Facebook have this week added a new feature called ‘Places’ which allows you to check-in to specific locations. The idea is to let your friends know where you are and likewise be able to find out where your friends are. While this can be convenient and fun, it is important that you control both who can see this information and who has the power to post your own location to Facebook.

Unknowingly sharing your location information could pose a risk especially if this information is public, do you really want the world to know that your house is unoccupied whilst your are out in town or on holiday for a week?

Unfortunately Facebook have decided to turn this feature on by default so if you want to turn it off or at least want to control who can divulge your location then you can do so pretty easily from your privacy settings.

• Log-in to Facebook and access Privacy Settings from the Account menu. Click on ‘Customize settings’ as shown in the image below.

• In the ‘Things I share’ section, we recommend changing two settings. Firstly for ‘Places I check in to’  select ‘Only me’ . Second, for  ‘Include me in “People here now” after I check in’ make sure that ‘Enable’ is unchecked.

• Finally, in the ‘Things Others Share’ section there is an option called ‘Friends can check me in to places’. Enabling this means that anyone who is a Facebook friend can check you in to any location regardless of whether you are actually there or not. We definitely recommend that you disable this option.

Have you ever been caught out by a social networking site sharing information about your location? Please let us know.

Many of our customers have families and we thought it would be interesting to get a kid’s views on how they stay safe online:

When I’m on the Internet by myself, I don’t usually share too much personal info. I go on sites like facebook and skype. On skype you can’t see anything about anyone other than their name unless you are their friend, and you don’t have a profile so you can’t see pictures or status updates about yourself. But anyone can find out your name, and they could then search this on facebook. Some people, I have seen them, have their walls, photo’s and status updates open for everyone to see. You could put a status update about ‘off to London, see you at waterloo station at 1 guys!’ for example, now anyone can see that, and there are nasty people; so I just change my privacy settings so only friends can see that and there you are

When I’m with my friends we like to take pictures, and make funny videos and put them on facebook. I think this is fun and other friends find them funny too, but you don’t want anyone nasty seeing it, so just remember the privacy settings. Then when you’re at your friends house on their account and their privacy settings aren’t closed then what you can do is on your privacy settings is change them so if you are tagged in a video or photo then only friends can see it, so if you’re in it, you can’t be seen Simple

Ellie (aged 12)

Earlier this year Facebook responded to the criticism that their privacy settings were over-complicated by introducing a simpler privacy dashboard for all users. Whilst it is now admittedly easier to choose your desired settings, it is still important that users take the time to do so, as Facebook’s default ‘recommended’ settings arguably still make far too much information publicly visible.

The social networking site has again been making the headlines this week with the news that the personal details of 100 million Facebook users have been collected and published online. Facebook have correctly pointed out that this information about their users was already freely available online. However, it is a stark reminder that once you make your information publicly visible on Facebook you no longer have any control over where it might end up.

Take the following simple steps to make sure you are not sharing more of your personal details on Facebook than necessary

If you have taken the time to alter your settings previously, then you should not need to do so again. To double-check, simply login to your account and got to ‘Privacy Settings’ from the ‘Account’ drop down menu.

Below you can see this user has set up their desired ‘Custom’ settings:

If, however, you have never changed your privacy settings then by default your account will use Facebook’s ‘Recommended’ privacy settings:

It is our opinion that this shares too much information with ‘everyone’. For instance do you really want all of your posts, status updates and any photos in which you are tagged publicly available? Do you really want your personal ‘Bio’ details visible to everyone? It is also important to realise that all publicly visible information can also be indexed by search engines or scanned in bulk as we saw with the details of 100 million users that were published this week.

We recommend the simple option of choosing the ‘Friends only’ privacy settings (remember to click on the “Apply these settings” button to confirm your choice). If you want to go in to a bit more depth with your privacy settings then you can click on ‘Customise settings’ and you will be presented with a screen from where you can individually micromanage the privacy settings for all of your Facebook content.

Are you concerned about the visibility of your personal information when you use social networks such as Facebook? Have you ever had problems caused by your personal details being made public? Let us know your thoughts.

This is something of interest for those of you who are concerned about the security of the websites you or your family members are visiting. Instances of websites hosting malicious activity either intentionally or unwittingly are unfortunately on the rise, leaving your computer at the mercy of viruses, key-loggers and the like.

Existing security tools such as anti-virus packages can prevent your operating system from becoming infected by the viruses they know about but cannot block the new ones that are constantly being created by cybercriminals. What if there was a way of separating your web browser from your operating system so that your computer remains untouched if you or your kids mistakenly end up on an infected website?

That is the premise behind the new KACE secure browser from Dell. What it does is create a virtual instance of the Mozilla Firefox web browser so that all activity that occurs whilst using the browser happens only in a virtual ‘sandbox’ which cannot affect your operating system. This shields your computer from any malicious activity that may attempt to target your system as a result of browsing the internet.

At the moment the KACE secure browser is available for Windows users and for the Firefox web browser. Dell have plans to release it on Internet Explorer in the future. It’s a great idea, so we thought we’d try it out. You can download it for free here.

Installation is pretty simple and once it is installed you will see a new ‘Secure Browser (Firefox)’ icon on your desktop, double-click that icon and you are now running a secure browser session. At first glance it looks exactly like a normal Firefox browsing session, the only difference being a grey shaded outer rim around your browser window which lets you know you are running the secure browser, and which also houses two icons in the top right corner:

At first I had a couple of problems when I loaded the secure browser and I couldn’t see the outer rim at all. Firstly, the outer rim is not visible if you have your browser window maximised. Secondly, it turns out that it is almost impossible to make it out if your desktop background is a dark colour. Mine was black and I couldn’t see it at all, I switched the background to white and bingo, problem solved!

So what do the two icons do?

Firstly, the ‘i’ info icon. Click on this and you should see the following screen:

If you do not see the three tabs: ‘Network Access’, ‘Process Control’ and ‘Advanced’, then you are not logged in to your computer as administrator, log out and back in again as administrator and you will then have full control.

I won’t go in to too much technical detail here but I will briefly explain how you can ‘Block’ and ‘Allow’ websites using the ‘Network Access’ tab. This can be a pretty useful tool, firstly, if you are aware of specific sites hosting malicious activity or secondly, if you want to prevent your kids from visiting certain sites (of course, this will only work if your kids do not know the password to login as administrator).

On the ‘Network Access’ tab, firstly put a tick in the ‘Enable Network Access Control’ box. You will then be able to type in web addresses that you want to block. You could also use the ‘start recording’ tool and then visit a handful of websites before clicking on ‘stop recording’. You can then choose to block or allow the websites you have visited.

While this is a nice feature, blocking websites is not where the real value of the secure browser comes from. What is really great is the peace of mind that comes from knowing that your family can browse on any websites without worrying about security.

Now the trash can icon. This is very simple and allows you to ‘reset’ the state of the secure browser. So if the browser seems to be having problems, maybe due to picking up unwanted spyware or malware (please note this CANNOT affect your computer if you are using the secure browser but CAN still affect the virtual instance of the secure browser) then you can simply click the ‘Reset’ button and the browser is returned to its original state.

One thing that is important to note is that the KACE secure browser cannot control a file once it has been downloaded from the internet. If you have downloaded a dodgy file using the secure browser and then run it from your Downloads folder, what happens next is no longer under the control of the secure browser, so you should still be very careful about what you download from the internet.

There are other features that you may want to play around with on the ‘Process Control’ and ‘Advanced’ tabs if you are feeling adventurous and there is a more in depth video tutorial here:

Let us know if you have tried out the secure browser, has it been useful for you or have you had any problems?

An extra level of security will be added to the Web’s address system, starting from next month.

Since 1984 computers have been able read domain names using the current Domain Name System (DNS), which represents web domains numerically, making them machine-readable.

In 2008, security expert Dan Kaminsky highlighted a flaw in the Domain Name System which allows cybercriminals to redirect unwitting users on to their own versions of login pages for online banking or other web services in order to harvest their details. Now known as the ‘Kaminsky Bug’, this type of attack is the basis of many phishing scams in operation today.

The new system, DNSSEC (Domain Name System Security Extensions) allows Web sites to use digital signatures and public-key encryption to prevent the type of spoofing attacks described above.

This will not foil all of the different types of scams in operation by any means and while it is definitely a great step forward you should continue to browse with care:

• Remember not to click on links within emails and do not open any attachments on emails claiming to be from your bank. Banks very rarely email their customers directly, if you are unsure contact them directly (do not reply to the email).
• Bookmark what you know to be your bank’s genuine online banking page and only use that to login. To be sure, double-check the web address (URL) each time before logging in.
• Do not use online banking on public wireless networks.
• If you have a home wireless network make sure you are using the strongest encryption allowed by your router (ideally WPA2).

As TechCrunch have reported on their blog, a mistake by US service provider AT&T has allowed hackers to obtain the e-mail addresses of up to 114,000 customers. Fortunately in this case it was only the e-mail addresses that were compromised and not further sensitive information. However even having your e-mail address compromised on its own could leave you open to an increase in spam and phishing e-mails.

No matter how careful you are online your personal details could still end up in the wrong hands through no fault of your own. All the more reason to be cautious.

If you have a DataPatrol account, remember to add all of your e-mail addresses to your account. If we see your details on compromised lists such as these we will give you a heads up so that you can be extra vigilant.

Very often when we read about Facebook privacy issues the majority of concern is for the children and young adults who we perceive to be at the greatest risk. We tend to assume that younger users of social networks will be the most blasé about their own privacy, about the information they are willing to share about themselves with the wider public. I must admit that I have been guilty of this assumption in the past.

Whilst Facebook in the UK does have a minimum age requirement of 13, this is not easily enforced and it is simple for younger children to join. There has been a lot of press coverage recently regarding Facebook’s privacy settings, describing them as far too complicated with the default settings revealing far too much personal information. Concerns have been raised that it is these younger users who will be the most caught out by this.

Fascinating research from PEW suggests that we should in fact take a completely different perspective with regards to how ‘younger’ users approach privacy on social networking sites such as Facebook.

By ‘younger’, ‘middle’ and ‘older’ groups I will for clarity in this post refer to the same age-group boundaries used in the PEW report (Younger: 18-29 years old, Middle: 30-49 years old and Older: 50-64 years old). While this report did not include those under the age of 18, I think it is fair to assume that they would be most closely aligned to the ‘younger’ age group above.

Most important to realise is the fact that what an older user would consider as inappropriate information to share in public is very much part and parcel of how a younger user would want to be perceived; their image as they present it to their peers on Facebook. For us to simply dismiss this as ill-considered behaviour is a bit naïve on our part – the research from PEW suggests that these younger users, far from indulging in poorly conceived comments and updates, actually dedicate far more thought towards what information they will or will not make public and furthermore, they are the most likely to alter their privacy settings.

So what exactly are the report’s findings I am basing this on?

Control of personal information

44% of young adult internet users say they take steps to limit the amount of personal information available about them online, compared with 33% of internet users between ages 30-49, 25% of those ages 50-64 and 20% of those ages 65 and older.

Removing unwanted content

47% social networking users ages 18-29 have deleted comments that others have made on their profile, compared with just 29% of those ages 30-49 and 26% of those ages 50-64.

41% of social networking users ages 18-29 say they have removed their name from photos that were tagged to identify them, compared with just 24% of SNS users ages 30-49 and only 18% of those ages 50-64.

Refining privacy settings

71% of social networking users ages 18-29 have changed the privacy settings on their profile to limit what they share with others online. By comparison, just 55% of SNS users ages 50-64 have changed the default settings.

So perhaps after all it is not the younger generation we should be most concerned about but ourselves! Indeed one last interesting question examined the issue of trust:

When asked how much of the time they think they can trust social network­ing sites like Facebook, MySpace and LinkedIn, 28% of SNS users ages 18-29 say “never.” By comparison, a smaller segment of older users express such cautious views; 19% of SNS users ages 30-49 and 14% of those ages 50-64 say they never trust the sites.

This all suggests that the younger users are far more switched-on not only when it comes to the risks of using social networks but also to the steps they can take to contain those risks.

Many parents have and many more will continue to face the dilemma of whether or not to allow their kids to use Facebook but perhaps to a certain extent these findings can put their minds at ease. Of course it is still a good idea to have a chat about what information could end up becoming public and running through the privacy settings with them when they first sign up (maybe you will learn something too!) but remember to practice what you preach!

Always think about who will be able to view what you are about to post on Facebook, is it such a good idea to tell the world that you are about to go on holiday leaving your house empty? Do you really want to post your mobile number in reply to those ‘lost my mobile phone – send me your number’ groups – remember that information too could become public.

Facebook is a great tool for keeping in touch and tracking down old friends, with a little care and attention you should have nothing to worry about!

Failing to take simple precautions will not only increase the risk that you fall victim of fraud but could also result in your bank or credit card company refusing compensation.

Recent research from consumer body Which suggests that up to four million debit and three million credit card holders are not taking these simple precautions and either write down their PIN or share it with friends or family members. A third of those surveyed keep a note of their PIN in their handbag or wallet (along with the card).

If the worst happens and you do fall victim to credit card fraud or your bank account is ‘hijacked’ by fraudsters then your bank may refuse to provide compensation if they believe you have acted negligently in keeping your security details and PIN number safe.

It is likely that in these tough economic times banks will only become more rigorous in their examination of compensation claims. However according to the Banking and Lending Code 2009 the emphasis is most definitely upon the banks to prove that a customer has acted ‘fraudulently or with gross negligence’.

So what exactly constitutes ‘gross negligence’?

In investigating a claim, a bank will seek to find out if the customer has taken due care and attention to protect their personal and financial information. Failing to do so can be likened to a car being stolen as the keys were left in the ignition and the victim then trying to get insurers to pay for a new car.

If a customer falls victim to credit card fraud or account takeover and an investigation uncovers that the reason can be attributed to the negligence of the customer (for instance the PIN has been written down and lost or the customer logged on to their online banking account using a weak password and in a public WiFi hotspot), then the Bank may not always stump up to cover the losses. In truth this is still a grey area, different banks take different approaches and these claims are still dealt with on a case by case basis. However, as always, it is better to be safe than sorry!

Prevention is obviously better than cure. By taking simple precautions you can significantly reduce the chances of falling victim to fraud in the first place. However these precautions will also ensure that you have nothing to worry about if your claim is investigated for any evidence of ‘gross negligence’ on your part:

• Do not write down you PIN.
• Do not share your PIN with others.
• Do not write down your online banking login details.
• Use a strong password for online banking that you do not use for any other service.
• Do not email any details of your account to anyone, even your trusted friends and family. If your email account is ever compromised this could be a goldmine of sensitive personal and financial information for a fraudster.
• Use a strong password for your email account that you do not use for any other service.
• Never open any suspicious emails claiming to be from your bank & certainly do not open attachments or click on links in these emails.
• The same goes for emails claiming that you have ‘won a prize’ or are eligible for a ‘tax rebate’. As a general rule, do not click on any links in or open attachments to any emails unless you know you can trust the sender.
• Never access online banking in a public WiFi hotspot.
• Take steps to secure your home WiFi network. Choose a strong password to connect to the network and change the default password on your router.
• If your home Wireless is Open or even WEP, upgrade to WPA (ideally WPA2) as soon as possible.

If you think there is a risk that your personal or financial details have fallen in to the wrong hands, for example if you have been mugged, burgled, lost your wallet, your laptop or your briefcase, then you should consider applying for CIFAS ‘Protective Registration’. This service (£14.10 per year) will place a flag against your details in the CIFAS database to indicate that you have requested extra protection. This will mean that in most cases additional verification checks are made whenever an application for credit is made in your name. While this may mean you experience delays when you apply for credit yourself, it should make it much harder for fraudsters to commit identity theft in your name.

If you receive an unexpected email from the iTunes store thanking you for buying a $50 iTunes Gift Certificate then beware. Like similar scams that we warned you about last year, this email is not what it seems. The email asks you to open an attachment to receive your gift certificate code. What is actually contained within this attachment is some nasty malware to infect your pc and possibly phish your iTunes log-in details.

So if you or a friend has received this email we recommend that you delete it immediately and do not click on any links or open any attachments.

Digital Economy Act puts Three Quarters of a Million Homes ^[1] in Capital  at risk

New research by the online identity experts, Garlik, has found that a third of households in the capital are at risk from cybercriminals thanks to poor or no security settings on their home WiFi networks. The research, carried out by Garlik over a two week period ^[2], across 13 different boroughs and 11,000 ^[3] households in Greater London found that: -

• Nearly five per cent (100,000) of households had no security at all, leaving their home WiFi networks completely open to criminals
• Almost thirty per cent had extremely weak WiFi security settings, known as WEP ^[4] that can be cracked within minutes
• Only sixty five per cent of households were found to have the most secure setting for their home WiFi networks, known as WPA ^[5].

“Using weak WiFi security like WEP is the digital equivalent of locking your front door but with a sign saying ‘key under the mat, help yourselves’, ” commented Tom Ilube, CEO of Garlik. “With the recent introduction of the Digital Economy Act people need to be aware that they could face a fine, the risk of disconnection or indeed risk falling victim to cybercrime if they do not take WiFi security seriously. ”

If a cybercriminal gains access to someone’s home WiFi, either due to the network being unsecure or a network password being cracked, then email accounts, social networking sites and even online banking can be broken in to. Also with access to someone’s home WiFi, a cybercriminal can use the internet connection however they choose. The home owner may be completely unaware as the hacker browses obscene websites or illegally downloads copyrighted music, films or TV shows from the home network. The Digital Economy Act now gives copyright owners the power to demand that Internet Service Providers (ISPs) take action against suspected filesharers. Even if these offences have occurred without the home owner’s permission or knowledge they will still be held accountable, risking the possibility of fines or even disconnection.

“We strongly encourage people to upgrade their wireless routers from the weak WEP security setting to the much stronger WPA (ideally WPA2) settings and for those with no security settings to wise up to the potential risks they are exposing themselves to.” added Ilube.

Steps to securing your home WiFi: -

• Set your router to the highest security setting possible. Ideally WPA2. If your router will only support WEP, contact your ISP provider and ask them to upgrade your router. If you are unsure how to change your security setting your ISP can help with this too.
• Ensure the password for your home network is not obvious or weak (e.g. cat, dog). Use a mixture of letters, numbers and special characters such as *, @, !.
• Also ensure your router password is changed from the default setting when it was first installed. Often people are unaware that almost all routers are sent out to homes with exactly the same, widely known password and login details.

---

[1] According to TGI there are 4.6m households in London with broadband, 47% of those broadband ISP households have WiFi* and according to Garlik figures 35% of those WiFi users are currently using poor or no WiFi security. This equates to three quarters of a million homes in London at risk. (*Opinium research, October 2009).
[2] Garlik assessed home WiFi security between 22/03/10 – 01/04/10 .
[3] 11,468 households in Greater London were surveyed.
[4] WEP – Wired Equivalent Privacy, a weak but widely used wireless network security standard.
[5] WPA – WiFi Protected Access, a stronger wireless security standard that comes in two forms, WPA and the most secure WPA2

---

Note to editors: Tables and charts to represent these figures collectively can be found at http://www.garlik.com/press/homewifi/All.jpg

Individual pie charts for each borough are available on request.

The boroughs assessed were Elephant & Castle, Camberwell, Dulwich, Greenwich, Hackney, Wembley, Ealing, Hampstead, Richmond, Wimbledon, Tooting, Clapham and Battersea.

The raw data is available here:

http://spreadsheets.google.com/ccc?key=0AuBJmXWe-7fIdGxCWkNmUzF5ak1fYkUxRnc5d0xQT0E&hl=en_GB