SEARCH CLINIC

Search engine online marketers
Subscribe Twitter Facebook Linkedin

Archive for the ‘Personal Security’

Twitter launches anti cyberbully policy

April 27, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Personal Security, Search Clinic, Social Media, Social Networking, Twitter, Uncategorized

Twitter is to launch an anti cyberbully policy to act against violent threats as part of renewed efforts to tackle abuse.

Twitter launches anti cyberbully policyTwitter has acknowledged that its previous rules, which said a threat needed to be “direct” and “specific” to justify its intervention, had been too “narrow”.

The firm will still require a complaint to be made before it blocks an account, but it said it was also attempting to automatically make a wider range of abusive tweets less prominent.

The problem is not limited to Twitter – in March, a study of 1,000 UK-based 13 to 17 year olds by broadband provider Europasat indicated that nearly half of those surveyed had been sent abusive messages over the internet.

In February, Twitter’s chief executive Dick Costolo highlighted the issue when he sent a memo to staff telling them that “we suck at dealing with abuse and trolls on the platform and we’ve sucked at it for years”.

Twitter’s rules now state that it may act after being alerted to tweets that contain “threats of violence against others or promote violence against others”.

Twitter will tell some abusers to verify their phone number and delete several tweets before lifting a temporary ban.

By making its criteria more vague than before, the platform can now intervene if, for example, someone says that a victim ought to be beaten up.

It had previously required the aggressor to have provided specific details, such as the fact they planned to commit the act using a baseball bat at the victim’s place of work, before it would respond.

“Our previous policy was unduly narrow, and limited our ability to act on certain kinds of threatening behaviour,” wrote Shreyas Doshi, Twitter’s director of product management, on the firm’s blog.

“The updated language better describes the range of prohibited content and our intention to act when users step over the line into abuse.”

In addition, Twitter will begin freezing some abusers’ accounts for set amounts of time, allowing those affected to see the remaining duration via its app. Abusers may also be required to verify their phone number and delete all their previous offending tweets in order to get their account unlocked.

The firm said it could use this facility to calm situations in which a person or organisation came under attack from several people at once, where it might not be appropriate to enforce permanent bans on all involved.

While such decisions would be taken by Twitter’s staff, the company said it had also started using software to identify tweets that might be abusive, based on “a wide range of signals and context”.

Such posts will be prevented from appearing in people’s feeds without ever having been checked by a human being. However, they will still show up in searches and remain subject to the existing complaints procedure.

A side-effect of this could be that some abusive tweets become harder to detect.

The UK Safer Internet Centre, which represents a number of campaign bodies, welcomed the move.

“These are really good steps,” said Laura Higgins, the organisation’s online safety operations manager.

“Regrettably some people might fall foul of bad behaviour before Twitter can put some of these safeguards in place, but at least it is always looking for new solutions.”

“In cases when there is massive amounts of abuse and it’s all of a similar theme, I think the new system will be good at picking it up, and that’s great. But it would be good to hear what will happen to that data once Twitter has it.”

The announcements build on other recent changes made by Twitter, including hiring more workers to handle abuse reports and letting third parties flag abuse.

Search Clinic repeats the link to How to Report a Tweet or Direct Message for violations

Cyber criminals raided by police

March 06, 2015 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Cyber Security, data security, Dr Search, Hackers, internet, Personal Security, Search Clinic, Technology Companies, Uncategorized

The UK’s National Crime Police Agency has arrested 56 suspected hackers in part of a “strike week” against cybercrime.

The UK's National Crime Agency has arrested 56 suspected hackers as part of a strike week against cybercrimeIn total, 25 separate operations were carried out this week across England, Scotland and Wales. Those arrested are suspected of being involved in a wide variety of cybercrimes including data theft, fraud and virus writing.

The week long series of operations was co-ordinated by the NCA’s National Cyber Crime Unit (NCCU) as well as specialist officers from regional organised crime squads and the Metropolitan Police.

West Midlands police arrested a 23 year old man in Sutton Coldfield who is believed to have been involved in breaking into the network of the US defence department in June 2014.

The biggest operation saw the arrest of 25 people in London and Essex suspected of using the net to steal money, launder cash and carry out other frauds.

The hackers behind that attack stole contact information for about 800 people and data on the network’s internal architecture was also pilfered.
line

The action also resulted in the arrest of people thought to be part of some well known hacking groups.

In Leeds, a suspected member of the Lizard Squad group was arrested, and in London a 21-year-old man was taken into custody on suspicion of being part of the D33Ds Company hacking collective.

The D33Ds group is believed to have been behind a 2012 attack on Yahoo that stole more than 400,000 email addresses and passwords subsequently published online.

Investigations about suspects in Sutton Coldfield, Leeds and Willesden were aided by forensic information provided by the FBI.

The other actions targeted alleged phishing gangs, intellectual property thieves, users of financial malware, companies that offer hosting services to crime groups, and many people who took part in so-called DDoS (distributed denial of service) attacks in an attempt to knock websites offline.

One 21-year-old man from County Durham allegedly knocked out the Police Scotland website mounting such a DDoS attack.

“Criminals need to realise that committing crime online will not render them anonymous to law enforcement,” said Andy Archibald, deputy director of the NCCU. “It’s imperative that we continue to work with partners to pursue and disrupt the major crime groups targeting the UK.”

In addition, this week the NCA coordinated visits to 70 firms to inform them about how vulnerable their servers were to attack and how they could be used by cyberthieves to send out spam or act as proxies for other attacks.

The strike week also involved four forces setting up pop-up shops to give advice to the public about staying safe online and to get their devices checked to make sure they are free of malware and other digital threats.

Police warn on cyber crime threats

April 18, 2014 By: Dr Search Principal Consultant at the Search Clinic Category: Cyber Security, data security, Hackers, Personal Security, Search Clinic, Telecommunications Companies, Uncategorized

Only three out of 43 police forces in England and Wales have a comprehensive plan to deal with a large scale cyber attack, new research has found.

Police warn on cyber crime threatsHer Majesty’s Inspectorate of Constabulary (HMIC) warned only Derbyshire, Lincolnshire and West Midlands had sufficient plans in place.

It also found only 2% of police staff across 37 forces had been trained on investigating cybercrime.

The report examined how prepared police are for a series of national threats.

Last year, the government identified five threats as priorities for police to prepare for. These are:

  • Terrorism
  • Civil emergencies
  • Organised crime
  • Public order threats
  • Large-scale cyber-attacks

As part of its Strategic Policing Requirement (SPR), the Home Office called for a nationally required policing response to counter each of the threats.

The report is the first in a series of inspections looking at how individual forces have responded to the guidelines.

HMIC inspectors said they were “struck by how incomplete the police service’s understanding of the national threats was” and that more needs to be done “collectively by all forces”.

The report called for “much greater attention” from police leaders.

“The capacity and capability of the police to respond to national threats is stronger in some areas than others – with the police response to the cyber-threat being the least well developed,” HMIC’s Stephen Otter said.

Police plans to deal with counter-terrorism, public order, civil emergencies and organised crime were in “stark contrast” with the capabilities for cyber-related threats.

Inspectors found the ability to deal with cyber-threats remains “largely absent” in some forces and that some senior officers across England and Wales are still “unsure of what constituted a large-scale cyber-incident”.

They found forces were “silent” when it came to preventing cybercrime and protecting people from the harm it causes, despite the fact it is “fast becoming a dominant method in the perpetration of crime.

“The police must be able to operate very soon just as well in cyberspace as they do on the street,” the report said.

According to the government’s definition, a large-scale cyber-incident could be “a criminal attack on a financial institution to gather data or money” or an “aggregated threat where many people or businesses across the UK are targeted”.

It also includes “the response to a failure of technology on which communities depend and which may also be considered a civil emergency”.

Basically- despite cybercrime costing the UK ecomony billions of Pounds, our plods are light years from being able to cope- let alone help us.

Moral of the story is make sure that you are as secure as you can be- because the state isn’t capable of nannying you.

Passwords- how to set and remember them

April 15, 2014 By: Dr Search Principal Consultant at the Search Clinic Category: Cyber Security, data security, Dr Search, Hackers, Personal Security, Search Clinic, Uncategorized

With the heightened risk of password hacking Search Clinic thought that it is a good time to refresh your memory on how to set- and remember your secure passwords.

Passwords- how to set and remember themDr Search of the Search Clinic visited the Cheltenham Science Festival a few years ago and attended a lecture by Toby of GCHQ on security in the computer age and posted a post at: top common passwords.

Your starter for ten is to make sure that you don’t use any of them. If you do- then you are already in trouble.

Changing passwords is something many people avoid at all costs- because they fear they will forget the new password.

However, you can make something memorable by simply using the power of association and location. In order to remember a string of online passwords, all you have to do is associate each individual letter and number with a known or fixed item, calling on your imagination throughout.

The more you stimulate and use your imagination, the more connections you will be able to make, and the more you will be able to memorise.

Memory expert Tony Buzan gives tips on how to remember new ones, which should be a long jumble of randomly generated letters and numbers.

No pet’s names- Hackers can find out a lot about you from social media

No dictionary words- Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.

Mix unusual characters- Try a word or phrase where characters are substituted -Whyd03s1talw&ysr*in?

Have multiple passwords- If hackers compromise one system, they won’t be able to access other accounts.

Keep them safely- Don’t write them down – use a secure password vault on your phone. If you must worte them down label the file someother OTHER than passwords.

Tom from GCHQ suggested using a combination of the above, by using multiple words and numbers- with a few symbols thrown in for good measure:

wh1te-rabbt)*m0nth

Good Luck- and safe browsing.

Dangers of constantly on wifi smartphone apps

March 28, 2014 By: Dr Search Principal Consultant at the Search Clinic Category: Apps, Cyber Security, data security, Hackers, mobile phones, Personal Security, Search Clinic, smart phones, Technology Companies, Uncategorized, WiFi

The dangers of constantly keeping your smartphone’s always on has been revealed.

Dangers of constantly on wifi smartphone appsMany smartphone users leave the wireless option constantly turned on on their smartphone. That means the phones are constantly looking for a network to join – including previously used networks.

Once the user has joined a disguised wifi network, the rogue operator can then steal any information that the user enters while on that network – including email passwords, Facebook account information, and even banking details.

This is also why smartphones and other devices that use wireless technology – such as Oyster cards using RFID (radio frequency identification) or bank cards with chips – can betray their users.

Mr Wilkinson – who began developing the Snoopy software three years ago as a side-project – gave the BBC a preview of the technology ahead of its release.

Pulling out a laptop from his bag, Mr Wilkinson opened the Snoopy programme – and immediately pulled up the smartphone information of hundreds of Black Hat conference attendees.

With just a few keystrokes, he showed that an attendee sitting in the back right corner of the keynote speech probably lived in a specific neighbourhood in Singapore. The software even provided a streetview photo of the smartphone user’s presumed address.
DJI phantom SensePost has used the Snoopy software attached to cheap commercial drones like DJI’s Phantom

Drones- not just flying cameras:

  •     Drones are controlled either autonomously by on-board computers, or by remote control
  •     They are used in situations where manned flight is considered too dangerous or difficult
  •     Also increasingly used for policing and fire-fighting, security work, and for filming

For instance, the Snoopy software has been ground-based until now, operating primarily on computers, smartphones with Linux installed on them, and on open-source small computers like the Raspberry Pi and BeagleBone Black.

But when attached to a drone, it can quickly cover large areas.

“You can also fly out of audio-visual range – so you can’t see or hear it, meaning you can bypass physical security – men with guns, that sort of thing,” he says.

It’s not hard to imagine a scenario in which an authoritarian regime could fly the drone over an anti-government protest and collect the smartphone data of every protester and use the data to figure out the identities of everyone in attendance.

Mr Wilkinson says that this is why he has become fascinated with our “digital terrestrial footprint” – and the way our devices can betray us.

He says he wants to “talk about this to bring awareness” of the security risks posed by such simple technologies to users.

His advice? Turn off the wireless network on your phone until you absolutely need to use it.

Mobile position data present anonymity risk

April 02, 2013 By: Dr Search Principal Consultant at the Search Clinic Category: data security, Mobile Marketing, mobile phones, Personal Security, smart phones, Telecommunications Companies, Uncategorized

Scientists say it is remarkably easy to identify a mobile phone user from just a few pieces of location positioning information.Mobile position data present anonymity riskWhenever a phone is switched on, its connection to the network means its position and movement can be plotted.

This data is given anonymously to third parties, both to drive services for the user and to target advertisements.

But a study Unique in the Crowd: The privacy bounds of human mobility in Scientific Reports warns that human mobility patterns are so predictable it is possible to identify a user from only four data points.

The growing ubiquity of mobile phones and smartphone applications has ushered in an era in which tremendous amounts of user data have become available to the companies that operate and distribute them – sometimes released publicly as “anonymised” or aggregated data sets.

These data are of extraordinary value to advertisers and service providers, but also for example to those who plan shopping centres, allocate emergency services, and a new generation of social scientists.

Yet the spread and development of “location services” has outpaced the development of a clear understanding of how location data impact users’ privacy and anonymity.

For example, sat-nav manufacturers have long been using location data from both mobile phones and sat-navs themselves to improve traffic reporting, by calculating how fast users are moving on a given stretch of road.

The data used in such calculations are “anonymised” – no actual mobile numbers or personal details are associated with the data.

But there are some glaring examples of how nominally anonymous data can be linked back to individuals, the most striking of which occurred with a tranche of data deliberately released by AOL in 2006, outlining 20 million anonymised web searches.

Recent work has increasingly shown that humans’ patterns of movement, however random and unpredictable they seem to be, are actually very limited in scope and can in fact act as a kind of fingerprint for who is doing the moving.

Researchers at the Massachusetts Institute of Technology (MIT) and the Catholic University of Louvain studied 15 months’ worth of anonymised mobile phone records for 1.5 million individuals.

They found from the “mobility traces” – the evident paths of each mobile phone – that only four locations and times were enough to identify a particular user.

“In the 1980s, it was shown that you need 12 points to uniquely identify and characterise a fingerprint,” said the study’s lead author Yves-Alexandre de Montjoye of MIT.

“What we did here is the exact same thing but with mobility traces. The way we move and the behaviour is so unique that four points are enough to identify 95% of people.”

“We think this data is more available than people think. When you think about, for instance wi-fi or any application you start on your phone, we call up the same kind of mobility data.

“When you share information, you look around you and feel like there are lots of people around – in the shopping centre or a tourist place – so you feel this isn’t sensitive information.”

Sam Smith of Privacy International said: “Our mobile phones report location and contextual data to multiple organisations with varying privacy policies.”

“Any benefits we receive from such services are far outweighed by the threat that these trends pose to our privacy, and although we are told that we have a choice about how much information we give over, in reality individuals have no choice whatsoever.” 

Paypal predicts the end of passwords

March 04, 2013 By: Dr Search Principal Consultant at the Search Clinic Category: Customer Service, Cyber Security, data security, Dr Search, Ecommerce, Hackers, Personal Security, smart phones, Technology Companies, Telecommunications Companies, Uncategorized

The days of the tiresome password may be numbered- according to Paypal.Paypal predicts the end of passwordsThe fact is that the way we users typically deal with having multiple passwords for our online accounts makes us too vulnerable to spyware, phishing and identity theft.

Many of us rely on the same password, while many more of us only use three or four passwords.

Ideally, the best password would be at least 16 characters with capitals, numbers and special characters – but you’d never remember it.

So the industry is looking to ditch passwords, and is turning to a variety of solutions, such as voice recognition, key stroke analysis and finger print identification.

Payments firm PayPal is one of those leading the changes, and president David Marcus says the aim is to make the whole process seamless.

“Like magic, you’ll be authenticated, and the payment will go through. We want to move away from passwords, and get to embedded fingerprint scanners on mobile phones.”

“You’re going to start seeing that type of experience later this year, with a mass roll-out in the year to come.”

Earlier this month, PayPal, Lenovo and others announced the formation of the Fido Alliance (Fast Identity Online) to change the way online security checks are carried out.

The idea is that users will be able to select the type of authentication that suits them best – from fingerprint scanning to USB tokens.

“The best protection is the one you don’t see – it’s the one that happens in the background, that verifies your identity accessing your own data,” says Mr Marcus.
‘Untapped potential’

For PayPal, solving the password security problem is important because so many people now use it to make purchases – it has 125 million customers in more than 190 countries.

“You shop offline more than you shop online, but in most of these transactions mobile is involved now,” says Mr Marcus.

“As the offline market is 17 times bigger than the online market, there is still huge untapped potential for us.”

The key driver for this has been the way in which customers are increasingly using phones, tablets and other handheld devices to make purchases.

Last year, PayPal recorded $145 billion (£95bn) in total transactions, of which $14 billion were via mobile devices, says Mr Marcus.  “But the year before it was less than $4 billion.

All of which should be welcome news for those of us who continually have to email our online retailers for new passwords, because we’ve forgotten the one we asked them for the last time we tried to buy something from them.

Facebook’s turn to be targeted by sophisticated hackers

February 15, 2013 By: Dr Search Principal Consultant at the Search Clinic Category: Cyber Security, data security, Facebook, internet, Personal Security, Social Media, Technology Companies, Uncategorized

Facebook has revealed it was the latest website to be targeted by a “sophisticated attack” by hackers last month, but found no evidence any user data had been compromised.Facebook's turn to be targeted by sophisticated hackersThe social network said that the attack occurred when employees visited a mobile developer website “that was compromised”.

More than one billion people use Facebook worldwide.

“Last month, Facebook security discovered that our systems had been targeted in a sophisticated attack,” the company said.

“The attack occurred when a handful of employees visited a mobile developer website that was compromised.”

Malware was downloaded on to its employees’ laptops, the firm said, adding: “As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.”

“We have no evidence that Facebook user data was compromised in this attack,” Facebook said in its blog post.

The firm went on to say that it was “not alone in this attack”.

“It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected,” Facebook said.

UK needs more skilled cyber crime fighters- official

February 11, 2013 By: Dr Search Principal Consultant at the Search Clinic Category: Computers, Cyber Security, data security, Ecommerce, internet, Personal Security, Search Clinic, Technology Companies, Uncategorized

Given the recent spate of hacking incidents a timely report from the National Audit Office (NAO) has highlighted that a lack of skilled workers is hampering the UK’s fight against cyber crime.UK needs more skilled cyber crime fighters- officialThe spending watchdog had heard from experts who believe it could take “up to 20 years to address the skills gap”, it said in a report.

But progress has been made in tackling cyber fraud, with more police resources and prosecutions aimed at catching cyber criminals, the NAO added.

The government said it was “investing heavily” in research and education.

The number of IT and cyber security professionals in the UK has not increased in line with the growth of the internet, the watchdog said.

In 2011, ministers announced funding of £650 million to implement the UK’s Cyber Security Strategy, which set out the risks of the UK’s growing reliance on cyber space.

The strategy identified criminals, terrorists, foreign intelligence services, foreign militaries and politically motivated “hacktivists” as potential enemies who might choose to attack vulnerabilities in British cyber-defences.

In a review of the strategy, the NAO said there had been an number of developments to help tackle cyber crime.

The internet economy in the UK accounts for more than £120 billion – a higher proportion of GDP than any other G20 country, the NAO said.

But it warned that the cost of cyber crime is estimated to be between £18 billion and £27 billion a year.

Action Fraud, the UK’s national fraud reporting centre, received 46,000 reports of cyber-enabled crime, amounting to £292 million of attempted fraud, the report said.

And the Serious Organised Crime Agency had captured more than 2.3 million compromised debit or credit cards since 2011, preventing a potential economic loss of over £500 million.

New regional police cyber crime centres and a trebling of the size of the Police Central e-crime Unit had also helped boost the UK’s capability to combat attacks, the watchdog said.

But the NAO warned that the UK faced a current and future cyber security skills gap, with “the current pipeline of graduates and practitioners” unable to meet demand.

Education officials interviewed by the NAO said it could take “up to 20 years to address the skills gap at all levels of education”.

They raised concerns about a lack of promotion of science and technology subjects at school, leading to a low uptake of computer science and technology courses by university students.

Twitter- targetted by hackers

February 08, 2013 By: Dr Search Principal Consultant at the Search Clinic Category: Cyber Security, data security, Dr Search, Email, internet, Personal Security, Search Clinic, Technology Companies, Twitter, Uncategorized

250,000 Twitter users have had their accounts hacked in the latest of a string of high profile internet security breaches.Twitter- targetted by hackersTwitter’s information security director Bob Lord said about 250,000 users’ passwords had been stolen, as well as usernames, emails and other data.

Affected users have had passwords invalidated and have been sent emails informing them.

Mr Lord said the attack “was not the work of amateurs”.

He said it appeared similar to recent attacks on the New York Times and the Wall Street Journal as the US newspapers reported that their computer systems had been breached by China based hackers.

Mr Lord said in a blog post Twitter had discovered unauthorised attempts to access data held by the website, including one attack that was identified and stopped moments after it was detected.

“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” he wrote.

Mr Lord did not say who had carried out the attack, but added: “The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked.”

“For that reason we felt that it was important to publicise this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the internet safer for all users.”

The biggest worry for most of Twitter’s 200 million active users is not this attack per se, but the additional new “phishing” scams the attack has already inspired.

Since Twitter users now know to be on the lookout for emails asking them to change their passwords, criminals are sending out very similar messages.

If users click on the links in those they risk – once again – having their account hacked.

Dr Search warns you- don’t click on links in any emails asking you to change your password- instead go directly to the web site, log in normally, and change it using the instructions without clicking on email links.

“You have to be careful if you get hold of one of these emails because, of course, it could equally be a phishing attack – it could be someone pretending to be Twitter.

“So, log into the Twitter site as normal and try and log in to your account and, if there’s a problem, that’s when you actually have to try and reset your password.”