The Cocoon Blog
The Internet as it should be: private, secure and virus free

Airports, restaurants, coffee shops, businesses, dentists, libraries and even public parks offer public access to Wi-Fi for free. Surfing unsecured hotspots can open your data pipeline to some very unsavory characters.  Whether you use it for convenience or because there is no other Internet connection available — the bad guys still have all kinds of tools to gather and steal information from you.

Let’s say you find yourself sitting at a local coffee shop taking advantage of the available Wi-Fi. You’re searching the web for an affordable gift to give your loved one for their birthday next week. Credit cards in hand, you chat with friends on Facebook pleading for any last-minute ideas before making a purchase. Not only are there many things that could go wrong with your unsecured shopping experience, but anything else requiring your login info while you’re on that free Wi-Fi connection (i.e. social networking sites). This is precisely the type of situation that could lead to identity theft, access to files on your computer’s hard drive, or full disclosure of any private information you send or receive over that network.

A common approach to intercepting private data and opening the door to identity theft is the “Man In The Middle Attack.” In the past, free programs like Firesheep have made it possible for even less tech savvy people to perform such an attack. The program could, for instance, hijack an active Facebook, Twitter, or even bank account session if the victim is using an unencrypted network. This applies to many of your online accounts, so think about it before logging on Facebook, accessing your bank portal, or making a purchase via public Wi-Fi.

 Here are a few of the ways you can reduce the risks of using public Wi-Fi:

•   Encrypted Wi-Fi - Wherever possible, choose a password-encrypted network to help you increase your protection. Always make sure to set a password for your home network to keep undesirables out. 

•   HTTPS - Using websites that utilize HTTPS (rather than standard HTTP) may help you in some scenarios, but this remains limited. While on Facebook, check the address bar to make sure you see “https” and not just “http”. If you are not in https mode, check your Facebook Preferences page and make the change.

•   Avoid Firefox password saving - If you’re using Firefox, it is recommended that you do not use the browser’s built-in password saving tool, because it is unencrypted to anyone who has access to your computer. To see any of the passwords that Firefox has saved for you, simply go to your Firefox Preferences in the Firefox menu; click on the Security tab; then go to ‘Saved Passwords’ in the bottom right corner. If you have passwords saved, we recommend deleting them while in this menu. Once there, all that’s needed to show your full passwords is to highlight a website and click ‘Show Passwords’.

•   Unknown public Wi-Fi networks - Avoid joining unfamiliar public networks, as they may be bait set up by hackers looking to steal your personal information. In airports, for instance, hackers have been known to create networks such as “Free Wi-Fi” designed to steal travelers’ passwords, bank account information, and any other data being accessed through the network. 

•   File sharing - Disable file sharing while you travel to prevent hackers from stealing private data from your device.

•   Disable automatic Wi-Fi connecting - Ensure that your laptop, tablet or smartphone is not configured to automatically connect to open networks within its range.

If you found this article helpful or have more ideas to add – leave us a comment!  You can also visit us on Twitter and Facebook. –Vernon | GetCocoon

Avast recently reported that some child game sites have become the latest target of hackers. If the child is playing games on a shared family computer – malware can affect all family members who login to the family computer. If the child has their own computer, it should be checked on a regular basis (by an adult) for potential cybercriminal activities. All computers in the household should have regular updates of antivirus and other security software.

In recent years online games have become a modus for hackers. Hackers can make that big purple dragon that flies to Taragath Land look like an exciting adventure to a five year old. Remember, children often do not stop and think before clicking on a malicious link. It is very important that parents monitor a child’s online activities to protect them from unsavory areas of the web.

Avast says the most visited site affected – cutearcade.com – had generated more than 12,600 infection reports from its protection software as of last week. –BBC News

Cocoon offers protection from malware and drive-by-downloads. Once logged into Cocoon, no information touches your hard drive because it is all stored on our servers. The hackers can’t get to you or your children. It is currently available as a Firefox plug-in, but will soon arrive with a few more flavors (Internet Explorer and IOS).

The Cocoon Team!

Privacy has become a red-hot issue in 2011. As more privacy organizations, advocates and researchers discover and disclose to the general public what social networks, governments, corporations, data miners/aggregators, advertisers and law enforcement collect;  public awareness of the impact of our digital footprints and  invasive online tracking tactics become exposed.

Social networking giant, Facebook has been highly controversial in the realm of data-collection practices and is a master of stealth digital surveillance:

“Facebook has perfected a stealth digital surveillance apparatus that tracks, analyzes and then acts on your information, including what you tell your friends,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “Facebook users should be cautious about whether the social networking giant ultimately has their best interests at heart.”   –Los Angeles Times

With the rise of online hactivism, hacker groups such as Lulzsec’s 50-day rampage against corporations, law enforcement and security companies affected individual lives when they targeted the CIA and dumped a list of 62,000+ email addresses and passwords.

Many of you may remember Firesheep (October 2010), the Firefox plug-in that let hackers eavesdrop and steal unencrypted cookies from anyone who used unsafe Wi-Fi connections (such as airport and coffee houses). Firesheep would let non-technical people become “hackers” giving them access to the log-in credentials of the victim with a simple double click in the Firesheep sidebar. It would then hijack the web session by copying session cookies and use these cookies to impersonate the victim. Last month Sophos reported that security researchers created their own version of the notorious Firesheep plug-in that had the ability to expose data leakage in Google search history.

The ten biggest threats to privacy in 2011 paint a picture of a landscape that is littered with the potential for warrantless tracking, pervasive monitoring, mobile stalking, behavioral advertising and data harvesting. The repercussions of sharing too much personal information on Social networks has led to a deluge of private data flooding the public domain; where sites such as Facebook consistently alter privacy settings to share more. The latest Facebook platform change to create a deeper sense of connection is secondary – Bottom line:  advertising is primary and Facebook gets its income from ads.

“Data is the new oil…everybody benefits from your data except you, the end user. It’s as if everyone’s genes were harvested by a small number of companies without any payment to those whose genes they are.” –Michael Fertik, chief executive of Reputation.com

Top 10 Internet Privacy Threats: 

10-GEO Tags: When photos or videos are taken with a GPS-equipped device (digital camera, laptop, smartphone) they are embedded with a geotag that reveals the exact location in longitude and latitude of where it was taken. The exposure of geo-locational data on social networking sites could enable the risk of social surveillance and stalking.

9- Google Wi-Fi Sniffing: According to news sources, Skyhook Wireless has been wardriving a fleet of trucks through towns and cities in the U.S., Canada, (covering 70 percent of population centers) and metropolitan centers in Europe and Asia and  mapping every wireless router, both public and private. Skyhook identified each router by its MAC address and correlated it with the exact location of each router, using GPS. The router information currently exists in a database of 250 million Wi-Fi access points. That’s pretty scary because most people have no idea that this has happened.

8-Facial Recognition Technology: Initial use of this technology was used by law enforcement, security and surveillance but is now in the public realm with apps like SocialCamera and SceneTap.

Facebook deployed Facial-recognition software this summer, allowing people to opt out of tagging but did not stop Facebook from gathering data or having the ability to recognize your face. Eventually this technology is meant to search for people by simply using a picture.

With facial recognition software that can discern users’ true identities–not just the personae they choose to create online–Facebook becomes a much more powerful identification tool. –Rebecca Greenfield, Atlantic Wire

7-Internet Censorship:  Some countries that have extremely strong censorship policies are: China, Iran and Myanmar. China has has an advanced filtering system (the Great Firewall of China) and can restrict access in real time. Over 10 million web pages are blocked in Iran and web sites that offer tools and techniques for circumventing filters are also heavily filtered. The Myanmar government allegedly monitors Internet cafes with computers that take screenshots every few minutes.

6-Smartphones: The government’s ability to track individuals using Smartphone’s and mobile malware top the list. Researchers at Trusteer recently discovered a new attack by the SpyEye Trojan that targets online banking security systems.

The malware compromises the login information to the victim’s bank account and injects a phony page into the smartphone browser. The malware then instructs the victim to type the original confirmation code into the fake web page form. The hacker is able to capture the code (man in the browser injection) and login to the victim’s bank account. Once the hacker is in, they change the telephone number associated with the account and divert the funds.

5-Data-Stealing: Rogue applications on social networking sites, computers that harbor botnets (Coreflood) and smartphone malware (DroidDream) are just a few of the nasties that are out there.

4-Behavioral advertising: HTTP cookies, flash cookies, sites that respawn HTTP cookies with Flash (KISSmetrics), and HTML5 Local storage (more flexible than standard HTTP cookies) are just a few of the methods that are used for tracking online users.

During the course of a typical day – if you use your computer, your smartphone, your TV and shop at your local stores using a loyalty card – targeted advertising will trail behind you. When you sit down to watch TV, your TV is watching you. Visiting Facebook, searching on Google or Bing also adds to the fleshing out of your behavioral profile that consists of your searches, online habits, preferences and buying patterns.

3-Hackers: – Organized cybercriminals, hacktivists, Anonymous and Lulzsec are a few of the online entities that participate in DDoS attacks, data breaches, phishing, online banking fraud, online shopping fraud and a host of other unsavory activities. Weak security systems are generally the culprit.

2-Social networks: Social networks allow users to build connections and store information remotely. It is also the weakest data link. When people become dependent on social networking default privacy settings (Facebook’s frictionless sharing) and post too much personal information online, it becomes ripe for picking. Identity thieves, scammers, hackers, debt collectors, corporations, marketers, data miners and governments use social networks to gather information. Your data is the harvest.

1-You!  – The weakest link in the privacy chain could be YOU! Everything that you do online leaves a digital footprint from search engine tastes to browsing patterns and social interactions. Things that you share online could go further than your social circle. Always think before you post!