Utah’s Award Winning Computer Magazine!

www.ucs.orgThis Month’s Meeting:Wednesday 12th at 7 pm

Volume 27, No. 8 August 2009

ISSN 1061-5725

This Month’s Presentation

Check Out the Security-Related Report

(IdentityTheft)On Page 4

RootsMagic

Genealogy Software Version 4

by Bruce Busbee

Page 2 Blue Chips Magazine — August 2009

™

RecentTrends

By Cliff Millward, Editorcliffm@xmission.com

Finè

Fix Or Reboot Daily (?)Ford Motor Co. and the University of Liverpool

are working on a laser designed ignition system to replace spark plugs. A fiber-optic cable shoots a fo-cused laser beam when the gas is injected to cause the explosion.

Researchers claim the new ap-proach will be more reliable and ef-ficient as it can report back to the car’s computer and adjustments can be quickly made on combustion pa-rameters.

Lasers can also be split into many beams to better ignite fuel.

When I was a youngster with my first car (a 1951 Packard 300) I read auto magazines and was influenced to purchase an “innovative” spark plug with about 6 “an-tennas” which were supposed to fire at a center post, thus obtaining better mileage. I anxiously awaited the mail delivery and was surprised when I opened the package. The spark plugs were PINK in color! — I can’t repeat what mechanics said when they saw the pink spark plugs!

(By the way, they did not work well and I had to replace them with normal plugs.) We live and learn.

I hope the lasers from Ford work well, improve mileage, and are available soon for all cars.

Speaking of AutomobilesTesla Motors has turned a profit for the first time

last month. The electric car manufacturer shipped 109 vehicles.

They produce a Roadster auto which has a range of 244 miles per charge. It is the only electric car in the US that is highway capable. It is supposed to be faster than a Porsche and 2 times more energy efficient as a Toyota Prius.

They are now working on a sedan slated to the priced around $50,000.

A New Place for a Virus?Recently, a woman in New York has had a pace-

maker implanted in her which is connected via the internet to her doctor’s office. That way the doctor can constantly check on her condition. (The pacemaker, however, does not have an IP address — darn!)

If something abnormal occurs it will contact the doctor immediately.

Perhaps in the future, chips like these will be implanted in patients to monitor high blood pressure, measure glucose, etc. (I REALLY hope they don’t monitor amorous encounters!)

Blue Ray NewsToshiba has joined the Blu-Ray

Disc Association. This means they will be bringing out Blu-ray players very soon. The move could trigger a price war.

Toshiba lost the HD war in February 2008 to Sony.

Watch Out for the RobotsA restaurant in Japan features several robots

(called FuA-Men which means Fully Automated Men) which cook all the food. The robots are fully autonomous. They cook up to eighty bowls of noodles per day.

Customers seem to like the results and say that there is little difference between noodle dishes pre-pared by real chefs.

The robots are very accurate. They time the boiling of noodles precisely, add toppings and make sure the temperature of the soup is “just right.”

I understand that a robotic busboy is also in the plans.

The robots also put on a show to entertain their customers. They pretend to threaten each other with knives while others pick up pot lids to defend them-selves.

The old Automat of New York has metamor-phosed.

Page 3 Blue Chips Magazine — August 2009

Blue Chips Magazine

Magazine Staff

Editor — Cliff Millward 619-9633Review Program Liaison — James Alexander 250-2269Review Product Editor — Donna Nendell 565-9594 Review Editor/Product Recruiter — Don Nendell 565-9594 Photography — LeRoy JohnsonProof Reader — Larry Lamph, Doug Jackson

Advertising Rates

Ad costs 1 month 3 months 6 months 12 months2 Page Spread $150 $400 $700 $1200Full Page $100 $275 $500 $900Half Page $50 $130 $250 $450Quarter Page $25 $70 $130 $225Business Card $15 $30 $60 $120

Full page size is 7½ x 10 inches. All other page sizes are based on a 7 x 10 inch page in order to conform to editorial style. Half-page ads may be 7 x 5 inches or 3½ x 10 inches. Quarter-page ads are 3½ x 5 inches. Business card ads are 3½ x 2½ inches.

Classified Advertising Utah Blue Chips members may place personal classified ads at no charge. Maximum ad size is 7 lines, 35 characters per line.

Submissions Members are encouraged to submit text articles for publication in ASCII text only. Photos in .TIF or .JPG format only. Line graphics, tables, in almost any vector or .TIF format. Do not imbed graphics or tables in text files. All articles must be received by the 15th of the month preceding the month of publication. All articles become the property of the Utah Computer Society and by submitting an article, the author gives permission for the Blue Chips Magazine Staff to edit the submission. The author also gives permission for republication in other users groups’ communications.

Permission to Copy Permission is granted to other nonprofit PC user groups to reproduce any article published in this newsletter, provided credit is given Blue Chips Magazine and the author (s) of the reproduced materials. Reprinted articles are subject to the terms of their respective copyright holders.

“Utah’s Award Winning Publication”

Charter Member of theAssociation of PC User Groups

MONTHLY MEETING LOCATION2nd Wednesday of every month

University of Utah, Union Building, 7:00 p.m.

Officers and Trustees Eve. Phone E-mailPresident, Stuart Gygi 576-1891 sgygi@ucs.orgV. Pres., Larry Lamph 571-2908 larry.lamph@ucs.orgSecretary, Lowell Kenedy 278-3035 lkenedy@ucs,orgTreasurer, John Witzel 296-1390 witzelj@ucs,orgttDoug Jackson 322-2337 djackson104@usc.org

InformationPersons or companies may join or renew at the meeting, or by sending a check payable to the Utah Computer Society to:

Utah Computer Society Membership Secretary 5435 Riley Lane Murray, Utah 84107

Individual memberships are $25/year. Business Memberships are $35.00 a year.Corporate sponsorships are available at two levels. Corporate Sponsors enjoy all benefits of membership including multiple individual membership and prepaid advertising coverage. Contact a Board Member for more information.

Other important information:Meeting Information http://www.ucs.orgGroup Business (James Alexander) 250-2269Magazine (Cliff Millward) 955-9633Web Site http://www.ucs.orgWebMaster 262-6045Membership (evenings) (Bob) 262-6045

AugustRenewals

Kathryne JohnsonLeRoy Johnson

Page 4 Blue Chips Magazine — August 2009

Security-Related ReportIdentity Theftby Don Nendell

“What a delightful thing is the conver-sation of specialists! One understands absolutely nothing and it’s charming.” – Famous French impressionist Edgar Degas, (1834-1917)

PreludeI’ve got some good news and some

semi-bad news for you folks this month - concerning our Review product - er, strike that, Report that is. “So, what’s new,” you say? A whole heap of news, that’s what. And, guess what? Without fail, this is definitely Security-Related (S-R), too! Again, no surprise there - that is, if you’ve been following my ranting(s) - which makes this my 88th S-R BCM Report/Review in the past 10 years, then (See graphic). Whew! Oh well! Onward and upward on our stupendous flight as we head off into the “Wild Blue Yonder,” again.

Pre-flight (Flight Planning)Last month I wrote, “Initially I

thought I’d bitten off more than I could chew with a complete re-working of my “fully working” Complex Home Net-work (P2P) system. ‘If it ain’t broke, don’t fix it’’ so goes the old proverb (in Eng-land it’s, ‘Let well alone!’). But, you see, HomeNet Manager 3 (HNM3) was to be my savior, and it almost was.”

“A ship in harbor is safe – but that is not what ships are built for.” – John A. Shedd

(Update) The good news. I’ve been using HNM3 religiously now for over two (2) months, and I’m enjoy-ing its physical and satisfying presence with a much “simpler” complex network with HNM3 at the con-trols. (See my “new simpler-complex” Home Network (P2P) graphic below, and my old “already working” Complex Home Network (P2P) system in my July 2009 BCM HomeNet Manager 3 Re-port1 & 2 & 3 (which can also be seen in my 2008 BCM D-Link Reviews1 & 2 & 3.)

Naturally - it goes with the terri-tory - as sure as the sun comes up in the morning, your system will go down periodically, and just as surely, HNM3 points directly to the problem area. At last count I’ve repaired my lat-est, and greatest, system five (5) times successfully and easily.

End of Report. Not! I definitely should receive “los

maximos trofeos” for my perfor-mance4 for setting up my HNM 3 system with such a paucity of help.

Security-Related Report

Page 5 Blue Chips Magazine — August 2009

“For the rest of you, and Mr. Z. [SingleClick’s CEO] personally shared with me that’s 85% of you out there, I say to you all [once again], . . . ‘Single-Click is in Your Digital Corner, still out there successfully working for that other 85% of the market. Hooah!

The semi-bad news. Again, quot-ing from last month’s HNM3 Report, “On a ‘complex’ Home Network, like mine is, ‘expect to either pay someone to do the job, or learn it yourself,’ just as I have over the past 5-6 years - done both, that is. . . . To understand the ramifications of that last statement [I recommend you read my July 2009 BCM HomeNet Manager 3 Report1

& 2 & 3], ...if you’ve got a ‘complex’ Home Network (P2P) project starring you in the face.” However, there is noth-ing to lose by “Trying it.” It’s a 30-day “Free” trial. All-in-all it’s pretty much like “Herding cats,” that is, unless you have HNM 3 working for you. Then it becomes only “Herding a cat!”

Actually, y o u m i g h t get a better understand-ing of what I’m getting at here by just going to <www.you-t u b e . c o m /

watch?v=JWymXNPaU7g>. Enjoy!

Me, I’ve just been sitting here in a stupor at my computer recovering from all my ordeals and listening to my “new” 3-disc CD album of Feng Shui Music For Balanced Living that I bought at Cosco the other day. And you know some-thing? This Feng Shui stuff is really

working!Weather Briefing

C o n t i n u -i n g o n w i t h our flight mo-tif again this month, leads us once more to an important, nay critical, element of one’s desired f l ight ; when you’re flying it is mandatory (sa id smart , duh!) that we check on the en route and des-tination’s fore-

cast weather and runway conditions.Thereafter you can file your FAA

flight plan, whereupon your chances of a successful arrival decrease in direct proportion to your flying skills and the whims of Mother Nature. [A cautionary word here, always remember the man-tra:] “Don’t Mess with Mother Nature; She Has a Long Memory and a Nasty Temper.” But then, that’s enough about my “new simpler-complex” Home Network (P2P) system.O n w a r d , a n d upwards James! And don’t spare the horses.5

TakeoffSwitching now

to another New Age favorite of mine, Steven Halpern, I’ve started his Music of Accelerated Learning, and may I re-spectfully suggest you might do likewise right about now for your own personal security, that is! Then we’ll follow that one up with 2002’s Wings, and see where that takes us?

Our flight today takes us into never-never land, the land of Identity (ID) Theft. Me, as I said, I’m fly-ing, but if you’re travel-ing by road I certainly do hope you’ve checked with AAA about current ID Theft road conditions (See below.) They’re pretty torturous, and have been for a great long while now, as we’ll see in just a short while.

“Honesty pays, but it doesn’t seem to pay enough to suit some people.” F. M. Hubbard

En RouteThere’s a lot to accomplish just to

get safely back on the ground again, in flying, as well as, in Security-Related (S-R) Reporting. And since Con-fucius said that the journey of a

Page 6 Blue Chips Magazine — August 2009

1000 miles begins with the first step, here goes nothing.

BackgroundThat an Identity Theft problem of

gigantic expense, magnitude and pro-portions currently exists worldwide, and has existed for a very, very long time, is well documented. BlockSwitch <www.blockswitch.com> advertises today that, “Every minute six (6) people have their identity stolen.”

What is ID Theft?“Identity Theft is a crime in which

an impostor obtains key pieces of per-sonal identifying information (PII) such as Social Security numbers and driver’s license numbers and uses them for their own personal gain…. [Which is why it] is called ID Theft. (See Google Search Results for ID Theft.)

“It can start with lost or stolen wallets, pilfered mail, a data breach, computer virus, phishing, a scam, or paper documents thrown out by you or a business (dumpster diving) [See ex-ample below]. This crime varies widely, and can include check fraud, credit card fraud, financial identity theft, criminal identity theft, governmental identity theft, and identity fraud [including the latest iteration, medical identity theft].” (Source: Identity Theft Resource Center, Nonprofit Organization.)

“The business of the United States is done on the Internet… information that flows electronically 24/7 is increasingly the target of not only identity thieves and scammers, but the organized crime groups, terrorists, and overseas govern-ments. There are a number of countries who have an interest in stealing in-formation from the United States… as many as two dozen nations have taken an ‘aggressive interest’ in penetrating our networks. The malicious activity has become much more prevalent.” - Shawn Henry, FBI Cyber Division Head (2008.)

“Cyber attacks and cyber espionage are costing businesses a bundle each and every year and have now become so significant it really is a national security issue. In March 2009, Dennis Blair, United States Director of National In-telligence (DNI) stated in his testimony that intellectual property theft and data

theft cost businesses $1 trillion dollars in 2008. National security and cyber secu-rity experts believe the US Government and its contractors are the targets of a growing cyber warfare effort that they suspect is being conducted by nation states and their proxies with the aim of stealing military and industrial secrets - high-end espionage in every sense of the word. Anywhere there is attractive intellectual property and anything that is valuable and useful to someone else [like their good name and identity] is a target for cyber attack.” Kevin Coleman, Cyber Espionage Countermeasures, Eye Spy Magazine issue 63, 2009.

Note. I’ve made reference to Eye Spy Magazine in numerous prior BCM Reports. It is probably my most favorite “Covert World of Espio-nage” reference guide, and I ea-gerly await its arrival every six (6) weeks <www.eyespymag.com>. (See graphic of the latest issue (#63) I received just today.)

Note. I’ve also written about orga-nized crime syndicates, et al., and cyber crime many times before. (I invite you now to pay particular attention to the BCM 2008 Reports1 & 2 & 3 series : Encryption -What’s That Report (July 2008); Encryption - Why Report (August 2008); Security

Page 7 Blue Chips Magazine — August 2009

News n Views Part 2 Report (Sep-tember 2008); and, Security News n Views Part 3 Report (November 2008).

A Few Quick Pertinent Questions You Need to Ask Yourself Right Now:

1. What Information are the bad guys after? Social Security Num-bers; Mother’s maiden names; Birth dates; Billing Addresses; E-mail Ad-dresses; Account Numbers; Usernames/Passwords/PINS; et al.;

2. What bad things can happen to you? a. Physical (offline) theft can be used for: New Account Fraud; Check Forgery; etc. b. Information stolen on-line can be used for: Un-authorized checking account transfers; Stolen credit card purchases; Illegal credit card advances; Acquiring other services in your name; Cyber-stalking and Cyber-harassment; amongst a whole host of other nefarious activities;

Caveat. It might be wise for me to point out that the Feds will confiscate your computer(s), etc., if your com-puter was hijacked and is used by the “Bad Guys” in their nefarious activities. It’s like you did the “Bad Deed,” even if you’re actually innocent. OK? NOT OK! ;(

3. How do they (the “bad guys”) get your information? Stealing your mail and dumpster div-ing (Oracle CEO Larry Ellison hired detectives to dumpster dive for him, as reported by Whlie Wong, Staff Writer, CNET News.com, June 28, 2000, and yet, Oracle was said to be buying Sun Microsystems for over $8 Billion (as reported by KSL TV’s 6 o’clock news, April 20, 2009) [“Go figure!”]); Phishing (Internet) scams; Internet scams; Spyware; Public Computers and Networks; Inadequate computer secu-rity; and, People actually give it to them through Social Engineer-ing; scrapping old hard drives without wiping them “clean,” for instance (See below); and,

3. What to do if “You Are a Victim?” Contact all of your banking, credit card, mortgage lenders, etc., Contact the police, Report the theft to the Federal Trade Commission, and, Prepare an ID Theft Affidavit and Fraudulent Account Statement. (See CBC2 graphic Cyber Security Its Up to You.)

Here’s a Quickie Example for You

Hacker thieves have banner year (AP) The Salt Lake Tribune, April 20, 2009. (San Francisco) “Hackers made off with at least 285 million electronic records in 2008, more than in the four previous years combined, according to a new study that shows identity thieves are getting better at exploiting careless mistakes that leave companies vulner-able to attack. The number comes from a study of [Get this: The sum total of only] 90 data breaches investigated by Verizon Communications Inc., which is hired to do a post-mortem on most big computer intrusions.

“No victims are identified in the report. Many of the breaches aren’t even public. That can happen if law enforcement insists on secrecy because of an ongoing criminal investigation, or if personally identifiable informa-tion wasn’t lost in the hack. In many breaches, especially involving lost or stolen laptops, the records aren’t used for anything at all.

“Verizon’s study looked only at breaches involving attacks that resulted in compromised records being used in a crime, like making counterfeit credit cards and buying homes and medical

Page 8 Blue Chips Magazine — August 2009

coverage under someone else’s identity - and on their dime. The company found that 90 percent of the breaches it inves-tigated could have been avoided with basic security measures. One of those is recognizing how valuable so-called “non-critical” computers are to hackers [Take care, no one is exempt].

“Peter Tippett, vice president of research and intelligence for Verizon’s business security solutions division, says criminals aren’t looking to crash through the front door with a brazen computer attack. Often they’re content to feel around the edges and look for vulner-abilities that can get them in through the equivalent of a side window. Even by tapping into computers of low-level employees who don’t handle sensitive data, hackers can get a toehold for in-stalling more malicious software that scans the network traffic and looks for vulnerabilities in other computers.

[FYI This is exactly the stuff covered in BlackHat Briefings and DEFCON, just concluded in Vegas a few days ago. BTW And believe you me, “this stuff” doesn’t stay in Vegas either (See also From iPhones below) ;-}]

“The study also found that data breaches are getting more severe be-cause criminals are using sophisticated new programs that were custom-de-signed for particular attacks and weren’t known to the security community or law enforcement.”

Some Basic ID Theft Protection Guidelines

Let’s take a minute to sum-marize/reiterate what is being said herein. It’s important to protect your personal information, and to take certain steps quickly to minimize the po-tential damage from identity theft if your information is accidentally disclosed or deliberately stolen:

1. Place a “Fraud Alert” on your credit reports, and review those reports carefully. Notifying one of the three (3) nationwide consumer reporting compa-nies is sufficient.

2. Close any accounts that have been tampered with or established fraudulently.

3. File a police report with local law enforcement officials. This is an essen-tial step in claiming your rights.

4. Report your theft to the Federal Trade Commission, online, by phone, or by mail.

And before identity theft happens, learn how to safeguard your information online at: ftc.gov/idtheft or by phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261.

Alas, other than padlocking your computer and not using it at all, that’s about all an Identity theft victim can do to protect him/herself, as the situ-ation currently stands. But please do keep on reading! There’s more, lots, lots more…

A Potpourri/Modicum of ID Theft Statistics

The Javelin Strategy & Research Center has been studying identity theft closely since 2004. Each year, they re-lease their findings. Their 2009 study reveals that:

1. Identity theft is on the rise, affect-ing almost 10 million victims in 2008 (a 22% increase from 2007.)

2. Victims are spending less money out of pocket to correct the damage from ID theft. The mean cost per victim is $500, and most victims pay nothing due to zero-liability fraud protection programs offered by their financial in-stitutions. [But don’t let this stat lull you into complacency, folks! This is serious stuff, See below.]

3. 71% of fraud happens within a week of stealing a victim’s personal data.

4. Low-tech methods for stealing

personal information are still the most popular for identity thieves. Stolen wal-lets and physical documents accounted for 43% of all identity theft, while online methods accounted for only 11%. Source: <www.spendonlife.com/guide/identity-theft-statistics> (See also the latest 2009 FCC ID Theft Pie Chart.)

Some Official Identity Theft Statistics to Consider

VictimsPlease Note. I have highlighted

the dates in yellow for a fairly obvious reason - they are the latest available from a reputable source. However, they can be still be used as a reference point for comparison purposes to more cur-rent data shown herein, as well. Be your own judge of the data.

1. 1.6 million households experi-enced fraud not related to credit cards (i.e. their bank accounts or debit cards were compromised) (U.S. Department of Justice, 2005.)

2. Those households with incomes higher than $70,000 were twice as likely to experience identity theft than those with salaries under $50,000 (U.S. DOJ, 2005.)

Discovery1. 38-48% discover someone has sto-

len their identity within three months, while 9-18% of victims don’t learn that their identity has been stolen for four or more years (Identity Theft Resource Center Aftermath Study, 2004.)

Recovery1. It can take up to 5,840 hours

(the equivalent of working a full-time job for two years) to correct the dam-age from ID theft, depending on the severity of the case (ITRC Aftermath Study, 2004.)

2. The average victim spends 330 hours repairing the damage (ITRC Af-termath Study, 2004.)

3. It takes 26-32% of victims be-tween 4 and 6 months to straighten out problems caused by identity theft; 11-23% of victims spend 7 months to a year resolving their cases (ITRC After-math Study, 2004.)

Page 9 Blue Chips Magazine — August 2009

Costs1. Businesses across the world lose

$221 billion a year due to identity theft (Aberdeen Group).

2. On average, victims lose between $851 and $1,378 out-of-pocket trying to resolve identity theft (ITRC Aftermath Study, 2004.)

3. The mean cost per victim is $500 (Javelin Strategy and Research, 2009).

4. 47% of victims encounter prob-lems qualifying for a new loan (ITRC Aftermath Study, 2004.)

5. 70% of victims have difficulty removing negative information that resulted from identity theft from their credit reports (ITRC Aftermath Study, 2004).

6. Dollar amount lost per household averaged $1,620 (U.S. DOJ, 2005.)

Current News Item (Update) on the Home front. Canyons District schooled in ID theft By Kirsten Stew-art, The Salt Lake Tribune 07/27/2009. “The new Canyons School District plans to pay for a year of credit monitoring and identity fraud insurance for 6,000 employees whose personal information is believed missing. District officials are still investigating the July 8 disap-pearance of a thumb drive that likely contained employee addresses, phone

numbers, dates of birth and Social Se-curity numbers. And though they have no reason to suspect the information was stolen, they will spend anywhere be-tween $25,000 to $150,000 to safeguard workers from identity theft.”

FYI You might also be inter-ested in checking out LockLife, but like Sgt. Hans Schultz, the portly inept sergeant-of-the-guard of Hogan’s Heroes (an American television situa-tion comedy that ran for 168 episodes from September 17, 1965, to July 4, 1971, on the CBS network.), “I know nothhh-ing, I see nothing. I was not here. I did not even get up this morning!”

Perpetrators1. 43% of victims knew the perpe-

trator (ITRC Aftermath Study, 2004.)2. In cases of child identity theft,

the most common perpetrator is the child’s parent (ITRC Aftermath Study, 2004.)

Methods1. Stolen wallets and physical pa-

perwork accounts for almost half (43%) of all identity theft (Javelin Strategy and Research, 2009.)

2. Online methods accounted for only 11% (Javelin Strategy and Re-search, 2009.)

3. More than 35 million data re-cords were compromised in corporate and government data breaches in 2008. (Source: <www.spendonlife.com/guide/identity-theft-statistics>) (See also Hacker thieves have banner year above.)

Latest “Bad?” NewsAnd just before Press Time,

here’s a compendium of the latest “Bad?” news from SANS NewsBites July 28, 2009 Vol. 11, Num. 59.

1. Network Solutions Data Breach (July 24, 25 & 27, 2009) More than 4,000 e-commerce websites hosted by Network Solutions had their credit card sales transactions compromised in a data security breach. The data were stolen between March 12 and June 8 of this year. Nearly 574,000 people are affected by the breach.

2. DATA BREACHES, LOSS & EX-POSURE - Alico Breach Believed to be Connected to Credit Card Fraud (July 27 & 28, 2009.) A data security breach at insurance company Alico Japan has exposed credit card information related to as many as 130,000 insur-ance contracts. The breach is believed to be responsible for 2,200 instances of credit card fraud.

Page 10 Blue Chips Magazine — August 2009

Malware pace quickens dramati-cally by Chuck Miller, SC Maga-zine, July 23, 2009. “During the first half of the year, more than 1.2 million unique samples of malware hit the web. That is well ahead of the pace of last year [3x to be more exact] and could put this year in the record books, according to research by McAfee Avert Labs.... ‘Bear in mind these are malware we consider unique (or something we had to write a driver for) and does not count all the other malware we detect generically and heuristically,’ [Dave] Marcus [director of security research and communications at McAfee] wrote in a post on the McAfee Avert Labs blog. ‘When you add in the generic and heuristic detections, the number becomes truly mind boggling.’

“McAfee also reported other statis-tical findings, including that 30 to 40 percent of all password-stealing Trojans focus on gaming and virtual worlds. Also, 80 percent of all banking emails are basically phishing spam, and the average loss per victim from phishing is $866. (See also above.)

“‘There are many reasons why mal-ware continues to grow, but it is mainly a criminal’s game at this point,’ Marcus wrote in the blog. ‘Malware steals data. The people that write and distribute malware are criminals.’”

Spam, botnets at all-time high, says McAfee Q2 threats report By Louis Chunovic, Senior Editor, July 31st, 2009. Spam volumes have increased 141 percent since March, continuing the longest streak of increasing spam volumes ever, according to Santa Clara, CA-based McAfee, Inc.’s recently re-leased Q2 Threats Report. More than 14 million additional computers have been enslaved by cyber-criminal botnets in the quarter, according to the report, a 16 percent increase over last quarter’s rise.”

Austin News KXAN.com reported, “The personal information of every po-

lice officer in Texas was compromised through the theft of a laptop from a supplier.”

From iPhones to smart grids at Black Hat, Defcon <http://news.zdnet.com/2100-9595_22-325061.html?tag=nl.e539> by Elinor Mills CNET News, Jul 27, 2009. “My favor-ite security show each year is one at which there are no sales pitches, the speakers favor black T-shirts and dyed hair over suits and ties, and the talks tend to be controver-sial enough to prompt legal threats and even arrests.

“I’m talking about DEFCON, [July 30 - Aug. 1]. The event [it’s number 17 this year] turns part of the Las Vegas strip into a geek equivalent of ‘Animal House’ for a three-day weekend every summer…. In addition to being a hacker playground and summer camp, DEF-CON is a semi-neutral ground where people who blur the lines of legality mingle with federal agents whose job it is to hunt them down.”

FYI These are all exceptionally bright and intelligent folks, and they are definitely not to be played with, nor discounted.

As an added Note, attendees of DEFCON for the past few years get a very special conference badge with some electronics to hack and modify. This years badge has a Freescale MC56F8006 DSP/microprocessor chip, microphone, and RGB LED (See graphic). The RGB LED cycles through different colors until the microphone picks up some noise,

then the LED will respond to the volume and frequency of the sound. After a few minutes it was reported to all attendees “that the LED would blink what ap-peared to be Morse code whenever it picked up a frequency that was a power of 2 (such as 64hz, 256hz, 1024hz, and so on.)” (See also above.)

The Aftermath for One Victim, i.e., Corrective Action

On a more personal note. “America’s veterans [including yours truly] were sent scrambling for their credit reports Monday, as the Veteran’s administration announced nearly all of them - and some of their family members - were at heightened risk for identity theft.

“A long-time analyst at the massive federal agency was blamed for the theft of 26.5 million Social Security numbers after he took home sensitive data and his home was burglarized, the agency said. Now the VA is sending letters to every living veteran and some of their spouses with the bad news.

“The stolen data included names, Social Security numbers, dates of birth and numerical disability ratings. No medical records or financial information had been compromised, Veterans Affairs Secretary Jim Nicholson said.

“The theft occurred in May, but the agency released few additional details. It would not say what the analyst was working on that required him to take that much information home.” By Bob Sullivan, Technology correspondent, NBC News, May 22, 2006.

Page 11 Blue Chips Magazine — August 2009

And now, the rest (strike that) next part of that VA story!

Cost-Effective True Two Factor Authentication (Office of Manage-ment and Budget Memorandum M-07-16)

“Allow remote access [to personally identifiable information] only with two-factor authentication where one of the factors is provided by a device separate from the computer gaining access.”

News Headline: Department of Veterans Affairs Adds Trusted Authen-tication From Anakam. Anakam TFA two-factor authentication tool enables remote access to VA systems.

(Press Release) SAN DIEGO, July 21, 2009 /PRNewswire/ - The De-partment of Veterans Affairs (VA) has selected Anakam.TFA(R) Two-Factor Authentication as the enterprise au-thentication tool for remote access to VA systems, a key enabling technology to help the VA provide more veteran-centric benefit and healthcare services online….

Comment. This is better than it was originally, but comparatively speaking, it is still next to nothing compared with my DYCRAV(R) U.S. patented IT, which can do the

same thing, only better. (See more below plus my August 2006 BCM AutoEnc(R) Review1 & 2 & 3 which starts on page 8.)

More of the Ongoing (Sad News) Story

(News Release) “Senator Ted Stevens (R-Alaska), Vice Chairman of the Senate Commerce, Science and Transportation Committee, today [Apr. 20, 2007] introduced legislation to combat identify theft. The ‘Identity Theft Prevention Act’ (S.1178) would strengthen information [data protection and] safeguards and ensure [require that] consumers are notified whenever their sensitive personal information is acquired without authorization [, and further prevent identity theft.]

‘“Identify theft in the United States has reached epidemic proportions, with Alaska ranked fifth per capita in the number of fraud complaints filed last year,’ said Senator Stevens. ‘Consumers are under attack and we must give them the tools they need to protect them-selves.”’ (Source: Tennessee Identity Theft lawyers.)

[Note. The Sponsor of the bill is actually listed as Sen. Daniel Inouye [D-HI] and the Co-sponsors (as of 2009-07-11) are Sen. Bill Nelson [D-FL], Sen. Mark Pryor [D-AR], Sen. Gordon Smith [R-OR], and Sen. Ted Stevens [R-AK].

FYI This bill never became law. This bill was proposed in a previous ses-sion of Congress. Sessions of Congress last two years, and at the end of each ses-sion all proposed bills and resolutions that haven’t passed are cleared from the books. Members often reintroduce bills that did not come up for debate under a new number in the next session. (Source: govtrack.us: a civic project to track Congress.)

[Which is exactly why we now have this latest News Release?] Sen. Leahy introduces bill to com-bat ID theft by Jacob Goodwin, GSN: Government Security News Editor-in-Chief, July 23rd, 2009.

[Please Note. This is the third time Leahy has introduced this legislation, a law that would, among other things, standardize requirements on data breach notification.]

“Senator Patrick Leahy (D-VT) has introduced a bill aimed at preventing identity theft, providing notice of secu-

rity breaches and enhancing criminal penalties and law enforcement related to ID theft, fraudulent access to com-puter networks and misuse of person-ally identifiable information. Proposed language for the measure (S. 1490) has not yet been made available by the Sen-ate. The bill, which has been referred to the Judiciary Committee, of which Sen. Leahy is the chairman, has no other cosponsors yet.”

Identity theft protection Goal of House legislation

The Messenger, July 24, 2009 (Clarksville, TN Online). “(Washing-ton) U.S. Rep. John Tanner wants to enhance the privacy of Americans’ Social Security numbers and combat identity theft. Tanner, chairman of the Ways and Means Subcommit-tee on Social Security, introduced the ‘Social Security Number Privacy and Identity Theft Prevention Act of 2009.’ “The Federal Trade Commission re-ports that identity theft is the fastest-growing type of fraud in the United States. Private consulting firm Javelin Research and Strategy reports that al-most 10 million Americans were vic-tims of identity theft in 2008 - a 22 percent increase from the number of victims in 2007 [See also Stats above]. “‘Identity theft is facilitated by the easy availability of SSNs in many public- and private-sector records,’ Tanner said in Congressional Record remarks when introducing the bill. ‘SSNs are valuable to criminals because they are relied upon by business to authenticate identity. They are the skeleton key that unlocks many other sources of private, personal information.’ “While there are many legitimate busi-ness and government uses for SSNs, the unrestricted flow of private per-sonal information that includes SSNs often makes it too easy for identity thieves and other criminals to ob-tain SSNs for their own purposes. “Tanner introduced the bipartisan bill Thursday along with U.S. Rep. Sam Johnson (R-TX), ranking member of the Subcommittee on Social Security. ‘This common-sense bill would help stop access to Social Security numbers by restricting their sale, purchase and public display,’ Johnson said. ‘It’s time to stop talking and take action to prevent ID theft and protect Americans’ privacy. Let’s get to work.’

Page 12 Blue Chips Magazine — August 2009

“The bill, among other provisions, limits the circumstances under which government agencies or private-sector companies can display Social Secu-rity numbers to the public, includ-ing on the Internet; sell or purchase SSNs; display SSNs on paychecks and identification cards; or employ pris-oners in jobs that give them access to SSNs. The bill calls for additional criminal penalties for those convicted of misusing Social Security numbers.” [And the beat goes on, and on, and …. We all probably should e-mail Congressman Tanner, and tell him “We’re very concerned about this terrible menace, and please ‘Get this job done.’”]

LandingOpen Forum Question. Besides

writing/publishing all these BCM Se-curity-Related Reports/Reviews1 &

2 & 3, you may ask, “What more have I, Don Nendell, personally accomplished in these shark-/piranha-/orca-infested ID Theft waters?”

Well, just in case you did ask, here would be my answer. Besides owning my two U.S. Patents on security, plus co-developing a Windows security appli-cation that works on USB Flash Drives (See my August 2006 BCM Review of AutoEnc1 & 2 & 3 which starts on page 8), plus being President/Co-founder of four (4) Security Corpora-tions, I, proudly as an American, in the last week of May 2009, personally hand carried and presented “A Study of

Identity Theft as Related to Stolen Social Security Number(s), Their Usage and Inherent Weaknesses” [of course, prepared by yours truly] to the West Jordan Office of The Honorable Jason Chaffetz, (c/o House of Representatives, 1032 Longworth House Office Building, Washington, DC 20515-4403.)

In my letter to the Congress-man, along with my “Study ,” I proposed to offer my patented IT to the U.S. Govern-

ment “Royalty Free” for implemen-tation/inclusion as the “Focal Point” in the protection against ID Theft for “All Social Security Numbers, past, present and future.”

Note. If my plan were to be accepted, acted upon and ulti-mately be im-plemented, the overall result could very well be that each and

every one of you out there in “La La land” could finally be protected from ID Theft to the tune of six nines of effectiveness. That’s all!

There is a Yiddish proverb that goes: “A man should live if only to satisfy his curiosity.”

BTW I am also now thinking very seriously of sending a copy of my “Study” to U.S. Rep. John Tanner, and just maybe to those Senators as well, (See above) just to see what re-sponse it might elicit in those waters? Hmm! We shall see? Stay tuned!

End of Flight De-BriefingI have covered in a great deal of

detail in many previous BCM Security-Related Reports and Reviews1 & 2

& 3 on subjects directly related to and/or leading directly to “Identity Theft.”

Note. The complete list ap-pears in the graphic (above) cover-ing each subject.

I would like to add something now to one (1) of those Reviews that I missed at the time I was testing, playing with, and writing the Review. It is the Janu-ary 2009 GhostSurf Premium 5.1 Review1 & 2 & 3. I found out doing this S-A Report that TracksCleaner “makes previously deleted files unrecoverable.” What makes this so important is that we all know by now that “files you delete without TracksCleaner can often be recov-ered; and most definitely can and will be recoverable with Diskeeper Undelete 2009 (See my November 2008 BCM Review1 & 2 & 3.)

Caveat. This can end up be-ing exceptionally dangerous in the event you are getting rid of

Page 13 Blue Chips Magazine — August 2009

an “old” hard drive, for example. Then too, ask Oliver North and Monica Lewinski about “Deleting files versus wiping files?” The hard drive positively has to be “wiped

clean,” if you have anything of personal value on it, especially if it pertains to ID Theft (our topic of choice this month), it goes without saying (See graphics).

Final WordsDanny Lents at <www.IdTheftA-

wareness.com> gives us the following ID Theft questions to ponder.

Do You Make These 6 Mis-takes To Help Your Identity Thief? You:

1. Expose your social security num-ber.

Your social security number is the pot of gold for your identity thief. You make it easy for him by:

Carrying your SSN in your wallet/purse.

Writing it on checks. Writing it on forms just because the

blank line is there. Letting your university or workplace

use it as an ID. 2. Are careless with your mail.Your thief loves your mail and you

provide easy access for him. You have an unlockable mail-

box and raise the red flag to let your thief know you’re ready to share.

You don’t notice when there is unusual break in mail ser-vice.

You mail your sensitive information in your local mailbox instead of taking it to the post office.

You forget to submit a change of address when you move.

You still receive pre-approved credit card offers because

you have not opted out at 1-888-5OP-TOUT or <www.optoutprescreen.com>.

3. Don’t secure sensitive informa-tion.

Many times the identity thief knows their victims and has easy access to sensitive data.

Visitors to your home are likely to see sensitive mail, forms, etc laying out in open view.

You keep your tax returns and fi-nancial spreadsheets on your computer without password protection.

You leave pay stubs and other in-teresting information in the front seat of your car.

You don’t own a cross-cut shred-der.

You put sensitive data in your gar-bage.

4. Don’t check your credit reports.Monitoring your credit report is

your best opportunity to detect identity theft.

You don’t order your free annual credit reports.

You don’t thoroughly review all credit report entries.

You don’t try to correct false entries and convince yourself that it’s probably just a typo.

5. Don’t scrutinize your bills and bank statements.

Many people use their credit cards for daily purchases. Thieves may charge small amounts hoping you don’t no-tice.

You don’t verify every entry on your credit card and bank statements.

You don’t realize when your state-ment doesn’t arrive on time.

6. Enter sensitive information on public computers.

Public computers are convenient, but it’s no place to enter sensitive in-formation. You don’t know who uses the computer before or after you. Who’s watching your entries?

You check your bank account bal-ance.

You logon to web sites and enter your passwords.

You leave the auto-complete feature enabled so the next person has a possi-bility of reviewing your entries.

You accept the “save my information for next time” prompts.

Conclusion. Knowledge, aware-ness, and detection are key elements in the fight against identity theft.

Do a “Google search” for the “Aus-tralian ID Theft Kit” for some really pertinent Australian Government Ini-tiative “ID Theft Data,” Additional Information,” and a great “Quick Ref-erence Check-list.” (See also the CBC2 graphic)

The Social Security Administration gives us these guidelines to follow (See graphic).

Page 14 Blue Chips Magazine — August 2009

Our New administration has just re-leased its new Cyberspace Policy Review (See graphic).

The Congress and Senate are both “Sitting down” (whenever they can get to it, I guess?) to “Hash over” (pun definitely in-tended) Identity Theft (tea and crumpets, anyone?).

The big question really is: “Just exactly what are you going to do about this scourge my friends?”

Final ThoughtsAnthony Walton said, “America’s

greatest strength, and its greatest weak-ness, is our belief that we can always start over, that things can be made bet-ter.” Nuff’ said!

In the meantime, “you had better take positive steps to protect yourself from ID Theft as best you can, and right now, if not sooner!”

Smooth flying and “Safe Land-ing!”

Ciao!

Footnotes1 See the actual Reports/Re-

views in the Blue Chips Magazine Archives at <www.ucs.org>. Note. Always choose the .pdf format for its beauty.

2 If you are reading this Review from directly off of an Internet search, you are seeing it in HTML format. Yuk! There’s No graphics there! To see all the beautiful graphics in this Review - the ones that I’ve worked so hard to entertain you with - you will need to follow the procedures outlined in Footnote 1 above. Enjoy!

3 Feature(s) precisely identi-fied as reason(s) for designating this Review/Report as “Security-Related.”

4 Q. What does “los maximos tro-feos,” the highest award given to a Matador, consist of?

A. The two ears and tail of the bull are awarded if considered an especially good performance.

5 From 1934 F. Hillebrand (song title) Home James, and don’t spare the horses.

Oxford English Dictionary, Oxford University Press 1999.

home, adv. Originally the accusative case of Home n., in its primary sense as a case of destination after a verb of mo-tion, but at length treated as a simple adv., with ellipsis of go, drive, esp. in home, James

(and don’t spare the horses)!

Page 15 Blue Chips Magazine — August 2009

Page 16 Blue Chips Magazine — August 2009

UCSBoard ofTrustees

C&C Bldg.RoomN3005

6:30 p.m.

Blue Chips — Utah’s Computer Guide in the 21st Century

Utah Blue Chips CalendarAugust, September, 2009

TBA

MagazineDeadline

U of U7:00pm

RootsMagic

UBCGeneral Meeting

U of U7:00 p.m.

MagazineDeadline

UBCGeneral Meeting

U of U7:00 p.m.