If it’s the one day in the year you definitely don’t want to be hacked it’s when you’ve just taken a large number of online orders. We can all remember the Ashley Madison scandal and countless other big brands being hacked and losing customer data over the years. A survey of UK businesses conducted this year also reveals nearly nine out of 10 large businesses said they had suffered some form of information security breach in the last year. Don’t be fooled into thinking it can’t happen to a small business. Hackers – and the viruses they release into the world – will target anyone they think might have weak website security.


4. Ask the experts
If you are concerned your ecommerce and supporting IT system aren’t as secure or co-ordinated as they could be, ask for help. There’s a whole host of free resources for small businesses all over the web to help you understand how healthy and secure your IT system is. For example, AVG’s free IT Security Health Check is a good place to start if you’re not an expert with little time on your hands. It’s short and sweet and offers straightforward tips for how to improve your IT security. The UK government is also offering Innovation Vouchers worth £5,000. These can be used to pay for advice which will help protect and grow your business by having good cyber security in place.

 

At the end of the day

Gearing up your website, social media and IT systems to make the most out of the holidays is only half the battle. Making sure they stay safe and secure, and continue to serve you and your customers well, is the other half.

Avast

Retailer’s apps reveal your Christmas list to the public

Leave a comment

By using some retailer’s apps to make your holiday wish list, more people than just Santa Claus can see your list. In fact, it may be accessible to anyone over the Internet!

Santa Claus

America’s most popular retailers collect more information about you via apps than you may be comfortable with.

Recently, the Avast Security Warriors began looking into shopping apps to see what your favorite retailers know about you. They found that these apps, like many other apps out there, collect data and request permissions that are unnecessary for their app to function properly.

Initially, we were curious to see what retailers wanted to know about their customers based on the data they collect. We randomly chose apps from the following retailers: Home Depot, J.C. Penney, Target, Macy’s, Safeway, Walgreens and Walmart. In this blog post, we focus on Target and Walgreens.

You’re making your list and Target is checking it twice!

If you created a Christmas wish list using the Target app, it might be accessible to more people than you want to actually receive gifts from. The Target app keeps a database of users’ wish lists, names, addresses, and email addresses. But your closest family and friends may not be the only ones who know you want a new suitcase for your upcoming cruise!

To our surprise, we discovered that the Target app’s Application Program Interface (API) is easily accessible over the Internet. An API is a set of conditions where if you ask a question it sends the answer. Also, the Target API does not require any authentication. The only thing you need in order to parse all of the data automatically is to figure out how the user ID is generated. Once you have that figured out, all the data is served to you on a silver platter in a JSON file.

The JSON file we requested from Target’s API contained interesting data, like users’ names, email addresses, shipping addresses, phone numbers, the type of registries, and the items on the registries. We did not store any personal information, but we did aggregate data from 5,000 inputs, enough for statistical analysis.

 

An example of the data that we were able to obtain via Target’s API

An example of the data that we were able to obtain via Target’s API

Target doesn’t know if you’re naughty or nice, but they do know who you are 

We took the 5,000 random inputs, and out of curiosity, looked at which brands appear on their registry the most, which states the Target app users are from, and what the most common names of people using Target’s app are.

The top 10 brands on Target app users’ registries

The top 10 brands on Target app users’ registries

 

Map showing where the 5,000 app users are from within the U.S.

Map showing where the 5,000 app users are from within the U.S.

There were more than 1,700 unique names in our sample – these are the top 20 names of Target app users.

Jasmine           162
Jamie               132
Jessica            79
Ashley              67
Jackie              67
Jordan              64
Amanda            58
Jennifer            55
Sarah               45
Jacqueline        41
John                 39
Megan              38
Dominique        36
Heather            34
Amber              33
Jade                 33
Melissa            32
Stephanie         32
Katie                31
Brittany            30

In addition to collecting personal data, the shopping apps we looked at also request a plethora of permissions.

The prize for the most unnecessary permissions requested by a retail app goes to…

Walgreens logoIf you want to choose a shopping app based on the amount of unnecessary permissions it collects then Walgreens is the app for you!

The Walgreens app not only requests permissions that are completely unnecessary for its app to function, but also requests more permissions than any of the other retail apps we looked at – see screenshot below. The Home Depot app came in close second in terms of unnecessary permissions requested.

Walgreens app

 

The Walgreens app has permission to change your audio settings, pair with blue tooth devices, control your flashlight, and run at startup – completely unnecessary for the app to function properly. On the bright side, these retail apps aren’t the most permission-hungry apps we have ever seen, in fact compared to other apps out there they are decent.

But, now imagine what could happen if this valuable customer data landed in the wrong hands. The ways this data could be misused are far and wide. It is, therefore, important that people are aware of how many permissions they grant the apps they use and understand what data the apps collect.

Stay tuned for more as we investigate the vulnerabilities of mobile apps and the need for mobile security.

Continue reading Retailer’s apps reveal your Christmas list to the public

ESET

Microsoft issues warning after Xbox Live certificate ‘inadvertently’ leaks

Leave a comment

A malicious attacker could in theory use the leaked security certificate to launch a man-in-the-middle attack, intercepting Xbox Live usernames, passwords and even payments made by game players.

The post Microsoft issues warning after Xbox Live certificate ‘inadvertently’ leaks appeared first on We Live Security.

Avast

Digital toy company hack exposes information and risks kids’ privacy

Leave a comment

Internet-connected toys gather data on the user and have weak security compared to other computer products.

vtech-innotab

Data stolen from children today can be used to build profiles that will cause trouble for them in the future

Digital devices and toys like cameras, smartwatches, and tablets may be on your child’s Christmas wish list. But more parents are having second thoughts about placing these items under the tree, because Internet-connected toys gather data on the user and have weak security compared to other computer products.

6 million children’s accounts taken by a hacker

This weakness was made very public during the Black Friday shopping bonanza, when a Hong Kong-based digital toy company called VTech lost databases of more than 6 million children and almost 5 million connected parental accounts to a hacker.

By putting the databases together the hacker was able to retrieve personally identifiable information like children’s names, ages, and genders, and even pictures and chat logs were found. Parents’ names, email addresses, secret questions and answers, IP addresses, encrypted passwords, and mailing addresses were also accessed. Supposedly the breach did not include credit card or financial account information exposure.

The hacker responsible for breaking into the VTech databases told Motherboard that his only intention was to expose the company’s inadequate security practices. There has been no indication or evidence that the data has been put up for sale on hacker forums.

“Profiting from database dumps is not something I do,” the hacker told Lorenzo Franceschi-Bicchierai, a staff writer at VICE Motherboard. “I just want issues made aware of and fixed.”

The company has taken several of its sites and services offline after the breach and hired a security company to improve data security.

Do parents have anything to worry about?

Most parents probably have no idea that their children’s data can be compromised, or that there is even anything to worry about. But the danger with stealing even basic pieces of information from a child, is that cybercrooks can begin early to build profiles, setting up the young child for identity theft or other nefarious activities in the future.

“Nowadays it sometimes happens that sophisticated fraudsters use children’s data later on, when they come of age, and establish a credit record or ‘credit footprint’ without the child even knowing it,” Diarmuid Thoma, from security firm Trustev, told ZDNet after the hack was exposed.

The Identity Project, a website which educates people about identity theft, share some potential real-life consequences when a child’s identity gets stolen.

    1. 1. Young adults could be denied the first credit card they apply for because their credit history will show odd behavior.
    2. 2. Their first medical emergency can have incorrect information, because cybercrooks have used it for medical services.
    3. 3. Their DMV records may be tied to criminal activity, which could complicate their license application.
    4. 4. They will be denied a college loan to pay for school.
    5. 5. They will be denied their first apartment and utilities because their credit check fails.

Should parents stop buying internet-connected toys?

With this type of breach made public, parents will now realize the danger that internet-connected toys at home, and even educational technology used at school, may pose to their children in the future because of the lack of security today.

Refraining from purchasing digital items will actually get harder as the Internet of Things universe expands.

We have already become used to sharing personal information in order to get a better experience, so until children’s online protection improves, parents will have to balance the importance of the information they are willing to give up against the benefits of having it used by a company that provides services (think Google or shopping sites) and factor in the level of risk they are willing to tolerate.

image via http://digisns.com/

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.