There have been a rash of data breaches where passwords have been compromised that were stored as plain text and not converted to a one-way hash as they should be. However, most consumers and even many developers particularly in startups don’t know about the best practice of hashing passwords, what it means and how it can help protect users. ActiveTrak founder Ken Westin provides a writeup explaining how hashes are used and why they are important when protecting customers’ data.
Epsilon Data Management, a large email marketing services company with approximately 2,500 clients, disclosed April 1 that attackers had stolen customer data belonging to several of its clients. The breach may be due to an Epsilon employee who was duped via a social engineering tactic referred to as spear-phishing compromising and employees computer and gave remote access to the attacker. The data that was gathered was simply the users email address and name, however many of Epsilon’s clients were banks and major retailers, so there is an even greater risk of further spear-phishing attacks targeting the compromised clients customers.
What if this attack happened in a situation where more than just your email and name are stored? Early on we saw that many of the mobile security providers who provide data backup do not encrypt the data they backup. When you log into your control panel you can view all your photos and contacts right there in the web interface. The problem with this is that so can that company’s employees, it also opens up the potential for a hacker to access your information if their systems are compromised through attacks such as what Epsilon experienced, or even simply a disgruntled employee.
This is why GadgetTrak Mobile Securityuses our patent-pending method to encrypt all data backed up data using your data privacy key that only you know, this key is not stored on our servers. Your encrypted data is then uploaded to our secure infrastructure via a secure SSL connection. Since only you know the encryption key not even we have access to your data this protects your privacy and helps ensure your data is not compromised.
This is just one example of a step we have taken to better protect your data and privacy, others include requiring three factor authentication to access the web control panel, encrypting your passwords and security questions in a one way hash and disabling the client access when tracking is active. If you have any questions regarding security or privacy of GadgetTrak software please contact us at security(at)gadgettrak.com.
The recent “rageagainstthecage” or “DroidDream” malware scare in the Android market is one of the first real malware incidents we have seen on the Android platform in the Marketplace to affect a number of users. Google just pulled more than 50 popular free apps from the Android Market which contained malware aimed at rooting the user’s device, stealing large amounts of personal data and downloading more malicious code. The applications that are being marketed in the Android Market as “anti-virus” which are supposed to protect users from this type of malware were completely ineffective in this case, it was only when Google pulled the plug on them that people were aware.
All of the bad apps were put into the market by the publishers Myournet, Kingmall2010 and we20090202 here is a working list of the malicious applications: (Continued)
This past week was a wake up call to consumers regarding mobile security and privacy, with the data breach of Trapster which is said to have affected their 10 million users. The company responded quickly telling users to change their passwords, particularly if the password they used on the site is used elsewhere. The key issue here appears that the passwords were left unencrypted in the database. Like the recent Gawker data breach, Trapster failed to use a one-way hash to secure the passwords. Particularly in the mobile space we are seeing developers focus on “speed” to get their products to market vs. taking time to ensure their systems follow security best practices, putting their customers’ data at risk.
This is also very true in the world of mobile security, where some of our biggest and even well-funded competitors are providing backup but fail to encrypt it. You can log into their control panel to see all of your contacts and photos. While convenient, this means that their staff can as well. Of course, if their systems are compromised, a hacker can get access to this data as well. GadgetTrak Mobile Security 3 is the only mobile security application for Android and Blackberry that encrypts data on the phone using a privacy key that only you know before it is uploaded this data is only decrypted when you download the data and enter your privacy key. This method ensures that not even our staff can view your contacts and photos. When you log into our control panel you will not be able to see your photos or contact data, but this means neither can we. Your privacy and security are important to us and we prove it every day.
Given the number of laptops, tablet computers and other devices that are used in healthcare that contain and have access to sensitive data, it is no surprise that HHS ( Health & Human Services) official Adam Greene confirmed laptops and mobile device theft as the most common source of health data breaches in healthcare. Since last year when reporting of data breaches became mandatory, 189 breaches have been reported, with 54% involving a computer or mobile phone ( 24% laptops, 16% desktop computers, 14% mobile phones).
During a discussion I had with our friends at ID Experts I was shocked to learn how medical identity theft can mean more than just financial consequences. If someone else is receiving medical services under your profile and as a result the wrong blood type is listed on your records the results could be life threatening. I also discovered that medical ID data on the black market can be worth quite a bit more than a Social Security number.
If this information was not shocking enough, a major data breach at Henry Ford Health Systems in Detroit has put thousands of patients at risk. An unsecured laptop was stolen from an unlocked office urology office on September 24th.
UPDATE: Nicco is now a GadgetTrak customer. After going through the pain of losing his MacBook Air, he wanted to make sure his new one did not suffer the same fate and installed MacTrak on this system.
So I was browsing through Flickr today and I came across this image:
Come to find out this was printed up by Nicco Mele who had his MacBook Air on his chair to get a cup of coffee. He was so angry about being violated like this that he decided to offer a huge reward hoping the thief would reveal himself:
In Washington D.C., the McCain-Palin campaign was going to sell its used office inventory at low prices. A group of reporters showed up to find the only items of value were Blackberry’s for $20 each, most of the batteries were dead and they did not have chargers, however they contained something even more valuable; information. When the staffers brought the devices back to the office and fired them up they found contact numbers for people connected with the McCain-Palin campaign along with hundreds of emails from September up to election night. Included were private cell phones for campaign leaders, politicians, lobbyists and journalists.
BJs Wholesale Club recently sent a letter out to several of their employees. During a in-house project to update a list and get rid of the use of Social Security numbers and instead use employee ids. However the data was backed up onto a USB flash drive, unencrypted and without theft recovery software on it. Sure enough the drive has gone missing and so letters went out to the employees affected.
It is great that BJs notified their employees immediately and that the goal of the project was to remove Social Security information from their database, however the flash drive should have been encrypted when containing sensitive information as well as had software that could help identify the device’s location if it was stolen, as it could reveal a larger problem of internal data theft.
Epsilon Data Management, a large email marketing services company with approximately 2,500 clients, disclosed April 1 that attackers had stolen customer data belonging to several of its clients. The breach 
The recent “rageagainstthecage” or “DroidDream” malware scare in the Android market is one of the first real malware incidents we have seen on the Android platform in the Marketplace to affect a number of users. Google just pulled more than 50 popular free apps from the Android Market which contained malware aimed at rooting the user’s device, stealing large amounts of personal data and downloading more malicious code. The applications that are being marketed in the Android Market as “anti-virus” which are supposed to protect users from this type of malware were completely ineffective in this case, it was only when Google pulled the plug on them that people were aware. 
This past week was a wake up call to consumers regarding mobile security and privacy, with the 
