Eavesdropper Vulnerability Exposes Mobile Call, Text Data


Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure.

Posted in Solutions | Comments Off on Eavesdropper Vulnerability Exposes Mobile Call, Text Data

Week in Photos: Nov. 4-10

Week in Photos is a collection of the best images published on Defense.gov during a seven-day period.

Three soldiers fire a shoulder mounted missile system.

Army Spc. Matthew Williams, a cavalry scout assigned to 2nd Cavalry Regiment, fires a Stinger missile using Man-Portable Air Defense Systems during Artemis Strike, a live fire exercise at the NATO Missile Firing Installation at Crete, Greece, Nov. 6, 2017. Army photo by Sgt. 1st Class Jason Epperson

An aircraft lands on an aircraft carrier at night as red and blue lights glow.

An aircraft lands aboard the aircraft carrier USS Nimitz during night flight operations in the Philippine Sea, Nov. 9, 2017. The Nimitz Carrier Strike Group is deployed in the 7th Fleet area of operations to support maritime security operations and theater security cooperation efforts. Navy photo by Navy Petty Officer …More

Marines in running wear walk in a line along the Vietnam Veterans Memorial, reading the names on the wall.

Marines enrolled in the Marine Corps University’s Sergeants Course view the Vietnam Veterans Memorial in Washington, D.C., Nov. 3, 2017, during a motivational run with Army Command Sgt. Maj. John W. Troxell, the senior enlisted advisor to chairman of the Joint Chiefs of Staff. DoD photo by Navy Petty Officer 1st Class …More

A solider in water holds her hands in front of her face with a parachute over her.

Army Spc. Emily Moller demonstrates forming a proper air pocket under a parachute canopy during wet silk training while attending the Special Forces Basic Combat Course at Torii Station in Okinawa, Japan, Nov. 6, 2017. Moller is assigned to the 1st Battalion, 1st Air Defense Artillery Regiment. Army photo by Spc. Aaron …More

Light beams show as squiggle in the air.

Students use flashlights to create a light display at Point Vicente Elementary School in Rancho Palos Verdes, Calif., Nov. 3, 2017, during a Science Night event with airmen from Los Angeles Air Force Base. Air Force photo by Sarah Corrice

A group of sailors sing on the field at a stadium.

Members of the Navy Band Sea Chanters chorus sing “Lean on Me” at MetLife Stadium in East Rutherford, N.J., Nov. 5, 2017, during a halftime show as part of the NFL’s Salute to Service campaign. Navy photo by Senior Chief Petty Officer Stephen Hassay

A sailor in an orange vest waves two orange and yellow flags as a landing craft moves on the shore.

A sailor signals to an air-cushioned landing craft from the shore at Onslow Beach at Marine Corps Base Camp Lejeune, N.C., Nov. 5, 2017, during a composite training unit exercise. Marine Corps photo by Staff Sgt. Dengrier M. Baez

An airman, shown in silhouette, works on a cell tower.

An airman helps repair cell towers in El Yunque National Forest, Puerto Rico, Nov. 3, 2017, while supporting Hurricane Maria relief efforts. The airman is assigned to the 85th Engineering Installation Squadron. Air Force photo by Master Sgt. Joshua L. DeMotts

A soldier and two girls handle small stuffed animals while gathered in front of a bright mural.

U.S. Army Chief Warrant Officer 3 Kaylan Harrington, an Afghan National Army Special Operations Advisory Group mentor, talks with children while assisting at a medical clinic in Kabul, Afghanistan, Nov. 6, 2017. Air Force photo by Senior Airman Sean Carnes

Three Marines kneeling on a flight deck hold their thumbs up on either side of an aircraft.

Marines prepare to launch an F/A-18C from the flight deck of the USS Nimitz in the South China Sea, Nov. 6, 2017. The aircraft carrier is supporting security efforts in the U.S. 7th Fleet area of operations. Navy photo by Petty Officer 3rd Class Cole Schroeder

One parachutist holds onto the open door of an aircraft as two others fall in the distance below him.

Members of the Leap Frogs, the Navy’s parachute team, jump from an Air Force C-130 Hercules, during a parachute demonstration at the Stuart Air Show in Stuart, Fla., Nov. 5, 2017. Navy photo by Petty Officer 3rd Class Kelsey L. Adams

Marines look straight ahead during a ceremony.

Marines with color guards from various units stand in position before the Joint Daytime Ceremony at Marine Corps Base Camp Lejeune, N.C. Nov. 8, 2017. The event honored the 242nd Marine Corps birthday and included the traditional birthday cake-cutting. Marine Corps photo Staff Sgt. Mark E. Morrow Jr.

Soldiers crouching in a line fire weapons, creating a large fireball.

Soldiers fire M240 weapon systems during training in Djibouti, Nov. 1, 2017. The soldiers are assigned to Combined Joint Task Force Horn of Africa’s East African Response Force. Air Force photo by Senior Airman Erin Piazza

Airmen and veterans salute during a Veterans Day ceremony.

A veteran holds an American flag during a Veterans Day ceremony at Yokota Air Base, Japan, Nov. 10, 2017. Members of the Veterans of Foreign Wars Post 9555 took part in the event. Air Force photo by Senior Airman Donald Hudson

A child looked through a military assault rifle.

A student peers through the site picture on a military assault rifle held by a military police officer during an engagement in Olecko, Poland, Nov. 8, 2017. Soldiers from the 100th Military Police Company and local Polish police officers participated in the engagement. Army photo by 1st Lt. Ellen Brabo

Posted in Solutions | Leave a comment

Week in Photos: Oct. 28-Nov. 3


Week in Photos is a collection of the best images published on Defense.gov during a seven-day period.

Posted in Solutions | Comments Off on Week in Photos: Oct. 28-Nov. 3

NY Attorney General Proposes Stricter Data Security Laws


New York Attorney General Eric Schneiderman is proposing legislation to tighten data security laws and expand protections.

Posted in Solutions | Comments Off on NY Attorney General Proposes Stricter Data Security Laws

Traveling with Technology: An Information Security Guide


Traveling abroad with technology brings with it certain risks and may subject you to government surveillance in ways that are different from domestic travel. According to the FBI, you shouldn’t expect privacy in most countries outside the United States. Your data is less secure when you travel.

Posted in Solutions | Comments Off on Traveling with Technology: An Information Security Guide

Investor Alert: Beware of Paid-To-Click (PTC) Scams

The SEC’s Office of Investor Education and Advocacy is warning investors about investment scams conducted through online paid-to-click (PTC) programs.

Getting paid to click on online ads may sound like an easy way to make money, but can also result in losing money. Online paid-to-click (PTC) programs often promise investors a share of the program’s profits in exchange for paying an upfront fee or buying products. For example, a PTC program may claim you can share in its profits if you buy “ad packs” or other advertising products. These PTC programs might promise you advertising services such as displaying your ads on their network or guaranteeing traffic to your website if you become a member or buy their ad packs. They might even promise to share their profits with investors who have nothing to advertise – simply buy the ad pack and share in the profits.

Before you purchase a membership or any advertising product from a PTC program, be aware that some PTC programs may be scams. For example, some PTC programs may be Ponzi schemes, where money from new investors is used to pay fake “profits” to earlier investors. Don’t let your guard down just because a PTC program claims it is not an investment scheme. Look out for these red flags:

  • Easy money. Be skeptical if you are offered high returns in exchange for merely purchasing products or for trivial tasks such as clicking on a certain number of online ads each day. Any investment opportunity that sounds too good to be true probably is.
  • Required upfront payments. Be wary if you are asked to pay money upfront to participate in a PTC program, even if it’s supposedly for a membership plan or product purchase. Why would a company require you to pay a membership fee or to buy a product, for the “opportunity” to click on ads?
  • No revenue from genuine products or services. Ask to see documents, such as financial statements audited by a certified public accountant (CPA), showing that the PTC program generates real revenue from selling products or services. If the PTC program has no revenue from customers other than its own members, any returns you receive are likely from other investors’ buy-in fees.
  • Virtual address. Verify that the business address listed for the PTC program is legitimate. For example, enter the address into an online search engine and be skeptical if the results suggest it is not a valid address or that the PTC program does not have legitimate operations at the location.
  • Withdrawal problems. If you have trouble withdrawing your money or are required to reinvest your profits, it may be because there is not enough money coming in from new investors to cover earlier investors’ withdrawal requests.

In two recent enforcement matters, the SEC charged companies for conducting Ponzi schemes through purported online advertising programs:

  • In SEC v. Traffic Monsoon, the SEC brought an enforcement action against a purported online advertising company and its operator for conducting a Ponzi scheme. The operator allegedly solicited investors through the company’s website and YouTube videos to purchase advertising products called “AdPacks.” According to the SEC’s complaint, each AdPack provided advertising benefits to the investor (20 clicks to the investor’s banner ad and 1,000 visitors to the investor’s website) and the ability to share in the company’s profits. The SEC alleged that more than 162,000 investors purchased approximately $207 million in AdPacks. More than 99% of the money that the company distributed to investors allegedly came from investors purchasing new AdPacks.
  • In SEC v. Pedro Fort Berbel, et al., the SEC charged a company and its principal officer with operating a Ponzi scheme through its purported online advertising businesses, MLM Shop, The Business Shop, and Fort Ad Pays. The defendants allegedly solicited investors through online posts and videos (in languages including English, Spanish, and French) on the defendants’ websites. In its complaint, the SEC alleged that these posts and videos claimed that investors could share in the businesses’ profits. The businesses allegedly required investors to purchase a plan or an advertising product. According to the SEC’s complaint, one of the businesses offered potential returns of 120% in exchange for purchasing an “Ad Pack” for as little as one dollar and clicking on four banner ads each day (or alternatively, investors could purchase a plan that did not require any action). The defendants allegedly raised $38 million from investors and kept at least $7 million for themselves to pay for a Florida private home, automobile expenses, and private plane charters, and to fund other businesses. Roughly 99% of the money generated by the defendants’ businesses allegedly came from other investors’ payments.

Additional Resources

View document in SPANISH – translated version,
available at https://www.investor.gov/alerta-para-los-inversionistas-tenga-cuidado-con-el-fraude-de-click.

View document in FRENCH – translated version,
available at https://www.investor.gov/alerte-aux-investisseurs-m%C3%A9fiez-vous-des-arnaques-la-r%C3%A9mun%C3%A9ration-au-clic.

Investor Alert: Beware of Pyramid Schemes Posing as Multi-Level Marketing Programs

Investor Alert: Affinity Fraud

Check out the background, including registration or license status, of anyone recommending or selling an investment, using the search tool on Investor.gov.

Report possible securities fraud to the SEC. Ask a question or report a problem concerning your investments, your investment account or a financial professional.

Visit Investor.gov, the SEC’s website for individual investors.

Receive Investor Alerts and Bulletins from the Office of Investor Education and Advocacy (“OIEA”) by email or RSS feed. Follow OIEA on Twitter @SEC_Investor_Ed. Like OIEA on Facebook at facebook.com/secinvestoreducation.

The Office of Investor Education and Advocacy has provided this information as a service to investors. It is neither a legal interpretation nor a statement of SEC policy. If you have questions concerning the meaning or application of a particular law or rule, please consult with an attorney who specializes in securities law.

Posted in Security | Leave a comment

30 Things to Not Share on Social Network


The idea of ​​this list arises from an increasing and recurring demand for collaboration in managing cows or ducks for Farmville: a game that has become increasingly viral on Facebook.

Social gaming and its notifications can be blocked in the settings, but there are those who appreciate this pastime, and if you are among these you need to know that Farmville has 80 million monthly players of all ages and it was even elected the Social Gaming of the year 2010. Have not you ever tried and just now you have come to test it?

Between notifications of life requests, chances, coins and miracles for various games, you might risk ruining your reputation, so try to protect your privacy and be careful about what you publish on the Social Network.

Here is a list of 30 things you should not share on Social Network:

1- On Facebook: Which chicken are you pushing or what cow you are missing on Farmville. Do you think it really could interest you?

2- Still on Facebook but in Mafia Wars: how many people you killed and where they were buried. Hold down the Rambo that is in you.

3- Photo where you are at a party in conditions that would be best to hold for you.

4- While you are doing a party: maybe someone who you did not invite is also coming.

5- Pictures showing you flirt with your boss’s wife during the annual pre-natal dinner. And then in January what will happen?

6- That you have a relationship.

7- What are you thinking about having a relationship?

8- Disappointment on your boss.

9- You complain about your job, confessions that you would like to leave it and then maybe let you go out in front of them after reading the post.

10 – Photographs that clearly state that you were not really at home sick that day.

11- What are you thinking of getting sick.

12 – Screams and quarrels with your friends (unless you’re in a reality show).

13- Problems with your parents. Rather call a friend.

14- Password.

15- Password Tips with Your Dog Names. Tell your parents in particular.

16- Photos and videos of your children. You never know where they can go.

17- Warn that you have just escaped from the prison and are running away.

18- Disclose what you think of a lawsuit still underway.

19- Do not link your Linkedin professional profile to other social ones you use for your beloved.

20- Do not give information about how much you have on your current account.

21- Personal information.

22- How to increase the number of friends or followers, which already sounds like a scam.

23- What are you going to vacation.

24- The period you’re going to be away.

25- Your Daily Habits: Thieves use this information to their advantage.

26- Show that you do stupid things goes against your reputation.

27- How much you pump in the gym, how many miles you run and how many you want to run to keep you in shape. Leave the surprise effect and stupid everyone when they see you next time!

28- Make a point of your political or religious idea. It’s not a talk show!

29- What did you eat for breakfast, lunch, dinner or snack.

Finally, if you’re not sure what you are about to share: do not do that, thank you.

The post 30 Things to Not Share on Social Network appeared first on LearningSimplify.

Posted in Solutions | Comments Off on 30 Things to Not Share on Social Network

Simple Banking Security Tip: Verbal Passwords

There was a time when I was content to let my bank authenticate me over the phone by asking for some personal identifiers (SSN/DOB) that are broadly for sale in the cybercrime underground. At some point, however, I decided this wasn’t acceptable for institutions that held significant chunks of our money, and I began taking our business away from those that wouldn’t let me add a simple verbal passphrase that needed to be uttered before any account details could be discussed over the phone.

Most financial institutions will let customers add verbal passwords or personal identification numbers (PINs) that are separate from any other PIN or online banking password you might use, although few will advertise this.

Even so, many institutions don’t properly train their customer support staff (or have high turnover in that department). This can allow clever and insistent crooks to coax customer service reps into validating the call with just the SSN and/or date of birth, or requiring the correct answers to so-called knowledge-based authentication (KBA) questions.

As noted in several stories here previously, identity thieves can reliably work around KBA because it involves answering  questions about things like previous loans, addresses and co-residents — information that can often be gleaned from online services or social media.

A few years ago, I began testing financial institutions that held our personal assets. I was pleasantly surprised to discover that most of them were happy to add a PIN or pass phrase to the account. But many of the customer service personnel at those institutions failed in their responses when I called in and said I didn’t remember the phrase and was there any other way they could verify that I was me?

Ultimately, I ended up moving our investments to an institution that consistently adhered to my requirements. Namely, that failing to provide the pass phrase required an in-person visit to a bank branch to continue the transaction, at which time ID would be requested. Their customer service folks consistently asked the right questions, and weren’t interested in being much helpful otherwise (I’m not going to name the institution for obvious reasons).

Not sure whether your financial institution supports verbal passwords? Ask them. If they agree to set one up for you, take a moment or two over the next few days to call in and see if you can get the customer service folks at that institution to talk about your account without hearing that password.

While a great many people are willing to trade security for more convenience, it’s nice when those of us who are paranoid can opt-in for more security. A great, recent example of this is Google‘s optional “advanced protection” feature, which makes it much harder for password thieves to hack into your Gmail, Drive or other Google properties — even if the attackers already know your password.

“The opt-in, ultra-secure mode is intended for truly high-risk users, including those who face the threat of state-sponsored, highly resourced cyberespionage,” writes Andy Greenberg for Wired. “Think politicians and officials, high net-worth individuals, activists, dissidents, and journalists.”

Greenberg continues:

“As such, it’s a strict and unforgiving system, designed to reinforce every possible weak link that hackers could use to hijack your account. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into your Gmail or Google Drive. Google’s malware scanners will use a more intensive process to quarantine and analyze incoming documents. And if you forget your password, or lose your hardware login keys, you’ll have to jump through more hoops than ever to regain access, the better to foil any intruders who would abuse that process to circumvent all of Google’s other safeguards.”

Gartner fraud analyst Avivah Litan says she has long relied on verbal passwords for her most important accounts.

“I think a verbal password is a good step and definitely adds more security than does KBA built on top of heavily compromised credit bureau and life history data,” Litan said. Plus it’s free and convenient.  It’s of course not perfect and consumers should try to use verbal passwords that are unique for them and which they don’t use for online passwords —  in case the latter have been compromised by hackers.”

Verbal passwords should not be confused with voice biometrics, a technology some financial institutions are now adopting that can help authenticate customers while profiling and blocking fraudsters who repeatedly call in to customer service representatives. Even if your institution offers voice biometrics, adding a verbal password/passphrase is still a good idea.

Julie Conroy, research director at market research firm Aite Group, said financial institutions are still very concerned about putting up too many hurdles for good customers, so many are treading lightly on verbal passwords.

“Many FIs are moving in the direction of not just asking for the password, but also behind the scenes they are performing analysis of the call characteristics as well as the consumer’s voice print,” Conroy said.

Have you asked your financial institution(s) to add a unique verbal password/passphrase for your most important accounts? If so, sound off about your experience in the comments below.

Posted in Aite Group, Andy Greenberg, avivah litan, gartner, Julie Conroy, KBA, Other, Solutions, verbal password, voice biometrics, wired | Leave a comment

November 3, 2017: Vero Beach Orthopedic Surgeon Charged in Drug Conspiracy Resulting in Death

November 3, 2017: Vero Beach Orthopedic Surgeon Charged in Drug Conspiracy Resulting in Death

Posted in Solutions | Leave a comment

November 3, 2017: Five Charged in Alleged Opioid Prescription, Healthcare Fraud Scheme

November 3, 2017: Five Charged in Alleged Opioid Prescription, Healthcare Fraud Scheme

Posted in Solutions | Leave a comment