People still like sending postcards which is the innovative service provided by the online service Touchnote. Registered users send digital photos to Touchnote which then converts them into hard copy postcards that get sent to individuals designated by the registered user.
Touchnote learned on November 4th that it had been hacked. As reported by Graham Cluley, Touchnote sent an alert to its registered users warning them of the hack and strongly recommending that they change their Touchnote passwords (grahamcluley.com; “Touchnote hacked –tells users to reset their passwords”; November 6).
Per the Touchnote email alert (reprinted in Mr. Cluley’s report), hackers accessed users’ names, email and postal addresses, and their order histories. Touchnote doesn’t store credit and debit card numbers, or their expiration dates or security codes. Additionally, Touchnote encrypts users’ passwords and doesn’t reveal them in plain text. Nonetheless, Touchnote still strongly recommended that users pick new passwords.
Touchnote also recommended that users keep close tabs on their credit and debit card statements. That and changing passwords is always sound advice when this kind of hacking occurs.
I want to share with you an informative and timely article a friend sent to me. The article is by Zack Whittaker for Zero Day; Mr. Whittaker wrote recently about the vulnerability of Android devices due to a newly discovered security flaw found on Long Term Evolution (LTE) mobile networks. LTE is also referred to as 4G.
In his article, Mr. Whittaker discussed a recent alert from researchers with Carnegie Mellon; that alert was based on the LTE vulnerabilities discovered by Korean researchers (‘All Android devices’ vulnerable to new LTE security flaw”; http://www.zdnet.com/article/at-t-mobile-verizon-vulnerable-to-several-lte-flaws/?tag=nl.e540&s_cid=540&ttag=e540&ftag=TRE5369823; October 16th). The flaws could permit hackers to eavesdrop on conversations, create false billings and generally invade users privacy.
The security issues are described in detail in Mr. Whittaker’s article as well as in the alert issued by the Carnegie Mellon lab (www.kb.cert.org). T-Mobile customers may have already been affected but a spokesperson for that company has said the issue has been resolved.
Apple products are not affected by the LTE flaw.
Mr. Whittaker’s article and the Carnegie Mellon alert provide a timely “heads up” to consumers using Android devices. Hopefully there won’t be any adverse impact. However, consumers should be aware of any issues with their bills and any alerts issued by AT&T and Verizon.
Congressman Gerry Connolly announced in a recent congressional hearing that he was among the millions of current and former federal employees whose personal data was stolen when the OPM systems were hacked. Moreover, as Jack Moore reports, Congressman Connolly stated he’s learned that within the last several days thieves tried opening new credit cards in his name using his stolen personal information (nextgov.com; “Congressman: OPM Hack Data Being Used to Attempt Identity Theft”; October 6).
How did the Congressman learn about this attempted identity theft? He said that he was contacted by one bank after thieves tried getting the credit card. Mr. Moore wrote that OPM, the FBI and the intelligence community each said there hasn’t been any evidence of the OPM stolen data being fraudulently misused.
However, Congressman Connolly disagrees based on his own experience. After hearing from the one bank, he then contacted one of the identity protection companies OPM has hired to help track misuse of the stolen data. That company told the Congressman about the two attempts at the other banks — with the three banks being all around the country.
The Congressman’s experience is chilling news for the millions of federal employees impacted by the OPM hacks.
The FBI has posted an excellent Public Service Announcement (PSA) about the risks of cyber crime in the ever expanding world of the Internet of Things (IoT). Their PSA is titled “Internet of Things Poses Opportunities for Cyber Crime”; it’s Alert Number 1-091015-PSA and can be found on their Internet Crime Complaint Center website (www.ic3.gov).
Very briefly, their PSA provides:
- a very good explanation of the the kinds of devices that are encompassed in the IoT;
- a discussion of the types of IoT risks that exist;
- examples of the kinds of IoT risks and incidents that consumers might experience; and
- nine separate recommendations about ways in which consumers can protect and defend themselves against such cyber crimes.
The PSA is a handy guidance sheet to have. I recommend consumers reading it and following the practical recommendations being provided.
Here’s yet one more example of the “if it seems too good to be true, it is” type of scam. Graham Cluley recently wrote about this scam that’s been appearing on a bogus Facebook page (www.grahamcluley.com; “No, British Airways isn’t giving away free flights for a year. It’s a Facebook scam.”; September 8th). Hopefully it will be removed soon by Facebook security staff.
This is an especially appealing scam right after Labor Day. People are going back to work and might already be thinking about when they can next take a vacation. This scam plays right into those feelings. Mr. Cluley posted a screenshot of the fake Facebook page — it looks very realistic.
How to get the year of free flights? Mr. Cluley notes that the bogus website page says people can do so by sharing a photo of themselves. As Mr. Cluley wisely advises — don’t do it! He cautions that doing so could result in unwanted spam messages or “…dodgy links that could lead to a malware infection or your account being phished.”
So avoid this scam or any variations of it on Facebook or elsewhere.
I’m very pleased that the HuffingtonPost published a blog of mine today. I wrote about the efforts being undertaken by librarians and the American Library Association to address key issues at the intersection of privacy and technology.
The blog can be found at the following site: http://www.huffingtonpost.com/debra-n-diener/privacy-protectors-crucia_b_8065270.html.
Feedback and comments are most welcome!