Archive for February, 2009

The Canadian government ran a video competition for youth called the 2008 My Privacy & Me National Video Competition. The seven finalists, and the winning entry, have been announced! Each video tries to teach youth how technology affects privacy in some way.

The first place video, made by the John F. Ross CVI school in Ontario, was entitled ‘A Lesson in Privacy’:

The video shows a little turtle signing up for Facebook, providing lots of private information that people shouldn’t share online. A little snail tries to teach the turtle a lesson in online privacy. The 7 finalists can all be viewed here.

If you’re an educator or parent, perhaps the videos would be a good tool to illustrate the topic of privacy. Or perhaps you can use it as inspiration to start your own video project! Also check out the My Privacy Quiz, to see how well you know your privacy rights in Canada, and the top 10 things you can do to protect your privacy.

Via privacy commissioner blog

A LoJack for Laptops costumer was recently the victim of a home burglary that left her without a laptop and several other electronics. She reported the burglary to local police and informed the Absolute Recovery Team of the laptop theft. Absolute began to track the laptop’s location, while the proactive customer let people know her laptop was stolen.

The customer worked diligently to get word out across her small town that the stolen laptop was equipped with LoJack for Laptops, and that this tracking software would swiftly locate the machine and identify its unauthorized user.  The local PD followed suit, publicizing the laptop’s use of LoJack for Laptops and its ability to track criminals and facilitate their persecution.

Although Absolute was quick to identify the laptop’s unauthorized user as a individual known to both the customer and police, “word on the street” caught up with the suspect before police were able to. Upon hearing that the stolen machine was equipped with LoJack for Laptops, the thief safely returned the laptop to the customer’s front steps.

Click here to learn more about the Absolute Theft Recovery Process.

Please note that indictments and criminal complaints are merely unproven accusations and that the accused in all cases are presumed innocent until proven guilty.

Javelin Strategy & Research have released the results of their 2009 Identity Fraud Survey Report. The result confirms that the number of identity fraud victims rose by 22% to 9.9 million adults in the US for 2008. The total annual fraud amount, the amount criminals were able to obtain illegally, went up to $48 billion.

The report, which is based upon a survey of 24,000 US respondents, aims to help understand identity fraud and the success rates of methods in prevention, detection and resolution. Highlights from the study include:

• Identity fraud incidents increased by 22% to 9.9 million victims, levels not seen since the survey began 2004 (attributed to economic uncertainty)
• Cost to consumers for identity fraud is down to $496 (from $718)
• 71% of fraud incidents began occurring less than 1 week from when the data was stolen (up from 33%)
• Women were 26% more likely to be victims of identity fraud; it also took women nearly twice as long to catch fraud. This points to a lack of education of fraud detection.
• Lost or stolen wallets, checkbooks and credit/debit cards were most likely avenues of attack (43%), when access was known
• Average fraud amount, per incident, is $4,849 (the amount criminals obtained illegally)

As the result of better means of fraud detection and resolution, fraud is being detected and resolved more quickly. Thus, although the identity fraud victims went up (a bad thing), the consumer cost per incident went down by 31% to $496 per incident. I think consumers would agree that this is still a high cost and one which doesn’t even account for the time and anxiety such an incident would cause.

The Javelin report is available in two versions, one for consumers and one for industry professionals. The consumer report offers best practices for protection while the professional report looks at trends and on impacts to consumer behavior. You can download either report here.

Also check out Absolute Software’s recent study with the Ponemon Institute: The Human Factor in Laptop Encryption.

The daughter of a LoJack for Laptops customer recently reported the theft of her mother’s laptop to local authorities and the Absolute Recovery Team. According to the daughter, her boyfriend had borrowed the laptop, and while on his way to return it, was robbed at knife-point. The Absolute Recovery Team began to track the missing computer, collecting user and location information each time it logged on to the Internet.

The Recovery Team was quick to provide authorities with the address of the laptop’s most recent user. When police visited the residence, they were met at the door by a man who claimed to have recently purchased the computer from an acquaintance. The man’s father was quick to advise him to return the laptop, however, believing the transaction to be suspicious and suspecting that the laptop was a stolen good. To avoid a heavy conscience, the man had returned the laptop to the original seller shortly before police had arrived. When police asked for information on this seller, the man identified a familiar face – the daughter’s boyfriend.

When confronted by police who were looking for answers, the daughter admitted to stealing her mother’s laptop and then working alongside her boyfriend to craft the entire scenario. Hoping to sell the laptop for some extra cash, the daughter falsely reported the theft to mislead police. After the sale fell through, she had hidden the laptop in her closet, afraid to reveal the truth to her mother.

The laptop was recovered and has been returned to the mother – an angry parent, but a happy LoJack for Laptops customer.

Click here to learn more about the Absolute Theft Recovery Process.

Please note that the indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty

It was Data Privacy Day on January 28th and Canada’s Privacy Commissioner put together The Top 10 Ways Your Privacy Is Threatened in order to commemorate the occasion.

Data Privacy Day was marked on January 28th in Canada, the United States and in 27 European countries. It is a day meant to remind us that data privacy is important and that we should all be better advocates for it. As the Canadian government notes:

“Every day, we see headlines about sophisticated phishing attacks, enormous data breaches, in both the public and private sectors, and the proliferation of identity theft. It is no coincidence that as businesses began to recognize the immense potential of personal data in their efforts to connect with customers, so too did criminals begin to realize its value.”

Here is what the Canadian government suggests are the 10 ways your privacy is threatened:

1. People need to stand up for their privacy as a right
2. Information flows too freely with privacy protection laws being unequal around the world
3. Identity theft is a lucrative business
4. Cybercrime and physical data theft (laptop theft, unshredded documents)
5. Data breaches in all sectors and a lack of reporting requirements – so you may never know
6. Businesses collecting, but not protecting, data
7. Governments collecting data for national security and public safety
8. Information posted on social networking sites without reviewing privacy policies or privacy settings
9. Information you submit to new applications, online games or online shopping
10. Surveillance cameras, swipe cards, Internet searches

A task force that was charged to assess technologies for protecting children from unwanted online contact has put together a report. The report indicates that no single approach is a guarantee or foolproof system to protect kids. Therefore, they encourage that parents and teachers continue with vital oversight of Internet usage.

The Internet Safety Technical Task Force (ISTTF) out of Harvard’s Berkman Center for Internet & Society was created in February 2008 by the Attorneys General Multi-State Working Group on Social Networking and MySpace. After a year of study, the final report was presented to the 52 Attorneys General in December of 2008. The task force was made up of a group of 29 Internet businesses, non-profits, academics and tech companies.

The report found that the risks minors face online are not significantly different than those they face offline – though they are complex and multifaceted. Part of this conclusion was drawn from a lack of data about sexual predators using social networking sites. As they age, the report found that minors were contributing to some of the problems they face online.

Interesting conclusions from the study:

• Bullying and harassment – mostly by peers – are the most frequent threats both online and offline
• Unwanted exposure to pornography does occur online, but mostly to those seeking it out
• Social networking sites are not the most common space for solicitation and unwanted exposure to problematic content – though they are used by peer-to-peer cyberbullies
• Minors most at-risk online are those who engage in risky behaviors and have difficulties in other areas of their lives – psychological makeup and family dynamics predict risk better than use of certain technologies
• Almost all technologies present privacy and security issues
• Social networking sites have been aggressively pursuing technologies that promote safety for minors – innovation is promising

The report concludes that there are promising developments in technologies to protect kids online but that such technologies are not enough:

“Technology can play a helpful role, but there is no one technological solution or specific combination of technological solutions to the problem of online safety for minors. Instead, a combination of technologies, in concert with parental oversight, education, social services, law enforcement, and sound policies by social network sites and service providers may assist in addressing specific problems that minors face online.”

The task force set out a series of suggestions for the Internet community, the Attorneys General, to parents and more. They point out that more resources should be allocated to all the many-faceted stakeholders working to protect minors online.

See the report presented and debated in this video and download the final report here.

Via MSNBC

Absolute recently received a theft report from a salesman, who claimed that his Computrace-equipped company laptop had been stolen from his vehicle. The laptop logged onto the Internet soon after, allowing the Absolute Team to extract information on the computer’s unauthorized user and location. As Absolute continued to piece together details, the user’s profile became increasingly familiar.

Once Absolute had recovered enough information to identify a key suspect and the laptop’s believed locale, they handed information over to police to perform the physical recovery of the machine. Police visited the provided address, where the salesman answered the door, company laptop in hand.

After stealing the laptop himself, the salesman reported the theft to Absolute and authorities in a feeble attempt to mislead police and direct attention elsewhere. Unfortunately, neither Computrace nor the local PD was fooled by the ‘clever’ ploy. When confronted by authorities, the salesman claimed that he assumed that the laptop had been stolen upon the time of reporting, but found it soon after. Police were not convinced by his story, particularly as the man failed to inform his company, Absolute, or authorities of this find, and continued to use the laptop for several days after he had supposedly discovered it. The salesman was arrested at the scene and has since been charged, and was terminated from his company. With Absolute’s help, the laptop has been returned to its rightful owner.

Click here to learn more about the Absolute Theft Recovery Process.

Please note that the indictments and criminal complaints are merely unproven accusations, and the accused, in all cases, are innocent until proven guilty.

Absolute Software today announced that it is ISO 27001 Certified. This confirms Absolute’s core promise to maintain the highest standards of internal security.

A third-party audit confirmed that Absolute achieved International Organization for Standardization (ISO) 27001 certification for its production IT operations for customers.

“Not only does the ISO certification recognize our high security standards, but it lets our customers, partners and prospects know that we take the protection of their data extremely seriously.” – John Livingston, CEO of Absolute Software

ISO 27001 is the international standard developed specifically for Information Security Management Systems (”ISMS”), requiring that a company uses a systematic approach to managing sensitive information and ensuring data security. The 10 different control categories can be found here.

Back in December we announced that Absolute Software’s Computrace would now be built into the hardware level of select Lenovo ThinkPad T400 notebooks. These are the first notebooks to ship with support for Intel’s Anti-Theft Technology and Computrace built right in. We also posted a nice review that Intel’s Chris Hubbard did of using the Computrace product – how it works, why it’s good, and how easy the set-up is.

Now here is a silent video demo of Intel’s Anti-Theft Technology with Computrace:

The video will take you a few minutes to run through, but it essentially shows you how an IT Admin would set up the AT-p services including Computrace laptop monitoring and recovery services. The whole process can also be found detailed at the Intel Expert Center blog.

It was only a matter of time before malware targeted to the Mac OSX became more aggressive. Last month, the first “major” malware threat to the Mac was discovered.

The iWork09 Trojan, which is disguised as pirated software, is the first sophisticated malware threat for the Mac platform. It contains peer to peer-like characteristics and is downloaded as part of a pirated iWork installation. Upon installation, the malware will create malicious files and will modify certain files to enable remote commands to be executed on the computer.

As of January 22nd, more than 20,000 people had downloaded the malware installer bundled into a functional version of iWork. Since the Trojan is not self-replicating (it’s not a virus), it may not have infected all of those computers. The program requires users to run the installer, which they may not fall for. This is in contrast to the Conficker worm that infected more than 3 million PCs in less than a week (now believed to be around 9 million).

Definitions

Malware: software designed to infiltrate or damage a computer system without the owner’s informed consent. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. – Wikipedia

Virus: a computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. – Wikipedia

Trojan: a form of malware that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine – Wikipedia

Since the announcement of this sophisticated new Mac Trojan, McAfee reports in increase in reports about new Mac Trojans. Checking around, I found a report of a variant of the iWork Trojan that was being bundled with a pirated version of Adobe Photoshop CS4 this week.

As it has been with PCs for a long time, it’s “user beware” when it comes to downloading and installing pirated software. Instructions for removing the malware can be found here.

Some authors, including Daniel Eran Dilger, warn Mac users against jumping out to get anti-virus software, which would not help in this case (the Trojan is not a virus and no successful Mac virus has been created, to date). The article deals with the issue of Mac viruses in depth and is worth a read in order to educate yourself against the pros and cons of anti-virus software for the Mac.

Via Avert Labs, Register, eweek