Monday, November 29, 2010

11 Tips for Safe Online Shopping

Razorpoint believes in protecting you from online identity theft and let's face it, there's every reason in the world to shop online. The bargains are there. The selection is mind-boggling. The shopping is secure. Shipping is fast. Even returns are pretty easy, with the right e-tailers. It's a golden age for not going to the store, yet buying more than ever.

But since the average person will spend almost $700 this season (according to the National Retail Federation, or NRF) and the number of phishing scam sites that resemble e-commerce companies has more than tripled from just July to September of 2010 according to IID's Third Quarter Phishing Trends Report, that means there's so many more chances you could accidentally hand over data to the wrong guy. A busy holiday season is only going to mean even more attempts at stealing your money and your identity.

You're already a step up in safety by shopping online—there's no way for you to leave behind a credit card or wallet that way—but you could still run into trouble. However, with some common sense and basic guidelines in place, your <>should never be troubling. Here are 11 tips for staying safe online while knocking out that holiday shopping list.

1. Use Familiar Web Sites
Start at a trusted site rather than shopping with a search engine. Search results can get rigged to lead you astray, especially when you drift past the first few pages of links. If you know the site, chances are it's less likely to be a rip off. We all know and that it carries everything under the sun; likewise, just about every major retail outlet has an online store, from Target to Best Buy to Home Depot. Beware misspellings or sites using a different top-level domain (a .net instead of a .com, for example)—those are the oldest tricks in the book. Yes, the sales on these sites might look enticing... that's how they get you into giving up your info.

2. Look for the Lock
Never ever, ever buy anything online using your credit card from a site that doesn't have SSL (secure sockets layer) encryption installed—at the very least. You'll know if it has it because the URL for the site will start with HTTPS:// (instead of just HTTP://) and an icon of a locked padlock will appear, typically in the status bar at the bottom of your Web browser. Never give anyone your credit card over e-mail. PayPal, however, is still a good, safe way to make a payment.

3. Don't Tell All
No online shopping store is going to need your social security number or your birthday to do business. But if a bad-guy gets them, combined with your credit card number for purchases, they can do a lot of damage. When you can, default to giving up the least amount of information.

4. Check Statements
Don't wait for your bill to come at the end of the month. Go online regularly during the holiday season and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don't see any fraudulent charges, even originating from sites like PayPal (after all, there's more than one way to get to your money). If you do see something wrong, jump on the phone to address the matter quickly. In the case of credit cards, don't pay the bill until you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems, however; after that, you might be liable for the charges anyway!

5. Inoculate Your PC
Bad-guys don't just sit around waiting for you to give them data; sometimes they give you a little something extra to help things along. You need to protect against such Trojan horse malware with regular updates to your anti-virus program.

6. Use Strong Passwords
We like to beat this dead horse about making sure to utilize uncrackable passwords, but it's never more important than when banking and shopping. Our tips for making a unique password for each site can come in handy during a time of year when shopping around probably means creating new accounts on all sorts of shopping sites.

7. Think Mobile
The NRF did a survey that also predicts that 25 percent of adults will do their online shopping via their smartphones, but mostly as a way of find gifts, not purchase them. You can buck that trend, just follow the advice above. Better yet, download store specific apps like those for Amazon, Target, etc. and use them to find what you want and make the purchase without going to the store or the Web site.

8. Stay at Home
Do we really have to tell you it's a bad idea to use a public computer to make purchases? Hopefully not. If you do, just remember to log out every time you use a public terminal, even if you were just checking e-mail.. But what about using your own laptop to shop while you're out? It's one thing to hand over a credit card to get swiped at the checkout, but when you have to enter the number and expiration date on a Web site while sitting in a public cafe, you're giving an over-the-shoulder snooper plenty of time to see the goods. At the very least, think like a gangster: sit in the back, facing the door.

9. Privatize Your Wi-Fi
If you do decide to go out with the laptop to shop, you'll be on a Wi-Fi connection. Only use the wireless if you access the Web over a virtual private network (VPN) connection. If you don't get one from your employer, you can set up a free one with AnchorFree Hotspot Shield, if you're willing to put up with the ads. By the way, now is not a good time to try out a hotspot you're unfamiliar with. Stick to known networks, even if they're free, like those found at Starbucks.

10. Count the Cards
Gift Cards are the most requested holiday gift every year, and this year will be no exception. Stick to the source when you buy one; scammers like to auction off gift cards on sites like eBay with little or no funds on them upon arrival.

11. Know What's Too Good to Be True
McAfee compiled a list of scams to look for and one of them is the offer of a free product with purchase, in particular the iPad (a very coveted gadget this holiday) or even holiday job offers. Many of these "offers" will come in via social media. Beware even of your friends, who might innocently forward such a thing. Skepticism in these cases can go a long way toward saving you from a stolen card number.

Reposted from Eric Griffith of

Published November 29, 2010

Tuesday, November 23, 2010

Security needs drive cyberforensics industry

This is a great article out of USA Today about Cyberforensics, a field and service that Razorpoint Security is very familiar with and often is asked to help consult with clients on.

Cyberforensics, the science of finding and securing digital evidence buried deep within company networks, is fast emerging as a global industry.

Three major players are in the vanguard. PricewaterhouseCoopers has recently hired several former law enforcement agents and prosecutors to supplement its cyberforensic services, which already have 3,000 employees and 55 labs in 37 countries.

Business — supplier of communications, networking and security technologies to large organizations — has pumped more than $50 million into cyberforensics-related services in the past two years. That includes setting up a state-of-the-art hygienic lab to examine computer circuit boards.

The National Cybersecurity and Communications Integration Center in Arlington, Va.

The National Cybersecurity and Communications Integration Center in Arlington, Va.

And Stroz Friedberg, a private CSI-like company founded by an ex-FBI agent and an ex-U.S. Attorney, recently received a $115 million investment from private equity firm New Mountain Capital to open new offices across the U.S., Europe and Asia.

Demand for cyberforensics is being driven by "the proliferation and complexity of security issues companies are facing," says Alok Singh, New Mountain's managing director. "Issues of data security and integrity are critical for all companies around the world."

Large organizations increasingly need expert guidance preserving and extracting digital records, such as e-mail and copies of sensitive documents, for civil lawsuits and regulatory audits. They also increasingly need help getting to the bottom of security breaches.

U.S. Internet crime losses reached $560 million in 2009, up from $265 million in 2008, says the Federal Deposit Insurance Corp. Research firm Market Research Media estimates that the federal government will spend $55 billion from now through 2015 on cybersecurity.

Globally, a recent study by the Computing Technology Industry Association, a non-profit trade group, found that 63% of large organizations surveyed in 10 nations experienced at least one security incident in the past 12 months, with 45% of those incidents classified as serious.

Much like the CSI investigators portrayed on TV, cyberforensics sleuths preserve the crime scene and use their training, experience and intuition to ferret out crucial evidence. But instead of looking for fingerprints, DNA and ballistics, they hunt for "subtle data attributes inside company networks that have been changed or altered," says Ed Stroz, ex-FBI agent and co-founder of Stroz Friedberg.

forensics director Kim Peretti, a former Justice Department litigator, says the hunt can become intricate. "Looking for breach indicators is really more of an art than a science," Peretti says. "The more you do these types of investigations, the more you know where to look and what to look for."

By Byron Acohido, USA TODAY

Tuesday, November 16, 2010

128 Bit What? Razorpoint on SlideShare!

Razorpoint launched it’s new website a few months ago and one of our great new features are our whitepapers which show our commitment to our clients and dedication to the highest level of service in information security!

This is the first in our series, 128 bit what?!

Your data is encrypted. So what? Are you using SSL, AES, 3DES, or something else? Can your data be compromised with a cryptographic attack? What key length are you using? This paper attempts to shed a bit of light on the myths and misconceptions when dealing with encryption.

Wednesday, November 3, 2010

Is Free WiFi really Ever Free?

Razorpoint came across the article below and find it astounding as it may seem, people still don't get it. I have been in situations where internet access was "really needed," and an open "linksys" or "tmobile" or "default" network seemed like kismet (no pun intended). But, alas, the malicious hackers have taken this all too common scenario and used it to exploit the uneducated (read: most) wireless users. If remote wireless access is becoming more and more of a "must," try getting a MiFi box that allows a private WiFi connection to the box and then relays your connection over a 3G or 4G cellular network.

This way, as long as you have a cell signal, you have your own WiFi connection, even in a moving car or train. of course, if your cellular phone supports "tethering" you could also use your cell phone as a MiFi box. pun = kismet is also the name of a wireless network analysis/hacking tool.

Razorpoint Security will help you and your company prevent intrusions, hackers!

(Newser) – You're stuck in an airport and don't feel like paying $9.95 for Internet access ... but wait! You stumble upon a network called "Free Public WiFi." The heavens are smiling, right? Wrong. Available in thousands of locations across America, "Free Public WiFi" is an "ad hoc" network that connects you to another computer in the vicinity instead of the Internet, wireless security expert Joshua Wright tells NPR. The "zombie network" appears to have spread via a bug in old versions of Windows XP—and it provides an easy access point for hackers. As NPR explains, when computers running the older version of XP can't find one of its "favorite" wireless networks, it creates an "ad hoc" one named after the last network joined ... and the "Free Public WiFi" name then becomes available to nearby computers, enticing their unsuspecting owners to join, explains Wright. He compares its spread to how "a zombie takes a hold of one person, bites them, and they become infected by this zombie virus." He believes it may originally have been created by somebody trying to trick a friend into connecting "so he would get a Web page with some kind of a gross image or childish prank." Other "zombie" networks to steer clear of include "linksys," "hpsetup," "tmobile," and "default."

Originial article: