By Jessica Walker

I’ve become very familiar with the acronym RSA over the past couple days.  RSA stands for Rivest, Shamir and Adleman, the three MIT researches responsible for describing it in 1978.  According to Wikipedia, RSA is an algorithm for public-key cryptography.  It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.

RSA is also the Security Division of EMC, which is a world leader that designs, builds and manages secure information infrastructures.

So why have I suddenly gone “geek” on you?  Well, I stumbled upon an article, “The evolution of online identity and trust,” written by Scott Charney, corporate VP, Trustworthy Computing at Microsoft and wanted to share as much as I could on the topic of online security.

Mr. Charney was recently a keynote speaker at the 2010 RSA Conference that ended on March 5th in San Francisco, CA.  The RSA Conference attracts top security professionals from around the world to collaborate on IT security.

In his presentation, Mr. Charney discussed creating a safer, more trusted Internet and he touched upon identity security with a focus on authenticity and anonymity.  Mr. Charney and the folks at Microsoft have a vision of working with the public, private, social and economic sectors to create a kind of digital identification card that can be used much like we use a passport or a driver’s license.  Mr. Charney envisions the online user registering for this digital identification card in-person at a government office.  This card would allow a web user to interact online without having to pass along private information which in turn lets the user remain anonymous when needed.  It’s like flashing your driver’s license to a bouncer when entering a night club.  The bouncer only needs to verify that your face matches your photo and they will probably scan the card to prove it’s authentic.  The bouncer doesn’t store your address, birthday, height or eye color for later use nor do they require you to answer security questions before entering such as what is your mother’s maiden name or what was the name of your first pet?  The bouncer knows that the DMV has reviewed your birth certificate and social security card prior to issuing your driver’s license.

This is very exciting news, especially for the online dating industry.  The whole premise behind the SaferDates.com site is to try to ensure authenticity while maintaining a degree of anonymity.  We are thrilled to hear that the security industry is working diligently to develop digital identification technology.

Now how does all this tie into our site and your member profile in particular?  Well, this is very good lead into a service that we have woven into our member profiles and it’s called ReputationShare.

You’ve probably already noticed the ReputationShare box located at the bottom of your Personal Details section.  ReputationShare is just another tool that we offer to help you take control of your safety.

When I interviewed Linda Criddle, ReputationShare President, last year she had this to say about her product, “It helps identify and manage rogue users because, like credit bureaus, ReputationShare literally shares people’s online reputations across participating sites.  If someone has been abusing other Dating sites or their members, Safer Dates can see that information even as the person is registering and take appropriate steps. Unlike credit bureaus, the ReputationShare service does not receive or store any information about who the user is. Users stay entirely anonymous, but both positive and negative behaviors associated with their email alias are collected.  Second, it gives users the ability to make more informed choices about who they choose to interact with.”

I contacted Linda again to see what she thought about Mr. Charney’s article on authenticity and anonymity and this is what she had to say, “Partial anonymity isn’t about a need to know, it is about a user’s choice to share information to achieve greater trust. In an online dating scenario this could be manifest when a potential date wants others to know that they have a track record of decent behavior. In this case the potential date does not need to know anything about WHO you are, they just need to know HOW you behave. ReputationShare is a great example of a system that ensures anonymity of identity, and personal privacy, while providing solid information about a reputation.”  To read Linda’s blog click here.

Safer Dates believes abusive behavior in the cyber world can sometimes cross over into the physical world and we feel the ReputationShare tool will empower you to manage your own safety more effectively.

To learn more about ReputationShare please visit http://www.reputationshare.com/.

Until next time, here’s to keeping you Safer in the City!

- Jessica

A new report from McAfee has predicted that social networking sites will be increasingly targeted by cyber criminals this year.

By Jennifer Scott

Tech security specialist McAfee has predicted that popular social networking sites such as Facebook and Twitter will be major platforms for cyber crime throughout 2010.

In its 2010 Threat Predictions report, the company said that the bad guys will specifically target users of social networking sites and third-party applications who will be more trusting of clicking onto links through these sites than in other online situations.

With Twitter specifically, McAfee believes the abbreviated URLs will help to hide any sinister sites that may be otherwise detectable.

“Over the past decade, we’ve seen a tremendous improvement in the ability to successfully monitor, uncover, and stop cyber crime,” said Jeff Green, senior vice president of McAfee Labs, in a statement.

“We’re now facing emerging threats from the explosive growth of social networking sites, the exploitation of popular applications and more advanced techniques used by cyber criminals.”

However, Green still concluded that the company was “confident” that 2010 will be successful for those involved with cyber security.

Other potential problems that the whitepaper warned of included the increasing use of HTML 5, offering new avenues for malware writers, a continued targeting of Adobe Reader and a rise in the volume of banking Trojans.

Source: IT Pro

With the economy downturn this year, merchants have more ads and sales to entice people to get out and shop this holiday season. Whether you are shopping in the store or online, be sure to use the following tips to be safe.

Black Friday
Starting the Friday after Thanksgiving, malls, large retailers like Target and Best Buy, and grocery stores are more crowded than usual with shoppers – and thieves. Security in most places have been increased for the holiday season, but if you are out and about, ensure your safety with these tips from the National Crime Prevention Council:

Keep careful track of your bags and packages. Do not carry more than you can handle. Make frequent trips to your car to unload, and put the bags in the trunk or in a hidden place in your car. If you purchase a large or expensive item, it may be well worth it to drive the purchase home and return to the store for more shopping, instead of risking a break-in.

If you see unattended bags or packages, do not try to take the package back to the retailer on the bag or find the owner. Tell a security guard or store employee, and they will secure the package.

Check your receipts for accurate information. Your full credit card number should not appear on the receipt, but if it does, put the receipt in a safe place so you don’t accidently drop it while shopping. Someone could pick this up and use the information to make unauthorized purchases.

If you shop with children, have a plan in case you are separated. Have a central meeting place, and review with your children who is a safe person to approach, such as a mall security guard. Ensure that each child knows your cell phone number – you may want to print a card with emergency information and put it in your child’s coat or pants pocket.

Guard your money. Take only as much cash as you think you will need, and only take one or two credit cards. Keep your wallet close to you, and not in a large purse that you have to shuffle through every time you make a purchase. Keeping your wallet under your sweater, instead of in a coat pocket, can prevent pick-pocketing.

When getting cash from the ATM or using your debit card at the counter, be sure to guard your PIN number. Stand close to the keypad to block anyone who may be looking over your shoulder.

Be aware of your surroundings and do not walk in abandoned areas alone. Park under a light if possible, and walk in a well lit part of the parking lot if you are shopping after dark.

Cyber Monday
SafeShopping.org is an informational site created by the American Bar Association to help you order safely while shopping online. They offer these tips to prevent identity theft and shopping mishaps:

You can tell the internet connection is secure when there is a picture of an unbroken key or closed lock in your browser window. Either icon indicates that the merchant site is secure and your sensitive information, such as your credit card number, cannot be read by anyone else but the retailer. Make sure that the web address that asks for personal information starts with “https” instead of “http”. Some websites may use a pop up box that indicates a secure area or uses the term “Secure Sockets Layer” (SSL).

The safest way to pay online is by credit card. If your information is stolen and you have an unauthorized charge on your credit card, under federal law your liability is limited to $50. If you do have an unauthorized charge, you should give written notice to both the merchant and the credit card company within 60 days.

Unless you are sure of the address, do not send personal information via email. Email does not offer the same protection as these secure websites. Identity thieves can make up emails that look like secure websites, so if you receive an inquiry for personal information from someone you do not recognize, do not send personal information.

If you are more comfortable giving information over the phone rather than the web, most merchants offer this option. Be sure you record the phone number, company name, date and time of your call, and the name of the person who recorded your credit card number.

If you use a password for orders, make it different than the one you use to log into your computer or network. You may even want to create a special, stronger password that is harder for hackers to crack for web purchases. Do not use birthdates, addresses, phone numbers, recognizable words, or children’s names as passwords, as these are too easy to figure out.

To avoid computer viruses, do not open an attached file that ends in “.exe” as they could activate a computer virus and damage the information stored on your computer. Use a reliable anti-virus software program as well.

Web retailers are not yet required by law to maintain the privacy of people who order from their sites, so they may collect names, addresses, and other information and use these for marketing, or they may sell the information to other merchants and telemarketers. Check to see that the site you are ordering from has a privacy policy that ensures your name does not get sold for spam.

Source: emaxhealth.com

By Stephanie Chen, CNN

(CNN) — (CNN) — If you’re on Facebook, Twitter or any other social networking site, you could be the next victim.

Experts say cybercrooks are lurking just a mouse click away on popular social networking sites.

That’s because more cyberthieves are targeting increasingly popular social networking sites that provide a gold mine of personal information, according to the FBI. Since 2006, nearly 3,200 account hijacking cases have been reported to the Internet Crime Complaint Center, a partnership between the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance.

It starts with a friend updating his or her status or sending you a message with an innocent link or video. Maybe your friend is in distress abroad and needs some help.

All you have to do is click.

When the message or link is opened, social network users are lured to fake Web sites that trick them into divulging personal details and passwords. The process, known as a phishing attack or malware, can infiltrate users’ accounts without their consent.

Once the account is compromised, the thieves can infiltrate the list of friends or contacts and repeat the attack on subsequent victims. Social networking sites show there is ample opportunity to find more victims; the average Facebook user has 120 friends on the site.

“Security is a constant arms race,” said Simon Axten, an associate for privacy and public policy at Facebook. “Malicious actors are constantly attacking the site, and what you see is actually a very small percentage of what’s attempted.”

Social Media Crimes

As some social networking sites experience monstrous growth, they are becoming a new — and extremely lucrative — frontier for cybercrime. Facebook says it has 300 million users, nearly the size of the U.S. population, and it continues to attract users outside the college student niche. From February 2008 to February 2009, Twitter, a micro-blogging site where users post 140-character messages known as tweets, grew 1,382 percent to more than 7 million users.

“They [cybercriminals] are very adept to using social engineering,” said Donald DeBold, director of threat research for CA, an Internet security company. “Your friend is in trouble traveling in another country, ‘I lost my wallet. I need help.’ They exploit the curiosity aspect out of human nature.”

A few decades ago, malicious software and viruses were usually the result of a prank, but Internet security experts say today’s attacks are profit-driven. A study from the Indiana University in 2005 discovered that phishing attacks on social networks operated with a 70 percent success rate. These users had fallen for the scam, opened the foreign link and released personal information.

Cybercriminals are employing phishing and malware attacks for a number of reasons, including trying to redirect users to sites where profit is fueled by the number of visitors. They also try to elicit private information like passwords and bank account numbers to perform scams.

Early this year,Twitter experienced several phishing attacks in which a Web page that looked identical to the widely recognized light blue Twitter page was a hoax. The company warned users to double-check the URL to ensure they were visiting the correct site.

The Internet Crime Complaint Center received more than 72,000 complaints about Internet fraud in 2008 that were referred to law enforcement agencies for further investigation. These cases involved financial losses amounting to $264.6 million, an increase from 2007. Each person lost an average of $931.

“Most of us would want to help a friend in need, but if it’s an online friend, and they want you to wire money, you should double-check,” FBI spokesman Jason Pack said.

Security experts said it makes sense that cybercriminals are turning to social networking sites. Personal information is abundant on sites like Facebook and MySpace. Each time users give out valuable information like birth dates or addresses, they could be providing hints about their password, security experts say.

The American Civil Liberties Union has expressed concern about the information visible through Facebook quizzes and applications.

“They’ll have access to all that information, so they can sell it, they can share it, they can do an awful lot with it,” Chris Calabrese, legislative counsel for privacy-related issues with the ACLU, told CNN.com in September.

Many Internet security experts consider the first virus attack on the PC to have occurred in 1986. By the early 1990s, viruses transmitted on floppy disks became ubiquitous. When the World Wide Web became widely available that same decade, viruses, worms and malware became problems in e-mail accounts, frustrating users who clicked on messages thought to be legitimate.

In the new millennium, the most common form of malware attack has become known as drive-by downloads. While surfing on Google or Yahoo, spyware or a computer virus is automatically and invisibly downloaded on a computer, requiring no user interaction for the computer to be infected.

“We are on the verge from shifting from the Web being the No. 1 victim of infecting to social network,” said Mikko H. Hypponen, chief of research technology at F-Secure Corp. His company sells anti-virus software and malware protection programs. “It’s going to get a lot worse before it gets better.”

Social networks are fighting the aggressive attacks from cybercriminals. Most sites have information pages dedicated to educating users about the risks of Internet scams. Users can become a fan of “Facebook Security” and receive updates on how to protect their accounts. One of the most common pieces of advice given by security experts is to change passwords frequently.

Facebook has also developed complex automated systems that detect compromised accounts. They spot and freeze accounts that are sending an unusually high number of messages to their friends. Company security officials said Facebook is a closed system, which can be helpful in erasing phony messages from all accounts.

At News Corporation’s MySpace.com, the company creates blacklists of phony accounts to prevent people from clicking on a faulty link. Hemanshu Nigam, first chief security officer for MySpace, said the firm warns about suspicious links and educates users about the harm phishing and malware attacks can bring. “We are prepared for them,” he said.