Norton Identity Safe — a personal online security suite

idsafeheader.jpg

In this increasingly security conscious online world, consciously practicing online security is becoming more and more difficult. How many of us use the same password, or set of passwords for many of our online activities? Or look have software license keys stored in random locations? And have yet another browser app or plugin to help avoid malicious websites?

Earlier this week a new entry appeared in the personal privacy and security space — Norton Identity Safe.

Basically, Identity Safe is a combination of an online password vault, secure storage for private personal information, safe surfing utility, and automated form-filling utility.

It runs within your browser and is available for PC, Mac, iOS or Android device. As well, the application is cross-browser functional so it’ll work within Chrome, Firefox, Safari and Internet Explorer.

Here’s a list of a few key features:

  • Safe Search & Norton Safe Web – Help consumers protect their identities and avoid potentially risky sites by letting them know whether a site is safe to visit directly from their search results.
  • Share³ – Allows users to safely share online content by sending URLs through email and social networking plugins, directly from Norton Identity Safe.
  • Multi-platform synchronization – Synchronizes information across platforms and devices, eliminating the hassle of remembering multiple user names, passwords, contact information and credit card numbers. Norton Identity Safe allows users to access their credentials anywhere they go.

PWCardNote.jpg

Free?
So it seems. According to the Identity Safe website, the application looks like it’ll be a subscription service, but if you install and use it prior to October 1, 2012, it’s ‘FREE of charge forever. No strings attached.’

Of course, there are many other free applications and web services out there that offer one or another of Identity Safe’s features, but Norton’s offering is really more of an online privacy suite, and may be worth checking out, especially if you’re looking for an all-in-one solution.

 
[ad#Future Shop Post Attribution]

Commerce in a post-Wikileaks economy

cc.jpgYou’ve likely seen the news that Visa, Mastercard, PayPal and others are under distributed denial of service (DDOS) attacks by folk who feel that WikiLeaks headman Julian Assange is being persecuted for distributing sensitive information he’d received from others.

Setting aside that entire espionage, sex-by-surprise, persecution, journalism and right to information thing, what’s left is the hacking attempts — coordinated attacks on key points of the infrastructure of commerce. This, as we are in the midst of the holiday buying season. A juicy target indeed.

What’s happening
The coordinated attacks seem to be having some small effect on commerce. According to one report:

MasterCard, calling the attack “a concentrated effort to flood our corporate website with traffic and slow access,” said all its services had been restored and that account data was not at risk.

But it said the attack, mounted by hackers using simple tools posted on the Web, had extended beyond its website to payment processing technology, leaving some customers unable to make online payments using MasterCard software.

How it’s done
By using freely available tools to target and coordinate these attacks, *anyone* can join in the action. Find the right IRC server, download the tools, and turn them on — poof, you’re a ‘hack-tivist’ and  your computer (or computer network) is now part of a botnet:

The weapon of choice is a piece of software named a “Low Orbit Ion Cannon” (LOIC) which was developed to help Internet security experts test the vulnerability of a website to these assaults, the distributed denial of service attacks. The LOIC is readily and easily available for download on the Internet.

The LOIC can be controlled centrally by an administrator in an Internet Relay Chat (IRC) channel, a type of computer chat room; it can seize control of a network of computers and use their combined power in a DDoS attack. The attack is aimed at the target website and when the LOICs are activated they flood the website with a deluge of data requests at the same time.

The DDoS attack prevents the overloaded server from responding to legitimate requests and slows down the website to a crawl — or shuts it down totally. The attacks are coordinated in the IRC channel, and on Thursday, around 3,000 people were active on the Operation: Payback channel at one stage.

One side effect of all this is that the participants are also testing the limits of the commerce infrastructure for hackers and others who’s intentions may not be so noble as preventing a perceived injustice.

The impact
So what does this mean for retailers and customers in the next few weeks and months, and what does this mean for the future of online commerce?

  • Slow or blocked online commerce — if the servers are clogged, your online merchant may not be able to process your credit card or PayPal transaction, and can’t complete the sale
  • Increased attacks — depending on how this spate of incidents turns out, copy-cats will use the same techniques against new targets, or evolve their own methods and tools
  • Increased unease — new online consumers will have another reason to *not* shop online, preferring to continue shopping at brick and mortar shops as they’ll feel more secure
  • Increased security — essential to recover control of the commerce infrastructure and to demonstrate to consumers that online commerce works and is safe
  • Increased cost — better and tighter security isn’t free, so this ‘cost of doing business’ will be factored into the retail process, resulting in higher prices

The Genie is out of the bottle
Yep, the tools and techniques have been around for a while. It’s taken one event like this to catalyze a motivated and unconnected group of people around the world to participate in coordinated action. We will see more of this, maybe aimed at political institutions, national governments, or launched by environmental activists. Welcome to a new reality.

Keeping the Internet safe, one browser at a time

Microsoft’s Internet Explorer browser hasn’t been my daily work browser for many years, and I can’t see that changing anytime soon. There are many reasons that I’m not going to go into, but these days it’s mostly about what I’m familiar with. From the satisfaction numbers I’ve seen, IE is still quite the powerhouse browser-of-choice for a large majority of Internet users, but it’s not my cup of tea.

But this post isn’t really about my selection of browser. Rather, it’s about an interesting online initiative focusing on Kinsa, the Kid’s Internet Safety Alliance.

The campaign, dubbed Browse with Confidence is a new online destination designed to promote safe browsing using Microsoft’s IE 8 browser and features links to product information, and downloads.

But that’s not all
The really cool part about this is the way the Browse with Confidence initiative is generating funds for Kinsa. As you can see in this image, Microsoft Canada is donating $2.00 when you ‘post your support’ on your Facebook Wall. The more people post, the more Kinsa gets. Simple.

So, yeah, Microsoft gets a little PR bump out of this, but in my mind, the big benefit is to Kinsa, who:

“…helps to find, rescue and heal child victims of abuse whos images are shared on the Internet.”

For more information, check out the video, or hit Kinsa’s website. And consider giving your support to Kinsa.

Other Resources:
Microsoft’s Browse with Confidence news release

The browser you’re using right now is actually tracking your online activity

An interesting news release by the Electroinc Frontier Foundation last week shows that anonymous web surfing may not be as anonymous as previously thought. Due to each browser’s unique characteristics and configuration (fonts available, screen size, IP related information etc) it seems that many browsers create a unique ‘fingerprint’ that can be used to track you as you surf the Internet …more



This post is an excerpt from one of my weekly posts on the Future Shop Techblog. Check out the full post here.


Getting Twitter Spam? Here’s how I deal with it

This is the second part of a post series I started a few days ago, dealing with Twitter spam.

What got me thinking about it was the recent spate of incoming DM tweets from trus­ted people I follow. I received another one this morning.

I’m coming at it from the perspective that it’s not deliberate. Rather, these unwitting spammer’s have fallen vic­tim to diabolically-crafted account phish­ing schemes and their Twit­ter accounts are now compromised and sending spam without the real account owner’s knowledge. As such, I always give owners of spamming accounts the benefit of the doubt, once. Only once.

Part Two — How to deal with Twitter spam

If it’s a normally trusted user sending spam DMs
A spam DM (Direct Message) can only come from someone you follow. You can only reply via DM if you, in turn, follow that account. This is why it’s such a disappointment when you receive spam from a trusted source…but remember, at this point we believe the account has been compromised.

The process I use is rather simple yet it gives the account owner a chance to:

  • recover control of the account,
  • let their followers know what’s happening,
  • continue to be a responsible member of the Twitter community.

Alert the spamming account
First contact the spamming account. I do this through DM to allow them to safe face, and deal with the issue in their own way and timeframe.

  • Let them know the account has been compromised
  • Ask them to change their password, so the spammer can’t get back in
  • Ask them to review outgoing DMs to see who was spammed, to alert their community and verify that they indeed did send the spam
  • Ask them to check their ‘approved app relationships’ that they’ve given account access to. This is usually personality quiz or ‘What Hero Are You’ type apps. If something is suspect, revoke the apps access.

Here’s what I usually send, via DM:

I think your account has been compromised - just sent me 'quiz' spam. Check your Sent DM, change PW, & review Settings/Connections

Non DM ‘Mention’ spam
If you notice a tweet or RT (ReTweet) that has your twitter name mentioned, but a spammy shortened link in the body (not one you’d used) run, do not walk to your DM panel.

Your tweet was harvested and hijacked by spammers. The content was altered to include the spam shortlink, making it look like you sent the original tweet.

Send a DM to @spam with the account name. Twitter folk will deal with the account. And let your followers know that a previous tweet was hijacked. You will, of course, need to follow @spam (which is kinda weird) but it works 🙂

So, as far as Twitter spam goes, that’s how I roll. How ’bout you? Do you have any cool or crafty techniques you use to deal with spam?

There’re two parts to this subject, which logically means that I’ll deal with it in two posts:

How to avoid becoming a Twitter spammer, the easy way

Over the last few weeks I’ve been receiving spam on Twitter from trusted people I follow.

It’s not that they’ve all been overcome by the need to monetize their Twitter accounts (there, I said monetize in a blog post, I’m doomed), rather, they’ve fallen victim to diabolically-crafted account phishing schemes and their Twitter accounts are now compromised.

There’re two parts to this subject, which logically means that I’ll deal with it in two posts:

Part One – How to avoid becoming a Twitter spammer
To keep from becoming an unwitting victim of Twitter scammers hijacking your Twitter account for their own nefarious purposes, there’s really only a few simple things to remember:

Trust
Only give your Twitter password and account name to people or services you trust — treat it like your email or bank account.

And Verify
Verify that the Twitter login page is actually associated with the Twitter domain, and not a numbered IP address or some other domain name. It should always be http://twitter.com or https://twitter.com. As long as the domain name is OK, you should be fine.

A high-tech solution
Don’t use your Twitter name or Password to sign up for ‘free offers’ or personality tests. Instead, open a new tab on your browser, log in to Twitter the normal way — this sets up a secure session. Now that you’ve established a session with Twitter, go back to the previous tab with the twitter service showing you the password requester. Refresh that page, and you will likely see a OAuth login, like this one.

OAuth is a more secure way to give a third-party access to your Twitter account, without revealing your password.

But don’t rely on technology alone, no process if fool proof — even OAuth.

Consider the first two points and always weigh the risk. Ask yourself the question, “is it really important for me to give them my Twitter login, take that personality test, and potentially spam my friends and followers — putting my reputation at risk?”

How to use a webcam as a home security camera

Over the years as I’ve acquired various bits of hardware, I’ve somehow ended up with a few ‘extra’ webcams. Not really wanting them to languish in my parts bin, I figured I’d take a stab at setting them up as home security cameras. And, I wanted to check out what my dogs were up to during the day 🙂
My kitchen was the perfect test area, as I already had a windows-based PC there. All I needed to add were some USB Extension cables and I was set. So for you list-minded folk, here’s what I used:

I positioned the cameras where I’d have a good view of the floor-space and entrance. It takes a bit of trial and error to get the right angle and in one case I had to use a weight to keep the Logitech Camera in place…the twists of the cable wouldn’t let the camera sit flat.

On the software side, I chose to go with an online solution,  HomeCamera.com. This was much simpler than setting up a home web server and webcam capture solution. I wanted something that was pretty much plug-and-play.

Our subscribers use HomeCamera’s built-in motion detection for security cameras, to receive image and video intrusion alerts on their email and mobile phones. Features like automatic recording schedules enable you to see what happened in your home throughout the day, even while you’re on an out-of-town work trip. Business customers use HomeCamera to watch over their factories, their shops, warehouses, and more.

Setup was pretty simple. I tweaked the camera settings using the camera manufacturer’s setting software, then ran the HomeCamera.com client.

The Client allows you to set up and share your cameras. Again, very easy.

Since HomeCamera.com is in beta, their service / performance may fluctuate — though I’ve never had any issues.

As well, HomeCamera.com service is free during this beta period. According to the site, there will be a free option, but also a paid one too:

We expect to exit beta and go commercial in early 2010. At that time, we will offer two service plans: FREE (which is pretty much the service you see now, with a few limitations on number of online cameras and server storage) and the full service (with video streaming) at US$ 29.95 YEARLY. Yes, that’s $29.95 per year – we want to keep the price low enough for regular people to easily afford the service. At this price, it’s cheaper than a cup of coffee a month…

So, I now have a video-based home monitoring system. Basically free, as I had all the parts anyway.

There are other online monitoring solutions out there, but this one just seemed to be the simplest for me…got any ideas how I can improve this setup? Let me know!