Stealing data via a desktop telephone?

Data protection is a hot topic. In many countries worldwide new data protection laws are implemented. These laws are created to ensure that personal data as stored and processed by companies and organizations will be protected against theft and modification.

A well-known example is the General Data Protection Regulation (GDPR) as approved by the EU last year, which will become active in 2018. It will become law in all member countries. It is not a directive which can have different interpretations and timelines per country but will be the same law in all member states.

Data protection regulation is relevant when data can identify or provide information about a specific person. Personal data can be anything. Names, addresses, etc. of course. But also photos, financial documents or medical data. And – taking the European laws as an example – not just for the data owner, but also for third parties processing the data (e.g. cloud service providers) on his behalf. It also means that most regulation crosses international borders. The EU regulation applies to all companies who process personal data of European citizens.

What does data protection regulation cover? Typically, companies need to have a proper administration of which data are stored where (including local spreadsheets with customer data). They also should make it possible for customers to have their data erased and the design of their systems should guarantee data protection (called ‘privacy by design’). Finally, they have to inform the regulator and public about data breaches that occurred and penalties are increased to the level which can mean a serious financial risk for a company.

However, it is not just about your data infrastructure

Of course, everything is data nowadays. Also, voice telephony is a data service, and that is specifically the case for VoIP infrastructures and services as deployed in many companies and organizations. We noticed however that the key focus of many data protection projects is on traditional ICT infrastructures. VoIP is often a blind spot.

While…it is also about voice communications

Ignoring VoIP could mean a serious mistake, however. Let’s have a look for example at a medical institute. Patients definitely don’t like the idea that their information becomes public. Nevertheless, the phone can provide easy access to these data. First of all, a modern desktop telephone provides access to the complete contact list of the user of that extension. A customer list, or – in the medical institute – the list of patients for example. This is just a beginning. The desktop phone also gives direct access to the voicemail system, which may disclose some very sensitive information. For example, if one medical specialist shares his diagnosis with a colleague. The biggest risk is however that office phones are the perfect social engineering tool. If someone has unauthorized access to a business telephone, just his caller ID makes him a trusted person to other employees of the organization as well as staff from other organizations. This trusted personal contact is the best way to acquire sensitive information and other personal data.

So, are your business telephones secured?

Most people think that advanced business desktop telephones can be secured by a PIN or something similar. Which is true. However, this security is often not used. The security mechanism most of the time means that employees have to enter a username (for example an email address) and PIN via the very basic keypad of their telephone, which is a very inconvenient procedure. So in many occasions, once logged in, people keep their phones logged in as long as possible. Or the login mechanism is disabled completely. There are examples of professional service managers actually giving such advice to their end-users.

The impact is that many office telephones provide open access to private and other sensitive data. Not at a level that millions of customer or patient records can be downloaded at once. But still, via the telephone, private documents and other information can be stolen from your organization right now. Therefore, protecting your office telephones may be an essential step in your companies data security plans.

Tips And Tricks To Regain Your Stolen Identity

Stolen identity is a frightening experience, and it causes a lot of headaches and frustration. The trick is to stay protected whether you’re shopping online or simply giving out your credit card to a live cashier. If you’re already a victim of identity theft, here are a few tips and tricks for regaining your identity:

Understand Identity Theft

Identity theft is more than just a stolen credit card number. Many thieves are now using private information, such as your social security number, birthdate, and/or name to commit fraud, such as applying for loans or credit cards under your name. Approximately 9 million Americans are part of an identity scam, but most aren’t as extreme. Even mild cases of identity theft are difficult to resolve, but with the right support, financial experts can help.

Act Fast When Your Identity is Stolen

The first thing to do is contact each of the credit reporting agencies: TransUnion, Equifax, and Experian. They can put an alert on all of your open accounts, and can also freeze your social security number from any other accounts being opened or accessed. Next, utilize resources on the FTC website. Many of the forms available on this site will help expedite the process. Depending on the type of theft, you may choose to file a police report with your local precinct.

Keep Track of all Your Information

Next, close any fraudulent accounts and if there are suspicious charges on your own accounts, close them out too. You can do this by calling your banks, credit card companies, and any other businesses with which you have accounts. Keep detailed records of how much time you spend, because if the case ends up going to court, you can seek damages for these hours. Several months after the loss, obtain a credit report to make sure that all the fraudulent charges are gone. Once you complete these steps, your credit will return to its original status.

Learn to Prevent Future Identity Theft

You can also take preventive steps to avoid identity theft before it happens. One tip is to never carry your social security card. If you use a debit card, don’t keep the Personal Identification Number with it. Some experts recommend that you never use a debit card for online purchases. Since this links to your checking account, a thief can drain your bank account in just a few transactions. A credit card is much more secure, since it’s much easier to reverse a charge and issue a credit instead of trying to replace stolen money. Be cautious when using websites to shop, and make sure they have valid security and encryption.

Use Tools That Help

If you receive credit card applications, bank statements, or other personal documents by mail, make sure to shred them instead of tossing them in the trash. Keep careful track of your credit card and bank statements, and report any unauthorized activity immediately. Another great tool is LifeLock id protection, which helps monitor your patterns and alert you of any changes in spending.

With so many resources, identity theft becomes more manageable, and those affected can resolve the problems and return to financial freedom.

Motorola Increasing The Security Of Its Android Phones – Buys 3LM

The security on Blackberry phones is impeccable, there is no doubting that. So, Motorola is planning to do the same with its Android phones – make them as secure as possible for which they have bought 3LM. 3LM is a security device developer that designs security softwares for Google’s Android based phones, thus making the Android devices as secure as Blackberry. This is in fact a good move by Motorola as it is planning to implement the phone’s startup security on the phone itself than asking users to buy a security application from the Android Market Web Store.

3LM apparently is planning to start security solutions for other companies that produce Android based smartphones as both Motorola and 3LM do not want a conflict with other companies about security solutions for Android devices.

iPhones Easily Vulnerable To Hacks

The iPhone that we are using can be cracked and all the passwords and data on the phone can be stolen. All this can happen in less than six minutes time. Wondering how? Two researchers from the Fraunhofer Institute Secure Information Technology, Germany have been able to achieve this feat. These two researchers used a jailbreak on the iPhone and installed an SSH server (a secure shell or a network protocol used for network exchange) after which they ran a script to access the keychain and in under six minutes passwords along with their screen names popped up on their home screen.

Along with the phone’s security, the script used by the researchers was also able to break into one’s Gmail, MS Exchange and the VPN as well and recovered the usernames and passwords asociated with these programs too.

The researchers have suggested to change passwords immediately in case you have to lose the phone. Beware folks.

Sophos Antivirus Now On iOS and Android Phones

Sophos which offers enterprise security solutions has now launched the Sophos Mobile Control for mobile phones that run on Goolge’s Android OS and the iPhones. It has to be noted that Sophos does not offer any solutions for home based computers and only concentrates on enterprise solutions. This new mobile security is also for businesses that are run on hand held smart devices like the iPads, iPhones, Android based phones and the Windows phones. This Mobile Control Security adds extra security to the data on these phones.

This mobile security options on phones is also centralised allowing the users to wipe off any confidential data from the phones or lock them in case the handset gets lost. This new security control also restricts the use of other unwanted devices like the camera,youtube et. allowing the users to carry on with their work unhindered.

Android 2.3 Gingerbread Update Vulnerable to Identity Theft?

The most anticipated update, Google’s Android Gingerbread 2.3 which is currently available only for the Nexus S users may not be that hail and hearty after all. According to a warning posted by a researcher from the North Carolina University, this update is vulnerable and can lead to identity thefts. The researcher warns that the security vulnerability of this update can easily allow hackers to access photos, voicemail, videos, bank details and even the contents on an inserted memory card. Not only can they access, but they can also upload this data on to their servers.

Millions of Nexus S and Nexus One users across the world are still plagued with the Android SMS bug even though a fix to this bug was made available. Google has started working on a fix, but in the meanwhile, users are sure to have some security problems with this unavoidable bug.

Kaspersky Anti-Virus Website Caught Sending Malware To Users

How ironic! The website of the popular anti-virus service provider Kaspersky has been compromised by hackers who reportedly pushed malware to Kaspersky users for more than three and a half hours before it was brought under control. This is not the first time Kaspersky has fallen prey to malicious hackers. The website has fallen prey close to 36 times since 2000 and the most recent hack before this one was in early 2009 when a security lapse resulted in hackers getting access to the back-end database of the website.

In a statement released now, Kaspersky has admitted to the hack but has noted that no secure information was compromised.

“The website was simulating a Windows XP Explorer window and a popup window showing scanning process on the local computer and offering the user a fake antivirus program to install. The domain was making these redirections for 3.5 hours in total.”

Symantec Releases Norton AntiVirus 2011 & Norton Internet Security 2011

Symantec has released the latest version of its antivirus software along with the new Internet Security product that is aimed at minimizing cybercrime. The popular security software provider has supplemented the launch with the release of its latest Cybercrime report where it claims that close to 65% of the global internet users have fallen prey to cybercrime – including online credit card theft, identity theft and computer viruses.

Speaking about the products itself, the new Norton Antivirus comes with features such as the Reputation service that instantly checks for the source of files, Pulse updates that dynamically updates the local virus database as well as a SONAR Behavioral protection system. The Internet Security 2011 software too comes with similar features in addition to the Download Insight that warns users of dangerous files before they are installed.

The two softwares are available on the Symantec website at an annual cost of $39.99 and $69.99 respectively.

Scan Your Mobile Phone For Virus From A Computer With PC2Mobile Scan

Earlier this week, an Android Trojan was discovered by Kaspersky labs and was traced to Russia. Just a day earlier, BBC had published a report on how easy it was to create spyware applications for smartphones. Now, if you are scared of having contracted a virus on a mobile phone and wondering how to remove it, the PC2Mobile scan should come of help.

Developed by India-based Quick Heal technologies, this is the first of its kind virus scanner that will let users scan their mobile phone for virus by connecting it to a computer via cable or Bluetooth. The application was launched in May this year and now supports close to 550 different mobile handsets made by Asus, Apple, Fujitsu, Nokia, Motorola, Sony Ericsson, Samsung, HTC, BlackBerry, etc.

The PC2Mobile scan software is available as part of Quick Heal’s Total Security 2010 suite that is priced at Rs. 2,000 ($43 apprx.)

Android Multimedia Player App Is A Malicious Trojan Virus

Kaspersky Labs have dug out an Android app that disguises itself as an innocuous media player app but is in fact a malicious virus application that hacks the owners’ mobile phone to subscribe their number to premium rate numbers that end up transferring money from the user’s account to the criminals’.

Kaspersky has identified the trojan as Trojan-SMS.AndroidOS.FakePlayer.a and has noted that the app is available in the conventional .APK format of Android apps and weighs only 13kb in size. A number of Android devices are reported to have been affected though all the victims are at present identified inside Russia.

Kaspersky has noted that such malicious programs in fact ask for the user’s permission to offer access to premium rate services which are often blindly agreed to by users. You may remember a recent study conducted by BBC that showed how creating spyware applications for mobile phones was pretty easy.