In one of my recent posts I talked about sexual predators and child molesters and how in some cases they can use their hacking skills to abuse children. of course the most important question is what to do to keep your [tag]kids safe[/tag]?

Luckily, online molesters are still fairly rare type of child predators, but there are many more potentionally dangerous situations in the daily life of your children that should be addressed properly.

The book called “How To Protect Your Child From Sexual Predators” that can show you how to teach your children to stay safe while you’re not around. It’s not just “don’t take candy from the strangers” that we all heard about.

You’ll learn things like The Ultimate Safety Secret, The Five Secrets To Playing Outside Safely, The Magic Approach To Online Safety With Real Results.

Do you know for example that confidence and mental focus are two critical factors that can drastically improve the chances for your kid to avoid potential danger?

Well, I didn’t know either, I’m not an expert on children psychology and behavior or kids safety. Things like this can help your child when s/he needs it most. And the “Keeping Kids Safe” program created by Preston Jones and Joyce Jackson teaches you how to develop those skills in your child.

Take a look at their “Keeping Kids Safe” program and see if you can learn something that might be useful for your kid.

In the previous post I wrote about the test that revealed serious misuse of your personal information by IRS staff. If you’re shocked by the careless atitude of IRS employees in regards to the disclosure of such vital piece of information as people’s SSN, just read this post and you might grasp the whole scale of the problem.

What would you say if I tell you that the personal information of 26.5 million US military veterans plus the records of 1.1 million active-duty personnel are right now in the open and can be used any moment for [tag]identity theft[/tag] or worse?

How in the world could it happen? Human mistake, as always. Last year the laptop of the analyst working for the Department of Veterans Affairs was stolen from his home in Montgomery county, Maryland.

Though this guy had absolutely no right to take such sensitive information home, he was doing it for quite a while, just because it was convinient for him I guess.

When his laptop was stolen, all these data was stolen too. As a result, the information about millions of american soldiers is now floating somewhere completely unprotected.

And if it would fell in the wrong hands, the potential damage could be enormous. Considering this data concerns active millitary personnel, terrorist would probably pay a lot to get their hands on this laptop. I still haven’t heard that this laptop is found. So the real threat still exists.

You can read the whole story at Guardian. The article is named “US troops at risk from civil servant’s stolen laptop“.

So what’s the point of this story? It’s quite simple actually. No one really cares about safe-guarding your SSN, date of birth, mother’s maiden name, your address, etc. So it’s up to you to make sure this information is not used by con artists or indentity thieves.

Until the law is passed that will prohibit companies to request SSN from you as a mean of authentication, your SSN will always be at risk.

Now the obvious question. If you have absolutely no way to make sure your SSN and other information of similar importance is protected, how can you ensure that it won’t be used by identity thieves?

There is no perfect answer to this question. But there are some ways to mitigate the risk.

The answer below is only relevant for US residents. If you live in other countries, you might have similar services, so read on, it will give you idea what to do.

By the US law you’re allowed to request your credit report from each of 3 major credit agencies free of charge once per year. It certainly is not enough to make sure you’re not a victim of identity theft, but at least it’s a start.

Most likely you need to be able to monitor your credit more frequently. You need a system that can alert you the same day some strange activity happened on one of your bank or credit card accounts. The timely alert will allow you to react accordingly and stop the identity theft at the very beginning.

There is a credit monitoring service that does this. It provides comprehensive credit file monitoring and automated alerts of key changes to your Equifax, Experian, and TransUnion credit reports (three major credit report agencies), plus it gives you Free 3-in-1 Credit Report and unlimited access to your Equifax Credit Report™. What is also important, it gives you Identity Theft Insurance with a coverage of up to $20,000 to help you recover from possible identity theft.

Get Equifax Credit Watch Gold 3-in-1 Now! Or if you just want to start somewhere, and are not ready for credit monitoring service, at least request your free credit report to make sure you’re OK. 

Get your FREE credit score Today!  

[tag]Identity theft[/tag] is not even a buzz word anymore. It’s a sad reality of our times. It could happen to anyone anywhere. And it shouldn’t necessarily be the attack of the hacker who cracked the server and copied financial records.

There are numerous examples when people just bought used computers on e-bay, and discovered sensitive financial data on those computers that was supposed to be erased. I’ll just give 3 examples here but I think it’s enough to get the picture.

First example: One Canadian bank was supposed to send 2 servers to the company that can securely erase the data, instead those servers end up on e-bay.

Second example: German police got rid of useless computer, sold it on e-bay and the guy who bought it found tons of criminal records on the machine…

Third example: health department of one USA State sold used computer, and this computer turned out to be a server that stored the records of people with sexual diseases.

So your SSN, and other sensitive information can easily end up on some auction site, no one can guarantee that it wouldn’t.

Of course hackers hack tons of sites and sell thousands of identity records every day -
cheaper by the dozen, you know…

Or, and when you’re giving 4 last digits of your SSN to anyone who asks, you’re not doing yourself any good either. Sure, it might look harmful to you - after all, you’re not giving out your entire SSN. But in reality - it’s almost the same. There are tons of companies who work as liasons with credit agencies - your mortgage broker, for example, who can easily pull up your credit report based on your name, address, and last 4 digits of your SSN.

And that’s basically means that every identity thief with even modest resources can get this information too.

Even if you’re lucky enough to avoid millions of internet scams that are created in such a
way that you give away all your information, you’re still not off the hook.

Or, and one last gem for today. Have you heard about social engineering? It’s a technique
that is often used by hackers for gathering the information that is difficult to receive
otherwise. Hackers often pose as either sys admins or computer-repair techs that claim
something is wrong with either your computer or network, etc, and they need your help to fix
it. Well, you can imagine the rest. If you’re helpfull enough, the entire network of the
company can be indeed “fixed”.

Ok, may be you already heard about these social engineering techniques, and you would ask the
caller to verify his identity before giving him important passwords on a silver platter.

Good for you. Then you’re much more security-savvy than IRS. What IRS has to do with this,
you ask? After all, this organization safeguards our most sensitive financial information
and its personnel sure follows all the security procedures, right? It turned out to be just our wishful thinking.

In reality, all you have to do to receive extremely confidential information is just politely ask IRS agent to give it to you, and s/he will!

According to the Treasury Inspector General for Tax Administration (who oversees IRS
operations), the security test was recently conducted within IRS. This test showed that out
of 102 people who were asked by the test caller to provide either their username or change
password, did so without any second thought!

You can read article “Computer security problems found at IRS” at MSNBC to get the full
scope of the story.

It just shows you that unfortunately your most private information is not as secure as you would hope it would be. So you need to take certain steps to make sure you won’t be a victim of identity theft.

In the next post we’ll talk about things you need to do to prevent the possibility of
becoming the victim of identity theft.

It’s hard to imagine talking about [tag]online security[/tag], and in particular, online business security without the inevitable appearance of the shadow antipode of the [tag]security professional[/tag] otherwise known as “hacker”.

The word “hacker” has such a bad publicity associated with it that for the average Internet users hackers are almost always a synonym of the serious online trouble.

So let’s “set the records straight”. There are many different types of hackers, some of them are really dangerous, others can help you patch gaping vulnerabilities in your business or even save your online business.

They are known as “White Hat Hackers” and they have the full right to be called “the White Knights of the Online World”.

So who are these guys? I would say every gifted programmer who found and reported serious security vulnerability in publicly available systems (either in open source architecture or in commercial application) could be called a “white hat hacker”.

If s/he wouldn’t report this security whole, it could be later identified by black hackers and used as a new exploit for a successful 0-day attack.

Every security professional who stumbled upon un-known security risk during penetration testing and informed not only his client (for whom this testing was performed) but also the community of security professionals, could be called a “white hat hacker”.

The person who was able to reverse-engineer binaries of the sophisticated new virus not only through a creation of a sandbox or virtual machine simulation, but by getting his hands dirty and actually playing with the code and understanding the internal actions of the binaries through core dump analysis, and then show the world the structure of this virus, could be called a “white hat hacker” too. 

All these guys have one thing in common: they used their knowledge to make this world a little better, more secure place. They didn’t use it for their own personal gains.

Make no mistake though - hacking is in their blood, it’s their alter ego. It gives the ultimate joy to their brains, because not many things in life can compare with a thrill of entering the presumably secure system through the newly created backdoor, without being noticed by company’s IDS and avoiding other traps.

But it’s one thing to hack in the system as part of penetration testing, when you was asked to do so by the owner, and use your knowledge to help the company to patch the security holes at the end of your ride. And quite another - to penetrate the same system without permission and rip off all the sensitive data off the company’s servers.

That’s in a nutshell the difference between white hat and black hat hackers.

Stay tuned, we’ll talk about grey hat hackers in the next post.

Child molesters (also called child abusers, [tag]online sexual predators[/tag], etc) are in my opinion the most disgusting type of “online pirates” mentioned above. They target chidren who post their profiles on different social networking sites, popular teenage chats, etc. Starting the conversations with potential victims as if being the child of the same age, those predators not only use the information gathered during chats for their financial benefit, but they also blackmail children and use their knowledge of children psychology to take sexual advantage of children.

Luckily for the world’s safety and sanity, hackers are usually interested in system hacking only from the point of view of getting a financial gain. Stealing is wrong, yes, but it’s far less dangerous than using hacking skills to abuse children.

Unfortunately there are a few morons outhere who combine some level of hacking skills with psychological disorders, and they use their skills to molest children.

In my opinion those are the most dangerous online villains. Adrian Ringland, for example, was caught in 2006 for molesting girls in Britain and Canada. He posed in the chat rooms as a teenager and sent to 13-year old girls a Trojan Horse mascaraded as a picture of him. After “the picture” was downloaded, bastard gained remote control to the victims’ machines and searched for anything that could embarass girls. Then he used this material for successful blackmails.

You can learn more about this frightening case of child abuse from this article:Internet predator jailed for targeting teen girls. Of course, nobody says that identity thieves or hackers that are up to financial gains are angels, but at least they target adults. Other than that there is not much good left to say about identity thieves, either.

It’s probably worth noting that not all identity thieves are hackers. Identity thieves not necessarily hacked into personal computer (or some website’s database) to get victim’s data. They could instead use one of millions online scams that are spread out like a plague all over the Net.

Whereas child molesters and identity thieves deserve absolutely no leniency towards their maliciouis activities, and thus should be prosecuted as harsh as possible, I wouldn’t be so quick to judge hackers. At least, not until we define the types of hackers, their motives and intentions.

Based on their skills and mostly, based on their purposes, I divide hackers into 4 groups.

There are white hat hackers, grey hat hackers, black hat hackers (also called crackers) and script kiddies.

Only 2 groups can be considered a “villain” type: crackers and script kiddies. You might be surprised to learn this, but only those 2 types will launch attacks that will harm your online business.

Black hat hackers will certainly try to get some financial advantage, whereas script kiddies might either stole your data or deface your site, which is annoying but can be easily corrected.

I will talk about “good” types of hackers in the next post.

It’s a well known fact that wolfs are the “corps man” of the forest. Sure, they are beasts of prey, but they rarely attack healthy animals. Most likely they will look for the weaken or infected members of the flock and by killing them wolves will serve the purpose of severe sanitation. Those animals would die soon on their own anyway, but before they do, they would infect many other members of the flock. By eliminating the weakest members of the flock, wolves essentially help to survive the rest of the flock…

I understand that the parallel among hackers and wolves is somewhat artificial. After all, hackers attack not only small businesses, but big corporations and financial institutions as well. Based on [tag]security tools and procedures[/tag] implemented at such institutions, plus the level of knowledge about the security-related subjects that could be found in security departments, those enterprises can hardly be called “the weakest links in the flock”.

However, most successful hacker’s attacks start from the meticulous identification and exploration of possible [tag]security holes[/tag] that could be found in the defence mechanisms.

Thus, each such attack reveals a weak spot in the security echelons and helps corporation to become more secure in the future.

Sure, one might argue that without hackers there won’t be a need to build such elaborate [tag]online security systems[/tag] in the first place. And my answer to this - it’s the law of evolution, only the best “species” survive.

Plus, without hackers the software and application development would go on a much slower pace, and we probably still won’t have tons of useful tools and gimmics that we enjoy today.

Welcome to OnlineWorldSecurity.com. We’re committed to make this site your one-stop resource where you will be able to find answers to major questions related to [tag]online security[/tag] (or at least information that could lead you to the answers).

What is actually online security? If you can give me a straight answer, I will certainly appreciate it. And I will applaud you.

But the matter of fact is, you probably won’t be able to accomplish this task no matter how good you are in certain areas related to this subject. You might be an expert in [tag]encryption algorighms[/tag] or super-wiz with all different servers you can find in existence. It might require you a few minutes to hack into a website that claims to be secure. Or if you’re on a “white side” of the game, to detect (and neutralize) the most sophisticated hacking attack.

You might be an ace with [tag]computer forensics[/tag] or be an undisputed authority in intrusion detection systems. You might specialize in Windows security or prefer the free world of Unix-family systems with their open source psychology.

Ironically, all this really doesn’t matter. All those skills won’t help you to define even in broad terms the borders of this elusive industry.

What is the difference between online security and Internet security, if any? Are those terms just two synonyms or may be there is some clear distinction? Or vice versa: this distinction is so ambiguous thanks to the very nature of the mystery we call Internet that it’s hard to put it in words?

Another question. It’s a common sense that website security, server security and computer security should be included in this field as well as the aspect of wireless security related to the online communications. The identity theft that can be caused by the breach in any of the sub-systems described above should probably be included in this area too, right?

But what about other industries? Is insurance related to the online security? Some may argue that it’s a different field. But can you really run successful online business without such protection?

Should legislative procedures be considered a part of online security? Sure, it’s a completely different field, and lawyers have a turf of their own. But can you really state that online security is something that only tech guys should be dealing with? How long will your online business be able to survive without proper disclaimers and other legal mumbo-jumbo?

Next question. Some people think that online security is the playground for big corporations. But can you really identify the difference between online business security (which is supposedly the prerogative of corporations) and personal online security?

Do you really think that if the personal computer of some big-time CEO is breached, it’s only a matter of personal online security of that particular individual?

On the other hand, do you think that if corporation’s database is compromised and hundreds thousands of clients’ records with personal data are stolen, it’s only the matter of that particular corporation?

Where is the border between those two concepts?

As you see we’re looking on the problem of online security from an angle which is quite different from everything you’ve read before.

Our purpose is to highlight those paradoxes and to establish the real understanding of the concept hidden behind the term “online security”. And if we’ll have to create the whole site with thousands of pages solving this puzzle one piece at a time, so be it.