Lipani Security LLC

A Security & Privacy Company

Category: blog

Credit Checks For Security

Posted on by admin

In 2008 when the economy took a nose dive into the great recession as I call it many investigations were done into bank employees who were using their loan officer positions at banks to help bail out friends and families but loaning them money under false pretenses and committing fraud. Part of the entire financial crisis of 2008 was due to people getting mortgages on homes they could not afford or taking out loans on homes that were not worth the value they got in cash.

There is an old saying that money is the root of all evil and it can be in some cases. We live in a world where credit and money are needed to live and the way people handle money can be important to know.

I personally think anyone who works with money from a bank teller to the bank president should have a mandated credit check. This does not just go for banks this applies to anyone in any company who has access to company funds.

Employers are increasingly running credit checks on job applicants and using that information to make hiring decisions. If someone is being hired for jobs that deal with money or especially if they are in any position to be able to disperse funds they should need to agree to a credit check.

Companies like Nerdwallett, for example, give potential employers or businesses modified credit reports showing debt and payment history. This is great because getting your credit pulled can actually lower your credit score so a modified report does not show the credit score because it’s not running your credit just showing your payment history and debt to income situation.

I would like to say people with bad credit or no credit are not bad people but seeing someone’s financial information can tell you something about them.

Lots of late payments could indicate you’re not very organized and responsible, or don’t live up to agreements.

Using lots of available credit or having excessive debt are markers of financial distress, which may be viewed as increasing the likelihood of theft or fraud.

Any evidence of mishandling your own finances could indicate a poor fit for a job that involves being responsible for company money or consumer information

Like I said not everyone with bad credit is an issue but it can give a company a better understanding of you as a person. Sometimes people might have bad credit due to a divorce or bankruptcy in that case the people took care of their issue and are recovering their credit and may be a good fit everyone’s situation is different.

Remember credit checks are important as handing company funds is a sensitive thing and needs to be done by people you can trust a credit check is important I have seen to many times where a simple credit check could have really saved a company’s issues.

Benefits of a VPN

Posted on by admin

If you need to use public wireless at any time and need to send sensitive information like banking or credit card information, I suggest using a VPN network.

VPN stands for Virtual Private Network and is a network that is constructed using the Internet to connect to a private network, using encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. This type of network is designed to provide a secure, encrypted tunnel in which to transmit the data between the remote user and the company network.

There are tons of different VPN services on the market companies like AVG Internet Security and ProVPN are all reputable services that you can pay for and use to keep your data safe while using services. I strongly recommend using a VPN if you are going to be using any insecure wireless connections on either your phone or computer. I strongly recommend that you get a paid reputable service many of the free services you find online may not be secure or maybe watching and logging your traffic which not what you want in a VPN service. VPN services are using not expensive, and you can pay them monthly or yearly.

Most VPN services have software for your computer, plugins for your web browser, or an app for your iPhone or Android. VPN software is now very easy and simple to use and may even be included with your Anti-Virus software.

Everything I mentioned may be a lot to take in but all of it is important for you to remember if you are going to be browsing the web or doing financial transactions online. Remember one thing when using the internet, it’s always better to be safe than sorry when it comes to security and privacy.

Any questions please contact us.

Messaging With End-To-End Encryption

Posted on by admin

Just like computers, there are security vulnerabilities in smartphones and even messengers. We all remember using AOL Instant Messenger and MSN Messenger back in the day, but messengers have evolved over the years. We now have Skype, Facebook, iMessage, WhatsApp, and many others too many to list at this point. Just like a hacker can spy on you using free Wi-Fi they can also grab your messages.

Not all messages are at risk of being spied on by hackers. Messengers like iMessage and Signal use end-to-end encryption meaning only you and the person receiving the message can read it no one else can sense it’s encrypted from beginning to end. Facebook has started using secure messaging on Facebook Messenger as well as WhatsApp. But Facebook has admitted to being able to not read the message but the metadata and the geolocation and other small pieces of data to me that’s not end-to-end encryption.

Services like Skype and Google Hangouts do not support end-to-end encryption meaning Microsoft and Google can read your messages or pictures. Any message that goes over  WIFI or the cellular can be spied on if not using end-to-end encryption. That goes for SMS text messages as well which are never encrypted.

Snapchat like Facebook has enabled end-to-end encryption with a catch. End-To-End encryption is used for photographs exchanged between Snapchat users but text messages and other messages transmitted using Snapchat are not encrypted. Meaning Snapchat can see the data.

Telegram offers encrypted. It secures everything, including chats, groups, media, and so on. But it’s not on by default to use Telegram’s end-to-end encryption, you must start a secret chat by tapping the person’s name, the more or menu button, and Start Secret Chat. Secret chats appear separately from non-secret chats

If you want to keep your data private from someone, I suggest using iMessage or Signal for everything.

Dangers of Free Wi-Fi

Posted on by admin

Free Wi-Fi is something almost everyone uses currently and has become used even more due to the data caps on cell phone plans. Places like restaurants, hotels, and many other establishments offer free Wi-Fi while you enjoy your stay at their place of business, but these free Wi-Fi networks are usually very insecure. Before I go into the danger of free Wi-Fi let me explain to you the difference between secure and insecure wireless connections.

A secure wireless network means that to join your device (tablet, smartphone, or laptop) to the wireless you need the password to the wireless network. For example, where you work has a secure wireless and only machines allowed by the network administrator are allowed or your home where you only allow family and friends on your network.

These places are secure and for the most part, places were using your device is safe and free of information scanners that might get data off your device. Some home routers even have a guest and a secure wireless connection this is called a segmented network. What that means is if a friend would say come over for drinks you could give them the guest password to your Wi-Fi while your work laptop is upstairs on the secure Wi-Fi. This means that whatever happens on your work laptop cannot be affected by your friend’s device if it should have a virus or something that could cause harm to your laptop.

Unsecured wireless is basically the hotel wireless, café wireless, or bar wireless system. These are places that have no password on their wireless and let anyone who wants to connect to them here is how these networks are dangerous.

Say you decide to go out to the bar and the reception on your phone is not the best and you decide to connect to the wireless so you can surf the web while you are waiting for your food. While surfing the web you check in on Facebook then go to Instagram to check on photos then you check on your orders on Amazon you have coming.

A skilled hacker could sit two seats or more away hooked up to the same network running a network scanner. A network scanner reveals vulnerabilities on devices on a network that pose a serious risk to security regardless of Firewall or AV. A vulnerability is a system weakness that can be exploited by a hacker, to get unauthorized access to an electronic device.

Let’s say you’re running an outdated or old version of Android which has a security vulnerability that lets the attacker see your network data you can now become a target. This kind of thing does happen on both Android and iOS remember a smartphone is a computer. Security vulnerabilities get found all the time and hackers know about them quickly some of the best places to use them are places with free Wi-Fi. Sometimes hackers hang out in the parking lots of places with free Wi-Fi, so no one notices them.

I have even seen where hackers themselves set up free Wi-Fi just so you connect to them so they can try and hack your phone or computer. It’s so important to stay off free Wi-Fi as it can cause you some serious headaches.

Any questions contact us.

3 Browser Extensions to Keep You Safe Online

Posted on by admin

Third-party browser extensions and plugins are the future of the web browser and there are a few I recommend you use to help keep you safe when you are browsing the internet on your computer and at times even on your smartphone and tablet.

AdBlock and AdBlock Plus

AdBlock is a content filtering and ad blocking extension for the Google Chrome, Apple Safari Firefox, Opera, Microsoft Edge, Android, and iOS web browsers. AdBlock allows users to prevent page elements, such as advertisements, from being displayed.

Being someone who owns his own website ads are a very important part of revenue and running an ad blocker can at times hurt sites revenue streams. For those legit sites you can turn the AdBlock off but many non-legit sites can sell ad space to shady advertisers and they can actually infect your computer with little things like trackers or even a virus this is where AdBlock comes into play and can protect your computer.

Ghostery

Ghostery is a privacy and security-related browser extension and mobile browser application available for Google Chrome, Apple Safari Firefox, Opera, Microsoft Edge, Android, Firefox for Android and iOS web browsers.

Ghostery enables its users to detect and block JavaScript “tags” and “trackers” in many web pages, largely invisible to the user. These tags and trackers collect user’s browsing habits via HTTP cookies, as well as participating in more sophisticated forms of tracking. Ghostery blocks HTTP requests and redirects according to their source address when a tracker is blocked, any cookie that the tracker has placed is not accessible to anyone but the user and thus cannot be read.

uBlock Origin

uBlock Origin is a free and open-source, cross-platform browser extension for content-filtering, including ad-blocking. The extension is available for several browsers: Google Chrome, Apple Safari Firefox, Opera, Microsoft Edge, and Chromium.

uBlock Origin’s stated purpose is to give users the means to enforce their own content-filtering choices. As of 2018, uBlock Origin continues to be actively developed and maintained by founder and lead developer Raymond Hill.

The Importance of Deleting Old Accounts

Posted on by admin

One thing to be very careful about is closing an email account. I know a lot of people are going to say what the danger in deleting an old email account is. There can be a lot of problems with closing an old email. To start with an email address, like @gmail, @yahoo.com, @outlook.com may recycle emails. If I created an email account today on Yahoo and deleted it, you could get that email if you wanted in 60 days. This is not a problem for an email account that was hardly ever used but what if you delete that email account and someone gets it and it was tied to an old credit card or old friends that may send you an email it would be very easy for the hacker to scam a friend for money or get a new credit card sent to a P.O. Box cause they are the owner of the email address on file.

The other thing to be very concerned about is old social media accounts. Believe it or not, you can still get into your Myspace Account if you really want to and look up old pictures it’s still around. I bet if you really wanted to you could even get into your old ICQ account that’s still around as well if you could remember your original number. My point is these old accounts can still be out there. Now granted these old accounts are not tied to anything but what about an old Facebook, Twitter, Amazon, or a Gmail account.

Many people over the years have said to me “Well I don’t use that old Facebook account after my ex, and I broke up I opened a new one.” Which might be a great idea but that old account is still sitting out there with pictures, information and verified by Facebook. What if someone were to get the password to that old account and send out a virus or spyware to those people still on your contact list.

What if that old Facebook account is tied to something like a login to a website? Even worse what if that old Amazon account still has an old credit card on file even if it’s out data information do you still want attackers to access that information.

My point is just because you never touch an old account does not mean it’s closed or deleted. Please be careful with how you handle accounts online.

For more information contact us.

Spam And Phishing E-Mails How They Work

Posted on by admin

One thing to be careful about is if you are getting emails from sites, you have never used or sometimes do use that could be a phishing email. Phishing emails are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). These messages usually direct you to a spoofed or fake website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). the perpetrators then use this private information to commit identity theft.

Another thing to be careful about when using your email is spam. Spam email is a form of commercial advertising which is economically viable because email is a very cost-effective medium for the sender. If just a fraction of the recipients of a spam message purchase the advertised product, the spammers are making money and the spam problem is perpetuated. Spammers harvest recipient addresses from publicly accessible sources, use programs to collect addresses on the web, and simply use dictionaries to make automated guesses at common usernames at a given domain.

Spam is increasingly sent from computers infected by computer viruses. Virus-makers and spammers are combining their efforts to compromise innocent computer users’ systems and converting them into spam-sending “drones” or “zombies”. These malicious programs spread rapidly and generate massive amounts of spam pretending to be sent from legitimate addresses. Spammers use specially designed software to generate false email headers and from addresses. Several email users have been affected by falsified messages claiming to be from the service’s administrators, stating that users’ account is closed and require some action by the user to be reopened. Such messages often contain viruses and should be ignored or deleted.

The general rule of thumb is if an email is in your spam folder it’s probably junk and should just be deleted. Programs like Norton, McAfee, and AVG scan incoming emails when you are using an email client like Outlook or Thunderbird but when using email online like in Chrome or Firefox the software can’t protect for the safest email experience, I recommend using a client with a good antivirus.

When hijackers succeed in sending spam via an email service, it can be temporarily blocked by other services and private domains that try to protect themselves. It’s important that email users protect their own accounts with strong passwords to prevent their accounts from being hijacked. It’s important for all computer owners to install and maintain anti-virus software to avoid having their computer infected and possibly become a source of spam without their knowing. Enabling Two Factor Authentication on accounts is a good idea as we if you wanted added protection on your accounts.

Mac And PC Hard Drive Encryption

Posted on by admin

The one thing you could do to protect your computer in the case of theft is drive encryption. Many people say to me if they steal my laptop who cares its password protected but I always ask if the hard drive is encrypted. Just because it has a password does not mean a skilled hacker cannot hook your device to a computer and get the data this is where drive encryption comes into play.

Let me explain what exactly disk encryption is first. Drive encryption is a technology that protects information by converting it into an unreadable code that cannot be deciphered easily by unauthorized people. Drive encryption uses encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

Now I know this seems very overwhelming but it’s not. Both Windows and Mac have disk encryption as built-in options in this modern era of computing. If you are using a Chromebook, you are lucky you don’t have to do anything the disk is always encrypted. Only the signed-in user can access their profile data. there is no administrator account that can access everything. So, your data on the Chromebook is always the safest.

Microsoft Windows has its own version of encryption called BitLocker.

To Enable Bitlocker just go to Control Panel – All Control Panel Items – BitLocker Drive Encryption. Just click Turn on BitLocker.

Follow the onscreen instructions they are easy.

On a Mac, it’s easy as well and with the integration of Apple iCloud its easier than ever to turn on the Apple version of drive encryption called FileVault.

Just click on System Preferences – Security and Privacy – Click on the FileVault Tab – Click Turn On File Vault

You will then be asked for your iCloud account info and that’s about it

Personally, I like to use a third-party tool called Symantec PGP Full Disk Encryption as it’s a third-party tool and the inventor of PGP Encryption Phil Zimmermann works for Symantec. Zimmermann is the creator of Pretty Good Privacy (PGP), the most widely used encryption protocol in the world. Symantec PGP Full Disk Encryption will be overkill for most, but you do get much more options than you do with Microsoft or Apple. But for just the average user the built options in Windows and Mac are more than secure enough.  Anyone dealing with sensitive data should use drive encryption.

Any questions about drive encryption contact us.

Password Management and How Passwords Work

Posted on by admin

Passwords are the lifeblood of the internet I mean everything you do online requires a password. A password is defined as a word or string of characters used for user authentication to prove identity or access approval to gain access to a resource while is to be kept secret from those not allowed access. Before we can go over password management let’s explain how passwords work.

When you join a service, you create a username and password. The username and password are stored in an encrypted format either in a database or file. No two username and passwords are the same hash when they are stored.

When you go to log in again to the service you enter the username and password you created when you signed up for the service. The service again encrypts the username and password, then compares the hash against hashes in the file or database if it matches any of those hashes it knows you are a legit person and lets you into the service.

Passwords on good sites are stored encrypted so no one, not even the tell people can see what passwords stored in the file or database are plus if the company should have a security breach the attacker will not get the database just the database hashes. While this is still bad because someone can use a rainbow table attack to get the password it does take the severity of the attack down from just storing the passwords in cleartext.

A rainbow tables attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database.

But sometimes your password can get compromised without the site ever getting hacked by something called a brute force attack. A Brute Force Attack is the simplest method to gain access to a site or server (or anything that is password protected). It tries various combinations of usernames and passwords again and again until it gets in.

Similar to a brute force attack a dictionary attack tries only those possibilities which are deemed most likely to succeed. Dictionary attacks often succeed because many people have a tendency to use short passwords that are ordinary words or common passwords, or simple variants obtained, for example, by appending a digit or punctuation character. Dictionary attacks are easy to protect against by using a passphrase or otherwise choosing a password that is not a simple variant of a word found in any dictionary or listing of commonly used passwords.

The best type of password to pick is one at least eight characters in length, has upper and lowercase letters numbers, and a unique character.

Any additional questions contact us.

Cloud Storage Security

Posted on by admin

I would like to take a second to explain more about cloud storage and the security of the cloud. When data is sent from your computer to your cloud storage provider (Dropbox, OneDrive, Google Drive) the data is sent encrypted across the internet to keep it safe from unwanted eyes. But after the data is on the server at your cloud provider it’s not as safe as you think from wondering eyes.

Let me explain when your data is transmitted and stored at the cloud provider it is encrypted but all cloud storage providers have said they can decrypt all your files and can view them whenever they want in particularly if any law enforcement agency comes calling. While I understand the need for this to me this is not real encryption. Encryption to me means that no one can decrypt the data that’s why I prefer Spider Oak for cloud storage and backups.

SpiderOak

SpiderOak is an online backup and files hosting service like Carbonite that allows users to access, syntonize and share data using cloud-based services. SpiderOak is supported almost all platforms’ Windows, Mac, Linux, Android, and iOS

According to SpiderOak, the software uses encrypted cloud storage and client-side encryption key creation, so SpiderOak employees cannot access users’ information. SpiderOak distinguishes itself from its competition like Carbonite, Dropbox, and others because of its encryption technique. SpiderOak does not have a web interface you must use a client for syncing files and folders across multiple devices. Whistleblower Edward Snowden recommended SpiderOak over Dropbox, citing its better protection against government surveillance.

As secure as SpiderOak is I have tried it and it lacks many of the features that Dropbox, Google Drive, and OneDrive have been known to have and be useful. While companies like Dropbox are focused on bringing you great new features SpiderOak is worried about giving you the most security or features that are the most secure. Unfortunately, sometimes you must sacrifice convenience for security.

takeaway

The big takeaway here is yes, your data is transferred securely to places like Microsoft OneDrive, Google Drive, and Dropbox. But when the data is sitting on their servers it’s encrypted but not from the company employees seeing it if they want to for any number of reasons. This is not true encryption. Encryption means the only person who can see your data is you. While your data is secure it can still be read by other people if needed.

If you have additional questions contact us.