Tag Archives: passwords

Lifelock Alerts – You’ve Been Hacked or A Social Site Was…Where’s the Proof Lifelock?

Recently I was made aware that my personal email account was some where on the black market from an alert from Lifelock. OK, I can see how that can happen when LinkedIn dropped the ball on security. It was attributed to the LinkedIn Hack from a while back in 2012 and now the spoils of hacking resurfaced May 2016.

LinkedIn

In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

Compromised data: Email addresses, Passwords

The website havieibeenpwned has recorded the hacks and is a great source to use. The reason why I point you to that site is from a call to Lifelock that didn’t go the way I wanted it to go. First off I wanted to know what site out there has my information that they were able to scour and find. Lifelock Operator “I’m sorry sir, we don’t have that information in the alert. I can only see what you see. I do know that they scan 10,000 sites for this information.” Yes OK great, now please go get your supervisor. Supervisor “Sir, yes its true this happened and we urge that you change your password and maybe even your email account altogether.” OK Ms. Supervisor but where did you get that information from? I work in security and I work with ones and zeroes. Apparently, I can’t get away from the zeroes. If the site exists you must have a record somewhere with my email address and old password is located. All Ms. Supervisor could do was re-state the obvious that they didn’t have the information. How about your IT department I said, can they help us out? Nothing.

So later on trying to do something else I hop over to Netherlands and try to get some email and wouldn’t you know some Google Alerts say “hey someone tried logging in with your account”. I’m like yes, me. Shortly after the next day Lifelock gets the same thing and I get an alert sent to my cell. OK this is how Lifelock works. Working with Google finding out when someone attempted to use my account. Not impressing me.

Lifelock is basically selling Cyber Insurance and are not providing the details of where they found my information. This post is to challenge you to think what exactly are we getting for a service that I can’t get from News Sources on the web about breaches. Where is the proof Lifelock? That is my challenge to you. Don’t call me up and tell me something is out there…we all know that.

While you’re browsing the web, here is a nice article, recent too, about identity protection services not what its cracked up to be. Why Identity-Theft Protection Isn’t All It’s Cracked Up To Be (Kaveh Waddell)

A better eyebrow raiser Despite Promises, Lifelock Knows Public Data is A Risk Guess I’m not the only one calling Lifelock out in the street.

Encrypting your data

Want to feel safer than just having good anti virus protection or a firewall? Well the next step will really make you feel better. Encrypting sounds like it’s tough or hard to do or even complicated, but it’s not. There are programs out there that you can use to encrypt everything from your hard drive to just a few files. Today we will talk about just encrypting files.
Most of us have USB drives or some portable device, even laptops, that we use on the go. What happens when people who travel alot misplace USB drives or laptops, or worse, when they get stolen; they flip out. Rightly so, I bet there might be private information, client information on that storage device that when in the wrong hands can be harmful. So the solution is to encrypt that drive. A good lpace to go to get more than just encryotion tools for the USB drive is There you can find a mini PC environment that you can install to a USB drive and take it everywhere you go. Among the tools for portableapps is Toucan This application allows you to encrypt data to AES 256 which not even quantum computers can crack. If it’s good for the NSA, FBI, and CIA it’s good for you too. Not only does it encrypt but it also has other functions for synchronizing data between folders.

Also you can get Keepass safe Keepass safe from portableapps that can encrypt all your passwords. More on this later, but do check it out.